Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2
On Thu, 2024-08-29 at 16:05 +0100, Steve McIntyre wrote: > At this point, I would say let's be safe and hang back on the django > update this - it will wait for the next point release. Thanks; added to the list for Saturday. Regards, Adam
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u3 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u3 Explanation: fix conflicts and autopkg tests
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u3 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u3 Explanation: fix conflicts and autopkg tests
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
On Wed, 2024-08-28 at 11:16 +0200, Emilio Pozuelo Monfort wrote:
> On 25/08/2024 11:16, Adam D. Barratt wrote:
>
[...]
> > Both the bullseye and bookworm builds fail on mips64el with:
> >
> > File "/<>/src/bootstrap/bootstrap.py", line 1175, in
> >
> > main()
> > File "/<>/src/bootstrap/bootstrap.py", line 1160,
> > in main
> > bootstrap(args)
> > File "/<>/src/bootstrap/bootstrap.py", line 1127,
> > in bootstrap
> > build.build_bootstrap()
> > File "/<>/src/bootstrap/bootstrap.py", line 880, in
> > build_bootstrap
> > args = self.build_bootstrap_cmd(env)
> > ^
> > File "/<>/src/bootstrap/bootstrap.py", line 983, in
> > build_bootstrap_cmd
> > raise Exception("no cargo executable found at `{}`".format(
> > Exception: no cargo executable found at `/usr/bin/cargo`
> > make[1]: *** [debian/rules:300: debian/dh_auto_build.stamp] Error 1
> > make[1]: Leaving directory '/<>'
> > make: *** [debian/rules:203: binary-arch] Error 2
>
> Those are expected. The reason is that there's no bootstrap binaries
> for mips{64,}el because upstream dropped their tier level and no
> longer provides them. So we'll have to drop (or keep an outdated)
> firefox/chromium binary. Note that for mipsel, this doesn't matter
> much, as llvm-16 isn't available either,
> and there are no firefox-esr/chromium/thunderbird builds there.
Thanks for the background.
Technically there /are/ firefox-esr builds on mipsel in bullseye, but
they're really old:
firefox-esr | 78.15.0esr-1~deb11u1 | oldstable|
source, mipsel
chromium doesn't build for mips* in any case, and bullseye-LTS won't
support mips*el. So the practical effect AFAICT is that we lose the
ability to build firefox-esr and thunderbird on mips64el for bookworm.
I /assume/ that isn't particularly an issue.
Regards,
Adam
Bug#1079635: systemd 252.30-1~deb12u2 flagged for acceptance
package release.debian.org tags 1079635 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.30-1~deb12u2 Explanation: avoid conffile prompt from updated comment
Bug#1079635: bookworm-pu: package systemd/252.30-1~deb12u2
Control: tags -1 + confirmed On Sun, 2024-08-25 at 18:50 +0100, Luca Boccassi wrote: > This upload backports one patch to revert adding a new comment that > was added in 252.30-1~deb12u1 to a conffile as indicated in: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079086#25 Thank you for preparing this so quickly. Please go ahead. Regards, Adam
Bug#1079086: systemd 252.30-1~deb12u1 flagged for acceptance
On Sun, 2024-08-25 at 18:44 +0200, Cyril Brulebois wrote: > Anyone having tweaked journald.conf is going to get a prompt because > of the following change: > > -#MaxRetentionSec= > +#MaxRetentionSec=0 > > That's not really something I'd expect from a point release… Apologies for missing that. Luca? Regards, Adam
Your xen stable upload
Hi, I noticed that there's a xen upload in the stable-new queue, which claims to have been uploaded by you. I'm afraid that we can't accept it currently, because it is a newer version than is currently in unstable and testing: xen| 4.17.3+10-g091466ba55-1~deb12u1 | stable | source xen| 4.17.3+10-g091466ba55-1~deb12u1 | stable-debug | source xen| 4.17.3+36-g54dacb5c02-1 | testing| source xen| 4.17.3+36-g54dacb5c02-1 | unstable | source xen| 4.17.3+36-g54dacb5c02-1 | unstable-debug | source xen| 4.17.5-1~deb12u1| stable-new | source Regards, Adam
Bug#1079388: calibre 6.13.0+repack-2+deb12u4 flagged for acceptance
package release.debian.org tags 1079388 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: calibre Version: 6.13.0+repack-2+deb12u4 Explanation: fix remote code execution issue [CVE-2024-6782, cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009]
Bug#1079597: calibre 5.12.0+dfsg-1+deb11u2 flagged for acceptance
package release.debian.org tags 1079597 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: calibre Version: 5.12.0+dfsg-1+deb11u2 Explanation: fix cross site scripting issue [CVE-2024-7008], SQL injection issue [CVE-2024-7009]
Bug#1079460: initramfs-tools 0.142+deb12u1 flagged for acceptance
package release.debian.org tags 1079460 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: initramfs-tools Version: 0.142+deb12u1 Explanation: hook_functions: Fix copy_file with source including a directory symlink; hook-functions: copy_file: Canonicalise target filename; install hid-multitouch module for Surface Pro 4 Keyboard; add hyper-keyboard module, needed to enter LUKS password in Hyper-V; auto_add_modules: Add onboard_usb_hub, onboard_usb_dev
Bug#1079579: cacti 1.2.24+ds1-1+deb12u4 flagged for acceptance
package release.debian.org tags 1079579 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cacti Version: 1.2.24+ds1-1+deb12u4 Explanation: fix autopkgtest failure
Bug#1079565: glogic 2.6-6+deb12u1 flagged for acceptance
package release.debian.org tags 1079565 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glogic Version: 2.6-6+deb12u1 Explanation: require Gtk 3.0 and PangoCairo 1.0
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
On Sun, 2024-08-25 at 10:08 +0200, Paul Gevers wrote:
> Hi Emilio,
>
> On 24-08-2024 12:29, Emilio Pozuelo Monfort wrote:
> > Uploaded.
>
> The package fails its own autopkgtest. Did something go wrong?
>
> 63s autopkgtest [22:00:29]: test create-and-build-crate:
> [---
> 63s Created binary (application) `hello` package
> 63s error: no such subcommand: `add`
> 63s
> 63s Did you mean `doc`?
> 63s autopkgtest [22:00:29]: test create-and-build-crate:
> ---]
Both the bullseye and bookworm builds fail on mips64el with:
File "/<>/src/bootstrap/bootstrap.py", line 1175, in
main()
File "/<>/src/bootstrap/bootstrap.py", line 1160, in main
bootstrap(args)
File "/<>/src/bootstrap/bootstrap.py", line 1127, in bootstrap
build.build_bootstrap()
File "/<>/src/bootstrap/bootstrap.py", line 880, in
build_bootstrap
args = self.build_bootstrap_cmd(env)
^
File "/<>/src/bootstrap/bootstrap.py", line 983, in
build_bootstrap_cmd
raise Exception("no cargo executable found at `{}`".format(
Exception: no cargo executable found at `/usr/bin/cargo`
make[1]: *** [debian/rules:300: debian/dh_auto_build.stamp] Error 1
make[1]: Leaving directory '/<>'
make: *** [debian/rules:203: binary-arch] Error 2
Regards,
Adam
Bug#1079597: bullseye-pu: package calibre/5.12.0+dfsg-1+deb11u2
Control: tags -1 + confirmed On Sun, 2024-08-25 at 13:53 +0900, YOKOTA Hiroshi wrote: > Fix these CVEs: > * CVE-2024-7008 > * CVE-2024-7009 Please go ahead, bearing in mind that today is the last day to get fixes into the final bullseye point release. After that you will need to co-ordinate with the LTS Team. Regards, Adam
Bug#1079388: bookworm-pu: package calibre/6.13.0+repack-2+deb12u4
Control: tags -1 + confirmed On Fri, 2024-08-23 at 08:44 +0900, YOKOTA Hiroshi wrote: > Fix these CVEs: > * CVE-2024-6782 + fixup > * CVE-2024-7008 > * CVE-2024-7009 Please go ahead. Regards, Adam
Bug#1076335: libvirt 9.0.0-4+deb12u1 flagged for acceptance
package release.debian.org tags 1076335 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libvirt Version: 9.0.0-4+deb12u1 Explanation: virsh: Make domif-setlink work more than once; qemu: domain: Fix logic when tainting domain; fix denial of service issues [CVE-2023-3750 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 23:12 +0200, Andrea Bolognani wrote: > After performing the upload ~4 hours ago, I have received a message > with subject > > libvirt_9.0.0-4+deb12u1_source.changes > ACCEPTED into proposed-updates->stable-new > > and (partial) contents > > Mapping bookworm to stable. > Mapping stable to proposed-updates. > > so I think I'm good? The tracker.d.o page hasn't been updated yet > though, and none of the bugs that the upload is supposed to close > have changed their state. This usually happens pretty quickly when > uploading to unstable. Your package is in the stable-new policy queue, as per the emails you received. It will stay there until SRM accept it. You don't need to do anything other than wait for that to happen, or an e-mail that says there's a problem. There's nothing for you to do in the meantime. Regards, Adam
Bug#1079579: bookworm-pu: package cacti/1.2.24+ds1-1+deb12u4
Control: tags -1 + confirmed On Sat, 2024-08-24 at 20:28 +, Bastien Roucariès wrote: > Previous upload fail debci, forget to backport test If you're going to CC people on bug submissions, _please_ use X- Debbugs-CC. Otherwise we just get a mail telling us that a bug is about to exist, with no bug number, which isn't really that useful. Paul also told you on IRC that you could upload at the same time as filing the bug. So... please go ahead. Regards, Adam
Bug#1079565: bookworm-pu: package glogic/2.6-6+deb12u1 (pre-approval)
Control: tags -1 + confirmed
On Sat, 2024-08-24 at 17:55 +0200, Andreas Rönnquist wrote:
> glogic crashes on startup in stable:
>
> > /usr/lib/python3/dist-packages/glogic/MainFrame.py:4: PyGIWarning:
> > Gtk
> > was imported without specifying a version first. Use
> > gi.require_version('Gtk', '4.0') before import to ensure that the
> > right version gets loaded.
> > from gi.repository import Gtk, Gdk, GdkPixbuf
> > Traceback (most recent call last):
> > File "/usr/bin/glogic", line 20, in
> > from glogic.MainFrame import MainFrame
> > File "/usr/lib/python3/dist-packages/glogic/MainFrame.py", line
> > 18,
> > in themed_icons = Gtk.IconTheme.get_default()
> > ^
> > AttributeError: type object 'IconTheme' has no attribute
> > 'get_default'
Please go ahead.
Regards,
Adam
Bug#1079544: amd64-microcode 3.20240820.1~deb11u1 flagged for acceptance
package release.debian.org tags 1079544 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240820.1~deb11u1 Explanation: SEV firmware fixes [CVE-2023-20584 CVE-2023-31356]
Bug#1079543: amd64-microcode 3.20240820.1~deb12u1 flagged for acceptance
package release.debian.org tags 1079543 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240820.1~deb12u1 Explanation: SEV firmware fixes [CVE-2023-20584 CVE-2023-31356]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 15:41 +0200, Andrea Bolognani wrote: > Just so that we're on the same page, do you want me to share the > debdiff here and get an explicit ACK from you before proceeding with > the upload, or should I go for the the upload first in the interest > of time? If the change from the previously-acked diff is just the addition of the new patch as per the MR, and a changelog entry for it, then feel free to upload without waiting for a new ack. Please do still send the new debdiff to this bug. Regards, Adam
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u2 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u2 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079450: curl 7.74.0-1.3+deb11u13 flagged for acceptance
package release.debian.org tags 1079450 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: curl Version: 7.74.0-1.3+deb11u13 Explanation: fix ASN.1 date parser overread issue [CVE-2024-7264]
Bug#1079515: rustc-web 1.78.0+dfsg1-2~deb11u1 flagged for acceptance
package release.debian.org tags 1079515 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb11u1 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u2 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u2 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079514: rustc-web 1.78.0+dfsg1-2~deb12u1 flagged for acceptance
package release.debian.org tags 1079514 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.78.0+dfsg1-2~deb12u1 Explanation: new upstream stable release, to support building new chromium and firefox-esr versions
Bug#1079454: python-django 3.2.19-1+deb12u2 flagged for acceptance
package release.debian.org tags 1079454 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: python-django Version: 3.2.19-1+deb12u2 Explanation: fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]
Bug#1076335: bookworm-pu: package libvirt/9.0.0-4
On Sat, 2024-08-24 at 14:58 +0200, Andrea Bolognani wrote: > thank you for looking into this and sorry for the late reply. I had > to focus all my Debian time on something else for a couple of weeks. > > In the meantime, this MR was opened asking for an additional bugfix > to be included in the next upload targeting bookworm: > > https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/227 > > What is the Release Team's preference here? Should I go ahead with > the upload that was originally agreed upon, or should I prepare a > debdiff that includes the additional changes so that you can have > another look and we can have a single upload covering everything? Well... I'd be OK with including that fix as well, but it depends how quickly you can handle things, and how urgent the other fixes are. The window for getting updates into the 12.7 point release closes this weekend, and it's already Saturday afternoon. If you can update your package to include the new fix and get it uploaded in time (with a new debdiff added to this bug log for the record) then fine. Regards, Adam
Bug#1079544: bullseye-pu: package amd64-microcode/3.20240820.1~deb11u1
Control: tags -1 + confirmed On Sat, 2024-08-24 at 09:52 -0300, Henrique de Moraes Holschuh wrote: > I would like to bring the *firmware* update level for AMD processors > in Bullseye and Bookworm to match what we have in Sid and Trixie. > This is the bug report for Bullseye, a separate one will be filled > for Bookworm. > > The update is a security update for AMD-SEV (AMD-SB-3003). It does > not change the processor microcode. Please go ahead. Regards, Adam
Bug#1079543: bookworm-pu: package amd64-microcode/3.20240820.1~deb12u1
Control: tags -1 + confirmed On Sat, 2024-08-24 at 09:51 -0300, Henrique de Moraes Holschuh wrote: > I would like to bring the *firmware* update level for AMD processors > in Bullseye and Bookworm to match what we have in Sid and Trixie. > This is the bug report for Bookworm, a separate one will be filled > for Bullseye. > > The update is a security update for AMD-SEV (AMD-SB-3003). It does > not change the processor microcode. Please go ahead. Regards, Adam
Bug#1079515: bullseye-pu: package rustc-web/1.78.0+dfsg1-2~deb11u1
Control: tags -1 + moreinfo
On Sat, 2024-08-24 at 10:27 +0200, Emilio Pozuelo Monfort wrote:
> This backports 1.78 from bookworm to bullseye. The changes are
> minimal.
> Again I haven't been able to build firefox against it yet, as I'm
> having trouble with the FF build and OOM issues. Would be good to get
> this accepted so that it can be built, and I'll keep working on that
> build and report here.
As noted on IRC, the binary package rename need to include rustfmt{,-dbgsym}:
rustfmt | 1.63.0+dfsg1-2 | stable| amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
rustfmt | 1.78.0+dfsg1-2~deb11u1 | oldstable-new | amd64
rustfmt | 1.78.0+dfsg1-2~deb12u1 | stable-new| amd64
rustfmt | 1.79.0+dfsg1-2 | testing | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.79.0+dfsg1-2 | unstable | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.80.1+dfsg1-1~exp1| experimental | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb11u1 | oldstable | amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb12u2 | stable| amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
A new upload is planned, but setting moreinfo for now.
Regards,
Adam
Bug#1079514: bookworm-pu: package rustc-web/1.78.0+dfsg1-2~deb12u1
Control: tags -1 + moreinfo
On Sat, 2024-08-24 at 10:25 +0200, Emilio Pozuelo Monfort wrote:
> This is an update for rustc-web to a newer release, needed by both
> newer chromium and firefox ESR 128 (turns out the version I
> backported
> was fine for firefox 125 in sid at the time, but 128 bumped it). I've
> gone for rustc 1.78 because it can be built with LLVM 16. For the
> next
> firefox ESR release (in about a year) or perhaps earlier for chromium
> we'll probably need to update rustc and backport a newer LLVM.
As noted on IRC, the binary package rename need to include rustfmt{,-dbgsym}:
rustfmt | 1.63.0+dfsg1-2 | stable| amd64, arm64, armel,
armhf, i386, mips64el, mipsel, ppc64el, s390x
rustfmt | 1.78.0+dfsg1-2~deb11u1 | oldstable-new | amd64
rustfmt | 1.78.0+dfsg1-2~deb12u1 | stable-new| amd64
rustfmt | 1.79.0+dfsg1-2 | testing | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.79.0+dfsg1-2 | unstable | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt | 1.80.1+dfsg1-1~exp1| experimental | amd64, arm64, armel,
armhf, i386, mips64el, ppc64el, riscv64, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb11u1 | oldstable | amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
rustfmt-web | 1.70.0+dfsg1-7~deb12u2 | stable| amd64, arm64, armhf,
i386, mips64el, ppc64el, s390x
A new upload is planned, but setting moreinfo for now.
Regards,
Adam
Re: Keeping choose-mirror updated
Hi, On Thu, 2024-08-22 at 21:39 +0100, Adam D. Barratt wrote: > I've also prepared 2.111+deb11u1, but not yet uploaded it as the > debdiff ends up as: > > Mirrors.masterlist | > + > - > -- > debian/changelog | 7 > 2 files changed, 1394 insertions(+), 3057 deletions(-) > > The diff doesn't obviously look crazy, but it is clear that the > current package in bullseye is from before the masterlist repository > served as an input for the mirror-status system, which then produces > the published version of Mirrors.masterlist. That accounts for a > chunk of the diff, together with 3 years worth of data changes. Indeed, the changelog for 2.111 makes it clear that the switch was imminent. I've now uploaded the bullseye package, so that it's available. If you're not comfortable with it then please feel free to apply the relevant pinning for the d-i build. Regards, Adam
Bug#1079450: bullseye-pu: package curl/7.74.0-1.3+deb11u13
Control: tags -1 + confirmed On Fri, 2024-08-23 at 08:16 -0300, Carlos Henrique Lima Melara wrote: > [ Reason ] > The reason is to fix CVE-2024-7264 [1] by cherry-picking and > backporting the upstream fixes released in curl 8.9.1. Please go ahead, bearing in mind that the window for the final bullseye point release closes this weekend. (Although you can of course co- ordinate with the LTS Team after that if need be.) Regards, Adam
Bug#1079460: bookworm-pu: package initramfs-tools/0.142+deb12u1
Control: tags -1 + confirmed On Fri, 2024-08-23 at 15:22 +0200, Ben Hutchings wrote: > - Some important drivers are currently not included in the initramfs > by default. > - If the same file is added to the initramfs and named through > multiple directory symlinks, it is duplicated in the initramfs. [...] > The change to symlink handling has been tested together with > firmware-nvidia-graphics from unstable. I will also test > the backport with reiserfsprogs (not yet done). [...] > There is some risk of regression from changes to the handling of > symlinked directories. The initial fix for this led to breakage > for reiserfsprogs (bug #1079276), but that has been resolved. Please go ahead. Note that the window for getting fixes into 12.7 will close this weekend. Regards, Adam
Bug#1079313: mlpost 0.8.2-4+deb11u1 flagged for acceptance
package release.debian.org tags 1079313 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: mlpost Version: 0.8.2-4+deb11u1 Explanation: fix build failure with newer ImageMagick versions
Bug#1079291: healpix-java 3.60+ds-4+deb11u1 flagged for acceptance
package release.debian.org tags 1079291 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: healpix-java Version: 3.60+ds-4+deb11u1 Explanation: fix build failure
Bug#1079271: trinity 1.9+git20200331.4d2343bd18c7b-2+deb11u1 flagged for acceptance
package release.debian.org tags 1079271 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: trinity Version: 1.9+git20200331.4d2343bd18c7b-2+deb11u1 Explanation: fix build failure by dropping support for DECNET
Bug#1079144: gettext.js 0.7.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1079144 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: gettext.js Version: 0.7.0-2+deb11u1 Explanation: fix server side request forgery issue [CVE-2024-43370]
Bug#1079353: cacti 1.2.24+ds1-1+deb12u3 flagged for acceptance
package release.debian.org tags 1079353 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cacti Version: 1.2.24+ds1-1+deb12u3 Explanation:
Bug#1079350: calamares-settings-debian 12.0.9-1+deb12u1 flagged for acceptance
package release.debian.org tags 1079350 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: calamares-settings-debian Version: 12.0.9-1+deb12u1 Explanation: fix Xfce launcher permission issue
Bug#1079317: curl 7.88.1-10+deb12u7 flagged for acceptance
package release.debian.org tags 1079317 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: curl Version: 7.88.1-10+deb12u7 Explanation: fix ASN.1 date parser overread issue [CVE-2024-7264]
Bug#1079143: gettext.js 0.7.0-3+deb12u1 flagged for acceptance
package release.debian.org tags 1079143 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: gettext.js Version: 0.7.0-3+deb12u1 Explanation: fix server side request forgery issue [CVE-2024-43370]
Re: Keeping choose-mirror updated
Hi, On Wed, 2024-08-14 at 22:15 +0200, Cyril Brulebois wrote: > Hi Adam, > > Adam D. Barratt (2024-08-14): > [...] > > I'd like to suggest that we get in the habit of updating the > > choose-mirror package more often, in order to provide a more > > current mirror list to d-i users. Most changes to the package > > consist of updates to the mirror list, or to translations of the > > included Debconf templates. [...] > I'm not sure which version to start from (current version in stable > or an initial backport from unstable — unless there's a compelling > reason for the latter, I'd rather go for the former, having had 0 > looks at all at this point), but it seems to me we could just > increment the version in stable, independently from what's happening > (or not) in unstable? Thanks for the reply. I've so far prepared and uploaded 2.126 (unstable) and 2.123+deb12u1 (bookworm). I've also prepared 2.111+deb11u1, but not yet uploaded it as the debdiff ends up as: Mirrors.masterlist | +--- debian/changelog |7 2 files changed, 1394 insertions(+), 3057 deletions(-) The diff doesn't obviously look crazy, but it is clear that the current package in bullseye is from before the masterlist repository served as an input for the mirror-status system, which then produces the published version of Mirrors.masterlist. That accounts for a chunk of the diff, together with 3 years worth of data changes. Regards, Adam
Bug#1079353: bookworm-pu: package cacti/1.2.24+ds1-1+deb12u3
Control: tags -1 -moreinfo +confirmed On Thu, 2024-08-22 at 18:45 +, Bastien Roucariès wrote: > Le jeudi 22 août 2024, 18:01:02 UTC Adam D. Barratt a écrit : > > Control: tags -1 + moreinfo > > > > On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote: > > > [ Reason ] > > > Security upload. Except CVE-2024-27082 that need > > > coordination with other packages. > > > > You appear to have forgotten the debdiff. > > Yes I just resend > +cacti (1.2.24+ds1-1+deb12u3) unstable; urgency=medium That should be bookworm, not unstable. With that fixed, please go ahead. Regards, Adam
Bug#1079317: bookworm-pu: package curl/7.88.1-10+deb12u7
Control: tags -1 + confirmed On Thu, 2024-08-22 at 09:37 -0300, Carlos Henrique Lima Melara wrote: > [ Reason ] > The reason is to fix CVE-2024-7264 [1] by cherry-picking and > backporting > the upstream fixes released in curl 8.9.1. Please go ahead. Regards, Adam
Bug#1079313: bullseye-pu: package mlpost/0.8.2-4+deb11u1
Control: tags -1 + confirmed On Thu, 2024-08-22 at 14:28 +0200, Santiago Vila wrote: > This upload fixes FTBFS bug #991060, which is probably the last > remaining build failure due to a new imagemagick version which > was introduced late during the development stage of bullseye. Please go ahead. Regards, Adam
Bug#1079291: bullseye-pu: package healpix-java/3.60+ds-4+deb11u1
Control; tags -1 + confirmed On Thu, 2024-08-22 at 12:43 +0200, Santiago Vila wrote: > This upload fixes FTBFS bug #1022373 in bullseye. Please go ahead. Regards, Adam
Bug#1079353: bookworm-pu: package cacti/1.2.24+ds1-1+deb12u3
Control: tags -1 + moreinfo On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote: > [ Reason ] > Security upload. Except CVE-2024-27082 that need > coordination with other packages. You appear to have forgotten the debdiff. Regards, Adam
Bug#1079086: systemd 252.30-1~deb12u1 flagged for acceptance
package release.debian.org tags 1079086 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.30-1~deb12u1 Explanation: new upstream stable release
Bug#1078937: openssl 3.0.14-1~deb12u1 flagged for acceptance
package release.debian.org tags 1078937 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openssl Version: 3.0.14-1~deb12u1 Explanation: new upstream stable release; fix denial of service issues [CVE-2024-2511 CVE-2024-4603]; fix use after free issue [CVE-2024-4741]
Bug#1079140: intel-microcode 3.20240813.1~deb12u1 flagged for acceptance
package release.debian.org tags 1079140 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240813.1~deb12u1 Explanation: new upstream release; security fixes [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939]
Bug#1077509: cyrus-imapd 3.6.1-4+deb12u3 flagged for acceptance
package release.debian.org tags 1077509 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cyrus-imapd Version: 3.6.1-4+deb12u3 Explanation: fix regression introduced in CVE-2024-34055 fix
Bug#1078176: dcm2niix 1.0.20220720-1+deb12u1 flagged for acceptance
package release.debian.org tags 1078176 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dcm2niix Version: 1.0.20220720-1+deb12u1 Explanation: fix potential code execution issue [CVE-2024-27629]
Bug#1079271: bullseye-pu: package trinity/1.9+git20200331.4d2343bd18c7b-2+deb11u1
Control: tags -1 + confirmed On Thu, 2024-08-22 at 03:47 +0200, Santiago Vila wrote: > This upload fixes FTBFS bug #1028795. Please go ahead, bearing in mind the closeness of the window close. Regards, Adam
Bug#1078781: amd64-microcode 3.20240710.2~deb12u1 flagged for acceptance
package release.debian.org tags 1078781 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240710.2~deb12u1 Explanation: new upstream release; security fixes [CVE-2023-31315]
Bug#1077549: xmedcon 0.23.0-gtk3+dfsg-1+deb12u1 flagged for acceptance
package release.debian.org tags 1077549 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: xmedcon Version: 0.23.0-gtk3+dfsg-1+deb12u1 Explanation: fix buffer overflow issue [CVE-2024-29421]
Bug#1076784: libapache2-mod-auth-openidc 2.4.12.3-2+deb12u2 flagged for acceptance
package release.debian.org tags 1076784 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libapache2-mod-auth-openidc Version: 2.4.12.3-2+deb12u2 Explanation: avoid crash when the Forwarded header is not present but OIDCXForwardedHeaders is configured for it
Bug#1077515: putty 0.78-2+deb12u2 flagged for acceptance
package release.debian.org tags 1077515 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: putty Version: 0.78-2+deb12u2 Explanation: fix weak ECDSA nonce generation allowing secret key recovery [CVE-2024-31497]
Bug#1076504: qemu 7.2+dfsg-7+deb12u7 flagged for acceptance
package release.debian.org tags 1076504 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qemu Version: 7.2+dfsg-7+deb12u7 Explanation: new upstream stable release; fix denial of service issue [CVE-2024-4467]
Bug#1076345: graphviz 2.42.2-7+deb12u1 flagged for acceptance
package release.debian.org tags 1076345 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: graphviz Version: 2.42.2-7+deb12u1 Explanation: fix broken scale
Bug#1076156: imagemagick 6.9.11.60+dfsg-1.6+deb12u2 flagged for acceptance
package release.debian.org tags 1076156 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: imagemagick Version: 6.9.11.60+dfsg-1.6+deb12u2 Explanation: fix segmentation fault issue; fix incomplete fix for CVE-2023-34151
Bug#1079217: net-tools 1.60+git20181103.0eebece-1+deb11u1 flagged for acceptance
package release.debian.org tags 1079217 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: net-tools Version: 1.60+git20181103.0eebece-1+deb11u1 Explanation: drop build-dependency on libdnet-dev
Bug#1079141: intel-microcode 3.20240813.1~deb11u1 flagged for acceptance
package release.debian.org tags 1079141 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240813.1~deb11u1 Explanation: new upstream release; security fixes [CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939]
Bug#1079115: symfony 4.4.19+dfsg-2+deb11u6 flagged for acceptance
package release.debian.org tags 1079115 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: symfony Version: 4.4.19+dfsg-2+deb11u6 Explanation: fix homemade autoload
Bug#1078782: amd64-microcode 3.20240710.2~deb11u1 flagged for acceptance
package release.debian.org tags 1078782 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20240710.2~deb11u1 Explanation: new upstream release; security fixes [CVE-2023-31315]
Bug#1079143: bookworm-pu: package gettext.js/0.7.0-3+deb12u1
Control: tags -1 + confirmed On Tue, 2024-08-20 at 17:31 +0400, Yadd wrote: > gettext is vulnerable to a SSRF issue (#1078880, CVE-2024-43370) As with the bullseye request, this appears not to have made it to debian-release. Please go ahead. Regards, Adam
Bug#1079144: bullseye-pu: package gettext.js/0.7.0-2+deb11u1
Control: tags -1 + confirmed On Tue, 2024-08-20 at 17:31 +0400, Yadd wrote: > gettext is vulnerable to a SSRF issue (#1078880, CVE-2024-43370) This request doesn't appear to have made it to debian-release for some reason. Please go ahead. Regards, Adam
Bug#1079217: bullseye-pu: package net-tools/1.60+git20181103.0eebece-1+deb11u1
Control: tags -1 + confirmed On Wed, 2024-08-21 at 19:38 +0200, Santiago Vila wrote: > This upload is required to be able to remove dnprogs from bullseye, Please go ahead. Regards, Adam
Bug#1079021: RM: dnprogs/2.65
On Mon, 2024-08-19 at 16:59 +0200, Santiago Vila wrote: > Note: I've unarchived this bug and proposed a trivial patch: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024730 > > Hopefully there will be another release.debian.org request > soon for net-tools to complement this one. OK, thanks for the update. Don't forget that the window for the final bullseye point release closes this coming weekend. Regards, Adam
Bug#1079140: bookworm-pu: package intel-microcode/3.20240813.1~deb12u1
Control: tags -1 + confirmed On Tue, 2024-08-20 at 09:57 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > microcode update level for Intel processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. This is the bug report for > Bookworm, a separate one will be filled for Bullseye. Please go ahead. I was going to ask if we were affected by the issue mentioned in https://www.openwall.com/lists/oss-security/2024/08/16/3 , but then I read the upstream issue and saw you had already commented there. :-) Regards, Adam
Bug#1079141: bullseye-pu: package intel-microcode/3.20240813.1~deb11u1
Control: tags -1 + confirmed On Tue, 2024-08-20 at 10:00 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > microcode update level for Intel processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. Please go ahead. Regards, Adam
Bug#1079021: RM: dnprogs/2.65
Control: tags -1 +moreinfo On Mon, 2024-08-19 at 02:25 +0200, Santiago Vila wrote: > I believe this package (dnprogs) should be removed from bullseye > in the next (and last) upcoming point release. > > - Main reason: Packages in bullseye must build in bullseye. > > This package does not build from source, and there is > no workaround (the error is a compiler error, not a test > failure). > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070960 Unfortunately it's not that simple: Checking reverse dependencies... # Broken Build-Depends: net-tools: libdnet-dev Regards, Adam
Bug#1078782: bullseye-pu: package amd64-microcode/3.20240710.2~deb11u1
Control: tags -1 + confirmed On Thu, 2024-08-15 at 22:26 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > *firmware* update level for AMD processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. This is the bug report for > Bullseye, a separate one will be filled for Bookworm. > > The microcode update is a security update for "Sinkclose", plus > unspecified functional issues. > > This update not only syncs the processor microcode updates and AMD > SEV firmware with what we distribute in Sid and Trixie, but also adds > the firmware data files for AMD-TEE. > > It does NOT enable AMD TEE by itself. Please go ahead. Regards, Adam
Bug#1078781: bookworm-pu: package amd64-microcode/3.20240710.2~deb12u1
Control: tags -1 + confirmed On Thu, 2024-08-15 at 22:24 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > *firmware* update level for AMD processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. This is the bug report for > Bookworm, a separate one will be filled for Bullseye. > > The microcode update is a security update for "Sinkclose", plus > unspecified functional issues. > > This update not only syncs the processor microcode updates and AMD > SEV firmware with what we distribute in Sid and Trixie, but also adds > the firmware data files for AMD-TEE. > > It does NOT enable AMD TEE by itself. Please go ahead. Regards, Adam
Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
Control: tags -1 + confirmed On Wed, 2024-08-07 at 23:24 +0200, Étienne Mollier wrote: > dcm2niix is affected by minor security issue CVE-2024-27629 in > bookworm: a local attacker can execute arbitrary code as the > generated file name is not properly escaped and injected into a > system call when certain types of compression are used. Please go ahead. Regards, Adam
Bug#1077549: bookworm-pu: package xmedcon/0.23.0-gtk3+dfsg-1+deb12u1
Control: tags -1 + confirmed On Mon, 2024-07-29 at 23:00 +0200, Étienne Mollier wrote: > xmedcon in bookworm is affected by CVE-2024-29421. It is, > quoting the description: "vulnerable to Buffer Overflow via > libs/dicom/basic.c which allows an attacker to execute arbitrary > code". It is currently rated minor by the security team, hence > following the proposed-update process instead of a security > update. The issue is tracked in #1077369. Please go ahead. Regards, Adam
Bug#1077515: bookworm-pu: package putty/0.78-2+deb12u2
Control: tags -1 + confirmed On Mon, 2024-07-29 at 15:32 +, Bastien Roucariès wrote: > Security fix CVE-2024-31497 Please go ahead. Regards, Adam
Bug#1076504: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u7
Control: tags -1 + confirmed On Wed, 2024-07-17 at 15:15 +0300, Michael Tokarev wrote: > [ Reason ] > There were 2 qemu stable/bugfix releases (7.2.12 and 7.2.13) since > the previous debian release, fixing a number of various issues. > It would be nice to have these fixes in debian too, so debian users > will benefit from the qemu stable series. > > Among others, this release fixes an important security issue: > CVE-2024-4467, #1075824. > > Unfortunately, this release does not include fix for CVE-2024-6505 > (#1075919), since no information about this one is known at this > time. [...] > Maybe it's better to push this update through debian-security > instead of regular stable-proposed-updates. Cc'ing > team@security.d.o for this. Or maybe it's better to include > just the CVE-2024-4467 fix now in a security update, and revert > it for next s-p-u which includes whole upstream thing. It looks like nothing happened there? Please feel free to go ahead. Regards, Adam
Bug#1077509: bookworm-pu: package cyrus-imapd/3.6.1-4+deb12u3
Control: tags -1 + confirmed On Mon, 2024-07-29 at 17:55 +0400, Yadd wrote: > There was a regression introduced by CVE-2024-34055 which breaks > Cyrus-Imapd's murder (RC bug #1075853). Please go ahead. Regards, Adam
Bug#1076345: bookworm-pu: graphviz/2.42.2-7+deb12u1
Control: tags -1 + confirmed On Sun, 2024-07-14 at 20:52 +0200, László Böszörményi wrote: > [ Reason ] > Graphviz scaling output with SVG is wrong when the "size" attribute > is set. Please go ahead. Regards, Adam
Bug#1076156: bookworm-pu: package imagemagick/8:6.9.11.60+dfsg-1.6+deb12u2
Control: tags -1 + confirmed On Thu, 2024-07-11 at 17:16 +, Bastien Roucariès wrote: > * CVE-2023-34151 fix was incomplete (Closes: #1070340) > * Fix variation of CVE-2023-1289 found by testing. Please go ahead. Regards, Adam
Bug#1078766: onionshare 2.2-3+deb11u2 flagged for acceptance
package release.debian.org tags 1078766 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: onionshare Version: 2.2-3+deb11u2 Explanation: demote obfs4proxy dependency to Recommends, to allow removal of obfs4proxy
Bug#1078762: usb.ids 2024.07.04-0+deb11u1 flagged for acceptance
package release.debian.org tags 1078762 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: usb.ids Version: 2024.07.04-0+deb11u1 Explanation: update included data list
Bug#1078739: bind9 9.16.50-1~deb11u2 flagged for acceptance
package release.debian.org tags 1078739 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: bind9 Version: 9.16.50-1~deb11u2 Explanation: allow the limits introduced to fix CVE-2024-1737 to be configured
Bug#1078733: apache2 2.4.62-1~deb11u1 flagged for acceptance
package release.debian.org tags 1078733 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: apache2 Version: 2.4.62-1~deb11u1 Explanation: new upstream stable release; fix content disclosure issue [CVE-2024-40725]
Bug#1078160: ocsinventory-server 2.8.1+dfsg1-1+deb11u1 flagged for acceptance
package release.debian.org tags 1078160 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: ocsinventory-server Version: 2.8.1+dfsg1-1+deb11u1 Explanation: backport compatibility with php-cas version addressing CVE 2022-39369
Bug#1077984: php-cas 1.3.8-1+deb11u1 flagged for acceptance
package release.debian.org tags 1077984 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-cas Version: 1.3.8-1+deb11u1 Explanation: fix Service Hostname Discovery Exploitation issue [CVE-2022-39369]
Bug#1077999: fusiondirectory 1.3-4+deb11u1 flagged for acceptance
package release.debian.org tags 1077999 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: fusiondirectory Version: 1.3-4+deb11u1 Explanation: backport compatibility with php-cas version addressing CVE 2022-39369; fix improper seesion handling issue [CVE-2022-36179]; fix cross site scripting issue [CVE-2022-36180]
Bug#1077652: libvirt 7.0.0-3+deb11u3 flagged for acceptance
package release.debian.org tags 1077652 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libvirt Version: 7.0.0-3+deb11u3 Explanation: fix sVirt confinement issue [CVE-2021-3631], use after free issue [CVE-2021-3975], denial of service issues [CVE-2021-3667 CVE-2021-4147 CVE-2022-0897 CVE-2024-1441 CVE-2024-2494 CVE-2024-2496]
Bug#1076527: ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 flagged for acceptance
package release.debian.org tags 1076527 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: ansible Version: 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 Explanation: new usptream stable release; fix template injection issue [CVE-2021-3583], information disclosure issue [CVE-2021-3620], file overwrite issue [CVE-2023-5115], template injection issue [CVE-2023-5764], information disclosure issues [CVE-2024-0690 CVE-2022-3697]; document workaround for ec2 private key leak [CVE-2023-4237]
Bug#1076832: glibc 2.31-13+deb11u11 flagged for acceptance
package release.debian.org tags 1076832 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: glibc Version: 2.31-13+deb11u11 Explanation: fix ffsll() performance issue depending on code alignment; performance improvements for memcpy() on arm64; fix y2038 regression in nscd following CVE-2024-33601 and CVE-2024-33602 fix
Bug#1076158: imagemagick 6.9.11.60+dfsg-1.3+deb11u4 flagged for acceptance
package release.debian.org tags 1076158 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: imagemagick Version: 6.9.11.60+dfsg-1.3+deb11u4 Explanation: fix divide by zero issues [CVE-2021-20312 CVE-2021-20313]; fix incomplete fix for CVE-2023-34151
Bug#1076016: dropbear 2020.81-3+deb11u2 flagged for acceptance
package release.debian.org tags 1076016 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: dropbear Version: 2020.81-3+deb11u2 Explanation: fix "noremotetcp" behaviour of keepalive packets in combination with the ‛no-port-forwarding’ authorized_keys(5) restriction
Bug#1078761: usb.ids 2024.07.04-0+deb12u1 flagged for acceptance
package release.debian.org tags 1078761 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: usb.ids Version: 2024.07.04-0+deb12u1 Explanation: update included data list
Bug#1076831: glibc 2.36-9+deb12u8 flagged for acceptance
package release.debian.org tags 1076831 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glibc Version: 2.36-9+deb12u8 Explanation: fix freeing uninitialized memory in libc_freeres_fn(); fix several performance issues and possible crashses
Bug#1076531: apache2 2.4.62-1~deb12u1 flagged for acceptance
package release.debian.org tags 1076531 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: apache2 Version: 2.4.62-1~deb12u1 Explanation: new upstream stable release; fix content disclosure issue [CVE-2024-40725]
Bug#1076015: dropbear 2022.83-1+deb12u2 flagged for acceptance
package release.debian.org tags 1076015 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dropbear Version: 2022.83-1+deb12u2 Explanation: fix "noremotetcp" behaviour of keepalive packets in combination with the ‛no-port-forwarding’ authorized_keys(5) restriction
