Bug#874663: Document +dfsg as extenson when repacking upstream sources

Hi, Le 08/09/2017 à 07:44, Simon McVittie a écrit : > On Fri, 08 Sep 2017 at 16:10:44 +0200, Guido Günther wrote: >> when upstream tarballs need to be repacked because they contain non-dfsg >> free data appending '+dfsg' to the upstream version seems common >> practice. […] > It's a coincidence

Bug#873198: php-doctrine-cache-bundle FTBFS: test failures

Control: reassign -1 php-doctrine-cache Control: found -1 1.7.0-1 Control: affects -1 php-doctrine-cache-bundle Control: retitle -1 php-doctrine-cache should not (silently) depend on php 7.1 Thank you Adrian for filling this issue. On Fri, Aug 25, 2017 at 04:13:47PM +0300, Adrian Bunk wrote: >

Bug#872165: [pkg-php-pear] Bug#872165: composer 1.4.3-2 fails its autopkgtests

Hi Steve, Thanks for the fedback. Le 14/08/2017 à 08:19, Steve Langasek a écrit : > Source: composer > Version: 1.4.3-2 > Severity: important > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu artful autopkgtest […] > The autopkgtests for composer 1.4.3-2 have been failing since

Bug#864791: Acknowledgement (firefox-esr: OAtab order cannot be changed with TabMixPlus)

Hi, Thank you for your report(s). On Thu, Jun 15, 2017 at 12:27:24AM +0200, Christoph Anton Mitterer wrote: > Control: reassign -1 xul-ext-tabmixplus > Seems the bug is rather in TMP or the combination of newer FF, TMP and > other addons. Can you please confirm if this issue is fixed with the

Bug#866182: xul-ext-tabmixplus: new upstream version

Hi, On Wed, Jun 28, 2017 at 03:39:15AM +0200, Christoph Anton Mitterer wrote: > Package: xul-ext-tabmixplus > Version: 0.5.0.1-1 > Severity: wishlist > There's a newer upstream version. Perhaps even the devel version > could be packaged (e.g. in experimental) as this may fix several issues >

Bug#861266: cmocka: Please package new upstream version

Hi Sandro, Le 02/07/2017 à 03:00, Sandro Knauß a écrit : > the new version is now available in git repository: Great! > @taffit: what is your policy to upload new version of cmocka? I don’t have much. There are a few libcmocka-dev build-rdepends, so you may want to build test some of them

Bug#866351: stretch-pu: package phpunit/5.4.6-2~deb9u1

Hi Cyril, Le 30/06/2017 à 14:36, Cyril Brulebois a écrit : > Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1 > Control: tag -1 moreinfo > David Prévot <taf...@debian.org> (2017-06-28): >> Please, allow this patched version of phpunit, built and tested in a &

Bug#866351: stretch-pu: package phpunit/5.4.6-2~deb8u1

+ * Upload previous fix to Stretch + + -- David Prévot <taf...@debian.org> Wed, 28 Jun 2017 17:03:35 -1000 + +phpunit (5.4.6-2) unstable; urgency=high + + * Team upload + * Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841] +(Closes: #866200) + + -- David Prévot <taf...@d

Bug#863493: [pkg-php-pear] Bug#863493: FTBFS with PHP 7.0.18+

Hi James, Le 27/05/2017 à 09:08, James Clarke a écrit : > Source: symfony > Version: 2.8.7+dfsg-1.2 > I noticed that symfony now FTBFS after the upload of php7.0 7.0.18-1, Thanks! > I am happy to NMU again with just the changes needed Please, go ahead, I don’t have much time currently, and

Bug#861294: jessie-pu: package spip/3.0.17-2+deb8u3

-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php [CVE-2016-9152] (Closes: #847156) * Backport security fix from 3.0.25 - Execution of arbitrary PHP code -- David Prévot <taf...@debian.org> Wed, 26 Apr 2017 18:02:00

Bug#858086: RM: owncloud/7.0.4+dfsg-4~deb8u4

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Hi, As discussed with the security team, please remove owncloud from stable: we’re not able to maintain this version on our own anymore, especially since we had to give up our efforts to

Bug#857818: spip: broken symlinks: /usr/share/spip/plugins-dist/jquery_ui/prive/javascript/ui/*.js -> ../../../../../../javascript/jquery-ui/ui/jquery.ui.*.js

Hi Andreas, Thanks a lot for your report. On 15/03/2017 02:42, Andreas Beckmann wrote: > Package: spip […] > during a test with piuparts I noticed your package ships (or creates) > a broken symlink. > >>From the attached log (scroll to the bottom...): > > 1m5.5s ERROR: FAIL: Broken symlinks: >

Bug#857421: Many plugins are lost since Jessie

Package: kipi-plugins Version: 4:5.3.0-1 Severity: important Hi, Thank you for taking care of these plugins! More than half the plugins advertised in the package description (including BatchProcess) seem to have been lost after an upgrade from Jessie to Stretch. Indeed, only 15 of them seem

Bug#816664: [Pkg-owncloud-maintainers] Bug#816664: Useless in Debian

Control : retitle -1 Useless in Stretch On 23/12/2016 13:41, Balint Reczey wrote: > On Thu, 3 Mar 2016 15:18:51 -0400 David =?iso-8859-1?Q?Pr=E9vot?= > wrote: >> Package: libjs-soundmanager2 >> Version: 2.97a.20150601+dfsg-1 >> Severity: serious >> >> [ Filled as an RC-bug by

Bug#854592: [pkg-php-pear] Bug#854592: dokuwiki: Unable to login, missing usr/share/php/Crypt/AES.php

Hi, On 13/02/2017 06:21, Joost van den Berg wrote: > unfortunately the patch does not solve the problem. > I believe that the patch generates the wrong > links to phpseclib/Crypt/AES.php instead of > ../phpseclib/Crypt/AES.php . Then it sounds like this bug was incorrectly reassigned to

Bug#851289: O: soundmanager2

Package: wnpp Severity: normal Following up from #816664. Balint, I can’t see any new reverse-dependency on soundmanager2, do you actually expect one to be part of Stretch? Regards David signature.asc Description: PGP signature

Bug#850646: [copyright-format] Allow https version of Format URI

Hi, Le 08/01/2017 à 09:42, Russ Allbery a écrit : > […] the Format > URI for the current copyright-format document is actually a redirect. Nitpicking: it’s actually not a real redirect. Fetching it directly (e.g., using wget) works via plain HTTP. Regards. David signature.asc Description:

Bug#814030: Security flaw fixed in version 6.2.0

Hi, I just add maintainer and uploader to the loop. Hopefully, they should know something about the package/code/issue. Le 04/01/2017 à 21:42, Salvatore Bonaccorso a écrit : > On Sun, Mar 27, 2016 at 01:33:01PM +0200, Moritz Mühlenhoff wrote: >> On Sun, Feb 07, 2016 at 02:28:04PM -04

Bug#816664: libjs-soundmanager2 in Debian [Was: Bug#816664: Useless in Debian]

Hi Balint, Le 23/12/2016 à 13:41, Balint Reczey a écrit : > Please keep the package in Debian for at least Stretch. > > Kodi upstream recently switched to a new web interface which uses > soundmanager2 and to provide the same web interface in Debian I need to > have it packaged. Please,

Bug#847156: [Spip-maintainers] Bug#847156: spip: CVE-2016-9152

Hi Salvatore, Thanks for the report, Le 05/12/2016 à 20:11, Salvatore Bonaccorso a écrit : > the following vulnerability was published for spip. > > CVE-2016-9152[0]: > cross-site scripting […] > [0] https://security-tracker.debian.org/tracker/CVE-2016-9152 >

Bug#817751: [pkg-php-pear] Bug#817754: google-auth-library-php in unstable prevents removal of src:php5

Hi, Le 27/11/2016 à 23:31, Ondřej Surý a écrit : > Different package and bug, but same email. Please sort it out. CCing Benoit who expressed interest in those libraries: if are you still interested in having php-google-auth and php-google-api-php-client in Debian, now would be a good time to

Bug#845708: O: libjs-chosen -- select box enhancer for jQuery and Protoype

Package: wnpp Severity: normal X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org, haskell-hoo...@packages.debian.org I intend to orphan the libjs-chosen package. The package description is: Chosen is a JavaScript plugin that makes long, unwieldy select boxes more user-friendly.

Bug#818561: Useless in Debian

Hi Axel, haskell-hoogle maintainers, Le 31/10/2016 à 13:25, Axel Beckert a écrit : > David Prévot wrote: >> Package: libjs-chosen >> Version: 0.9.11-2 >> Severity: serious >> Tags: sid stretch >> >> [ Filled as an RC-bug by the maintainer to see the

Bug#842130: Useless in Stretch

Package: libjs-ie7 Version: 2.1~beta4-2 Severity: serious Tags: sid stretch X-Debbugs-CC: s...@packages.debian.org [ Filed with RC-severity by the maintainer to see it removed from testing. ] libjs-ie7 was packaged as a dependency for spip, but the dependency has recently been dropped (in

Bug#840569: [Pkg-mozext-maintainers] Bug#840569: xul-ext-nosquint is dead, long live nosquint

Control: severity -1 serious Le 12/10/2016 à 10:35, shirish शिरीष a écrit : > Source: nosquint > Version: 2.1.9-4 > Severity: important > > Dear Maintainer, > > Nosquint is dead, please remove it Then let’s use a proper RC-severity so it gets removed from Stretch. If someone wants to follow up

Bug#840206: [Pkg-mozext-maintainers] Bug#840206: whonix-de...@whonix.org

Control: retitle -1 Please remove premium proxy advertising page Control: severity wishlist Thank you for your report. Le 09/10/2016 à 05:05, ban...@openmailbox.org a écrit : > Package: foxyproxy > Version: 3.4-1.1 I assume this is still valid for 4.5.6-debian-2. > Dear maintainer, please

Bug#835086: RFP: nextcloud -- self-hosted cloud services

Le 22/09/2016 à 01:08, Sam Hartman a écrit : >> "Xavier" == Xavier Bestel writes: > Xavier> Le mardi 20 septembre 2016 à 19:38 +0200, Moritz Mühlenhoff > >> > * Package name: nextcloud > >> Nack. It's not an important package if we can't support it >

Bug#835902: Useless in Debian

Package: php-zend-db Version: 2.8.1-1 Severity: serious X-Debbugs-CC: gale...@packages.debian.org [ Filed with RC-severity by the maintainer to see it removed from testing. This package is not part of Jessie. ] php-zend-db was recently packaged as a dependency for galette, but galette has been

Bug#835704: [Pkg-javascript-devel] Bug#835704: It's mostly fixed already!

Control: reassign -1 node-ast-types Control: affects -1 node-ast-utils Control: done -1 0.9.0-2 Hi, Le 28/08/2016 à 09:08, Julien Puydt a écrit : > today's upload of node-ast-types 0.9.0-2 fixes this problem in > node-ast-utils (and all its rdepends). > > I don't know how to say to

Bug#834479: xul-ext-* (Was: Bug#834480: jessie-pu: package mozilla-noscript/2.9.0.11-1~deb8u1)

Hi, Le 28/08/2016 à 04:09, Adam D. Barratt a écrit : > Control; tags -1 + confirmed […] > Oh, how I've missed Firefox plugin updates. :-| Same here :/ > Please go ahead. Thanks, all uploaded. Regards David signature.asc Description: OpenPGP digital signature

Bug#831418: #831418 EOL: not to be released with Stretch

Control: severity -1 serious Le 21/08/2016 à 02:26, Markus Frosch a écrit : > On 25.07.2016 13:11, Markus Frosch wrote: >> this is a interesting problem, while looking on the 3 dependent packages. >> (see below) >> >> We have 3 choices to go on: >> >> 1. Still provide zendframework 1 in a

Bug#834906: [Pkg-mozext-maintainers] Bug#834906: xul-ext-adblock-plus: please support conkeror

Control: tag -1 upstream Hi David, Thank you for your report. Le 20/08/2016 à 04:15, David Bremner a écrit : > Package: xul-ext-adblock-plus > Version: 2.7.3+dfsg-1 > Severity: wishlist […] > I know very little about mozilla extensions, but I _think_ it just > needs an entry in > >

Bug#827277: [Pkg-mozext-maintainers] Bug#827277: xul-ext-firegestures: Gesture database empty with firefox-esr

Control: fixed -1 1.10.9-1 Hi Christopher, Thank you for your report. Le 14/06/2016 à 04:05, Christopher Wellons a écrit : > Package: xul-ext-firegestures > Version: 1.8.7-1 > When used with the new firefox-esr, the gesture database is empty and > the built-in gestures are unavailable. Looks

Bug#834484: jessie-pu: package firegestures/1.10.9-1~deb8u1

..cf52cbf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +firegestures (1.10.9-1~deb8u1) jessie; urgency=medium + + * Upload compatible version with recent Firefox in Jessie (Closes: #827277) + + -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 18:49:34 -1000 + firege

Bug#834483: jessie-pu: package tabmixplus/0.5.0.0-1~deb8u1

/changelog @@ -1,3 +1,9 @@ +tabmixplus (0.5.0.0-1~deb8u1) jessie; urgency=medium + + * Upload compatible version with recent Firefox in Jessie (Closes: #826995) + + -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:34:54 -1000 + tabmixplus (0.5.0.0-1) unstable; urgency=medium * Upload

Bug#834482: jessie-pu: package adblock-plus/2.7.3+dfsg-1~deb8u1

~deb8u1) jessie; urgency=medium + + * Upload compatible version with recent Firefox in Jessie (Closes: #829267) + + -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:53:49 -1000 + adblock-plus (2.7.3+dfsg-1) unstable; urgency=medium [ Wladimir Palant ] signature.asc Description: O

Bug#834480: jessie-pu: package mozilla-noscript/2.9.0.11-1~deb8u1

with recent Firefox in Jessie (Closes: #826896) + + -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:45:33 -1000 + mozilla-noscript (2.9.0.11-1) unstable; urgency=medium * Drop Iceape and Iceweasel from description signature.asc Description: OpenPGP digital signature

Bug#834479: jessie-pu: package greasemonkey/3.8-1~deb8u1

with recent Firefox in Jessie (Closes: #828622) + + -- David Prévot <taf...@debian.org> Sat, 16 Jul 2016 08:54:01 -0400 + greasemonkey (3.8-1) unstable; urgency=medium * Team upload, to unstable since it’s a stable release signature.asc Description: OpenPGP digital signature

Bug#825749: xul-ext-foxyproxy-standard: foxyproxy cannot be installed if icedove 45 is present

Control: unmerge -1 with 827170 Control: reopen -1 Control: reassign -1 icedove 1:45.1.0-1 Hi Christoph and all, On Sun, May 29, 2016 at 09:50:40AM -0400, Robbie Harwood wrote: > Package: xul-ext-foxyproxy-standard > Version: 4.5.6-debian-1 > Severity: important > > Dear Maintainer, > > It is

Bug#831418: EOL: not to be released with Stretch

Source: zendframework Severity: serious Tags: security sid stretch Hi, Upstream recently stated [0] that “Zend Framework 1 reaches its End of Life (EOL) […] on 28 September 2016.” 0: https://framework.zend.com/blog/2016-06-28-zf1-eol.html Therefore, we should not release it with Stretch (and

Bug#819900: [Pkg-mozext-maintainers] Bug#819900: Configuration page doesn't work on Firefox 45.0.1

Hi Evgeny, Le 13/07/2016 à 13:50, Evgeny Kapun a écrit : > Control: tags -1 - upstream > > Looks like the problem is caused by the file > being not found. Thanks a lot for the debbuging and the explanations! I’ll try to fix it ASAP (but it may be a while before I have some time for that).

Bug#829764: [pkg-php-pear] Bug#829764: php-monolog: add stage1 and nocheck build profiles

Control: tag -1 pending Le 05/07/2016 à 20:13, Nish Aravamudan a écrit : > On 05.07.2016 [16:51:48 -0400], David Prévot wrote: >> Le 05/07/2016 à 16:19, Nishanth Aravamudan a écrit : >>> Package: php-monolog >> […] >>> * Add nocheck and stage1 build prof

Bug#829764: [pkg-php-pear] Bug#829764: php-monolog: add stage1 and nocheck build profiles

Hi Nishanth, Le 05/07/2016 à 16:19, Nishanth Aravamudan a écrit : > Package: php-monolog […] > * Add nocheck and stage1 build profiles. Thanks for your patch. Please, do commit it directly: I have no way to test it nor any setup to maintain it anyway, besides being able to revert it in case

Bug#827695: [pkg-php-pear] Bug#827695: zendframework: Rename zend-framework in Ubuntu to allow for a package sync

Hi, Le 19/06/2016 à 15:35, Nishanth Aravamudan a écrit : > Package: zendframework > Version: 1.12.18+dfsg-1 […] > I am hoping to get rid of the Ubuntu zend-framework package and simply > sync the zendframework package from Debian. I’m not clear about why Debian should carry Ubuntu-specific

Bug#827698: Depends on zendframework, but zendframework is going away

Package: php-letodms-lucene Version: 1.1.1-2 Severity: important Control: affects -1 zendframework Hi, php-letodms-lucene depends on zendframework (version 1), but this package is unlikely to make it in Stretch: we intend to ship version 3 of zendframework, that is maintained in separate

Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors

Hi, Le 18/06/2016 à 16:32, Mathieu Parent a écrit : > Some other things may break, but I'll vote still vote for this patch, > as only 6 packages depends on it. > > David, what do you think? I disagree, and stand to what I’ve written in the last changelog entry: Actually fixing the

Bug#816389: transition: php7.0

Hi, Le 15/06/2016 à 03:56, Ondřej Surý a écrit : > - php-guzzle - seems fixed to me, but dak still wants to remove the > package Code is PHP5-specific, it’s superseded by php-guzzlehttp. None of them should be released in Stretch, so it’s perfectly fine to see it go away. Regards David

Bug#826896: [Pkg-mozext-maintainers] Bug#826896: xul-ext-noscript: incompatible with firefox-esr in jessie

Hi Vagrant, Le 10/06/2016 à 01:30, Vagrant Cascadian a écrit : > FWIW, I also did the same with xul-ext-tabmixplus, though I should > probably report a separate bug about that... Please do: the team is pretty low in human power currently: bug reports will help tracking the issues. Having

Bug#826896: xul-ext-noscript: incompatible with firefox-esr in jessie

Hi Vagrant, On Thu, Jun 09, 2016 at 03:39:00PM -0700, Vagrant Cascadian wrote: > Package: xul-ext-noscript > Version: 2.6.9.3-1 > Apparently, the xul-ext-noscript package in jessie is incompatible > with the new firefox-esr security update just released. Thank you for your report. > I presume

Bug#825572: Source only upload [Was: Uploaded to DELAYED/2]

Hi Mathieu, On Tue, Jun 07, 2016 at 08:33:43PM +0200, Mathieu Parent wrote: > 2016-06-07 0:16 GMT+02:00 David Prévot <taf...@debian.org>: > > FYI, there is now a buildd available for arch:all, so you could have > > simply dput the _source.changes without any binary pac

Bug#825572: Uploaded to DELAYED/2

Hi Mathieu, On Mon, Jun 06, 2016 at 09:50:21PM +0200, Mathieu Parent wrote: > I've uploaded php-sabre-vobject (2.1.7-3) to DELAYED/2. to fix this RC Thanks for your update! No need to wait IMHO, so I just ran: dcut reschedule \ --file=php-sabre-vobject_2.1.7-3_amd64.changes

Bug#817751: [pkg-php-pear] Bug#817751: google-api-php-client: diff for NMU version 1.1.7-0.1

Control: retitle 817751 Useless in Debian Le 01/06/2016 à 11:50, Nish Aravamudan a écrit : > I've prepared an NMU for google-api-php-client Please don’t: this package should not end in a stable release without a proper maintainer. Regards David signature.asc Description: OpenPGP digital

Bug#814674: Providing map files in node-es6-shim

Hi, Le 29/05/2016 à 02:39, Julien Puydt a écrit : > In fact, I have already prepared a new version, which can be seen here: > https://mentors.debian.net/package/node-es6-shim Thanks! Is it available in some public VCS? > Does it fix the bug properly? owncloud(-news) has been removed from the

Bug#813653: [pkg-php-pear] Bug#813653: Bug#813653: jessie-pu: package symfony/2.3.21+dfsg-4+deb8u3

Hi, Le 27/05/2016 à 15:46, Julien Cristau a écrit : > On Thu, Mar 31, 2016 at 23:43:03 +0200, Daniel Beyer wrote: >> Can you give a short update regarding the proposed >> symfony/2.3.21+dfsg-4+deb8u3, fixing CVE-2016-1902? FYI, it should be dealt with via DSA with other issues soon, we should

Bug#824507: [Pkg-owncloud-maintainers] Bug#824507: owncloud-client symbol lookup error

Hi, > Package: owncloud-client […] > trying to start the client I get this: > > leandro@sgorbio:~$ owncloud > owncloud: symbol lookup error: > /usr/lib/x86_64-linux-gnu/libowncloudsync.so.0: undefined symbol: > _ZN9QKeychain16WritePasswordJob6setKeyERK7QString […] > ii libqtkeychain0

Bug#824410: RM: php5-symfony-debug/experimental -- NBS; cruft

Package: ftp.debian.org Severity: normal Hi, As per #824148: the last symfony uploads got rid of php5-symfony-debug (arch:any), so only arch:all packages are build now. Version 3.0.4+dfsg-1 of php5-symfony-debug seems to prevent version 3.0.6+dfsg-1 of php-symfony* packages to be available in

Bug#824175: Error: Class '...\PropertyAccess' not found

Control: tag -1 upstream On Fri, May 13, 2016 at 01:29:46PM +0200, Antonio Ospite wrote: > Package: php-symfony-serializer > Version: 2.8.6+dfsg-1 > Severity: normal > > Dear Maintainer, > > I installed php-symfony-serializer and tried the first example from the > documentation at >

Bug#821044: wheezy-pu: package zendframework/1.11.13-1.1+deb7u6

Hi, > Assuming that the resulting package has been tested on wheezy, please go > ahead. It just got accepted into oldstable-proposed-updates->oldstable-new, thanks (and yes, I do use it in some boxes). Regards David

Bug#815482: On bug #815482 (localized libjs-moment)

Hi Julien, > Could you have a look and tell me if it's ok? debian/libjs-moment.install contains now: locale usr/share/javascript/moment/locale You probably meant: locale usr/share/javascript/moment (Assuming you don’t want the locales in /usr/share/javascript/moment/locale/locale since they

Bug#824148: RM: php5-symfony-debug -- NBS; cruft

Package: ftp.debian.org Severity: normal Hi, The last symfony uploads got rid of php5-symfony-debug (arch:any), so only arch:all packages are build now. Version 2.8.4+dfsg-1 [3.0.4+dfsg-1 in experimental] of php5-symfony-debug seems to prevent version 2.8.6+dfsg-1 [3.0.6+dfsg-1 in experimental]

Bug#824147: RM: php5-twig -- NBS; cruft

Package: ftp.debian.org Severity: normal Hi, The last twig upload got rid of php5-twig (arch:any), so it only builds arch:all packages now. Version 1.24.0-1 of php5-twig seems to prevent version 1.24.0-2 of php-twig* to be available in the archive, and also prevents twig to migrate into testing.

Bug#823768: Useless in Stretch

Package: php-jmespath Version: 2.3.0-2 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I recently packaged php-jmespath as used by php-aws-sdk (in experimental), but it won’t be part of Stretch as per #821698. There is a priori little

Bug#823683: PHP 7.0 Transition

Package: php-services-json Version: 1.0.3-1 Severity: serious User: pkg-php-ma...@lists.alioth.debian.org Usertags: php7.0-transition Hi, As shown by php7cc, php-services-json contains deprecated PHP 4 constructors. As outlined in #783422, upstream has not been active in years, so unless that

Bug#823649: libjs-mediaelement: Reflected XSS vulnerability

Hi, On Sat, May 07, 2016 at 11:58:22AM +1000, Craig Small wrote: > Package: libjs-mediaelement > Version: 2.15.1+dfsg-1 > Severity: important > Tags: security upstream > > I saw this regarding the wordpress 4.5.2 release[1]. Thank you for the heads up. > MediaElement.js is > vulnerable to a

Bug#823511: Useless in Debian

Package: php-psr-http-message Version: 1.0-2 Severity: serious I recently packaged php-psr-http-message as used by php-guzzlehttp-psr7 and php-google-auth, but php-guzzlehttp-psr7 is going away, see #823505 (so is php-google-auth, see #817754). There is a priori little point in shipping

Bug#823510: Useless in Debian

Package: php-react-promise Version: 2.4.1-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged php-react-promise as used by php-guzzlehttp-ringphp, but php-guzzlehttp-ringphp is going away, see #823506. There is a priori little

Bug#823508: Useless in Debian

Package: python-guzzle-sphinx-theme Version: 0.7.10-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged python-guzzle-sphinx-theme in order to build php-guzzle-doc, but php-guzzle is going away, see #821698. There is a priori

Bug#823507: Useless in Debian

Package: php-guzzle-stream Version: 3.0.0-5 Severity: normal [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged php-guzzle-stream as used by php-guzzlehttp-ringphp, but php-guzzlehttp-ringphp is going away, see #823506. There is a priori little

Bug#823506: Useless in Debian

Source: php-guzzlehttp-ringphp Version: 1.1.0-2 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged php-guzzlehttp-ringphp as used by php-guzzlehttp (version 5, as in Jessie), but latest version (version 6.2, as in Sid) doesn’t

Bug#823505: Useless in Debian

Package: php-guzzlehttp-psr7 Version: 1.3.0-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I recently packaged php-guzzlehttp-psr7 as used by php-guzzlehttp, php-aws-sdk (in experimental), and php-google-auth, but php-guzzlehttp is

Bug#823504: Useless in Debian

Package: php-guzzlehttp-promises Version: 1.1.0-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I recently packaged php-guzzlehttp-promises as used by php-guzzlehttp and php-aws-sdk (in experimental), but php-guzzlehttp is going away,

Bug#823502: Useless in Debian

Source: php-guzzlehttp Version: 6.2.0-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I recently packaged php-guzzlehttp as used by owncloud and php-google-auth, but owncloud is going away, see #816376 (so is php-google-auth, see

Bug#823063: RM: php-irods -- ROM; Useless in Debian

Package: ftp.debian.org Severity: normal Hi, #756580 was reassigned with a broken title, and the source package hasn’t been removed AFAICT. Please, remove it too. Regards David signature.asc Description: PGP signature

Bug#822681: RM: owncloud -- ROM; Unfit upstream, uninstallable

Package: ftp.debian.org Severity: normal As per #816376, we won’t be shipping ownCloud in the next Debian release, and since the version in Sid is not installable anymore (see #821826), there is no point in keeping it at all. The following reverse dependencies can also go away: -

Bug#816796: php-apigen: Useless in Debian

Hi Florian, Le 22/04/2016 à 16:09, Florian Schlichting a écrit : > On Wed, Apr 20, 2016 at 04:00:40PM -0400, David Prévot wrote: >> Le 20/04/2016 à 15:43, Florian Schlichting a écrit >>> So if it's not too difficult to maintain with PHP 7, I'd love for >>> php-

Bug#816796: php-apigen: Useless in Debian

Hi Florian, Le 20/04/2016 à 15:43, Florian Schlichting a écrit > So if it's not too difficult to maintain with PHP 7, I'd love for > php-apigen to be kept in Debian in the future! Feel free to take it over (with its dependency chain). Regards David signature.asc Description: OpenPGP

Bug#821123: Useless in Debian

Package: doctrine-sphinx-theme Version: 0~20130227-1 Severity: serious Tags: sid stretch [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged doctrine-sphinx-theme to build doctrine-orm-doc, but we stopped building it (not DFSG compliant anymore).

Bug#821044: wheezy-pu: package zendframework/1.11.13-1.1+deb7u6

security fix from 1.12.18: +- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1 + http://framework.zend.com/security/advisory/ZF2016-01 + + -- David Prévot <taf...@debian.org> Wed, 13 Apr 2016 16:34:02 -0400 + zendframework (1.11.13-1.1+deb7u5) wheezy; urgency=

Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6

+deb8u6) jessie; urgency=medium + + * Fix regression from ZF2015-08: binary data corruption + * Backport security fix from 1.12.18: +- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1 + http://framework.zend.com/security/advisory/ZF2016-01 + + -- David Prévot <taf...@debian.

Bug#820336: composer: remove mercurial from Recommends

Hi Thijs, Thanks for you interest in the composer package. Le 07/04/2016 09:57, Thijs Kinkhorst a écrit : > Installing composer by default also pulls in mercurial because it's in > Recommends. I personally doubt that the amount of mercurial use justifies > pulling it in by default (and e.g. not

Bug#819415: [pkg-php-pear] Bug#819420: php-seclib: Call to undefined method Crypt_Base::Crypt_Base()

Hi, Thank you for your report. CCing Perpetuum who reported a similar issue in #819415, and Mathieu who uploaded php-seclib 1.0.1-3. Le 28/03/2016 07:31, Frank Jung a écrit : > Package: php-seclib > Version: 1.0.1-3 > Loading Dokuwiki running on lighttpd reported a 500 "The localhost page

Bug#819322: Useless in Debian

Package: php-xml-parser Version: 1.3.6-1 Severity: serious Control: block -1 by 818800 User: pkg-php-ma...@lists.alioth.debian.org Usertags: php7.0-transition [ Filled as an RC-bug by a team member to see the package auto-removed from testing, and not let it block the PHP 7.0 transition. ]

Bug#819031: jessie-pu: package mozilla-devscripts/0.39+deb8u1

Hi, Le 24/03/2016 15:13, Adam D. Barratt a écrit : > Thanks for the review and the examples. Please feel free to upload. Uploaded and accepted, thanks. Regards David signature.asc Description: OpenPGP digital signature

Bug#819031: jessie-pu: package mozilla-devscripts/0.39+deb8u1

Hi, On Tue, Mar 22, 2016 at 08:45:02PM -0700, Sean Whitton wrote: > The version of mozilla-devscripts currently in Jessie generates > references to the iceweasel and icedove packages. But iceweasel is to > be replaced with firefox-esr, and icedove is probably going to be > replaced with

Bug#818756: fixed in mozilla-devscripts 0.45.1

Hi Sean, Thank you for your work on the xul-ext-* tools! On Tue, Mar 22, 2016 at 04:51:15PM +, Debian Bug Tracking System wrote: […] > mozilla-devscripts (0.45.1) unstable; urgency=high > . >* Restore generation of iceweasel entries for Depends:, Enhances: > etc. to ease the

Bug#818800: simplesamlphp: Useless dependency on php-xml-parser

Package: simplesamlphp Version: 1.14.2-1 Severity: normal Hi, It seems like simplesamlphp is the last bit in Debian depending on php-xml-parser, but it doesn’t seem to actually use it. If php-xml-parser is not used by simplesamlphp, please drop the dependency on it, so we can get rid of it for

Bug#818756: [Pkg-mozext-maintainers] Bug#818756: Bug#818756: dh_xul-ext: please add alternative dependency on iceweasel

Hi, > On Sun, Mar 20, 2016 at 01:05:22PM +0100, Jakub Wilk wrote: >> To facilitate smoother partial jessie->stretch upgrades, it would be >> good if iceweasel was added as an alternative dependency. > > I'm not familiar with this use case: could you explain why someone might > want to do that,

Bug#818104: Possible MBF: Packages depending on iceweasel but not firefox/firefox-esr

Le 18/03/2016 18:06, Josh Triplett a écrit : > I would suggest that Firefox addon packages should depend on "firefox | > firefox-esr" Most of those packages are mozilla-devscripts for the build and just need to be rebuilt to get fixed. Even if our infrastructure has all the needed tools to

Bug#783422: php-services-json: Useless in Debian?

Hi Dmitry, > My concern for removal of this package is that recently introduced CiviCRM > loosely depends on it. Looks like civicrm only build-depends on it, that seems strange (I wonder how php-services-json is used during the build). Looks like civicrm is using dh_linktree for embedding PHP

Bug#818709: Useless in Debian

Package: php-mail-mimedecode Version: 1.5.5-3 Severity: serious [Filled as RC by a team member to see it autoremoved from testing if nobody disagrees. Please, do downgrade it with an explanation if you disagree.] This package has no reverse dependencies anymore in Stretch, and hasn’t seen any

Bug#818558: Useless in Debian

Package: libjs-jquery-minicolors Version: 1.2.1-1 Severity: serious Tag: sid stretch [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged libjs-jquery-minicolors as used by owncloud, but owncloud is going away, see #816376. There is a priori little

Bug#818674: Useless in Debian

Package: owncloud-doc Version: 0~20160302-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged owncloud-doc as used by owncloud, but owncloud is going away, see #816376. There is a priori little point in shipping owncloud-doc

Bug#818673: Useless in Debian

Package: python-sphinxcontrib.phpdomain Version: 0.1.4-2 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged python-sphinxcontrib.phpdomain to build owncloud-doc and php-opencloud-doc as used by owncloud, but owncloud is going

Bug#818561: Useless in Debian

Package: libjs-chosen Version: 0.9.11-2 Severity: serious Tags: sid stretch [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing. ] I packaged libjs-chosen as used by owncloud, but owncloud is going away, see #816376. There is a priori little point to ship

Bug#818412: Please adapt code for the PHP 7.0 transition

Package: debpear Version: 0.4 Severity: serious [ Filled as an RC-bug by a team member to ensure the package does not get released with this status in Stretch. ] Even if it doesn’t show up in the package metadata, according to a quick look at the code, there are some assumptions about at least

Bug#817754: php-google-a* maybe not so useless (Was: Useless in Debian)

Hi Benoit, Le 15/03/2016 04:54, Benoit Mortier a écrit : > Le 09/03/16 21:38, David Prévot a écrit : >> Package: php-google-api-php-client […] >> Package: php-google-auth >> [ Filled as an RC-bug by the maintainer to see the package auto-removed >> from testing, a

Bug#818034: Useless in Debian

Package: php-picofeed Version: 0.1.19-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing, and not let it block the PHP 7.0 transition. ] I recently packaged php-picofeed, as used by owncloud-news, but it’s now gone as per #816901 since

Bug#818033: Useless in Debian

Package: php-nette Version: 2.3.9-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing, and not let it block the PHP 7.0 transition. ] I packaged php-nette as used by php-apigen in order to build php-opencloud(-doc), as used by owncloud, but

Bug#818012: RM: phpseclib/experimental -- ROM; Superseded by php-phpseclib

Package: ftp.debian.org Severity: normal Hi, Please remove phpseclib from experimental, the version 2 is now provided by php-phpseclib. Regards David signature.asc Description: PGP signature

Bug#817765: Useless in Stretch

Package: php-psr-cache Version: 1.0.0-1 Severity: serious [ Filled as an RC-bug by the maintainer to see the package auto-removed from testing, and not let it block the PHP 7.0 transition. ] I recently packaged php-psr-cache as a new symfony dependency, but it shouldn’t be useful before 3.1

<    1   2   3   4   5   6   7   8   9   10   >