External check
CVE-2020-7768: TODO: check CVE-2020-8569: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
DD Ping: Review of Tomb for CVE-2020-28638
Hi Samuel + Team, I prepared fixed versions of tomb for unstable [1], 2.7+dfsg2-2, and buster-backports [2], 2.7+dfsg2-2~bpo10+1. Please review these. I added myself as uploader, so feel free to provide upload permissions to me. Regarding buster I assume I should provide a 2.5+dfsg1-3 on a debian/buster branch in the repository. I would only add the security fix, nothing else. Is this the way to go? Sven [1] https://salsa.debian.org/pkg-security-team/tomb/-/tree/debian/master [2] https://salsa.debian.org/pkg-security-team/tomb/-/tree/debian/buster-backports signature.asc Description: This is a digitally signed message part
Bug reporting is contributing Was: fun with mailinglists Was: Is chromium updated?
Hi! On 13.11.20 16:09, Georgi Guninski wrote: > On Fri, Nov 13, 2020 at 12:27 PM John Runyon wrote: >> >> Imagine calling yourself a “Debian contributor” because you... reported a >> few bugs? Guess I’m a Debian contributor too. >> > I was wrong about being _contributor_, sorry (misunderstood > the definition). Reporting bugs and posting on lists is a valuable contribution to Debian! https://contributors.debian.org can know about that (although some data sources might be outdated). If you report bugs and write on lists, you would also need an account on salsa.debian.org to be able to log into the contributor site where you can then associate your emails in order to show up in the contributor list. That said, I think it would be better to discuss this on the debian-project list, I adjusted the Reply-To header of this email accordingly. Please keep contributing by reporting bugs :) Ulrike
Re: Request to review and upload libvhdi_20201018-1
Hello team, We talked to libvhdi upstream, in short, soname bump won't happen yet and he says "Checking with git whatchanged -p include/libvhdi.h.in I don't see any mayor API (and therefore ABI) changes in the last ~4 years; a couple of functions added and a couple of non-functional write functions were removed.". I have locally rebuilt the reversed dependencies (pytsk and sleuthkit) on amd64, and everything was built correctly, both in testing and in unstable. Below the output of the reversed dependencies: $reverse-depends src:libvhdi Reverse-Depends * libtsk19 (for libvhdi1) * python3-dfvfs (for python3-libvhdi) * python3-plaso (for python3-libvhdi) * python3-tsk (for libvhdi1) * sleuthkit (for libvhdi1) $reverse-depends -b src:libvhdi Reverse-Build-Depends * dfvfs (for python3-libvhdi) * plaso (for python3-libvhdi) * pytsk (for libvhdi-dev) * sleuthkit (for libvhdi-dev) Samuel, would you like me to request a transition slot for libvhdi? Best regards, -- Francisco Vilmar Cardoso Ruviaro 4096R: 1B8C F656 EF3B 8447 2F48 F0E7 82FB F706 0B2F 7D00