Hi,
the problem already appears in OpenMPI's own autopkgtests, see [1]
Best,
Markus
[1] https://ci.debian.net/packages/o/openmpi/unstable/i386/46207866/
pleted completed
successfully, but am not able to aggregate error messages, and not able to
guarantee that all other processes were killed!
See [1] for a complete build where the tests using mpirun fail in this way.
This happens on these architectures: armel, armhf, i386, hppa
Best,
Markus
[1] htt
commended to prevent Kerberos Tickets and
password hashes to be cached on the server.
Typically these tickets and hashes are used for lateral movement after a
breach.
libfreerdp2-2 needs to be compiled with "WITH_GSSAPI=on" to be able to
connect with user accounts protected in such a way.
Kind Regads,
Markus Wigge
of packages to be installed could also work. Then a user could define a
list of packages that they would be ok with not being installed due to
reasons such as them being non-existing.
--
Markus
Hi,
the problem occurs during startup of OpenMPI when running mpirun. I see similar
problems for other packages during the same rebuild.
Hence I don't think this is related to us but rather to OpenMPI.
Best,
Markus
BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Hi,
seems like upstream already has a proposed fix, see [1]
Best,
Markus
[1] https://gitlab.kitware.com/vtk/vtk/-/issues/19258#note_1510307
and their assumptions broke when moving to 2.6.0.
Hence this probably is an incompatibility on vtk9's side rather than a bug in
expat. At least upstream thinks that way in in [1] and closed the bug.
The stalled discussion about this in VTK9 can be found in [3].
Should we reassing this to vtk9?
Best,
Markus
[0
in
expat. At least upstream thinks that way in in [1] and closed the bug.
The stalled discussion about this in VTK9 can be found in [3].
Should we reassing this to vtk9?
Best,
Markus
[1] https://github.com/libexpat/libexpat/issues/857
[2] https://github.com/libexpat/libexpat/issues/840
[3] https
Hi,
I am running into the same problem.
One of my machines fails the install with:
installed grub-efi-amd64 package post-installation script subprocess
returned error exit status 128
here the full log with -x in and DEBCONF_DEBUG=developer
# dpkg --configure -a --debug=77
D01:
+
+ * Fix CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450.
+A heap-buffer overflow vulnerability was discovered in imlib2 when using
+the tgaflip function in loader_tga.c
+
+ -- Markus Koschany Sat, 06 Apr 2024 22:40:50 +0200
+
imlib2 (1.7.1-2) unstable; urgency=medium
* Drop
touch /var/log/tomcat10/catalina.out
to recreate it?
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
Am Fri, Apr 05, 2024 at 05:58:15AM + schrieb Thorsten Glaser:
> Markus Wichmann dixit:
> >In any case, the emission of non-relative relocations is the issue here,
> >and it is coming from the linker.
>
> They are present in the glibc static-pie binary as well, though.
>
es added to the linker command line.
In any case, the emission of non-relative relocations is the issue here,
and it is coming from the linker.
Ciao,
Markus
, they will not be processed.
What you are seeing seems indicative of missing relocation processing.
Is it possible you are linking in the wrong start file? gcc -v should
output the command line it feeds to the linker.
Ciao,
Markus
== InterRegFlow::bufferSize();
}
(sid_ppc64el-dchroot)blattms@platti:~/opm-common$
Best,
Markus
== InterRegFlow::bufferSize();
}
(sid_ppc64el-dchroot)blattms@platti:~/opm-common$
Best,
Markus
Hello Shriram,
Am Mittwoch, dem 27.03.2024 um 15:10 +0530 schrieb Shriram Ravindranathan:
> Dear Markus,
>
> On 27/03/24 13:01, Markus Koschany wrote:
> > As this bug report proves, normal people tend to have problems with system
> > services. A system administrator would
Hi Sylvain,
Am Montag, dem 25.03.2024 um 18:48 +0100 schrieb Sylvain Rochet:
> Hi Markus,
>
> On Mon, Mar 25, 2024 at 02:36:59AM +0100, Markus Koschany wrote:
> > Sylvain Rochet wrote:
> > > Actually, the main problem is /lib/systemd/system/monopd.socket which
> >
Sylvain Rochet wrote:
> Actually, the main problem is /lib/systemd/system/monopd.socket which
> set Accept=yes while monopd needs Accept=no (which is the default value).
I wonder if monopd needs a systemd socket file at all and if we should disable
the service after the installation. We have
it with either `alias fd=fdfind` or
`alias _fdfind=_fd`, but it would be nice not to have to.
Raising the severity to normal because of this (first time doing
that, not sure if it will actually work :))
Thanks,
Markus
the patches for these CVEs have been backported already:
* https://security-tracker.debian.org/tracker/source-package/expat
Best,
Markus
I like Sam's suggestions. Has a maintainer considered it?
--
Markus
, but recursion isn't necessary in these cases anyway.
I also saw some other hooks explicitly use `cp -L`.
Thanks,
Markus
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.9
Hi,
the dependency is alread gone version 2023.10+ds-2 and later (unstable). We
just need to wait for their migration to testing.
Best,
Markus
Hi,
I did some further tests with the provided test case.
If I install vtk (latest version 9.3) with pip in a venve. The script also does
not report an error for the relative paths. Tested on stable and in a sid
chroot.
Best,
Markus
Hi,
there is already a version (2023.10+ds-2) uploaded to unstable with the
python3-distutils
dependency. We just need to for it's migration.
Best,
Markus
this is the case. To me it is more likely that the problem
is due a change in vtk9. Hence I am reassinging to vtk9 in the hope
that the maintainers there have more clues than me.
Best,
Markus
python3-vtk9-test.tar.gz
Description: application/gzip
I need
a sponsor from e.g. the Debian Science team that uploads the fixed package.
alberta is marked for removal today.
Thanks a lot.
Best,
Markus
[1] https://salsa.debian.org/science-team/alberta/-/merge_requests/4
signature.asc
Description: PGP signature
org/GNOME/mutter/-/blob/main/src/backends/meta-cursor-sprite-xcursor.c?ref_type=heads#L75
Thanks,
Markus
Oh no, sorry I meant to say "46~beta-4" in the first sentence.
Copied it from the bottom and forgot to change it :)
ell 45.3-2 from
experimental.
[1]:
https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/96b91ec62c9c8133eb7b0e76e486a7cea6edebdb/js/ui/dnd.js#L390
Thanks and greetings,
Markus
if (strcmp(buf,"$MeshFormat")!=0)
DUNE_THROW(Dune::IOError, "expected $MeshFormat in first line");
readfile(file,3,"%lg %d %d\n",_number,_type,_size);
if( (version_number < 2.0) || (version_number > 2.2) )
DUNE_THROW(Dune::IOError, "can only read Gmsh version 2 files");
[...]
File unitcube.sh:
$MeshFormat
2.2 0 8
$EndMeshFormat
$Nodes
...
I will need to reproduce this somehow. Just need to learn how.
Best,
Markus
Hey Jeremy,
Haha well I was debating if even "important" is warranted,
given it's just about fancy emoji in the end. But I guess
people do feel passionate about them :)
Also didn't know that "serious" prevents migration to testing,
will keep that in mind for the fut
load fine. I am unsure whether to
> consider this as a regression, but for now I will close this issue.
After running "dpkg-reconfigure fontconfig-config" and enabling bitmap fonts
the color emoji indeed work again.
Greetings,
Markus
NotoSans-Regular.ttf: "Noto Sans" "Regular"
```
Downgrading to 2.14.2-6+b1 fixes it:
```
$ fc-match emoji
NotoColorEmoji.ttf: "Noto Color Emoji" "Regular"
```
Greetings,
Markus
-- System Information:
Debian Release: trixie/sid
APT prefers unst
Package: wnpp
Severity: normal
from the kernel tarball.
Greetings,
Markus
Package: runescape
Version: 0.8-2
Severity: important
X-Debbugs-Cc: schm...@web.de
After installing "runescape" (by "sudo apt install runescape") I could start
the program "runescape", but it stopped executing at 98%.
I could adjust the file "/usr/games/runescape" so that error messages were
tween 4.6-1+deb10u8 and 4.6-
> 1+deb10u9 (4.6-1+deb10u8 is OK)
Thank you for the report. I believe this is related to the fix for CVE-2023-
46846. I am currently investigating the problem.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
n my todo list but with a low priority. As long as there are no
major issue with endless-sky, it will be part of games-finest when I update
src:debian-games again.
Cheers,
Markus
signature.asc
Description: This is a digitally signed message part
Package: mate-control-center
Version: 1.26.0-2+deb12u1
Severity: normal
When you activate "Select windows when the mouse moves over them" there is a
delay that you can set (Raise selected windows after XX seconds). I have set
the delay to 1 second.
The delay works unless the window being raised
VM with defaults)
My intention was to backport ublock-origin to Bookworm in January 2024. This
will be a normal point update as usual, so you have to enable bookworm
proposed-updates for early access. I try to update Bullseye as well. Stay tuned
and a happy new year 2024.
Markus
sign
Please let me know if you need something else.
Greetings,
Markus
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-16-cloud-amd64 (SMP w/4 CPU thre
Alright, I will do so when I have time, but as soon as possible.
Den 2023-12-10 kl. 23:17, skrev Santiago Vila:
El 10/12/23 a las 22:09, Markus Uhlin escribió:
My guess is that Ncurses is built with '--enable-opaque-curses' and
defines NCURSES_OPAQUE=1.
I'm currently running stable so I'm
My guess is that Ncurses is built with '--enable-opaque-curses' and
defines NCURSES_OPAQUE=1.
I'm currently running stable so I'm not able to reproduce the problem
but if you can give me access to a computer where the problem occurs I
can investigate it.
Den 2023-12-10 kl. 20:18, skrev
Hi Francesco,
Am Sonntag, dem 03.12.2023 um 17:42 +0100 schrieb Francesco Ariis:
> Il 03 dicembre 2023 alle 17:14 Markus Koschany ha scritto:
> > I spoke too soon. Tested the wrong Debian release. So it appears the
> > underlying
> > problem is in python3-pygame which
Control: severity -1 grave
I spoke too soon. Tested the wrong Debian release. So it appears the underlying
problem is in python3-pygame which changed significantly between Bullseye and
Bookworm but I'm not sure how I can fix this in seahorse-adventures right now.
signature.asc
Description:
On Tue, 28 Nov 2023 17:59:18 +0100 Joan wrote:
> Package: tomcat10-common
> Version: 10.1.15-1
> Severity: normal
> X-Debbugs-Cc: aseq...@gmail.com
>
> Dear Maintainer,
>
> * What led up to the situation?
> I am trying to use debian's tomcat 10 with java 21, since it's not present on
debian
Am Sonntag, dem 03.12.2023 um 15:10 +0100 schrieb Moritz Muehlenhoff:
> > But maybe we can set it as "no-dsa", is it only used as build
> > dependency for libspring-java and not sensible outside?
>
> Spring is already marked as unsupported, so we can simply extend that.
+1 This is sensible in
Control: severity -1 normal
On Wed, 01 Nov 2023 09:25:19 +0100 Francesco Ariis wrote:
> Package: seahorse-adventures
> Version: 1.1+dfsg-6
> Severity: grave
> Justification: renders package unusable
> X-Debbugs-Cc: fa...@ariis.it
>
> Dear Maintainer,
>
> to replicate:
>
> 1. Launch
w soon.
Markus
signature.asc
Description: This is a digitally signed message part
istribution: unstable
> > Changed-By: Markus Koschany
> > * New upstream version 1.77. (Closes: #1049356)
>
> Hi Markus,
>
> Thank you for your efforts to get BC updated.
>
> > * Remove backward-compatibility.patch. It is time to fix those issues
>
Source: libitext5-java
Version: 5.5.13.3-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libitext5-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods.
Source: ssl-utils-clojure
Version: 3.5.0-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
ssl-utils-clojure fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods.
Source: pdftk-java
Version: 3.3.3-1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
pdftk-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: jdeb
Version: 1.9-1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
jdeb fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The (hopefully) relevant
Source: libapache-poi-java
Version: 4.0.1-4
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libapache-poi-java fails to build from source with bouncycastle 1.77. The
reason is the removal of long deprecated
Source: pgpainless
Version: 1.3.16-2
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
pgpainless fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: libitext-java
Version: 2.1.7-14
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
libitext-java fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The
Source: jglobus
Version: 2.1.0-8.1
Severity: serious
Tags: ftbfs sid
User: a...@debian.org
Usertags: bouncycastle-1.77
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
jglobus fails to build from source with bouncycastle 1.77. The reason
is the removal of long deprecated methods. The (hopefully)
Hi,
On Tue, 28 Feb 2023 22:08:12 +0100 Thomas Uhle
wrote:
> Source: bouncycastle
> Version: 1.72-1
> Severity: normal
>
> Dear maintainers,
>
> I wonder why in debian/rules the pom files were synchronized with the
> ones from Maven having the suffix "-jdk18on" while for building the binary
>
This problem still exists in 1.77 (to be released soon). That sounds like a bnd
problem. I can find a reference to a bnd.sh script but it is not included in
the source distribution. There is also a add_module.sh script. If we can't find
a way to automate this build step, we could use jh_manifest
Source: rabbitmq-server
Version: 3.10.8-3
Severity: normal
Dear Maintainer,
The postinst script will overwrite the `/var/lib/rabbitmq/.erlang.cookie`
file if it contains exactly 20 uppercase characters.
```
if grep -q -E '^[A-Z]{20}$' /var/lib/rabbitmq/.erlang.cookie ; then
Hi,
Am Thu, Nov 23, 2023 at 09:32:31AM +0100 schrieb Sebastian Ramacher:
On 2023-11-12 21:42:20 +0100, Markus Blatt wrote:
Dear Debian release team,
A new upstream release of OPM is available. To ease migration to testing I am
requesting a mini-transition. Uploading to unstable would
> > https://salsa.debian.org/java-team/apache-directory-server/-/merge_requests/1
>
> The patch looks good to me. Markus, do you have a preference for this
> patch over updating to M27? I haven't looked closely at the efforts to
> update to M27 aside from the fact that o
d wabt and binaryen to build WebAssembly code from source
for the ublock-origin Firefox/Chromium addon but I'm not really interested in
becoming more involved in the Javascript ecosystem. So feel free to take over
both packages and remove me as the maintainer.
Regards,
Markus
[1] https://bugs.debi
ot;libopm-
common-2023.10";
is_good = .depends ~ "libopm-common-2023.10";
is_bad = .depends ~ "libopm-common-2023.04";
Thanks a lot.
Kind regards,
Markus
[1] https://qa.debian.org/developer.php?login=markus%40dr-blatt.de
Control: reassign -1 trapperkeeper-webserver-jetty9-clojure
Control: found -1 1.7.0-2+deb10u1
Control: close -1 1.7.0-2+deb10u2
I have just released DLA 3647-1. I believe this problem is fixed in version
1.7.0-2+deb10u2 of trapperkeeper-webserver-jetty9-clojure now.
Regards,
Markus
debdiff of the package we're now running, with the
> revised patch.
Great, thanks for the update. I feared the Java dot syntax couldn't be applied
one-to-one to Clojure. I suggest we wait another 24h to confirm it works and if
you don't see another regression then I'll release a new update tomorrow.
R
etdb config,
and I try to figure out a solution myself without the feedback loop delay.
Thanks in advance.
Regards,
Markus
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog
--- trapperkeeper-webserver-jetty
is currently the only supported version.
Please prepare for the removal of jetty9 during the trixie release
cycle. If this is not feasible then there will be no security support
for jetty9 and thus puppetdb anymore.
Regards,
Markus
Buster is the second one. AFAICS puppetdb and puppetserver are the only
consumers.
Could you install the version of trapperkeeper-webserver-jetty9-clojure from
Bullseye and reinstall the jetty9 security update and report back if this
solves your problem?
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
this for Debian proper.
Sorry for the rather bad news.
Markus
applications outside of Debian but better safe than sorry.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards,
Markus
diff
applications outside of Debian but better safe than sorry.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards,
Markus
diff
stigate further.
> Hopefully I can either track the problem down myself (not very likely), or at
> least offer you a better quality bug report.
>
Hello Sam,
there was another issue that we only found today. HTTP2 should work as expected
in version 9.0.43-2~deb11u9 again. It will be released sh
dinode) and
sizeof(ext2_inode) before applying the patch. assert(sizeof(dinode_old) <=
sizeof(ext2_inode)) failes. See compat/include/bsdcompat.h and dump/traverse.c.
I have sent my patch in in order to share it with the community.
May be someone else picks it up and adds version information to the dumpfile.
Markus
[concat] TEST-org.apache.coyote.http2.TestHttp2Section_6_5.NIO2.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Timeouts.NIO.txt
[concat] TEST-org.apache.coyote.http2.TestHttp2Timeouts.NIO2.txt
Markus
signature.asc
Description: This is a digitally signed message part
in a runtime switch?
Thanks,
Markus
-- System Information:
Debian Release: 12.1
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500,
'oldstable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 6.1.38 (SMP w/4 CPU threads)
Kernel
unrelated to astropy and absolutely related
to increasingly tight rules in postgres. I'll think about a
workaround (to restore this workaround) on Monday.
-- Markus
+
+ * Fix CVE-2023-41887 and CVE-2023-41886:
+OpenRefine is a powerful free, open source tool for working with messy
+data. Prior to this version, a remote code execution vulnerability allows
+any unauthenticated user to execute code on the server.
+
+ -- Markus Koschany Wed, 04 Oct 2023 15
ures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-4132
https://www.cve.org/CVERecord?id=CVE-2022-4132
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digit
/CVE-2023-43376
https://www.cve.org/CVERecord?id=CVE-2023-43376
[5] https://security-tracker.debian.org/tracker/CVE-2023-43377
https://www.cve.org/CVERecord?id=CVE-2023-43377
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Descrip
is verified as fixed in unstable
Regards,
Markus
diff -Nru libapache-mod-jk-1.2.48/debian/changelog
libapache-mod-jk-1.2.48/debian/changelog
--- libapache-mod-jk-1.2.48/debian/changelog2023-02-18 19:17:18.0
+0100
+++ libapache-mod-jk-1.2.48/debian/changelog2023-09-24 16:40
] the issue is verified as fixed in unstable
Regards,
Markus
diff -Nru libapache-mod-jk-1.2.48/debian/changelog
libapache-mod-jk-1.2.48/debian/changelog
--- libapache-mod-jk-1.2.48/debian/changelog2020-06-04 21:42:29.0
+0200
+++ libapache-mod-jk-1.2.48/debian/changelog2023-09-24 17:09
t.
librhino-java had to declare a versioned Breaks on shrinksafe and shrinksafe
had to add a versioned (Build-)Depends on rhino/librhino-java. In my opinion we
have the exact same situation here. In any case I leave that to the maintainers
of xrdp/xorgxrdp to resolve.
Regards,
Markus
signa
.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
683
(gdb)
Broadcast message from system@station (Sun 2023-09-17 12:21:49 CEST):
The system will reboot now!
Broadcast message from system@station (Sun 2023-09-17 12:21:49 CEST):
The system will reboot now!
Connection to station closed by remote host.
Connection to station closed.
pi@pi:~$
Best regards, Markus
Control: reassign -1 src:clanlib
Control: tags -1 pending
This is actually a bug in clanlib which surfaced because of the recent uploads
/ rebuilds against glibc > 2.34. The pthread_mutexattr_setkind_np symbol is
obsolete and has been replaced by pthread_mutexattr_settype.
signature.asc
Package: emscripten
Version: 3.1.6~dfsg-5
Severity: important
X-Debbugs-Cc: a...@debian.org
Dear maintainer,
emscripten fails to build from source with the latest version of
binaryen, currently 116, in experimental.
I'm attaching the complete build log. I intend to upload a new version
of
Control: forwarded -1 https://github.com/WebAssembly/binaryen/issues/5947
signature.asc
Description: This is a digitally signed message part
Control: forwarded -1 https://github.com/WebAssembly/binaryen/issues/5946
signature.asc
Description: This is a digitally signed message part
Package: ftp.debian.org
Severity: normal
Please the remove the version (2022.10+ds-5) that is currently in experimental
as it is much older than the version 2023.04+ds-5 in unstable.
Thanks a lot.
Kind regards,
Markus
to import it. (Closes: #1041422)
+
+ -- Markus Koschany Thu, 07 Sep 2023 21:22:17 +0200
+
openrefine (3.6.2-2) unstable; urgency=medium
* Depend on libjoda-time-java and liboro-java.
diff -Nru openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
I tried obtaining a stack and JS trace using GDB for an already running
gnome-shell like discribed here:
https://wiki.gnome.org/GettingInTouch/Bugzilla/GettingTraces/Details#Obtaining_a_stack_and_JS_trace_using_GDB_for_an_already_running_gnome-shell
But inbetween gnome-shell crashed and I had
Dear Maintainer,
The same bug happens on my machine. I sent a bug report to the gnome-shell
maintainers:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050502
Best regards, Markus
There was another vulnerability, CVE-2023-40477, fixed in version 2:6.23-
1~deb11u1 now.
signature.asc
Description: This is a digitally signed message part
* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[ ] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
rar is a binary blob which is why I cannot provide a useful debdiff.
Regards,
Markus
Another security vulnerability was discovered in unrar-nonfree, CVE-2023-40477.
This issue has been corrected in 1:6.0.3-1+deb11u3. I'm attaching the new
debdiff.
Regards,
Markus
diff -Nru unrar-nonfree-6.0.3/debian/changelog unrar-nonfree-6.0.3/debian/changelog
--- unrar-nonfree-6.0.3/debian
1 - 100 of 6121 matches
Mail list logo