Bug#1059294: trilead-ssh2: CVE-2023-48795

Source: trilead-ssh2 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability should also affect Trilead SSH: https://terrapin-attack.com/ CVE-2023-48795[0]: | The SSH transport protocol with certain OpenSSH extensions, found in | OpenSSH before

Bug#1059295: RFP: gfxstream -- wrapper for graphics streams across VirtIO

Package: wnpp Severity: wishlist * Package name: gfxstream Version : v0.1.2 Upstream Author : Google * URL or Web page : https://android.googlesource.com/platform/hardware/google/gfxstream * License : Apache2 Description : wrapper for graphics streams across VirtIO

Bug#1059297: salt: CVE-2023-28370

Source: salt X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for Tornado, which is embedded by Salt: CVE-2023-28370[0]: | Open redirect vulnerability in Tornado versions 6.3.1 and earlier | allows a remote unauthenticated

Bug#1058090: oscrypto: FTBFS: ModuleNotFoundError: No module named 'imp'

Control: tags -1 + fixed-upstream Dear maintainer, On Tue, Dec 12, 2023 at 08:58:48AM +0100, Lucas Nussbaum wrote: > During a rebuild of all packages in sid, your package failed to build > on amd64. > > > > > File "/<>/tests/__init__.py", line 4, in > > import imp > >

Bug#1059311: libcrypto++: CVE-2023-50980

Source: libcrypto++ X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libcrypto++. CVE-2023-50980[0]: | gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers | to cause a denial of service (application crash)

Bug#1059312: libcrypto++: CVE-2023-50981

Source: libcrypto++ X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libcrypto++. CVE-2023-50981[0]: | ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows | attackers to cause a denial of service (infinite

Bug#1059315: tinyxml: CVE-2023-34194 CVE-2023-40462 CVE-2023-40458

Source: tinyxml X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, https://www.forescout.com/resources/sierra21-vulnerabilities mentions three security issues in Tinyxml: CVE-2023-34194[0]: | StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in | TinyXML

Bug#1059326: python3-reportlab: Can't set standard fonts

Package: python3-reportlab Version: 3.6.12-1 Severity: normal Control: notfound -1 4.0.8-1 Control: found -1 3.6.12-1 This is the same type of issue as archived bug https://bugs.debian.org/1029683, and I'm filing this new one to make it clear python3-reportlab in bookworm is affected. Here's a

Bug#1059331: spip: XSS issue fixed in 4.1.13 upstream

Source: spip Version: 4.1.12+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: fixed -1 4.1.13+dfsg-1 Control: found -1 4.1.9+dfsg-1+deb12u2 Control: found -1 3.2.11-3+deb11u9 Filling a bug for tracking (as otherwise beeing a

Bug#1059266: error: cannot verify inline signature

On 22 déc. 2023 12:16, Guillem Jover wrote: [...] > (Also wondering whether dpkg-source can verify the source for that, > as it is using the same logic as the rewritten hook is using now?) Update. Doesn't work. , | $ dpkg-source -x

Bug#1059276: python-demgengeo: FTBFS on loongarch64 - error: cannot find the flags to link with Boost system

Source: python-demgengeo Version: 1.4-4.1 Severity: wishlist Tags: ftbfs User: debian-loonga...@lists.debian.org Usertags: loong64 Dear maintainers, Compiling the python-demgengeo failed for loong64 in the Debian Package Auto-Building environment. The error messages are as follows, ```

Bug#1059277: openbabel: CVE-2022-37331 CVE-2022-41793 CVE-2022-42885 CVE-2022-43467 CVE-2022-43607 CVE-2022-44451 CVE-2022-46280 CVE-2022-46289 CVE-2022-46290 CVE-2022-46291 CVE-2022-46292 CVE-2022-46

Source: openbabel X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for openbabel. It's unclear if these were ever properly reported upstream/fixed, could you please sync up with the upstream developers?

Bug#1059286: cacti: CVE-2023-46490

Source: cacti X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for cacti. CVE-2023-46490[0]: | SQL Injection vulnerability in Cacti v1.2.25 allows a remote | attacker to obtain sensitive information via the form_actions() |

Bug#1059211: qemu-system-x86: QEMU/KVM guests: Window contents partially not updated

Am 22.12.23 um 12:24 schrieb Michael Tokarev: 22.12.2023 14:23, Michael Tokarev: Please specify which vga device both of you are using, - is it virtio-vga or something else? And also please try with other kind of vga, like -vga std or -vga bochs or -vga qxl. Thanks, /mjt Hi Michael,

Bug#1059278: systemd: CVE-2023-7008

Control: tags -1 minor On Fri, 22 Dec 2023 13:09:50 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= wrote: > Source: systemd > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for systemd. > > CVE-2023-7008[0]: >

Bug#1059283: mate-settings-daemon: use udev.pc to place udev rules

Source: mate-settings-daemon Version: 1.26.0-2 Severity: normal Tags: patch User: helm...@debian.org Usertags: dep17m2 Dear Maintainer, your package installs files related to udev, into /lib. These files need to be moved to /usr/lib as part of Debian's usr-merge effort [1]. Attached you will

Bug#1059284: jbig2enc: CVE-2023-46362

Source: jbig2enc X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jbig2enc. CVE-2023-46362[0]: | jbig2enc v0.28 was discovered to contain a heap-use-after-free via | jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.

Bug#1059285: jbig2enc: CVE-2023-46363

Source: jbig2enc X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jbig2enc. CVE-2023-46363[0]: | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page | in src/jbig2enc.cc:512.

Bug#1059282: jbig2enc: CVE-2018-11230

Source: jbig2enc X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for jbig2enc. CVE-2018-11230[0]: | jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 | allows remote attackers to cause a denial of service

Bug#1026100: Acknowledgement (libapache2-mod-wsgi: Repeated "Fatal Python error: Could not allocate TSS entry" error logged by libapache2-mod-wsgi-py3)

Hi Guys, Any update on this? On Thu, Dec 15, 2022 at 12:03 AM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 1026100: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026100. > >

Bug#1039584: Acknowledgement (libapache2-mod-wsgi-py3: Fatal Python error: Could not allocate TSS entry)

Any update on the same? On Tue, Jun 27, 2023 at 6:24 PM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 1039584: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039584. > > This is

Bug#1059289: bullseye-pu: package spip/3.2.11-3+deb11u10

Le Fri, Dec 22, 2023 at 01:21:56PM +0100, David Prévot a écrit : […] > [x] attach debdiff against the package in oldstable For real now (the usual running gag of the missing attachement)… Merry Christmas. Cheers. taffit diff -Nru spip-3.2.11/debian/changelog spip-3.2.11/debian/changelog ---

Bug#1059322: zfs-linux: CVE-2013-20001

Source: zfs-linux X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for zfs-linux. CVE-2013-20001[0]: | An issue was discovered in OpenZFS through 2.0.3. When an NFS share | is exported to IPv6 addresses via the sharenfs

Bug#1059321: ITP: pylabels -- python library for creating PDFs to print sheets of labels

Package: wnpp Severity: wishlist Owner: Georges Khaznadar X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: pylabels Version : 1.2.1 Upstream Contact: Blair Bonnett * URL : https://pypi.org/project/pylabels/ * License :

Bug#1059318: libitext-java: CVE-2021-37819

Source: libitext-java X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for PdfReader, which is embedded by libitext-java. CVE-2021-37819[0]: | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite | loop via the

Bug#1059319: libitext1-java: CVE-2021-37819

Source: libitext1-java X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for PdfReader, which is embedded in libitext1-java. CVE-2021-37819[0]: | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite | loop via the

Bug#1059320: libitext5-java: CVE-2021-37819

Source: libitext5-java X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for PDfReader, which is embedded in libitext5-java. CVE-2021-37819[0]: | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite | loop via the

Bug#1055509: diversions of /sbin/halt and friends

On Fri, Dec 22, 2023 at 12:30:04PM +0100, Helmut Grohne wrote: > My patch for progress-linux-container and bfh-container fails to remove > /usr/lib/container on package removal. This probably breaks piuparts. I > am attaching a followup patch. This defect is unrelated to the /usr-move > as far as

Bug#1059272: transition: tango

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: ta...@packages.debian.org, thomas.br...@byte-physics.de Control: affects -1 + src:tango Dear Release Team, I would like to upload tango 9.5.0 to unstable. There has been a

Bug#1059281: grpc: CVE-2023-4785

Source: grpc X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for grpc. CVE-2023-4785[0]: | Lack of error handling in the TCP server in Google's gRPC starting | version 1.23 on posix-compatible platforms (ex. Linux) allows

Bug#1059299: python3.12: CVE-2023-27043

Source: python3.12 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for python3.12. CVE-2023-27043[0]: | The email module of Python through 3.11.3 incorrectly parses e-mail | addresses that contain a special character. The

Bug#1059300: ruby-sidekiq: CVE-2023-26141

Source: ruby-sidekiq X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for ruby-sidekiq. CVE-2023-26141[0]: | Versions of the package sidekiq before 7.1.3 are vulnerable to | Denial of Service (DoS) due to insufficient checks in

Bug#1059298: python3.11: CVE-2023-27043

Source: python3.11 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for python3.11. CVE-2023-27043[0]: | The email module of Python through 3.11.3 incorrectly parses e-mail | addresses that contain a special character. The

Bug#1059301: ckeditor3: CVE-2023-28439

Source: ckeditor3 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for ckeditor3. CVE-2023-28439[0]: | CKEditor4 is an open source what-you-see-is-what-you-get HTML | editor. A cross-site scripting vulnerability has been

Bug#1059324: subversion: "svn revert -R" signals reverted files with no changes

Package: subversion Version: 1.14.2-5+b1 Severity: important I get the following: qaa% svn st M config.dat M dpkg-l M grub.cfg M mutt-v M postconf M selections M version.out qaa% svn pl -v etc/apache2/mods-available/dnssd.conf Properties on

Bug#942274: uscan: handling several levels of http links

On Sun, 13 Oct 2019 18:36:51 +0200 Samuel Thibault wrote: > Package: devscripts > Version: 2.19.6 > Severity: wishlist > > Hello, > > For the hwloc package, there is on single webpage that references all > releases. > [...] > > But this doesn't seem supported. Am I missing something or is

Bug#1056681: build-depends on atlas, which is obsolete and scheduled for removal

Control: tags -1 + patch Hi Andreas, Le mercredi 29 novembre 2023 à 11:53 +0100, Andreas Tille a écrit : > Control: tags -1 help > > [Ritika Ramani in CC to inform that Debian tries to get rid of Atlas > which also affects phast. see https://bugs.debian.org/1056681] > > Hi, > > I tried to

Bug#1059325: bash: printf does not recognise numeric constants with explicit base 10

Package: bash Version: 5.2.21-2 Severity: normal X-Debbugs-Cc: none, Francesco Potortì $ bash --version GNU bash, version 5.2.21(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This

Bug#1053873: cronie: Crond with high load after 19-01-2038

Control: tags 1053873 = wontfix I hope Debian will find all 32bit problems in the new versions, because there will be more people want to use it. We have a world wide problem in 2038. All old unix (like) systems will fail because the signed value of unix will cause programs in all layers to

Bug#1059245: gdm3: GDM3 fails to start on Wayland, maybe due to org.freedesktop.systemd1 failing to activate

On Fri, 22 Dec 2023 at 03:23:21 +0100, Olivier Mehani wrote: > GDM3 doesn't seem to be able to start a Wayland session (nor a fallback Xorg > session, but I'm less concerned about this, and this seems to be a > separate permission issue). That's a valid bug, let's leave your report open for

Bug#1057750: ciso: Please update to ciso 1.0.2

Sorry for the late reply. I'd be happy to co-maintain ciso. Thanks! The patch was taken from upstream, so I'm not sure why you're getting failures. I'll take a closer look hopefully in the near future. Perhaps the ciso packaging you have on your system has changes that aren't in the archive

Bug#1059326: fixed in 4.0.8-1

Control: fixed 1059326 4.0.8-1 The earliest fixed version is most likely between 4.0.4-7 and 4.0.4-11. Cheers, -- Seb

Bug#1059326: Workaround

In case someone out there is stuck real bad with this bug in bookworm, here's a very nasty workaround for which I of course decline all responsibility: $ mkdir /usr/share/fonts/type1/gsfonts $ ln -sf /usr/share/fonts/X11/Type1/C059-Roman.pfb /usr/share/fonts/type1/gsfonts/n021003l.pfb

Bug#1054189: bullseye-pu: package debian-security-support/1:11+2023.10.17

On Thu, Dec 21, 2023 at 08:59:31PM +, Jonathan Wiltshire wrote: > > I've updated this update request for adding 3 more lines to > > security-support-ended.deb11 (and updating d/changelog) > Please go ahead. thanks, uploaded. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁

Bug#1059273: missing path /var/lib/ntp/drift-tmp in apparmor.d/usr.sbin.ntpd

Package: ntpsec Version: 1.2.2+dfsg1-1+deb12u1 Severity: normal Apparmor denies creation of /var/lib/ntp/drift-tmp. (2023-12-22T10:46:28.551247+01:00 srv42 kernel: [1569581.071493] audit: type=1400 audit(1703238388.546:160): apparmor="DENIED" operation="mknod" class="file"

Bug#1059036: mdevctl FTBFS with nocheck profile: Cargo.toml needs adjustment

Thanks, Helmut. This actually needs adjustment in the upstream Cargo.toml file. The package is listed as a dependency when it should actually be listed as a dev-dependency. I proposed a patch upstream in https://github.com/mdevctl/mdevctl/pull/107 and filed a salsa MR to fix this package in

Bug#999919: zoneminder: depends on obsolete pcre3 library

Control: tags -1 + patch Please find attached a patch; build-tested only. Description: Port to PCRE2. Bug-Debian: https://bugs.debian.org/19 Bug: https://github.com/ZoneMinder/zoneminder/issues/3384 Author: Yavor Doganov Forwarded: no Last-Update: 2023-12-22 --- ---

Bug#1059288: shiro: CVE-2023-46750

Source: shiro X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for shiro. CVE-2023-46750[0]: | URL Redirection to Untrusted Site ('Open Redirect') vulnerability | when "form" authentication is used in Apache Shiro.

Bug#1059287: cjson: CVE-2023-50471 CVE-2023-50472

Source: cjson X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerabilities were published for cjson. They appear to be rather bogus and not cross any security boundaries, please doublecheck: CVE-2023-50471[0]: | cJSON v1.7.16 was discovered to

Bug#1059277: [Debichem-devel] Bug#1059277: openbabel: CVE-2022-37331 CVE-2022-41793 CVE-2022-42885 CVE-2022-43467 CVE-2022-43607 CVE-2022-44451 CVE-2022-46280 CVE-2022-46289 CVE-2022-46290 CVE-2022-46

forwarded 1059277 https://github.com/openbabel/openbabel/issues/2650 thanks Hi, On Fri, Dec 22, 2023 at 01:06:17PM +0100, Moritz Mühlenhoff wrote: > Source: openbabel > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerabilities were

Bug#1059313: libxml-security-java: CVE-2023-44483

Source: libxml-security-java X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libxml-security-java. CVE-2023-44483[0]: | All versions of Apache Santuario - XML Security for Java prior to | 2.2.6, 2.3.4, and 3.0.3, when

Bug#1059328: ITP: trml2pdf -- implementation of RML (Report Markup Language) from ReportLab

Package: wnpp Severity: wishlist Owner: Georges Khaznadar X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: trml2pdf Version : 0.6 Upstream Contact: Roman Lyashov * URL : https://github.com/romanlv/trml2pdf * License : LGPL2+ Programming Lang:

Bug#1059330: transition: shapelib

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: shape...@packages.debian.org Control: affects -1 + src:shapelib Control: forwarded -1 https://release.debian.org/transitions/html/auto-shapelib.html Shapelib 1.6.0 bumps

Bug#1059061: libssh: CVE-2023-6004

Hello Salvatore, Salvatore Bonaccorso [2023-12-22 13:20 +0100]: > > However, the fix for CVE-2023-6004 caused a regression: > > https://gitlab.com/libssh/libssh-mirror/-/issues/227 > > I will monitor this, and include the fix in the security upload once it is > > available (or presumably they'll

Bug#1059329: cinnamon-desktop-environment: dependency on noto-font installs too many fonts, fontlist exploded.

Hi, this was already reported by other people and fixed in 5.8.0 (that is in unstable/testing) moving fonts-noto from deps to recommends. I was thinking if it might be useful to further reduce the default installation (with recommended) by replacing fonts-noto with fonts-noto-core, but I

Bug#1058937: /usr-move: Do we support upgrades without apt?

Hi Matthew, On Thu, Dec 21, 2023 at 02:42:56PM +, Matthew Vernon wrote: > On 21/12/2023 09:41, Helmut Grohne wrote: > > > Is it ok to call upgrade scenarios failures that cannot be reproduced > > using apt unsupported until we no longer deal with aliasing? Let me thank David for clarifying

Bug#1059211: qemu-system-x86: QEMU/KVM guests: Window contents partially not updated

Control: tag -1 + moreinfo 21.12.2023 13:36, Rainer Schwarzbach : Package: qemu-system-x86 Version: 1:8.2.0+ds-1 Severity: important X-Debbugs-Cc: rz49...@gmx.net Dear Maintainer, after the latest QEMU packages update, I noticed strange redraw issues in VM guests’ X windows. Please specify

Bug#1059211: qemu-system-x86: QEMU/KVM guests: Window contents partially not updated

22.12.2023 14:23, Michael Tokarev: Please specify which vga device both of you are using, - is it virtio-vga or something else? And also please try with other kind of vga, like -vga std or -vga bochs or -vga qxl. Thanks, /mjt

Bug#1055511: diversions of /sbin/halt and friends

Hello, thanks to all of you Francois, Daniel and Michael for uploading my changes to experimental. Whilst I already tested the patches individually earlier, this gave me the opportunity to test them in cooperation. In particular, the versioned Conflicts issued by systemd-sysv now work as

Bug#1056671: Help for emmax needed (Was: Removing ATLAS?)

Control: tags -1 + patch Hi Andreas, Le mercredi 29 novembre 2023 à 10:06 +0100, Andreas Tille a écrit : > Control: tags -1 help > > Am Fri, Jul 14, 2023 at 01:40:22AM +0200 schrieb Sébastien Villemot: > > Le lundi 10 juillet 2023 à 22:01 +0200, Andreas Tille a écrit : > > > I've checked my

Bug#1059266: error: cannot verify inline signature

On 22 déc. 2023 12:16, Guillem Jover wrote: [...] >> , >> | $ debrelease >> | dupload note: no announcement will be sent. >> | Checking OpenPGP signatures before upload...gpgv: Signature made >> | Fri Dec 22 10:50:05 2023 CET >> | gpgv:using RSA key

Bug#1059293: lrzip: CVE-2023-39741

Source: lrzip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for lrzip. CVE-2023-39741[0]: | lrzip v0.651 was discovered to contain a heap overflow via the | libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.

Bug#1059307: ring: CVE-2023-38703

Source: ring X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pjsig, which is bundled in ring: CVE-2023-38703[0]: | PJSIP is a free and open source multimedia communication library | written in C with high level API in C,

Bug#1059314: imagemagick-6.q16: please update "Suggests: imagemagick-doc" to imagemagick-6-doc

Package: imagemagick-6.q16 Version: 8:6.9.12.98+dfsg1-4 Severity: serious The imagemagick-doc package is not longer built and has been replaced by imagemagick-6-doc. So the "Suggests" should be updated. Note that the current Suggests can prevent installations/upgrades if suggested packages are

Bug#1059316: epics-base: CVE-2023-33460

Source: epics-base X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for yajl, which is embedded by epics-base: CVE-2023-33460[0]: | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse | function. which will cause

Bug#1059317: r-cran-jsonlite: CVE-2023-33460

Source: r-cran-jsonlite X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for yajl, which is embedded by r-cran-jsonlite: CVE-2023-33460[0]: | There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse | function. which

Bug#1000014: mydumper: depends on obsolete pcre3 library

Control: tags -1 + patch Please find attached a patch; build-tested only. Description: Port to PCRE2. Bug-Debian: https://bugs.debian.org/114 Author: Yavor Doganov Forwarded: no Last-Update: 2023-12-22 --- --- mydumper-0.10.1.orig/cmake/modules/FindPCRE.cmake +++

Bug#1059334: python-bytecode fails it's autopkg tests

Package: src:python-bytecode Version: 0.15.1-2 Severity: serious Tags: sid trixie python-bytecode fails it's autopkg tests: [...] 57s autopkgtest [00:42:21]: test pybuild-autopkgtest: pybuild-autopkgtest 57s autopkgtest [00:42:21]: test pybuild-autopkgtest: [--- 57s dh

Bug#1059335: librandombytes-dev has an undeclared file conflict on /usr/lib/x86_64-linux-gnu/librandombytes.a

Package: librandombytes-dev Version: 0~20230919-3 Severity: serious User: debian...@lists.debian.org Usertags: fileconflict Control: affects -1 + libnacl-dev librandombytes-dev has an undeclared file conflict. This may result in an unpack error from dpkg. The file

Bug#1030223: gobject-introspection mini-policy: separate GIR XML from -dev package to make cross-compilation possible?

On Wed, 01 Feb 2023 at 10:39:30 +, Simon McVittie wrote: > I think this would require changes to dependent packages if they make > use of the GIR XML (because build-depending on libflatpak-dev would > no longer be enough, and it would also be necessary to build-depend on >

Bug#1059271: RM: antic -- ROM; subsumed

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: an...@packages.debian.org, Debian Math Team , jpu...@debian.org Control: affects -1 + src:antic Upstream merged src:antic into src:flint, and we already have src:flint, so we don't

Bug#1059274: ITP: 7kaa-music -- Seven Kingdoms: Ancient Adversaries - music soundtrack

Package: wnpp Severity: wishlist Owner: "P. J. McDermott" X-Debbugs-Cc: debian-devel-ga...@lists.debian.org, p...@pehjota.net * Package name: 7kaa-music Version : 2.15 Upstream Author : Bjorn Lynne, Enlight Software Ltd., Jesse Allen * URL :

Bug#1059275: libde265: CVE-2023-49465 CVE-2023-49467 CVE-2023-49468

Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for libde265. CVE-2023-49465[0]: | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow | vulnerability in the

Bug#1059291: bookworm-pu: package spip/4.1.9+dfsg-1+deb12u3

Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:spip Hi, This issue is similar to #1059289 for oldstable. Another upstream release

Bug#1059303: asterisk: CVE-2023-37457 CVE-2023-38703

Source: asterisk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for asterisk. CVE-2023-37457[0]: | Asterisk is an open source private branch exchange and telephony | toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0

Bug#1059304: mathjax: CVE-2023-39663

Source: mathjax X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for mathjax. CVE-2023-39663[0]: | Mathjax up to v2.7.9 was discovered to contain two Regular | expression Denial of Service (ReDoS) vulnerabilities in

Bug#1059305: cargo: CVE-2023-40030

Source: cargo X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for cargo. CVE-2023-40030[0]: | Cargo downloads a Rust project’s dependencies and compiles the | project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did

Bug#1059306: rust-cargo: CVE-2023-40030

Source: rust-cargo X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for rust-cargo. CVE-2023-40030[0]: | Cargo downloads a Rust project’s dependencies and compiles the | project. Starting in Rust 1.60.0 and prior to 1.72,

Bug#980286: RFP: signald -- A daemon that facilitates communication via Signal Private Messenger

signald is needed for mautrix-signal, the Matrix to Signal bridge, which I intend to package. mautrix-signal was recently rewritten in Go and does not make use of signald anymore [1], instead it links against libsignal [2]. [1]: https://github.com/mautrix/signal/issues/372 [2]:

Bug#1058928: bookworm-pu: package cryptsetup/2:2.6.1-4~deb12u2

Control: tag -1 - moreinfo Hi, On Thu, 21 Dec 2023 at 21:59:40 +, Jonathan Wiltshire wrote: > On Mon, Dec 18, 2023 at 02:10:20PM +0100, Guilhem Moulin wrote: >> [ Reason ] >> >> 1. cryptsetup-suspend 2:2.6.1-4~deb12u1 was found incompatible with >> systemd 254.1-3 and later, in particular

Bug#1039990: [Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

On Fri, Dec 22, 2023 at 05:47:20PM +0100, Jérémy Lal wrote: > Le jeu. 21 déc. 2023 à 23:30, Jérémy Lal a écrit : > > > > > > > Le jeu. 21 déc. 2023 à 20:34, Moritz Mühlenhoff a écrit : > > > >> Am Thu, Dec 21, 2023 at 11:29:12AM +0100 schrieb Jérémy Lal: > >> > Le jeu. 21 déc. 2023 à 10:54,

Bug#1058701: pm-utils: unauthorised and uncommunicated removal

Hi. Thanks for your nice email. Thorsten Alteholz writes ("Re: pm-utils: unauthorised and uncommunicated removal"): > this is sad. The RM bug appeared on the tracker page of the package, in > your packages overview, on the ftpmaster removals page (or on the bug > page). It was also sent to

Bug#1059267: ITP: apt-verify - extend apt's gpgv-based verification mechanism

On Fri, Dec 22, 2023 at 10:54:10AM +0100, Simon Josefsson wrote: > * Package name: apt-verify It is bad enough that apt-* is a free for all name grab outside of the Debian archive, I would very much prefer if we would not encourage it inside Debian at least… Especially as this has zero

Bug#983291: [Pkg-fonts-devel] Bug#983291: Default font: Transition from DejaVu to Noto

Quoting dr. ir. Tjeerd J. Pinkert (2023-12-22 17:48:09) > Dear Fabian, List, > > thanks for packaging fonts for Debian. > > On Mon, 18 Sep 2023 13:28:36 +0200 Fabian Greffrath > wrote: > > > If I recall it correctly, the primary suggestion in that bug report > > > is to split fonts-noto-core

Bug#1059216: Problem configuring polkitd after upgrade

Hi Michael, thank you for you fast feedback. polkitd is currently not installed, so this the the output of the suggested command. SELinux enabled state cached to: disabled Failed to open 'polkitd.conf', ignoring: No such file or directory Unfortunately in my tentative to bypass the issue I've

Bug#1059292: m2crypto: CVE-2023-50781

Source: m2crypto X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for m2crypto. CVE-2023-50781[0]: Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657

Bug#1059211: qemu-system-x86: QEMU/KVM guests: Window contents partially not updated

to reproduce the problem: qemu-system-x86_64 -machine q35,accel=kvm -cpu max -bios /usr/share/OVMF/OVMF_CODE.fd -audiodev id=alsa,drive r=alsa -device AC97,audiodev=alsa -m 8G  -display gtk -full-screen -smp 16 -usb -device usb-tablet -drive file =redos,format=raw *-vga **virtio * adapters

Bug#1059296: hamster-time-tracker: CVE-2023-36250

Source: hamster-time-tracker X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for hamster-time-tracker. CVE-2023-36250[0]: | CSV Injection vulnerability in GNOME time tracker version 3.0.2, | allows local attackers to

Bug#1059302: qt6-base: CVE-2023-37369

Source: qt6-base X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qt6-base. CVE-2023-37369[0]: | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x | before 6.5.2, there can be an application crash in

Bug#1059323: mount.cifs fails to mount a share which smbclient can access all right

Package: cifs-utils Version: 2:7.0-2 We have one share here which can be opened by smbclient, but not mounted using mount.cifs: smbclient -A ~alain/.smbcredentials-admin //work03.gouv.etat.lu/aev => succeeds # mount.cifs -o credentials=/home/alain/.smbcredentials-admin

Bug#1059329: cinnamon-desktop-environment: dependency on noto-font installs too many fonts, fontlist exploded.

Package: cinnamon-desktop-environment Version: 5.6.0 Severity: whishlist X-Debbugs-Cc: t.j.pink...@alumnus.utwente.nl Dear Maintainer, to have several desktop environments available on my computer, I installed the cinnamon desktop environment. This package has a hard dependency on the noto-font

Bug#1059171: firefox-esr: Firefox freezes after upgrade from 115.5 to 115.6.0esr-1~deb12u1

Le 20/12/2023 à 23:10, Mike Hommey a écrit : Which process specifically is using the CPU? The process is firefox-esr Does it happen if you use 115.6.0esr from upstream[1]? 1.https://archive.mozilla.org/pub/firefox/releases/115.6.0esr/linux-x86_64/en-US/firefox-115.6.0esr.tar.bz2 Yes. I

Bug#1055024: cryptsetup-initramfs changes crypttab entries order when generating initramfs

On Sun, Oct 29, 2023 at 03:10:18PM +0100, Nicolas Melot wrote: > This is a repost of the same bug report I submitted to Ubuntu maintainers on > https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2031499 and that > seems to have been left as is. I am now hitting the same issue on Debian >

Bug#1059061: libssh: CVE-2023-6004

Hello Salvatore, Salvatore Bonaccorso [2023-12-19 22:34 +0100]: > The following vulnerability was published for libssh. > > CVE-2023-6004[0]: > | ProxyCommand/ProxyJump features allow injection of malicious code > | through hostname I uploaded the new upstream security fix release 0.10.6 to

Bug#1059266: error: cannot verify inline signature

Hi! On Fri, 2023-12-22 at 10:53:18 +0100, Christian Marillat wrote: > Package: dupload > Version: 2.10.4 > Severity: grave > This version fail to check a signature. Work fine with 2.10.3 > > , > | $ debrelease > | dupload note: no announcement will be sent. > | Checking OpenPGP signatures

Bug#1059289: bullseye-pu: package spip/3.2.11-3+deb11u10

Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: s...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:spip Another upstream release fixed a security (XSS) issue. The last two updates of this

Bug#1059290: proftpd-mod-proxy: CVE-2023-48795

Source: proftpd-mod-proxy X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, per https://github.com/Castaglia/proftpd-mod_proxy/issues/257 it appears proftpd-mod-proxy is also affected by the Terrapin attack, (the specific impact isn't mentioned, but seems still useful

Bug#1059211: qemu-system-x86: QEMU/KVM guests: Window contents partially not updated

Control: retitle -1 virtio-vga redraw is broken Control: tag -1 - moreinfo + confirmed upstream Control: forwarded -1 https://gitlab.com/qemu-project/qemu/-/issues/2051 Thank you both for the info. This is an issue I happen to hit earlier today as well, and already managed to bisect. Will

Bug#1059309: libcrypto++: CVE-2022-48570

Source: libcrypto++ X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libcrypto++. CVE-2022-48570[0]: | Crypto++ through 8.4 contains a timing side channel in ECDSA | signature generation. Function

Bug#1059308: python-cryptography: CVE-2023-50782

Source: python-cryptography X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for python-cryptography. CVE-2023-50782[0]: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659

  1   2   >