Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
As outlined in the orphaning bug (994986), the centreon-* packages
are no longer being maintained. centreon-clib was left in unstable
because it (initially) built OK without needing extra work. Other
centreon-* packages
Source: cimg
Version: 3.0.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2022-1325[0]:
| A flaw was found in Clmg, where with the help of a maliciously crafted
| pandore
Source: jpegqs
Version: 1.20210408-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jpegqs.
CVE-2022-35434[0]:
| jpeg-quantsmooth before commit 8879454 contained a floating point
| exception
Source: ring
Version: 20210112.2.b757bac~ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ring STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source multimedia communication
Source: asterisk
Version: 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source
ee if isotpsend support can be provided inside
autopkgtest. If that fails, the upstream tests will need to be confined
to Salsa and autopkgtests limited only to autopkgtest-pkg-python.
https://salsa.debian.org/pkg-security-team/scapy/-/commit/59a4c0e2ed8c24cf5a3d4412cecdd5086a5b0395
--
Neil Willi
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
xprobe is an old package with no upstream development - the old SF page
links to a Wiki, other links in d.copyright go to 404.
The current RC bug can be fixed but the package no longer works in a
useful manner. xprobe is
On Fri, 5 Aug 2022 11:22:30 +0200
=?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian_GNU=7cLinux=29?=
wrote:
> On Fri, 05 Aug 2022 09:41:46 +0100 Neil Williams
> wrote:
> > The following vulnerability was published for v4l2loopback (and is
> > not included in the recent v0.12.7 git
On Mon, 1 Aug 2022 18:25:04 +0200 Sylvestre Ledru wrote:
> Hello,
>
> Le 05/07/2022 à 11:19, Neil Williams a écrit :
> > Source: scilab
> > Version: 6.1.1+dfsg2-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codeh...@debian.org,
Source: v4l2loopback
Version: 0.12.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for v4l2loopback (and is not
included in the recent v0.12.7 git tag).
CVE-2022-2652[0]:
| Depending on the
nt<_Tp, __v>::value' 71 |
> template |
>^ /usr/include/c++/10/type_traits:59:29: note:
> 'constexpr const _Tp value' previously declared here 59 |
> static constexpr _Tp value = __v; | ^
>
> Andreas
--
Neil Williams
=
h
Source: milkytracker
Version: 1.03.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for milkytracker.
CVE-2022-34927[0]:
| MilkyTracker v1.03.00 was discovered to contain a stack
solete field Name from debian/upstream/metadata
> .
>[ Ole Streicher ]
>* Switch build depends on libnetpbm10-dev to libnetpbm-dev
> (Closes: #1003165)
1003165 is the wrong bug number and a different package. The B-D bug in
astrometry.net is 1016400.
https://bugs.debian.org
On Tue, 5 Jul 2022 11:58:12 +0200
Sebastiaan Couwenberg wrote:
> On 7/5/22 11:14, Neil Williams wrote:
> > CVE-2022-30045[0]:
> > | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> > | ezxml_decode() performs incorrect memory handling while parsing
&g
Source: scilab
Version: 6.1.1+dfsg2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for scilab.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: navit
Version: 0.5.0+dfsg.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for navit.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: mapcache
Version: 1.12.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mapcache.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode()
Source: passportjs
Version: 0.5.2+~1.0.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for passportjs.
CVE-2022-25896[0]:
| This affects the package passport before 0.6.0. When a user logs in or
|
work but it may be necessary to have libavcodec4-dev and
libavcodec-dev with a new source package ffmpeg4 alongside ffmpeg.
>
> Thank you,
> -Steve
>
> [1] https://mail.kde.org/pipermail/digikam-users/2022-July/033796.html
>
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpbx_gmG9Uix.pgp
Description: OpenPGP digital signature
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-22577[0]:
| An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that
| could allow
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-21831[0]:
| A code injection vulnerability exists in the Active Storage =
| v5.2.0 that
Source: smarty3
Version: 3.1.39-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty3.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
|
Source: smarty4
Version: 4.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty4.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
|
Source: pyjwt
Version: 2.3.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pyjwt.
CVE-2022-29217[0]:
| PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple
| different
Source: golang-github-hashicorp-go-getter
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for
golang-github-hashicorp-go-getter.
CVE-2022-26945[0]:
| HashiCorp go-getter
Source: golang-github-tidwall-gjson
Version: 1.6.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-tidwall-gjson.
CVE-2021-42248[0]:
| GJSON = 1.9.2 allows attackers to cause
Source: snowflake
Version: 1.1.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snowflake.
CVE-2022-29222[0]:
| Pion DTLS is a Go implementation of Datagram Transport
Source: snowflake
Version: 1.1.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for snowflake, via the
github.com/pion/dtls/v2 package included into debian/vendor/
CVE-2022-29189[0]:
| Pion DTLS is
Source: node-formidable
Version: 3.2.3+20220426git971e3a7+~cs4.0.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-formidable.
CVE-2022-29622[0]:
| An arbitrary file upload vulnerability in
Source: golang-gopkg-yaml.v3
Version: 3.0.0~git20200121.a6ecf24-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-gopkg-yaml.v3-dev.
CVE-2022-28948[0]:
| An issue in the Unmarshal function in
Package: texlive-binaries
Version: 2022.20220321.62855-1
Severity: important
File: /usr/bin/pdftosrc
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
texlive-binaries in unstable, experimental and bookworm embeds
xpdfreader 4.03 and the code is exposed via the pdftosrc
Source: dokuwiki
Version: 0.0.20200729-0.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dokuwiki.
CVE-2022-28919[0]:
| HTMLCreator release_stable_2020-07-29 was discovered to contain a
| cross-site
Source: apscheduler
Version: 3.8.1-1
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
Other packages using python3-apscheduler as a dependency have to work
around an error in the apscheduler packaging:
/usr/lib/python3/dist-packages/APScheduler-0.0.0.egg-info/PKG-INFO
Please fix the package
Source: uclibc
Version: 1.0.35-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for uclibc.
CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions
Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libsdl2-ttf.
CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
|
Source: libgoogle-gson-java
Version: 2.8.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libgoogle-gson-java.
CVE-2022-25647[0]:
| The package com.google.code.gson:gson before 2.8.9 are vulnerable
Source: ruby-xmlhash
Version: 1.3.6-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-xmlhash.
CVE-2022-21949[0]:
| A Improper Restriction of XML External Entity Reference vulnerability
| in SUSE
Source: ecdsautils
Version: 0.3.2+git20151018-2
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: codeh...@debian.org
Hi,
I was checking new CVEs and noticed that ecdsautils uses an old fork of
the upstream project at https://github.com/tcatm/ecdsautils . This site
has since moved to
Source: google-oauth-client-java
Version: 1.28.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for google-oauth-client-java.
CVE-2021-22573[0]:
| The vulnerability is
eal-world usage of
cctbx was manageable on any current RISCV64 hardware.
> cctbx seems to build fine on riscv64 now. Can it be
> re-enabled?
Probably, yes. I won't have time to do an upload soon though.
If someone else has time to do it as a team upload, go ahead.
--
Neil Williams
li...@cod
Source: node-ejs
Version: 3.1.6-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ejs.
CVE-2022-29078[0]:
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js
| allows
Source: horizon-eda
Version: 2.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for horizon-eda.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: librecad
Version: 2.1.3-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for librecad.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: cloudcompare
Version: 2.11.3-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cloudcompare.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData
Source: libowasp-esapi-java
Version: 2.2.3.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libowasp-esapi-java.
CVE-2022-24891[0]:
| ESAPI (The OWASP Enterprise Security API) is a free, open
Source: httpx
Version: 0.22.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for httpx.
CVE-2021-41945[0]:
| Encode OSS httpx =1.0.0.beta0 is affected by improper input
| validation in
On Mon, 25 Apr 2022 21:43:30 -0700 tony mancill
wrote:
> On Mon, Apr 25, 2022 at 07:22:12PM +0200, Salvatore Bonaccorso wrote:
> > Hi!
> >
> > On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> > > On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams
>
On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> Please note, the current homepage for libowasp-antisamy-java appears to
> have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> does match the source code for libowasp-antisamy-java:
> https://sources.de
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
Please note, the current homepage for libowasp-antisamy-java appears to
have no commits beyond version 1.5.3 but the change for CVE-2022-29577
pecify the location of omniMapper's config file.
Alternatively, set the environment variable OMNIMAPPER_CONFIG
or use the default /etc/omniMapper.cfg.
Use -v to verbosely record what's going on.
I'll close this bug report with the next upload of omniorb.
--
Neil Williams
=
ht
Source: composer
Version: 2.2.9-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2022-24828[0]:
| Composer is a dependency manager for the PHP programming language.
| Integrators using
pgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.
Seems sensible.
>
> Thanks,
> Amul
>
> -Original Message-
> From: Andreas Tille
> Sent: Wednesday, April 20, 202
Source: fis-gtm
Version: 6.3-014-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44492[0]:
| An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
| GT.M through
Source: haskell-aeson
Version: 1.4.7.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for haskell-aeson.
CVE-2021-41119[0]:
| Wire-server is the system server for the wire back-end services.
|
Source: grunt
Version: 1.4.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for grunt.
CVE-2022-0436[0]:
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
If you fix the
On Wed, 13 Apr 2022 11:18:50 +0100 Neil Williams
wrote:
> Source: ruby-devise-two-factor
> Version: 4.0.2-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability was publis
Source: ruby-devise-two-factor
Version: 4.0.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-devise-two-factor.
CVE-2021-43177[0]:
| As a result of an incomplete fix for CVE-2015-7225, in
Source: android-platform-frameworks-base
Version: 1:10.0.0+r36-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for android-platform-frameworks-base.
CVE-2021-39796[0]:
| In HarmfulAppWarningActivity of
Source: mruby
Version: 3.0.0-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for mruby.
CVE-2022-1212[0]:
| Use-After-Free in str_escape in mruby/mruby in GitHub repository
| mruby/mruby prior to 3.2.
Source: ruby-asciidoctor-include-ext
Version: 0.3.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-asciidoctor-include-ext.
CVE-2022-24803[0]:
| Asciidoctor-include-ext is Asciidoctor#8217;s
Source: twisted
Version: 22.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for twisted.
CVE-2022-24801[0]:
| Twisted is an event-based framework for internet applications,
| supporting Python 3.6+.
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyimagetool
Version : 1.0
Upstream Author : Kyle Gordon
* URL : https://github.com/kgord831/PyImageTool
* License : GPL3
Source: puma
Version: 5.5.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puma.
CVE-2022-24790[0]:
| Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for
| Ruby/Rack applications.
it may be necessary to retain the current patch method
and I don't see why that is against Policy. It's not pretty, I agree,
but I have not (yet) found an alternative.
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgp0AGDKt81aG.pgp
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xrt
Version : 1.4.0-1
Upstream Author : Konstantin Klementiev
* URL : https://github.com/kklmn/xrt
* License : Expat
Source: clickhouse
Version: 18.16.1+ds-7.2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for clickhouse.
The vulnerabilities require authentication, but can be triggered by any user
with read
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: looktxt
Version : 1.5-1
Upstream Author : Emmanuel Farhi
* URL : https://github.com/farhi/looktxt
* License : GPL-2
Source: python-model-mommy
Version: Replaced by python-model-bakery
Severity: normal
Background:
https://linux.codehelp.co.uk/moving-to-bakery.html
"Model Bakery is a rename of the legacy Model Mommy project."
https://github.com/model-bakers/model_bakery
IMPORTANT: Model Mommy is no longer
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kotlin.
CVE-2022-24329[0]:
| In JetBrains Kotlin before 1.6.0, it was not possible to lock
|
Source: tightvnc
Version: 1:1.3.10-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tightvnc.
CVE-2022-23967[0]:
| In TightVNC 1.3.10, there is an integer signedness error and resultant
| heap-based
Source: jackson-databind
Version: 2.13.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jackson-databind.
CVE-2020-36518[0]:
| jackson-databind before 2.13.0 allows a Java StackOverflow exception
|
Source: ruby-commonmarker
Version: 0.23.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
iHi,
The following vulnerability was published for ruby-commonmarker.
Source: r-cran-commonmark
Version: 1.7-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for r-cran-commonmark.
https://sources.debian.org/src/r-cran-commonmark/1.7-2/src/extensions/table.c/?hl=140#L140
Source: python-cmarkgfm
Version: 0.4.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-cmarkgfm.
Source: cmark-gfm
Version: 0.29.0.gfm.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for cmark-gfm.
CVE-2022-24724[0]:
| cmark-gfm is GitHub's extended version of the C reference
| implementation of
Source: ghostwriter
Version: 2.1.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostwriter.
https://sources.debian.org/src/ghostwriter/2.1.1-1/3rdparty/cmark-gfm/extensions/table.c/?hl=154#L154
Source: hoteldruid
Version: 3.0.3-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for hoteldruid.
CVE-2022-22909[0]:
| HotelDruid v3.0.3 was discovered to contain a remote code execution
| (RCE)
Source: puppet-module-puppetlabs-firewall
Version: 1.12.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puppet-module-puppetlabs-firewall.
CVE-2022-0675[0]:
| In certain situations it is possible
On Thu, 3 Mar 2022 01:54:42 +0530 Nilesh Patra wrote:
> > python3-unicodedata2 has disappeared from the NEW queue, has it been
> > rejected?
>
> https://tracker.debian.org/pkg/python-unicodedata2
I must have caught it at just the wrong moment.
Thanks.
--
Neil Williams
?
--
Neil Williams
=
http://www.linux.codehelp.co.uk/
pgpJvYy9CU8bk.pgp
Description: OpenPGP digital signature
specific application
to calculate absored and transmitted flux in photons/sec
and write back to EPICS Process Variables.
* XRF Collector - interact with a small EPICS database to
collect data from a multi-element flourescence detector.
--
Neil Williams
=
https
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: epicsapps
Version : 0.9.2
Upstream Author : Matthew Newville
* URL : https://github.com/pyepics/epicsapps
* License : EPICS
ble checking for broken audio files, just add ` –all-features`
https://qarmin.github.io/czkawka/instructions/Compilation.html
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpye_elMLvHy.pgp
Description: OpenPGP digital signature
Source: sqlite3
Version: 3.37.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sqlite3.
CVE-2021-45346[0]:
| A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and
| 3.37.0
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: wxutils
Version : 0.2.4
Upstream Author : Matthew Newville
* URL : https://github.com/newville/wxutils
* License : Expat
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: wxmplot
Version : 0.9.46
Upstream Author : Matthew Newville
* URL : https://github.com/newville/wxmplot
* License : Expat
Source: freecad
Version: 0.19.2+dfsg1-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for freecad.
CVE-2021-45844[0]:
| Improper sanitization in the invocation of ODA File Converter from
| FreeCAD 0.19
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: python-model-bakery
Version : 1.4.0
Upstream Author : berinfontes
* URL : https://github.com/model-bakers/model_bakery
* License
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xraydb
Version : 4.4.7
Upstream Author : Matthew Newville
* URL : https://github.com/xraypy/XrayDB
* License : Public domain
Source: epics-base
Version: 7.0.3.1-3
Severity: important
X-Debbugs-Cc: codeh...@debian.org
Experimental Physics and Industrial Control System (EPICS) in Debian
relates to the epics-base source package and the pyepics work that will
result in new packages in Debian in due course.
Currently,
>
> I have not looked at the third script (update-vuln), I had so far
> little usecases to directly work with it.
>
> Regards and thanks a lot for your work on this part as well.
> Salvatore
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpt9_jYFPNC1.pgp
Description: OpenPGP digital signature
Source: libphp-adodb
Version: 5.20.19-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2021-3850[0]:
| Authentication Bypass by Primary Weakness in
Source: node-cached-path-relative
Version: 1.0.2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-cached-path-relative.
CVE-2021-23518[0]:
| The package cached-path-relative before 1.1.0 are
Source: iotjs
Version: 1.0+715-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for iotjs.
CVE-2022-22895[0]:
| Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via
|
Source: iotjs
Version: 1.0+715-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for iotjs.
CVE-2021-46349[0]:
| There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type ==
|
On Tue, 18 Jan 2022 16:16:38 +0200
Andrius Merkys wrote:
> Hi Neil,
>
> On 2022-01-18 16:03, Neil Williams wrote:
> > The package build-depends in libobjcryst (ITP #1001380) which in
> > turn build-depends on cctbx (ITP: 679905), so packaging work will
> > conti
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyobjcryst
Version : 2.2.1-1
Upstream Author : Prof. Simon Billinge
* URL : https://github.com/diffpy/pyobjcryst
* License
On Wed, 12 Jan 2022 11:11:42 +0100
Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Jan 12, 2022 at 09:22:45AM +0000, Neil Williams wrote:
> > On Wed, 12 Jan 2022 12:44:14 +0800
> > Paul Wise wrote:
> >
> > > On Tue, 2022-01-11 at 11:20 +, Neil Williams
On Wed, 12 Jan 2022 12:44:14 +0800
Paul Wise wrote:
> On Tue, 2022-01-11 at 11:20 +0000, Neil Williams wrote:
>
> > I might need to brush up on my Perl and make a patch for lintian
> > which downloads the sec tracker JSON and checks the CVE list in the
> > .changes file
xport of the data, we will need to adapt
> the security-tracker on that regard, and possibly you will be
> interested here :))
>
> > For now, I'll mirror the real changes in data/CVE/list, trying to
> > use the scripts to make some of the same changes. (Not all
>
1 - 100 of 2346 matches
Mail list logo
