-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:05:48 +0200
Source: python-cliff
Architecture: source
Version: 4.6.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Changes:
python-cliff (4.6.0-2) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:05:08 +0200
Source: python-castellan
Architecture: source
Version: 5.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Changes:
python-castellan (5.0.0-2)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 16:03:26 +0200
Source: lollypop
Architecture: source
Version: 1.4.38-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team
Changed-By: Andreas Rönnquist
Changes:
lollypop (1.4.38-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 09:10:32 -0500
Source: libxmlb
Built-For-Profiles: noudeb
Architecture: source
Version: 0.3.16-1
Distribution: unstable
Urgency: medium
Maintainer: Debian EFI team
Changed-By: Mario Limonciello
Changes:
libxmlb
On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland"
wrote:
>On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote:
>> Please don't drop the mechanism that saved my¹ unstable installations
>> from being vulnerable to the current xz-based attack. Just having to
>> dump an ALL: ALL into
; urgency=medium
.
* Update to git 20240403 from the gcc-11 branch.
- Fix PR tree-optimization/111407, PR sanitizer/97696,
PR target/108743 (Darwin), PR target/101737 (SH), PR target/114098 (x86),
PR target/110411 (PPC), PR target/108120 (ARM),
PR target/111677 (AArch64), PR
On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote:
> Please don't drop the mechanism that saved my¹ unstable installations
> from being vulnerable to the current xz-based attack. Just having to
> dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
> maintain a packet filter.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 15:43:26 +0300
Source: qemu
Architecture: source
Version: 1:9.0.0~rc2+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian QEMU Team
Changed-By: Michael Tokarev
Changes:
qemu (1:9.0.0~rc2+ds-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 08:48:37 -0400
Source: nauty
Built-For-Profiles: noudeb
Architecture: source
Version: 2.8.8+ds-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Math Team
Changed-By: Doug Torrance
Changes:
nauty
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 17:14:25 +0500
Source: package-lint-el
Architecture: source
Version: 0.23-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team
Changed-By: Lev Lamberov
Changes:
package-lint-el (0.23-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 14:21:48 +0200
Source: gcc-12
Architecture: source
Version: 12.3.0-17
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers
Changed-By: Matthias Klose
Changes:
gcc-12 (12.3.0-17) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 15 Mar 2024 11:49:14 +0100
Source: python-mercantile
Binary: python3-mercantile
Architecture: source all
Version: 1.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 13:18:05 +0200
Source: trickle
Architecture: source
Version: 1.07-13
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Andreas Beckmann
Closes: 1066604
Changes:
trickle (1.07-13)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 14:06:34 +0200
Source: shutter
Architecture: source
Version: 0.99.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group
Changed-By: Andrej Shadura
Changes:
shutter (0.99.5-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 08:06:33 -0400
Source: pulseaudio
Built-For-Profiles: noudeb
Architecture: source
Version: 16.1+dfsg1-5
Distribution: unstable
Urgency: medium
Maintainer: Pulseaudio maintenance team
Changed-By: Jeremy Bícha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Format: 1.8
Date: Wed, 03 Apr 2024 12:25:23 +0200
Source: mksh
Architecture: source
Version: 59c-36
Distribution: unstable
Urgency: low
Maintainer: Thorsten Glaser
Changed-By: Thorsten Glaser
Changes:
mksh (59c-36) unstable; urgency=low
.
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 13:07:55 +0200
Source: libopendbx
Architecture: source
Version: 1.4.6-17
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Andreas Beckmann
Closes: 1015508 1051751 1065767
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 13:02:14 +0200
Source: iotas
Architecture: source
Version: 0.2.12+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Arnaud Ferraris
Changed-By: Arnaud Ferraris
Changes:
iotas (0.2.12+ds-1) unstable;
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-pyzstd
Version : 0.15.10
Upstream Contact: Rogdham
* URL : https://github.com/Rogdham/pyzstd
* License :
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-pyppmd
Version : 1.1.0
Upstream Contact: Hiroshi Miura
* URL : https://codeberg.org/miurahr/pyppmd
* License :
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-inflate64
Version : 1.0.0
Upstream Contact: Hiroshi Miura
* URL : https://codeberg.org/miurahr/inflate64
* License
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-brotlicffi
Version : 1.1.0.0
Upstream Contact: Seth Michael Larson
* URL : https://github.com/python-hyper/brotlicffi
*
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-bcj
Version : 1.0.2
Upstream Contact: Hiroshi Miura
* URL : https://codeberg.org/miurahr/pybcj
* License :
Package: wnpp
Severity: wishlist
Owner: YOKOTA Hiroshi
X-Debbugs-Cc: debian-devel@lists.debian.org, yokota.h...@gmail.com
* Package name: python-multivolumefile
Version : 0.2.3
Upstream Contact: Hiroshi Miura
* URL : https://codeberg.org/miurahr/multivolume
* License
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 12:06:08 +0100
Source: openssh
Architecture: source
Version: 1:9.7p1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers
Changed-By: Colin Watson
Changes:
openssh (1:9.7p1-4)
On Fri, Mar 29, 2024 at 09:09:45PM +0100, Sirius wrote:
> This is quite actively discussed on Fedora lists.
> https://www.openwall.com/lists/oss-security/2024/
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> Worth taking a look if action need to be taken on Debian.
FWIW, just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 06:36:25 -0400
Source: rust-treediff
Architecture: source
Version: 4.0.3-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Rust Maintainers
Changed-By: Josenilson Ferreira da Silva
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 06:35:01 -0400
Source: rust-bitter
Architecture: source
Version: 0.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
Changed-By: Josenilson Ferreira da Silva
Changes:
rust-bitter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 10:29:04 +
Source: igraph
Architecture: source
Version: 0.10.11+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
Changed-By: Jerome Benoit
Changes:
igraph (0.10.11+ds-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 12:39:37 +0200
Source: frameworkintegration
Architecture: source
Version: 5.115.0-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers
Changed-By: Patrick Franz
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 12:09:24 +0200
Source: golang-github-maraino-go-mock
Architecture: source
Version: 0.0~git20230823.b114e0e-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Sascha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 12:01:05 +0200
Source: golang-github-dcso-fluxline
Architecture: source
Version: 0.0~git20200907.78686e5-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team
Changed-By: Sascha Steinbiss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 05:43:29 -0300
Source: zmat
Architecture: source
Version: 0.9.9+ds.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Octave Group
Changed-By: Rafael Laboissière
Changes:
zmat (0.9.9+ds.1-2) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 19 Mar 2024 19:53:13 +0100
Source: play.it-vv221
Architecture: source
Version: 2024-03-19-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team
Changed-By: Antoine Le Gonidec
Changes:
play.it-vv221
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 02 Apr 2024 22:48:30 +0500
Source: kvirc
Architecture: source
Version: 4:5.2.2+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team
Changed-By: Andrey Rakhmatullin
Changes:
kvirc (4:5.2.2+dfsg-2)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 11:45:25 +0200
Source: gimp-gap
Architecture: source
Version: 2.6.0+dfsg-8
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group
Changed-By: Andreas Beckmann
Closes: 1068059
Changes:
gimp-gap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 19 Mar 2024 19:59:43 +0100
Source: play.it-community
Architecture: source
Version: 2024-03-19-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team
Changed-By: Antoine Le Gonidec
Changes:
play.it-community
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 11:06:34 +0200
Source: autopkgtest
Architecture: source
Version: 5.34
Distribution: unstable
Urgency: medium
Maintainer: Debian CI team
Changed-By: Paride Legovini
Closes: 933064 1067406
Changes:
autopkgtest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 10:41:33 +0200
Source: xtrkcad
Architecture: source
Version: 1:5.2.0Beta2.1-2
Distribution: unstable
Urgency: medium
Maintainer: Daniel E. Markle
Changed-By: Mike Gabriel
Closes: 1066691
Changes:
xtrkcad
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 19 Mar 2024 19:44:46 +0100
Source: play.it
Architecture: source
Version: 2.27.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team
Changed-By: Antoine Le Gonidec
Changes:
play.it (2.27.3-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 11:16:00 +0200
Source: libloc-database
Architecture: source
Version: 0~20240319-1
Distribution: unstable
Urgency: medium
Maintainer: libloc maintainers
Changed-By: Hans-Christoph Steiner
Changes:
libloc-database
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 10:19:32 +0200
Source: xine-ui
Architecture: source
Version: 0.99.14+hg20240403-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi
Changed-By: Patrick Matthäi
Closes: 1066760
Changes:
xine-ui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 10:57:04 +0200
Source: needrestart
Architecture: source
Version: 3.6-8
Distribution: unstable
Urgency: medium
Maintainer: Patrick Matthäi
Changed-By: Patrick Matthäi
Closes: 1024426 1040673 1063155 1063719
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 11:02:47 +0200
Source: kdenlive
Architecture: source
Version: 24.02.1-1
Distribution: unstable
Urgency: medium
Maintainer: Patrick Matthäi
Changed-By: Patrick Matthäi
Changes:
kdenlive (24.02.1-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 10:58:27 +0200
Source: geoip-database
Architecture: source
Version: 20240403-1
Distribution: unstable
Urgency: medium
Maintainer: Patrick Matthäi
Changed-By: Patrick Matthäi
Changes:
geoip-database (20240403-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 09:52:28 +0200
Source: davix
Architecture: source
Version: 0.8.6-1
Distribution: unstable
Urgency: medium
Maintainer: Mattias Ellert
Changed-By: Mattias Ellert
Changes:
davix (0.8.6-1) unstable; urgency=medium
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 10:45:11 +0200
Source: wireplumber
Architecture: source
Version: 0.5.1-1
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team
Changed-By: Dylan Aïssi
Changes:
wireplumber (0.5.1-1)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 09:36:55 +0100
Source: adios
Architecture: source
Version: 1.13.1-36
Distribution: unstable
Urgency: medium
Maintainer: Alastair McKinstry
Changed-By: Alastair McKinstry
Changes:
adios (1.13.1-36) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 04:46:51 -0300
Source: zmat
Architecture: source
Version: 0.9.9+ds.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Octave Group
Changed-By: Rafael Laboissière
Changes:
zmat (0.9.9+ds.1-1) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 01 Apr 2024 10:20:09 +0200
Source: grub2
Architecture: source
Version: 2.12-1.1
Distribution: unstable
Urgency: medium
Maintainer: GRUB Maintainers
Changed-By: Bastian Blank
Closes: 1067486
Changes:
grub2 (2.12-1.1)
; urgency=medium
.
* Update to git 20240403 from the gcc-12 branch.
- Fix PR tree-optimization/111407, PR target/113233 (loong64),
PR sanitizer/97696, PR tree-optimization/110838,
PR tree-optimization/91838, PR target/108743 (Darwin),
PR target/101737 (SH), PR tree
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 09:03:08 +0200
Source: pillow
Architecture: source
Version: 10.3.0-2
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose
Changed-By: Matthias Klose
Changes:
pillow (10.3.0-2) unstable;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 09:00:30 +0200
Source: openstack-debian-images
Architecture: source
Version: 1.84
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack
Changed-By: Thomas Goirand
Changes:
openstack-debian-images
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 24 Mar 2024 11:30:20 +0100
Source: wl-mirror
Built-For-Profiles: noudeb
Architecture: source
Version: 0.16.2-2
Distribution: unstable
Urgency: medium
Maintainer: Ferdinand Bachmann
Changed-By: Ferdinand Bachmann
Closes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 02 Apr 2024 16:21:55 +0200
Source: generate-ninja
Architecture: source
Version: 0.0~git20240328.93ee9b9-1
Distribution: unstable
Urgency: medium
Maintainer: qinxialei
Changed-By: Ricardo Ribalda Delgado
Changes:
On Wed, Apr 03, 2024 at 02:01:23AM -0400, Robert Edmonds wrote:
> This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into
> the sshd process. Looking on my Debian sid workstation with about 1900 library
> packages installed, I see a very small handful of source packages shipping
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 03 Apr 2024 08:08:12 +0200
Source: php-algo26-idna-convert
Architecture: source
Version: 3.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers
Changed-By: David Prévot
Changes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2024 09:39:22 +0400
Source: node-tar
Architecture: source
Version: 6.1.13+~cs7.0.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Yadd
Changes:
node-tar
This backdoor abused the IFUNC mechanism in the GNU toolchain to hook into
the sshd process. Looking on my Debian sid workstation with about 1900 library
packages installed, I see a very small handful of source packages shipping
libraries with IFUNC symbols, mostly things like gcc, glibc, haskell,
101 - 159 of 159 matches
Mail list logo