Source: sortsmill-tools
Version: 0.4-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python and thus removed from testing since 2019
- Last upload in 2013
If you disagree and want to continue to maintain this package,
please just close this bug
Source: ketchup
Version: 1.0.1+git20111228+e1c62066-2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last upload in 2017
- Seems dead upstream (last commit from eight years ago)
- Per #946203 do
Source: broctl
Version: 1.4-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus removed from testing since 2019
- Last upload in 2015
If you disagree and want to continue to maintain this package,
please just close this bug (and fix t
Source: geda-gaf
Version: 1:1.8.2-11
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Also uses outdated Guile
- Last upload in 2018
If you disagree and want to continue to maintain this package,
Source: undertaker
Version: 1.6.1-4.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and thus removed from testing since 2019
- Last maintainer upload in 2016
If you disagree and want to continue to maintain this package,
please just cl
Source: neard
Version: 0.16-0.1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last maintainer upload in 2013
- Depends on Python 2 and thus removed from testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bug
Source: hgsubversion
Version: 1.9.3+git20190419+6a6ce-5
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still depends on Python 2 and removed from testing since 2020
- Dead upstream (no commits after 2019)
If you disagree and want to continue to maintain this pac
Source: nglister
Version: 1.0.2
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016
- Removed from testing since 2019
- Multiple RC bugs
If you disagree and want to continue to maintain this package,
please just close this bug (and f
Source: zorp
Version: 7.0.1~alpha2-3
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2019, removed from testing since 2017
- Still depends on Python 2.7 and thus RC-buggy
If you disagree and want to continue to maintain this package,
please just cl
Source: python-nemu
Version: 0.3.1-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2016 and dropped from testing in 2019
- Still uses Python 2.7 and not fixed upstream either
If you disagree and want to continue to maintain this package,
please j
Source: sandsifter
Version: 1.04-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Still uses Python 2.7 and thus RC buggy
- Last upload in 2019 and not in testing since 2019
If you disagree and want to continue to maintain this package,
please just close this bu
Source: postnews
Version: 0.7-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Removed from testing for ~ two years, no followup to RC bugs
- Also no changes upstream since 2017
If you disagree and want to continue to maintain this package,
please just close thi
Source: arriero
Version: 0.6-1
Severity: serious
Your package came up as a candidate for removal from Debian:
- Last upload in 2017
- Still uses Python 2.7 and thus RC buggy
- Missed the last two stable releases and removed from testing since 2018
If you disagree and want to continue to maintain
Source: zlib
Version: 1:1.2.11.dfsg-2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2018-25032:
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Cheers,
Moritz
Source: pluxml
Version: 5.6-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2022-25020:
https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf
CVE-2022-25018:
https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
CVE-2022-2458
Package: ftp.debian.org
Severity: normal
Please remove xcal. It's dead upstream, unmaintained (last upload
in 2008) and there's three RC bugs.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove bopm. It's unmaintained (last upload a decade ago), RC buggy,
dead upstream and a maintained fork (hopm) is in the archive.
Cheers,
Moritz
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: m...@tls.msk.ru
Various low severity qemu issues, but since quite a few
of those have piled up, it makes sense to move to an
update. Debdiff below.
Cheers,
Mor
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: fab...@debian.org
Fixes a minor security issue, debdiff below (and was just uploaded).
Tested with a few sample files.
Cheers,
Moritz
diff -Nru flac-1.3.3/de
On Fri, Feb 18, 2022 at 02:41:57PM -0800, Bill Poser wrote:
> I am the developer of redet. I don't understand this bug report. redet does
> not use anything called dpatch so far as I know. Is this something added in
> the Debianization of redet downstream from me?
Yes, exactly. It's a legacy mecha
Source: dpatch
Version: 2.0.41
Severity: serious
dpatch has been obsoleted by source format 3.0 (quilt), there's only
19 reverse dependencies in the archive (5 of them in testing), for
which bugs have been filed.
Cheers,
Moritz
Source: mgetty
Version: 1.2.1-1.1
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-skk
Version: 0.5.2-7.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: dvbsnoop
Version: 1.4.50-5
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: scim-canna
Version: 1.0.0-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: myspell
Version: 1:3.0+pre3.1-24.2
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: elscreen
Version: 1.4.6-5.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: syrep
Version: 0.9-4.3
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: redet
Version: 8.26-1.4
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: efax
Version: 1:0.9a-20
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: vdk2
Version: 2.4.0-5.5
Severity: serious
dpatch is deprecated and will be removed before the bookworm release.
Please migrate to source format 3.0 (quilt) instead.
Source: libde265
Version: 1.0.8-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2020-21602:
https://github.com/strukturag/libde265/issues/242
CVE-2020-21600:
https://github.com/strukturag/libde265/issues/243
CVE-2020-21598:
https://github.com/strukturag/libde265/issues/2
Package: ftp.debian.org
Severity: normal
Please remove gif2apng, it's dead upstream and has open security issues
Cheers,
Moritz
On Tue, Jan 25, 2022 at 12:20:46AM +1100, Trent W. Buck wrote:
> Package: debian-security-support
> Version: 1:11+2021.03.19
> Severity: normal
> File: /usr/share/debian-security-support/security-support-limited
>
> As at Debian 11,
>
> * webkitgtk is in src:webkit2gtk, not src:webkit.
> * kh
Source: libsixel
Version: 1.8.6-2
Severity: normal
It seems that since 1.10.3-1 the Debian package moved from
https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel ,
right?
If so please update the Homepage: entry in debian/control so the new site
properly
shows up in track
Package: ftp.debian.org
Severity: normal
Please remove flexbackup. It's dead upstream (last release from 2003),
unmaintained (last maintainer upload in 2008, orphaned without an adopter
since 2012) and currently RC-buggy. Plenty of alternatives exist.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove xxgdb. It's dead upstream, unmaintained (last upload in 2010
and orphaned without an adopter since 2019) and alternatives like ddd exist.
Cheers,
Moritz
Source: topydo
Version: 0.14-5
Severity: important
topydo uses Python 3, but there are still two Python 2 build deps: python-all
and python-setuptools.
Cheers,
Moritz
On Sat, Jan 01, 2022 at 01:23:09PM -0500, Andres Salomon wrote:
> How should I handle this? NMU to sid, let people try it out, and then
> deal with buster/bullseye?
Yeah, let's proceed with unstable first in any case.
> Upload everything all at once? I'm also
> going to try building for buster, u
On Sun, Jan 02, 2022 at 06:53:51PM +0100, Mattia Rizzolo wrote:
> Correlated, do you know how long do they plan on keeping using python2?
> That's plainly unsuitable, it really is not going to last much longer in
> debian.
Current state of the Python 3 upstream migration can be found here:
https:/
On Sun, Dec 12, 2021 at 08:11:00PM -0500, Andres Salomon wrote:
> On 12/5/21 6:41 AM, Moritz Mühlenhoff wrote:
> > Am Sun, Dec 05, 2021 at 10:53:56AM +0100 schrieb Paul Gevers:
> > Exactly that.
> >
> > I'd suggest anyone who's interested in seeing Chromium supported to first
> > update it in unst
Package: ftp.debian.org
Severity: normal
Please remove bareos. It has nine open RC bugs, the last maintainer
upload was in Feb 2019 and there was no objection to my removal
proposal at #995837 for two months.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove pycalendar. It depends on Python 2, is dead upstream (upstream
issue for Py3 support is open since 2017 without action), there are no reverse
dependencies (just a Recommends: by caldav-tester, but it's dropped from
testing since a year for bei
Package: ftp.debian.org
Severity: normal
Please remove python-mode. It's RC-buggy (missed Bullseye, dropped from
testing for > 15 months) and orphaned without an adopter since Sep 2020.
Cheers,
Moritz
-1,3 +1,10 @@
+jtreg (5.1-b01-2~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster, needed for latest OpenJDK 11.x release
+- Switch to debhelper 12
+
+ -- Moritz Muehlenhoff Fri, 19 Nov 2021 16:26:05 +
+
jtreg (5.1-b01-2) unstable; urgency=medium
* Team upload.
diff -Nru jtreg-5.1-
-1,3 +1,10 @@
+jtharness (6.0-b15-1~deb10u1) buster; urgency=medium
+
+ * Rebuild for buster, needed for latest OpenJDK 11.x release
+- Switch to debhelper 12
+
+ -- Moritz Muehlenhoff Fri, 19 Nov 2021 16:17:12 +
+
jtharness (6.0-b15-1) unstable; urgency=medium
* Team upload.
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: only...@debian.org
Please remove residualvm. It got merged into ScummVM 2.5.0, which
is now in unstable: https://www.scummvm.org/news/20211009/
Removal also acked by Dmitry (CCed)
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove opencaster. It depends on Python 2 and is dead upstream.
Removal was acked by Thorsten in #937194.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: a...@sigxcpu.org
Please remove libvirt-sandbox. It depends on Python 2 and is dead upstream.
Removal was acked by Guido.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove citadel. It's orphaned for over two years without an adopter
and removed from testing since years since the current package is broken
(939377). In addition there's open security issues.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: deb...@onerussian.com
Please remove openopt. It depends on Python 2 and is dead upstream.
Acked by the maintainer (CCed) in #937209.
Cheers,
Moritz
Source: condor
Severity: serious
condor came up as a candidate for removal from Debian:
- Last upload was in 2018
- Three RC bugs, including various toolchain issues (GCC, Python 2)
- Open security issues
If you disagree and want to continue to maintain this package,
please just close this bug (
Package: bareos
Severity: serious
Your package came up as a candidate for removal from Debian:
Bareos hasn't seen an upload since 2019, missed Bullseye
and has a total of 8 RC bugs at this point.
If you disagree and want to continue to maintain this package,
please just close this bug (and fix
Package: ftp.debian.org
Severity: normal
Please remove peframe, it depends on Python 2 and current versions
are blocked by licence and dependency issues. Acked by the maintainer
in #937269.
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove vizigrep. It depends on Python 2 and is unmaintained
(last upload in 2018, no reaction at #938789).
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
Please remove scap-security-guide. It depends on Python 2 and is unmaintained
(last upload in 2018, no reaction on #938438).
Cheers,
Moritz
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: sas...@steinbiss.name
Please remove peframe. It depends on Python 2 and packaging the current
releases is blocked by license and dependency issues. Acked by maintainer (Cced)
in #937269.
Cheers,
Moritz
Hi Martin,
On Sat, Aug 28, 2021 at 01:54:50PM +0200, Martin Pitt wrote:
> Hello Salvatore and Laurent,
> Is that ok with you, in particular the not-quite-CVE patches? Should I upload
> directly or put the dsc somewhere?
Ack, that looks good. Please build with -sa (security.d.o and ftp.d.o don't
Package: security-tracker
Severity: normal
We should stop using/displaying the NVD severity in the Security Tracker. Anyone
is free to look up whatever external data source they want, but we should not
give NVD legitimacy by showing in the Security Tracker.
Package: cpio
Version: 2.13+dfsg-4
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://github.com/fangqyi/cpiopwn
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg0.html
On Fri, Aug 06, 2021 at 08:08:45AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Thu, Aug 05, 2021 at 11:49:41AM +0200, Moritz Mühlenhoff wrote:
> > Am Thu, Aug 05, 2021 at 09:19:14AM + schrieb Debian FTP Masters:
> > > Source: otrs2
> > > Source-Version: 6.0.32-6
> > > Done: Patrick Matthäi
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: boxe...@gmail.com
Please remove libgrokj2k/7.6.6-3 from testing (as discussed with the maintainer,
also CCed). libgrokj2k is still in rapid development (upstream is already at
9.3),
) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff Thu, 29 Jul 2021 23:13:20 +0200
+
neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series
Source: rust-ammonia
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://rustsec.org/advisories/RUSTSEC-2021-0074.html
Patch:
https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
Cheers,
Moritz
Package: prometheus-node-exporter
Severity: important
Tags: patch
The rapl collector is broken with the 5.10 kernel in Bullseye and thus spams
syslog every minute with a message like this:
---
Jul 16 07:03:39 thanos-fe2001 prometheus-node-exporter[593]: level=error
ts=2021-07
Package: varnish
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://varnish-cache.org/security/VSV7.html
Patches:
https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
(6.0)
https://github.com/varnishcache/varnish-cache/
Source: libsixel
Severity: wishlist
https://github.com/saitoha/libsixel/issues/154 states that the original
author in active and there's now a fork, maybe Debian should also switch
to it?
Cheers,
Moritz
On Thu, Jul 08, 2021 at 12:27:08AM +0800, Shengjing Zhu wrote:
> On Wed, Jul 7, 2021 at 11:48 PM Moritz Mühlenhoff wrote:
> >
> > Source: kubernetes
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were publishe
On Tue, Jul 06, 2021 at 10:11:36PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
>
> On 2021-07-06 11:20:10 +0200, Alberto Garcia wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: unblock
> >
> > Please unbloc
Package: puppetdb
Version: 6.2.0-5
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
See https://puppet.com/security/cve/cve-2021-27021/
Fixed by
https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
https://github.com/puppetlabs/puppetdb/commit/
On Fri, Jun 25, 2021 at 08:59:25AM +0200, Lorenzo Maurizi wrote:
> Package: trafficserver
> Version: 8.0.2+ds-1+deb10u4
> Severity: grave
> Tags: security
> Justification: user security hole
>
> CVE:
> CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning
> CVE-2021-32565 HTTP
Source: skimage
Severity: serious
pillow 8.1.2+dfsg-0.2 backported a few security fixes from pillow 8.2.
One of the changes breaks the autopkgtest/testsuite of skimage:
https://ci.debian.net/data/autopkgtest/testing/amd64/s/skimage/13102974/log.gz
I dug around in skimage git and this appears to
On Sat, Jun 19, 2021 at 09:33:37PM +0200, Sebastian Ramacher wrote:
> Hallo Carsten
>
> On 2021-06-19 09:00:13 +0200, Carsten Schoenert wrote:
> > Hello Kevin, hello Sebastian,
> >
> > thanks for working on this issue in between times, I wasn't able to do
> > anything practically the last days.
>
On Fri, Jun 18, 2021 at 09:01:39AM +, Peter Palfrader wrote:
> On Thu, 17 Jun 2021, Salvatore Bonaccorso wrote:
> > CVE-2021-34548[1], CVE-2021-34549[2] and CVE-2021-34550[3].
>
> Uploaded a 0.3.5.15-1 source package to security master with
> https://gitweb.torproject.org/tor.git/tree/ChangeLo
Package: otrs2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Since these affect OTRS 6, they should also Znuny, right?
CVE-2021-21441:
https://otrs.com/release-notes/otrs-security-advisory-2021-11/
CVE-2021-21439:
https://otrs.com/release-notes/otrs-security-advisory-202
Package: iotjs
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
There's multiple security issues in jerryscript, which is included in
iotjs:
CVE-2021-26199:
https://github.com/jerryscript-project/jerryscript/issues/4056
CVE-2021-26198:
https://github.com/jerryscript-project
Package: thefuck
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-34363
https://github.com/nvbn/thefuck/pull/1206
Patch:
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
(3.31)
Cheers,
Moritz
Source: edk2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-28213:
https://bugzilla.tianocore.org/show_bug.cgi?id=1866
Cheers,
Moritz
Package: ntpsec
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-22212:
https://gitlab.com/NTPsec/ntpsec/-/issues/699
Patch:
https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
Can you please upload a targeted fix to
Package: nextcloud-desktop
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
See
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
Patch:
https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc
Can you plea
: CVE-2018-25009, CVE-2018-25010,
CVE-2018-25011
+CVE-2020-36328, CVE-2018-25013, CVE-2018-25014, CVE-2020-36329,
CVE-2020-36330
+CVE-2020-36331, CVE-2020-36332
+
+ -- Moritz Muehlenhoff Sat, 05 Jun 2021 19:35:57 +0200
+
libwebp (0.6.1-2) unstable; urgency=medium
* Fix lintian warning
On Wed, Mar 17, 2021 at 09:36:44AM +0100, Salvatore Bonaccorso wrote:
> Source: gnome-autoar
> Version: 0.2.4-3
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
> ,seb...@ubu
On Fri, Jun 04, 2021 at 08:34:50PM +0200, Florian Weimer wrote:
> * Moritz Mühlenhoff:
>
> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
> >> control: forcemerge 967938 969926
> >>
> >> Hi,
> >>
> >> On 2020-09-09 02:58, Bernd Zeimetz wrote:
> >> > Source: glibc
> >> > Versi
Package: ffmpeg
Version: 7:4.3.2-0+deb11u1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
A few security issues:
CVE-2020-22033:
https://trac.ffmpeg.org/ticket/8246
https://trac.ffmpeg.org/ticket/8241
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad50
Source: kf5-messagelib
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
https://kde.org/info/security/advisory-20210429-1.txt
Patch:
https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
Cheers,
Moritz
Package: htmldoc
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2021-26948:
https://github.com/michaelrsweet/htmldoc/issues/410
https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
CVE-2021-26259;
https://github.com/michaelrsweet/htm
On Tue, Jun 01, 2021 at 09:51:05PM +, Debian Bug Tracking System wrote:
> The ezxml support module is not built for any of our architectures. Here is
> the related build log excerpt:
Ack, I've updated the meta data on the embedded code copy in the Debian
Security Tracker.
Cheers,
Mori
Package: scilab
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Multiple security issues were found in ezxml, which scilab bundles:
CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/
CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bugs/27/
CVE-2021-
Source: mapcache
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Multiple security issues were found in ezxml, which mapcache bundles:
CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/
CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bugs/27/
CVE-20
Package: navit
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Multiple security issues were found in ezxml, which navit bundles (not sure if
it really gets built, though as the changelog contains references to an older
remove-ezxml patch?)
CVE-2021-31598:
https://sourcefor
Source: netcdf
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Multiple security issues were found in ezxml, which netcdf bundles:
CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/
CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bugs/27/
CVE-2021-3
Source: netcdf-parallel
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
Multiple security issues were found in ezxml, which netcdf-parallel bundles:
CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/
CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bu
Package: dacs
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
dacs bundles a copy in src/libradius/src/radlib.c:
https://www.freebsd.org/security/advisories/FreeBSD-SA-21:12.libradius.asc
Cheers,
Moritz
Package: node-css-what
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-33587:
https://github.com/fb55/css-what/releases/tag/v5.0.1
Patch:
https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
Cheers,
Moritz
Package: node-got
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
node-got bundles a copy of normalize-url, which is affected by CVE-2021-33502:
https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
Patch:
https://github.com/sindresorhus/normalize-url/commit/b1f
Source: jakarta-el-api
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-28170:
https://github.com/eclipse-ee4j/el-ri/issues/155
https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
Cheers,
Moritz
On Sat, May 29, 2021 at 10:43:21AM +0200, David Bürgin wrote:
> > This appears to have been fixed in
> > https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e,
> > could we get that in Bullseye?
>
> This isn’t the only commit for CVE-2020-12272.
Thanks,
On Fri, May 28, 2021 at 02:14:34PM +0200, Jonas Meurer wrote:
> Hey Moritz,
>
> Moritz Muehlenhoff wrote:
> > On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:
> > > Moritz Muehlenhoff wrote:
> > > > This was assigned CVE-2021-33038:
> >
On Fri, May 28, 2021 at 11:06:31AM +0200, Jonas Meurer wrote:
> Hey Moritz,
>
> Moritz Muehlenhoff wrote:
> > This was assigned CVE-2021-33038:
> > https://gitlab.com/mailman/hyperkitty/-/issues/380
> >
> > Patch is here:
> > https:/
Package: python3.9
Version: 3.9.2-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2021-29921:
https://bugs.python.org/issue36384#msg392423
Patch for 3.9: (fixed in experimental)
https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04
301 - 400 of 7468 matches
Mail list logo
