control: retitle -1 Regression: Reverse proxy via mod_rewrite broken after
2.4.62
Le mardi 10 septembre 2024, 15:18:48 UTC Salvatore Bonaccorso a écrit :
> Hi,
>
> On Tue, Sep 10, 2024 at 05:07:29PM +0200, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Tue, Sep 10, 2024 at 06:59:51AM +, Mar
control: tags -1 + upstream
Le vendredi 30 août 2024, 12:59:12 UTC Christian Marillat a écrit :
> On 30 août 2024 12:45, Bastien Roucariès wrote:
>
>
> [...]
>
> >> >> Yes, as Magick++-7.Q16HDRI isn't the expected name.
> >> >
>
Le vendredi 30 août 2024, 12:43:24 UTC Christian Marillat a écrit :
> On 30 août 2024 12:39, Bastien Roucariès wrote:
>
> > Le vendredi 30 août 2024, 12:33:31 UTC Christian Marillat a écrit :
> >> On 30 août 2024 12:23, Bastien Roucariès wrote:
> >>
> >&g
Le vendredi 30 août 2024, 12:33:31 UTC Christian Marillat a écrit :
> On 30 août 2024 12:23, Bastien Roucariès wrote:
>
> > Le vendredi 30 août 2024, 12:12:43 UTC Christian Marillat a écrit :
> >> On 30 août 2024 09:33, Bastien Roucariès wrote:
> >>
> >> [
Le vendredi 30 août 2024, 12:12:43 UTC Christian Marillat a écrit :
> On 30 août 2024 09:33, Bastien Roucariès wrote:
>
>
> [...]
>
> > pkgconf with the HDRI name coded in it should work
> > pkgconf --libs Magick++-7.Q16HDRI
>
> But as I'm saying befo
Le vendredi 30 août 2024, 09:33:29 UTC Bastien Roucariès a écrit :
> Le vendredi 30 août 2024, 09:26:54 UTC Christian Marillat a écrit :
> > On 30 août 2024 08:23, Bastien Roucariès wrote:
> >
> > > control: tags -1 + moreinfo
> > >
> > > Hi,
> >
Le vendredi 30 août 2024, 09:26:54 UTC Christian Marillat a écrit :
> On 30 août 2024 08:23, Bastien Roucariès wrote:
>
> > control: tags -1 + moreinfo
> >
> > Hi,
> >
> > Magick++.pc is the name of the default config that is shipped by the Q16
> &
control: tags -1 + moreinfo
Hi,
Magick++.pc is the name of the default config that is shipped by the Q16
version.
I would like to avoid conflict with Q16 package so for me it will be won't fix,
except if you could propose a patch for alternative system but I really dislike
for build to use al
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ca...@packages.debian.org
Control: affects -1 + src:cacti
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Previous upload fail debci, forget to backport test
[ Impact ]
Low a few line
[ Tests ]
Salsa
Le samedi 24 août 2024, 13:35:03 UTC Paul Gevers a écrit :
> Hi Bastien,
>
> On 24-08-2024 15:18, Bastien Roucariès wrote:
> > Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> >> I'm wondering if you may have hardened cacti and that if fails on that
> &
Le samedi 24 août 2024, 11:03:38 UTC Paul Gevers a écrit :
> Hi,
>
> On 24-08-2024 10:31, Bastien Roucariès wrote:
> > Could you reject the time of investigation ?
>
> I'm wondering if you may have hardened cacti and that if fails on that
> now. If this is to b
Le samedi 24 août 2024, 06:04:39 UTC Paul Gevers a écrit :
> Hi,
>
> On 22-08-2024 17:38, Bastien Roucariès wrote:
> > [ Tests ]
> > Automated test and manual test of the application by myself and others,
> > including users.
>
> Did you run the autopk
Hi,
Le mercredi 21 août 2024, 12:53:39 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> > Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > &g
Source: ruby-mojo-magick
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6167776
Thanks
Rouca
signature.asc
control: tags -1 + moreinfo
We get information that this upgrade may break some unrelated software
Could you wait a little bit ?
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Le jeudi 22 août 2024, 18:01:02 UTC Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Thu, 2024-08-22 at 15:38 +, Bastien Roucariès wrote:
> > [ Reason ]
> > Security upload. Except CVE-2024-27082 that need
> > coordination with other packages.
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ca...@packages.debian.org
Control: affects -1 + src:cacti
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security upload. Except CVE-2024-27082 that need
coordination with other packages.
[ Impact ]
CV
Source: converseen
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158068
rouca
signature
Source: lebiniou
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158076
Thanks
Rouca
signature.asc
Descript
Source: pythonmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164324
signature.asc
Source: jmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6158077
signature.asc
Descr
Source: ruby-rmagick
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164327
signature.asc
Source: rss-glx
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164326
signature.asc
Des
Source: vdr-plugin-skinenigmang
Severity: important
Tags: ftbfs
Control: block 1060103 by -1
Control: tag -1 + sid
Dear Maintainer,
You package FTBFS with newer imagemagick
Could you help the transition
Full log could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164331
si
Source: synfig
Severity: serious
Tags: ftbfs
Justification: ftbfs
Dear Maintainer,
Your package fail to build from source, and seems to be related to ffmpeg
Tested during rebuild for imagemagick could be found here
https://salsa.debian.org/debian/imagemagick/-/jobs/6164328
configure:22159: resu
Source: virtuoso-opensource
Severity: serious
Tags: ftbfs sid
Justification: FTBFS
Dear Maintainer,
Your package FTBFS:
Dksesstr.c: In function 'strdev_free_buf':
Dksesstr.c:152:44: warning: unused parameter 'arg' [-Wunused-parameter]
152 | strdev_free_buf (buffer_elt_t * b, caddr_t arg)
Le jeudi 22 août 2024, 02:43:41 UTC Yadd a écrit :
> On 8/22/24 02:06, Bastien Roucariès wrote:
> > Le mercredi 21 août 2024, 11:07:17 UTC Niels Thykier a écrit :
> >> On Tue, 20 Aug 2024 18:50:20 + Bastien =?ISO-8859-1?Q?Roucari=E8s?=
> >> wrote:
> >>
Le mercredi 21 août 2024, 11:07:17 UTC Niels Thykier a écrit :
> On Tue, 20 Aug 2024 18:50:20 + Bastien =?ISO-8859-1?Q?Roucari=E8s?=
> wrote:
> > Package: devscripts
> > Version: 2.23.7
> > Severity: minor
> >
> > Dear Maintainer,
> >
> > I do not find the syntax of the regex used by Files
Le mardi 20 août 2024, 07:37:46 UTC Bastien Roucariès a écrit :
> Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> > On 28/07/2024 20:56, Bastien Roucariès wrote:
> > > control: tags -1 - moreinfo
> > >
> > > Hi,
> > >
> >
Package: apache2
Severity: important
Forwarded: https://github.com/apache/httpd/pull/475
Control: tags -1 + bullseye
Control: tags -1 + bookworm
Control: tags -1 + upstream
Control: tags -1 + security
Dear Maintainer,
A tracking bug for a regression https://github.com/apache/httpd/pull/475
Rouca
Package: apache2
Version: 2.4.61-1~deb12u1
Severity: important
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
Control: tags -1 + bullseye
Control: tags -1 + bookworm
Control: tags -1 + upstream
Control: Found -1 2.4.61-1~deb11u1
Dear Maintainer,
A tracking bug for a regression
>
Package: apache2
Version: 2.4.61-1~deb12u1
Severity: important
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=69203
Control: tags -1 + bullseye
Control: tags -1 + bookworm
Control: tags -1 + upstream
Dear Maintainer,
A tracking bug for a regression
> After the update "http://domain.c
Package: devscripts
Version: 2.23.7
Severity: minor
Dear Maintainer,
I do not find the syntax of the regex used by Files-Excluded.
I suppose it is POSIX RE.
It should be documented if it is the case
If it is not PCRE could be possible to add a Files-Excluded-PCRE field ? It
will greatly help
Package: devscripts
Version: 2.23.7
Severity: minor
Tags: patch
Dear Maintainer,
I found a new efficient way to get the tarballs when they are more than 100
tags like in js package:
version=4
opts=\
filenamemangle=s%.*/@ANY_VERSION@%@PACKAGE@-$1.tar.gz%,\
downloadurlmangle=s%(api.github.com/repo
Le mardi 20 août 2024, 07:11:13 UTC Emilio Pozuelo Monfort a écrit :
> On 28/07/2024 20:56, Bastien Roucariès wrote:
> > control: tags -1 - moreinfo
> >
> > Hi,
> >
> > Last reverse deps of lib magick pipeline is not really bad
> > https://salsa.debian.or
Le lundi 19 août 2024, 08:00:10 UTC Fabio Fantoni a écrit :
Hi
> Il 27/09/2023 12:04, Bastien Roucariès ha scritto:
> > control: owner -1 !
> > Control: retitle -1 ITP: grub-btrfs -- provides grub entries for btrfs
> > snapshots (boot environments/restore points)
> &
Source: civicrm
Severity: serious
Tags: security
Justification: security problem
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
You include a sinon in installed package and bundle without source (thus
serious bug).
This a duplication of package but moreover a security problem (even if mino
Le samedi 17 août 2024, 16:38:10 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-07-29 at 15:32 +, Bastien Roucariès wrote:
> > Security fix CVE-2024-31497
Done
>
> Please go ahead.
>
> Regards,
>
> Adam
>
signature.
Package: wnpp
Severity: wishlist
Owner: Bastien Roucariès
X-Debbugs-Cc: debian-de...@lists.debian.org
* Package name: node-webpack-stream
Version : 7.0.0
Upstream Contact: https://github.com/shama
* URL : https://github.com/shama/webpack-stream
* License
Le mercredi 14 août 2024, 19:54:15 UTC Bastien Roucariès a écrit :
Dear adam
Debdiff joined
> Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> > COntrol: tags -1 + moreinfo
> >
> > On Mon, 2024-08-05 at 17:56 +0000, Bastien Roucariès wrote:
control: tags -1 + pending
Le mercredi 14 août 2024, 19:49:55 UTC Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Mon, 2024-08-05 at 13:16 +, Bastien Roucariès wrote:
> > [ Reason ]
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostn
Le mercredi 14 août 2024, 19:53:13 UTC Adam D. Barratt a écrit :
> COntrol: tags -1 + moreinfo
>
> On Mon, 2024-08-05 at 17:56 +, Bastien Roucariès wrote:
> > CVE-2022-39369
> >
> > [ Impact ]
> > Service Hostname Discovery Exploitation
>
> diff -
Le mercredi 14 août 2024, 14:47:30 UTC Helmut Grohne a écrit :
> Source: lintian
> Version: 2.118.0
> Severity: serious
> Tags: ftbfs
>
> I attempted building lintian in unstable and this is what I got.
>
> |
> debian/test-out/eval/checks/debian/lintian-overrides/malformed/missing-colon/generic.
Le mercredi 14 août 2024, 13:42:29 UTC Santiago Ruano Rincón a écrit :
> El 12/08/24 a las 00:15, Bastien Roucariès escribió:
> > Le lundi 12 août 2024, 00:04:15 UTC Henrique de Moraes Holschuh a écrit :
> > > > salsa. Some user used +deb12u1~1
> > > > but it is n
Le mardi 13 août 2024, 11:54:26 UTC Herwin Weststrate a écrit :
> I've found one possibly breaking change between the current 3.2.1 and
> the proposed 3.2.5: the encoding of binary attributes in JSON. This
> might be a fringe issue.
>
> I have used this configuration:
>
> update request {
>
Le mardi 13 août 2024, 03:03:31 UTC Sean Whitton a écrit :
> Hello,
>
> Policy has a fair bit of this already but it's spread out.
> E.g. take a look at 5.6.12.2.
>
> Rather than duplicating, it might be helpful to have a discussion in
> dev-ref that is kind of an index to all these relevant bits
control: tags -1 + moreinfo
Hi,
The project is included in apache2
moreover top of website said:
The project is in maintenance mode (only bugfixes and updates for new languages
apis). Do not expect quick answers on github issues and/or pull requests (sorry
for that) A big thanks to all of the
Le lundi 12 août 2024, 00:04:15 UTC Henrique de Moraes Holschuh a écrit :
> > salsa. Some user used +deb12u1~1
> > but it is not safe against +deb12u1~debu11u1 upgrade for instance. So a
> > suffix
> > like ~pre should be used, and should be documented
>
> Maybe we could set aside "~~~" for such
Package: developers-reference
version: 13.8
Severity: important
Dear Maintainer,
could we have a definitive documentation of debian versionning including corner
case
- the +really scheme should be documented with better discussion than policy
- the +~ multiple tarball, and uscan checksum should b
Le vendredi 9 août 2024, 09:29:44 UTC Bernhard Schmidt a écrit :
>
> >> Another story is bullseye, that one is affected as well but a backport
> >> there is even harder. For now I have marked it as well no-dsa in the
> >> security-tracker, but maybe it should be with mentioning
> >> that backport
Hi,
I have fixed the autopkgtest on bullseye.
I have added a basic test for client with and whitout mitigation. It work.
Real testing is needed and a NEWS file for explaining that it is only a bandaid
and TLS is better.
I plan to backport trixie version to bookworm, and propose a MR if you agr
Package: bugs.debian.org
Severity: wishlist
Dear Maintainer,
Can we have a salsa field like forwarded to mark bugs that have for example a
MR implemented.
Ideally a automatic tools will mark the bug as pending when the MR is merged
Bastein
control: tags -1 + patch
Please found merge request here
https://salsa.debian.org/debian/freeradius/-/merge_requests/12
signature.asc
Description: This is a digitally signed message part.
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: ocsinventory-ser...@packages.debian.org
Control: affects -1 + src:ocsinventory-server
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Discovery Exploitation
T
Package: systemd
Version: 247.3-7+deb11u5
Severity: important
Tags: patch upstream jessie stretch buster bullseye
Forwarded: https://github.com/systemd/systemd/commit/b2c7d1bbc2
Dear Maintainer,
Without this commit autopkgtest on salsa are broken.
See for instance
https://salsa.debian.org/apache
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: fusiondirect...@packages.debian.org
Control: affects -1 + src:fusiondirectory
User: release.debian@packages.debian.org
Usertags: pu
Control: block -1 by 1077984
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Disc
The debdiffdiff -Nru php-cas-1.3.8/debian/changelog php-cas-1.3.8/debian/changelog
--- php-cas-1.3.8/debian/changelog 2019-12-07 20:07:56.0 +
+++ php-cas-1.3.8/debian/changelog 2024-07-11 10:16:11.0 +
@@ -1,3 +1,22 @@
+php-cas (1.3.8-1+deb11u1) bullseye-security; urgency=hig
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-...@packages.debian.org
Control: affects -1 + src:php-cas
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2022-39369
[ Impact ]
Service Hostname Discovery Exploitation
The phpCAS library uses H
Hi
Can this bug could be due to libuv
According to
https://lists.archlinux.org/pipermail/arch-ports/2018-November/000839.html
thread
Did you try to recompile without --shared-libuv ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: wnpp
Severity: wishlist
Owner: Bastien Roucariès
X-Debbugs-Cc: debian-de...@lists.debian.org
Package name: node-path-scurry
Version : 1.9.2
Upstream Contact: ttps://github.com/isaacs/path-scurry#readme
URL : https://www.example.org/
License : BlueOak
Package: pkg-js-tools
Version: 0.15.22
Severity: important
Dear Maintainer,
Could you run an hook like pre-test in tests that will run something like for
instance regenerating certicate.
It will avoid a lot a failure and manual work
I can work arround using d/rules for build but not for test
B
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: pu...@packages.debian.org
Control: affects -1 + src:putty
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security fix CVE-2024-31497
[ Impact ]
Vulnerable biased nonce generation is still here.
[ Test
e
> > Version: 2.117.1
> > Distribution: unstable
> > Urgency: medium
> > Maintainer: Debian Lintian Maintainers
> > Changed-By: Bastien Roucariès
> > Closes: 1077112
> > Changes:
> > lintian (2.117.1) unstable; urgency=medium
> >
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: pu...@packages.debian.org
Control: affects -1 + src:putty
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Security fix CVE-2024-31497
[ Impact ]
Vulnerable biased nonce generation is still here.
[ Test
control: tags -1 - moreinfo
Hi,
Last reverse deps of lib magick pipeline is not really bad
https://salsa.debian.org/debian/imagemagick/-/pipelines/708187
A lot of failure are due to broken package or does not use pkgconfig
I suppose we could go to experimental
Bastien
signature.asc
Descriptio
Source: ocsinventory
Version: 2.8.1+dfsg1-1
Severity: important
Tags: patch bullseye
Dear Maintainer,
php-cas support was broken for bullseye
It need
(1)
https://github.com/OCSInventory-NG/OCSInventory-
ocsreports/commit/f8a667f9f19b285799ec6a25a28240165b039dfb
(2)
https://github.com/OCSInventor
control: forcemerge 1076158 -1
signature.asc
Description: This is a digitally signed message part.
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-20
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-2
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: imagemag...@packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
* Fix variation of CVE-20
Le jeudi 4 juillet 2024, 12:51:01 UTC Luca Boccassi a écrit :
Hi,
> Source: isa-support
> Severity: wishlist
> X-Debbugs-Cc: pkg-dpdk-de...@lists.alioth.debian.org
>
> Dear Maintainer(s),
>
> For src:dpdk we would like to depend on a higher arm64 baseline, which
> includes the crc extension. Wou
control: severity -1 important
control: retitle -1 should be split between arch and arch:all
Thanks to Yadd partially solved.
However this package should be split between arch and arch:all part
Bastien
> On 6/28/24 01:04, Bastien Roucariès wrote:
> > Hi,
> >
> > I get
Hi,
I get this backtrace (yadd could you get a glimpse)
Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'esbuild' imported from
assemblyscript/assemblyscript/scripts/build.js
Did you mean to import
"file:///usr/lib/x86_64-linux-gnu/nodejs/esbuild/lib/main.js"?
at packageResolve (node:inte
Package: esbuild
Version: 0.20.2-1
Severity: serious
Justification: could not be imported from node
Dear Maintainer,
Could you build the node package esbuild ?
Without it the package is broken from node point of view so serious bug.
I can help here
Bastien
signature.asc
Description: This is
Source: luakit
Severity: wishlist
Tags: patch
Dear Maintainer,
Could you please merge
https://salsa.debian.org/debian/luakit/-/merge_requests/3
Thanks
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: debian-policy
Version: 4.7.0.0
Severity: wishlist
Dear Maintainer,
Could you documents the depends for x-terminal-emulator
I suppose it is xterm | x-terminal-emulator ?
Bastien
signature.asc
Description: This is a digitally signed message part.
Package: debian-policy
Version: 4.7.0.0
Severity: wishlist
Dear Maintainer,
sensible-utils will carry in trixie sensible-terminal.
It will allow one user to custumize the terminal to be used like sensible-
editor do.
Could you document it, in policy ?
Thanks
Bastien
-- System Information:
D
Hi,
Could you post as plain texte the document you put in a google doc and the
image used as attached document ?
It will help other to reproduce
Thanks
rouca
signature.asc
Description: This is a digitally signed message part.
Le dimanche 16 juin 2024, 20:15:33 UTC Adam D. Barratt a écrit :
Hi
I am sorry I forget to enable by default for bullseye the NUL reject (only for
bullseye)
I will upload ASAP
Bastien
> On Sun, 2024-06-16 at 20:09 +0000, Bastien Roucariès wrote:
> > Le dimanche 16 juin 2024, 20:08:42
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: pymo...@packages.debian.org
Control: affects -1 + src:pymongo
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-5629
[ Impact ]
An out-of-bounds read in the 'bson' module allows deserialization
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: pymo...@packages.debian.org
Control: affects -1 + src:pymongo
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
CVE-2024-5629
[ Impact ]
An out-of-bounds read in the 'bson' module allows deserialization
Le dimanche 16 juin 2024, 20:08:42 UTC Adam D. Barratt a écrit :
> On Sat, 2024-06-15 at 19:43 +0100, Jonathan Wiltshire wrote:
> > "slightly non-conformant" really good justification for a pop-up
> > news item on upgrades? I don't recall the other MTAs doing this.
> >
> > It's up to you, either
control: tag -1 - moreinfo
Le samedi 15 juin 2024, 22:49:24 UTC Jonathan Wiltshire a écrit :
Hi,
Thanks for the review
> Control: tag -1 moreinfo
>
> Hi,
>
> On Fri, Apr 12, 2024 at 10:18:02PM +, Bastien Roucariès wrote:
> > diff -Nru zookeeper-3.8.0/debian/chan
Package: systemd
Severity: serious
Tags: patch
Justification: Breaks unrelated package
Control: affects -1 dracut-core
Dear Maintainer,
Following #1071182 could you add to systemd a breaks: dracut-core << 102-2~
Change is simple so I add patch tag, please remove if needed
Bastien
signature.a
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: sendm...@packages.debian.org
Control: affects -1 + src:sendmail
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
Fix CVE-2023-51765 (smtp smugling)
[ Impact ]
SMTP smugling
[ Tests ]
Manual test using
Le dimanche 2 juin 2024, 11:17:33 UTC Sebastian Ramacher a écrit :
> On 2024-02-02 17:21:43 +0000, Bastien Roucariès wrote:
> > Le vendredi 2 février 2024, 16:53:10 UTC Sebastian Ramacher a écrit :
> > > Control: tags -1 moreinfo
> > >
> > > Hi Bastien
>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: sendm...@packages.debian.org
Control: affects -1 + src:sendmail
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
sendmail was affected by CVE-2023-51765
[ Impact ]
close CVE-2023-51765 and reject NUL mai
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a regressio
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: fos...@packages.debian.org
Control: affects -1 + src:fossil
User: release.debian@packages.debian.org
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a regressio
Le samedi 4 mai 2024, 12:40:25 UTC Andreas Beckmann a écrit :
> On 04/05/2024 13.02, Andreas Beckmann wrote:
> >> I have patched sendmail in order to enable O RejectNUL=True directive,
> >> but I do not achieved the fact to enable it by default.
>
> >> Andreas could you get a glimpse at how to ren
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So I think it would make
Package: sendmail-bin
Severity: important
Tags: security help
Forwarded: https://marc.info/?l=oss-security&m=171447187004229&w=2
Dear Maintainer,
CVE-2023-51765 is not fully fixed at least for forwarding bad mail.
We must reject NUL including mail as a stop gap method.
I have patched sendmail i
Package: release.debian.org
Severity: important
Tags: bullseye
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test s
Package: release.debian.org
Severity: important
Tags: bookworm
X-Debbugs-Cc: w...@packages.debian.org
Control: affects -1 + src:wpa
User: release.debian@packages.debian.org
Usertags: pu
tags: security
[ Reason ]
CVE-2023-52160 security bug
[ Impact ]
security bug is present
[ Tests ]
Test s
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit :
> I've uploaded a package with this fixed to unstable, 1:2.24-5, and
> it's been autobuilt and pushed out. Seems to work okay, and can be
> co-installed with apache2/sid.
>
> Just uploaded 1:2.24-6 that adds Breaks: apach2-bin per
Le mardi 30 avril 2024, 14:56:07 UTC Barak A. Pearlmutter a écrit :
> currently Debian sqlite3 is
> compiled without SQLITE_ENABLE_JSON1 so the internal version is used.)
On this proble could you cross check ?
>SQLITE_ENABLE_JSON1
>
>This compile-time option is a no-op. Prior to SQLite version
Source: fossil
Severity: important
Dear Maintainer,
> currently Debian sqlite3 is
> compiled without SQLITE_ENABLE_JSON1 so the internal version is used.)
On this proble could you cross check ?
>SQLITE_ENABLE_JSON1
>
>This compile-time option is a no-op. Prior to SQLite version 3.38.0
(2022-
Le mardi 30 avril 2024, 15:24:11 UTC Benjamin Drung a écrit :
> Hi,
>
> On Mon, 2024-04-15 at 18:58 +, Bastien Roucariès wrote:
> > Package: distro-info
> > Version: 1.7
> > Severity: minor
> >
> > Dear Maintainer,
> >
> > distro-info --ali
Le mardi 30 avril 2024, 14:52:46 UTC Vincent Lefevre a écrit :
Hi,
> Control: tags -1 security
>
> On 2024-04-30 16:33:14 +0200, Vincent Lefevre wrote:
> > If I try to restart postfix, I get:
> >
> > postfix/postfix-script: warning: /var/spool/postfix/etc/resolv.conf and
> > /etc/resolv.conf di
Le lundi 29 avril 2024, 18:40:39 UTC Barak A. Pearlmutter a écrit :
> Bastien,
>
> Okay, got it. Thanks for letting me know.
>
> I can cherry-pick that fossil commit, but you know the right magic for
> a versioned apache2 breakage and how to deal with proposed-updates.
> So I think it would make
1 - 100 of 637 matches
Mail list logo