Processing commands for cont...@bugs.debian.org:
> found 1031371 7.87.0-2
Bug #1031371 [src:curl] curl: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
Marked as found in versions curl/7.87.0-2.
> tags 1031371 + upstream
Bug #1031371 [src:curl] curl: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
"Theodore Ts'o" writes:
> On Wed, Feb 15, 2023 at 04:06:55PM -0700, Sam Hartman wrote:
>> You argue about shared libraries for non-packaged binaries. I think we
>> mostly don't care about that, and again, I think that's at least a
>> generally recognized thing that came out of our focus on
Just noticed this bug.
The discussion in this bug makes me worry that people do not fully
understand the implications of enabling 64-bit time and large file
system support respectively.
It's great to see people starting to care about this issue and fix
things (it's overdue), but I'm just chiming
On Wed, Feb 15, 2023 at 04:06:55PM -0700, Sam Hartman wrote:
>
> You argue about shared libraries for non-packaged binaries.
> I think we mostly don't care about that, and again, I think that's at
> least a generally recognized thing that came out of our focus on
> packages and package
Package: kaffeine
Version: 2.0.18-1+b1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: marathon.duran...@gmail.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Simply opening up Kaffeine
Your message dated Wed, 15 Feb 2023 23:21:34 +
with message-id
and subject line Bug#1030622: fixed in texlive-base 2022.20230122-2
has caused the Debian Bug report #1030622,
regarding tex-common package post-installation script subprocess returned error
exit status 1
to be marked as done.
Your message dated Wed, 15 Feb 2023 23:21:34 +
with message-id
and subject line Bug#1029913: fixed in texlive-base 2022.20230122-2
has caused the Debian Bug report #1029913,
regarding texlive-pictures:
/usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu: /tmp write
vulnerability
to be
Hi Jose,
Here are the relevant bug fixes -
[0] CVE - https://security-tracker.debian.org/tracker/CVE-2022-37704
https://www.cve.org/CVERecord?id=CVE-2022-37704
Fix - https://github.com/zmanda/amanda/pull/197
[1] CVE - https://security-tracker.debian.org/tracker/CVE-2022-37705
> "Theodore" == Theodore Ts'o writes:
Theodore> On Wed, Feb 15, 2023 at 01:17:38PM -0700, Sam Hartman wrote:
>>
>> I.E. I think your question of "for how long" has a very simple
>> answer based on our history: if we care about stability in this
>> instance it's for +/-1
On Wed, Feb 15, 2023 at 01:17:38PM -0700, Sam Hartman wrote:
>
> I.E. I think your question of "for how long" has a very simple answer
> based on our history: if we care about stability in this instance it's
> for +/-1 Debian release.
>
> I'm struggling trying to figure out whether we should
Source: curl
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for curl.
CVE-2023-23914
curl: HSTS ignored on multiple requests
https://curl.se/docs/CVE-2023-23916.html
CVE-2023-23915
curl: HSTS amnesia with --parallel
Source: php8.2
Version: 8.2.2-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for php8.2, making the
bureport RC to ideally have those fixed before bookworm release goes
out.
CVE-2023-0567[0]:
|
Processing control commands:
> tags -1 + patch
Bug #1030455 [src:schedule] schedule: FTBFS: AssertionError: ScheduleValueError
not raised by until
Added tag(s) patch.
--
1030455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030455
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tags -1 + patch
Hi schedule maintainers,
I prepared a patch fixing the present issue in attachment
(assuming I don't screw up my email); I also informed
upstream[1], although they didn't seem very active in the past
year. Instead of assuming tests are alway run on office hours,
I make
> "Theodore" == Theodore Ts'o writes:
the answer to your "how long" is that packages
>> should also work with the kernel from the previous and the kernel
>> from the next Debian release.
Theodore> This isn't a problem with the kernel.
I don't think that was Adrian's point.
I
Processing control commands:
> clone -1 -2
Bug #1030939 [e2fsprogs] e2fsprogs: generates filesystems that grub-install
doesn't recognize
Bug 1030939 cloned as bug 1031364
> reassign -2 vmdb2 0.26-2
Bug #1031364 [e2fsprogs] e2fsprogs: generates filesystems that grub-install
doesn't recognize
Bug
Control: clone -1 -2
Control: reassign -2 vmdb2 0.26-2
On 2023-02-14 01:01:38 +0100, Daniel Leidert wrote:
> Hi Steve,
>
> I believe that your fix to grub2 in Sid is not enough to handle
> #1030939/#1030846.
>
> This problem breaks e.g. vmdb2. I can no longer create a Bullseye
> system image
Source: qemu
Followup-For: Bug #1030545
After further investigation, the absence of the 'getenforce' binary in
the libguestfs build-deps appears to be a non-issue (and in hindsight was not
relevant in a 'src:qemu' bug thread, anyway). There is a comment[1] in
the source mentioning that failures
Processing commands for cont...@bugs.debian.org:
> # looks like there is an open bug upstream for some time...
> forwarded 1030455 https://github.com/dbader/schedule/issues/488
Bug #1030455 [src:schedule] schedule: FTBFS: AssertionError: ScheduleValueError
not raised by until
Set Bug
Siep Kroonenberg wrote:
> The problem was that the test was specifically for a file rather
> than for any filesystem item.
>
> In the updated TL package, the test has been removed altogether
> since there was already a later test for successful generation of a
> temp subdirectory.
>
> The
Your message dated Wed, 15 Feb 2023 18:19:46 +
with message-id
and subject line Bug#1030481: fixed in scanmem 0.17-5
has caused the Debian Bug report #1030481,
regarding scanmem: FTBFS: make: *** [debian/rules:6: binary] Error 25
to be marked as done.
This means that you claim that the
Your message dated Wed, 15 Feb 2023 18:19:45 +
with message-id
and subject line Bug#1028884: fixed in scanmem 0.17-5
has caused the Debian Bug report #1028884,
regarding scanmem: FTBFS: make: *** [debian/rules:6: binary] Error 25
to be marked as done.
This means that you claim that the
Package: librnp0
Version: 0.17.0~git20220428-1
Severity: serious
Justification: makes unrelated software on the system
Thre is no dependency and the packages installs but thunderbird do not manage
to dlopen the dddl and it breaks opengpg.
Downgrading to unstable version fixes the problem.
--
On Wed, Feb 15, 2023 at 11:47:08AM +0200, Adrian Bunk wrote:
>
> For normal library dependencies
> Depends: libc6 (>= 2.34)
> will do the right thing automatically.
Sure, but dependencies only apply if you are using building packages.
If you are not building packages, but just moving binaries
Your message dated Wed, 15 Feb 2023 16:58:25 +
with message-id
and subject line Bug#1031307: fixed in ruby-oj 3.14.2-1
has caused the Debian Bug report #1031307,
regarding ruby-oj: buf.h #includes mem.h that is not shipped
to be marked as done.
This means that you claim that the problem has
Your message dated Wed, 15 Feb 2023 16:21:13 +
with message-id
and subject line Bug#1030437: fixed in refstack-client
0.0.0~2021.08.18.fa73ef2524-4
has caused the Debian Bug report #1030437,
regarding refstack-client: FTBFS:
pkg_resources.extern.packaging.version.InvalidVersion: Invalid
Package: firefox
Version: 109.0-1
Severity: serious
Several vulnerabilities have been fixed in Firefox 110:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
So Firefox should be updated to this version. However, it now
build-depends on rustc >= 1.65, which will not be in unstable
Your message dated Wed, 15 Feb 2023 15:34:17 +
with message-id
and subject line Bug#984149: fixed in genparse 0.9.3-1
has caused the Debian Bug report #984149,
regarding genparse: ftbfs with GCC-11
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Processing control commands:
> tag -1 - d-i
Bug #1031354 [installation-reports] installation-reports: I cannot find
/usr/bin/ps in any package, but it is normally installed with via an ISO
install.
Removed tag(s) d-i.
> severity -1 normal
Bug #1031354 [installation-reports]
Control: tag -1 - d-i
Control: severity -1 normal
Hi,
Steve Roggenkamp (2023-02-15):
> Package: installation-reports
> Severity: serious
> Tags: d-i
> Justification: Policy 3.7, 10.1
> X-Debbugs-Cc: roggenka...@acm.org
>
> (Please provide enough information to help the Debian
> maintainers
Processing commands for cont...@bugs.debian.org:
> forwarded 984149 https://sourceforge.net/p/genparse/bugs/24/
Bug #984149 [src:genparse] genparse: ftbfs with GCC-11
Set Bug forwarded-to-address to 'https://sourceforge.net/p/genparse/bugs/24/'.
>
End of message, stopping processing here.
Please
Package: installation-reports
Severity: serious
Tags: d-i
Justification: Policy 3.7, 10.1
X-Debbugs-Cc: roggenka...@acm.org
(Please provide enough information to help the Debian
maintainers evaluate the report efficiently - e.g., by filling
in the sections below.)
Boot method: via a Docker build
Your message dated Wed, 15 Feb 2023 14:51:05 +
with message-id
and subject line Bug#1031230: fixed in spirv-tools 2023.1-2
has caused the Debian Bug report #1031230,
regarding spirv-tools: autopkgtest regression for glslang: undefined reference
to spvtools::CreateAggressiveDCEPass etc.
to be
Am 29.01.2023 um 00:00 teilte Frank Heckenbach mit:
Hello Frank,
Package: texlive-pictures
Version: 2020.20210202-3
Severity: grave
File: /usr/share/texlive/texmf-dist/scripts/epspdf/epspdf.tlu
Classic /tmp write vulnerability: function dir_writable writes to
"/tmp/1" (and if this fails,
Le mer. 15 févr. 2023 à 14:39, Thorsten Glaser a écrit :
> Hi James,
>
> (you might wish to Cc <${bugnumber}-submit...@bugs.debian.org> so they
> actually get the reply…)
>
> >Are you able to determine whether
> https://github.com/nodejs/node/issues/41163
> >(and/or any of the guidance within
Hi James,
(you might wish to Cc <${bugnumber}-submit...@bugs.debian.org> so they
actually get the reply…)
>Are you able to determine whether https://github.com/nodejs/node/issues/41163
>(and/or any of the guidance within that thread) seems relevant to this bug?
It appears so. I commented there,
Processing control commands:
> tag -1 pending
Bug #1026713 [src:apache-directory-server] apache-directory-server: FTBFS due
to compatibility issue with mina 2.2
Added tag(s) pending.
--
1026713: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026713
Debian Bug Tracking System
Contact
Control: tag -1 pending
Hello,
Bug #1026713 in apache-directory-server reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Package: gr-dab
Version: 0.4-2
Severity: grave
Justification: renders package unusable
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (150, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux
On Sat, Dec 31, 2022 at 12:53:46AM +, Thomas Goirand wrote:
> Control: tag -1 pending
>
> Hello,
>
> Bug #1026671 in python-mox3 reported by you has been fixed in the
> Git repository and is awaiting an upload. You can see the commit
> message below and you can check the diff of the fix at:
Processing commands for cont...@bugs.debian.org:
> fixed 1029247 0.0~git20221121142040.6be10b8+ds1-3
Bug #1029247 {Done: Roland Mas } [src:facet-analyser]
facet-analyser: FTBFS: unsatisfiable build-dependencies: libvtkgdcm-cil,
libvtkgdcm-java
Marked as fixed in versions
Processing commands for cont...@bugs.debian.org:
> notfound 1029247 0.0~git20221121142040.6be10b8+ds1-3
Bug #1029247 {Done: Roland Mas } [src:facet-analyser]
facet-analyser: FTBFS: unsatisfiable build-dependencies: libvtkgdcm-cil,
libvtkgdcm-java
Ignoring request to alter found versions of bug
Dear maintainer,
I've prepared an NMU for cmucl (versioned as 21d-2.1) and uploaded
it to DELAYED/2. Please feel free to tell me if I should cancel it.
cu
Adrian
diff -Nru cmucl-21d/debian/changelog cmucl-21d/debian/changelog
--- cmucl-21d/debian/changelog 2023-01-31 09:26:21.0 +0200
+++
Hi Paul,
I uploaded version 4.2.6 which passes the autopkgtest.
Do I have something to do to remove 4.2.5?
Regards,
Willem
On Sun, 5 Feb 2023 15:42:17 +0100 Paul Gevers wrote:
Source: findent
Version: 4.2.5-1
Severity: serious
User: debian...@lists.debian.org
Usertags: regression
Dear
Your message dated Wed, 15 Feb 2023 10:34:30 +
with message-id
and subject line Bug#1031336: fixed in python3-defaults 3.11.2-1
has caused the Debian Bug report #1031336,
regarding python3-distutils is not installable
to be marked as done.
This means that you claim that the problem has been
[Adrian Bunk]
> The following packages have unmet dependencies:
> python3-distutils : Depends: python3:any (>= 3.11.2-0~)
This issue seem to cause at least ring and eyed3 to refuse to build on
the buildd network because they need to wait for the non-existing
python3 package 3.11.2.
--
Happy
On Tue, Feb 14, 2023 at 08:46:53PM -0500, Theodore Ts'o wrote:
>...
> I will draw the analogy of building a program which links against
> glibc for Bookworm resulting in a binary that will not run on Buster.
> We expect that, and we tell people to use build chroots. This is not
> something which
Your message dated Wed, 15 Feb 2023 09:35:26 +
with message-id
and subject line Bug#1030416: fixed in python-os-api-ref 2.3.0+ds1-1
has caused the Debian Bug report #1030416,
regarding python-os-api-ref: FTBFS: make[1]: *** [debian/rules:19:
override_dh_auto_test] Error 1
to be marked as
Package: python3-distutils
Version: 3.11.2-1
Severity: serious
The following packages have unmet dependencies:
python3-distutils : Depends: python3:any (>= 3.11.2-0~)
49 matches
Mail list logo
