NEW changes in oldstable-new
Processing changes file: curl_7.74.0-1.3+deb11u9_arm64-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_armel-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: base-files_12.4+deb12u2_arm64-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_armel-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_arm64-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_armel-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_armhf-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_armel-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_arm64-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_armel-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_armhf-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: amd64-microcode_3.20230808.1.1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_amd64-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_arm64-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_armel-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_armhf-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_i386-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_mips64el-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_mipsel-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_ppc64el-buildd.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_s390x-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_all-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_armel-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_s390x-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_all-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_amd64-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_armhf-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_i386-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_mipsel-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_ppc64el-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_s390x-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_mipsel-buildd.changes ACCEPT Processing changes file: lemonldap-ng_2.0.11+ds-4+deb11u5_all-buildd.changes ACCEPT Processing changes file: lttng-modules_2.12.5-1+deb11u1_all-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: amd64-microcode_3.20230808.1.1~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: amd64-microcode_3.20230808.1.1~deb12u1_i386-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_amd64-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_armhf-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_i386-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_mips64el-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_mipsel-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_ppc64el-buildd.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_s390x-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_all-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_amd64-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_i386-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_mips64el-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_mipsel-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_ppc64el-buildd.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_s390x-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_all-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_i386-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: lemonldap-ng_2.16.1+ds-deb12u2_all-buildd.changes ACCEPT Processing changes file: python-git_3.1.30-1+deb12u2_all-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_all-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_i386-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: rmlint_2.9.0-2.5~deb12u1_s390x-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: gitit_0.13.0.0+dfsg-2+b2_amd64-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_arm64-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_armel-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_armhf-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_i386-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_mips64el-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_ppc64el-buildd.changes ACCEPT Processing changes file: gitit_0.13.0.0+dfsg-2+b2_s390x-buildd.changes ACCEPT
Bug#1042057: binNMUs needed for new pandoc in *stable
On Sun, 2023-10-01 at 18:37 +0100, Adam D. Barratt wrote: > wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to > clear version space for rebuilds in stable; see #1042058" > wb nmu 6 gitit haskell-hakyll . ANY . bookworm . -m "Rebuild against > new pandoc; see #1042058" > wb nmu 2 gitit haskell-hakyll . ANY . bullseye . -m "Rebuild against > new pandoc; see #1042057" The packages don't build in unstable currently, so I've binNMUed them in testing and we'll see if we can get them prop-upped. For bullseye, haskell-hakyll ends up needing a version of haskell- pandoc-citeproc built against the newer pandoc, so I've binNMUed that as well. Regards, Adam
NEW changes in oldstable-new
Processing changes file: amd64-microcode_3.20230808.1.1~deb11u1_amd64.changes ACCEPT Processing changes file: base-files_11.1+deb11u8_source.changes ACCEPT Processing changes file: cpio_2.13+dfsg-7.1~deb11u1_source.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u9_source.changes ACCEPT Processing changes file: lemonldap-ng_2.0.11+ds-4+deb11u5_source.changes ACCEPT Processing changes file: lttng-modules_2.12.5-1+deb11u1_source.changes ACCEPT
NEW changes in stable-new
Processing changes file: rmlint_2.9.0-2.5~deb12u1_source.changes ACCEPT
NEW changes in stable-new
Processing changes file: amd64-microcode_3.20230808.1.1~deb12u1_source.changes ACCEPT Processing changes file: base-files_12.4+deb12u2_source.changes ACCEPT Processing changes file: foot_1.13.1-2+deb12u1_source.changes ACCEPT Processing changes file: lemonldap-ng_2.16.1+ds-deb12u2_source.changes ACCEPT
Processed: lemonldap-ng 2.0.11+ds-4+deb11u5 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053220 = bullseye pending Bug #1053220 [release.debian.org] bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u5 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053220: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: lttng-modules 2.12.5-1+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1035464 = bullseye pending Bug #1035464 [release.debian.org] bullseye-pu: package lttng-modules/2.12.5-1+deb11u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1035464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035464 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053220: lemonldap-ng 2.0.11+ds-4+deb11u5 flagged for acceptance
package release.debian.org tags 1053220 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: lemonldap-ng Version: 2.0.11+ds-4+deb11u5 Explanation: fix open redirection when OIDC RP has no redirect URIs; fix Server Side Request Forgery issue [CVE-2023-44469]; fix open redirection due to incorrect escape handling
Bug#1035464: lttng-modules 2.12.5-1+deb11u1 flagged for acceptance
package release.debian.org tags 1035464 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: lttng-modules Version: 2.12.5-1+deb11u1 Explanation: fix build issues with newer kernel versions
Processed: curl 7.74.0-1.3+deb11u9 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053270 = bullseye pending Bug #1053270 [release.debian.org] bullseye-pu: package curl/7.74.0-1.3+deb11u9 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053270 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: amd64-microcode 3.20230808.1.1~deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053290 = bullseye pending Bug #1053290 [release.debian.org] bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053290: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053290 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: lemonldap-ng 2.16.1+ds-deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053219 = bookworm pending Bug #1053219 [release.debian.org] bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cpio 2.13+dfsg-7.1~deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053271 = bullseye pending Bug #1053271 [release.debian.org] bullseye-pu: package cpio/2.13+dfsg-7.1~deb11u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: rmlint 2.9.0-2.5~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053272 = bookworm pending Bug #1053272 [release.debian.org] bookworm-pu: package rmlint/2.9.0-2.5~deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053292: amd64-microcode 3.20230808.1.1~deb12u1 flagged for acceptance
package release.debian.org tags 1053292 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20230808.1.1~deb12u1 Explanation: update included microcode, including fixes for "AMD Inception" on AMD Zen4 processors [CVE-2023-20569]
Processed: foot 1.13.1-2+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053189 = bookworm pending Bug #1053189 [release.debian.org] bookworm-pu: package foot/1.13.1-2+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053290: amd64-microcode 3.20230808.1.1~deb11u1 flagged for acceptance
package release.debian.org tags 1053290 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amd64-microcode Version: 3.20230808.1.1~deb11u1 Explanation: update included microcode, including fixes for "AMD Inception" on AMD Zen4 processors [CVE-2023-20569]
Bug#1053272: rmlint 2.9.0-2.5~deb12u1 flagged for acceptance
package release.debian.org tags 1053272 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rmlint Version: 2.9.0-2.5~deb12u1 Explanation: fix GUI startup failure with recent python3.11
Bug#1053271: cpio 2.13+dfsg-7.1~deb11u1 flagged for acceptance
package release.debian.org tags 1053271 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: cpio Version: 2.13+dfsg-7.1~deb11u1 Explanation: fix arbitrary code execution issue [CVE-2021-38185]; replace Suggests: on libarchive1 with libarchive-dev
Processed: amd64-microcode 3.20230808.1.1~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053292 = bookworm pending Bug #1053292 [release.debian.org] bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053292 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053270: curl 7.74.0-1.3+deb11u9 flagged for acceptance
package release.debian.org tags 1053270 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: curl Version: 7.74.0-1.3+deb11u9 Explanation: fix improper certificate validation issue [CVE-2023-28321], information disclosure issue [CVE-2023-28322]
Bug#1053219: lemonldap-ng 2.16.1+ds-deb12u2 flagged for acceptance
package release.debian.org tags 1053219 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: lemonldap-ng Version: 2.16.1+ds-deb12u2 Explanation: fix open redirection when OIDC RP has no redirect URIs; fix Server Side Request Forgery issue [CVE-2023-44469]
Bug#1053189: foot 1.13.1-2+deb12u1 flagged for acceptance
package release.debian.org tags 1053189 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: foot Version: 1.13.1-2+deb12u1 Explanation: ignore XTGETTCAP queries with invalid hex encodings
Bug#1042057: binNMUs needed for new pandoc in *stable
On Sun, 2023-10-01 at 19:57 +0300, Adrian Bunk wrote: > On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote: > > ... > > The Security Team decided not to issue a DSA for that CVE, but it's > > now fixed in > > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so > > it makes sense > > to fix it via (o)s-pu too. > > ... > > In all 3 distributions this made libghc-{gitit,hakyll}-{dev,prof} > uninstallable due to changed libghc-pandoc-{dev,prof}-* provides, > e.g.: > The following packages have unmet dependencies: >libghc-gitit-dev : Depends: libghc-pandoc-dev-2.17.1.1-35d44 > > For bullseye/bookworm this should be fixed with: > > wb nmu gitit . ANY . bookworm . -m 'Rebuild against new pandoc' > wb nmu haskell-hakyll . ANY . bookworm . -m 'Rebuild against new > pandoc' > > wb nmu gitit . ANY . bullseye . -m 'Rebuild against new pandoc' > wb nmu haskell-hakyll . ANY . bullseye . -m 'Rebuild against new > pandoc' > Both packages already have binNMUs, so need the binNMU number specifying. Both already have binNMUs in stable and unstable that have consecutive versions, so I've scheduled higher-versioned ones in unstable to make some room: wb nmu 10 gitit haskell-hakyll . ANY . unstable . -m "Rebuild to clear version space for rebuilds in stable; see #1042058" wb nmu 6 gitit haskell-hakyll . ANY . bookworm . -m "Rebuild against new pandoc; see #1042058" wb nmu 2 gitit haskell-hakyll . ANY . bullseye . -m "Rebuild against new pandoc; see #1042057" Regards, Adam
NEW changes in stable-new
Processing changes file: cups_2.4.2-3+deb12u2_source.changes ACCEPT Processing changes file: cups_2.4.2-3+deb12u3_source.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_sourceonly.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_all-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: libvpx_1.12.0-1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: python-git_3.1.30-1+deb12u2_source.changes ACCEPT
Bug#1042057: binNMUs needed for new pandoc in *stable
On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote: >... > The Security Team decided not to issue a DSA for that CVE, but it's now fixed > in > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so it makes > sense > to fix it via (o)s-pu too. >... In all 3 distributions this made libghc-{gitit,hakyll}-{dev,prof} uninstallable due to changed libghc-pandoc-{dev,prof}-* provides, e.g.: The following packages have unmet dependencies: libghc-gitit-dev : Depends: libghc-pandoc-dev-2.17.1.1-35d44 For bullseye/bookworm this should be fixed with: wb nmu gitit . ANY . bookworm . -m 'Rebuild against new pandoc' wb nmu haskell-hakyll . ANY . bookworm . -m 'Rebuild against new pandoc' wb nmu gitit . ANY . bullseye . -m 'Rebuild against new pandoc' wb nmu haskell-hakyll . ANY . bullseye . -m 'Rebuild against new pandoc' This might result in the Provides of libghc-{gitit,hakyll}-{dev,prof} changing, but these are leaf packages. cu Adrian
Processed: python-git 3.1.30-1+deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053221 = bookworm pending Bug #1053221 [release.debian.org] bookworm-pu: package python-git/3.1.30-1+deb12u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cups 2.4.2-3+deb12u3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052361 = bookworm pending Bug #1052361 [release.debian.org] bookworm-pu: cups/2.4.2-3+deb12u2 Ignoring request to alter tags of bug #1052361 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1052361: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052361 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cups 2.4.2-3+deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052361 = bookworm pending Bug #1052361 [release.debian.org] bookworm-pu: cups/2.4.2-3+deb12u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052361: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052361 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053221: python-git 3.1.30-1+deb12u2 flagged for acceptance
package release.debian.org tags 1053221 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: python-git Version: 3.1.30-1+deb12u2 Explanation: fix remote code execution issue [CVE-2023-40267], blind local file inclusion issue [CVE-2023-41040]
Bug#1052361: cups 2.4.2-3+deb12u2 flagged for acceptance
package release.debian.org tags 1052361 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cups Version: 2.4.2-3+deb12u2 Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix unauthenticated access issue [CVE-2023-32360]
Bug#1052361: cups 2.4.2-3+deb12u3 flagged for acceptance
package release.debian.org tags 1052361 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cups Version: 2.4.2-3+deb12u3 Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix unauthenticated access issue [CVE-2023-32360]
NEW changes in oldstable-new
Processing changes file: cups_2.3.3op2-3+deb11u5_mipsel-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_armel-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_arm64-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_armel-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_armhf-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_mips64el-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_mipsel-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.3.3op2-3+deb11u5_all-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_amd64-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_arm64-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_armel-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_armhf-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_i386-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_mips64el-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_ppc64el-buildd.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_s390x-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_all-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_amd64-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_arm64-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_armhf-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_i386-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_mips64el-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_ppc64el-buildd.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_s390x-buildd.changes ACCEPT Processing changes file: linux-signed-amd64_5.10.197+1_amd64-buildd.changes ACCEPT Processing changes file: linux-signed-arm64_5.10.197+1_arm64-buildd.changes ACCEPT Processing changes file: linux-signed-i386_5.10.197+1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_all-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_amd64-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_i386-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_ppc64el-buildd.changes ACCEPT Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_s390x-buildd.changes ACCEPT Processing changes file: linux-signed-amd64_6.1.55+1_amd64-buildd.changes ACCEPT Processing changes file: linux-signed-arm64_6.1.55+1_arm64-buildd.changes ACCEPT Processing changes file: linux-signed-i386_6.1.55+1_i386-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.3.3op2-3+deb11u4_source.changes ACCEPT Processing changes file: cups_2.3.3op2-3+deb11u5_source.changes ACCEPT Processing changes file: ghostscript_9.53.3~dfsg-7+deb11u6_sourceonly.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_sourceonly.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_i386-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: libvpx_1.9.0-1+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: linux-signed-amd64_5.10.197+1_source.changes ACCEPT Processing changes file: linux-signed-arm64_5.10.197+1_source.changes ACCEPT Processing changes file: linux-signed-i386_5.10.197+1_source.changes ACCEPT
NEW changes in stable-new
Processing changes file: ghostscript_10.0.0~dfsg-11+deb12u2_source.changes ACCEPT Processing changes file: linux-signed-amd64_6.1.55+1_source.changes ACCEPT Processing changes file: linux-signed-arm64_6.1.55+1_source.changes ACCEPT Processing changes file: linux-signed-i386_6.1.55+1_source.changes ACCEPT
Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1
Uploaded (source). Thank you! On Sun, Oct 1, 2023, at 05:53, Adam D. Barratt wrote: > Control: tags -1 confirmed -- Henrique de Moraes Holschuh
Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1
Uploaded (source + amd64 binaries). Thank you! -- Henrique de Moraes Holschuh
Processed: ghostscript 9.53.3~dfsg-7+deb11u6 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053240 = bullseye pending Bug #1053240 [release.debian.org] bullseye-pu: package ghostscript/9.53.3~dfsg-7+deb11u6 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053240: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053240 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cups 2.3.3op2-3+deb11u4 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052363 = bullseye pending Bug #1052363 [release.debian.org] bullseye-pu: cups/2.3.3op2-3+deb11u4 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: ghostscript 10.0.0~dfsg-11+deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1053239 = bookworm pending Bug #1053239 [release.debian.org] bookworm-pu: package ghostscript/10.0.0~dfsg-11+deb12u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1053239: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cups 2.3.3op2-3+deb11u5 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052363 = bullseye pending Bug #1052363 [release.debian.org] bullseye-pu: cups/2.3.3op2-3+deb11u4 Ignoring request to alter tags of bug #1052363 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1052363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053240: ghostscript 9.53.3~dfsg-7+deb11u6 flagged for acceptance
package release.debian.org tags 1053240 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: ghostscript Version: 9.53.3~dfsg-7+deb11u6 Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS server startup [CVE-2023-43115]
Bug#1053239: ghostscript 10.0.0~dfsg-11+deb12u2 flagged for acceptance
package release.debian.org tags 1053239 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ghostscript Version: 10.0.0~dfsg-11+deb12u2 Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS server startup [CVE-2023-43115]
Bug#1052363: cups 2.3.3op2-3+deb11u5 flagged for acceptance
package release.debian.org tags 1052363 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: cups Version: 2.3.3op2-3+deb11u5 Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix unauthenticated access issue [CVE-2023-32360]
Bug#1052363: cups 2.3.3op2-3+deb11u4 flagged for acceptance
package release.debian.org tags 1052363 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: cups Version: 2.3.3op2-3+deb11u4 Explanation: fix heap-based buffer overflow issue [CVE-2023-4504]; fix unauthenticated access issue [CVE-2023-32360]
Processed: block 1028475 with 1053307
Processing commands for cont...@bugs.debian.org: > block 1028475 with 1053307 Bug #1028475 [glib2.0] Backport recent GVariant security fixes to bullseye 1028475 was not blocked by any bugs. 1028475 was not blocking any bugs. Added blocking bug(s) of 1028475: 1053307 > thanks Stopping processing here. Please contact me if you need assistance. -- 1028475: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028475 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053307: bullseye-pu: package glib2.0/2.66.8-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye d-i User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: glib...@packages.debian.org, debian-gtk-gn...@lists.debian.org Control: affects -1 + src:glib2.0 I would like to update glib2.0 in Debian 11.9. We're too close to the 11.8 deadline for an update with this size of diffstat, so I'd like to upload it to bullseye-proposed-updates shortly after 11.8 is out, to give it the maximum amount of review and testing possible. glib2.0 has a udeb and is actively used in the graphical installer, so this will need a d-i ack, either before upload or before acceptance. [ Reason ] Fix denial of service vulnerabilities when parsing untrusted GVariant data, either in binary form (CVE-2023-32665, CVE-2023-32611, CVE-2023-29499, which were marked as no-dsa by the security team) or in text form (no CVEs for these, I don't think the GLib maintainers consider parsing GVariant text notation to be a valid thing to do with untrusted input). The vulnerabilities with CVEs were already fixed in Debian 10 LTS. The issues without CVEs were not fixed in Debian 10 LTS, but I think fixing them will give us a lower regression risk as well as more bug fixes. [ Impact ] If not fixed, anything that parses untrusted data in GVariant format will be subject to denial of service attacks, and the LTS team will presumably backport the same changes into Debian 11 LTS in a less complete form with (IMO) a higher risk of regressions. Flatpak and ostree parse trusted or at least semi-trusted data in GVariant format, so they will be subject to this denial of service, but it isn't urgent to fix (the integrity of GVariant data they process is protected by PGP signatures and/or https, and it rarely makes sense to access a completely untrusted ostree repository). I don't currently know of any software in Debian that parses totally untrusted GVariant data. [ Tests ] A test-build that differs only in its changelog and version number can be downloaded from: https://people.debian.org/~smcv/11.9/pool/main/g/glib2.0/ GLib's automated test suite passes (dh_auto_test and autopkgtest on both amd64 and i386), and new coverage for several of the issues fixed here accounts for around 30% of the diff. There were no obvious regressions in a Debian 11 GNOME VM. I'll try this on one of my work test machines before upload, but I no longer have any bullseye machines in production use, so I can only do this on a test installation that is not used day-to-day. Any further testing that bullseye users can provide would be appreciated. [ Risks ] The diffstat is considerable, but I have tried to minimize the risk by backporting *all* GVariant fixes from the version we ship in Debian 12, and verifying that the only remaining non-comment differences in `glib/gvariant*` between Debian 12 and this version are inclusion of some compatibility headers. This means that if there were regressions caused by these changes, we should already have seen them in Debian 12 (we haven't). Also, if regressions are discovered in this area in future, their fixes should backport cleanly from Debian 12. The initial versions of the denial-of-service fixes introduced a more serious vulnerability (a buffer overflow, CVE-2023-32643) and some bugs (a crash on big-endian architectures, and another denial of service detected by a fuzzer). I have made sure to backport the fixes for those too. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in oldstable [x] the issue is verified as fixed in unstable (and stable) [ Changes ] po/hr.po is (obviously) a translation update, from upstream. All other changes are for the denial of service vulnerabilities, or are small bug fixes in the same module which I have backported in order to minimize risk. All changes are straightforward cherry-picks from upstream via Debian 12's GLib 2.74.x, except for the translation update, which was applied to upstream's 2.66.x branch after its final point release, and "debian/patches/Exclude-g_variant_maybe_get_child_value-from-API-document.patch", which adjusts the content of a doc-comment to prevent a documentation check from causing FTFBS (no changes to the actual code). [ Other info ] For my reference, this proposed version is https://salsa.debian.org/gnome-team/glib/-/merge_requests/26 v1. Thanks, smcv glib2.0_2.66.8-1+deb11u1_f2310192.diff.gz Description: application/gzip
Processed: bullseye-pu: package glib2.0/2.66.8-1+deb11u1
Processing control commands: > affects -1 + src:glib2.0 Bug #1053307 [release.debian.org] bullseye-pu: package glib2.0/2.66.8-1+deb11u1 Added indication that 1053307 affects src:glib2.0 -- 1053307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Upcoming changes to Debian Linux kernel packages
On Mon, Sep 25, 2023 at 04:35:08AM +0200, Andreas Beckmann wrote: > On 25/09/2023 00.50, Bastian Blank wrote: > > Already built modules remain until someone deletes it. So you can also > > switch back to the still installed older kernel version and it will have > > the still working module available. > Assume I have Linux 6.6 and a third-party gpu driver module installed (so > there are dkms and the Linux 6.6 headers as well) and everything is working > fine. > Then I upgrade the system, which brings Linux 6.7 (along linux-image-6.6 > which is kept installed) and a new version of the gpu driver (which adds > support for 6.7). So the old gpu module for 6.6 gets removed and a new one > is built for 6.7 only (since there are only 6.7 headers now). Ah, here lays the missconception. No, the 6.6 ones are not removed. Why should they be? The system knows it can't rebuild them. If the current implementation would remove them, it is a problem there, not in the concept. Bastian -- Superior ability breeds superior ambition. -- Spock, "Space Seed", stardate 3141.9
Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1
Control: tags -1 confirmed On Sat, 2023-09-30 at 20:21 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > microcode > update level for AMD64 processors in Bullseye and Bookworm to match > what > we have in Sid and Trixie. This is the bug report for Bullseye, a > separate one will be filled for Bookmorm. > > This fixes: > CVE-2023-20569 "AMD Inception" on AMD Zen4 processors > The upload window for the next point release closes at some point today (UTC). If the upload happens in time then we can look at getting it included for this cycle, but at this stage it's certainly too close to promise anything. Regards, Adam
Processed: Re: Bug#1053290: bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1
Processing control commands: > tags -1 confirmed Bug #1053290 [release.debian.org] bullseye-pu: package amd64-microcode/3.20230808.1.1~deb11u1 Added tag(s) confirmed. -- 1053290: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053290 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1
Processing control commands: > tags -1 confirmed Bug #1053292 [release.debian.org] bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1 Added tag(s) confirmed. -- 1053292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053292 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1053292: bookworm-pu: package amd64-microcode/3.20230808.1.1~deb12u1
Control: tags -1 confirmed On Sat, 2023-09-30 at 21:17 -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the > microcode update level for AMD64 processors in Bullseye and Bookworm > to match what we have in Sid and Trixie. This is the bug report for > Bookworm, a separate one will be filled for Bullseye. > > This fixes: > CVE-2023-20569 "AMD Inception" on AMD Zen4 processors > The upload window for the next point release closes at some point today (UTC). If the upload happens in time then we can look at getting it included for this cycle, but at this stage it's certainly too close to promise anything. Regards, Adam