Hi,
Le 08/09/2017 à 07:44, Simon McVittie a écrit :
> On Fri, 08 Sep 2017 at 16:10:44 +0200, Guido Günther wrote:
>> when upstream tarballs need to be repacked because they contain non-dfsg
>> free data appending '+dfsg' to the upstream version seems common
>> practice.
[…]
> It's a coincidence
Control: reassign -1 php-doctrine-cache
Control: found -1 1.7.0-1
Control: affects -1 php-doctrine-cache-bundle
Control: retitle -1 php-doctrine-cache should not (silently) depend on php 7.1
Thank you Adrian for filling this issue.
On Fri, Aug 25, 2017 at 04:13:47PM +0300, Adrian Bunk wrote:
>
Hi Steve,
Thanks for the fedback.
Le 14/08/2017 à 08:19, Steve Langasek a écrit :
> Source: composer
> Version: 1.4.3-2
> Severity: important
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu artful autopkgtest
[…]
> The autopkgtests for composer 1.4.3-2 have been failing since
Hi,
Thank you for your report(s).
On Thu, Jun 15, 2017 at 12:27:24AM +0200, Christoph Anton Mitterer wrote:
> Control: reassign -1 xul-ext-tabmixplus
> Seems the bug is rather in TMP or the combination of newer FF, TMP and
> other addons.
Can you please confirm if this issue is fixed with the
Hi,
On Wed, Jun 28, 2017 at 03:39:15AM +0200, Christoph Anton Mitterer wrote:
> Package: xul-ext-tabmixplus
> Version: 0.5.0.1-1
> Severity: wishlist
> There's a newer upstream version. Perhaps even the devel version
> could be packaged (e.g. in experimental) as this may fix several issues
>
Hi Sandro,
Le 02/07/2017 à 03:00, Sandro Knauß a écrit :
> the new version is now available in git repository:
Great!
> @taffit: what is your policy to upload new version of cmocka?
I don’t have much. There are a few libcmocka-dev build-rdepends, so you
may want to build test some of them
Hi Cyril,
Le 30/06/2017 à 14:36, Cyril Brulebois a écrit :
> Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1
> Control: tag -1 moreinfo
> David Prévot <taf...@debian.org> (2017-06-28):
>> Please, allow this patched version of phpunit, built and tested in a
&
+ * Upload previous fix to Stretch
+
+ -- David Prévot <taf...@debian.org> Wed, 28 Jun 2017 17:03:35 -1000
+
+phpunit (5.4.6-2) unstable; urgency=high
+
+ * Team upload
+ * Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841]
+(Closes: #866200)
+
+ -- David Prévot <taf...@d
Hi James,
Le 27/05/2017 à 09:08, James Clarke a écrit :
> Source: symfony
> Version: 2.8.7+dfsg-1.2
> I noticed that symfony now FTBFS after the upload of php7.0 7.0.18-1,
Thanks!
> I am happy to NMU again with just the changes needed
Please, go ahead, I don’t have much time currently, and
-9997] [CVE-2016-9998] (Closes: #848641)
- Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php
[CVE-2016-9152] (Closes: #847156)
* Backport security fix from 3.0.25
- Execution of arbitrary PHP code
-- David Prévot <taf...@debian.org> Wed, 26 Apr 2017 18:02:00
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
As discussed with the security team, please remove owncloud from stable:
we’re not able to maintain this version on our own anymore, especially
since we had to give up our efforts to
Hi Andreas,
Thanks a lot for your report.
On 15/03/2017 02:42, Andreas Beckmann wrote:
> Package: spip
[…]
> during a test with piuparts I noticed your package ships (or creates)
> a broken symlink.
>
>>From the attached log (scroll to the bottom...):
>
> 1m5.5s ERROR: FAIL: Broken symlinks:
>
Package: kipi-plugins
Version: 4:5.3.0-1
Severity: important
Hi,
Thank you for taking care of these plugins!
More than half the plugins advertised in the package description
(including BatchProcess) seem to have been lost after an upgrade from
Jessie to Stretch. Indeed, only 15 of them seem
Control : retitle -1 Useless in Stretch
On 23/12/2016 13:41, Balint Reczey wrote:
> On Thu, 3 Mar 2016 15:18:51 -0400 David =?iso-8859-1?Q?Pr=E9vot?=
> wrote:
>> Package: libjs-soundmanager2
>> Version: 2.97a.20150601+dfsg-1
>> Severity: serious
>>
>> [ Filled as an RC-bug by
Hi,
On 13/02/2017 06:21, Joost van den Berg wrote:
> unfortunately the patch does not solve the problem.
> I believe that the patch generates the wrong
> links to phpseclib/Crypt/AES.php instead of
> ../phpseclib/Crypt/AES.php .
Then it sounds like this bug was incorrectly reassigned to
Package: wnpp
Severity: normal
Following up from #816664. Balint, I can’t see any new
reverse-dependency on soundmanager2, do you actually expect one to be
part of Stretch?
Regards
David
signature.asc
Description: PGP signature
Hi,
Le 08/01/2017 à 09:42, Russ Allbery a écrit :
> […] the Format
> URI for the current copyright-format document is actually a redirect.
Nitpicking: it’s actually not a real redirect. Fetching it directly
(e.g., using wget) works via plain HTTP.
Regards.
David
signature.asc
Description:
Hi,
I just add maintainer and uploader to the loop. Hopefully, they should
know something about the package/code/issue.
Le 04/01/2017 à 21:42, Salvatore Bonaccorso a écrit :
> On Sun, Mar 27, 2016 at 01:33:01PM +0200, Moritz Mühlenhoff wrote:
>> On Sun, Feb 07, 2016 at 02:28:04PM -04
Hi Balint,
Le 23/12/2016 à 13:41, Balint Reczey a écrit :
> Please keep the package in Debian for at least Stretch.
>
> Kodi upstream recently switched to a new web interface which uses
> soundmanager2 and to provide the same web interface in Debian I need to
> have it packaged.
Please,
Hi Salvatore,
Thanks for the report,
Le 05/12/2016 à 20:11, Salvatore Bonaccorso a écrit :
> the following vulnerability was published for spip.
>
> CVE-2016-9152[0]:
> cross-site scripting
[…]
> [0] https://security-tracker.debian.org/tracker/CVE-2016-9152
>
Hi,
Le 27/11/2016 à 23:31, Ondřej Surý a écrit :
> Different package and bug, but same email. Please sort it out.
CCing Benoit who expressed interest in those libraries: if are you still
interested in having php-google-auth and php-google-api-php-client in
Debian, now would be a good time to
Package: wnpp
Severity: normal
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org,
haskell-hoo...@packages.debian.org
I intend to orphan the libjs-chosen package.
The package description is:
Chosen is a JavaScript plugin that makes long, unwieldy select boxes
more user-friendly.
Hi Axel, haskell-hoogle maintainers,
Le 31/10/2016 à 13:25, Axel Beckert a écrit :
> David Prévot wrote:
>> Package: libjs-chosen
>> Version: 0.9.11-2
>> Severity: serious
>> Tags: sid stretch
>>
>> [ Filled as an RC-bug by the maintainer to see the
Package: libjs-ie7
Version: 2.1~beta4-2
Severity: serious
Tags: sid stretch
X-Debbugs-CC: s...@packages.debian.org
[ Filed with RC-severity by the maintainer to see it removed from
testing. ]
libjs-ie7 was packaged as a dependency for spip, but the dependency has
recently been dropped (in
Control: severity -1 serious
Le 12/10/2016 à 10:35, shirish शिरीष a écrit :
> Source: nosquint
> Version: 2.1.9-4
> Severity: important
>
> Dear Maintainer,
>
> Nosquint is dead, please remove it
Then let’s use a proper RC-severity so it gets removed from Stretch. If
someone wants to follow up
Control: retitle -1 Please remove premium proxy advertising page
Control: severity wishlist
Thank you for your report.
Le 09/10/2016 à 05:05, ban...@openmailbox.org a écrit :
> Package: foxyproxy
> Version: 3.4-1.1
I assume this is still valid for 4.5.6-debian-2.
> Dear maintainer, please
Le 22/09/2016 à 01:08, Sam Hartman a écrit :
>> "Xavier" == Xavier Bestel writes:
> Xavier> Le mardi 20 septembre 2016 à 19:38 +0200, Moritz Mühlenhoff
> >> > * Package name: nextcloud
> >> Nack. It's not an important package if we can't support it
>
Package: php-zend-db
Version: 2.8.1-1
Severity: serious
X-Debbugs-CC: gale...@packages.debian.org
[ Filed with RC-severity by the maintainer to see it removed from
testing. This package is not part of Jessie. ]
php-zend-db was recently packaged as a dependency for galette, but
galette has been
Control: reassign -1 node-ast-types
Control: affects -1 node-ast-utils
Control: done -1 0.9.0-2
Hi,
Le 28/08/2016 à 09:08, Julien Puydt a écrit :
> today's upload of node-ast-types 0.9.0-2 fixes this problem in
> node-ast-utils (and all its rdepends).
>
> I don't know how to say to
Hi,
Le 28/08/2016 à 04:09, Adam D. Barratt a écrit :
> Control; tags -1 + confirmed
[…]
> Oh, how I've missed Firefox plugin updates. :-|
Same here :/
> Please go ahead.
Thanks, all uploaded.
Regards
David
signature.asc
Description: OpenPGP digital signature
Control: severity -1 serious
Le 21/08/2016 à 02:26, Markus Frosch a écrit :
> On 25.07.2016 13:11, Markus Frosch wrote:
>> this is a interesting problem, while looking on the 3 dependent packages.
>> (see below)
>>
>> We have 3 choices to go on:
>>
>> 1. Still provide zendframework 1 in a
Control: tag -1 upstream
Hi David,
Thank you for your report.
Le 20/08/2016 à 04:15, David Bremner a écrit :
> Package: xul-ext-adblock-plus
> Version: 2.7.3+dfsg-1
> Severity: wishlist
[…]
> I know very little about mozilla extensions, but I _think_ it just
> needs an entry in
>
>
Control: fixed -1 1.10.9-1
Hi Christopher,
Thank you for your report.
Le 14/06/2016 à 04:05, Christopher Wellons a écrit :
> Package: xul-ext-firegestures
> Version: 1.8.7-1
> When used with the new firefox-esr, the gesture database is empty and
> the built-in gestures are unavailable.
Looks
..cf52cbf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+firegestures (1.10.9-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #827277)
+
+ -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 18:49:34 -1000
+
firege
/changelog
@@ -1,3 +1,9 @@
+tabmixplus (0.5.0.0-1~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #826995)
+
+ -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:34:54 -1000
+
tabmixplus (0.5.0.0-1) unstable; urgency=medium
* Upload
~deb8u1) jessie; urgency=medium
+
+ * Upload compatible version with recent Firefox in Jessie (Closes: #829267)
+
+ -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:53:49 -1000
+
adblock-plus (2.7.3+dfsg-1) unstable; urgency=medium
[ Wladimir Palant ]
signature.asc
Description: O
with recent Firefox in Jessie (Closes: #826896)
+
+ -- David Prévot <taf...@debian.org> Mon, 15 Aug 2016 16:45:33 -1000
+
mozilla-noscript (2.9.0.11-1) unstable; urgency=medium
* Drop Iceape and Iceweasel from description
signature.asc
Description: OpenPGP digital signature
with recent Firefox in Jessie (Closes: #828622)
+
+ -- David Prévot <taf...@debian.org> Sat, 16 Jul 2016 08:54:01 -0400
+
greasemonkey (3.8-1) unstable; urgency=medium
* Team upload, to unstable since it’s a stable release
signature.asc
Description: OpenPGP digital signature
Control: unmerge -1 with 827170
Control: reopen -1
Control: reassign -1 icedove 1:45.1.0-1
Hi Christoph and all,
On Sun, May 29, 2016 at 09:50:40AM -0400, Robbie Harwood wrote:
> Package: xul-ext-foxyproxy-standard
> Version: 4.5.6-debian-1
> Severity: important
>
> Dear Maintainer,
>
> It is
Source: zendframework
Severity: serious
Tags: security sid stretch
Hi,
Upstream recently stated [0] that “Zend Framework 1 reaches its End of
Life (EOL) […] on 28 September 2016.”
0: https://framework.zend.com/blog/2016-06-28-zf1-eol.html
Therefore, we should not release it with Stretch (and
Hi Evgeny,
Le 13/07/2016 à 13:50, Evgeny Kapun a écrit :
> Control: tags -1 - upstream
>
> Looks like the problem is caused by the file
> being not found.
Thanks a lot for the debbuging and the explanations! I’ll try to fix it
ASAP (but it may be a while before I have some time for that).
Control: tag -1 pending
Le 05/07/2016 à 20:13, Nish Aravamudan a écrit :
> On 05.07.2016 [16:51:48 -0400], David Prévot wrote:
>> Le 05/07/2016 à 16:19, Nishanth Aravamudan a écrit :
>>> Package: php-monolog
>> […]
>>> * Add nocheck and stage1 build prof
Hi Nishanth,
Le 05/07/2016 à 16:19, Nishanth Aravamudan a écrit :
> Package: php-monolog
[…]
> * Add nocheck and stage1 build profiles.
Thanks for your patch. Please, do commit it directly: I have no way to
test it nor any setup to maintain it anyway, besides being able to
revert it in case
Hi,
Le 19/06/2016 à 15:35, Nishanth Aravamudan a écrit :
> Package: zendframework
> Version: 1.12.18+dfsg-1
[…]
> I am hoping to get rid of the Ubuntu zend-framework package and simply
> sync the zendframework package from Debian.
I’m not clear about why Debian should carry Ubuntu-specific
Package: php-letodms-lucene
Version: 1.1.1-2
Severity: important
Control: affects -1 zendframework
Hi,
php-letodms-lucene depends on zendframework (version 1), but this
package is unlikely to make it in Stretch: we intend to ship version 3
of zendframework, that is maintained in separate
Hi,
Le 18/06/2016 à 16:32, Mathieu Parent a écrit :
> Some other things may break, but I'll vote still vote for this patch,
> as only 6 packages depends on it.
>
> David, what do you think?
I disagree, and stand to what I’ve written in the last changelog entry:
Actually fixing the
Hi,
Le 15/06/2016 à 03:56, Ondřej Surý a écrit :
> - php-guzzle - seems fixed to me, but dak still wants to remove the
> package
Code is PHP5-specific, it’s superseded by php-guzzlehttp. None of them
should be released in Stretch, so it’s perfectly fine to see it go away.
Regards
David
Hi Vagrant,
Le 10/06/2016 à 01:30, Vagrant Cascadian a écrit :
> FWIW, I also did the same with xul-ext-tabmixplus, though I should
> probably report a separate bug about that...
Please do: the team is pretty low in human power currently: bug reports
will help tracking the issues. Having
Hi Vagrant,
On Thu, Jun 09, 2016 at 03:39:00PM -0700, Vagrant Cascadian wrote:
> Package: xul-ext-noscript
> Version: 2.6.9.3-1
> Apparently, the xul-ext-noscript package in jessie is incompatible
> with the new firefox-esr security update just released.
Thank you for your report.
> I presume
Hi Mathieu,
On Tue, Jun 07, 2016 at 08:33:43PM +0200, Mathieu Parent wrote:
> 2016-06-07 0:16 GMT+02:00 David Prévot <taf...@debian.org>:
> > FYI, there is now a buildd available for arch:all, so you could have
> > simply dput the _source.changes without any binary pac
Hi Mathieu,
On Mon, Jun 06, 2016 at 09:50:21PM +0200, Mathieu Parent wrote:
> I've uploaded php-sabre-vobject (2.1.7-3) to DELAYED/2. to fix this RC
Thanks for your update! No need to wait IMHO, so I just ran:
dcut reschedule \
--file=php-sabre-vobject_2.1.7-3_amd64.changes
Control: retitle 817751 Useless in Debian
Le 01/06/2016 à 11:50, Nish Aravamudan a écrit :
> I've prepared an NMU for google-api-php-client
Please don’t: this package should not end in a stable release without a
proper maintainer.
Regards
David
signature.asc
Description: OpenPGP digital
Hi,
Le 29/05/2016 à 02:39, Julien Puydt a écrit :
> In fact, I have already prepared a new version, which can be seen here:
> https://mentors.debian.net/package/node-es6-shim
Thanks! Is it available in some public VCS?
> Does it fix the bug properly?
owncloud(-news) has been removed from the
Hi,
Le 27/05/2016 à 15:46, Julien Cristau a écrit :
> On Thu, Mar 31, 2016 at 23:43:03 +0200, Daniel Beyer wrote:
>> Can you give a short update regarding the proposed
>> symfony/2.3.21+dfsg-4+deb8u3, fixing CVE-2016-1902?
FYI, it should be dealt with via DSA with other issues soon, we should
Hi,
> Package: owncloud-client
[
]
> trying to start the client I get this:
>
> leandro@sgorbio:~$ owncloud
> owncloud: symbol lookup error:
> /usr/lib/x86_64-linux-gnu/libowncloudsync.so.0: undefined symbol:
> _ZN9QKeychain16WritePasswordJob6setKeyERK7QString
[
]
> ii libqtkeychain0
Package: ftp.debian.org
Severity: normal
Hi,
As per #824148: the last symfony uploads got rid of php5-symfony-debug
(arch:any), so only arch:all packages are build now. Version
3.0.4+dfsg-1 of php5-symfony-debug seems to prevent version 3.0.6+dfsg-1
of php-symfony* packages to be available in
Control: tag -1 upstream
On Fri, May 13, 2016 at 01:29:46PM +0200, Antonio Ospite wrote:
> Package: php-symfony-serializer
> Version: 2.8.6+dfsg-1
> Severity: normal
>
> Dear Maintainer,
>
> I installed php-symfony-serializer and tried the first example from the
> documentation at
>
Hi,
> Assuming that the resulting package has been tested on wheezy, please go
> ahead.
It just got accepted into oldstable-proposed-updates->oldstable-new,
thanks (and yes, I do use it in some boxes).
Regards
David
Hi Julien,
> Could you have a look and tell me if it's ok?
debian/libjs-moment.install contains now:
locale usr/share/javascript/moment/locale
You probably meant:
locale usr/share/javascript/moment
(Assuming you dont want the locales in
/usr/share/javascript/moment/locale/locale since they
Package: ftp.debian.org
Severity: normal
Hi,
The last symfony uploads got rid of php5-symfony-debug (arch:any), so
only arch:all packages are build now. Version 2.8.4+dfsg-1 [3.0.4+dfsg-1
in experimental] of php5-symfony-debug seems to prevent version
2.8.6+dfsg-1 [3.0.6+dfsg-1 in experimental]
Package: ftp.debian.org
Severity: normal
Hi,
The last twig upload got rid of php5-twig (arch:any), so it only builds
arch:all packages now. Version 1.24.0-1 of php5-twig seems to prevent
version 1.24.0-2 of php-twig* to be available in the archive, and also
prevents twig to migrate into testing.
Package: php-jmespath
Version: 2.3.0-2
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I recently packaged php-jmespath as used by php-aws-sdk (in
experimental), but it won’t be part of Stretch as per #821698. There is
a priori little
Package: php-services-json
Version: 1.0.3-1
Severity: serious
User: pkg-php-ma...@lists.alioth.debian.org
Usertags: php7.0-transition
Hi,
As shown by php7cc, php-services-json contains deprecated PHP 4
constructors. As outlined in #783422, upstream has not been active in
years, so unless that
Hi,
On Sat, May 07, 2016 at 11:58:22AM +1000, Craig Small wrote:
> Package: libjs-mediaelement
> Version: 2.15.1+dfsg-1
> Severity: important
> Tags: security upstream
>
> I saw this regarding the wordpress 4.5.2 release[1].
Thank you for the heads up.
> MediaElement.js is
> vulnerable to a
Package: php-psr-http-message
Version: 1.0-2
Severity: serious
I recently packaged php-psr-http-message as used by php-guzzlehttp-psr7
and php-google-auth, but php-guzzlehttp-psr7 is going away, see #823505
(so is php-google-auth, see #817754). There is a priori little point in
shipping
Package: php-react-promise
Version: 2.4.1-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged php-react-promise as used by php-guzzlehttp-ringphp, but
php-guzzlehttp-ringphp is going away, see #823506. There is a priori
little
Package: python-guzzle-sphinx-theme
Version: 0.7.10-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged python-guzzle-sphinx-theme in order to build php-guzzle-doc,
but php-guzzle is going away, see #821698. There is a priori
Package: php-guzzle-stream
Version: 3.0.0-5
Severity: normal
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged php-guzzle-stream as used by php-guzzlehttp-ringphp, but
php-guzzlehttp-ringphp is going away, see #823506. There is a priori
little
Source: php-guzzlehttp-ringphp
Version: 1.1.0-2
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged php-guzzlehttp-ringphp as used by php-guzzlehttp (version 5,
as in Jessie), but latest version (version 6.2, as in Sid) doesn’t
Package: php-guzzlehttp-psr7
Version: 1.3.0-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I recently packaged php-guzzlehttp-psr7 as used by php-guzzlehttp,
php-aws-sdk (in experimental), and php-google-auth, but php-guzzlehttp
is
Package: php-guzzlehttp-promises
Version: 1.1.0-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I recently packaged php-guzzlehttp-promises as used by php-guzzlehttp
and php-aws-sdk (in experimental), but php-guzzlehttp is going away,
Source: php-guzzlehttp
Version: 6.2.0-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I recently packaged php-guzzlehttp as used by owncloud and
php-google-auth, but owncloud is going away, see #816376 (so is
php-google-auth, see
Package: ftp.debian.org
Severity: normal
Hi,
#756580 was reassigned with a broken title, and the source package
hasn’t been removed AFAICT. Please, remove it too.
Regards
David
signature.asc
Description: PGP signature
Package: ftp.debian.org
Severity: normal
As per #816376, we won’t be shipping ownCloud in the next Debian
release, and since the version in Sid is not installable anymore (see
#821826), there is no point in keeping it at all.
The following reverse dependencies can also go away:
-
Hi Florian,
Le 22/04/2016 à 16:09, Florian Schlichting a écrit :
> On Wed, Apr 20, 2016 at 04:00:40PM -0400, David Prévot wrote:
>> Le 20/04/2016 à 15:43, Florian Schlichting a écrit
>>> So if it's not too difficult to maintain with PHP 7, I'd love for
>>> php-
Hi Florian,
Le 20/04/2016 à 15:43, Florian Schlichting a écrit
> So if it's not too difficult to maintain with PHP 7, I'd love for
> php-apigen to be kept in Debian in the future!
Feel free to take it over (with its dependency chain).
Regards
David
signature.asc
Description: OpenPGP
Package: doctrine-sphinx-theme
Version: 0~20130227-1
Severity: serious
Tags: sid stretch
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged doctrine-sphinx-theme to build doctrine-orm-doc, but we
stopped building it (not DFSG compliant anymore).
security fix from 1.12.18:
+- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
+ http://framework.zend.com/security/advisory/ZF2016-01
+
+ -- David Prévot <taf...@debian.org> Wed, 13 Apr 2016 16:34:02 -0400
+
zendframework (1.11.13-1.1+deb7u5) wheezy; urgency=
+deb8u6) jessie; urgency=medium
+
+ * Fix regression from ZF2015-08: binary data corruption
+ * Backport security fix from 1.12.18:
+- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
+ http://framework.zend.com/security/advisory/ZF2016-01
+
+ -- David Prévot <taf...@debian.
Hi Thijs,
Thanks for you interest in the composer package.
Le 07/04/2016 09:57, Thijs Kinkhorst a écrit :
> Installing composer by default also pulls in mercurial because it's in
> Recommends. I personally doubt that the amount of mercurial use justifies
> pulling it in by default (and e.g. not
Hi,
Thank you for your report.
CCing Perpetuum who reported a similar issue in #819415, and Mathieu who
uploaded php-seclib 1.0.1-3.
Le 28/03/2016 07:31, Frank Jung a écrit :
> Package: php-seclib
> Version: 1.0.1-3
> Loading Dokuwiki running on lighttpd reported a 500 "The localhost page
Package: php-xml-parser
Version: 1.3.6-1
Severity: serious
Control: block -1 by 818800
User: pkg-php-ma...@lists.alioth.debian.org
Usertags: php7.0-transition
[ Filled as an RC-bug by a team member to see the package auto-removed
from testing, and not let it block the PHP 7.0 transition. ]
Hi,
Le 24/03/2016 15:13, Adam D. Barratt a écrit :
> Thanks for the review and the examples. Please feel free to upload.
Uploaded and accepted, thanks.
Regards
David
signature.asc
Description: OpenPGP digital signature
Hi,
On Tue, Mar 22, 2016 at 08:45:02PM -0700, Sean Whitton wrote:
> The version of mozilla-devscripts currently in Jessie generates
> references to the iceweasel and icedove packages. But iceweasel is to
> be replaced with firefox-esr, and icedove is probably going to be
> replaced with
Hi Sean,
Thank you for your work on the xul-ext-* tools!
On Tue, Mar 22, 2016 at 04:51:15PM +, Debian Bug Tracking System wrote:
[…]
> mozilla-devscripts (0.45.1) unstable; urgency=high
> .
>* Restore generation of iceweasel entries for Depends:, Enhances:
> etc. to ease the
Package: simplesamlphp
Version: 1.14.2-1
Severity: normal
Hi,
It seems like simplesamlphp is the last bit in Debian depending on
php-xml-parser, but it doesn’t seem to actually use it. If
php-xml-parser is not used by simplesamlphp, please drop the dependency
on it, so we can get rid of it for
Hi,
> On Sun, Mar 20, 2016 at 01:05:22PM +0100, Jakub Wilk wrote:
>> To facilitate smoother partial jessie->stretch upgrades, it would be
>> good if iceweasel was added as an alternative dependency.
>
> I'm not familiar with this use case: could you explain why someone might
> want to do that,
Le 18/03/2016 18:06, Josh Triplett a écrit :
> I would suggest that Firefox addon packages should depend on "firefox |
> firefox-esr"
Most of those packages are mozilla-devscripts for the build and just
need to be rebuilt to get fixed. Even if our infrastructure has all the
needed tools to
Hi Dmitry,
> My concern for removal of this package is that recently introduced CiviCRM
> loosely depends on it.
Looks like civicrm only build-depends on it, that seems strange (I wonder
how php-services-json is used during the build).
Looks like civicrm is using dh_linktree for embedding PHP
Package: php-mail-mimedecode
Version: 1.5.5-3
Severity: serious
[Filled as RC by a team member to see it autoremoved from testing if
nobody disagrees. Please, do downgrade it with an explanation if you
disagree.]
This package has no reverse dependencies anymore in Stretch, and hasn’t
seen any
Package: libjs-jquery-minicolors
Version: 1.2.1-1
Severity: serious
Tag: sid stretch
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged libjs-jquery-minicolors as used by owncloud, but owncloud is
going away, see #816376. There is a priori little
Package: owncloud-doc
Version: 0~20160302-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged owncloud-doc as used by owncloud, but owncloud is going away,
see #816376. There is a priori little point in shipping owncloud-doc
Package: python-sphinxcontrib.phpdomain
Version: 0.1.4-2
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged python-sphinxcontrib.phpdomain to build owncloud-doc and
php-opencloud-doc as used by owncloud, but owncloud is going
Package: libjs-chosen
Version: 0.9.11-2
Severity: serious
Tags: sid stretch
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing. ]
I packaged libjs-chosen as used by owncloud, but owncloud is going away,
see #816376. There is a priori little point to ship
Package: debpear
Version: 0.4
Severity: serious
[ Filled as an RC-bug by a team member to ensure the package does not
get released with this status in Stretch. ]
Even if it doesn’t show up in the package metadata, according to a quick
look at the code, there are some assumptions about at least
Hi Benoit,
Le 15/03/2016 04:54, Benoit Mortier a écrit :
> Le 09/03/16 21:38, David Prévot a écrit :
>> Package: php-google-api-php-client
[…]
>> Package: php-google-auth
>> [ Filled as an RC-bug by the maintainer to see the package auto-removed
>> from testing, a
Package: php-picofeed
Version: 0.1.19-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing, and not let it block the PHP 7.0 transition. ]
I recently packaged php-picofeed, as used by owncloud-news, but it’s now
gone as per #816901 since
Package: php-nette
Version: 2.3.9-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing, and not let it block the PHP 7.0 transition. ]
I packaged php-nette as used by php-apigen in order to build
php-opencloud(-doc), as used by owncloud, but
Package: ftp.debian.org
Severity: normal
Hi,
Please remove phpseclib from experimental, the version 2 is now provided
by php-phpseclib.
Regards
David
signature.asc
Description: PGP signature
Package: php-psr-cache
Version: 1.0.0-1
Severity: serious
[ Filled as an RC-bug by the maintainer to see the package auto-removed
from testing, and not let it block the PHP 7.0 transition. ]
I recently packaged php-psr-cache as a new symfony dependency, but it
shouldn’t be useful before 3.1
401 - 500 of 2625 matches
Mail list logo