Your message dated Sat, 02 May 2020 04:48:44 +
with message-id
and subject line Bug#959391: fixed in wordpress 5.4.1+dfsg1-1
has caused the Debian Bug report #959391,
regarding wordpress: CVE-2020-11025 CVE-2020-11026 CVE-2020-11027
CVE-2020-11028 CVE-2020-11029 CVE-2020-11030
to be marked
Control: tag -1 pending
Hello,
Bug #959391 in SOURCENAME reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #959391 [src:wordpress] wordpress: CVE-2020-11025 CVE-2020-11026
CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030
Added tag(s) pending.
--
959391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959391
Debian Bug Tracking System
Processing control commands:
> tag -1 pending
Bug #959391 [src:wordpress] wordpress: CVE-2020-11025 CVE-2020-11026
CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030
Ignoring request to alter tags of bug #959391 to the same tags previously set
--
959391:
Control: tag -1 pending
Hello,
Bug #959391 in SOURCENAME reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing commands for cont...@bugs.debian.org:
> reassign 959394 src:libgtk2-perl
Bug #959394 [libgtk2-perl] perlapi-5.28.1: Package Won't Install
Bug reassigned from package 'libgtk2-perl' to 'src:libgtk2-perl'.
Ignoring request to alter found versions of bug #959394 to the same values
Processing control commands:
> reassign -1 libgtk2-perl
Bug #959394 [perlapi-5.28.1] perlapi-5.28.1: Package Won't Install
Warning: Unknown package 'perlapi-5.28.1'
Bug reassigned from package 'perlapi-5.28.1' to 'libgtk2-perl'.
Ignoring request to alter found versions of bug #959394 to the same
Processing control commands:
> reassign -1 src:librime
Bug #959223 [fcitx] fcitx won't start anymore
Bug reassigned from package 'fcitx' to 'src:librime'.
No longer marked as found in versions fcitx/1:4.2.9.7-3.
Ignoring request to alter fixed versions of bug #959223 to the same values
Control: reassign -1 src:librime
Control: affects -1 fcitx
Control: tags -1 +confirmed
It's almost certainly caused by the upgrade of libopencc, the ABI of which is
really fragile and thus requires a full rebuild of all reverse dependencies
each time, including librime.
I will be rebuilding the
Source: yaml-cpp
Version: 0.6.3-1
Severity: grave
Justification: FTBFS
Dear Debian yaml-cpp maintainer,
Unfortunately yaml-cpp currently FTBFS on mipsel architecture. Build logs
indicate that it might be caused by the exhaustion of memory:
as: out of memory allocating 7161456 bytes after a
Control: reassign -1 ruby2.7
Control: found -1 2.7.0-6
On Fri, May 01, 2020 at 10:23:56PM +0200, Paul Gevers wrote:
> Using system bundler...
> Installing gems with rubygems ...
> sh: 1: bundle: not found
libruby2.7 now has some Provides: for libraries builtin to the standard
library, including
Processing control commands:
> reassign -1 ruby2.7
Bug #959393 [libruby2.7] ruby2.7 breaks diaspora-installer autopkgtest: sh: 1:
bundle: not found
Bug reassigned from package 'libruby2.7' to 'ruby2.7'.
No longer marked as found in versions ruby2.7/2.7.0-6.
Ignoring request to alter fixed
This is the analysis of the latest WordPress security bugs.
Is it awesome upstream already has CVE IDs and (almost) clear patches of
the fixes? Yes, it is!
Sid: 5.4
All vulnerabilities, use upstream 5.4.1
Bullseye: 5.3.2
Processing control commands:
> reassign -1 libruby2.7
Bug #959393 [src:ruby2.7, src:diaspora-installer] ruby2.7 breaks
diaspora-installer autopkgtest: sh: 1: bundle: not found
Bug reassigned from package 'src:ruby2.7, src:diaspora-installer' to
'libruby2.7'.
No longer marked as found in
Control: reassign -1 libruby2.7
Control: found -1 2.7.0-6
On Fri, May 01, 2020 at 09:12:57PM -0300, Antonio Terceiro wrote:
> Control: reassign -1 ruby2.7
> Control: found -1 2.7.0-6
>
> On Fri, May 01, 2020 at 10:23:56PM +0200, Paul Gevers wrote:
> > Using system bundler...
> > Installing gems
Hi Salvatore,
Thanks for the bug report. I'll look into it today and yes its good we
finally have CVE IDs to work with.
On Sat, 2 May 2020 at 06:21, Salvatore Bonaccorso wrote:
> example CVE-2020-11030 lists via the GHSA as affected versions 5.2 to
> 5.4, and patched in 5.4.1, 5.3.3 and
Control: tags 897768 + patch
Control: tags 897768 + pending
Dear maintainer,
I've prepared an NMU for hmat-oss (versioned as 1.2.0-2.1) and
uploaded it to mentors for sponsoring. Please feel free to tell me if I
should remove it.
--
Regards
Sudip
diff -Nru hmat-oss-1.2.0/debian/changelog
Processing control commands:
> tags 897768 + patch
Bug #897768 [src:hmat-oss] hmat-oss: ftbfs with GCC-8
Added tag(s) patch.
> tags 897768 + pending
Bug #897768 [src:hmat-oss] hmat-oss: ftbfs with GCC-8
Added tag(s) pending.
--
897768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897768
Processing commands for cont...@bugs.debian.org:
> tags 959189 + sid bullseye
Bug #959189 [bbswitch-dkms] bbswitch-dkms: fails to build for kernel 5.6.7
Added tag(s) sid and bullseye.
> tags 959364 + sid bullseye
Bug #959364 [acpi-call-dkms] acpi-call-dkms: fails to build on kernel 5.6
Added
On 14/04/20 at 10:50 +0200, Andreas Tille wrote:
> Hi Lucas,
>
> this seems to have been a temporary issue. Seqsero builds fine and all
> its (Build-)Depends are available.
>
> > The full build log is available from:
> >http://qa-logs.debian.net/2020/04/02/seqsero_1.0.1+dfsg-2_unstable.log
Source: ruby2.7, diaspora-installer
Control: found -1 ruby2.7/2.7.0-6
Control: found -1 diaspora-installer/0.7.6.1+debian1
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update
Dear maintainer(s),
With a
Processing control commands:
> found -1 ruby2.7/2.7.0-6
Bug #959393 [src:ruby2.7, src:diaspora-installer] ruby2.7 breaks
diaspora-installer autopkgtest: sh: 1: bundle: not found
Marked as found in versions ruby2.7/2.7.0-6.
> found -1 diaspora-installer/0.7.6.1+debian1
Bug #959393 [src:ruby2.7,
Source: wordpress
Version: 5.4+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for wordpress.
Fortunately this time additionally to [6], there are GHSA advisories
associated with each of this CVEs (advantage of
Source: ruby-faye
Version: 1.2.4-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for ruby-faye.
CVE-2020-11020[0]:
| Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4,
| 1.1.3 and 1.2.5, has the potential
Processing control commands:
> found -1 adwaita-icon-theme/3.36.1-1
Bug #959390 [src:adwaita-icon-theme, src:gtk+3.0] adwaita-icon-theme breaks
gtk+3.0 autopkgtest: gtk+/icontheme.test (Child process killed by signal 5)
Marked as found in versions adwaita-icon-theme/3.36.1-1.
> found -1
Source: adwaita-icon-theme, gtk+3.0
Control: found -1 adwaita-icon-theme/3.36.1-1
Control: found -1 gtk+3.0/3.24.18-1
Severity: serious
Tags: sid bullseye
X-Debbugs-CC: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: breaks needs-update
Dear maintainer(s),
With a recent
Hi Lev, Jonas,
I've uploaded 8.1.30. We should be getting really close to 8.2
now. There are a couple of outstanding issues, notably for the
development tools.
Cheers --- Jan
On 4/30/20 3:13 PM, Lev Lamberov wrote:
Sure, that's what we need. Thanks, Jan!
Your message dated Fri, 01 May 2020 19:17:08 +
with message-id
and subject line Bug#945344: fixed in uim 1:1.8.8-4+deb10u3
has caused the Debian Bug report #945344,
regarding libuim-data: registers unusable "tutcode" module
to be marked as done.
This means that you claim that the problem has
Your message dated Fri, 1 May 2020 19:06:49 +
with message-id <20200501190649.GZ29437@localhost>
and subject line Close #954278
has caused the Debian Bug report #954278,
regarding rust-cookie-factory: autopkgtest failure.
to be marked as done.
This means that you claim that the problem has
Processing control commands:
> close -1 3.4.4-4
Bug #959386 [src:php-imagick] src:php-imagick: fails to migrate to testing for
too long: FTBFS on armel
Marked as fixed in versions php-imagick/3.4.4-4.
Bug #959386 [src:php-imagick] src:php-imagick: fails to migrate to testing for
too long: FTBFS
Source: php-imagick
Version: 3.4.4-3
Severity: serious
Control: close -1 3.4.4-4
Tags: sid bullseye
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
As recently announced [1], the Release Team now considers packages that
are out-of-sync between testing and
Your message dated Fri, 01 May 2020 18:32:08 +
with message-id
and subject line Bug#928282: fixed in filezilla 3.39.0-2+deb10u1
has caused the Debian Bug report #928282,
regarding filezilla: CVE-2019-5429
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Fri, 01 May 2020 18:32:11 +
with message-id
and subject line Bug#943612: fixed in owfs 3.2p3+dfsg1-2+deb10u1
has caused the Debian Bug report #943612,
regarding python3-ownet: Python2-only code shipped in Python3 module
to be marked as done.
This means that you claim that
Your message dated Fri, 01 May 2020 17:50:02 +
with message-id
and subject line Bug#954305: fixed in python-udatetime 0.0.16-3
has caused the Debian Bug report #954305,
regarding python-udatetime: shared library is not properly linked with libm
to be marked as done.
This means that you claim
Your message dated Fri, 01 May 2020 17:50:02 +
with message-id
and subject line Bug#953539: fixed in python-udatetime 0.0.16-3
has caused the Debian Bug report #953539,
regarding test fails in current unstable during the build
to be marked as done.
This means that you claim that the problem
control: found -1 1:4.2.9.7-3
control: notfound -1 4.2.9.7-3
Dear Maintainer,
I tried to collect some more information form the backtrace at
the end of the information in the submitters linked diagnose.
Below are the source locations where the backtraces points to.
Kind regards,
Bernhard
Your message dated Fri, 01 May 2020 17:52:02 +
with message-id
and subject line Bug#959157: fixed in wireguard-linux-compat 1.0.20200429-2
has caused the Debian Bug report #959157,
regarding fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
to be marked as done.
This means that
Processing control commands:
> found -1 1:4.2.9.7-3
Bug #959223 [fcitx] fcitx won't start anymore
Marked as found in versions fcitx/1:4.2.9.7-3.
> notfound -1 4.2.9.7-3
Bug #959223 [fcitx] fcitx won't start anymore
There is no source info for the package 'fcitx' at version '4.2.9.7-3' with
Control: tag -1 pending
Hello,
Bug #954305 in python-udatetime reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #954305 [src:python-udatetime] python-udatetime: shared library is not
properly linked with libm
Added tag(s) pending.
--
954305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954305
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tag -1 pending
Hello,
Bug #953539 in python-udatetime reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #953539 [src:python-udatetime] test fails in current unstable during the
build
Added tag(s) pending.
--
953539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 upstream
Control: forwarded -1 https://github.com/bbuchfink/diamond/issues/348
Processing control commands:
> tags -1 upstream
Bug #959374 [src:diamond-aligner] diamond-aligner FTBFS on big endian
Added tag(s) upstream.
> forwarded -1 https://github.com/bbuchfink/diamond/issues/348
Bug #959374 [src:diamond-aligner] diamond-aligner FTBFS on big endian
Set Bug
Processing commands for cont...@bugs.debian.org:
> unarchive 952009
Bug #952009 {Done: =?utf-8?q?H=C3=A5vard_Flaget_Aasen?=
} [src:c-icap-modules] c-icap-modules: FTBFS:
clamav_mod.c:108:13: error: expected identifier or ‘(’ before string constant
Unarchived Bug 952009
> thanks
Stopping
Package: gap-guava-bin
Version: 3.15+ds-1
Severity: serious
Dear Debian Science Maintainers,
Please update gap-guava for the new GAP ABI.
1) GAP 4.11.0 includes libgap7, libgap-dev as a normal Debian
shared library package.
2) There is now an officially supported ABI for the GAP kernel.
the
Processing commands for cont...@bugs.debian.org:
> unarchive 945456
Bug #945456 {Done: Debian FTP Masters }
[xul-ext-torbirdy] xul-ext-torbirdy: Torbirdy is incompatible with Thunderbird
> 60
Unarchived Bug 945456
> severity 945456 grave
Bug #945456 {Done: Debian FTP Masters }
Thank you for moving the bug report to the correct source package.
The changes made do not address the bug, I'm afraid. wireguard-dkms
fails to install because kernel-image 4.19.0-9 includes a backported
change that is not caught by the pragmas in compat.h. This backport
might be a Debian-ism
Source: diamond-aligner
Version: 0.9.31-2
Severity: serious
Tags: ftbfs
diamond-aligner FTBFS on the big endian architectures
s390x/ppc64/sparc64.
Either this should get fixed, or these architectures should
also be removed from the architecture list.
Your message dated Fri, 01 May 2020 14:49:25 +
with message-id
and subject line Bug#925747: fixed in libkibi 0.1.1-2.1
has caused the Debian Bug report #925747,
regarding libkibi: ftbfs with GCC-9
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Your message dated Fri, 01 May 2020 14:38:09 +
with message-id
and subject line Bug#959110: fixed in node-babel7 7.4.5-4
has caused the Debian Bug report #959110,
regarding node-babel7 is missing @babel/runtime/helpers
to be marked as done.
This means that you claim that the problem has been
Your message dated Fri, 01 May 2020 13:33:34 +
with message-id
and subject line Bug#952334: fixed in gcl 2.6.12-95
has caused the Debian Bug report #952334,
regarding gcl: FTBFS: Unrecoverable error: Segmentation violation..
to be marked as done.
This means that you claim that the problem
Package: acpi-call-dkms
Version: 1.1.0-5
Severity: serious
Tags: patch ftbfs
Justification: fails to build from source
Dear Maintainer,
Building modules for kernel 5.6.0-1-amd64 fails with
error: passing argument 4 of ‘proc_create’ from incompatible pointer type
[...]
expected ‘const
Processing commands for cont...@bugs.debian.org:
> forwarded 959110 https://github.com/babel/babel/issues/11505
Bug #959110 [node-babel7] node-babel7 is missing @babel/runtime/helpers
Set Bug forwarded-to-address to 'https://github.com/babel/babel/issues/11505'.
> thanks
Stopping processing here.
On Fri, May 1, 2020 at 12:06 am, Pirate Praveen
wrote:
at least
packages/babel-plugin-transform-runtime/scripts/build-dist.js should
be run during build to fix this.
I think it is safer to run make build.
I got make build to run without babel-standalone target, it still did
not
Processing commands for cont...@bugs.debian.org:
> affects 958515 src:proteinortho
Bug #958515 {Done: Andreas Tille } [src:diamond-aligner,
src:proteinortho] diamond-aligner breaks proteinortho autopkgtest on arm64:
Error: wrong fromat
Added indication that 958515 affects src:proteinortho
>
Processing commands for cont...@bugs.debian.org:
> notfound 958515 proteinortho/6.0.14+dfsg-1
Bug #958515 {Done: Andreas Tille } [src:diamond-aligner,
src:proteinortho] diamond-aligner breaks proteinortho autopkgtest on arm64:
Error: wrong fromat
No longer marked as found in versions
Hi,
Thank you for checking about obsolete package,
but I have a computer (i386) that is still using it,
Is debian planning to get rid of this arch soon ?
If not I can rebuild a version based on the sources at:
https://github.com/abandonware/atitvout
Since SVN repo is gone:
On Fri, May 1, 2020 at 3:05 AM Jeffrey Walton wrote:
>
> On Fri, May 1, 2020 at 2:14 AM Andreas Tille wrote:
> >
> > ...
> > ==13209== Process terminating with default action of signal 10 (SIGBUS)
> > ==13209==at 0x12D5CC: PairDistances (pair_dist.c:346)
> > ==13209==by 0x119410:
Source: libcap-ng
Version: 0.7.9-2.1
Severity: serious
Tags: ftbfs patch
User: helm...@debian.org
Usertags: rebootstrap
libcap-ng fails to build from source, because linux-libc-dev no longer
provides linux-kernel-headers, which is what libcap-ng Build-Depends on.
Please transition your dependency
On Fri, May 1, 2020 at 2:14 AM Andreas Tille wrote:
>
> ...
> ==13209== Process terminating with default action of signal 10 (SIGBUS)
> ==13209==at 0x12D5CC: PairDistances (pair_dist.c:346)
> ==13209==by 0x119410: AlignmentOrder (clustal-omega.c:835)
> ==13209==by 0x11A6C4: Align
Package: fcitx
Version: 4.2.9.7-3
Severity: serious
Dear Maintainer,
I don't think I've done anything fcitx- or input-method-related, but
fcitx just won't start after a normal reboot. I tried issuing fcitx
command in a terminal but fcitx didn't show up either.
Here is the output from
Processing commands for cont...@bugs.debian.org:
> forwarded 936557 https://github.com/freeorion/freeorion/pull/2653
Bug #936557 [src:freeorion] freeorion: Python2 removal in sid/bullseye
Changed Bug forwarded-to-address to
'https://github.com/freeorion/freeorion/pull/2653' from
Hi Matthew,
On Thu, Apr 30, 2020 at 05:53:29PM -0700, Matthew Fernandez wrote:
>
> Is the priority goal here to simply ship a non-crashing clustalo mipsel
> binary that BioPython can depend on? If so, maybe we can just disable
> compiler optimisation (-O0) and this may avoid provoking the bus
64 matches
Mail list logo
