On Sat, 2 Dec 2023, Adam D. Barratt wrote:
Please go ahead.
Great, thanks ...
... and uploaded
Thorsten
On Sat, 2 Dec 2023, Adam D. Barratt wrote:
Please go ahead.
Great, thanks ...
... and uploaded
Thorsten
Hi Charles,
On 07.12.23 12:17, Charles Plessy wrote:
I just submitted bugs against courier and jool. Can I ask you to fix
node-mime-types? You are Uploader of it…
oh, my last upload was years ago. But I will try to fix it this weekend ...
Looking at the source code, it seems that
in the slice_segment_header function
+
+ -- Thorsten Alteholz Sun, 26 Nov 2023 13:03:02 +0100
+
libde265 (1.0.11-1) unstable; urgency=medium
[ Tobias Frost ]
diff -Nru libde265-1.0.11/debian/patches/CVE-2023-27102.patch
libde265-1.0.11/debian/patches/CVE-2023-27102.patch
--- libde265-1.0.11/debian
in the slice_segment_header function
+
+ -- Thorsten Alteholz Sun, 26 Nov 2023 13:03:02 +0100
+
libde265 (1.0.11-0+deb11u1) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru libde265-1.0.11/debian/patches/CVE-2023-27102.patch
libde265-1.0.11/debian/patches/CVE
Hi Chris,
thanks a lot for the debdiff.
On 03.12.23 15:37, Chris Hofstaedtler wrote:
Please feel free to tell me if I should delay it longer.
yes, please let me do the upload by myself. I would like to do it this
weekend.
Thorsten
On 01.02.24 07:37, Adam D. Barratt wrote:
Please go ahead.
great, thanks ...
... and done.
Thorsten
On 29.01.24 23:02, Adam D. Barratt wrote:
Please go ahead.
great, thanks ...
... and done.
Thorsten
Control: tags -1 + moreinfo
Hi Andreas,
please remove the moreinfo tag again after all reverse dependencies have
been handled.
Thorsten
+
+ * CVE-2024-25189 (Closes: #1063534)
+fix a timing side channel via strcmp()
+
+ -- Thorsten Alteholz Tue, 20 Feb 2024 23:03:02 +0100
+
libjwt (1.10.2-1) unstable; urgency=medium
* New upstream release
diff -Nru libjwt-1.10.2/debian/libjwt0.symbols
libjwt-1.10.2/debian/libjwt0
+
+ * CVE-2024-25189 (Closes: #1063534)
+fix a timing side channel via strcmp()
+
+ -- Thorsten Alteholz Mon, 19 Feb 2024 22:03:02 +0100
+
libjwt (1.10.2-1) unstable; urgency=medium
* New upstream release
diff -Nru libjwt-1.10.2/debian/libjwt0.symbols
libjwt-1.10.2/debian/libjwt0
Control: tags -1 + moreinfo
Hi Georges,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Build-Depends:
dygraphs: jsdoc-toolkit
emperor: jsdoc-toolkit
Dependency problem found.
In case they matter, this needs to be addressed first.
Control: tags -1 + moreinfo
Hi Marcos,
there is a reverse dependency that needs to be taken care of:
Checking reverse dependencies...
# Broken Depends:
ganglia-modules-linux: ganglia-modules-linux
# Broken Build-Depends:
ganglia-modules-linux: libganglia1-dev
In case they matter, this
On Sun, 25 Feb 2024, Jonathan Wiltshire wrote:
Please go ahead.
great, thanks ...
... and uploaded.
Thorsten
Control: tags -1 + moreinfo
Hi Andreas,
please file one RM bug for each package that needs to be partially
removed. This needs to be done even for dependencies of dependencies.
Please remove the moreinfo tag once that is done.
Thorsten
Control: tags -1 + moreinfo
Hi Andreas et al,
there are still reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
emboss: jemboss
emboss-explorer: emboss-explorer
# Broken Build-Depends:
bioperl-run: emboss
embassy-domainatrix: emboss-lib
Control: tags -1 + moreinfo
Hi Alexandre,
this seems to be a major task, so I am tagging with moreinfo again. Just
for information this is the current list of reverse dependencies:
Checking reverse dependencies...
# Broken Depends:
dioptas: dioptas [amd64]
flask-autoindex:
Hi Helmut,
is there a reason you closed that bug?
Thorsten
Package: ftp.debian.org
Severity: normal
When trying to fix #1066195, the corresponding patch grew more and more.
I no longer wonder why C got such a bad reputation when this was valid
code 30 years ago. From my point of view this code needs an entire rework.
As I long time ago stopped
Control: tags -1 + moreinfo
Hi,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
baresip: baresip-x11
# Broken Build-Depends:
baresip: libomxil-bellagio-dev
kodi: libomxil-bellagio-dev
vlc: libomxil-bellagio-dev
In case they
Control: tags -1 + moreinfo
Hi Drew,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
python-emmet-core: python3-emmet-core
python-mp-api: python3-mp-api
# Broken Build-Depends:
custodian: python3-pymatgen
python-emmet-core:
, which
+might cause a DoS (Denial of Service)
+
+ -- Thorsten Alteholz Sat, 23 Mar 2024 12:03:02 +0100
+
libmicrohttpd (0.9.72-2) sid; urgency=medium
* Uploading to sid.
diff -Nru libmicrohttpd-0.9.72/debian/patches/CVE-2023-27371.patch
libmicrohttpd-0.9.72/debian/patches/CVE-2023-27371
Control: tags -1 + moreinfo
Hi ,
there are some reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Build-Depends:
adios: cython3-legacy
astra-toolbox/contrib: cython3-legacy
atropos: cython3-legacy
azure-uamqp-python: cython3-legacy
basemap:
Control: tags -1 + moreinfo
Hi Thomas,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
sahara-plugin-spark: python3-sahara-plugin-spark
sahara-plugin-vanilla: python3-sahara-plugin-vanilla
# Broken Build-Depends:
Control: tags -1 + moreinfo
Hi Thomas,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
ceph: ceph-mgr-cephadm
ceph-mgr-dashboard
ceph-mgr-k8sevents
ceph-mgr-rook
ceph-resource-agents
cephfs-shell
Control: tags -1 + moreinfo
Hi Helmut,
there are reverse dependencies that need to be taken care of:
Checking reverse dependencies...
# Broken Depends:
flatpak: flatpak
gnome-remote-desktop: gnome-remote-desktop
# Broken Build-Depends:
flatpak: fuse3
libfuse3-dev (3.1.1 >=)
On Mon, 8 Apr 2024, Andreas Beckmann wrote:
The python3.10 removal accidentally caused the removal of 'and', too, most
likely because of the non-standard subject line that got misparsed.
(Hint: Using reportbug would have helped to get that formatted correctly.)
oh, thanks for catching this
Control: tags -1 + moreinfo
Hi Sebastian,
there is a reverse dependency that needs to be taken care of:
Checking reverse dependencies...
# Broken Depends:
libauthen-krb5-admin-perl: libauthen-krb5-admin-perl
In case they matter, this needs to be addressed first. Please remove the
moreinfo
Control: severity -1 normal
Control: forwarded -1 https://github.com/alonbl/gnupg-pkcs11-scd/issues/61
I can reproduce this bug with my card reader and I forwarded the bug
upstream -> https://github.com/alonbl/gnupg-pkcs11-scd/issues/61
As this is just a cosmectic bug, I reduce severity again
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-mgw
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:libosmo-sccp
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-hlr
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-sgsn
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-msc
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-iuh
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-bsc
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:osmo-pcu
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:libosmo-netif
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
Package: cups-browsed
Hi Mike,
unfortunately this is a feature and not a bug.
As cups-browsed only Recommends: avahi-daemon, it might not be installed
and you can not require to wait for its start. As far as I know systemd
has some kind of timeout and the system will still boot when
Hi Jonathan,
On 22.04.24 18:59, Jonathan Wiltshire wrote:
Please go ahead.
great, thanks ...
... and uploaded.
Thorsten
Hi Jonathan,
On 22.04.24 19:10, Jonathan Wiltshire wrote:
Please go ahead.
great, thanks ...
... and uploaded.
Thorsten
Hi Chris,
thanks for preparing the upload.
From my point of view the change in debian/NEWS is not correct. If at
all there could have been a new entry for this upload, but I don't think
this change is that important to explicitly inform all users.
Anyway, I just uploaded 20200505dfsg0-3 now
Package: ftp.debian.org
Severity: normal
Control: affects -1 + src:gutenprint
Unfortunately this software no longer runs on 32bit architectures. The time to
fix this is better spent on other things.
Thorsten
-51714 (Closes: #1060694)
+fix incorrect HPack integer overflow check.
+
+ -- Thorsten Alteholz Sun, 28 Apr 2024 20:48:02 +0200
+
qtbase-opensource-src (5.15.8+dfsg-11+deb12u1) bookworm; urgency=medium
[ Alexander Volkov ]
diff -Nru qtbase-opensource-src-5.15.8+dfsg/debian/patches/CVE-2023
buffer overflow in QDnsLookup
+
+ -- Thorsten Alteholz Sun, 28 Apr 2024 22:48:02 +0200
+
qtbase-opensource-src (5.15.2+dfsg-9) unstable; urgency=medium
* Revert adding fix-misplacement-of-placeholder-text-in-QLineEdit.diff.
diff -Nru qtbase-opensource-src-5.15.2+dfsg/debian/patches/CVE-2022
Hi Petter,
thanks a lot for this patch, the Appstream stuff is like a book of seven
seals for me.
On Thu, 9 May 2024, Petter Reinholdtsen wrote:
+
+ com.github.indilib.indi-3rdparty
There are lots of drivers in this repository, distributed over several
packages. Shouldn't there be a
Hi Jonathan,
On 12.05.24 13:13, Jonathan Wiltshire wrote:
Please go ahead.
great, thanks ...
... and done.
Thorsten
801 - 847 of 847 matches
Mail list logo