Source: rust-lexical-core
Version: 0.7.6-2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2023-0086.html
https://github.com/Alexhuszagh/rust-lexical/issues/102
https://github.com/Alexhuszagh/rust-lexical/issues/101
https://github.com/
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: aiorwl...@packages.debian.org
Control: affects -1 + src:aiorwlock
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove aiorwlock. It FTBFSes since three years and the last
maintainer upload was in 2019.
Cheers,
Mori
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: evqueue-c...@packages.debian.org
Control: affects -1 + src:evqueue-core
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove evqueue-core. It's RC-buggy since over five years
and the last maintainer upload was in 2018.
Chee
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: aioc...@packages.debian.org
Control: affects -1 + src:aiocoap
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove aiocoap. It FTBFSes since over two years and the last maintainer
upload was in 2019.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: aws-sh...@packages.debian.org
Control: affects -1 + src:aws-shell
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove aws-shell. It's RC-buggy and dropped from testing since 4.5 years
and the last maintainer upload was in 2
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: fonts-alegreya-s...@packages.debian.org
Control: affects -1 + src:fonts-alegreya-sans
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove fonts-alegreya-sans. There was only ever a single upload
back in 2019 and the package
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: python-arrayf...@packages.debian.org
Control: affects -1 + src:python-arrayfire
User: ftp.debian@packages.debian.org
Usertags: remove
src:arrayfire is RC-buggy and has a pending RM bug. This package contains
the Python bindings and needs t
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: arrayf...@packages.debian.org
Control: affects -1 + src:arrayfire
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove arrayfire. The last upload was in 2016 and it's dropped
from testing due to RC bugs since 2018 (e.g. FTBF
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: xmms2-scrobb...@packages.debian.org
Control: affects -1 + src:xmms2-scrobbler
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove xmms2-scrobbler. It's broken since last.fm changed their site
in 2015 (!) (#798099) and the l
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ja...@packages.debian.org
Control: affects -1 + src:jajuk
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove jajuk. The last upload happened in 2017 and it's RC-buggy/removed
from testing for over five years now.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: perl-doc-h...@packages.debian.org
Control: affects -1 + src:perl-doc-html
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove perl-doc-html. It contains outdated docs, has been dropped
from testing since 2018 and is orphane
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: fakeroot...@packages.debian.org
Control: affects -1 + src:fakeroot-ng
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove fakeroot-ng. It FTBFSes since over two years without
any reaction and the last maintainer upload (who
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: haskell98-tutor...@packages.debian.org
Control: affects -1 + src:haskell98-tutorial
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove haskell98-tutorial. It's RC-buggy since 2021
and up for adoption without any takers sin
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: libneo4j-cli...@packages.debian.org
Control: affects -1 + src:libneo4j-client
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove libneo4j-client. It's RC-buggy since 2021 when
GCC 11 became the default and the last maintai
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ifsch...@packages.debian.org
Control: affects -1 + src:ifscheme
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove ifscheme. It's broken since at least 2021 (#981637)
and orphaned without an adopter since 2020.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: tl...@packages.debian.org
Control: affects -1 + src:tldjs
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove tldjs. It's RC-buggy since 2021, missed the last
two stable releases and the last maintainer upload was in 2018.
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove binutils64. It's RC-buggy since (and thus never made it
into a stable release) since April 2021 without any maintainer reaction
and there were no further uploads after the initial ones
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: bdfpr...@packages.debian.org
Control: affects -1 + src:bdfproxy
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove bdfproxy. It's RC-buggy since 1.5 years and never
made it into any stable release. The last maintainer uplo
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: bean...@packages.debian.org
Control: affects -1 + src:beanbag
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove beanbag. It FTBFSes since 2020 and the last maintainer
upload happened in 2015.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: qiskit-...@packages.debian.org
Control: affects -1 + src:qiskit-aer
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove qiskit-aer. There's multiple RC bugs, the last maintainer upload
was in
2021 and it has been dropped f
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: my...@packages.debian.org
Control: affects -1 + src:myhdl
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove myhdl. The last upload was in 2019 and it's RC-buggy and dropped
from testing for over three years (and missed th
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: i...@packages.debian.org
Control: affects -1 + src:itop
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove itop. The last maintainer upload was in 2008 and the package
is broken since 2018 (and dropped from testing since 2
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: obs-...@packages.debian.org
Control: affects -1 + src:obs-ptz
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove obs-ptz. There was only ever a single upload and the package
FTBFSes since October 2022 without any maintaine
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pd...@packages.debian.org
Control: affects -1 + src:pdfrw
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove pdfrw. The last maintainer upload was in 2018 and it's broken
since
Python 3.7 became the default and thus dropp
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: lite...@packages.debian.org
Control: affects -1 + src:literki
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove literki. The last maintainer upload happened in 2010
and the package has multiple open RC bugs and hasn't bee
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: lilyt...@packages.debian.org
Control: affects -1 + src:lilyterm
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove lilyterm. The last upload happened in 2017 and the package is
RC-buggy since 2020.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ricochet...@packages.debian.org
Control: affects -1 + src:ricochet-im
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove ricochet-im. The last upload happened 5.5 years
ago and the package is RC-buggy since 2021.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: pst...@packages.debian.org
Control: affects -1 + src:pstack
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove pstack. The last upload was in 2011 and it's RC-buggy since 4.5
years.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Tags: ftbfs
X-Debbugs-Cc: pxe-ke...@packages.debian.org
Control: affects -1 + src:pxe-kexec
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove pxe-kexec. The last upload was in 2012
and it FTBFSes due to missing compat with GCC 11 since
Package: ftp.debian.org
Severity: normal
Tags: ftbfs
X-Debbugs-Cc: wat...@packages.debian.org
Control: affects -1 + src:watson
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove watson. The last maintainer upload was in 2019 and the
package FTBFSes since 2021.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: drm...@packages.debian.org
Control: affects -1 + src:drmips
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove drmips. The last maintainer upload was in 2016
and the packages FTBFSes since four years.
Cheers,
Mori
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: eff...@packages.debian.org
Control: affects -1 + src:effcee
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove effcee. There was only ever a single upload and the package
FTBFSes since three years.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: r...@packages.debian.org
Control: affects -1 + src:rdup
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove rdup. It's RC-buggy since 2019 and dropped from testing
since then. The last maintainer upload was in 2017.
Cheers
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: p...@packages.debian.org
Control: affects -1 + src:pafy
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove pafy. It's broken since two years and already missed
Bookworm for that. The last maintainer upload was in 2016.
Ch
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: orig...@packages.debian.org
Control: affects -1 + src:origami
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove origami. It's broken since 4.5 years (953144) and
thus missed the last two stable releases. The last maintain
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: privb...@packages.debian.org
Control: affects -1 + src:privbind
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove privbind. The last maintainer upload was in 2010
and it is RC-buggy since 2021 (and thus missed Bookworm al
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: mahim...@packages.debian.org
Control: affects -1 + src:mahimahi
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove mahimahi, the last maintainer upload was in 2017
and it FTBFSes since 3.5 years (and thus missed Bookworm a
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ignore...@packages.debian.org
Control: affects -1 + src:ignore-me
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove ignore-me. There was only ever a single upload
in 2018 and the package FTBFSes since 6.5 years.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: bw...@packages.debian.org
Control: affects -1 + src:bwctl
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove bwctl. The last maintainer upload was in 2015 and
it FTBFSes since 2021 (and thus missed Bookworm already).
Chee
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: g...@packages.debian.org
Control: affects -1 + src:gli
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove gli. The last upload was in 2017 and it FTBFSes since 6.5 years.
There are no reverse dependencies.
Cheers,
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: l...@packages.debian.org
Control: affects -1 + src:lsdb
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove lsdb. It's RC-buggy since 2020 and missed Bookworm
already. The last maintainer upload was in 2007 and it has been
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: picp...@packages.debian.org
Control: affects -1 + src:picprog
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove picprog. It's RC-buggy since 2019 and thus missed
the last two stable releases (since Linux 5.5 entered Debia
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ope...@packages.debian.org
Control: affects -1 + src:openmx
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove openmx. It FTBFSes since GCC 10 was made the default
in 2020 and thus missed the last two stable releases and i
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: navi...@packages.debian.org
Control: affects -1 + src:navi2ch
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove navi2ch. There was only ever a single upload in 2012
and the package is RC-buggy since 2020 and thus missed t
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: mxt-...@packages.debian.org
Control: affects -1 + src:mxt-app
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove mxt-app. It's FTBFSes without any maintainer
reaction since 4.5 years and thus missed the last two
stable rel
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: termt...@packages.debian.org
Control: affects -1 + src:termtris
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove termtris. It's unmaintained (there was only ever a single upload
in 2019) and it's RC-buggy since 2020 (and
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: twof...@packages.debian.org
Control: affects -1 + src:twofish
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove twofish. It's RC-buggy since 2021 and already missed
Bookworm due to that. Upstream is dead and there are no
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: x...@packages.debian.org
Control: affects -1 + src:xjig
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove xjig. It's dead upstream, unmaintained (last maintainer
upload in 2013) and RC-buggy due to netpbm changes. It alre
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: g...@packages.debian.org
Control: affects -1 + src:gems
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove gems. It's unmaintained (last upload 13 years ago),
it's RC-buggy since 2021 and missed the last stable release.
C
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: sn...@packages.debian.org
Control: affects -1 + src:snort
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove snort. It's unmaintained (last upload three years ago), it
missed two stable releases and there's plenty of open
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: enigm...@packages.debian.org
Control: affects -1 + src:enigmail
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove enigmail. Thunderbird now has native GPG support and the package
was only needed in old releases to support
Source: ogmrip
Version: 1.0.1-4
Severity: serious
gpac is unsupportable and thus orphaned and not in stable.
It should be removed, but ogmrip depends on it. From a
quick glance ogmrip also supports mencoder, so possibly
that dependency could simply get removed?
Cheers,
Moritz
Source: ccextractor
Version: 0.94+ds1-3
Severity: serious
gpac is unsupportable, thus orphaned and not in Bookworm. It should
be removed, but ccextractor build depends on it. From a quick glance
is also has some build flags for ffmpeg, so maybe that's an alternative?
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: watchc...@packages.debian.org
Control: affects -1 + src:watchcatd
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove watchcatd. It's dead upstream and generally obsolete,
such process supervision is built into systemd nati
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: sle...@packages.debian.org
Control: affects -1 + src:sleepd
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove sleepd. Upstream development has stopped a long time ago,
and it's orphaned for a decade without an adopter.
C
On Mon, Jun 17, 2024 at 06:18:40PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Fri, 2024-06-14 at 23:25 +0200, Moritz Muehlenhoff wrote:
> > Attached debdiff fixes three minor security issues. The update
> > has been tested on a Bookworm system. debdi
On Fri, Jun 14, 2024 at 07:30:46AM +0200, Florian Ernst wrote:
> On Thu, Jun 13, 2024 at 08:17:41PM +0200, Moritz Muehlenhoff wrote:
> > Thanks, these look good! Please upload to security-master, I'll take care
> > of the DSA over the weekend.
>
> Thanks for verify
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: ram...@packages.debian.org
Control: affects -1 + src:ramond
User: ftp.debian@packages.debian.org
Usertags: remove
Please remove ramond. It's dead upstream, the last maintainer upload
was in 2012 without a new adopter and it's basically non
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: bl...@packages.debian.org, iwama...@debian.org
Control: affects -1 + src:bluez
User: release.debian@packages.debian.org
Usertags: pu
Attached debdiff fixes three minor security issues. The update
has been tested on a Boo
Hi Florian,
> Please give those packages an additional check, and feel free to just
> upload them when they indeed meet your requirements, or briefly ping me
> back for me to upload them / possibly apply further changes, whatever
> suits you best.
Thanks, these look good! Please upload to securit
Package: security-tracker
Severity: wishlist
These days the scopes of CNAs are usually narrow and scoped to a specific
vendor.
We should leverage this for pre-processing incoming data and to reduce toil.
We can do this by extending the "automatic update" job to automatically
annotate CVEs assig
Hi Florian,
On Mon, Jun 10, 2024 at 08:41:27AM +0200, Florian Ernst wrote:
> Dear Security Team,
>
> On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote:
> > [...]
> > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564
> > https://www.cve.org/CVERecord?id=CVE-2024-
On Sun, Jun 09, 2024 at 06:23:00PM +0100, Simon McVittie wrote:
> On Sun, 09 Jun 2024 at 17:23:27 +0200, gru...@laposte.net wrote:
> > Please note that ^e gives ê correctly but `A doesn't
>
> Security team:
>
> Based on this information, I don't think this is a regression caused by
> the GLib sec
Source: debian-security-support
Version: 1:13+2024.05.15
Severity: wishlist
X-Debbugs-Cc: d...@fifthhorseman.net
Security support for libreswan in Bullseye is EOLed, the recent
security fixes for CVE-2023-38710 are too intrusive/risky to
backport (also see https://github.com/libreswan/libreswan/is
On Tue, May 28, 2024 at 05:33:32PM -0400, Jeremy Bícha wrote:
> Control: forwarded -1 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
>
> On Tue, May 28, 2024 at 5:24 PM Moritz Mühlenhoff wrote:
> > CVE-2024-36472[0]:
> > | In GNOME Shell through 45.7, a portal helper can be launched
> >
On Tue, May 28, 2024 at 09:06:51AM +0200, Thomas Goirand wrote:
> On 5/22/24 17:08, Moritz Mühlenhoff wrote:
> > The following vulnerability was published for python-pymysql.
> >
> > We should also fix this in a DSA, could you prepare debdiffs for
> > bookworm-security and bullseye-security?
> >
On Fri, May 24, 2024 at 11:42:38AM -0400, Louis-Philippe Véronneau wrote:
> On Fri, 24 May 2024 16:53:28 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
> wrote:
> > Source: clojure
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following v
On Wed, May 22, 2024 at 02:42:58PM -0300, Leandro Cunha wrote:
> Hi everyone,
>
> On Wed, May 22, 2024 at 12:39 PM Moritz Mühlenhoff wrote:
> >
> > Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> > > Hi Christoph Berg,
> > >
> > > On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg w
Source: debian-security-support
Version: 1:13+2024.01.30
Severity: wishlist
X-Debbugs-Cc: gennaro.ol...@gmail.com
Security support for slurm-wlm in Bullseye is EOLed, the recent
changes were too intrusive too meaningfully backport.
On Wed, May 01, 2024 at 06:29:29PM +0100, Adam D. Barratt wrote:
> On Wed, 2024-05-01 at 13:02 +0200, Moritz Muehlenhoff wrote:
> > Please remove salt in the next Bullseye point release.
> > It was already removed frm unstable for being unsupportable
> > and unmaintained (htt
Source: debian-security-support
Version: 1:13+2024.01.30
Severity: wishlist
X-Debbugs-Cc: z...@debian.org
Please mark pdns-recursor as EOL/no longer covered by security support
in Bullseye. These packages can still be used for select use cases
(internal resolver within a company network), but 4.4
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: s...@packages.debian.org
Control: affects -1 + src:salt
User: release.debian@packages.debian.org
Usertags: rm
Please remove salt in the next Bullseye point release.
It was already removed frm unstable for being unsupportable
and unmain
On Thu, Apr 25, 2024 at 08:37:14AM +0200, Chris Hofstaedtler wrote:
> Hi Moritz,
>
> could we once again use the upstream release for stable?
> debdiff 4.8.7-1 -> 4.8.8-1 is attached.
Ack. Following the 4.8 releases has served us well. debdiff looks fine,
please build with -sa and upload to secur
On Sun, Apr 21, 2024 at 07:35:43PM +, Victor Seva wrote:
> Hi,
>
>
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for
> bookworms-security [0].
>
> Attached debdiff file.
>
> Waiting for you reply,
> Victor
>
> [0]
> https://salsa.debian.org/pkg-voip-team/sngrep/
On Thu, Apr 18, 2024 at 02:40:41PM +0200, Moritz Schlarb wrote:
> Dear Salvatore,
>
> I've prepared, built, tested and uploaded fixed versions for bullseye
> (2.4.9.4-0+deb11u4), bookworm (2.4.12.3-2+deb12u1) and trixie (2.4.15.7-1).
>
> Would you like to issue a DSA for them or is it enough that
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtomm...@packages.debian.org
Control: affects -1 + src:libtommath
Addresses CVE-2023-36328, debdiff below. Acked by Dominique before.
Cheers,
Moritz
diff
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
> On 4/4/24 22:51, Moritz Mühlenhoff wrote:
> > Source: apache2
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were published for apache2.
> >
> > CVE-2024-2
On Thu, Apr 04, 2024 at 05:54:51AM +0200, Salvatore Bonaccorso wrote:
> Hi Marco,
>
> [CC'ing security team]
>
> On Mon, Apr 01, 2024 at 04:25:05PM +0200, Marco d'Itri wrote:
> > Control: found -1 5.0.0-1
> > Control: fixed -1 7.4.2
> >
> > On Nov 17, Salvatore Bonaccorso wrote:
> >
> > > CVE-
Hi Adrian,
> >...
> > > debdiffs contain only changes to debian/
> >
> > The bookworm/bullseye debdiffs looks good, please upload to
> > security-master, thanks!
>
> both are now uploaded.
DSA has been released, thanks!
> > Note that both need -sa, but dak needs some special attention when
>
On Thu, Mar 21, 2024 at 09:33:51PM +0100, Andreas Rönnquist wrote:
> On Fri, 10 Mar 2023 18:04:23 +0100 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
> wrote:
> > Source: allegro4.4
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vuln
On Fri, Feb 23, 2024 at 10:13:53PM +0100, Hilmar Preuße wrote:
> On 23.02.24 16:31, Moritz Mühlenhoff wrote:
>
> Hello Moritz,
>
> > The following vulnerability was published for texlive-bin.
> >
> > CVE-2024-25262[0]:
> > | texlive-bin commit c515e was discovered to contain heap buffer
> > | ov
On Wed, Feb 21, 2024 at 04:15:17PM +0100, Matthias Klumpp wrote:
> I'd read the "unaffected at 1.2.7" as version 1.2.7 and higher not
> having the bug... But then again, on another page it said that the
> respective patch only lowered the impact...
> I remember merging that patch, and it was a pret
On Tue, Feb 20, 2024 at 10:11:35PM +0100, Matthias Klumpp wrote:
> The CVE page lists that commit as "patch" now, and given that emitting
> a finished transaction as finished multiple times could indeed cause
> issues (and use-after-free issues potentially as well), I am inclined
> to think that th
On Mon, Feb 12, 2024 at 06:16:48PM +, Jonathan Wiltshire wrote:
> On Mon, Feb 12, 2024 at 09:24:47AM +, Holger Levsen wrote:
> > hi,
> >
> > On Sun, Feb 11, 2024 at 09:44:18PM +, Jonathan Wiltshire wrote:
> > > Requested by security team. Not in stable or testing.
> >
> > once this ha
On Fri, Feb 09, 2024 at 04:40:31PM +0100, Thorsten Alteholz wrote:
> Hi Moritz,
>
> thanks for the bug. Upstream knows about the issue and already fixed it [1]
> + [2].
Thanks. I think the real worl impact is pretty negligible, it's enough to land
a fix for the next release, but not for released
On Fri, Jan 26, 2024 at 08:48:47PM +0100, Santiago Vila wrote:
> severity 1061543 important
> found 1061543 2.2.12-1
> found 1061543 2.2.12-4+deb12u2
> thanks
>
> El 26/1/24 a las 8:52, Moritz Mühlenhoff escribió:
> > Source: indent
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: normal
>
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: un...@packages.debian.org
Control: affects -1 + src:unadf
Addresses two no-dsa security issues, same fix already rolled out
for Bookworm. Debdiff below.
Cheers,
On Mon, Jan 15, 2024 at 09:10:57PM +0100, Salvatore Bonaccorso wrote:
> Hi Moritz,
>
> On Mon, Jan 15, 2024 at 08:49:04PM +0100, Moritz Muehlenhoff wrote:
> > Source: rust-tracing
> > Version: 0.1.37-1
> > Severity: important
> > Tags: security
>
Source: rust-tracing
Version: 0.1.37-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2023-0078.html
https://github.com/tokio-rs/tracing/pull/2765
Fixed by:
https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68
Source: gtkwave
Version: 3.3.116-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
A very thorough security audit of gtkwave unveiled a total of 82 security
issues in gtkwave, all fixed in 3.3.118:
CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2
On Mon, Dec 25, 2023 at 10:32:41AM +0100, Tobias Frost wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: hapr...@packages.debian.org
> X-Debbugs-Cc: t...@security.debian.org
> Control: affects -1 +
al:
> >> > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff a
> >> écrit :
> >> >
> >> > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> >> > > > Hi,
> >> > > >
> >> > > > [CC&
On Fri, Dec 22, 2023 at 10:28:42AM +0100, Samuel Thibault wrote:
> Control: severity -1 wishlist
>
> Hello,
>
> Moritz Mühlenhoff, le ven. 22 déc. 2023 10:03:28 +0100, a ecrit:
> > CVE-2023-49287[0]:
> > | TinyDir is a lightweight C directory and file reader. Buffer
> > | overflows in the `tinydi
On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> [CC'ing node-undici uploader]
> > >> Ack, let's do that. Could you prepare bookworm-security updates
> > >> based on 18.17.0 (after it has landed in unstable)?
> > >
> > nodejs 18.19.0 has landed in testing.
> > It reb
On Wed, Dec 20, 2023 at 11:43:11AM +0900, Mike Hommey wrote:
> Version: 2:3.95-1
>
> On Tue, Dec 19, 2023 at 10:21:27PM +0100, Moritz Mühlenhoff wrote:
> > Source: nss
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilit
On Fri, Dec 15, 2023 at 10:39:04AM +0200, Adrian Bunk wrote:
> > That is a good point. However, I consider full coverage of security support
> > for stable to be an improvement over the current situation. Explicitly
> > stating that security support is not shipped for oldstable does not do any
> >
Hi Simon,
> Unless the security team have reasons to want this to be treated as
> urgent, I would suggest that instead of rushing to apply Ubuntu's
> solution, we should see what happens upstream, and then follow that in
> Debian when the dust has settled.
Agreed, this isn't an issue we need to r
Source: debian-security-support
Version: 1:13+2023.09.27
Severity: wishlist
Hashicorp changed the license of Consul and MPLed patches are onky
provided until Dec 31. As such, it has been removed from unstable
and needs to be EOLed for bullseye (removal from bullseye isn't
simple, it would require
On Mon, Dec 04, 2023 at 09:13:41AM +, Holger Levsen wrote:
> Hi Salvatore,
>
> thanks for your continous work on Debian security!
>
> On Sun, Dec 03, 2023 at 08:03:05PM +, Debian Bug Tracking System wrote:
> > > clone -1 -2 -3
> > Bug #1057315 [src:tiles] tiles: CVE-2023-49735
> > Bug 105
Salvatore Bonaccorso wrote:
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> The project is dead-upstream TTBOMK, so not sure if/what we can do at
> all for this issue. Removal seems not possible as per:
1 - 100 of 3177 matches
Mail list logo
