I took the second approach suggested by Gregor, of changing the install
order. Massive rewrite of d/rules to happen at a later date. :-)
--
Neil Roeth
Package: mkosi
Version: 20-1
Severity: normal
Tags: upstream patch
X-Debbugs-Cc: n...@aldur.co.uk
Dear Maintainer,
v20 erroneously removed the copy nspawn settings functionality even
though it continues to be used by 'machinectl pull-tar'. This has been
reversed upstream, and I would if you
not work
even in the simplest operation.
As I have reported here - https://github.com/apple/swift/issues/60690
<https://github.com/apple/swift/issues/60690> - even the basic swiftc complier
is not working.
Neil
> On Dec 2, 2023, at 5:52, Steve M wrote:
>
> Neil,
>
> Thank y
Package: swiftlang
Version: 5.6.3-2
Severity: important
X-Debbugs-Cc: futurejonesa...@gmail.com
Dear Maintainer,
* What led up to the situation?
Installed swiftlang and tried to build and run a simple Hello World project
* What exactly did you do (or not do) that was effective (or
It is not clear to me how to test if the path is embedded in the
libraries and whether the fix for this is still needed. I did a simple
grep for part of my local build path in the libraries of this package
and got no hits. Maybe something has changed since this bug was filed
so that this is
Package: inetutils-telnetd
Version: 2:2.4-3
Severity: wishlist
Tags: patch
X-Debbugs-Cc: n...@aldur.co.uk
Dear Maintainer,
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-3-cloud-amd64 (SMP
intend to salvage
it with the plan to orphan it in three weeks. Please notify me if you
object.
--
Neil Roeth
, then perhaps it could be extended
to print the files being verified. Maybe it should grow a new option
'--print-files' to support exactly that.
Anywho, I'm happy to help if someone can show me where and how to submit a
patch.
Regards,
Neil
-- Package-specific info:
--- /etc/devscripts.conf ---
Empty
your Bug report
> which was filed against the tcsh package:
> #905649: tcsh: Filetest Built-In Does Not Recognize Filenames Containing '{'
> (left curly brace), Whether Quoted or Escaped
> It has been closed by Josef Schneider .
Thank you, Josef. I agree that the problem is not present in
Package: rclone
Version: 1.53.3-4ubuntu1
Severity: normal
Dear Maintainer,
rclone uses TLS to connect to remote repositories, but lacks a Suggests
on ca-certificates. This leads to "x509: certificate signed by unknown
authority" errors.
Adding it in would mirror the Suggests in the 'openssl'
@
Thanks,
—Neil
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.86 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
As outlined in the orphaning bug (994986), the centreon-* packages
are no longer being maintained. centreon-clib was left in unstable
because it (initially) built OK without needing extra work. Other
centreon-* packages
Source: cimg
Version: 3.0.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2022-1325[0]:
| A flaw was found in Clmg, where with the help of a maliciously crafted
| pandore
Source: jpegqs
Version: 1.20210408-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jpegqs.
CVE-2022-35434[0]:
| jpeg-quantsmooth before commit 8879454 contained a floating point
| exception
Source: ring
Version: 20210112.2.b757bac~ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ring STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source multimedia communication
Source: asterisk
Version: 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source
ee if isotpsend support can be provided inside
autopkgtest. If that fails, the upstream tests will need to be confined
to Salsa and autopkgtests limited only to autopkgtest-pkg-python.
https://salsa.debian.org/pkg-security-team/scapy/-/commit/59a4c0e2ed8c24cf5a3d4412cecdd5086a5b0395
--
Neil Willi
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
xprobe is an old package with no upstream development - the old SF page
links to a Wiki, other links in d.copyright go to 404.
The current RC bug can be fixed but the package no longer works in a
useful manner. xprobe is
On Fri, 5 Aug 2022 11:22:30 +0200
=?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian_GNU=7cLinux=29?=
wrote:
> On Fri, 05 Aug 2022 09:41:46 +0100 Neil Williams
> wrote:
> > The following vulnerability was published for v4l2loopback (and is
> > not included in the recent v0.12.7 git
On Mon, 1 Aug 2022 18:25:04 +0200 Sylvestre Ledru wrote:
> Hello,
>
> Le 05/07/2022 à 11:19, Neil Williams a écrit :
> > Source: scilab
> > Version: 6.1.1+dfsg2-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codeh...@debian.org,
Source: v4l2loopback
Version: 0.12.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for v4l2loopback (and is not
included in the recent v0.12.7 git tag).
CVE-2022-2652[0]:
| Depending on the
nt<_Tp, __v>::value' 71 |
> template |
>^ /usr/include/c++/10/type_traits:59:29: note:
> 'constexpr const _Tp value' previously declared here 59 |
> static constexpr _Tp value = __v; | ^
>
> Andreas
--
Neil Williams
=
h
Source: milkytracker
Version: 1.03.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for milkytracker.
CVE-2022-34927[0]:
| MilkyTracker v1.03.00 was discovered to contain a stack
solete field Name from debian/upstream/metadata
> .
>[ Ole Streicher ]
>* Switch build depends on libnetpbm10-dev to libnetpbm-dev
> (Closes: #1003165)
1003165 is the wrong bug number and a different package. The B-D bug in
astrometry.net is 1016400.
https://bugs.debian.org
On Tue, 5 Jul 2022 11:58:12 +0200
Sebastiaan Couwenberg wrote:
> On 7/5/22 11:14, Neil Williams wrote:
> > CVE-2022-30045[0]:
> > | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> > | ezxml_decode() performs incorrect memory handling while parsing
&g
Source: scilab
Version: 6.1.1+dfsg2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for scilab.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: navit
Version: 0.5.0+dfsg.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for navit.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: mapcache
Version: 1.12.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mapcache.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: passportjs
Version: 0.5.2+~1.0.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for passportjs.
CVE-2022-25896[0]:
| This affects the package passport before 0.6.0. When a user logs in or
|
work but it may be necessary to have libavcodec4-dev and
libavcodec-dev with a new source package ffmpeg4 alongside ffmpeg.
>
> Thank you,
> -Steve
>
> [1] https://mail.kde.org/pipermail/digikam-users/2022-July/033796.html
>
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpbx_gmG9Uix.pgp
Description: OpenPGP digital signature
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-22577[0]:
| An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that
| could allow
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-21831[0]:
| A code injection vulnerability exists in the Active Storage =
| v5.2.0 that
Source: smarty3
Version: 3.1.39-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty3.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
|
Source: smarty4
Version: 4.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty4.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
|
Source: pyjwt
Version: 2.3.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pyjwt.
CVE-2022-29217[0]:
| PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple
| different
Source: golang-github-hashicorp-go-getter
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for
golang-github-hashicorp-go-getter.
CVE-2022-26945[0]:
| HashiCorp go-getter
Source: golang-github-tidwall-gjson
Version: 1.6.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-tidwall-gjson.
CVE-2021-42248[0]:
| GJSON = 1.9.2 allows attackers to cause
Source: snowflake
Version: 1.1.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snowflake.
CVE-2022-29222[0]:
| Pion DTLS is a Go implementation of Datagram Transport
Source: snowflake
Version: 1.1.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for snowflake, via the
github.com/pion/dtls/v2 package included into debian/vendor/
CVE-2022-29189[0]:
| Pion DTLS is
Source: node-formidable
Version: 3.2.3+20220426git971e3a7+~cs4.0.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-formidable.
CVE-2022-29622[0]:
| An arbitrary file upload vulnerability in
Source: golang-gopkg-yaml.v3
Version: 3.0.0~git20200121.a6ecf24-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-gopkg-yaml.v3-dev.
CVE-2022-28948[0]:
| An issue in the Unmarshal function in
Package: texlive-binaries
Version: 2022.20220321.62855-1
Severity: important
File: /usr/bin/pdftosrc
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
texlive-binaries in unstable, experimental and bookworm embeds
xpdfreader 4.03 and the code is exposed via the pdftosrc
Source: dokuwiki
Version: 0.0.20200729-0.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dokuwiki.
CVE-2022-28919[0]:
| HTMLCreator release_stable_2020-07-29 was discovered to contain a
| cross-site
Source: apscheduler
Version: 3.8.1-1
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
Other packages using python3-apscheduler as a dependency have to work
around an error in the apscheduler packaging:
/usr/lib/python3/dist-packages/APScheduler-0.0.0.egg-info/PKG-INFO
Please fix the package
Source: uclibc
Version: 1.0.35-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for uclibc.
CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions
I've encountered the same issue when attempting to install the aiohttp
package or anything that depends on it, which seems to be a lot.
File "/usr/lib/python3.10/_distutils_system_mod.py", line 125, in
_inject_headers
scheme['headers'] =
Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libsdl2-ttf.
CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
|
Source: libgoogle-gson-java
Version: 2.8.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libgoogle-gson-java.
CVE-2022-25647[0]:
| The package com.google.code.gson:gson before 2.8.9 are vulnerable
Source: ruby-xmlhash
Version: 1.3.6-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-xmlhash.
CVE-2022-21949[0]:
| A Improper Restriction of XML External Entity Reference vulnerability
| in SUSE
Source: ecdsautils
Version: 0.3.2+git20151018-2
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: codeh...@debian.org
Hi,
I was checking new CVEs and noticed that ecdsautils uses an old fork of
the upstream project at https://github.com/tcatm/ecdsautils . This site
has since moved to
Source: google-oauth-client-java
Version: 1.28.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for google-oauth-client-java.
CVE-2021-22573[0]:
| The vulnerability is
_child:
assertion 'G_IS_FILE (file)' failed
L 257710 2022-05-04 16:14:53 [CRT] plugins_search_for_plugins: assertion
'G_TYPE_CHECK_INSTANCE_TYPE (dir, g_file_get_type ())' failed
https://bugs.launchpad.net/ubuntu/+source/shotwell/+bug/1969439 may also
hold some clues.
Thanks,
Neil
-- Package-sp
ontinues to build in Ubuntu.
> >
> > Please re-enable building on riscv64 as we would like to promote
> > riscv64 to a release architecture.
>
> Neil, is there a particular reason riscv64 support was disabled in
> 2021.12+ds1-3?
I didn't see it as particularly likely that any r
Source: node-ejs
Version: 3.1.6-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ejs.
CVE-2022-29078[0]:
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js
| allows
Source: horizon-eda
Version: 2.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for horizon-eda.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: librecad
Version: 2.1.3-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for librecad.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: cloudcompare
Version: 2.11.3-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cloudcompare.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: libowasp-esapi-java
Version: 2.2.3.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libowasp-esapi-java.
CVE-2022-24891[0]:
| ESAPI (The OWASP Enterprise Security API) is a free, open
Source: httpx
Version: 0.22.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for httpx.
CVE-2021-41945[0]:
| Encode OSS httpx =1.0.0.beta0 is affected by improper input
| validation in
On Mon, 25 Apr 2022 21:43:30 -0700 tony mancill
wrote:
> On Mon, Apr 25, 2022 at 07:22:12PM +0200, Salvatore Bonaccorso wrote:
> > Hi!
> >
> > On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> > > On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams
>
On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> Please note, the current homepage for libowasp-antisamy-java appears to
> have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> does match the source code for libowasp-antisamy-java:
> https://sources.de
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
Please note, the current homepage for libowasp-antisamy-java appears to
have no commits beyond version 1.5.3 but the change for CVE-2022-29577
pecify the location of omniMapper's config file.
Alternatively, set the environment variable OMNIMAPPER_CONFIG
or use the default /etc/omniMapper.cfg.
Use -v to verbosely record what's going on.
I'll close this bug report with the next upload of omniorb.
--
Neil Williams
=
ht
Source: composer
Version: 2.2.9-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2022-24828[0]:
| Composer is a dependency manager for the PHP programming language.
| Integrators using
pgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.
Seems sensible.
>
> Thanks,
> Amul
>
> -Original Message-
> From: Andreas Tille
> Sent: Wednesday, April 20, 202
Source: fis-gtm
Version: 6.3-014-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44492[0]:
| An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
| GT.M through
Source: haskell-aeson
Version: 1.4.7.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for haskell-aeson.
CVE-2021-41119[0]:
| Wire-server is the system server for the wire back-end services.
|
Source: grunt
Version: 1.4.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for grunt.
CVE-2022-0436[0]:
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
If you fix the
On Wed, 13 Apr 2022 11:18:50 +0100 Neil Williams
wrote:
> Source: ruby-devise-two-factor
> Version: 4.0.2-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability was publis
Source: ruby-devise-two-factor
Version: 4.0.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-devise-two-factor.
CVE-2021-43177[0]:
| As a result of an incomplete fix for CVE-2015-7225, in
Source: android-platform-frameworks-base
Version: 1:10.0.0+r36-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for android-platform-frameworks-base.
CVE-2021-39796[0]:
| In HarmfulAppWarningActivity of
Source: mruby
Version: 3.0.0-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for mruby.
CVE-2022-1212[0]:
| Use-After-Free in str_escape in mruby/mruby in GitHub repository
| mruby/mruby prior to 3.2.
Source: ruby-asciidoctor-include-ext
Version: 0.3.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-asciidoctor-include-ext.
CVE-2022-24803[0]:
| Asciidoctor-include-ext is Asciidoctor#8217;s
Source: twisted
Version: 22.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for twisted.
CVE-2022-24801[0]:
| Twisted is an event-based framework for internet applications,
| supporting Python 3.6+.
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyimagetool
Version : 1.0
Upstream Author : Kyle Gordon
* URL : https://github.com/kgord831/PyImageTool
* License : GPL3
On 2022-04-02 09:14, tony mancill wrote:
I will work on patching 8.12.46 and also mention this upstream. The
changelogs for 8.12.45 and 8.12.46 only reference metadata updates.
If there was a non-metadata change that wasn't mentioned in the
changelog, it will be the second time this has
Source: puma
Version: 5.5.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puma.
CVE-2022-24790[0]:
| Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for
| Ruby/Rack applications.
it may be necessary to retain the current patch method
and I don't see why that is against Policy. It's not pretty, I agree,
but I have not (yet) found an alternative.
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgp0AGDKt81aG.pgp
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xrt
Version : 1.4.0-1
Upstream Author : Konstantin Klementiev
* URL : https://github.com/kklmn/xrt
* License : Expat
Source: clickhouse
Version: 18.16.1+ds-7.2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for clickhouse.
The vulnerabilities require authentication, but can be triggered by any user
with read
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: looktxt
Version : 1.5-1
Upstream Author : Emmanuel Farhi
* URL : https://github.com/farhi/looktxt
* License : GPL-2
Source: python-model-mommy
Version: Replaced by python-model-bakery
Severity: normal
Background:
https://linux.codehelp.co.uk/moving-to-bakery.html
"Model Bakery is a rename of the legacy Model Mommy project."
https://github.com/model-bakers/model_bakery
IMPORTANT: Model Mommy is no longer
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kotlin.
CVE-2022-24329[0]:
| In JetBrains Kotlin before 1.6.0, it was not possible to lock
|
Source: tightvnc
Version: 1:1.3.10-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tightvnc.
CVE-2022-23967[0]:
| In TightVNC 1.3.10, there is an integer signedness error and resultant
| heap-based
Source: jackson-databind
Version: 2.13.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jackson-databind.
CVE-2020-36518[0]:
| jackson-databind before 2.13.0 allows a Java StackOverflow exception
|
Source: ruby-commonmarker
Version: 0.23.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
iHi,
The following vulnerability was published for ruby-commonmarker.
Source: r-cran-commonmark
Version: 1.7-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for r-cran-commonmark.
https://sources.debian.org/src/r-cran-commonmark/1.7-2/src/extensions/table.c/?hl=140#L140
Source: python-cmarkgfm
Version: 0.4.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-cmarkgfm.
Source: cmark-gfm
Version: 0.29.0.gfm.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for cmark-gfm.
CVE-2022-24724[0]:
| cmark-gfm is GitHub's extended version of the C reference
| implementation of
Source: ghostwriter
Version: 2.1.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostwriter.
https://sources.debian.org/src/ghostwriter/2.1.1-1/3rdparty/cmark-gfm/extensions/table.c/?hl=154#L154
Source: hoteldruid
Version: 3.0.3-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for hoteldruid.
CVE-2022-22909[0]:
| HotelDruid v3.0.3 was discovered to contain a remote code execution
| (RCE)
Source: puppet-module-puppetlabs-firewall
Version: 1.12.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puppet-module-puppetlabs-firewall.
CVE-2022-0675[0]:
| In certain situations it is possible
,
Neil.
-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.
VGA-compatible devices on PCI bus:
--
07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc.
[AMD/ATI] Cezanne [1002:1638] (rev d2
On Thu, 3 Mar 2022 01:54:42 +0530 Nilesh Patra wrote:
> > python3-unicodedata2 has disappeared from the NEW queue, has it been
> > rejected?
>
> https://tracker.debian.org/pkg/python-unicodedata2
I must have caught it at just the wrong moment.
Thanks.
--
Neil Williams
?
--
Neil Williams
=
http://www.linux.codehelp.co.uk/
pgpJvYy9CU8bk.pgp
Description: OpenPGP digital signature
specific application
to calculate absored and transmitted flux in photons/sec
and write back to EPICS Process Variables.
* XRF Collector - interact with a small EPICS database to
collect data from a multi-element flourescence detector.
--
Neil Williams
=
https
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: epicsapps
Version : 0.9.2
Upstream Author : Matthew Newville
* URL : https://github.com/pyepics/epicsapps
* License : EPICS
ble checking for broken audio files, just add ` –all-features`
https://qarmin.github.io/czkawka/instructions/Compilation.html
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpye_elMLvHy.pgp
Description: OpenPGP digital signature
Source: sqlite3
Version: 3.37.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sqlite3.
CVE-2021-45346[0]:
| A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and
| 3.37.0
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: wxutils
Version : 0.2.4
Upstream Author : Matthew Newville
* URL : https://github.com/newville/wxutils
* License : Expat
1 - 100 of 3413 matches
Mail list logo