Bug#930024: neovim: Arbitrary Code Execution exploit on all neovim versions < 0.3.6 via modelines
Source: neovim Severity: important Tags: upstream Dear Maintainer, Neovim versions < 0.3.6 are subject to an Arbitrary Code Execution exploit via modelines, as described in this blogpost: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim- neovim.md Upgrading the Neovim package to >= 0.3.6 fixes this exploit. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#930022: vim: Arbitrary Code Execution exploit on all VIM versions < 8.1.1365 via modelines
Source: vim Severity: important Tags: upstream Dear Maintainer, Vim versions < 8.1.1365 are subject to an Arbitrary Code Execution exploit via modelines, as described in this blogpost: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim- neovim.md Upgrading the Vim package to >= 8.1.1365 fixes this exploit. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#805711: Info received (light-locker: no login possible after suspend)
This issue is still present in Buster. The workaround (switch to VT8 then back to VT7) also still works in Buster. signature.asc Description: OpenPGP digital signature
Bug#924955: discover: Sort dropdown menu options disappear when moused over
Apologies, this was meant for plasma-discover. Please close this bug. signature.asc Description: OpenPGP digital signature
Bug#923653: RE: plasma-discover: mousehover over sort options makes them disappear
On Sat, 16 Mar 2019 19:02:42 + Larus Contract wrote: > Some additional information: deactivating compositor doesn't help. > The options start disapperating on the second item, meaning the first is > selectable and works. > I've added images showing the problem. In the images, there is an update > ongoing, but they do not affect the package nor the bug, it persisted after > the update. Confirmed on my end as well. It is not the first item in the list that triggers this bug, but rather "any" item on the list that is highlighted. This bug is also present on Fedora as well (running Plasma 5.14.5 and KDE Frameworks 5.55). This may be an upstream bug, unsure if it was fixed in Plasma 5.15 or not. signature.asc Description: OpenPGP digital signature
Bug#924220: sddm-theme-debian-maui: background-nologo.svg from theme.conf does not exist
On Sun, 10 Mar 2019 12:22:07 +0100 Robert wrote: > Package: sddm-theme-debian-maui > Version: 0.18.0-1 > Severity: important > > Dear Maintainer, > > "/usr/share/sddm/themes/debian-maui/theme.conf" contains > "background=/usr/share/desktop-base/active-theme/login/background-nologo.svg", > but the "background-nologo.svg" does not exist on a fresh installed debian > testing. > > There is only a "background.svg" and a "background-withlogo.svg" under > "/usr/share/desktop-base/active-theme/login/" This is a problem when upgrading from Stretch to Buster as well. background-nologo.svg is deleted from the system as a result of the change in default theme to FuturePrototype from softWaves. This should be classified as a critical bug IMO, as it directly impacts KDE Plasma users upgrading from Stretch to Buster. signature.asc Description: OpenPGP digital signature
Bug#917812: gnome-software: update broke gnome software
I too am affected by this bug. Gnome-software routinely stalls at "Software catalog is being loaded". Only a full system restart seems to restore functionality, and only temporarily. signature.asc Description: This is a digitally signed message part
Bug#922179: shim-signed depends on packages not repos
Package: shim-signed Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Attempted to install shim-signed, it depends on: * shim 0.9+1474479173.6c180c6-1, however version 15+1533136590.3beb971-2 is the one in the repos * secureboot-db, however that package is not in the sid repos at all. * What exactly did you do (or not do) that was effective (or ineffective)? N/A * What was the outcome of this action? Failed to install * What outcome did you expect instead? I expected shim-signed to be installable. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shim-signed depends on: ii debconf [debconf-2.0] 1.5.70 ii grub-efi-amd64-bin 2.02+dfsg1-11 ii grub2-common 2.02+dfsg1-11 pn mokutil ii shim 15+1533136590.3beb971-2 Versions of packages shim-signed recommends: pn secureboot-db shim-signed suggests no packages.
Bug#921118: RFP: qml-box2d -- The goal of the qml-box2d plugin is to expose the functionality of Box2D (C++) as a QML plugin in order to make it easier to write physics based software in QML.
Package: wnpp Severity: wishlist * Package name: qml-box2d Version : 2.0.0 Upstream Author : Thorbjørn Lindeijer * URL : https://github.com/qml-box2d/qml-box2dh * License : Zlib Programming Lang: QML Description : The goal of the qml-box2d plugin is to expose the functionality of Box2D (C++) as a QML plugin in order to make it easier to write physics based software in QML. This package is a missing optional dependency for Gcompris, Bug #920752. Currently Gcompris is built without this library, and is missing a few activities. Adding this package to Debian and rebuilding Gcompris with the proper build option will allow us to close Bug #920752.
Bug#920752: gcompris-qt-data: Gcompris Debian version is missing activities found in flatpak version
On Fri, 1 Feb 2019 13:46:42 +0100 Johnny Jazeix wrote: > Sorry, I didn't see the reply, I thought I would have a notification. > > These activities use box2d and according to the logs ( > https://buildd.debian.org/status/fetch.php?pkg=gcompris-qt=alpha=0.95-1=1547387638=0) > it is disabled and we don't add them in the package on this case > ("Disabling qml-box2d module and depending activities: > balancebox,land_safe,submarine"). > > This means that, even if box2d is installed afterwards, these activities > won't be present. > > I created a new task on GCompris bug server to check if it is possible to > have the box2d check at runtime instead of compilation time: > https://phabricator.kde.org/T10432 > > On Debian side, it seems the qml-box2d library is not packaged ( > https://github.com/qml-box2d/qml-box2d). > In GCompris, when it's not available we compile it ourselves (via > -DQML_BOX2D_MODULE=submodule) but I'm not sure if it would be acceptable to do > it in Debian? > Best way would probably be for qml-box2d to be packaged, set it as a > mandatory dependency and use -DQML_BOX2D_MODULE=system. > > Note: I'm one of the GCompris developers, I don't know much about the > packaging. > > Johnny Thank you Johnny for the insight! Looking at the license for qml-box2d, I don't see any reason that it shouldn't be included in Debian, but considering how late we are into the Buster release cycle, I don't think we can get it in the repos in time for Buster? In any case, I think this bug should be reclassified as a missing dependency. signature.asc Description: OpenPGP digital signature
Bug#920752: gcompris-qt-data: Gcompris Debian version is missing activities found in flatpak version
On Wed, 30 Jan 2019 13:49:35 +0100 Johnny Jazeix wrote: > Hi, > > can you be more precise on which activities are missing? > > Regards, > > Johnny I can. Under the Pig (science?) section, the Debian version is missing "Land Safe" and "Pilot a Submarine" Under Konqi (Games?) section, the Debian version is missing "Balance Box" Fortunately, those three seem to be the only ones missing. Cheers. -Matt signature.asc Description: OpenPGP digital signature
Bug#920752: gcompris-qt-data: Gcompris Debian version is missing activities found in flatpak version
Package: gcompris-qt-data Version: 0.95-1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I was comparing the Flatpak version of Gcompris and the Debian version of Gcompris, and I noticed that the Debian version in Testing is missing a few activities found in the Flatpak version. I verified that the software version of both is the same (0.95) so I believe the issue is in the gcompris-qt-data package. * What exactly did you do (or not do) that was effective (or ineffective)? N/A * What was the outcome of this action? N/A * What outcome did you expect instead? I expected the Debian version of Gcompris to have the same activities as the Flatpak version. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled gcompris-qt-data depends on no packages. Versions of packages gcompris-qt-data recommends: ii gcompris-qt 0.95-1 gcompris-qt-data suggests no packages. -- no debconf information
Bug#905867: firmware-realtek: Wi-Fi does not work on rtl8822be but Bluetooth does
I can confirm this bug on my end too on my Lenovo E580 laptop. What I find odd is that Ubuntu has no problems recognizing this chipset and having the wifi work, but Debian doesn't even recognize that the WiFi device is there.
Bug#906158: intel-microcode: Update intel-microcode to 20180807
I can't speak for the maintainer, or the ability to redistribute, but clause 3 (v) of the license is pretty troublesome. To quote: 3. LICENSE RESTRICTIONS. All right, title and interest in and to the Software and associated documentation are and will remain the exclusive property of Intel and its licensors or suppliers. Unless expressly permitted under the Agreement, You will not, and will not allow any third party to **Snip** (v) publish or provide any Software benchmark or comparison test results. **Snip** This is basically telling end users that they can't use the software in any way they see fit, nor publish the results as they see fit. This package might already be in non-free, but this seems a bit much.
Bug#846278: Bug 846278
I want to confirm that this is still a problem in Stretch. I experience the same problem as message #25 using Nvidia drivers, only I have no way of actually switching TTYs to force a log out! This is on a brand new install of 9.4.
Bug#884198: ecryptfs-utils missing dependency "rsync"
Package: ecryptfs-utils Version: 111-4 Severity: normal Dear Maintainer, In order to use the command "ecryptfs-migrate-home" which is provided by ecryptfs-utils, the utility rsync is required. Without rsync installed, the "ecryptfs-migrate-home" command will error out stating that rsync needs to be installed. Please consider making rsync a dependency for the "ecryptfs-utils" package. If that is not desired, please make it either a suggested or recommended dependency. Thank you. -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ecryptfs-utils depends on: ii gettext-base0.19.8.1-2 ii keyutils1.5.9-9 ii libassuan0 2.4.3-2 ii libc6 2.24-11+deb9u1 ii libecryptfs1111-4 ii libgpg-error0 1.26-2 ii libgpgme11 1.8.0-3+b2 ii libkeyutils11.5.9-9 ii libpam-runtime 1.1.8-3.6 ii libpam0g1.1.8-3.6 ii libtspi10.3.14+fixed1-1 ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: ii cryptsetup 2:1.7.3-4 -- no debconf information
Bug#879484: Network-Manager should Default to Non-Random MAC Address on WiFi
Package: network-manager Version: 1.6.2-3 Severity: wishlist Dear Maintainer, I think that Network-Manager default settings should be changed to default to non-random MAC addresses on WiFi. Even though there are security reasons for enabling this by default, this results in less "out of the box" support for WiFi cards on fresh Debian installs and on Live CDs. Other GNU/Linux distributions have this setting disabled by default. * What led up to the situation? I was using a live CD of Debian 9.2 with Gnome (written to a USB thumb rive), and my wireless card was not connecting to my network, even though Network- Manager was detecting both the card and the network. I tried a live CD for Ubuntu 17.10 Gnome version, and it connected without issue. I investigated, and saw that Ubuntu's live CD has a setting in "/etc/NetworkManager/NetworkManager.conf" that is not present on Debian's version: [device] wifi.scan-rand-mac-address=no * What exactly did you do (or not do) that was effective (or ineffective)? I added this setting to "/etc/NetworkManager/NetworkManager.conf" on my Debian live CD, and after restarting Network Manager my wireless card connected to my WiFi network without issue. [device] wifi.scan-rand-mac-address=no -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages network-manager depends on: ii adduser3.115 ii dbus 1.10.22-0+deb9u1 ii init-system-helpers1.48 ii libaudit1 1:2.6.7-2 ii libbluetooth3 5.43-2+deb9u1 ii libc6 2.24-11+deb9u1 ii libglib2.0-0 2.50.3-2 ii libgnutls303.5.8-5+deb9u3 ii libgudev-1.0-0 230-3 ii libjansson42.9-1 ii libmm-glib01.6.4-1 ii libndp01.6-1+b1 ii libnewt0.520.52.19-1+b1 ii libnl-3-2003.2.27-2 ii libnm0 1.6.2-3 ii libpam-systemd 232-25+deb9u1 ii libpolkit-agent-1-00.105-18 ii libpolkit-gobject-1-0 0.105-18 ii libreadline7 7.0-3 ii libselinux12.6-3+b3 ii libsoup2.4-1 2.56.0-2+deb9u1 ii libsystemd0232-25+deb9u1 ii libteamdctl0 1.26-1+b1 ii libuuid1 2.29.2-1 ii lsb-base 9.20161125 ii policykit-10.105-18 ii udev 232-25+deb9u1 ii wpasupplicant 2:2.4-1+deb9u1 Versions of packages network-manager recommends: ii crda 3.18-1 ii dnsmasq-base 2.76-5+deb9u1 ii iptables 1.6.0+snapshot20161117-6 ii iputils-arping 3:20161105-1 ii isc-dhcp-client 4.3.5-3 ii modemmanager 1.6.4-1 ii ppp 2.4.7-1+4 Versions of packages network-manager suggests: pn libteam-utils -- no debconf information