Source: ansible
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for ansible.
CVE-2021-3532[0]:
| A flaw was found in Ansible where the secret information present in
| async_files are getting disclosed when the user changes the
Source: ansible
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ansible.
CVE-2021-3447[0]:
| A flaw was found in several ansible modules, where parameters
| containing credentials, such as secrets, were being logged in
Source: ruby-sinatra
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ruby-sinatra.
CVE-2022-29970[0]:
| Sinatra before 2.2.0 does not validate that the expanded path matches
| public_dir when serving static files.
Source: ignition
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ignition.
CVE-2022-1706[0]:
| A vulnerability was found in Ignition where ignition configs are
| accessible from unprivileged containers in VMs running on
Source: dnsmasq
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dnsmasq.
CVE-2022-0934[0]:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html
Am Mon, Mar 08, 2021 at 09:05:22AM + schrieb Mike Gabriel:
> Hi Salvatore,
>
> On Sa 06 Mär 2021 20:31:46 CET, Salvatore Bonaccorso wrote:
>
> > Hi,
> >
> > On Wed, Apr 03, 2019 at 12:27:25PM +, Mike Gabriel wrote:
> > > Hi Moritz,
> > >
> > > On Di 02 Apr 2019 22:04:34 CEST, Moritz
Source: nim
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for nim.
CVE-2021-41259[0]:
| Nim is a systems programming language with a focus on efficiency,
| expressiveness, and elegance. In affected versions the uri.parseUri
Source: libsndfile
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsndfile.
CVE-2021-4156[0]:
| An out-of-bounds read flaw was found in libsndfile's FLAC codec
| functionality. An attacker who is able to submit a
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2019-20056[0]:
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and
| other products, has an assertion failure in
Source: gegl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gegl.
CVE-2018-10111[0]:
| An issue was discovered in GEGL through 0.3.32. The render_rectangle
| function in process/gegl-processor.c has unbounded memory
Source: jakarta-jmeter
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for jakarta-jmeter.
CVE-2018-1287[0]:
| In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI
| based), jmeter server binds RMI
Source: gdk-pixbuf
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gdk-pixbuf.
CVE-2021-44648[0]:
| GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow
| vulnerability when decoding the lzw compressed stream
Source: svgpp
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for svgpp.
CVE-2021-44960[0]:
| In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the
| renderDocument function handled the XMLDocument object
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
https://starlabs.sg/advisories/22-0216
https://gitlab.com/qemu-project/qemu/-/issues/972
If you fix the vulnerability please also make sure to include
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2022-1050[0]:
| A flaw was found in the QEMU implementation of VMWare's paravirtual
| RDMA device. This flaw allows a crafted guest driver to
Source: giflib
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for giflib.
CVE-2021-40633[0]:
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib
| 5.1.4 allows remote attackers trigger an out of memory
Source: libsdl1.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsdl1.2.
CVE-2021-33657[0]:
| There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple
| DirectMedia Layer) 2.x to 2.0.18 versions. By
Source: node-mermaid
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-mermaid.
CVE-2022-31108[0]:
| Mermaid is a JavaScript based diagramming and charting tool that uses
| Markdown-inspired text definitions and a
Source: squirrel3
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squirrel3.
CVE-2022-30292[0]:
| Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to
| lack of a certain sq_reservestack call.
Source: fuse-exfat
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for fuse-exfat.
CVE-2022-29973[0]:
| relan exFAT 1.3.0 allows local users to obtain sensitive information
| (data from deleted files in the filesystem) in
Source: dlt-daemon
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for dlt-daemon.
CVE-2022-31291[0]:
| An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows
| attackers to cause a double free via crafted TCP
Source: php8.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for php8.1.
CVE-2022-31625[0]:
| In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x
| below 8.1.7, when using Postgres database extension,
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libstb.
CVE-2021-42715[0]:
| An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR
| loader parsed truncated end-of-file RLE scanlines as
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2021-28021[0]:
| Buffer overflow vulnerability in function stbi__extend_receive in
| stb_image.h in stb 2.26 via a crafted JPEG file.
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libstb.
CVE-2022-28041[0]:
| stb_image.h v2.27 was discovered to contain an integer overflow via
| the function stbi__jpeg_decode_block_prog_dc. This
Source: u-boot
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for u-boot.
CVE-2022-34835[0]:
| In Das U-Boot through 2022.07-rc5, an integer signedness error and
| resultant stack-based buffer overflow in the "i2c md"
Source: libsixel
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libsixel.
CVE-2022-29978[0]:
| There is a floating point exception error in sixel_encoder_do_resize,
| encoder.c:633 in libsixel img2sixel 1.8.6. Remote
Source: u-boot
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for u-boot.
CVE-2022-33103[0]:
| Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an
| out-of-bounds write via the function sqfs_readdir().
Source: libsixel
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for libsixel.
CVE-2022-29977[0]:
| There is an assertion failure error in stbi__jpeg_huff_decode,
| stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote
Source: tiff
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for tiff.
CVE-2022-2056[0]:
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to
| cause a denial-of-service via a crafted tiff file. For
Source: guzzle
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for guzzle.
CVE-2022-31090[0]:
| Guzzle, an extensible PHP HTTP client. `Authorization` headers on
| requests are sensitive information. In affected versions
Source: dwarfutils
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dwarfutils.
CVE-2022-34299[0]:
| There is a heap-based buffer over-read in libdwarf 0.4.0. This issue
| is related to dwarf_global_formref_b.
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for radare2.
CVE-2021-44975[0]:
| radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via
| /libr/core/anal_objc.c mach-o parser.
Source: radare2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for radare2.
CVE-2022-1714[0]:
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2
| prior to 5.7.0. The bug causes the program reads data past
Source: u-boot
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for u-boot.
CVE-2022-30552[0]:
| Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-30790[1]:
| Das U-Boot 2022.01 has a Buffer Overflow, a different issue
Source: u-boot
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for u-boot.
CVE-2022-30767[0]:
| nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and
| through 2022.07-rc2) has an unbounded memcpy with a failed
Source: libsixel
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libsixel.
CVE-2021-46700[0]:
| In libsixel 1.8.6, sixel_encoder_output_without_macro (called from
| sixel_encoder_encode_frame in encoder.c) has a double
Source: edk2
X-Debbugs-CC: t...@security.debian.org
Severity: import
Tags: security
Hi,
The following vulnerabilities were published for edk2.
The upstream bugs are still private at this point, though.
CVE-2021-38576[0]:
| A BIOS bug in firmware for a particular PC model leaves the Platform
|
Am Tue, Jul 05, 2022 at 10:13:20AM +0200 schrieb Sebastian Ramacher:
> ffmpeg has a bad history of security issues including RCEs. It requires
> too many DSAs for both stable and oldstable. So I am only
> going to maintain one ffmpeg version for a specific Debian release.
> Anything else needs
Source: bitcoin
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for bitcoin.
CVE-2021-31876[0]:
| Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the
| replacement policy specified in BIP125, which makes it
Source: libheif
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2020-23109[0]:
| Buffer overflow vulnerability in function convert_colorspace in
| heif_colorconversion.cc in libheif v1.6.2, allows attackers
Source: nomacs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for nomacs.
CVE-2020-23884[0]:
| A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial
| of service (DoS) via a crafted MNG file.
Source: libelfin
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libelfin.
CVE-2020-24821[0]:
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin
| v0.3 allows attackers to cause a denial of
Am Thu, Jun 30, 2022 at 02:16:55PM +0200 schrieb Santiago Vila:
> Dear Steven and Mark:
>
> I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529
> and CVE-2022-0530 in Debian unzip, but before doing so I would like to have
> some feedback from upstream (i.e. you) or either
Apollon wrote:
> I would like to update Ganeti to the current upstream bugfix version
> (3.0.2) - including all Debian packaging fixes currently in unstable -
> and I seek your approval.
>
> 3.0.2 was released a while back[1] as a bugfix-only release. Due to my
> involvement upstream, I had
Am Wed, Jun 22, 2022 at 02:28:36PM + schrieb Lance Lin:
> Hello Marco,
>
> > What is the plan? Are there any current or new packages which will
> > depend on it?
>
> Yes, from my understanding it is a "drop in" replacement for OpenSSL. One of
> my packages (Workflow) uses it but can also
Source: dbus-broker
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dbus-broker.
This was assigned CVE-2022-31212:
https://bugzilla.redhat.com/show_bug.cgi?id=2094718
If you fix the vulnerability please also make sure
Source: imagemagick
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for imagemagick.
CVE-2022-28463[0]:
| ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
Source: jboss-xnio
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jboss-xnio.
The only source for this is in Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2064226
If you fix the vulnerability please
Source: cookiecutter
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cookiecutter.
CVE-2022-24065[0]:
| The package cookiecutter before 2.1.1 are vulnerable to Command
| Injection via hg argument injection. When calling
Source: jupyter-notebook
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jupyter-notebook.
CVE-2022-29238[0]:
| Jupyter Notebook is a web-based notebook environment for interactive
| computing. Prior to version 6.4.12,
Source: jodd
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jodd.
CVE-2022-29631[0]:
| Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection
| vulnerabilities via the components jodd.http.HttpRequest#set
Source: jupyter-server
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jupyter-server.
CVE-2022-29241[0]:
| Jupyter Server provides the backend (i.e. the core services, APIs, and
| REST endpoints) for Jupyter web
Source: node-got
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-got.
CVE-2022-33987[0]:
| The got package before 12.1.0 for Node.js allows a redirect to a UNIX
| socket.
Source: jpeg-xl
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for jpeg-xl.
CVE-2022-34000[0]:
| libjxl 0.6.1 has an assertion failure in
| LowMemoryRenderPipeline::Init() in
| render_pipeline/low_memory_render_pipeline.cc.
Source: exo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for exo.
CVE-2022-32278[0]:
| XFCE 4.16 allows attackers to execute arbitrary code because xdg-open
| can execute a .desktop file on an attacker-controlled FTP server.
Source: nuitka
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for nuitka.
CVE-2022-2054[0]:
| Command Injection in GitHub repository nuitka/nuitka prior to 0.9.
If you fix the vulnerability please also make sure to
Source: golang-github-emicklei-go-restful
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-emicklei-go-restful.
CVE-2022-1996[0]:
| Authorization Bypass Through User-Controlled Key in GitHub repository
|
Source: sox
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for sox.
CVE-2022-31650[0]:
| In SoX 14.4.2, there is a floating-point exception in
| lsx_aiffstartwrite in aiff.c in libsox.a.
CVE-2022-31651[1]:
| In SoX
Source: dwarfutils
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dwarfutils.
CVE-2022-32200[0]:
| libdwarf 0.4.0 has a heap-based buffer over-read in
| _dwarf_check_string_valid in dwarf_util.c.
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side
Source: libengine-gost-openssl1.1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libengine-gost-openssl1.1.
CVE-2022-29242[0]:
| GOST engine is a reference implementation of the Russian GOST crypto
| algorithms for
Am Fri, May 27, 2022 at 06:52:11PM +0100 schrieb Matthew Vernon:
> Hi,
>
> Would you like me to prepare an upload for these, or are you working on
> this?
>
> [sorry, it's not clear from the bug report]
Sorry, this fell through the cracks until I just started to flush in
inbox's backlog.
severity 1009282 normal
reassign 1009282 ftp.debian.org
retitle 1009282 RM: live-wrapper -- RoQA; Depends on Python 2, depends on
removed package
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1009276 normal
reassign 1009276 ftp.debian.org
retitle 1009276 RM: fsl -- RoM; Depends on Python 2, FTBFS, unmaintained
thanks
Reassigning for removal.
severity 1009280 normal
reassign 1009280 ftp.debian.org
retitle 1009280 RM: python-passfd -- RoQA; Depends on Python 2, no reverse deps
thanks
Reassigning for removal.
Cheers,
Moritz
severity 1008792 normal
reassign 1008792 ftp.debian.org
retitle 1008792 RM: vmtk -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008700 normal
reassign 1008700 ftp.debian.org
retitle 1008700 RM: geda-gaf -- RoM; Depends on Python 2, replacement exists
thanks
Reassigning for removal.
severity 1008703 normal
reassign 1008703 ftp.debian.org
retitle 1008703 RM: sortsmill-tools -- RoM; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008704 normal
reassign 1008704 ftp.debian.org
retitle 1008704 RM: astk -- RoM; depends on Python 2, unmaintained
thanks
Reassigning for removal.
severity 1008500 normal
reassign 1008500 ftp.debian.org
retitle 1008500 RM: undertaker -- RoQA; Depends on Python 2, unmaintained
thanks
Reassigning for removal
severity 1008499 normal
reassign 1008499 ftp.debian.org
retitle 1008499 RM: neard -- RoQA; depends on Python 2, unmaintained
thanks
Reassigning for removal
Am Fri, Apr 29, 2022 at 07:49:15AM +0300 schrieb Sergei Golovan:
> > This was assigned CVE-2022-28805:
> > https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
> > http://lua-users.org/lists/lua-l/2022-02/msg1.html
> >
Am Fri, Oct 29, 2021 at 01:36:27PM + schrieb Tim Theisen:
> I plan to upload a new version this weekend.
Did you make progress with updating condor?
Cheers,
Moritz
severity 1008285 normal
reassign 1008285 ftp.debian.org
retitle 1008285 RM: -- RoM; Depends on Python 2
thanks
Am Fri, Mar 25, 2022 at 11:30:26PM +0100 schrieb Moritz Muehlenhoff:
> Source: zorp
> Version: 7.0.1~alpha2-3
> Severity: serious
>
> Your package came up as a candidate for removal
severity 1008272 normal
reassign 1008272 ftp.debian.org
retitle 1008272 RM: -- RoM; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:57:50PM +0100 schrieb Moritz Muehlenhoff:
> Source: postnews
> Version: 0.7-1
> Severity: serious
>
> Your package came up as a candidate for
severity 1008274 normal
reassign 1008274 ftp.debian.org
retitle 1008274 RM: -- RoM; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:59:21PM +0100 schrieb Moritz Muehlenhoff:
> Source: sandsifter
> Version: 1.04-1
> Severity: serious
>
> Your package came up as a candidate
severity 1008271 normal
reassign 1008271 ftp.debian.org
retitle 1008271 RM: arriero -- RoQA; depends on Python 2, unmaintained
thanks
Am Fri, Mar 25, 2022 at 08:57:10PM +0100 schrieb Moritz Muehlenhoff:
> Source: arriero
> Version: 0.6-1
> Severity: serious
>
> Your package came up as a
severity 1009269 normal
reassign 1009269 ftp.debian.org
retitle 1009269 RM: sphinx-patchqueue -- RoM; obsolete, no rdeps
thx
Am Wed, Apr 20, 2022 at 06:42:45PM +1000 schrieb Dmitry Smirnov:
> On Monday, 11 April 2022 4:28:40 AM AEST Moritz Muehlenhoff wrote:
> > Source: sphinx-patchqueue
> >
Am Mon, Apr 11, 2022 at 10:50:05AM +0200 schrieb Richard Ulrich:
> Hi Moritz,
>
> If it all worked and was in sync with electrum, that would be great.
>
> But I stopped updating it back then because in the end most of the time
> I still had to install electrum and those plugins manually.
>
>
Am Wed, Mar 30, 2022 at 04:43:12PM -0600 schrieb Bdale Garbee:
> Moritz Muehlenhoff writes:
>
> > Source: geda-gaf
> > Version: 1:1.8.2-11
> > Severity: serious
> >
> > Your package came up as a candidate for removal from Debian:
>
> For the record, I've previously indicated that I consider
Hi Manuel,
> > Given upstream's reply at https://github.com/K-3D/k3d/issues/38 this
> > seems unlikely to get ported, let's remove k3d?
>
> Basically I'd like to extend its life in Debian and keep users using
> this package rather than having to build the version themselves, as
> long as it
Am Fri, Aug 30, 2019 at 07:30:29AM + schrieb Matthias Klose:
> Package: src:pd-aubio
> Version: 0.4-1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the
Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> node-url-parse is vulnerable to an authorization Bypass Through
> User-Controlled
Am Mon, Feb 21, 2022 at 01:57:54PM +0100 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> node-prismjs has 2 vulnerabilities:
> * Regex DoS (CVE-2021-40438)
Where did you get that CVE
severity 668644 serious
thanks
Am Fri, Apr 13, 2012 at 10:47:35PM +0300 schrieb jari.aa...@cante.net:
> Package: qmc
> Severity: wishlist
> Tags: patch
>
> Hi,
>
> The dpatch patch management system has been deprecated for some time. The
> Lintian currently flags use of dpatch packages as an
Am Thu, Jan 27, 2022 at 10:01:34AM +1100 schrieb Trent W. Buck:
> Alberto Garcia wrote:
> > Two WebKit ports are actively maintained, available in Debian and have
> > security support: WPE WebKit and WebKitGTK (the package is called
> > webkit2gtk for technical / historical reasons).
> >
> >
Am Thu, Feb 03, 2022 at 03:59:00PM +0100 schrieb Thorsten Glaser:
> Hi Holger,
>
> > and filed against src:debian-security-support, as openjdk-17 seems to be
> > supported and src:debian-security-support's purpose is to documented what's
>
> no, 11 is supported, 17 is just for users to run
Am Thu, Jan 06, 2022 at 12:44:03PM - schrieb Chris Lamb:
> Hi Security Team,
>
> I was just looking at these CVEs for ELTS and LTS, but before I make
> a move there, I was just wondering if you were planning on (or would
> like) a DSA.
Hi Chris,
these both seem rather harmless to me, I'd say
Am Thu, Jan 16, 2020 at 11:19:34AM +1100 schrieb Stuart Prescott:
> Control: tags -1 + patch
>
> Dear maintainer,
>
> The attached patch upgrades waf to the current git snapshot which is then
> able
> to build patchage with Python 3 rather than Python 2. This is a large patch
> and perhaps
Source: e2guardian
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for e2guardian.
CVE-2021-44273[0]:
| e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate
| validation in the SSL MITM engine. In standalone mode
Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers:
> Hi Andres,
>
> On 05-12-2021 03:36, Andres Salomon wrote:
> > So what's happening with chromium in both sid and stable? I saw on
> > d-release that it was removed from testing (#998676 and #998732), with a
> > discussion about ending
Am Tue, Nov 30, 2021 at 06:00:57PM + schrieb Adam D. Barratt:
> I was assuming the plan was for the Firefox and Thunderbird updates to
> be released via the security archive.
Definitely! For the last ESR round DSA deployed a change to make the
security chroots include buster-proposed-updates.
Am Sat, Sep 11, 2021 at 01:04:16PM -0400 schrieb Boyuan Yang:
> Source: python-pmw
> Version: 1.3.2-6
> Severity: important
> X-Debbugs-CC: se...@debian.org
>
> Dear package python-pmw maintainer in Debian,
>
> After looking into the package you maintain (python-pmw,
>
Am Sun, Feb 09, 2020 at 01:18:27PM +0100 schrieb Andreas Tille:
> Hi,
>
> I've taken over this package into Debian Med team to
>
>https://salsa.debian.org/med-team/python-neuroshare
>
> It needs some remaining work to port for Python3 which I
> can not do right now. Any help is welcome.
Am Fri, Jan 29, 2021 at 09:56:46PM + schrieb Thorsten Alteholz:
> Hi Moritz,
>
> On Fri, 29 Jan 2021, Moritz Mühlenhoff wrote:
> > opencaster seems dead upstream, should it be removed or are
> > you planning to port it to Python 3 yourself?
>
> I don't plan to
Am Fri, Aug 30, 2019 at 07:29:33AM + schrieb Matthias Klose:
> Package: src:openopt
> Version: 0.38+svn1589-1.1
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2
reassign 995368 uwsgi
thanks
Am Fri, Oct 01, 2021 at 04:16:05PM +0200 schrieb Josef Kejzlar, wpj s.r.o.:
> I can confirm this regression.
> After unattended security upgrades got applied during the night, all
> our applications stopped working.
>
> There is wrong request path sent to uwsgi
Source: hcxtools
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for hcxtools.
CVE-2021-32286[0]:
| An issue was discovered in hcxtools through 6.1.6. A global-buffer-
| overflow exists in the function pcapngoptionwalk located
Am Wed, Aug 25, 2021 at 09:23:37PM +0200 schrieb Salvatore Bonaccorso:
> Source: plib
> Version: 1.8.5-8
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> Forwarded: https://sourceforge.net/p/plib/bugs/55/
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
701 - 800 of 2466 matches
Mail list logo
