Bug#940964: ITP: honggfuzz -- security oriented fuzzer with powerful analysis options

Package: wnpp Severity: wishlist Owner: Alessandro Ghedini * Package name: honggfuzz Version : 1.9 Upstream Author : Robert Swiecki * URL : https://github.com/google/honggfuzz * License : Apache 2.0 Programming Lang: C Description : security oriented

Bug#931990: ITS: kcov

Package: kcov Severity: important Hello, The kcov package appears to not be maintained anymore (several RC bugs, very old upstream version, ...) so I intend to take over its maintainance as per the package salvaging procedure outlined in the Developer's Reference [0]. Please let me know if you

Bug#926352: curl.1: Some lines begin with a ', causing them to not appear in the output

Control: forwarded -1 https://github.com/curl/curl/pull/4111 Control: tags -1 pending On Wed, Apr 03, 2019 at 09:48:15PM +, Bjarni Ingi Gislason wrote: > Package: curl > Version: 7.64.0-2 > Severity: normal > Tags: patch > > Dear Maintainer, > >* What led up to the situation? > >

Bug#927471: curl: Regression that fails to exhaust socket data

On Sat, Apr 20, 2019 at 01:39:36PM +0200, Guillem Jover wrote: > Source: curl > Source-Version: 7.64.0-2 > Severity: serious > Control: affects -1 rtorrent > > Hi! Hello, > I've started noticing rtorrent busy-looping at some points after > finishing a torrent. stracing and gdb'ing the process

Bug#926132: unblock: curl/7.64.0-2

:05.0 + +++ curl-7.64.0/debian/changelog 2019-03-07 20:02:35.0 + @@ -1,3 +1,9 @@ +curl (7.64.0-2) unstable; urgency=medium + + * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554) + + -- Alessandro Ghedini Thu, 07 Mar 2019 20:02:35 + + curl

Bug#921452: curl: zsh completion for curl -E is borken

forwarded -1 https://github.com/curl/curl/pull/3528 kthxbye On Tue, Feb 05, 2019 at 01:58:50PM -0400, David Bremner wrote: > Package: curl > Version: 7.63.0-1 > Severity: normal > > Seen on #zsh / arch, verified also present in Debian; presumably an upstream > bug. > > ╭─ rocinante:~ > ╰─%

Bug#864440: xclip: Please package new upstream version 0.13

On Sun, Dec 09, 2018 at 04:28:00PM -0500, Boyuan Yang wrote: > X-Debbugs-CC: gh...@debian.org > > Hi Alessandro, Hello, > On Thu, 08 Jun 2017 18:38:55 +0200 "W. Martin Borgert" < > deba...@debian.org> wrote: > > Package: xclip > > Version: 0.12+svn84-4 > > Severity: wishlist > > > > Upstream

Bug#914927: curl: Please recompile with new libssl-dev headers (1.1.1+).

On Wed, Nov 28, 2018 at 07:19:25PM +, Witold Baryluk wrote: > Package: curl > Version: 1.1.1a-1 > Severity: important > > > Hi, > > I discovered that during test with curl, that curl in Debian doesn't support > TLSv1.3. It works for me: % curl --tlsv1.3 -vso /dev/null

Bug#820775: libcurl3: Compile libcurl3 with c-ares support

On Thu, Nov 01, 2018 at 08:01:24PM +, Luca Boccassi wrote: > Control: tags -1 patch > > On Tue, 12 Apr 2016 17:11:45 +1200 Jeremy Kuek com> wrote: > > Package: libcurl3 > > Version: 7.38.0-4+deb8u3 > > Severity: wishlist > >  > > Dear Maintainer, > >  > > My system has 2 network interfaces,

Bug#909274: jansson: Please consider building jansson with -fPIC

On Thu, Sep 20, 2018 at 09:09:39PM +0200, Jean Baptiste Favre wrote: > Source: jansson > Severity: wishlist > > Dear Maintainer, > > Next release of trafficserver provides a plugin depending on jansson. > Currently, jansson seems to be built staticaly: > > checking jansson.h usability... yes >

Bug#907830: O: hsetroot -- tool for composing root-pixmaps for X11

Package: wnpp Severity: normal I intend to orphan the hsetroot package since I don't use thi myself anymore. You can find the sources on salsa: https://salsa.debian.org/debian/hsetroot The package description is: hsetroot is a tool which allows you to compose wallpapers ("root pixmaps") for

Bug#903389: valgrind can't read debug info from binaries built with -z separate-code

On Wed, Jul 18, 2018 at 05:47:58PM +0200, Ansgar Burchardt wrote: > Hi, > > I can confirm that the patch referenced at [1] seems to fix the problem > (upstream commit 64aa729bfae71561505a40c12755bd6b55bb3061). > > I'll try to prepare a NMU for valgrind; maybe already this evening if I > have

Bug#902644: upower: Upower breaks power saving settings after upgrade to 0.99.8-1

On Thu, Jun 28, 2018 at 09:55:01PM -0300, Adilson dos Santos Dantas wrote: > Package: upower > Version: 0.99.8-1 > Severity: important > > Dear Maintainer, > > After upgrading upower to 0.99.8-1, my KDE power saving settings stops > working. > There is no reaction when I unplug and plug back my

Bug#891872: transition: curl

On Mon, May 28, 2018 at 01:09:14PM +0200, Emilio Pozuelo Monfort wrote: > Control: tags -1 - confirmed > > On 23/05/18 13:07, Emilio Pozuelo Monfort wrote: > > On 23/04/18 20:38, Emilio Pozuelo Monfort wrote: > >> On 01/03/18 22:31, Alessandro Ghedini wrote: > >

Bug#891872: transition: curl

On Thu, Mar 01, 2018 at 09:31:20PM +, Alessandro Ghedini wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hello, > > I'd like to request a transition for curl in order to unblock the mi

Bug#858398: Proposed (lib)curl switch to openssl 1.1

On Sat, Feb 24, 2018 at 12:50:41PM +, Alessandro Ghedini wrote: > On Wed, Feb 21, 2018 at 11:14:24AM -0800, Steve Langasek wrote: > > Hi again, > > > > On Tue, Feb 20, 2018 at 06:16:34PM -0800, Steve Langasek wrote: > > > So, despite Julien's valid objection tha

Bug#891872: transition: curl

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, I'd like to request a transition for curl in order to unblock the migration to OpenSSL 1.1 (#871056). This is necessary due to the fact that the curl ABI exposes a structure

Bug#797359: Reassign

Control: owner -1 ! Since there hasn't been an update in over a year, I'm going to reassign this ticket to myself. I already uploaded the initial version to NEW. For those interested, here is the salsa repo: https://salsa.debian.org/debian/universal-ctags Btw, I'm open to co-maintaining this

Bug#858398: Proposed (lib)curl switch to openssl 1.1

On Wed, Feb 21, 2018 at 11:14:24AM -0800, Steve Langasek wrote: > Hi again, > > On Tue, Feb 20, 2018 at 06:16:34PM -0800, Steve Langasek wrote: > > So, despite Julien's valid objection that core library conflicts cause > > dist-upgrades to be more brittle, I think the right answer here is: > > >

Bug#890196: O: xcompmgr -- X composition manager

Package: wnpp Severity: normal I intend to orphan the xcompmgr package since I do not use it anymore. The package description is: xcompmgr is the standard composition manager for the X Composite extension, which allows clients to modify what is drawn to the screen before it happens. This

Bug#858398: curl: Please migrate to openssl1.1 in Buster

On Sun, Dec 17, 2017 at 11:16:29PM +0200, Adrian Bunk wrote: > On Fri, Dec 08, 2017 at 05:44:55PM +0100, Ondřej Surý wrote: > > Hi, > > > > just innocent bystander here with an observation: > > > > These two options: > > > > a) > > > I do agree it's the correct solution though, and it would be

Bug#858398: Proposed (lib)curl switch to openssl 1.1

On Sat, Dec 02, 2017 at 06:09:39PM +0100, Julien Cristau wrote: > On Thu, Nov 23, 2017 at 15:49:26 +, Ian Jackson wrote: > > Reasons I am aware that it *might* be a bad idea are: > > > > 1. libcurl exposes parts of the openssl ABI, via > >CURLOPT_SSL_CTX_FUNCTION, and this would be an

Bug#858398: Proposed (lib)curl switch to openssl 1.1

On Thu, Nov 23, 2017 at 07:10:51PM +, Ian Jackson wrote: > Adrian Bunk writes ("Re: Proposed (lib)curl switch to openssl 1.1"): > > What I suggest above would be a transition that should be coordinated > > with the release team like other transitions. > > I'm not 100% opposed to doing this as

Bug#876256: RFA: imlib2 -- image loading, rendering, saving library

Package: wnpp Severity: normal I don't quite have the time or interest to continue maintaining this, so I request an adopter for the imlib2 package. The package description is: Imlib2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon

Bug#876254: ITP: pulsemixer -- command-line mixer for PulseAudio with a curses interface

Package: wnpp Severity: wishlist Owner: Alessandro Ghedini <gh...@debian.org> * Package name: pulsemixer Version : 1.3.0 Upstream Author : George Filipkin <botebote...@gmail.com> * URL : https://github.com/GeorgeFilipkin/pulsemixer * License : MIT

Bug#874784: curl: undeclared build depencdency on dh-exec

On Sat, Sep 09, 2017 at 04:11:59PM +0100, Wookey wrote: > Package: curl > Version: 7.52.1-5 > Severity: normal > Tags: patch > > curl needs dh-exec to build, because curl.install is > #!/usr/bin/dh-exec > usr/bin/curl > usr/share/zsh/* Don't know where this comes from, but that's not the

Bug#872502: curl FTBFS for hppa: error: unknown type name 'curl_off_t'

On Sun, Aug 20, 2017 at 11:01:28AM -0400, John David Anglin wrote: > Package: curl > Version: 7.52.1-5 > Followup-For: Bug #872502 > > Dear Maintainer, > > See buildd log here: > https://buildd.debian.org/status/fetch.php?pkg=curl=hppa=7.55.0-1=1503192493=0 > > "|| defined(__hppa__)" needs to

Bug#856641: curl: X.509 certificates using md5RSA signatures should be rejected

On Sun, Mar 12, 2017 at 02:11:48PM +, Alessandro Ghedini wrote: > On Fri, Mar 03, 2017 at 09:41:03AM +0100, lcf wrote: > > Package: curl > > Version: 7.52.1-3 > > Severity: important > > > > Dear Maintainer, > > > > When establishing https conn

Bug#856641: curl: X.509 certificates using md5RSA signatures should be rejected

On Fri, Mar 03, 2017 at 09:41:03AM +0100, lcf wrote: > Package: curl > Version: 7.52.1-3 > Severity: important > > Dear Maintainer, > > When establishing https connection X.509 certificates using md5RSA should be > rejected and connection should be terminated. > > curl 7.52.1 can do that, when

Bug#845278: closed by Arturo Borrero Gonzalez <art...@debian.org> (Bug#845278: fixed in iptables 1.6.0+snapshot20161117-3)

On Tue, Nov 22, 2016 at 09:06:05AM +, Debian Bug Tracking System wrote: > iptables (1.6.0+snapshot20161117-3) unstable; urgency=medium > . >* [21fdc57] libxtables12: breaks and replaces libxtables11 (Closes: > #845278) This isn't actually fixed, "<<" doesn't mean what you think it

Bug#842311: node-grunt-cli: uninstallable due to wrong dependency

Package: node-grunt-cli Version: 1.2.0-1 Severity: grave Justification: renders package unusable Hello, when trying to install the package I get: The following packages have unmet dependencies: node-grunt-cli : Depends: node-findup-sync (>= 0.3.0) but 0.1.3-1 is to be installed E:

Bug#839581: git-buildpackage: '~' expansion not working anymore

On Sun, Oct 02, 2016 at 07:31:17PM +0200, Guido Günther wrote: > On Sun, Oct 02, 2016 at 11:42:49AM +0100, Alessandro Ghedini wrote: > > Package: git-buildpackage > > Version: 0.8.4 > > Severity: normal > > > > Hello, > > > > I have the following

Bug#839581: git-buildpackage: '~' expansion not working anymore

Package: git-buildpackage Version: 0.8.4 Severity: normal Hello, I have the following values in my gbp.conf: [DEFAULT] ... export-dir = ~/devel/debian/build-area tarball-dir = ~/devel/debian/build-area However when building a package I now get: % gbp buildpackage

Bug#836456: AttributeError: 'file' object has no attribute 'readable'

AttributeError: 'file' object has no attribute 'readable' > gpg: Signature made Sat 03 Sep 2016 12:33:10 BST > gpg: using RSA key 6F0CCBE021624728 > gpg:issuer "gh...@debian.org" > gpg: Good signature from "Alessandro Ghedini <alessan.

Bug#830273: curl: accesses the internet during build

> [..] > > The full build log (including tcpdump output) is attached. Possible patch attached, could you please test it? Thanks From dcb559a161960ff387d2b1552ec4c81b54db4554 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini <alessan...@ghedini.me> Date: Sun, 28 Aug 2016 14:45:15 +01

Bug#833306: debian-keyring: duplicated key 0xAFA51BD6CDE573CB

On Tue, Aug 02, 2016 at 06:52:39PM +0100, Alessandro Ghedini wrote: > and when building the keyrings from the git repository it appears four times: > > % gpg2 --no-default-keyring --keyring output/keyrings/debian-keyring.gpg > --list-keys gh...@debian.org > pub rsa4096/AFA51B

Bug#833306: debian-keyring: duplicated key 0xAFA51BD6CDE573CB

rsa4096/AFA51BD6CDE573CB 2010-10-29 [SC] uid [ unknown] Alessandro Ghedini <alessan...@ghedini.me> uid [ unknown] Alessandro Ghedini <alex...@cpan.org> uid [ unknown] Alessandro Ghedini <gh...@debian.org> sub rsa4096/386B706D9A7B

Bug#809194: ITP: golang-github-docopt-docopt-go -- An implementation of docopt in the Go programming language.

On Wed, Jul 06, 2016 at 11:15:44am +0200, gustavo panizzo wrote: > > * I think the examples/ directory should be included in the package but > >installed as examples files. See dh_installexamples(1) for more > > information, > >but basically you'd need to create an *.examples file under

Bug#809194: ITP: golang-github-docopt-docopt-go -- An implementation of docopt in the Go programming language.

On Mon, Jul 04, 2016 at 09:52:50AM +0200, gustavo panizzo wrote: > On Mon, Jul 04, 2016 at 12:57:47AM +0100, Alessandro Ghedini wrote: > > > > Any news about this? I'd be interested in using such package :) > > > > Cheers > > Packaging is ready waiting

Bug#809194: ITP: golang-github-docopt-docopt-go -- An implementation of docopt in the Go programming language.

Hello, On Mon, Dec 28, 2015 at 02:04:06pm +0800, gustavo panizzo wrote: > Package: wnpp > Severity: wishlist > Owner: gustavo panizzo > > * Package name: golang-github-docopt-docopt-go > Version : 0.6.1 > Upstream Author : Keith Batten > * URL :

Bug#816973: marked as pending

On Sat, Apr 09, 2016 at 10:03:08am +, Mateusz Łukasik wrote: > tag 816973 pending > thanks > > Hello, > > Bug #816973 reported by you has been fixed in the Git repository. You can > see the changelog below, and you can check the diff of the fix at: > >

Bug#802778: False positive mem leak

On Fri, Oct 23, 2015 at 03:25:53PM +0200, Mathieu Malaterre wrote: > Package: valgrind > Version: 1:3.11.0-1 > Tags: upstream > > Seems like gcc 5 is doing something funky > (/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21): > > ==3674== > ==3674== HEAP SUMMARY: > ==3674== in use at exit:

Bug#802751: mpv leaks memory while playing vp9/opus/webm video

On Fri, Oct 23, 2015 at 05:06:17PM +1100, Sylvain BERTRAND wrote: > Package: mpv > Version: 0.6.2-2 > > mpv fill memory while playing a vp9/opus/webm video file. > totem is fine, it seems mpv is fine while playing an avc/aac/mp4 video file. It's probably a ffmpeg issue, but could you upload

Bug#810295: WARNING: Serious error when reading debug info

On Fri, Jan 08, 2016 at 01:31:48PM +1100, Martin Schwenke wrote: > Package: valgrind > Version: 1:3.11.0-1 > Severity: important > > When I run valgrind against anything, I see warnings like this: > > $ valgrind -q /bin/echo > --14923-- WARNING: Serious error when reading debug info > --14923--

Bug#809710: mpv can never load external subtitle file.

On Sun, Jan 03, 2016 at 05:30:58PM +0800, Tianming Xie wrote: > Package: mpv > Version: 0.14.0-1 > Severity: normal > > Dear Maintainer, > > After upgraded to the current version, mpv can never load external ASS > subtitle > file any more, neither a subtitle file located beside the

Bug#803645: fixed in libclang-perl 0.09-3

On Fri, Dec 04, 2015 at 05:52:36PM +0100, gregor herrmann wrote: > On Wed, 02 Dec 2015 17:20:31 +0100, Sylvestre Ledru wrote: > > > >> Does this make sense? (Adding Alessandro as well as both upstream and > > >> DD.) > > > That's even better, indeed! Sylvestre can better comment on the approach,

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

On Thu, Oct 29, 2015 at 07:52:23pm +, luca wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Dear release team, > > We would like to update libvdpau in jessie to address a segmentation fault in > a >

Bug#801113: czmq: Add support for GNU/hurd

On Tue, Oct 06, 2015 at 05:14:15PM +0100, Luca Boccassi wrote: > On Tue, 2015-10-06 at 14:18 +0200, Svante Signell wrote: > > > > Currently czmq is not available for GNU/Hurd due to an unsupported OS > > error and a build dependency on zeromq3. > > > > zeromq3 FTBFS due to an unsupported OS

Bug#800109: mpv no longer play with --vo x11 option

Control: tags - fixed-upstream On Sun, Sep 27, 2015 at 11:08:14am -0500, Herminio Hernandez Jr. wrote: > I tried with both option and video playback was extremely slow and out of sync > with the audio. Below is the output I got. So, even with --hwdec=no mpv decides to fallback to vo=sdl and the

Bug#800517: curl: the --http2 option does not work

On Wed, Sep 30, 2015 at 01:00:55pm +0200, Tomasz Buchert wrote: > Package: curl > Version: 7.44.0-2 > Severity: normal > > Hi, > curl --http2 does not work for me. Works fine here with e.g. https://www.google.com, https://http2.golang.org and https://http2.cloudflare.com. > I have nghttpx

Bug#800517: curl: the --http2 option does not work

On Wed, Sep 30, 2015 at 10:05:09PM +0200, Tomasz Buchert wrote: > On 30/09/15 21:31, Alessandro Ghedini wrote: > > On Wed, Sep 30, 2015 at 01:00:55pm +0200, Tomasz Buchert wrote: > > > Package: curl > > > Version: 7.44.0-2 > > > Severity: normal > > >

Bug#800109: mpv no longer play with --vo x11 option

On Sat, Sep 26, 2015 at 05:18:01pm -0500, Herminio Hernandez Jr wrote: > Package: mpv > Version: 0.11.0-1 > Severity: normal > > Dear Maintainer, > > I am can no longer play videos on mplayer with the --vo x11 option. I am > running Sid on PowerPC and the video card I have crashes when I have

Bug#800013: valgrind: New upstream release available (3.11.0)

On Fri, Sep 25, 2015 at 11:45:09am +0200, Raphaël Hertzog wrote: > Package: valgrind > Version: 1:3.10.1-4 > Severity: wishlist > User: de...@kali.org > Usertags: origin-kali > > Hello, > > I just noticed[1] that there's a new upstream version of valgrind: >

Bug#798543: [valgrind] false positives on socket calls with not specially handled address families

Control: tags -1 fixed-upstream On Thu, Sep 10, 2015 at 03:29:57pm +0200, Andre Naujoks wrote: > Hi. > > Sorry for the noise. I just noticed, that this fix is already in the > upstream svn. Not yet released though. > > I don't know how something like this is handled, so .. - again - sorry >

Bug#796302: nghttp2 is updated

On Thu, Sep 10, 2015 at 08:05:22am +0200, Daniel Stenberg wrote: > Seeing that nghttp2 was just updated in Sid to 1.3.0, is there a chance now > for curl to get HTTP/2 enabled? Uploaded curl 7.44.0-2 just now, with HTTP/2 support enabled Chers signature.asc Description: Digital signature

Bug#797895: libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200

On Sat, Sep 05, 2015 at 12:55:43PM +0100, Luca Boccassi wrote: > On Thu, 2015-09-03 at 14:49 +0200, Alessandro Ghedini wrote: > > Source: libvdpau > > Severity: important > > Tags: security, fixed-upstream > > > > Hi, > > > > the followin

Bug#797895: libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200

Source: libvdpau Severity: important Tags: security, fixed-upstream Hi, the following vulnerabilities were published for libvdpau. CVE-2015-5198[0]: incorrect check for security transition CVE-2015-5199[1]: directory traversal in dlopen CVE-2015-5200[2]: vulnerability in trace functionality

Bug#791026: ecasound: library transition may be needed when GCC 5 is the default

Control: forwarded -1 https://release.debian.org/transitions/html/auto-ecasound.html On Mon, Aug 24, 2015 at 10:25:46am +0100, Simon McVittie wrote: On Wed, 19 Aug 2015 at 10:17:19 +0100, Simon McVittie wrote: In the case of ecasound, the C++ dependencies don't seem to have been flagged for

Bug#759005: xdm: Missing xdm.service, can't use with systemd

On Sun, Aug 23, 2015 at 05:32:18PM +0200, Julien Cristau wrote: On Fri, Nov 21, 2014 at 16:02:15 +0100, Alessandro Ghedini wrote: diff --git a/debian/patches/22_systemd_service.diff b/debian/patches/22_systemd_service.diff new file mode 100644 index 000..3d8161d --- /dev/null

Bug#796302: curl: enable http2

Control: block -1 by 784666 On Fri, Aug 21, 2015 at 10:59:41am +0200, Arnout Engelen wrote: Package: curl Version: 7.44.0-1 Severity: normal Dear Maintainer, When making a request with '--http2', I get the error message curl: (1) Unsupported protocol. Unfortunately the version of the

Bug#795958: lynx-cur: certificate revocation checking is buggy

On Tue, Aug 18, 2015 at 01:32:19pm +0200, Vincent Lefevre wrote: Package: lynx-cur Version: 2.8.9dev6-3 Severity: serious Tags: security If I run lynx https://www.vinc17.net:4434/ I get SSL error:The certificate is NOT trusted. The certificate chain is revoked. -Continue?

Bug#795595: libasound2-plugin-equal: change package name to alsa-equalizer-plugin or similar and move to sound section

On Sat, Aug 15, 2015 at 05:00:29PM +0200, Marcel Partap wrote: Package: libasound2-plugin-equal Version: 0.6-6 Severity: wishlist The main reasons being that a) it is a hidden gem that should not hide in the dark (libs section) b) it easily gets removed accidently by marking all packages

Bug#794478: Fwd: Bug#794478: [Security][RC] RFS: imagemagick/8:6.8.9.9-5+deb8u1

On Sat, Aug 08, 2015 at 09:25:01pm +0200, Bastien ROUCARIES wrote: Dear security team I am looking for a sponsor for my package imagemagick about a security fix and I am waiting for your green light.. Fixing #770009 help buildd but is not a security fix (but nevertheless it will help the

Bug#794851: CVE-2015-0851: shibboleth-sp2 needs to be rebuilt against new xmltooling

Control: found -1 opensaml2/2.4.3-4 Control: fixed -1 opensaml2/2.4.3-4+deb7u1 Control: fixed -1 opensaml2/2.5.3-2+deb8u1 On Fri, Aug 07, 2015 at 12:36:18pm +0200, Sergio Gelato wrote: Package: opensaml2 Version: 2.5.3-2 Severity: serious Tags: security The upstream security advisory for

Bug#791026: ecasound: library transition may be needed when GCC 5 is the default

reopen 791026 user release.debian@packages.debian.org usertag 791026 + transition block 791026 by 790756 reassign 791026 release.debian.org kthxbye On Fri, Jul 03, 2015 at 01:09:43pm +, Matthias Klose wrote: Package: src:ecasound Version: 2.9.1-5 Severity: important Tags: sid stretch

Bug#790750: [curl] HTTPS client certificates don't work anymore

On mer, lug 01, 2015 at 01:17:10 +, Franz Schrober wrote: Package: curl Version: 7.43.0-1 Severity: normal Hi Franz, sorry for the delay, I seem to have missed the report when you submitted it... sid seems to be changed from curl-openssl to curl-gnutls. As result client certificates

Bug#630761: RFP: libczmq -- High-level C binding for ZeroMQ

On Thu, Jul 30, 2015 at 08:24:34PM +0100, Luca Boccassi wrote: On Thu, 2015-07-30 at 16:58 +0200, Alessandro Ghedini wrote: * The -dev package should just be named libczmq-dev (i.e. without the version), this way next time the project bumps the SONAME it'll be easier to do

Bug#790365: closed by Alessandro Ghedini gh...@debian.org (Bug#790365: fixed in libwmf 0.2.8.4-10.4)

file vulnerability It has been closed by Alessandro Ghedini gh...@debian.org. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Alessandro Ghedini gh

Bug#630761: RFP: libczmq -- High-level C binding for ZeroMQ

On Thu, Jul 23, 2015 at 03:58:55AM +0100, Luca Boccassi wrote: owner 630761 luca.bocca...@gmail.com thanks Note that you need to CC cont...@bugs.debian.org for this to work, or you can use the Control pseudo-header. Hello, Hi, I took the liberty of upgrading the repository on Alioth [1] to

Bug#790446: mpv: Warning about mismatch between build and run-time ffmpeg libraries

Control: tags -1 fixed-upstream On Mon, Jun 29, 2015 at 06:01:04pm +0200, Guillem Jover wrote: Package: mpv Version: 0.9.2-1+ffmpeg Severity: normal Hi! [ First of all, thanks for providing a ffmpeg version of the package, there's quite some media that does not play correctly with

Bug#792571: tidy: CVE-2015-5522 and CVE-2015-5523

Source: tidy Version: 20091223cvs-1.2 Severity: important Tags: security upstream patch Hi, the following vulnerabilities were published for tidy. CVE-2015-5522[0]: AddressSanitizer: heap-buffer-overflow WRITE of size 1 CVE-2015-5523[1]: small file can lead to a 4 Gb allocation; potential DoS

Bug#790446: mpv: Warning about mismatch between build and run-time ffmpeg libraries

Control: forwarded -1 https://github.com/mpv-player/mpv/issues/2110 Sorry for the delay. On mer, lug 01, 2015 at 10:35:13 +0200, Andreas Cadhalpun wrote: Hi Guillem, On 30.06.2015 23:14, Andreas Cadhalpun wrote: On 30.06.2015 21:40, Guillem Jover wrote: Perhaps, but the comment at

Bug#789748: jansson: [PATCH] please make the build reproducible

Control: tags -1 pending On mer, giu 24, 2015 at 12:24:57 -0300, Juan Picca wrote: Package: jansson Version: 2.7-3 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps Hi! While working on the reproducible builds effort [1], we have

Bug#781640: Downgrading bug severity

On Thu, Jun 18, 2015 at 09:17:40PM +0200, Daniele Tricoli wrote: On Wednesday 17 June 2015 22:49:24 Moritz Mühlenhoff wrote: Any feedback from your sponsor? Sorry I was a bit busy so I finalized the package only now. :( Already sent an RFS and Piotr is usually very fast, so it should be

Bug#788349: mpv: Segmentation fault after upgrade (libnettle6 installation)

Control: reassign -1 libnettle4 Control: forcemerge 787620 -1 On Wed, Jun 10, 2015 at 03:31:13PM +0200, nfb wrote: Package: mpv Version: 0.9.2-1 Severity: important Hi, after today's upgrade which installed libnettle6 as dependency, i get segmentation fault running mpv. Here is the gdb

Bug#786487: wordpress: 4.2.2 needs php-getid3 from unstable, request for backport or dependency version downgrade

On lun, giu 08, 2015 at 03:29:02 +0200, Raphael Hertzog wrote: On Mon, 08 Jun 2015, Alessandro Ghedini wrote: On lun, giu 08, 2015 at 02:36:17 +0200, Raphael Hertzog wrote: Dear members of the security team, Craig told me (cf message below) that you refused new upstream releases

Bug#786487: wordpress: 4.2.2 needs php-getid3 from unstable, request for backport or dependency version downgrade

On lun, giu 08, 2015 at 02:36:17 +0200, Raphael Hertzog wrote: Dear members of the security team, Craig told me (cf message below) that you refused new upstream releases of Wordpress to fix security issues in stable/oldstable. Since we already did that in the past with Yves-Alexis Perez,

Bug#786487: wordpress: 4.2.2 needs php-getid3 from unstable, request for backport or dependency version downgrade

On Mon, Jun 08, 2015 at 03:10:53PM +0200, Alessandro Ghedini wrote: On lun, giu 08, 2015 at 02:36:17 +0200, Raphael Hertzog wrote: Dear members of the security team, Craig told me (cf message below) that you refused new upstream releases of Wordpress to fix security issues in stable

Bug#787960: libcurl3-gnutls: breaks bti

On dom, giu 07, 2015 at 01:44:36 +0200, Vincent Lefevre wrote: On 2015-06-07 11:40:56 +0200, Alessandro Ghedini wrote: I can't reproduce any of this. Can you please run the command above with the -v option and post the output? xvii:~ curl -v https://www.vinc17.net/ * Trying

Bug#787960: libcurl3-gnutls: breaks bti

On dom, giu 07, 2015 at 12:21:15 +0200, Vincent Lefevre wrote: Control: retitle -1 no longer works with https - breaks bti and curl On 2015-06-07 00:16:15 +0200, Vincent Lefevre wrote: After the upgrade to libcurl3-gnutls 7.42.1-2+b1, bti no longer works at all. For instance: [...] It

Bug#787712: libcurl: relocation error libcurl.so.4: symbol SSLv3_client_method

Control: reassign -1 openssl Control: forcemerge 768476 -1 Control: affects -1 + libcurl3 On gio, giu 04, 2015 at 11:52:27 +0100, Peter T. Breuer wrote: Versions of packages libcurl3:i386 depends on: ii libc6 2.19-18 ii libcomerr21.42.12-1.1 ii libgssapi-krb5-2

Bug#786670: ffmpeg: too many dependencies?

On lun, mag 25, 2015 at 01:46:47 +0200, Bálint Réczey wrote: Hi Alessandro, 2015-05-24 12:50 GMT+02:00 Alessandro Ghedini gh...@debian.org: Source: ffmpeg Version: 7:2.6.3-1+b1 Severity: wishlist Hello, I was looking at the various dependencies of the -ffmpeg packages

Bug#786670: ffmpeg: too many dependencies?

Source: ffmpeg Version: 7:2.6.3-1+b1 Severity: wishlist Hello, I was looking at the various dependencies of the -ffmpeg packages, and it seems to me some of them are a bit superfluous. For example: - Do we really need 2 different MP3 encoders (libmp3lame and libshine)? - Given the libmp3lame

Bug#786572: mpv: always dies in assert() on --vo=opengl-old:force-pbo=yes

On sab, mag 23, 2015 at 02:15:05 +0300, Yuriy M. Kaminskiy wrote: Package: mpv Version: 0.6.2-2 Severity: normal Dear Maintainer, $ mpv --vo=opengl-old:force-pbo=yes any-video.avi [...] AO: [alsa] 48000Hz stereo 2ch float VO: [opengl-old] 1280x720 = 1280x720 yuv420p mpv:

Bug#786512: curl: fails on non-fatal TLS warning

Control: tags -1 fixed-upstream On Fri, May 22, 2015 at 10:29:16PM +1000, Dmitry Smirnov wrote: Package: curl Version: 7.42.1-2 Severity: normal X-Debbugs-CC: arno.schnei...@hs-augsburg.de Command curl https://moodle.hs-augsburg.de/ returns the following error: curl:

Bug#786576: mpv: --vo=opengl-old:rectangle=1 fails to render OSD

On sab, mag 23, 2015 at 03:02:17 +0300, Yuriy M. Kaminskiy wrote: Package: mpv Version: 0.6.2-2 Severity: normal Dear Maintainer, mpv --vo=opengl-old fails to render OSD (draws empty rectangles instead) when sub-option rectangle is 1 (it is set to 1 by default on some video-cards [with

Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c

On Sat, May 16, 2015 at 03:43:37PM +0200, Alessandro Ghedini wrote: On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015

Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c

On Sat, May 16, 2015 at 03:07:57PM +0200, Sebastian Ramacher wrote: On 2015-05-15 15:22:28, Alessandro Ghedini wrote: On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56

Bug#784666: nghttp2: new upstream release v0.7.13

Control: retitle -1 nghttp2: new upstream release v1.0.0 On Thu, May 07, 2015 at 06:08:47PM +0200, Alessandro Ghedini wrote: Source: nghttp2 Version: 0.6.7-1 Severity: wishlist Hello, upstream has released several new upstream versions, would it be possible to update the Debian package

Bug#785326: libavcodec56: CVE-2014-7937 - Multiple off-by-one errors in libavcodec/vorbisdec.c

On Fri, May 15, 2015 at 11:05:17AM +0200, Sebastian Ramacher wrote: Version: 6:11.3-1 On 2015-05-14 20:41:15, Arne Wichmann wrote: Package: libavcodec56 Version: 6:11.3-2 Severity: grave Tags: security Justification: user security hole Hi, as far as I can see this has not yet

Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet

On Sun, May 10, 2015 at 09:12:43PM +0100, Steven Chamberlain wrote: Dear Security Team, This bug was reopened because the original fix from upstream was found to be incomplete. Please may I upload to wheezy-security with the attached debdiff, replacing the CVE-2015-1414 patch with the new

Bug#784666: nghttp2: new upstream release v0.7.13

Source: nghttp2 Version: 0.6.7-1 Severity: wishlist Hello, upstream has released several new upstream versions, would it be possible to update the Debian package? Thanks -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1,

Bug#745837: curl should use a Certificate Revocation List by default

Control: tags -1 wontfix On mar, mag 05, 2015 at 01:23:46 +0200, Vincent Lefevre wrote: On 2015-05-04 19:57:25 +0200, Alessandro Ghedini wrote: On lun, mag 04, 2015 at 12:28:02 +0200, Vincent Lefevre wrote: OK, if I understand, it just supports OCSP stapling, not plain OCSP. So, why

Bug#784214: allow manual override for the regression DLA/DSA Id

On Mon, May 04, 2015 at 09:09:04AM +0200, Mike Gabriel wrote: Package: security-tracker Severity: wishlist Tags: patch Hi, attached is a patch that adds manual DLA/DSA id override support if an upload tackles a regression already announce via an earlier DSA/DLA. Current use case /

Bug#745837: curl should use a Certificate Revocation List by default

On Mon, May 04, 2015 at 03:15:19AM +0200, Vincent Lefevre wrote: Control: retitle -1 curl should check certificate revocation status by default On 2014-04-26 13:19:35 +0200, Alessandro Ghedini wrote: TL;DR: let's do OCSP instead of downloading CRLs. It would still need someone to actually

Bug#745837: curl should use a Certificate Revocation List by default

On lun, mag 04, 2015 at 12:28:02 +0200, Vincent Lefevre wrote: On 2015-05-04 10:57:36 +0200, Alessandro Ghedini wrote: --cert-status only checks for the status_request TLS extension which is not supported by most servers (which means curl will fail by default on most requests). So no, curl

Bug#784267: mpv: please make the build reproducible

Control: tags -1 pending On Mon, May 04, 2015 at 07:53:23PM +0200, Jérémy Bobbio wrote: Source: mpv Version: 0.9.1-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps Hi! While working on the “reproducible builds” effort [1], we have

Bug#784027: apt: broken apt-get changelog command

On Sat, May 02, 2015 at 12:48:22PM +0200, Alessandro Ghedini wrote: Package: apt Version: 1.0.9.9 Severity: normal Hello, it seems that the changelog command of apt-get is broken: % apt-get changelog debhelper Err Changelog per debhelper (http://packages.debian.org/changelogs

Bug#784027: apt: broken apt-get changelog command

Package: apt Version: 1.0.9.9 Severity: normal Hello, it seems that the changelog command of apt-get is broken: % apt-get changelog debhelper Err Changelog per debhelper (http://packages.debian.org/changelogs/pool/main/d/debhelper/debhelper_9.20150501/changelog) 404 Not Found Err

Bug#783685: valgrind: False positive with openmp: ??? (in /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0)

Control: tags -1 pending On mer, apr 29, 2015 at 09:56:51 +0200, Mathieu Malaterre wrote: Package: valgrind Version: 1:3.10.0-4 Severity: normal Dear Maintainer, It feels like there is a missing suppression for openmp on valgring+openmp (jessie amd64). Steps: $ cat t.c int main()

  1   2   3   4   5   6   7   8   >