Hi Jordi,
On Tue, May 07, 2024 at 04:00:15PM +0200, Jordi Mallach wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: n...@packages.debian.org
> Control: affects -1 + src:nano
> User: release.debian@packages.debian.org
> Usertags: pu
>
> As we did in
Hi
I would like to upload lnux version 6.8.12-1 to unstable, which is
importing the last stable version for the 6.8.y series which is EOL
with 6.8.12. After that a switch to 6.9.y will need to happen.
No packaging changes are included.
Regards,
Salvatore
signature.asc
Description: PGP
Hi
I would like to upload over the weekend linux verison 6.8.11-1 to
unstable (importing two stable versions 6.8.10 and 6.8.11).
No other changes are aimed to be included, but brings unstable just up
to pair to upstream stable version for the 6.8.y series.
Regards,
Salvatore
signature.asc
Hi Bastien,
On Sun, May 12, 2024 at 05:47:31PM +, Bastien Roucariès wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: fos...@packages.debian.org
> Control: affects -1 + src:fossil
> User: release.debian@packages.debian.org
> Usertags: pu
>
> this
Hi Lee,
(disclaimer, not a member of the release team)
On Fri, May 10, 2024 at 12:15:56PM +0200, Lee Garrett wrote:
> I have just pushed some meta-data updates, and also a change that fixes
> CVE-2023-4237 in this package. See the commit logs here:
>
>
Hi,
On Wed, May 08, 2024 at 09:52:01AM +0200, Thomas Goirand wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: python-glance-st...@packages.debian.org
> Control: affects -1 +
Hi Patrick,
On Mon, Apr 22, 2024 at 09:36:54PM +0200, Patrick Franz wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: delta...@debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> There is a bug in libkf5sieve where the
Hi
I plan to upload 6.7.12-1 later to unstable. Note, this is a situation
far from ideal and personally not very happy with. 6.7.12 was the last
version in the 6.7.y release and upstream has long moved already to
6.8.y while EOL'ing 6.7.y.
This upload will thus release with a couple of known
Hi Sebastian,
On Tue, Apr 09, 2024 at 06:18:13PM +0200, Sebastian Andrzej Siewior wrote:
> On 2024-04-07 23:46:28 [+0200], To Adam D. Barratt wrote:
> > On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> > >
> > > Sorry for not getting to this sooner. Is this still the case?
> >
> > So.
2.6/debian/changelog
--- yapet-2.6/debian/changelog 2022-03-14 14:19:11.0 +0100
+++ yapet-2.6/debian/changelog 2024-04-11 20:40:18.0 +0200
@@ -1,3 +1,16 @@
+yapet (2.6-2~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso Thu, 11 Apr 2024 20:4
Hi,
Disclaimer, this is not an authoritative answer as I'm not part of the
stable release managers.
On Mon, Apr 08, 2024 at 12:27:50PM +0300, Maytham Alsudany wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
>
Hi,
On Tue, Apr 02, 2024 at 12:36:53PM +0200, Petter Reinholdtsen wrote:
>
> Btw, what is the timeline for approval or rejection for this security
> upload proposal?
Note that if you are confident that the upload is accepted as it, you
*could* already upload according to the improved workflow.
Hi
[disclaimer, not an authoritative answer as not part of the stable
release managers]
On Sat, Mar 16, 2024 at 09:09:05AM +0100, Petter Reinholdtsen wrote:
>
> Package: release.debian.org
>
> The https://tracker.debian.org/pkg/newlib > package got an open
> security problem with malloc and
Hi
While I realize there are much of changes going on unstable, I still
would like to upload linux version (6.7.9-2) (yes no new upstream
version) mitigating the Register File Data Sampling (RFDS)
vulnerability (CVE-2023-28746).
This goes along with a intel-microcode update which already was
Hi
I would like to upload linux version 6.7.9-1 to unstable soon if
possible. There is the import of 6.7.8 and 6.7.9 from the 6.7.y stable
series.
Note that src:linux is not binNMU safe buildable and thus this is
(for the time beeing) disabled since
Hi
I would like to upload linux version 6.7.7-1 to unstable over the
weekend. The new upload would consist of a new upstream version
switching to the 6.7.y series in unstable.
Apart from switching from 6.6.y to 6.7.y series there are additional
changes covering:
* Enable CONFIG_MFD_RK8XX_SPI
Hi Andreas,
On Thu, Feb 01, 2024 at 06:35:38AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2024-01-20 at 15:53 +0100, Andreas Metzler wrote:
> > I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a
> > oldstable-updates since they do not require a DSA.
>
>
Hi Andreas,
On Mon, Feb 12, 2024 at 12:37:44AM +0100, Andreas Beckmann wrote:
> On 11/02/2024 21.36, Salvatore Bonaccorso wrote:
> > If I can add a comment: I (but note I'm not wearing a
> > nvidia-graphics-drivers maintainer hat) would support that, as there
> > are e
Hi Jonathan,
On Sun, Feb 11, 2024 at 12:29:45AM +, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
>
> On Sat, Feb 10, 2024 at 11:00:58PM +0100, Andreas Beckmann wrote:
> > [ Reason ]
> > 1) A backported (by upstream) change in Linux 6.1.76 (included in
> > today's point release) broke
Hi Nicolas,
On Tue, Feb 06, 2024 at 01:46:04PM -0500, Nicolas Mora wrote:
> Control: tag - moreinfo
>
> Thanks,
>
> Sorry, it seems that I'm not very well aware of the BTS process, according
> to [1] this is how I should untag the bug.
>
> [1] https://www.debian.org/Bugs/server-control
If you
Hi,
On Sat, Feb 03, 2024 at 12:32:08AM +0100, Cyril Brulebois wrote:
> Salvatore Bonaccorso (2024-02-02):
> > One thing is still unresolved, thus additonally to the explicit CC to
> > kibi, as well including debian-boot. We have the armel d-i situation
> > not yet resolved,
Hi,
I would like to upload linux version 6.6.15-1 ideally over the weekend
to unstable. The new version imports two versions of the 6.6.y stable
series (which is upstream an LTS) up to 6.6.15. It contains a larger
amount of changes as it consisted of versions released after the merge
window
I would like to upload linux version 6.6.13-1 later today to unstable.
The new version imports two versions of 6.6.y stable series (though
the only commit from 6.6.12 was already included in the last update).
The new upstream stable version fixes CVE-2023-6610 and CVE-2023-6915.
Note, that the
Hi,
On Sat, Jan 20, 2024 at 03:53:45PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: gnutl...@packages.debian.org, t...@security.debian.org
> Control: affects -1 +
; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix boundary checking in base-256 decoder (CVE-2022-48303)
+ * Fix handling of extended header prefixes (CVE-2023-39804)
+(Closes: #1058079)
+
+ -- Salvatore Bonaccorso Sat, 20 Jan 2024 10:59:10 +0100
+
tar (1.34+dfsg-1) unstable; urgency
) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix boundary checking in base-256 decoder (CVE-2022-48303)
+ * Fix handling of extended header prefixes (CVE-2023-39804)
+(Closes: #1058079)
+
+ -- Salvatore Bonaccorso Sat, 20 Jan 2024 10:27:07 +0100
+
tar (1.34+dfsg-1.2) unstable
Hi,
On Sun, Jan 07, 2024 at 02:14:30PM +0100, Bastian Blank wrote:
> On Sun, Jan 07, 2024 at 02:03:32PM +0100, Salvatore Bonaccorso wrote:
> > I would like to upload linux version 6.6.10-1 later today to unstable.
>
> I would like to have 6.6.9 in testing first, but we
Hi
I would like to upload linux version 6.6.10-1 later today to unstable.
The new version imports one more 6.6.y stable series version (6.6.10).
The new upstream stable version fixes in particular CVE-2024-0193
(which is already addressed in bookworm-security and
bullseye-security).
There is one
Hi,
On Fri, Dec 22, 2023 at 01:28:00PM +0100, David Prévot wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
> Control: affects -1 + src:spip
>
Hi,
On Fri, Dec 22, 2023 at 01:21:56PM +0100, David Prévot wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
> Control: affects -1 + src:spip
>
Hi,
On Mon, Dec 25, 2023 at 10:35:16AM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: hapr...@packages.debian.org, t...@security.debian.org
> Control: affects -1 +
Hi,
On Thu, Dec 21, 2023 at 03:16:22PM -0500, M. Zhou wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: f...@packages.debian.org
> Control: affects -1 + src:fish
>
>
> [ Reason ]
>
>
Hi Otto,
On Sat, Dec 09, 2023 at 10:58:09PM +0800, Otto Kekäläinen wrote:
> Hi Debian security team!
>
> MariaDB 1:10.11.6-1 entered Trixie only today after being stuck in
> pending migration since Nov 28th from unstable. This
> 1:10.11.6-0+deb12u1 missed the point update window.
>
> Are you OK
Hi,
On Sat, Dec 09, 2023 at 03:07:37PM +0100, Salvatore Bonaccorso wrote:
> Source: linux
> Version: 6.1.64-1
> Severity: grave
> Tags: upstream
> Justification: causes non-serious data loss
> X-Debbugs-Cc: debian-release@lists.debian.org, car...@debian.org,
> a...@debian
Source: linux
Version: 6.1.64-1
Severity: grave
Tags: upstream
Justification: causes non-serious data loss
X-Debbugs-Cc: debian-release@lists.debian.org, car...@debian.org,
a...@debian.org
Hi
I'm filling this for visibility.
There might be a ext4 data corruption issue with the kernel released
Hi Adam,
On Thu, Dec 07, 2023 at 01:56:34PM +, Adam D. Barratt wrote:
> On Thu, 2023-12-07 at 12:40 +0100, Paul Gevers wrote:
> > Hi,
> >
> > On 07-12-2023 12:20, Adrian Bunk wrote:
> > > On Thu, Dec 07, 2023 at 11:18:42AM +0100, Paul Gevers wrote:
> > > > I hope that in several hours,
> > >
Hi,
On Tue, Dec 05, 2023 at 06:14:43PM +0100, djw6g6b5...@temp.mailbox.org wrote:
> There' s a bug in linux-image-amd64 version 6.1.64-1 for bookworm.
> The updates breaks wlan on a Lenovo T490s. Current versions used to work
> fine. I' m unable to submit a bug report. ('Message with no Package:
Hi Adrian,
On Sat, Dec 02, 2023 at 04:46:22PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Salvatore Bonaccorso
>
> * Add Conflicts+Replaces
Hi Salvo,
On Wed, Nov 29, 2023 at 11:39:40PM +0100, Salvo Tomaselli wrote:
> Hello,
>
> Go ahead with what?
>
> Do a new debdiff with the fixed version in the changelog?
I understand Adam as "please just adjust the version as discussed to
0.19-2.1+deb12u1 and then feel free to upload the
Hi,
I would like to upload linux version 6.5.13-1 today to unstable. The
new version imports new stable series up to 6.5.13. A (manual) ABI
bump is included.
With the upload CVE-2023-6111 is addressed as well.
The RT patchset remains disabled and is pending to be enabled with the
6.6.y
Hi Nicolas,
On Mon, Nov 27, 2023 at 08:00:39AM -0500, Nicolas Mora wrote:
> Hello,
>
> Here is a new debdiff for the glewlwyd/2.5.2-2+deb11u2 package, which now
> also includes the fix for CVE-2023-49208.
> diff -Nru glewlwyd-2.5.2/debian/changelog glewlwyd-2.5.2/debian/changelog
> ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@security.debian.org, Adrian Bunk ,
car...@debian.org
Dear stable release managers,
Please remove src:gimp-dds in the next bullseye point release. It has
since gimp 2.10.10
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: t...@security.debian.org, b...@debian.org, car...@debian.org
Dear stable release managers,
Please remove src:gimp-dds in the next bookworm point release. It has
since gimp 2.10.10
/changelog
--- network-manager-openconnect-1.2.8/debian/changelog 2022-05-21
15:35:15.0 +0200
+++ network-manager-openconnect-1.2.8/debian/changelog 2023-11-14
15:15:44.0 +0100
@@ -1,3 +1,14 @@
+network-manager-openconnect (1.2.8-3+deb12u1) bookworm; urgency=medium
+
+ [ Salvatore
Hi Salvo,
On Tue, Oct 24, 2023 at 09:58:30AM +0200, Salvo Tomaselli wrote:
> > This version was already used:
> > https://snapshot.debian.org/package/weborf/0.17-4/
>
> Sorry!
>
> Attaching a new debdiff file with the correct version
Now there is a off-by-one in the distro version :)
I
Hi Andreas,
On Wed, Nov 01, 2023 at 12:03:37PM +0100, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> Control: affects -1 + src:exim4
>
> Hello,
>
> I would like to push another round of
Hi
I would like to upload linux version 6.5.10-1 tomorrow to unstable.
The new upload rebases unstable importing the new stable series
versions up to 6.5.10. An ABI bump is included.
CVE-2023-46813, CVE-2023-5717 and CVE-2023-46862 are fixed with the
new stable import series.
The RT patchset
On Mon, Oct 23, 2023 at 10:12:27PM +0200, Bastian Germann wrote:
> Am 23.10.23 um 22:02 schrieb Salvatore Bonaccorso:
> > > diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog
> > > --- wolfssl-5.5.4/debian/changelog2023-02-06 14:41:53.0
Hi Bastian,
On Mon, Oct 23, 2023 at 09:48:45PM +0200, Bastian Germann wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-CC: sirkilam...@msn.com
>
> Hi,
>
> I am including a fix for wolfssl's
Hi,
On Mon, Oct 23, 2023 at 07:07:44PM +0200, Salvo "LtWorf" Tomaselli wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: web...@packages.debian.org, tipos...@tiscali.it
> Control: affects -1 +
Hi
I would like to upload linux version 6.5.8-1 later today to unstable.
The new upload would constist of importing new stable series version
up to 6.5.8. An ABI bump is included.
Notably the RT patchset is still disabled as mentioned in the 6.5.6-1
upload announcement.
CVE-2023-34324 is fixed
Hi
I would like to upload linux version 6.5.6-1 later today to unstable.
The new upload would consist of importing new stable series version up
to 6.5.6. An ABI bump is included.
Notably given RT patchset is not updated anymore for 6.5.y series
upstream, this update disables it temporarily. It
Hi,
On Sun, Nov 20, 2022 at 09:11:09PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Mar 03, 2021 at 10:52:39AM +0100, Ansgar wrote:
> > Source: grub2
> > Version: 2.04-16
> > Severity: normal
> > X-Debbugs-Cc: ftpmas...@debian.org, debian-release@lists.de
Hi Adrian,
Sorry for not replying early, busy with preparing the updates.
On Fri, Sep 29, 2023 at 03:41:15AM +0300, Adrian Bunk wrote:
> On Sat, Sep 09, 2023 at 10:15:59AM +0200, Salvatore Bonaccorso wrote:
> >...
> > Note that the last time the problem arised already earlier in
&
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:24:57 +0200
+
ghostscript (9.53.3~dfsg-7
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:33:30 +0200
+
ghostscript (10.0.0~dfsg-11
Hi Yadd,
On Fri, Sep 29, 2023 at 05:37:25PM +0400, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: lemonldap...@packages.debian.org, y...@debian.org
> Control: affects -1 + src:lemonldap-ng
Hi
(not a SRM here, but below some comments)
On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc:
ains rules
+- src: expand table command before evaluation
+
+ -- Salvatore Bonaccorso Sat, 16 Sep 2023 07:47:15 +0200
+
nftables (1.0.6-2+deb12u1) bookworm; urgency=medium
* [7edf72e] d/patches: add 0001-debian-bug-1038724.patch (Closes: #1038724)
diff -Nru
nftables-1.0.6/debian/patche
2023-03-23 20:51:51.0 +0100
+++ cairosvg-2.5.0/debian/changelog 2023-09-06 21:24:37.0 +0200
@@ -1,3 +1,10 @@
+cairosvg (2.5.0-1.1+deb11u2) bullseye; urgency=medium
+
+ * Non-maintainer upload.
+ * Handle data-URLs in safe mode (Closes: #1050643)
+
+ -- Salvatore Bonaccorso
2023-03-21 22:21:22.0 +0100
+++ cairosvg-2.5.2/debian/changelog 2023-09-06 21:20:16.0 +0200
@@ -1,3 +1,10 @@
+cairosvg (2.5.2-1.1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Handle data-URLs in safe mode (Closes: #1050643)
+
+ -- Salvatore Bonaccorso
Hi
I would like to upload linux version 6.5.3-1 later today to unstable.
The new upload would consist of a new upstream version switching to
the 6.5.y series in unstable. An ABi bump is included.
The new upload fixes CVE-2023-4623 and CVE-2023-25775.
Apart from switching from 6.4.y to 6.5.y
Hi,
On Sat, Sep 09, 2023 at 11:49:11AM +0300, Adrian Bunk wrote:
> On Sat, Sep 09, 2023 at 10:15:59AM +0200, Salvatore Bonaccorso wrote:
> >...
> > - Relese the DSA without armel builds. This is not optimal and for the
> > point release
> > we need to have to have
Hi all,
We have problem with the image size of armel builds in bookworm. There
is a pending bookworm-security linux update pending which is currently
blocked due to armel FTBFS due to the image size increase:
Hi
I would like to upload linux version 6.4.13-1 later today.
It consists of importing as usual the new stable series up to 6.4.13,
and includes fixes for the following known CVEs: CVE-2023-20588,
CVE-2023-3772, CVE-2023-3773 and CVE-2023-4569.
The new upstream imports address as well #1042543
Hi
I would like to upload linux version 6.4.11-1 later today.
It consists of importing as usual the new stable series 6.4.5 up to
6.4.11 and is covering the following known CVEs: CVE-2023-1206,
CVE-2023-4004, CVE-2023-4128, CVE-2023-4147, CVE-2023-4155,
CVE-2023-4194, CVE-2023-4273,
Hi,
On Tue, Aug 08, 2023 at 06:12:56PM +0100, Adam D. Barratt wrote:
> On Tue, 2023-08-08 at 11:53 -0500, Matt Zagrabelny wrote:
> > Greetings Debian Release Team,
> >
> > Thank you for your service to Debian users, it is appreciated!
> >
> > Are there plans to update the linux kernel for the
.1.7/debian/changelog 2023-08-08 10:31:29.0 +0200
@@ -1,3 +1,10 @@
+autofs (5.1.7-1+deb11u2) bullseye; urgency=medium
+
+ * use correct reference for IN6 macro call
+ * dont probe interface that cant send packet (Closes: #1041051)
+
+ -- Salvatore Bonaccorso Tue, 08 Aug 2023 10:
that cant send packet (Closes: #1041051)
+
+ -- Salvatore Bonaccorso Tue, 08 Aug 2023 10:27:23 +0200
+
autofs (5.1.8-2+deb12u1) bookworm; urgency=medium
* debian/patches:
diff -Nru
autofs-5.1.8/debian/patches/dont-probe-interface-that-cant-send-pac.patch
autofs-5.1.8/debian/patches
Hi
I would like to upload linux version 6.4.4-2 later today. The rebase
to a later 6.4.y will follow. The update consists of adding kernel
side mitigation for CVE-2023-20593 (Zenbleed) and fixes for
CVE-2023-3776 and CVE-2023-3611.
No ABI bump is done.
Additionally there is a packaging change
Hi
I would like to upload linux version 6.4.4-1 later the upcoming days
to unstable. This is quite unfortunate as i wanted to have the
security fixes from 6.3.11-1 for a while now in unstable, but
transition is blocked due #1040178.
The new upload would consist of a new upstream version
ore Bonaccorso Mon, 10 Jul 2023 21:58:07 +0200
+
+libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+ * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+
+ -- Salvatore Bonacco
Hi
I would like to upload linux version 6.3.10-1 later the upcoming days
to unstable.
It consists of importing as usual the new stable series 6.3.8 up to
6.3.10 and is covering as well CVE-2023-2156 and CVE-2023-3390.
An ABI bump is included for this update.
There are some other packaging
Hi Simon,
On Sat, Jun 17, 2023 at 03:22:21PM +0100, Simon McVittie wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: vte2...@packages.debian.org, debian-b...@lists.debian.org,
>
Hi Pierre,
On Wed, Jun 14, 2023 at 12:01:18AM +0200, Pierre Gruet wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: xerial-sqlite-j...@packages.debian.org
> Control: affects -1 +
Hi Joseph,
[disclaimer, not a release team member but I believe can give input on
the debdiff below]
On Mon, Jun 12, 2023 at 08:19:55PM -0400, Joseph Nahmias wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
>
Hi Nicholas,
On Mon, Jun 12, 2023 at 07:44:52PM -0400, Nicholas D Steeves wrote:
> Control: block 1033341 by -1
>
> Dear Salvatore and release team,
>
> Salvatore Bonaccorso writes:
>
> > On Tue, Jun 06, 2023 at 11:00:14PM -0400, Nicholas D Steeves wrote:
> >>
Hi,
Happy bookworm release :).
I would like to upload linux version 6.3.7-1 later the upcoming days
to unstable.
It consist of a new upstream version switching from the 6.1.y series
to 6.3.y. An ABI bump is included.
Apart from switching from 6.1.y to 6.3.y there are additional changes
Hi,
On Fri, Jun 09, 2023 at 08:06:41PM +0200, Ondřej Surý wrote:
>
>
> > On 9. 6. 2023, at 20:03, Paul Gevers wrote:
> >
> > Hi Ondřej,
> >
> >> On 09-06-2023 18:58, Ondřej Surý wrote:
> >> php8.2 8.2.7-1 is a security release, so it would be pretty
> >> wrong to release bookworm with the
Hi,
On Tue, Jun 06, 2023 at 11:00:14PM -0400, Nicholas D Steeves wrote:
> +org-mode (9.4.0+dfsg-1+deb11u1) bullseye-security; urgency=medium
> +
> + * Fix Org Mode command injection vulnerability CVE-2023-28617 by
> backporting
> +0004-Org-Mode-vulnerability-CVE-2023-28617-is-fixed.patch
Hi,
On Sun, Jun 04, 2023 at 09:50:23PM +0200, Sebastian Ramacher wrote:
> retitle 1037079 bookworm-pu: configobj/5.0.8-2
> tags 1037079 bookworm moreinfo
> user release.debian@packages.debian.org
> usertags 1037079 + pu - unblock
> thanks
>
> Hi Stefano
>
> On 2023-06-03 16:28:41 -0400,
Hi Paul,
On Sat, Jun 03, 2023 at 06:12:04AM +, Debian Bug Tracking System wrote:
[...]
>
> Hi,
>
> On 02-06-2023 22:50, Ervin Hegedüs wrote:
> > And these are the generated lines:
> >
> > https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/parser/Makefile.am#L36-L42
>
> And
Hi Paul,
On Thu, Jun 01, 2023 at 09:52:06PM +0200, Paul Gevers wrote:
> control: tags -1 moreinfo
>
> Hi,
>
> On 28-05-2023 21:30, Alberto Gonzalez Iniesta wrote:
> > 2) The risks on the release quality are almost zero. Only
> > libnginx-mod-http-modsecurity depends on it (being modsecurity a
>
Hi Paul,
On Mon, May 29, 2023 at 02:36:22PM +0200, Paul Gevers wrote:
> Dear security team,
>
> I know it's a bit late, but are you aware of issues that are worth
> mentioning in the release notes from your point of view?
>
> We have updated the text about golang and rustc in this cycle,
Hi Yadd,
On Wed, May 31, 2023 at 03:13:06PM +0400, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: jquer...@packages.debian.org
> Control: affects -1 + src:jqueryui
>
> [ Reason ]
>
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: matrix-syna...@packages.debian.org,
matrix-syna...@packages.debian.org, t...@security.debian.org, Andrej Shadura
, car...@debian.org
Control: affects -1 + src:matrix-synapse
Dear
Hi Samuel,
On Sun, May 28, 2023 at 12:17:21PM +0100, Samuel Henrique wrote:
> Hello Salvatore,
>
> > After a short discussion with Paul, wouldn't that imply though that
> > there is an soname bump needed? Do you know has upstream considered
> > this and if/or why not? Is there enough assurance
Hi Sebastian
On Sat, May 27, 2023 at 02:17:54PM +0200, Sebastian Andrzej Siewior wrote:
> Hi,
>
> there is an upcoming OpenSSL scheduled for next TUE (2023-05-30)
> including one security fix of moderate severity [0].
> For Bullseye I am going backport ~6 fixes (4 security fixes of minor
>
Hi Alberto,
On Wed, May 24, 2023 at 12:26:33PM +0200, Paul Gevers wrote:
> control: tags -1 moreinfo
>
> Hi,
>
> On Mon, 08 May 2023 18:16:51 +0200 Alberto Gonzalez Iniesta
> wrote:
> > A new upstream version of modsecurity fixes a security bug
> > (CVE-2023-28882, #1035083).
> > We also fixed
Hi Otto,
On Wed, May 24, 2023 at 05:47:58PM +0200, Paul Gevers wrote:
> Hi Otto,
>
> On 24-05-2023 17:44, Otto Kekäläinen wrote:
> > The CI
> > detected a couple days ago a regression in Piuparts, potentially due
> > to recent adduser 1.133 upload, which I still need to debug and decide
> > what
Hi Samuel,
[not member of the release team, but was going trough some potential
unblock requests with CVE fixes]
On Fri, May 26, 2023 at 06:03:13PM +0100, Samuel Henrique wrote:
> Package: release.debian.org
> Control: affects -1 + src:curl
> X-Debbugs-Cc: c...@packages.debian.org
> User:
Hi Gregor,
On Tue, May 23, 2023 at 02:56:41PM +0200, Salvatore Bonaccorso wrote:
> Hi Gregor,
>
> On Tue, May 23, 2023 at 08:44:48AM +0200, Gregor Jasny wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
Source: matrix-synapse
Version: 1.78.0-1
Severity: serious
Tags: upstream security
X-Debbugs-Cc: Andrej Shadura ,
debian-release@lists.debian.org, car...@debian.org, Debian Security Team
Hi Andrej,
I believe matrix-synapse is still in the same status as for #982991
back for the bullseye
hey all,
I was involved with a discussion on site here in Hamburg with Paul
about it.
On Fri, May 26, 2023 at 10:58:48AM +0200, Moritz Muehlenhoff wrote:
> On Fri, May 26, 2023 at 12:10:18AM +0200, Markus Koschany wrote:
> > First of all trapperkeeper-webserver-jetty9-clojure should add a build-
Hi release team,
On Wed, May 24, 2023 at 12:46:45PM +0200, Sebastian Ramacher wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package ffmpeg
>
> [ Reason ]
> ffmpeg releases stable updates with
Hi Release team,
On Mon, May 22, 2023 at 09:57:13AM +0900, Mike Hommey wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package firefox-esr
>
> [ Reason ]
> Security update for Firefox. The same package
Dear release team,
On Sun, May 21, 2023 at 10:02:25PM +0200, Maximilian Engelhardt wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: x...@packages.debian.org, t...@security.debian.org,
> m...@daemonizer.de
Hi Andrea,
On Sun, May 21, 2023 at 12:37:17PM +0200, Andrea Bolognani wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: libv...@packages.debian.org
> Control: affects -1 + src:libvirt
>
> Please unblock
Hi,
On Tue, May 23, 2023 at 03:55:26PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, May 22, 2023 at 09:39:34AM +, Thorsten Alteholz wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> >
Hi,
On Mon, May 22, 2023 at 09:39:34AM +, Thorsten Alteholz wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock and age package cups-filters
>
> [ Reason ]
> CVE-2023-24805 (RCE due to missing input
1 - 100 of 1019 matches
Mail list logo