Hi,
Can this be backported to older Debian versions via the security repo?
This bug can be used to execute code when using the PHP engine:
* https://www.offensivecon.org/speakers/2024/charles-fol.html
* https://www.openwall.com/lists/oss-security/2024/04/18/4
Control: tags -1 + fixed-upstream patch
Patch can be found at
https://github.com/aio-libs/aiosmtpd/commit/827f2321b7a926f3e8ba2aad6387b36c7c2e0b9a.patch
Am Mo., 14. Nov. 2022 um 10:53 Uhr schrieb Pierre-Elliott Bécue
:
> I really don't need reminders about the bugs on my packages.
This is not a reminder. I was just going through the mailman3 packages
to understand what is currently blocking the migration of packages.
And when I found out what is
Control: tags -1 + fixed-upstream patch
This problem currently blocks various mailman3 related packages from
migrating to Debian bookwoom.
But it seems like this is fixed by 1.3.6:
https://docs.mailman3.org/projects/hyperkitty/en/latest/news.html#news-1-3-6
Control: tags -1 + fixed-upstream patch
This problem currently blocks various mailman3 related packages from
migrating to Debian bookwoom.
But it seems like this is fixed by 1.3.8:
https://pypi.org/project/django-mailman3/
(btw. thanks for the mailman 3.3.7 upload)
Control: tags 995779 + patch
This is the upstream merged fix for sqlalchemy 1.4:
https://gitlab.com/mailman/mailman/-/commit/c926e3d54680d4fac0648cde036368c699976038
Completely disabling the autoupdater was an extremely bad idea. Now
even various autoupdater scripts to update the global version in
/usr/lib/chromium/WidevineCdm don't work anymore - so leaving users in
a broken state.
See also #981069
Package: libselinux1
Version: 2.8-1+b1
Severity: grave
Right now, an update from buster to bullseye on amd64 completely
bricks the system because libselinux1 is requiring a libc6 which is
not yet installed on the system:
Preparing to unpack .../0-libselinux1_3.1-2+b2_amd64.deb ...
> Control: reassign -1 libqt5core5a/5.11.3+dfsg-2
> Control: affects -1 plasma-desktop
>
> Control: severity -1 important
>
> Please, don't abuse the bugs severity just to get more attention.
I didn't abuse the severity. The
https://www.debian.org/Bugs/Developer#severities has an entry "makes
> On Sun, 17 Feb 2019, Charlemagne Lasse wrote:
> > perl: warning: Setting locale failed.
> > perl: warning: Please check that your locale settings:
> > LANGUAGE = "en_US:en",
> > LC_ALL = (unset),
> > LC_TIME = "en_DE.UTF-8",
> >
See also https://bugs.debian.org/922500
Package: plasma-desktop
Version: 4:5.14.5-1
Severity: critical
Justification: makes unrelated software break on the system
The "regional settings" allow to select various regions which are not
available on the system (even with locales-all). An example here is
en_DE (Germany) for "Time". This is
Package: tex-common
Version: 6.10
Severity: serious
Justification: Fails to install on a normal KDE installation with
"Germany" setting as Time localization
The installation works fine with LC_TIME=C but not with the setting
generated by KDE LC_TIME=en_DE.UTF-8. The aptitude output follows and
at
Source: firefox-esr
Version: 60.5.0esr-1
Severity: grave
Tags: patch
Forwarded: https://bugzilla.mozilla.org/show_bug.cgi?id=1526648
Noticed while trying to prepare the mini fix for https://bugs.debian.org/921381
/usr/bin/g++ -o Unified_cpp_certverifier0.o -c -Ibuster/stl_wrappers
Source: chromium
Version: 72.0.3626.81-1
Severity: grave
X-Debbugs-CC: 856...@bugs.debian.org
FAILED: obj/media/gpu/vaapi/vaapi/vaapi_wrapper.o
g++ -MMD -MF obj/media/gpu/vaapi/vaapi/vaapi_wrapper.o.d
-DMEDIA_GPU_IMPLEMENTATION -DV8_DEPRECATION_WARNINGS -DUSE_UDEV
-DUSE_AURA=1 -DUSE_GLIB=1
tags 921738 + wontfix
bye
This package is *not* widevine. It is the *support* for the legacy
widevine cdm. You still have to download the widevine cdm from
widevine.com/google. Google prohibits its distribution without a
license:
> "Google Inc. and its affiliates ("Google") own all legal right,
Package: chromium
Version: 71.0.3578.80-1~deb9u1
Severity: serious
The stable-sec package is stuck with version 71.0.3578.80 and is
missing security updates for several CVEs. Take for example the list
from 72.0.3626.81
- Stack buffer overflow in Skia. Reported by Ivan Fratric
- Use after free
found 904652 11.1-5
thanks
> i didn't do anything.
> Upgrading the system like always.
> Suddenly there was no sound available.
Change /etc/pulse/default.pa to automatically load module-alsa-sink on
boot (module-udev-detect is broken and will not load the alsa-sink
anymore)
This is also a
Package: prosody
Version: 0.9.12-1
Severity: serious
Tags: patch stretch
Prosody fails to intiate S2S connections when lua-event 0.4.3 is
installed. This bug was already fixed in the 0.10 branch of prosody
but is still present on Debian stretch (which is shipped with
lua-event 0.4.3)
The fix can
Package: gcc-6
Version: 6.2.0-10
Severity: serious
X-Debbugs-CC: lede-...@lists.infradead.org
There is a regression after gcc-6 6.2.0-6. I get following output when
trying to compile LEDE/OpenWrt "Please install a static zlib"
This is wrong
$ ls -ltr /usr/lib/x86_64-linux-gnu/libz.a
-rw-r--r--
Source: libretro-mupen64plus
Version: 2.0+git20160207+dfsg2-1
Severity: serious
Marked as serious because it is a violation of paragraph 4.13 from the
Debian Policy.
Debian should not ship the same things twice. So the Debian Games Team
should decide whether it wants to ship mupen64plus-* or
21 matches
Mail list logo
