Control: tags -1 + fixed-upstream
Dear maintainer,
On Tue, Dec 12, 2023 at 08:58:48AM +0100, Lucas Nussbaum wrote:
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
>
>
>
> > File "/<>/tests/__init__.py", line 4, in
> > import imp
> >
signald is needed for mautrix-signal, the Matrix to Signal bridge, which I
intend to package.
mautrix-signal was recently rewritten in Go and does not make use of
signald anymore [1], instead it links against libsignal [2].
[1]: https://github.com/mautrix/signal/issues/372
[2]:
Source: rust-cargo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-cargo.
CVE-2023-40030[0]:
| Cargo downloads a Rust project’s dependencies and compiles the
| project. Starting in Rust 1.60.0 and prior to 1.72,
Source: cargo
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cargo.
CVE-2023-40030[0]:
| Cargo downloads a Rust project’s dependencies and compiles the
| project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did
Source: mathjax
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for mathjax.
CVE-2023-39663[0]:
| Mathjax up to v2.7.9 was discovered to contain two Regular
| expression Denial of Service (ReDoS) vulnerabilities in
Source: asterisk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for asterisk.
CVE-2023-37457[0]:
| Asterisk is an open source private branch exchange and telephony
| toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2023-37369[0]:
| In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x
| before 6.5.2, there can be an application crash in
Source: ckeditor3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ckeditor3.
CVE-2023-28439[0]:
| CKEditor4 is an open source what-you-see-is-what-you-get HTML
| editor. A cross-site scripting vulnerability has been
Source: python3.11
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python3.11.
CVE-2023-27043[0]:
| The email module of Python through 3.11.3 incorrectly parses e-mail
| addresses that contain a special character. The
Source: ruby-sidekiq
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sidekiq.
CVE-2023-26141[0]:
| Versions of the package sidekiq before 7.1.3 are vulnerable to
| Denial of Service (DoS) due to insufficient checks in
Source: python3.12
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python3.12.
CVE-2023-27043[0]:
| The email module of Python through 3.11.3 incorrectly parses e-mail
| addresses that contain a special character. The
Source: salt
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for Tornado, which is
embedded by Salt:
CVE-2023-28370[0]:
| Open redirect vulnerability in Tornado versions 6.3.1 and earlier
| allows a remote unauthenticated
Control: retitle -1 virtio-vga redraw is broken
Control: tag -1 - moreinfo + confirmed upstream
Control: forwarded -1 https://gitlab.com/qemu-project/qemu/-/issues/2051
Thank you both for the info. This is an issue I happen to hit earlier today as
well,
and already managed to bisect. Will
Source: hamster-time-tracker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for hamster-time-tracker.
CVE-2023-36250[0]:
| CSV Injection vulnerability in GNOME time tracker version 3.0.2,
| allows local attackers to
Package: wnpp
Severity: wishlist
* Package name: gfxstream
Version : v0.1.2
Upstream Author : Google
* URL or Web page :
https://android.googlesource.com/platform/hardware/google/gfxstream
* License : Apache2
Description : wrapper for graphics streams across VirtIO
Source: trilead-ssh2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability should also affect Trilead SSH:
https://terrapin-attack.com/
CVE-2023-48795[0]:
| The SSH transport protocol with certain OpenSSH extensions, found in
| OpenSSH before
Source: lrzip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lrzip.
CVE-2023-39741[0]:
| lrzip v0.651 was discovered to contain a heap overflow via the
| libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.
to reproduce the problem:
qemu-system-x86_64 -machine q35,accel=kvm -cpu max -bios
/usr/share/OVMF/OVMF_CODE.fd -audiodev id=alsa,drive
r=alsa -device AC97,audiodev=alsa -m 8G -display gtk -full-screen -smp
16 -usb -device usb-tablet -drive file
=redos,format=raw *-vga **virtio
*
adapters
Source: m2crypto
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for m2crypto.
CVE-2023-50781[0]:
Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for
CVE-2020-25657
Le Fri, Dec 22, 2023 at 01:21:56PM +0100, David Prévot a écrit :
[…]
> [x] attach debdiff against the package in oldstable
For real now (the usual running gag of the missing attachement)… Merry
Christmas.
Cheers.
taffit
diff -Nru spip-3.2.11/debian/changelog spip-3.2.11/debian/changelog
---
Any update on the same?
On Tue, Jun 27, 2023 at 6:24 PM Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 1039584:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039584.
>
> This is
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:spip
Hi,
This issue is similar to #1059289 for oldstable.
Another upstream release
Source: proftpd-mod-proxy
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
per https://github.com/Castaglia/proftpd-mod_proxy/issues/257 it
appears proftpd-mod-proxy is also affected by the Terrapin attack,
(the specific impact isn't mentioned, but seems still useful
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:spip
Another upstream release fixed a security (XSS) issue. The last two
updates of this
Hi Martin,
On Fri, Dec 22, 2023 at 12:09:35PM +0100, Martin Pitt wrote:
> Hello Salvatore,
>
> Salvatore Bonaccorso [2023-12-19 22:34 +0100]:
> > The following vulnerability was published for libssh.
> >
> > CVE-2023-6004[0]:
> > | ProxyCommand/ProxyJump features allow injection of malicious
Source: shiro
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for shiro.
CVE-2023-46750[0]:
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability
| when "form" authentication is used in Apache Shiro.
forwarded 1059277 https://github.com/openbabel/openbabel/issues/2650
thanks
Hi,
On Fri, Dec 22, 2023 at 01:06:17PM +0100, Moritz Mühlenhoff wrote:
> Source: openbabel
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were
Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for cjson.
They appear to be rather bogus and not cross any security boundaries,
please doublecheck:
CVE-2023-50471[0]:
| cJSON v1.7.16 was discovered to
Control: tags -1 minor
On Fri, 22 Dec 2023 13:09:50 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
wrote:
> Source: systemd
> X-Debbugs-CC: t...@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for systemd.
>
> CVE-2023-7008[0]:
>
Am 22.12.23 um 12:24 schrieb Michael Tokarev:
22.12.2023 14:23, Michael Tokarev:
Please specify which vga device both of you are using, -
is it virtio-vga or something else?
And also please try with other kind of vga, like -vga std or -vga bochs
or -vga qxl.
Thanks,
/mjt
Hi Michael,
Source: cacti
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cacti.
CVE-2023-46490[0]:
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote
| attacker to obtain sensitive information via the form_actions()
|
Hi Guys,
Any update on this?
On Thu, Dec 15, 2022 at 12:03 AM Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 1026100:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026100.
>
>
Source: jbig2enc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jbig2enc.
CVE-2023-46363[0]:
| jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page
| in src/jbig2enc.cc:512.
Source: jbig2enc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jbig2enc.
CVE-2018-11230[0]:
| jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29
| allows remote attackers to cause a denial of service
Source: mate-settings-daemon
Version: 1.26.0-2
Severity: normal
Tags: patch
User: helm...@debian.org
Usertags: dep17m2
Dear Maintainer,
your package installs files related to udev, into /lib. These
files need to be moved to /usr/lib as part of Debian's usr-merge
effort [1].
Attached you will
Source: jbig2enc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jbig2enc.
CVE-2023-46362[0]:
| jbig2enc v0.28 was discovered to contain a heap-use-after-free via
| jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.
Source: grpc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grpc.
CVE-2023-4785[0]:
| Lack of error handling in the TCP server in Google's gRPC starting
| version 1.23 on posix-compatible platforms (ex. Linux) allows
Source: grpc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grpc.
CVE-2023-32732[0]:
| gRPC contains a vulnerability whereby a client can cause a
| termination of connection between a HTTP2 proxy and a gRPC server: a
|
Source: grpc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for grpc.
CVE-2023-33953[0]:
| gRPC contains a vulnerability that allows hpack table accounting
| errors could lead to unwanted disconnects between clients and
|
Source: systemd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for systemd.
CVE-2023-7008[0]:
Unsigned name response in signed zone is not refused when DNSSEC=yes
https://bugzilla.redhat.com/show_bug.cgi?id=672
On 23-12-21 21:52:08, Jonathan Wiltshire wrote:
> Please go ahead.
Thanks, uploaded.
Source: openbabel
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for openbabel.
It's unclear if these were ever properly reported upstream/fixed,
could you please sync up with the upstream developers?
Source: python-demgengeo
Version: 1.4-4.1
Severity: wishlist
Tags: ftbfs
User: debian-loonga...@lists.debian.org
Usertags: loong64
Dear maintainers,
Compiling the python-demgengeo failed for loong64 in the Debian Package
Auto-Building environment.
The error messages are as follows,
```
Source: libde265
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libde265.
CVE-2023-49465[0]:
| Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow
| vulnerability in the
Package: wnpp
Severity: wishlist
Owner: "P. J. McDermott"
X-Debbugs-Cc: debian-devel-ga...@lists.debian.org, p...@pehjota.net
* Package name: 7kaa-music
Version : 2.15
Upstream Author : Bjorn Lynne, Enlight Software Ltd.,
Jesse Allen
* URL :
Hi Nilesh,
On Thu, Dec 21, 2023 at 11:10:27PM +0530, Nilesh Patra wrote:
> On Wed, Dec 20, 2023 at 08:35:38AM +0100, Nicolas Schier wrote:
> > Hi,
> >
> > I've packaged golang-github-google-gnostic-models, and I need a sponsor
> > to get it uploaded. The package is a requirement for
> >
Hi Michael,
thank you for you fast feedback.
polkitd is currently not installed, so this the the output of the
suggested command.
SELinux enabled state cached to: disabled
Failed to open 'polkitd.conf', ignoring: No such file or directory
Unfortunately in my tentative to bypass the issue I've
Control: tags -1 + patch
Please find attached a patch; build-tested only.
Description: Port to PCRE2.
Bug-Debian: https://bugs.debian.org/19
Bug: https://github.com/ZoneMinder/zoneminder/issues/3384
Author: Yavor Doganov
Forwarded: no
Last-Update: 2023-12-22
---
---
Thanks, Helmut.
This actually needs adjustment in the upstream Cargo.toml file.
The package is listed as a dependency when it should actually be listed
as a dev-dependency.
I proposed a patch upstream in https://github.com/mdevctl/mdevctl/pull/107 and
filed a salsa MR to fix this package in
Package: ntpsec
Version: 1.2.2+dfsg1-1+deb12u1
Severity: normal
Apparmor denies creation of /var/lib/ntp/drift-tmp.
(2023-12-22T10:46:28.551247+01:00 srv42 kernel: [1569581.071493] audit:
type=1400 audit(1703238388.546:160): apparmor="DENIED" operation="mknod"
class="file"
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: ta...@packages.debian.org, thomas.br...@byte-physics.de
Control: affects -1 + src:tango
Dear Release Team,
I would like to upload tango 9.5.0 to unstable. There has been a
On 22 déc. 2023 12:16, Guillem Jover wrote:
[...]
> (Also wondering whether dpkg-source can verify the source for that,
> as it is using the same logic as the rewritten hook is using now?)
Update. Doesn't work.
,
| $ dpkg-source -x
Control: tags -1 + patch
Hi Andreas,
Le mercredi 29 novembre 2023 à 10:06 +0100, Andreas Tille a écrit :
> Control: tags -1 help
>
> Am Fri, Jul 14, 2023 at 01:40:22AM +0200 schrieb Sébastien Villemot:
> > Le lundi 10 juillet 2023 à 22:01 +0200, Andreas Tille a écrit :
> > > I've checked my
On 22 déc. 2023 12:16, Guillem Jover wrote:
[...]
>> ,
>> | $ debrelease
>> | dupload note: no announcement will be sent.
>> | Checking OpenPGP signatures before upload...gpgv: Signature made
>> | Fri Dec 22 10:50:05 2023 CET
>> | gpgv:using RSA key
Hello,
thanks to all of you Francois, Daniel and Michael for uploading my
changes to experimental.
Whilst I already tested the patches individually earlier, this gave me
the opportunity to test them in cooperation. In particular, the
versioned Conflicts issued by systemd-sysv now work as
22.12.2023 14:23, Michael Tokarev:
Please specify which vga device both of you are using, -
is it virtio-vga or something else?
And also please try with other kind of vga, like -vga std or -vga bochs
or -vga qxl.
Thanks,
/mjt
Control: tag -1 + moreinfo
21.12.2023 13:36, Rainer Schwarzbach :
Package: qemu-system-x86
Version: 1:8.2.0+ds-1
Severity: important
X-Debbugs-Cc: rz49...@gmx.net
Dear Maintainer,
after the latest QEMU packages update, I noticed strange redraw issues in VM
guests’ X windows.
Please specify
Hi!
On Fri, 2023-12-22 at 10:53:18 +0100, Christian Marillat wrote:
> Package: dupload
> Version: 2.10.4
> Severity: grave
> This version fail to check a signature. Work fine with 2.10.3
>
> ,
> | $ debrelease
> | dupload note: no announcement will be sent.
> | Checking OpenPGP signatures
Hello Salvatore,
Salvatore Bonaccorso [2023-12-19 22:34 +0100]:
> The following vulnerability was published for libssh.
>
> CVE-2023-6004[0]:
> | ProxyCommand/ProxyJump features allow injection of malicious code
> | through hostname
I uploaded the new upstream security fix release 0.10.6 to
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: an...@packages.debian.org, Debian Math Team
, jpu...@debian.org
Control: affects -1 + src:antic
Upstream merged src:antic into src:flint, and we already have src:flint, so we
don't
Control: severity -1 important
On 21.12.2023 00:18, Debian Bug Tracking System wrote:
Hi,
If you wish to submit further information on this problem, please
send it to 1059...@bugs.debian.org.
Bumping to important to fix the security issue CVE-2023-48795 in trixie
too. Currently the proftp
Source: burp
Followup-For: Bug #1057880
X-Debbugs-Cc: kapo...@melix.org
Thank you, Jérémy.
Package: e2fsprogs
Version: 1.47.0-2
Severity: important
Dear Maintainer,
we run a system with the /home folder living in a remote nfs server.
After upgrading to Debian 12, we noticed boot failures that were
apparently caused by the e2scrub_reap.service as this service triggers
an automount
hi!
Could I ping here to remind the issue? :)
BR,
Bo
On Sun, Oct 8, 2023 at 11:17 PM Bo YU wrote:
>
> Source: snapd-glib
> Version: 1.63-5
> Followup-For: Bug #1052429
> Tags: patch
>
> Dear Maintainer,
>
> I have updated the libsnapd-qt-2-1.symbols and I can confirm the patch
> to fix the
Quoting Peter Michael Green (2023-12-22 07:42:03)
> On 19/12/2023 20:01, Jonas Smedegaard wrote:
> > Quoting Peter Green (2023-12-19 20:46:56)
> >> I prepared a fix for the autopkgtest issues. While I was at
> >> it I also bumped the clap dev-dependency and the associated
> >> build and test
Package: roc-toolkit
Version: 0.3.0+dfsg-5
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
The package currently has no autopkgtest, the attached patch creates a
new -tests binary package and use it as autopkgtest.
Testlog from an Ubuntu ppa upload
Source: rust-coreutils
Version: 0.0.23-2
Severity: wishlist
Tags: patch ftbfs
User: debian-loonga...@lists.debian.org
Usertags: loong64
Dear maintainers,
Compiling the rust-coreutils failed for loong64 in the my local loong64
environment.
The error messages are as follows,
```
..
Package: wnpp
Severity: wishlist
Owner: si...@josefsson.org
X-Debbugs-CC: debian-de...@lists.debian.org
* Package name: apt-verify
Version : 2.0
Upstream Contact: Simon Josefsson
* URL : https://gitlab.com/debdistutils/apt-verify
* License : AGPLv3+
Package: dupload
Version: 2.10.4
Severity: grave
Dear Maintainer,
This version fail to check a signature. Work fine with 2.10.3
,
| $ debrelease
| dupload note: no announcement will be sent.
| Checking OpenPGP signatures before upload...gpgv: Signature made Fri Dec 22
10:50:05 2023 CET
|
On Fri, 2023-12-22 08:42:46 +0100, Salvatore Bonaccorso wrote:
> Hi Anibal,
>
> On Fri, Dec 22, 2023 at 06:21:04AM +, Debian Bug Tracking System wrote:
> > cpio (2.14+dfsg-1) unstable; urgency=medium
> > .
> >* New upstream release
> > Closes: #1049402
> > Noteworthy changes
Source: w3m
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for w3m.
CVE-2023-4255[0]:
| An out-of-bounds write issue has been discovered in the backspace
| handling of the checkType() function in etc.c within the W3M
|
On Fri, Dec 22, 2023 at 10:28:42AM +0100, Samuel Thibault wrote:
> Control: severity -1 wishlist
>
> Hello,
>
> Moritz Mühlenhoff, le ven. 22 déc. 2023 10:03:28 +0100, a ecrit:
> > CVE-2023-49287[0]:
> > | TinyDir is a lightweight C directory and file reader. Buffer
> > | overflows in the
Quoting Ilias Tsitsimpis (2023-12-22 09:36:47)
> On Fri, Dec 22, 2023 at 12:58AM, Jonas Smedegaard wrote:
> > I've prepared an NMU for haskell-pandoc (versioned as 3.0.1-3.1) and
> > uploaded it to DELAYED/3. Please feel free to tell me if I
> > should delay it longer.
>
> Thank you for the
Control: severity -1 wishlist
Hello,
Moritz Mühlenhoff, le ven. 22 déc. 2023 10:03:28 +0100, a ecrit:
> CVE-2023-49287[0]:
> | TinyDir is a lightweight C directory and file reader. Buffer
> | overflows in the `tinydir_file_open()` function. This vulnerability
> | has been patched in version
Package: qbs
Version: 1.24.1+dfsg-2
Severity: important
Tags: ftbfs patch
User: debian-ri...@lists.debian.org
Usertags: riscv64
X-Debbugs-Cc: debian-ri...@lists.debian.org
Dear Maintainer,
qbs has ftbfs on riscv64 since 2.1.1-2(2023/08) on sid. The problem is
due to timeout on buildd machines
Dear Maintainer,
using mobian-installer-pinephone-phosh-20231126.img on my OG PP, the
welcome screen reports a Bookworm system being installed (please find
photo attached), while the image installs a Trixie/sid system (as
intended).
Thanks for the reminder on this one. I'll make sure
Source: trilinos
Version: 13.2.0-5
Severity: normal
X-Debbugs-Cc: zhan...@loongson.cn
Dear Maintainer,
Please add loong64 support in debian/control, thanks!
-- System Information:
Debian Release: trixie/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'unstable')
Package: emptty
Version: 0.10.0+git20230608.f02bbdb-1+b4
Severity: normal
X-Debbugs-Cc: tkp...@gmail.com
Dear Maintainer,
As configured in the package, automatic login (AUTOLOGIN=true) fails
with "Authentication failure".
The following fixes the problem:
1. Using the PAM configuration
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for clickhouse.
CVE-2023-48298[0]:
| ClickHouse® is an open-source column-oriented database management
| system that allows generating analytical data
Package: python3.10
Version: 3.10.13
Severity: w
Tags: patch
User: debian-de...@lists.debian.org
Usertags: loongarch64
Dear python3.10 maintainers,
According to your suggestion, we have added patch for python3.10 package.
You can also refer to the released Gnulib project([1]).
If you have
Source: lwip
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for lwip.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
|
Package: x2gothinclient
Version: N/A
Severity: wishlist
Tags: l10n, patch
Dear Maintainer,
Please find attached the Romanian translation of the «x2gothinclient»
file.
A draft has been posted to the debian-l10n-romanian mailing list
allowing for
review.
Please add it to your next package
Source: gemmi
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for gemmi.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()` function. This vulnerability
|
Source: falcosecurity-libs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for falcosecurity-libs.
CVE-2023-49287[0]:
| TinyDir is a lightweight C directory and file reader. Buffer
| overflows in the `tinydir_file_open()`
Package: calamares-settings-mobian
X-Debbugs-Cc: marco.matti...@hotmail.it
Version: 0.3.4
Severity: minor
Dear Maintainer,
using mobian-installer-pinephone-phosh-20231126.img on my OG PP, the
welcome screen reports a Bookworm system being installed (please find
photo attached), while the
Source: cacti
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for cacti.
CVE-2023-49084[0]:
| Cacti is a robust performance and fault management framework and a
| frontend to RRDTool - a Time Series Database (TSDB). While
Hi Jonas,
On Fri, Dec 22, 2023 at 12:58AM, Jonas Smedegaard wrote:
> I've prepared an NMU for haskell-pandoc (versioned as 3.0.1-3.1) and
> uploaded it to DELAYED/3. Please feel free to tell me if I
> should delay it longer.
Thank you for the patch. I will merge it in our git repo so we don't
Package: speexdsp
Version: 1.2.1-1
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
I'm working on getting speexdsp promoted for Ubuntu (Depends of
roc-toolkit which is a new depends of pipewire), one of the requirements
is to have tests. Upstream
Control: retitle -1 loguru's autopkg tests fail with Python 3.12
Dear Maintainer,
autopkg tests still fail due a missing dependency on python3-freezegun in
debian/tests/control [1]
24s autopkgtest [05:10:53]: test run-unit-test: [---
25s Testing with python3.11 in
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "librepfunc":
* Package name : librepfunc
Version : 1.8.1-1
Upstream contact : [fill in name and email of upstream]
* URL :
101 - 190 of 190 matches
Mail list logo