Bug#831835: Mentioned in Tor trac

[24351]

CloudFlare's MITM activity is widely discussed in the Tor Project ticket.
This bug is mentioned on this webpage:
https://trac.torproject.org/projects/tor/ticket/24351

iceweasel should not support MITM, therefore I want you to delist
Cloudflare certificate from SSL trust chain.

And also update F-Droid's iceweasel :)

Processed: tagging 882100

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 882100 + pending
Bug #882100 [src:kde-l10n] kgoldrunner: File conflict with kde-l10n-de
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882100
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#882100: kgoldrunner: File conflict with kde-l10n-de

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 882100 src:kde-l10n kde-l10n/4:17.08.3-1
Bug #882100 [kgoldrunner] kgoldrunner: File conflict with kde-l10n-de
Bug reassigned from package 'kgoldrunner' to 'src:kde-l10n'.
No longer marked as found in versions kgoldrunner/4:17.08.3-1.
Ignoring request to alter fixed versions of bug #882100 to the same values 
previously set
Bug #882100 [src:kde-l10n] kgoldrunner: File conflict with kde-l10n-de
The source kde-l10n and version 4:17.08.3-1 do not appear to match any binary 
packages
Marked as found in versions kde-l10n/4:17.08.3-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882100
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882100: kgoldrunner: File conflict with kde-l10n-de

[Pino Toscano]

reassign 882100 src:kde-l10n kde-l10n/4:17.08.3-1
thanks

Hi,

In data domenica 19 novembre 2017 00:23:12 CET, Sandro Knauß ha scritto:
> Package: kgoldrunner
> Version: 4:17.08.3-1
> Severity: grave
> Justification: renders package unusable
> 
> Hey,
> 
> there is a file conflict with kde-l10n-de 4:17.04.3-1, so it needs to Breaks 
> with that:
> 
> dpkg: error processing archive
> /tmp/apt-dpkg-install-AL96il/23-kgoldrunner_4%3a17.08.3-1_amd64.deb
> (--unpack):
>  trying to overwrite '/usr/share/locale/de/LC_MESSAGES/kgoldrunner.mo',
>  which is also in package kde-l10n-de 4:17.04.3-1
>  dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)

This cannot be fixed properly in kgoldrunner (and in the other
applications I uploaded yesterday), otherwise it will make kde-l10n
uninstallable in general.  Let's fix this in kde-l10n instead.

This affects only people using kde-l10n from experimental, and it will
not be a problem in the long term.

-- 
Pino Toscano

signature.asc
Description: This is a digitally signed message part.

Bug#827076: marked as done (src:gridengine: FTBFS with openssl 1.1.0)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 05:49:41 +
with message-id 
and subject line Bug#827076: fixed in gridengine 8.1.9+dfsg-6
has caused the Debian Bug report #827076,
regarding src:gridengine: FTBFS with openssl 1.1.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:gridengine
Version: 8.1.8+dfsg-6
Severity: important

As posted by Kurt Roeckx to debian-devel [1]:

~~~
The release of OpenSSL 1.1.0 is getting nearer.  Some packages
will no longer build with the new version without changes.  Most
of those changes should be trivial, like you can't allocate some
structures on the stack anymore and need to use the correct _new()
and _free() function.

It can also mean that you can't directly access some members of
those structures anymore and need to use a function instead.

There is an upstream wiki page for this at:
https://wiki.openssl.org/index.php/1.1_API_Changes

If things aren't clear, you have questions, are there are missing
access functions please contact us.

I've uploaded packages to experimental, so you can use those to
test things.

We did a rebuild of all packages build-depending on libssl-dev.
You can see the result of that here:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/
~~~

The build log for gridengine is at 


The severity is set to important until the transition becomes imminent, after 
which it should become release-critical.

1. https://lists.debian.org/debian-devel/2016/06/msg00205.html
--- End Message ---
--- Begin Message ---
Source: gridengine
Source-Version: 8.1.9+dfsg-6

We believe that the bug you reported is fixed in the latest version of
gridengine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Afif Elghraoui  (supplier of updated gridengine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 19 Nov 2017 00:18:39 -0500
Source: gridengine
Binary: gridengine-common gridengine-client gridengine-qmon gridengine-master 
gridengine-exec gridengine-dev gridengine-drmaa1.0 libdrmaa1.0-java 
libdrmaa1.0-java-doc gridengine-drmaa-dev libdrmaa1.0-ruby
Architecture: source
Version: 8.1.9+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Grid Engine Maintainers 

Changed-By: Afif Elghraoui 
Description:
 gridengine-client - Utilities for Grid Engine queue management
 gridengine-common - Distributed resource management - common files
 gridengine-dev - Distributed resource management - development files
 gridengine-drmaa-dev - Distributed resource management Application API library 
- develop
 gridengine-drmaa1.0 - Distributed resource management Application API library
 gridengine-exec - Distributed resource management - Execution Server
 gridengine-master - Distributed resource management - Master Server
 gridengine-qmon - Graphical utilities for Grid Engine queue management
 libdrmaa1.0-java - Distributed resource management Application API library - 
Java bi
 libdrmaa1.0-java-doc - Distributed resource management Application API library 
- Java bi
 libdrmaa1.0-ruby - Distributed resource management Application API library - 
Ruby bi
Closes: 827076
Changes:
 gridengine (8.1.9+dfsg-6) unstable; urgency=medium
 .
   * Fix FTBFS with openssl 1.1
 Thanks to Mark Hymers for the patches (Closes: #827076)
   * Bump Standards-Version to 4.1.1
   * Drop explicit build-dependency on autotools-dev
Checksums-Sha1:
 28bcae113ebe8c2f063c938ff7038579149605bb 3080 gridengine_8.1.9+dfsg-6.dsc
 67cceb2fb8213a0fa53e7b73b432fa22a9fb1953 44376 
gridengine_8.1.9+dfsg-6.debian.tar.xz
 7abfe99b8a24106135120805fd87f0244abca915 8367 
gridengine_8.1.9+dfsg-6_source.buildinfo
Checksums-Sha256:
 bbd16a161adb2bb6e13dfcf8f7b2ddda0220a3f430202c5c3f23fc7c9253b82b 3080 

Bug#828329: marked as done (gridengine: FTBFS with openssl 1.1.0)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 05:49:41 +
with message-id 
and subject line Bug#827076: fixed in gridengine 8.1.9+dfsg-6
has caused the Debian Bug report #827076,
regarding gridengine: FTBFS with openssl 1.1.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
827076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827076
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gridengine
Version: 8.1.8+dfsg-6
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/gridengine_8.1.8+dfsg-6_amd64-20160529-1424

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt
--- End Message ---
--- Begin Message ---
Source: gridengine
Source-Version: 8.1.9+dfsg-6

We believe that the bug you reported is fixed in the latest version of
gridengine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 827...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Afif Elghraoui  (supplier of updated gridengine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 19 Nov 2017 00:18:39 -0500
Source: gridengine
Binary: gridengine-common gridengine-client gridengine-qmon gridengine-master 
gridengine-exec gridengine-dev gridengine-drmaa1.0 libdrmaa1.0-java 
libdrmaa1.0-java-doc gridengine-drmaa-dev libdrmaa1.0-ruby
Architecture: source
Version: 8.1.9+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Grid Engine Maintainers 

Changed-By: Afif Elghraoui 
Description:
 gridengine-client - Utilities for Grid Engine queue management
 gridengine-common - Distributed resource management - common files
 gridengine-dev - Distributed resource management - development files
 gridengine-drmaa-dev - Distributed resource management Application API library 
- develop
 gridengine-drmaa1.0 - Distributed resource management Application API library
 gridengine-exec - Distributed resource management - Execution Server
 gridengine-master - Distributed resource management - Master Server
 gridengine-qmon - Graphical utilities for Grid Engine queue management
 libdrmaa1.0-java - Distributed resource management Application API library - 
Java bi
 libdrmaa1.0-java-doc - Distributed resource management Application API library 
- Java bi
 libdrmaa1.0-ruby - Distributed resource management Application API library - 
Ruby bi
Closes: 827076
Changes:
 gridengine (8.1.9+dfsg-6) unstable; urgency=medium
 .
   * Fix FTBFS with openssl 1.1
 Thanks to Mark Hymers for the patches (Closes: #827076)
   * Bump Standards-Version to 4.1.1
   * Drop explicit build-dependency on autotools-dev
Checksums-Sha1:
 28bcae113ebe8c2f063c938ff7038579149605bb 3080 gridengine_8.1.9+dfsg-6.dsc
 67cceb2fb8213a0fa53e7b73b432fa22a9fb1953 44376 
gridengine_8.1.9+dfsg-6.debian.tar.xz
 7abfe99b8a24106135120805fd87f0244abca915 8367 
gridengine_8.1.9+dfsg-6_source.buildinfo
Checksums-Sha256:
 bbd16a161adb2bb6e13dfcf8f7b2ddda0220a3f430202c5c3f23fc7c9253b82b 3080 
gridengine_8.1.9+dfsg-6.dsc
 a5886feeb9d968a98465fde02e43b60419c18f6524850aa0c5ea334d209385f6 44376 
gridengine_8.1.9+dfsg-6.debian.tar.xz
 5466a4c6422dfe9bec6d3ffbf8af9a8d212e4a29d2846f5b850b6d744706e6fe 8367 
gridengine_8.1.9+dfsg-6_source.buildinfo
Files:
 d7a64d409b0b690f3e50744b70270fb3 3080 utils optional 
gridengine_8.1.9+dfsg-6.dsc
 77372e528b57ffb7bb141c2d71db4cfa 44376 utils optional 
gridengine_8.1.9+dfsg-6.debian.tar.xz
 e0e6ba465347bbc16400083c78e6adab 8367 utils optional 

Bug#827076: in package pkg-gridengine marked as pending

[Afif Elghraoui]

Control: tag 827076 pending

Bug #827076 in package pkg-gridengine reported by you has been fixed in
the pkg-gridengine/pkg-gridengine.git Git repository. You can see the changelog 
below, and
you can check the diff of the fix at:


https://anonscm.debian.org/cgit/pkg-gridengine/pkg-gridengine.git/commit/?id=79e60e7

---
commit 79e60e7821db901b21e760a5609263e7b2d8f688
Author: Afif Elghraoui 
Date:   Sun Nov 19 00:19:43 2017 -0500

releasing package gridengine version 8.1.9+dfsg-6

diff --git a/debian/changelog b/debian/changelog
index d7dbfa8..1c4218c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+gridengine (8.1.9+dfsg-6) unstable; urgency=medium
+
+  * Fix FTBFS with openssl 1.1
+Thanks to Mark Hymers for the patches (Closes: #827076)
+  * Bump Standards-Version to 4.1.1
+  * Drop explicit build-dependency on autotools-dev
+
+ -- Afif Elghraoui   Sun, 19 Nov 2017 00:18:39 -0500
+
 gridengine (8.1.9+dfsg-5) unstable; urgency=medium
 
   * Wrap qstatus and qsched commands (Closes: #870637)

Processed: Bug#827076 in package pkg-gridengine marked as pending

[Debian Bug Tracking System]

Processing control commands:

> tag 827076 pending
Bug #827076 [src:gridengine] src:gridengine: FTBFS with openssl 1.1.0
Bug #828329 [src:gridengine] gridengine: FTBFS with openssl 1.1.0
Added tag(s) pending.
Added tag(s) pending.

-- 
827076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827076
828329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828329
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#859550: pgadmin3: Please migrate to openssl1.1 in buster

[Cyril Brulebois]

Control: tag -1 patch

Hi Sebastian, hi Denis,

Sebastian Andrzej Siewior  (2017-11-14):
> On 2017-10-21 16:37:14 [+0200], Denis Briand wrote:
> > Pgadmin3 is no longer supported by upstream team and I haven't
> > enought skills in openssl lib to fix this bug. Feel free to raise
> > the bug severity to prevent pgadmin3 to be in buster.
> > 
> > In a marvelous world we should build pgadmin4 instead but it's
> > completly not the same interface (web) and needs many work hours and
> > skills in web software package building.
> 
> What is your final pgadmin plan for Buster? According to the webpage 3
> is no longer supported. Do you want 3 in or plan to package 4?

I've had the pleasure to discuss this with Denis at MiniDebConf in
Toulouse, and AFAIUI it seems it would be nice to keep pgadmin3 around
until pgadmin4 gets packaged.

Looking at the build failure, it happens in paths involving libssh2:
  pgadmin/libssh2
  pgadmin/include/libssh2

Since this seemed like an embedded code copy, I've looked into libssh2
vs. openssl 1.1, and found this:
  https://github.com/libssh2/libssh2/pull/70/commits

I've applied both commits to openssl.{c,h} in pgadmin3 (need to patch
both of them manually since they are not in the same directory):
  
https://github.com/libssh2/libssh2/pull/70/commits/a62842a9275fe3d6ba4b67b7f01ab3f00d086f83
  
https://github.com/libssh2/libssh2/pull/70/commits/eb497bddd5f382ca1468d72c6cd3d804ca68afb5

(Add “.patch” at the end of the URL to get a raw patch.)

The build can then be resumed but fails later, possibly because patches
in libssh2 were incomplete or because openssl made more changes. I
didn't investigate at this point since it's clear that having embedded
code copies is awful already.
  https://wiki.debian.org/EmbeddedCodeCopies

I've briefly looked into configure.ac to see how library detection is
performed, and found out that the embedded libssh2 depends on openssl
being activated through ./configure; it's the default, but can be
switched off, to use libgcrypt instead. I've added two flags in
debian/rules, which made it possible to build the package. I didn't
update build-depends, and I didn't test a full build under cowbuilder or
sbuild, but that might be something that would help you keep pgadmin3 in
testing a bit longer. See attached source debdiff.

Please make sure to test your package extensively, I only checked it
builds with these settings; also feel free to reword the changelog entry
as you wish. :)


Denis, On a personal note: you did a very good job organizing this
Mini-DebConf, and an even better job getting people to look at your RC
bugs! ;)


KiBi.
diff -Nru pgadmin3-1.22.2/debian/changelog pgadmin3-1.22.2/debian/changelog
--- pgadmin3-1.22.2/debian/changelog	2016-11-15 09:39:41.0 +
+++ pgadmin3-1.22.2/debian/changelog	2017-11-19 02:01:11.0 +
@@ -1,3 +1,13 @@
+pgadmin3 (1.22.2-2) UNRELEASED; urgency=medium
+
+  * Work around the FTBFS with OpenSSL 1.1: pgadmin3 contains an embedded
+copy of the libssh2 library, which needs a few patches to support
+OpenSSL 1.1. Instead of cherry-picking patches for this embedded code
+copy, let's switch to libgcrypt which is an alternative to openssl
+according to the configure script.
+
+ -- Cyril Brulebois   Sun, 19 Nov 2017 02:01:11 +
+
 pgadmin3 (1.22.2-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru pgadmin3-1.22.2/debian/rules pgadmin3-1.22.2/debian/rules
--- pgadmin3-1.22.2/debian/rules	2016-01-11 12:03:17.0 +
+++ pgadmin3-1.22.2/debian/rules	2017-11-19 02:01:11.0 +
@@ -10,7 +10,9 @@
 		--infodir=\$${prefix}/share/info \
 		--disable-dependency-tracking \
 		--with-wx=/usr \
-		--with-wx-version=$(shell wx-config --release)
+		--with-wx-version=$(shell wx-config --release) \
+		--with-libgcrypt \
+		--without-openssl
 
 override_dh_auto_build:
 	$(MAKE) CFLAGS+="-g" CXXFLAGS+="-g"


signature.asc
Description: PGP signature

Processed: Re: Bug#859550: pgadmin3: Please migrate to openssl1.1 in buster

[Debian Bug Tracking System]

Processing control commands:

> tag -1 patch
Bug #859550 [src:pgadmin3] pgadmin3: Please migrate to openssl1.1 in buster
Added tag(s) patch.

-- 
859550: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859550
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: re: freevial: Please replace ttf-freefont by fonts-freefont-ttf in package dependencies

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 738224 serious
Bug #738224 [freevial] freevial: Please replace ttf-freefont by 
fonts-freefont-ttf in package dependencies
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
738224: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738224
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882107: python-django-compressor depends on obsolete transitional package.

[peter green]

Package: python-django-compression
Version: 2.2-3
Severity: serious

python-django-compressor depends on the obsolete transitional package 
python-appconf which is no longer built by python-django-appconf. Please update 
your dependency so that the obsolete transitional package can be decrufted.

Bug#882080: marked as done (debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 01:48:45 +
with message-id 
and subject line Bug#882080: fixed in debian-goodies 0.78
has caused the Debian Bug report #882080,
regarding debian-goodies: checkrestart from debian-goodies 0.77 finds no files 
to restart
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-goodies
Version: 0.77
Severity: normal

Dear Maintainer,

after updating debian-goodies to version 0.77, checkrestart does no longer find
anything to restart. I know it should find something, because I just updated
many packages including libc6.

I have temporarily downgraded debian-goodies to the previous version, run
checkrestart to get a realistic list of restartable packages, then upgraded and
run checkrestart again. Here is the log:


# dpkg -l | grep debian-goodies
ii  debian-goodies   0.76
all  Small toolbox-style utilities for Debian systems
# checkrestart | head -5
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
  Output information may be incomplete.
Found 167 processes using old versions of upgraded files
(84 distinct programs)
(59 distinct packages)

Of these, 3 seem to contain systemd service definitions or init scripts which
can be used to restart them.
# apt-# apt-get install debian-goodies
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  debian-goodies
1 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
Need to get 0 B/75.6 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
(Reading database ... 534943 files and directories currently installed.)
Preparing to unpack .../debian-goodies_0.77_all.deb ...
Unpacking debian-goodies (0.77) over (0.76) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up debian-goodies (0.77) ...
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB
localepurge: Disk space freed in /usr/share/gnome/help: 0 KiB
localepurge: Disk space freed in /usr/share/omf: 0 KiB

Total disk space freed by localepurge: 0 KiB

Scanning processes...
Scanning candidates...
Scanning linux images...
Restarting services...
Services being skipped:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart lightdm.service
 systemctl restart systemd-journald.service
 systemctl restart systemd-logind.service
 systemctl restart wicd.service
No containers need to be restarted.
User sessions running outdated binaries:
 pc @ session #862: atrild[20463], at-spi-bus-laun[19106], at-
spi2-registr[19113],
bash[621,19378,19379,19383,19386,19389,19392,19404,19410,19431,22685],
  clock-applet[8927], dbus-daemon[19073,24563], dbus-launch[19072,24558],
dconf-service[19124,24566], dirmngr[4883], explorer.exe[22465], firefox-
esr[19240],
  gconfd-2[19217], geany[14718], gnome-keyring-d[19045], gpg-agent[4905], gvfs-
afc-volume[19308], gvfsd[19092], gvfsd-computer[32168], gvfsd-dnssd[7148],
  gvfsd-fuse[19097], gvfsd-http[30723], gvfsd-metadata[20930], gvfsd-
network[7120], gvfsd-trash[19338], gvfs-goa-volume[19269], gvfs-
gphoto2-vo[19323],
  gvfs-mtp-volume[19328], gvfs-udisks2-vo[19198], hamster-service[8968],
hamster-time-tr[2924], lightdm[19024], man[22770], mate-dictionary[8924], mate-
netspeed-a[8921],
  mate-panel[8799], mate-screensave[21535], mate-session[19048], mate-
terminal[19232], mc[619,19282,30639], mocp[32478], msd-locate-poin[19459],
notification-ar[8926],
  plugplay.exe[22434], pulseaudio[19205], redshift-gtk[9038],
services.exe[22418], sh[19176], su[638,22684,26459], tracker-store[7225],
WebKitNetworkPr[4656,20683,20686,20690,20691,20692,20693,20694,20695,20696,20697,20698,20699,20700,20701,20703],
winedevice.exe[22422], wineserver64[22412],
  wnck-applet[8915], zeitgeist-fts[21487]
 pc @ user manager service: systemd[19033]
# apt-get i# apt-get install debian-goodies
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  debian-goodies
1 upgraded, 0 newly installed, 0 to remove and 9 not upgraded.
Need to get 0 B/75.6 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Retrieving bug reports... Done
Parsing Found/Fixed 

Processed: tagging 882080

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 882080 + pending
Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 
0.77 finds no files to restart
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#877197: marked as done (readline6 FTBFS with debhelper 10.9)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 00:58:12 +
with message-id 
and subject line Bug#877240: Removed package(s) from unstable
has caused the Debian Bug report #877197,
regarding readline6 FTBFS with debhelper 10.9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
877197: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877197
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: readline6
Version: 6.3-9
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/readline6.html

...
: # install rlfe
dh_installdirs -prlfe \
usr/bin usr/share/man/man1 \
usr/share/doc/rlfe
dh_installdirs: Requested unknown package rlfe via -p/--package, expected one 
of: libreadline6 lib64readline6 libreadline6-dbg lib32readline6
dh_installdirs: Compatibility levels before 9 are deprecated (level 5 in use)
cp -p /build/1st/readline6-6.3/build/examples/rlfe/rlfe debian/rlfe/usr/bin/.
cp: cannot create regular file 'debian/rlfe/usr/bin/.': No such file or 
directory
debian/rules:207: recipe for target 'install-stamp' failed
make: *** [install-stamp] Error 1
--- End Message ---
--- Begin Message ---
Version: 6.3-9+rm

Dear submitter,

as the package readline6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/877240

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#857297: marked as done (lib32readline6:s390x is an empty package)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 00:58:12 +
with message-id 
and subject line Bug#877240: Removed package(s) from unstable
has caused the Debian Bug report #857297,
regarding lib32readline6:s390x is an empty package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857297
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lib32readline6
Version: 6.3-9
Severity: grave
Justification: unintentionally empty package on a release architecture
User: helm...@debian.org
Usertags: rebootstrap

lib32readline6 is unintentionally empty on s390x. This happens due to a
mismatch between debian/control and debian/rules listing different
architecture sets for building 32bit libraries.

I guess lib32readline6 should simply go away.

Helmut
--- End Message ---
--- Begin Message ---
Version: 6.3-9+rm

Dear submitter,

as the package readline6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/877240

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Bug#840397: marked as done (stretch should not ship with readline6)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 00:58:12 +
with message-id 
and subject line Bug#877240: Removed package(s) from unstable
has caused the Debian Bug report #840397,
regarding stretch should not ship with readline6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
840397: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:readline6
Version: 6.3-9
Severity: serious
Tags: sid stretch

The package is replaced by the readline (7.0) source package and should not ship
with stretch.
--- End Message ---
--- Begin Message ---
Version: 6.3-9+rm

Dear submitter,

as the package readline6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/877240

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---

Processed: Re: Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart

[Debian Bug Tracking System]

Processing control commands:

> clone -1 -2
Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 
0.77 finds no files to restart
Bug 882080 cloned as bug 882104
> retitle -2 debian-goodies: "checkrestart -n" throws TypeError: a bytes-like 
> object is required, not 'str'
Bug #882104 [debian-goodies] debian-goodies: checkrestart from debian-goodies 
0.77 finds no files to restart
Changed Bug title to 'debian-goodies: "checkrestart -n" throws TypeError: a 
bytes-like object is required, not 'str'' from 'debian-goodies: checkrestart 
from debian-goodies 0.77 finds no files to restart'.
> severity -2 important
Bug #882104 [debian-goodies] debian-goodies: "checkrestart -n" throws 
TypeError: a bytes-like object is required, not 'str'
Severity set to 'important' from 'serious'
> submitter -2 RjY 
Bug #882104 [debian-goodies] debian-goodies: "checkrestart -n" throws 
TypeError: a bytes-like object is required, not 'str'
Changed Bug submitter to 'RjY ' from 'Andreas 
Schmidt '.

-- 
882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080
882104: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882104
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#872195: marked as done (tircd: fails to install: chown: cannot access '/var/lib/tircd': No such file or directory)

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 00:20:30 +
with message-id 
and subject line Bug#872195: fixed in tircd 0.30-4
has caused the Debian Bug report #872195,
regarding tircd: fails to install: chown: cannot access '/var/lib/tircd': No 
such file or directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
872195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tircd
Version: 0.30-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package tircd.
  (Reading database ... 
(Reading database ... 7634 files and directories currently installed.)
  Preparing to unpack .../archives/tircd_0.30-3_all.deb ...
  Unpacking tircd (0.30-3) ...
  Setting up tircd (0.30-3) ...
  chown: cannot access '/var/lib/tircd': No such file or directory
  dpkg: error processing package tircd (--configure):
   subprocess installed post-installation script returned error exit status 1
  Errors were encountered while processing:
   tircd


cheers,

Andreas


tircd_0.30-3.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: tircd
Source-Version: 0.30-4

We believe that the bug you reported is fixed in the latest version of
tircd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 872...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert  (supplier of updated tircd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 19 Nov 2017 00:32:25 +0100
Source: tircd
Binary: tircd
Architecture: source all
Version: 0.30-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Axel Beckert 
Description:
 tircd  - ircd proxy to the twitter API
Closes: 872195
Changes:
 tircd (0.30-4) unstable; urgency=medium
 .
   * QA upload.
   * Reintroduce debian/tircd.dirs for /var/lib/tircd/. It has been removed
 accidentally in 0.30-2. (Closes: #872195)
   * Declare compliance with Debian Policy 4.1.1.
   * Apply "wrap-and-sort -a".
   * Update upstream URL in Homepage header and debian/{copyright,watch} to
 point to GitHub instead of the static, outdated Google Code page.
   * Add dependency on lsb-base for /lib/lsb/init-functions.
   * Create tircd user with home directory /nonexistent.
   * Set "Rules-Requires-Root: no".
   * Add patch to fix spelling errors found by Lintian.
   * Convert debian/copyright to machine-readable DEP5 format.
Checksums-Sha1:
 ca5351cc9974edb94e58e0fc5010e0fdc401bbc5 1813 tircd_0.30-4.dsc
 db346fe7231f06d3e1ada8bb8634707fba33e392 6416 tircd_0.30-4.debian.tar.xz
 cc2b766091aab449468cabd43357f2d8cfaa3c45 32980 tircd_0.30-4_all.deb
 d6337c5afcc350b68cde858fc0f8ff3a543bcdbb 5284 tircd_0.30-4_amd64.buildinfo
Checksums-Sha256:
 7f56d9650311ed86dcc0cc1e612574272b2cf1611d80f9ca8f97726da24dc6f1 1813 
tircd_0.30-4.dsc
 a5f22a70186d35ca18986158fcc349dfd68e33e6a2e6bfb224c2284c9ecf6385 6416 
tircd_0.30-4.debian.tar.xz
 1910ab915be62c96019dc22f5f1152219b3ca59871cb867c0aea05cb51450473 32980 
tircd_0.30-4_all.deb
 c808c7134af5c3a8829d0cb15b2b5be202d685aab2c9cbb5c3fc3183fbce5df6 5284 
tircd_0.30-4_amd64.buildinfo
Files:
 039011b965d2e25ec4ae83dc05f66e55 1813 net optional tircd_0.30-4.dsc
 4727c519019f8137907556ee48834cce 6416 net optional tircd_0.30-4.debian.tar.xz
 008c63e4b27403479e9b24134ed3e46d 32980 net optional tircd_0.30-4_all.deb
 169914693e087dcc16e22eacc28211fe 5284 net optional tircd_0.30-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAloQwz0ACgkQa+Zjx1o1
yXVUAQ//a+bYdR1ikhATTrjJISLk7e133m1CItCxEpgnWxAeIgNZAAytb1dIy2Cu
UEnmJCUJxYzdYNT3+rwJnQeeZmYwD1Icisn4FoNt4ddhh7wA2ZCVD3U3RQuW99PF
NX+R+QE9VmVjfyxTfnf9caaCoTPG7kWgZk+tG8XAJrtd9kihFbKvsQVZUAmXLmQq

Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart

[Axel Beckert]

Control: clone -1 -2
Control: retitle -2 debian-goodies: "checkrestart -n" throws TypeError: a 
bytes-like object is required, not 'str'
Control: severity -2 important
Control: submitter -2 RjY 

Hi RjY,

RjY wrote:
> Just wanted to add I am also seeing this. Also wanted to note using
> checkrestart with -n (I wondered if not using lsof might produce
> different results) instead gave a python exception/backtrace.

Indeed, thanks for reporting it. But it's (very likely) a separate
issue, hence I'm cloning this bug report into a second one with
appropriate title, severity and submitter.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#871156: marked as done (pyfits: FTBFS: cc1: error: -Wformat-security ignored without -Wformat [-Werror=format-security])

[Debian Bug Tracking System]

Your message dated Sun, 19 Nov 2017 00:22:34 +
with message-id 
and subject line Bug#869858: Removed package(s) from unstable
has caused the Debian Bug report #871156,
regarding pyfits: FTBFS: cc1: error: -Wformat-security ignored without -Wformat 
[-Werror=format-security]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
871156: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871156
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pyfits
Version: 1:3.4-4
Severity: serious
Tags: buster sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20170805 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part (hopefully):
> x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall 
> -Wstrict-prototypes -fno-strict-aliasing -g -O2 
> -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat 
> -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC 
> -I/usr/lib/python2.7/dist-packages/numpy/core/include 
> -I/usr/include/python2.7 -c src/compressionmodule.c -o 
> build/temp.linux-amd64-2.7/src/compressionmodule.o 
> -Wno-declaration-after-statement -Wno-unused-variable -Wno-parentheses 
> -Wno-uninitialized -Wno-format -Wno-strict-prototypes -Wno-unused 
> -Wno-comments -Wno-switch
> cc1: error: -Wformat-security ignored without -Wformat 
> [-Werror=format-security]
> In file included from 
> /usr/lib/python2.7/dist-packages/numpy/core/include/numpy/ndarraytypes.h:1788:0,
>  from 
> /usr/lib/python2.7/dist-packages/numpy/core/include/numpy/ndarrayobject.h:18,
>  from 
> /usr/lib/python2.7/dist-packages/numpy/core/include/numpy/arrayobject.h:4,
>  from src/compressionmodule.c:97:
> /usr/lib/python2.7/dist-packages/numpy/core/include/numpy/npy_1_7_deprecated_api.h:15:2:
>  warning: #warning "Using deprecated NumPy API, disable it by " "#defining 
> NPY_NO_DEPRECATED_API NPY_1_7_API_VERSION" [-Wcpp]
>  #warning "Using deprecated NumPy API, disable it by " \
>   ^~~
> src/compressionmodule.c: In function 'get_header_string':
> src/compressionmodule.c:255:14: warning: assignment makes integer from 
> pointer without a cast [-Wint-conversion]
>  *val = def;
>   ^
> cc1: some warnings being treated as errors
> building optional extension "pyfits.compression" failed: command 
> 'x86_64-linux-gnu-gcc' failed with exit status 1
> 
> 
> Failed to build PyFITS tile compression support.  PyFITS will still
> function, but without the ability to read or write compressed images.
> Please seek support from h...@stsci.edu if you need this capability.
> !
> running build_scripts
> creating build/scripts-2.7
> copying and adjusting scripts/fitscheck -> build/scripts-2.7
> copying and adjusting scripts/fitsdiff -> build/scripts-2.7
> copying and adjusting scripts/fitshead -> build/scripts-2.7
> changing mode of build/scripts-2.7/fitscheck from 664 to 775
> changing mode of build/scripts-2.7/fitsdiff from 664 to 775
> changing mode of build/scripts-2.7/fitshead from 664 to 775
> I: pybuild base:184: /usr/bin/python3.6 setup.py build 
> running build
> running build_py
> creating /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/file.py -> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/card.py -> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/verify.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/_numpy_hacks.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/py3compat.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/header.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/core.py -> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/_release.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/__init__.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/column.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/util.py -> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/convenience.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/version.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/diff.py -> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> copying pyfits/fitsrec.py -> 
> /<>/.pybuild/pythonX.Y_3.6/build/pyfits
> creating /<>/.pybuild/pythonX.Y_3.6/build/pyfits/_compat
> copying 

Processed: severity of 882103 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 882103 grave
Bug #882103 [python-pkg-resources] python-pkg-resources: crashing with 
"ImportError: No module named load_entry_point"
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882088: libicu-le-hb-dev: fails to upgrade from 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc

[GCS]

Control: severity -1 important

On Sat, Nov 18, 2017 at 10:06 PM, Andreas Beckmann  wrote:
> Package: libicu-le-hb-dev
[...]
> during a test with piuparts I noticed your package fails to upgrade from
> 'sid' to 'experimental'.
 libicu-le-hb-dev was never part of Sid and strictly speaking it can't
fail to upgrade from Sid to experimental.

> It installed fine in 'sid', then the upgrade to 'experimental' fails
> because it tries to overwrite other packages files without declaring a
> Breaks+Replaces relation.
 No, it was never installed fine in Sid and this is expected at this
time. Please see the log that you attached to your report:
"The following NEW packages will be installed:
[...]
libicu-le-hb-dev libmpdec2 libmpfr4 libpcre16-3 libpcre3-dev libpcre32-3
[...]"

It's a newly installed package, not an upgrade.

> See policy 7.6 at
> https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
 Thanks, I know the policy. Please note that experimental is not a
full suite by itself - but a test bed for a coming transition where
the pkg-config file will be handled. The replace handling in this case
the worst solution.
Then, please at least send valid URLs. The mentioned part of the
Policy lives at a different URL[1].

Thanks,
Laszlo/GCS
[1] 
https://www.debian.org/doc/debian-policy/#overwriting-files-and-replacing-packages-replaces

Processed: Re: Bug#882088: libicu-le-hb-dev: fails to upgrade from 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc

[Debian Bug Tracking System]

Processing control commands:

> severity -1 important
Bug #882088 [libicu-le-hb-dev] libicu-le-hb-dev: fails to upgrade from 'sid' - 
trying to overwrite /usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc
Severity set to 'important' from 'serious'

-- 
882088: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882088
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882100: kgoldrunner: File conflict with kde-l10n-de

[Sandro Knauß]

Package: kgoldrunner
Version: 4:17.08.3-1
Severity: grave
Justification: renders package unusable

Hey,

there is a file conflict with kde-l10n-de 4:17.04.3-1, so it needs to Breaks 
with that:

dpkg: error processing archive
/tmp/apt-dpkg-install-AL96il/23-kgoldrunner_4%3a17.08.3-1_amd64.deb
(--unpack):
 trying to overwrite '/usr/share/locale/de/LC_MESSAGES/kgoldrunner.mo',
 which is also in package kde-l10n-de 4:17.04.3-1
 dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)

Best regards,

hefee

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kgoldrunner depends on:
ii  kde-runtime   4:16.08.3-2
ii  libc6 2.25-1
ii  libkdecore5   4:4.14.36-1
ii  libkdegames6abi1  4:14.12.3-2
ii  libkdeui5 4:4.14.36-1
ii  libqtcore44:4.8.7+dfsg-11
ii  libqtgui4 4:4.8.7+dfsg-11
ii  libstdc++67.2.0-16

Versions of packages kgoldrunner recommends:
ii  khelpcenter  4:16.08.3-1

kgoldrunner suggests no packages.

-- no debconf information

Bug#877206: working on a fix

[Brian Warner]

(upstream author here)

Sorry folks, I didn't realize this problem was so bad. I haven't seen a
bug filed about this on https://foolscap.lothar.com/trac/ or
https://github.com/warner/foolscap/issues , but I just saw email from
the Ubuntu bugtracker because I'm subscribed to Tahoe-LAFS changes, and
the FTBFS bug is threatening to remove Tahoe too (because of the
dependency). When I checked my nightly buildbot job, it looks like the
problem has been happening since exactly the Twisted-17.9.0 release, but
I hadn't noticed (I don't have any sorts of notifications on that
buildbot). It hasn't been affecting our Tahoe unit tests.

Let me see if I can find a fix this weekend, and make a new release. It
looks like Failures are no longer pickleable, which we do in a logging
routine that's exercised by those tests. I've been meaning to replace
that logging with a JSON-based serialization scheme.. I guess it's time
to accelerate that project.

cheers,
 -Brian

Bug#876462: marked as done (otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:21:22 +
with message-id 
and subject line Bug#876462: fixed in otrs2 3.3.18-1+deb8u1
has caused the Debian Bug report #876462,
regarding otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876462
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: otrs2
Version: 3.3.9-3
Severity: grave
Tags: upstream security

Hi,

the following vulnerability was published for otrs2.

CVE-2017-14635[0]:
| In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before
| 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage
| statistics-write permissions to gain privileges via code injection.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14635
[1] 
https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/

Unfortunately the patches are not referenced, so must be researched in
the repository.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: otrs2
Source-Version: 3.3.18-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi  (supplier of updated otrs2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 06 Nov 2017 15:08:08 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi 
Changed-By: Patrick Matthäi 
Description:
 otrs   - Open Ticket Request System (OTRS 3)
 otrs2  - Open Ticket Request System
Closes: 767517 772287 876462
Changes:
 otrs2 (3.3.18-1+deb8u1) jessie-security; urgency=high
 .
   * New upstream release.
 - Refresh patches 03-backup, 04-opt, 05-database, 06-no-installer,
   09-disable-DashboardProductNotify,
   10-nice-packagemanager-permissions-message, 12-use-debian-libjs-packages,
   13-load-debian-libjs, 14-font-paths and 15-dbupdate-as-root.
 - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
   logged into OTRS as an agent with write permissions for statistics can
   inject arbitrary code into the system. This can lead to serious problems
   like privilege escalation, data loss, and denial of service.
   Closes: #876462
 .
 otrs2 (3.3.11-1) experimental; urgency=low
 .
   * New upstream release.
 - Fixes CVE-2014-9324, also known as OSA-2014-06.
 - Refresh hunky patch 03-backup.
 - Refresh hunky patch 07-dont-chown-links.
 - Refresh hunky patch 10-nice-packagemanager-permissions-message.
 - Refresh hunky patch 11-fix-SetPermissions-to-include-some-more-dirs.
   * Watch again all releases.
   * Do not install auto_build.sh.
 Closes: #772287
   * Merge 3.3.9-3 changelog.
 .
 otrs2 (3.3.10-1) experimental; urgency=low
 .
   * New upstream release.
 - Refresh hunky patch 03-backup.
 - non-free flash files have been removed.
 - Remove an extra license file.
   * Move database servers from recommends to suggest and add Postgres and MySQL
 clients to recommends.
 Closes: #767517
Checksums-Sha1:
 a04254e17e91dca322d0ad7019b86d3c69844abc 1820 otrs2_3.3.18-1+deb8u1.dsc
 7f45cf5336e9ce5d507a935241f042bdfdf85845 21067692 otrs2_3.3.18.orig.tar.bz2
 815c7827d646406c29c321c9311a3141a31c0dff 39624 
otrs2_3.3.18-1+deb8u1.debian.tar.xz
 90f8d6efeb034cbe256f8c0da483cfd90382dc27 5644062 otrs2_3.3.18-1+deb8u1_all.deb
 4efbbaa190282da9c7e17ffe473650dfa9a4a2bb 188306 otrs_3.3.18-1+deb8u1_all.deb
Checksums-Sha256:
 31c34d7910e1748f409656275a7b8d298ad2415e445f870e90993af21658f9b1 

Processed: tagging 872195, found 872195 in 0.30-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 872195 + pending
Bug #872195 [tircd] tircd: fails to install: chown: cannot access 
'/var/lib/tircd': No such file or directory
Added tag(s) pending.
> found 872195 0.30-2
Bug #872195 [tircd] tircd: fails to install: chown: cannot access 
'/var/lib/tircd': No such file or directory
Marked as found in versions tircd/0.30-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
872195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#878402: marked as done (Security fixes from the October 2017 CPU)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:21:00 +
with message-id 
and subject line Bug#878402: fixed in mysql-5.5 5.5.58-0+deb8u1
has caused the Debian Bug report #878402,
regarding Security fixes from the October 2017 CPU
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mysql-5.5
Version: 5.5.57-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for October 2017 will be released on  
Tuesday, October 17. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.5.58.

The CVE numbers will be available when the CPU is released.

Regards,

Norvald H. Ryeng

[1] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
--- End Message ---
--- Begin Message ---
Source: mysql-5.5
Source-Version: 5.5.58-0+deb8u1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Tangvald  (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 17 Oct 2017 10:20:55 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev 
mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 
mysql-server mysql-client mysql-testsuite mysql-testsuite-5.5 mysql-source-5.5
Architecture: all source
Version: 5.5.58-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian MySQL Maintainers 
Changed-By: Lars Tangvald 
Closes: 878402
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest 
versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest 
versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite - MySQL testsuite
 mysql-testsuite-5.5 - MySQL testsuite
Changes:
 mysql-5.5 (5.5.58-0+deb8u1) jessie-security; urgency=high
 .
   * Imported upstream version 5.5.58 to fix security issues:
 - 
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
 (Closes: #878402)
Checksums-Sha1: 
 8b0d577702148b3e6c298f8419382c20ff1dd55a 3262 mysql-5.5_5.5.58-0+deb8u1.dsc
 37be5e6203e4c5c1b3095d714cc9800b11df 21045852 mysql-5.5_5.5.58.orig.tar.gz
 6e5c8b23b0ceadd2b8ddc4db55d3bf63bb462a06 232788 
mysql-5.5_5.5.58-0+deb8u1.debian.tar.xz
 311286037d38414f77a463e662b92f1592e51fac 78622 
mysql-common_5.5.58-0+deb8u1_all.deb
 02e8aa31c8957d7ce0dde5fd60c4ab31d17da02c 76970 
mysql-server_5.5.58-0+deb8u1_all.deb
 6476e2514c63d3263d207f98dc39719f92869b7a 76836 
mysql-client_5.5.58-0+deb8u1_all.deb
 4f477947f969fd7b60d4cfbfc571e90a7f83c198 76812 
mysql-testsuite_5.5.58-0+deb8u1_all.deb
Checksums-Sha256: 
 5759120be94cf618f8a04595f4c3f82b3d9933c403be6b8b6f567580933f0bd0 3262 
mysql-5.5_5.5.58-0+deb8u1.dsc
 9b6912faf261555c8975db24a987f63f36aaa28052a301e85538346ace0009b9 21045852 
mysql-5.5_5.5.58.orig.tar.gz
 f1cb1bc0763628a0c076520677a5cac658b8b0b7811d0af1d99433b12a272062 232788 
mysql-5.5_5.5.58-0+deb8u1.debian.tar.xz
 0e802b0e131161e97745b304c46b10b87940eacdf8f7bff9fdd270baa44176ba 78622 
mysql-common_5.5.58-0+deb8u1_all.deb
 167881d7154ceef24f28f28ee5ddbca7b578bf42661af21f4cfb71f51b771f13 76970 
mysql-server_5.5.58-0+deb8u1_all.deb
 

Bug#879055: marked as done (mupdf: CVE-2017-15587)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:20:55 +
with message-id 
and subject line Bug#879055: fixed in mupdf 1.5-1+deb8u3
has caused the Debian Bug report #879055,
regarding mupdf: CVE-2017-15587
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mupdf
Version: 1.5-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698605

Hi,

the following vulnerability was published for mupdf.

CVE-2017-15587[0]:
| An integer overflow was discovered in pdf_read_new_xref_section in
| pdf/pdf-xref.c in Artifex MuPDF 1.11.

base64 encoded reproducer for verifying:

JVBERi0wMDAwMDAgMCBvYmo8PC9bXS9JbmRleFsyMTQ3NDgzNjQ3IDFdLyAwIDAgUi8gMC9TaXpl
IDAvV1tdPj5zdHJlYW0Nc3RhcnR4cmVmMTAK

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
[1] https://bugs.ghostscript.com/show_bug.cgi?id=698605
[2] 
http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
[3] https://nandynarwhals.org/CVE-2017-15587/

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mupdf
Source-Version: 1.5-1+deb8u3

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello  (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 10 Nov 2017 12:20:25 -0500
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.5-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Kan-Ru Chen (陳侃如) 
Changed-By: Luciano Bello 
Description:
 libmupdf-dev - development files for the MuPDF viewer
 mupdf  - lightweight PDF viewer
 mupdf-tools - commmand line tools for the MuPDF viewer
Closes: 879055
Changes:
 mupdf (1.5-1+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-15587: Integer overflow was discovered in
 pdf_read_new_xref_section (Closes: #879055)
Checksums-Sha1:
 6478d5012dfbacad1a26c7c8ebb55ca77dfcc062 2126 mupdf_1.5-1+deb8u3.dsc
 9945ebc124497fbbe684246f1ffabc067a677338 28200 mupdf_1.5-1+deb8u3.debian.tar.xz
 31a8179e4396aa3153619861b29fc1159da4f4be 3465410 
libmupdf-dev_1.5-1+deb8u3_amd64.deb
 7bf5917d850f38e644ca4f2d2b9551cc63959ba8 3415534 mupdf_1.5-1+deb8u3_amd64.deb
 61b7eef1d31a360ed3860ae012768f8816a92472 3578254 
mupdf-tools_1.5-1+deb8u3_amd64.deb
Checksums-Sha256:
 6cdf0d7798aecbac0482f83911a705c181b81de32596fbf417cc82070002017e 2126 
mupdf_1.5-1+deb8u3.dsc
 0a449a0fb49dd015673ff4a03b44e7d29a53f1753ca2adbf10057cc477689ec5 28200 
mupdf_1.5-1+deb8u3.debian.tar.xz
 ed710d3080b1ac2c6497ab79b9979df163cbb39220adc5cfb459cef06b069a23 3465410 
libmupdf-dev_1.5-1+deb8u3_amd64.deb
 1ce9c5d3072bb8a3b1a1a5efed4c8df4a0d0472c5ddfc6f92e2af2d0c40d 3415534 
mupdf_1.5-1+deb8u3_amd64.deb
 a844db1161ac8bb35d274f9e6f2c7d7bd57cd769df43c3ef00c36a16d08c177a 3578254 
mupdf-tools_1.5-1+deb8u3_amd64.deb
Files:
 8f74c9c6b94c6f84fbf8142fd0f6f0d7 2126 text optional mupdf_1.5-1+deb8u3.dsc
 4dc931340e6e243a113ca40d15ead2da 28200 text optional 
mupdf_1.5-1+deb8u3.debian.tar.xz
 3ec733666419112ee3d0274416130081 3465410 libdevel optional 
libmupdf-dev_1.5-1+deb8u3_amd64.deb
 8b828d1a312bce82aaa634ecc766fc06 3415534 text optional 
mupdf_1.5-1+deb8u3_amd64.deb
 2fa3122bc3a1f52b7829a232ebf2142f 3578254 text optional 
mupdf-tools_1.5-1+deb8u3_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAloGB5wACgkQbsLe9o/+
N3Q2Kg/+M5IxteD3gOGyl15p02HImYuDSHm2touj0Z1j84WKZuQtvp/zvDoS5t36

Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart

[RjY]

Just wanted to add I am also seeing this. Also wanted to note using
checkrestart with -n (I wondered if not using lsof might produce
different results) instead gave a python exception/backtrace.

--

% sudo lsof -n | grep -E 'DEL|deleted' | grep /lib/
mpv2765rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv2765rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
mpv/termi  2765  2769  rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv/termi  2765  2769  rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
mpv/lua2765  2770  rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv/lua2765  2770  rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
mpv/cache  2765  2774  rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv/cache  2765  2774  rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
mpv/demux  2765  2775  rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv/demux  2765  2775  rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
mpv/ao 2765  2778  rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
mpv/ao 2765  2778  rjy  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
inetd  3864   root  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
sshd   3871   root  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
login  4085   root  DEL   REG8,2
 3014687 /lib/x86_64-linux-gnu/security/pam_systemd.so
apt9909rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
systemd   21060rjy  txt   REG8,2  
16657602886230 /lib/systemd/systemd (deleted)
systemd   21060rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
systemd   21060rjy  DEL   REG8,2
 2883762 /lib/systemd/libsystemd-shared-235.so
(sd-pam   21061rjy  txt   REG8,2  
16657602886230 /lib/systemd/systemd (deleted)
(sd-pam   21061rjy  DEL   REG8,2
 3014687 /lib/x86_64-linux-gnu/security/pam_systemd.so
(sd-pam   21061rjy  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
(sd-pam   21061rjy  DEL   REG8,2
 2883762 /lib/systemd/libsystemd-shared-235.so
dbus-daem 29391 messagebus  DEL   REG8,2
 2883608 /lib/x86_64-linux-gnu/libsystemd.so.0.19.1
systemd-l 29392   root  txt   REG8,2   
2192722886245 /lib/systemd/systemd-logind (deleted)
systemd-l 29392   root  DEL   REG8,2
 2883672 /lib/x86_64-linux-gnu/libudev.so.1.6.7
systemd-l 29392   root  DEL   REG8,2
 2883762 /lib/systemd/libsystemd-shared-235.so

% sudo checkrestart
Found 0 processes using old versions of upgraded files

% sudo checkrestart -n
Traceback (most recent call last):
  File "/usr/sbin/checkrestart", line 798, in 
main()
  File "/usr/sbin/checkrestart", line 157, in main
toRestart = procfilescheck(blacklist = blacklist, excludepidlist = 
excludepidlist)
  File "/usr/sbin/checkrestart", line 435, in procfilescheck
data = re.split('\s+', output.strip('\n'), 3)
TypeError: a bytes-like object is required, not 'str'

-- 
https://rjy.org.uk/

Bug#879474: marked as done (quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:21:36 +
with message-id 
and subject line Bug#879474: fixed in quagga 0.99.23.1-1+deb8u4
has caused the Debian Bug report #879474,
regarding quagga-bgpd: CVE-2017-16227: BGP session termination due to rather 
long AS paths in update messages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: quagga-bgpd
Version: 1.1.1-3
Severity: important
Tags: security upstream

Dear Maintainer,

there is a longstanding bug in quagga where certain BGP update messages
cause a quagga bgpd to drop a session, possibly resulting in loss of
network connectivity.


Details:

Long paths in update messages are segmented in BGP, and the bug is in
the recalculation of the framing information if there are more than two
segments. The resulting data is invalid but will will be used for
redistribution. At least if the receiver is another quagga bgpd, that
message is rejected, eventually resulting in a BGP session termination.

The receiver's log (if written) contains an error message like
| BGP: 172.23.97.181: BGP type 2 length 3074 is too large, attribute total 
length is 2069.  attr_endp is 0x562feb368121.  endp is 0x562feb367d2c
then.

So if a site's BGP peers all run quagga, that site will lose network
connectivity due to frequent session termination. Additionally, the
repeated initial full table transfer will result in a significantly
bigger network load, I've seen around 1 MByte/sec/link, compared to
usually less than one 1 kbyte/sec/link.

Such extremely long AS paths have occured in the global BGP table at
least four times since June. Last time started on Oct 13th around 20:43
UTC and lasted until the following week.

All versions of quagga in Debian are affected.


How to fix:

Kudos to Andreas Jaggi who identified the bug and provided a fix[1].
After some hours of work I was able to reproduce the issue and can
confirm this patch resolves the issues for all versions of quagga in
Debian (wheezy, jessie, stretch = buster = sid). Details about the
setup available upon request, it's just some stuff to write down.


In my opinion this is serious enough to justify a security upload. If
stable security disagrees, please fix this in the next stable point
release.

Regards,
Christoph

[1] https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html

http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008



signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: quagga
Source-Version: 0.99.23.1-1+deb8u4

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 30 Oct 2017 06:38:36 +0100
Source: quagga
Binary: quagga quagga-dbg quagga-doc
Architecture: all source
Version: 0.99.23.1-1+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Christian Hammers 
Changed-By: Salvatore Bonaccorso 
Closes: 879474
Description: 
 quagga - BGP/OSPF/RIP routing daemon
 quagga-dbg - BGP/OSPF/RIP routing daemon (debug symbols)
 quagga-doc - documentation files for quagga
Changes:
 quagga (0.99.23.1-1+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227)
 (Closes: #879474)
Checksums-Sha1: 
 7a5ccdd7208ba03181cea4a379d599f14245376a 2335 quagga_0.99.23.1-1+deb8u4.dsc
 5d2f4e1c0afee677e607c35ce42d26da37cff9e6 39536 
quagga_0.99.23.1-1+deb8u4.debian.tar.xz
 01dfd91b08b445e3e46fe90dccfc9cee1cd494a7 907776 
quagga-doc_0.99.23.1-1+deb8u4_all.deb
Checksums-Sha256: 
 597a3623f5dda14bd27f278834c9e983c03dc7166f885b299fefffbc35db69e6 2335 

Bug#879521: marked as done (irssi: multiple vulnerabilities fixed in irssi 1.0.5)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:55 +
with message-id 
and subject line Bug#879521: fixed in irssi 0.8.17-1+deb8u5
has caused the Debian Bug report #879521,
regarding irssi: multiple vulnerabilities fixed in irssi 1.0.5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879521
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: irssi
Severity: grave
Tags: security
Justification: user security hole

Hi,

irssi 1.0.5 has been released, fixing multiple vulnerabilities

(a) When installing themes with unterminated colour formatting
sequences, Irssi may access data beyond the end of the
string. (CWE-126) Found by Hanno Böck.

CVE-2017-15228 was assigned to this issue.

(b) While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state
later on. Found by Joseph Bisch. (CWE-416 caused by CWE-672)

CVE-2017-15227 was assigned to this issue.

(c) Certain incorrectly formatted DCC CTCP messages could cause NULL
pointer dereference. Found by Joseph Bisch. This is a separate,
but similar issue to CVE-2017-9468. (CWE-690)

CVE-2017-15721 was assigned to this issue.

(d) Overlong nicks or targets may result in a NULL pointer dereference
while splitting the message. Found by Joseph Bisch. (CWE-690)

CVE-2017-15723 was assigned to this issue.

(e) In certain cases Irssi may fail to verify that a Safe channel ID
is long enough, causing reads beyond the end of the string. Found
by Joseph Bisch. (CWE-126)

CVE-2017-15722 was assigned to this issue.

Can you prepare updates for sid, stretch and jessie (please coordinate with 
security team at t...@security.debian.org for the latter two)? Please add CVE 
numbers to the changelog so we can track them easily.

Regards,
-- 
Yves-Alexis
Debian security team

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), 
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: irssi
Source-Version: 0.8.17-1+deb8u5

We believe that the bug you reported is fixed in the latest version of
irssi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated irssi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 01 Nov 2017 22:57:01 +0100
Source: irssi
Binary: irssi irssi-dbg irssi-dev
Architecture: source
Version: 0.8.17-1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Rhonda D'Vine 
Changed-By: Salvatore Bonaccorso 
Closes: 867598 879521
Description: 
 irssi  - terminal based IRC client
 irssi-dbg  - terminal based IRC client (debugging symbols)
 irssi-dev  - terminal based IRC client - development files
Changes:
 irssi (0.8.17-1+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address IRSSI-SA-2017-07.
 - CVE-2017-10965: NULL pointer dereference when receiving messages
   with invalid timestamp.
 - CVE-2017-10966: Use after free after nicklist structure has been
   corrupted while updating a nick group.
 (Closes: #867598)
   * Address IRSSI-SA-2017-10.
 - CVE-2017-15228: Unterminated colour formatting sequences may cause
   data access beyond the end of the buffer.
 - CVE-2017-15227: Failure to remove destroyed channels from
   the query list while waiting for the channel synchronisation
   may result in use after free conditions when updating the
  

Bug#878507: marked as done (imagemagick: CVE-2017-13769)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#878507: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #878507,
regarding imagemagick: CVE-2017-13769
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/705

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13769[0]:
| The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick
| through 7.0.6-10 allows an attacker to cause a denial of service
| (buffer over-read) by sending a crafted JPEG file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13769
[1] https://github.com/ImageMagick/ImageMagick/issues/705

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface 

Bug#879001: marked as done (CVE-2017-12197: libpam4j: Account check bypass)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:19:23 +
with message-id 
and subject line Bug#879001: fixed in libpam4j 1.4-2+deb8u1
has caused the Debian Bug report #879001,
regarding CVE-2017-12197: libpam4j: Account check bypass
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libpam4j
Version: 1.4-2
Severity: grave
Tags: security

Hi,

the following vulnerability was published for libpam4j.

CVE-2017-12197[0]: libpam4j: Account check bypass

PAM.authentication() does not call pam_acct_mgmt(). As a consequence, the
PAM account is not properly verified. Any user with a valid password but
with deactivated or disabled account is able to log in.

https://bugzilla.redhat.com/show_bug.cgi?id=1503103

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197

Please adjust the affected versions in the BTS as needed.



-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---
Source: libpam4j
Source-Version: 1.4-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libpam4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated libpam4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 13:40:55 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
 It was discovered that libpam4j does not call pam_acct_mgmt().
 As a consequence, the PAM account is not properly
 verified. Any user with a valid password but with deactivated or
 disabled account was able to log in.
Checksums-Sha1:
 105d9b87b0572ff220531668a544997812788ac6 2288 libpam4j_1.4-2+deb8u1.dsc
 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
 2500657ab3ebc3545fa6d3e45feac626a6e8c3e6 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 2c0ed786161a14cab91cf296adc0c076ca7827d9 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 618779d577c23c5dd835c339013955f2024d7a11 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Checksums-Sha256:
 5fae6bbd99b2cf248270243c6cec0d56e740d618c75bc24032555b20af4c175c 2288 
libpam4j_1.4-2+deb8u1.dsc
 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 
libpam4j_1.4.orig.tar.gz
 7614b9fab4a0102f6dd2a30ed6d76781aea31955f35839513c4a858a06307dc2 4980 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 f7fa3cea0a66abaa813daab57eb3be02de07bd23d2a21049699ab0b1c2a77c7d 14868 
libpam4j-java_1.4-2+deb8u1_all.deb
 82920e6410269ca366f4dc17d8c38701fff12abe14a7721b68adbc3afd2e42d9 129648 
libpam4j-java-doc_1.4-2+deb8u1_all.deb
Files:
 e8fbbb11541dce6adc63149f509dbcf4 2288 java optional libpam4j_1.4-2+deb8u1.dsc
 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
 33b0e775cee4e845cb9e45e42e5b7865 4980 java optional 
libpam4j_1.4-2+deb8u1.debian.tar.xz
 8d3f16b7266b1a7e1f2ad5413252811b 14868 java optional 
libpam4j-java_1.4-2+deb8u1_all.deb
 8b6f74c2a9b50b6ed9071b4c83a9121f 129648 doc optional 
libpam4j-java-doc_1.4-2+deb8u1_all.deb

-BEGIN PGP SIGNATURE-

Bug#880116: marked as done (CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:17:26 +
with message-id 
and subject line Bug#880116: fixed in bchunk 1.2.0-12+deb8u1
has caused the Debian Bug report #880116,
regarding CVE-2017-15953 / CVE-2017-15954 / CVE-2017-15955
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
880116: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bchunk
Severity: grave
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: bchunk
Source-Version: 1.2.0-12+deb8u1

We believe that the bug you reported is fixed in the latest version of
bchunk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated bchunk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 08 Nov 2017 19:41:33 +0100
Source: bchunk
Binary: bchunk
Architecture: source amd64
Version: 1.2.0-12+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Praveen Arimbrathodiyil 
Changed-By: Markus Koschany 
Description:
 bchunk - CD image format conversion from bin/cue to iso/cdr
Closes: 880116
Changes:
 bchunk (1.2.0-12+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955.
 bchunk was vulnerable to a heap-based buffer overflow with an resultant
 invalid free when processing a malformed CUE (.cue) file that may lead to
 the execution of arbitrary code or a application crash. (Closes: #880116)
Checksums-Sha1:
 81aebe5683cd802defc06114a2078eadd3315718 1992 bchunk_1.2.0-12+deb8u1.dsc
 54309a79f5e90d845d836cad901ca5f0a8cd5184 5440 
bchunk_1.2.0-12+deb8u1.debian.tar.xz
 17bb2d6fc9b36ec88862ac903ad47d4c80aab8a4 13864 bchunk_1.2.0-12+deb8u1_amd64.deb
Checksums-Sha256:
 12114df1896dcb4b983641700cf7c6a8cbc9912bbae982970a2a5bbcf5b9650c 1992 
bchunk_1.2.0-12+deb8u1.dsc
 4675cb7b566b514e0fb2b7b5a1cf7b77df7443f22f7dd3eccd178fcffbf8161e 5440 
bchunk_1.2.0-12+deb8u1.debian.tar.xz
 420d6352929d09aaa632a1168e60c39f93593d36cc4023ca52198f919d3ec463 13864 
bchunk_1.2.0-12+deb8u1_amd64.deb
Files:
 6e3c98ec0c298aaa6a78de8af0ccd9f7 1992 otherosfs optional 
bchunk_1.2.0-12+deb8u1.dsc
 46e56c811a30bbdbf839d9a2c80c07e2 5440 otherosfs optional 
bchunk_1.2.0-12+deb8u1.debian.tar.xz
 1043ffd19658501b4ec84ab583d1a400 13864 otherosfs optional 
bchunk_1.2.0-12+deb8u1_amd64.deb

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloEVgxfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkebgP/1oddsoozMfNnHme2Lk1TF09gX6TaEQA00fx
98FuPGuv17Wd/qO/WXPiflTrz/HiiEwHwfl5HHfMZBxKjTp409rIgnR+NIvkvD/K
KFteObQQ+bwGB/Zth6KoRISHe9nhPyPp5L+YK4uc5s0qjWjZNzjWOtwUtBklNZvb
dfvR+7RC8ITNjA4PJ9WFl4+fmJuuwgaYRltjxURLOhMI3AJBCMj20lU9h2+9c9YD
VuRj8hXIybSo1K6mgJHnbxvoCgEqqaZrk86JgAw7oWyd9dTUxyeARpttm9Zlzi3q
ePBWZcLc055n/cuSrJ5Pyg+8eFLaQxTr4MBPrie5T+4tp9StHR57BzGrM1BktqeE
6Ul8wtvMHxlLx7dFu8tD0fNth88X0xIdHEhPjlagCpC0aAUBt1Z9laXu+aTPqCaj
vQrTpKJP99o3qrzgKY6zutie9+ItMcbthVh3UYAyL8k/VcICrJVk+q7/7TdwujAG
jHJvBkO9CJS2q9aIMfY9Xhd+vUT8w3Z1zM0ZoiGLXYUP3Ur6DweExxOKYWez6rG3
btfVU6udQVAh53Q8yR19mYvlzu33VrIgzGlaqoxeii22aR6oPajMiyACsOugzrf0
xQ1k2kKKvdyvFWjeknNC7kd46ejEcZmVim8CFIvLqaETlmAUTj58rmX/q098Hp0h
6zBLBprH
=blqQ
-END PGP SIGNATURE End Message ---

Bug#878508: marked as done (imagemagick: CVE-2017-13758)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#878508: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #878508,
regarding imagemagick: CVE-2017-13758
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878508
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13758[0]:
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the
| TracePoint() function in MagickCore/draw.c.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13758
[1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package

Bug#878562: marked as done (imagemagick: CVE-2017-14989)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#878562: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #878562,
regarding imagemagick: CVE-2017-14989
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.8.9.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/781

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14989[0]:
| A use-after-free in RenderFreetype in MagickCore/annotate.c in
| ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a
| crafted font file, because the FT_Done_Glyph function (from FreeType 2)
| is called at an incorrect place in the ImageMagick code.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989
[1] https://github.com/ImageMagick/ImageMagick/issues/781

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - 

Bug#878578: marked as done (imagemagick: CVE-2017-15277)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:46 +
with message-id 
and subject line Bug#878578: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #878578,
regarding imagemagick: CVE-2017-15277
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878578
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/592

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-15277[0]:
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick
| 1.3.26 leaves the palette uninitialized when processing a GIF file that
| has neither a global nor local palette. If the affected product is used
| as a library loaded into a process that operates on interesting data,
| this data sometimes can be leaked via the uninitialized palette.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277
[1] https://github.com/ImageMagick/ImageMagick/issues/592

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 

Bug#878527: marked as done (imagemagick: CVE-2017-14607)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#878527: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #878527,
regarding imagemagick: CVE-2017-14607
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/765

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14607[0]:
| In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to
| ReadTIFFImage has been reported in coders/tiff.c. An attacker could
| possibly exploit this flaw to disclose potentially sensitive memory or
| cause an application crash.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14607
[1] https://github.com/ImageMagick/ImageMagick/issues/765

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition 

Bug#876488: marked as done (imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken())

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#876488: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #876488,
regarding imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876488
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: grave
Tags: upstream security patch
Forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14682[0]:
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote
| attackers to cause a denial of service (heap-based buffer overflow and
| application crash) or possibly have unspecified other impact via a
| crafted SVG document, a different vulnerability than CVE-2017-10928.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14682
[1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726
[2] 
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation 

Bug#869728: marked as done (imagemagick: CVE-2017-13144)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#869728: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #869728,
regarding imagemagick: CVE-2017-13144
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
869728: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: src:imagemagick
Version: 8:6.9.7.4+dfsg-12
Severity: serious
Tags: security upstream
X-Debbugs-CC: t...@security.debian.org
control: found -1 8:6.8.9.9-5+deb8u8
control: found -1 8:6.8.9.9-5+deb8u9
control: found -1 8:6.7.7.10-5+deb7u14
control: found -1 8:6.7.7.10-5+deb7u4
forwarded:  
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31438

Avoid a crash for mpc coder
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 869...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 
876488 878507 878508 878527 878562 878578 881392
Changes:
 imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
 .
   * Multiple security fixes
 CVE-2017-12983 (Closes: #873134)
 CVE-2017-13134 (Closes: #873099)
 CVE-2017-13769 (Closes: #878507)
 CVE-2017-14224 (Closes: #876097)
 CVE-2017-14607 (Closes: #878527)
 

Processed: tagging 872195

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 872195 + confirmed
Bug #872195 [tircd] tircd: fails to install: chown: cannot access 
'/var/lib/tircd': No such file or directory
Added tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
872195: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872195
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#873134: marked as done (imagemagick: CVE-2017-12983)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#873134: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #873134,
regarding imagemagick: CVE-2017-12983
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/682

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-12983[0]:
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c
| in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact
| via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983
[1] https://github.com/ImageMagick/ImageMagick/issues/682

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for 

Bug#876097: marked as done (imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#876097: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #876097,
regarding imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876097
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: upstream security patch
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/733

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14224[0]:
| A heap-based buffer overflow in WritePCXImage in coders/pcx.c in
| ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of
| service or code execution via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14224
[1] https://github.com/ImageMagick/ImageMagick/issues/733

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 

Bug#870848: marked as done (jackson-databind: CVE-2017-7525: Deserialization vulnerability via readValue method of ObjectMapper)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:19:00 +
with message-id 
and subject line Bug#870848: fixed in jackson-databind 2.4.2-2+deb8u1
has caused the Debian Bug report #870848,
regarding jackson-databind: CVE-2017-7525: Deserialization vulnerability via 
readValue method of ObjectMapper
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jackson-databind
Version: 2.8.6-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/FasterXML/jackson-databind/issues/1599

Hi,

the following vulnerability was published for jackson-databind.

CVE-2017-7525[0]:
Deserialization vulnerability via readValue method of ObjectMapper

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Upstream tracking is at [2].

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
[1] https://github.com/FasterXML/jackson-databind/issues/1599
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7525

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jackson-databind
Source-Version: 2.4.2-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
jackson-databind, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany  (supplier of updated jackson-databind package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 Oct 2017 01:44:42 +0200
Source: jackson-databind
Binary: libjackson2-databind-java libjackson2-databind-java-doc
Architecture: source all
Version: 2.4.2-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libjackson2-databind-java - fast and powerful JSON library for Java -- data 
binding
 libjackson2-databind-java-doc - Documentation for jackson-databind
Closes: 870848
Changes:
 jackson-databind (2.4.2-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-7525: Deserialization vulnerability via readValue
 method of ObjectMapper. (Closes: #870848)
Checksums-Sha1:
 bed1c6ec546555eb0e49ccaea6857242ef849cf3 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 aaec538f967e8cd0bbff405eef753d10ba2df664 851898 
jackson-databind_2.4.2.orig.tar.gz
 1ae7f0fdae862453a3f0ae6f76f13c053a87e59e 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 95e9a700283eb51c8032018f4986828350058395 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 a879aefe50adfc4823b1d076edef6fc016cdfcab 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Checksums-Sha256:
 8160da76d47ac9d45241761140b61cc26e9dd071a36e8614250764b473634dfd 2688 
jackson-databind_2.4.2-2+deb8u1.dsc
 06d8378c6ab40aca83354acf625969801e014a447756ad07e16365925ddf3aa1 851898 
jackson-databind_2.4.2.orig.tar.gz
 565f027fdb76103557f7e34236c269fa52459c32bc9174eeadbf5d30e0e84230 6220 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 aec403bf86dd9d1c02ba956518fd64c5ed9b8c4df9ee3bae9f4edc205fa5 985394 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 088dd770a71d875faaee183ad9f7c7e5e9c5ffbd66bdd8432225971b47274edb 4749164 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb
Files:
 659b09d354809dc185c3cea754e24703 2688 java optional 
jackson-databind_2.4.2-2+deb8u1.dsc
 a3cef86907e85f401571db6d5d5ae358 851898 java optional 
jackson-databind_2.4.2.orig.tar.gz
 b0b2c0c073904b9299d50f6e62272912 6220 java optional 
jackson-databind_2.4.2-2+deb8u1.debian.tar.xz
 b71da66cc63df8ec0ad08a551fa02958 985394 java optional 
libjackson2-databind-java_2.4.2-2+deb8u1_all.deb
 422670e2acd0adb48667c8cd7dd38568 4749164 doc optional 
libjackson2-databind-java-doc_2.4.2-2+deb8u1_all.deb

Bug#873099: marked as done (imagemagick: CVE-2017-13134)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#873099: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #873099,
regarding imagemagick: CVE-2017-13134
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/670

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13134[0]:
| In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the
| function SFWScan in coders/sfw.c, which allows attackers to cause a
| denial of service via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 

Bug#872373: marked as done (CVE-2017-12877)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#872373: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #872373,
regarding CVE-2017-12877
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
872373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872373
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: imagemagick
Version: 8:6.9.7.4+dfsg-16
Severity: grave
Tags: security

This was assigned CVE-2017-12877:
https://github.com/ImageMagick/ImageMagick/issues/662
https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 872...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 
876488 878507 878508 878527 878562 878578 881392
Changes:
 imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
 .
   * Multiple security fixes
 CVE-2017-12983 (Closes: #873134)
 CVE-2017-13134 (Closes: #873099)
 CVE-2017-13769 (Closes: #878507)
 CVE-2017-14224 (Closes: #876097)
 CVE-2017-14607 (Closes: #878527)
 CVE-2017-14682 (Closes: #876488)
 CVE-2017-14989 (Closes: #878562)
 CVE-2017-15277 (Closes: #878578)
 CVE-2017-11352 

Bug#868469: marked as done (imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144))

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 22:18:45 +
with message-id 
and subject line Bug#868469: fixed in imagemagick 8:6.8.9.9-5+deb8u11
has caused the Debian Bug report #868469,
regarding imagemagick: CVE-2017-11352 (Incomplete fix for CVE-2017-9144)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: serious
Tags: upstream patch security
Justification: incomplete fix for previous security fix
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/502
Control: fixed -1 8:6.9.7.4+dfsg-12
Control: found -1 8:6.9.7.4+dfsg-9
Control: found -1 8:6.8.9.9-5+deb8u9

As noted in the upstream bug [1] the original fix for CVE-2017-9144
was incomplete.

 [1] https://github.com/ImageMagick/ImageMagick/issues/502

As the incomplete fix has security implications itself (DoS at least?)
this might warrant a new CVE id.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.8.9.9-5+deb8u11

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Nov 2017 23:13:59 +0100
Source: imagemagick
Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 
libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 
libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev 
imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev 
libmagickwand-dev libmagick++-dev
Architecture: source all amd64
Version: 8:6.8.9.9-5+deb8u11
Distribution: jessie-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Muehlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-common - image manipulation programs -- infrastructure
 imagemagick-dbg - debugging symbols for ImageMagick
 imagemagick-doc - document files of ImageMagick
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick
 libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - 
development files
 libmagick++-dev - object-oriented C++ interface to ImageMagick
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth 
Q16
 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra 
codecs (Q16)
 libmagickcore-6.q16-dev - low-level image manipulation library - development 
files (Q16)
 libmagickcore-dev - low-level image manipulation library -- transition package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-6.q16-2 - image manipulation library
 libmagickwand-6.q16-dev - image manipulation library - development files
 libmagickwand-dev - image manipulation library - transition for development 
files
 perlmagick - Perl interface to ImageMagick -- transition package
Closes: 868469 869715 869728 870067 870106 870109 872373 873099 873134 876097 
876488 878507 878508 878527 878562 878578 881392
Changes:
 imagemagick (8:6.8.9.9-5+deb8u11) jessie-security; urgency=medium
 

Bug#882095: python-pyrax FTBFS: test failures

[Adrian Bunk]

Source: python-pyrax
Version: 1.9.8-1
Severity: serious

Some recent change in unstable makes python-pyrax FTBFS:

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-pyrax.html

...
==
ERROR: tests.unit.test_autoscale (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_autoscale
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_autoscale.py", line 10, in 
import pyrax
  File "pyrax/__init__.py", line 58, in 
from novaclient import auth_plugin as _cs_auth_plugin
ImportError: cannot import name auth_plugin


==
ERROR: tests.unit.test_client (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_client
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_client.py", line 16, in 
import pyrax
  File "pyrax/__init__.py", line 52, in 
from . import exceptions as exc
ImportError: cannot import name exceptions


==
ERROR: tests.unit.test_cloud_blockstorage (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_cloud_blockstorage
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_cloud_blockstorage.py", line 10, in 
import pyrax.cloudblockstorage
  File "pyrax/__init__.py", line 52, in 
from . import exceptions as exc
ImportError: cannot import name exceptions


==
ERROR: tests.unit.test_cloud_cdn (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_cloud_cdn
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_cloud_cdn.py", line 5, in 
from pyrax.cloudcdn import CloudCDNClient
  File "pyrax/__init__.py", line 52, in 
from . import exceptions as exc
ImportError: cannot import name exceptions


==
ERROR: tests.unit.test_cloud_databases (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_cloud_databases
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_cloud_databases.py", line 9, in 
from pyrax.clouddatabases import CloudDatabaseBackupManager
  File "pyrax/__init__.py", line 52, in 
from . import exceptions as exc
ImportError: cannot import name exceptions


==
ERROR: tests.unit.test_cloud_dns (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to import test module: tests.unit.test_cloud_dns
Traceback (most recent call last):
  File "/usr/lib/python2.7/unittest/loader.py", line 254, in _find_tests
module = self._get_module_from_name(name)
  File "/usr/lib/python2.7/unittest/loader.py", line 232, in 
_get_module_from_name
__import__(name)
  File "tests/unit/test_cloud_dns.py", line 12, in 
import pyrax
  File "pyrax/__init__.py", line 52, in 
from . import exceptions as exc
ImportError: cannot import name exceptions


==
ERROR: tests.unit.test_cloud_loadbalancers (unittest.loader.ModuleImportFailure)
--
ImportError: Failed to 

Bug#864818: marked as done (python-tablib: CVE-2017-2810)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:32:11 +
with message-id 
and subject line Bug#864818: fixed in python-tablib 0.9.11-2+deb9u1
has caused the Debian Bug report #864818,
regarding python-tablib: CVE-2017-2810
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-tablib
Version: 0.9.11-2
Severity: grave
Tags: upstream patch security
Justification: user security hole

Hi,

the following vulnerability was published for python-tablib.

CVE-2017-2810[0]:
| An exploitable vulnerability exists in the Databook loading
| functionality of Tablib 0.11.4. A yaml loaded Databook can execute
| arbitrary python commands resulting in command execution. An attacker
| can insert python into loaded yaml to trigger this vulnerability.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-2810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2810
[1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
[2] 
https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e

For stretch and jessie, we quickly discussed that on IRC, and given
there are not reverse dependencies and low popcon/usage, we suggest to
have the fix going via a future point release, can you contact the
release team for that?

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-tablib
Source-Version: 0.9.11-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
python-tablib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand  (supplier of updated python-tablib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 24 Oct 2017 21:15:19 +0200
Source: python-tablib
Binary: python-tablib
Architecture: source all
Version: 0.9.11-2+deb9u1
Distribution: stretch
Urgency: low
Maintainer: PKG OpenStack 
Changed-By: Thomas Goirand 
Description:
 python-tablib - format agnostic tabular dataset library
Closes: 864818
Changes:
 python-tablib (0.9.11-2+deb9u1) stretch; urgency=low
 .
   * CVE-2017-2810: apply upstream patch: use safe load (Closes: #864818).
Checksums-Sha1:
 7c6f83acf14cd7f6057ed39ca3c7c05bfce51a10 2221 python-tablib_0.9.11-2+deb9u1.dsc
 8042ccfb88e6e58aaaf848966355b5bb58e02b65 3236 
python-tablib_0.9.11-2+deb9u1.debian.tar.xz
 1f706f3f67a41d3a5aa6e996eda7bebd6ea661b5 253880 
python-tablib_0.9.11-2+deb9u1_all.deb
 bf361bc093643d58b943a36f2a5d78c1c0527156 7741 
python-tablib_0.9.11-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 285ff404e3e7b511dae53951c12e1ae75b85e561fcecd9dd97c47ebdf19dce8f 2221 
python-tablib_0.9.11-2+deb9u1.dsc
 6fbf0e161d33e3b8483ff07c9650ae41d2fcc966bed495536b31c051198e57cd 3236 
python-tablib_0.9.11-2+deb9u1.debian.tar.xz
 f0f72c9ca79b2fec3266ab3faddac328aebe711685f50cf5c687528d963d1391 253880 
python-tablib_0.9.11-2+deb9u1_all.deb
 a349d56683aa1e19ab7857662583eb070d9784fe03d983c46f93b78413c655fa 7741 
python-tablib_0.9.11-2+deb9u1_amd64.buildinfo
Files:
 99b5d445d2b1cdf72e36227b287aa37c 2221 python optional 
python-tablib_0.9.11-2+deb9u1.dsc
 0199b637493f39f12a64aa70d50683a6 3236 python optional 
python-tablib_0.9.11-2+deb9u1.debian.tar.xz
 745e306a9aab701d65dcc78f746a2625 253880 python optional 
python-tablib_0.9.11-2+deb9u1_all.deb
 fb051ccf0e30868f82bdb8d80375e483 7741 python optional 
python-tablib_0.9.11-2+deb9u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAlnvkXEACgkQ1BatFaxr
Q/7F3g/9G4eGh2R+9l2XMME1MOOlR9w7AVlLoFTA/SYqzuaFqtCvz7rhkvSQewI0
UNs2Xw+ttBMiufe9UQpAnOnPdhF57UJqxErnQvpTXzqrPtOn5Amc+fBy0O05AfsN
RsFC9NpH1IxU446nTUvCMon/r9590EuHOm6rPRw3QZZccp2FrIIp5RR62VKDryGn

Bug#859226: marked as done (m2ext: Please migrate to openssl1.1 in buster)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:10:25 +
with message-id 
and subject line Bug#859226: fixed in m2ext 0.1-1.2
has caused the Debian Bug report #859226,
regarding m2ext: Please migrate to openssl1.1 in buster
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859226
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: m2ext
Version: 0.1-1
Severity: serious
Control: block 827061 by -1

m2crypto will probably go with libssl1.0 for Stretch and m2ext should
use the same library.

Sebastian
--- End Message ---
--- Begin Message ---
Source: m2ext
Source-Version: 0.1-1.2

We believe that the bug you reported is fixed in the latest version of
m2ext, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated m2ext 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 13 Nov 2017 21:31:11 +0100
Source: m2ext
Binary: python-m2ext
Architecture: source
Version: 0.1-1.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 

Changed-By: Sebastian Andrzej Siewior 
Description:
 python-m2ext - Extensions to the M2Crypto Python package
Closes: 859226
Changes:
 m2ext (0.1-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Switch back to libssl-dev since m2crypto did it, too (Closes: #859226).
Checksums-Sha1:
 b161d5152d162b420481883a85b606966873fbf1 1970 m2ext_0.1-1.2.dsc
 9057571c4c4801a173271a884d686f21c965111e 1964 m2ext_0.1-1.2.debian.tar.xz
 8b15f2d18884b60233b48b2d7ed874e80f413130 6501 m2ext_0.1-1.2_source.buildinfo
Checksums-Sha256:
 7fe2ded1434bfc0b1f08a73949301cf0fbbb175a460606b81ed15ac364b67df7 1970 
m2ext_0.1-1.2.dsc
 41a69112570c83ea110f63e5e7d596dad0b52c1e0ce3ce1eed6ee7a4fb734beb 1964 
m2ext_0.1-1.2.debian.tar.xz
 0f6737ba78846018f304c557ddb52c8b61cebe5584779d1d7464b6abe88dd225 6501 
m2ext_0.1-1.2_source.buildinfo
Files:
 2b3e6c3475420c1b1d2b5dade5b61e5d 1970 python optional m2ext_0.1-1.2.dsc
 c672397d1231d128b40d62b8e577d7b0 1964 python optional 
m2ext_0.1-1.2.debian.tar.xz
 da0716dc4929b485ab84dc8d74b4b2ef 6501 python optional 
m2ext_0.1-1.2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAloKATMACgkQT+XjJihy
5Mxy/w/7BL2PIOfleCu4J3nZs2CtZcsZJvqbXAHKr2gFdLwekpzRSGV0fWb5r49a
56xoHUMc96j625zHJvmNaQt764CwNiG8/HRY8gYwdOG3LbW247fFkwyv0P+RaeQF
CRDs2NV8e5+nka+ccgXHjLfSFAD9xvWw3e5ZSjmJzjiHZg7r8ypW3ZawkgnwMtB3
ZK/kcE5/egDTJV+8NCQM65JhN4jDbuTXL49kFOQlMugdqcxggIE1K7buEth0+gTh
OYTlyBdlWe36cevGn4wu4nSGBk04bALbiUuUoLNik5qbB8Bo1Nx3uD70UduOV+D3
ROTpBjTD5cGHGK+Gkh0B0oKhQdsf2vQYq2+E5t7NRH0AlY4KYCDnzSPJuwGiPQg8
F+qcA4gBjkBOF0mr98nxqA+ButMiq1tuFCl33nOdUYI727/J3f0nrk68El52tOJW
kEbJAmEYFWSVQ9/P8idCv0Ek1FBn6DLbjWRUyTooDFJWMwwR+DyZPIOyJTdmM7ZS
jfMD813uI4wFVwhHsZgjYHbPN26ed0raCC1PyrCk/yRe8yOvKVegGVHF5dPJFjW8
2y9/WL7ofHNiXLau0MF90hU+zEYzruJj3wiY5mRXZWBSjIXrCnyWoapfSGYJPXBk
SJSQCyZiRSxWJYL5h+T5X+Jng5i8TCpDaNY2DHgLcdR4inXVvuo=
=AXQ6
-END PGP SIGNATURE End Message ---

Bug#879952: marked as done (qt3d5-dev-tools: fails to upgrade from 'stable' to 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/qt5/bin/qgltf)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:11:12 +
with message-id 
and subject line Bug#879952: fixed in qt3d-opensource-src 5.9.2+dfsg-3
has caused the Debian Bug report #879952,
regarding qt3d5-dev-tools: fails to upgrade from 'stable' to 'sid' - trying to 
overwrite /usr/lib/x86_64-linux-gnu/qt5/bin/qgltf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qt3d5-dev-tools
Version: 5.9.2+dfsg-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'stable'.
It installed fine in 'stable', then the upgrade to 'sid' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

This test intentionally skipped 'testing' to find file overwrite
problems before packages migrate from 'unstable' to 'testing'.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package qt3d5-dev-tools.
  Preparing to unpack .../qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb ...
  Unpacking qt3d5-dev-tools (5.9.2+dfsg-2) ...
  dpkg: error processing archive 
/var/cache/apt/archives/qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb (--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/qt5/bin/qgltf', which is also 
in package qt3d-assimpsceneio-plugin:amd64 5.7.1+dfsg-2
  Errors were encountered while processing:
   /var/cache/apt/archives/qt3d5-dev-tools_5.9.2+dfsg-2_amd64.deb


cheers,

Andreas


qt3d-assimpsceneio-plugin=5.7.1+dfsg-2_qt3d5-dev-tools=5.9.2+dfsg-2.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: qt3d-opensource-src
Source-Version: 5.9.2+dfsg-3

We believe that the bug you reported is fixed in the latest version of
qt3d-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev  (supplier of updated qt3d-opensource-src 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 22:43:29 +0300
Source: qt3d-opensource-src
Binary: libqt53dcore5 libqt53dquick5 libqt53dquickrender5 libqt53dinput5 
libqt53drender5 libqt53dlogic5 libqt53dquickinput5 libqt53dquickextras5 
libqt53dextras5 libqt53dquickscene2d5 libqt53danimation5 
libqt53dquickanimation5 qt3d5-dev-tools qt3d-gltfsceneio-plugin 
qt3d-assimpsceneimport-plugin qt3d-defaultgeometryloader-plugin 
qt3d-scene2d-plugin qml-module-qt3d qml-module-qtquick-scene3d 
qml-module-qtquick-scene2d qt3d5-dev qt3d5-examples qt3d5-doc qt3d5-doc-html
Architecture: source
Version: 5.9.2+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Dmitry Shachnev 
Description:
 libqt53danimation5 - Qt 3D animation module
 libqt53dcore5 - Qt 3D module
 libqt53dextras5 - Qt 3D extras
 libqt53dinput5 - Qt 3D Input module
 libqt53dlogic5 - Qt 3D logic module
 libqt53dquick5 - Qt 3D Quick module
 libqt53dquickanimation5 - Qt 3D Quick animation module
 libqt53dquickextras5 - Qt 3D Quick extras
 libqt53dquickinput5 - Qt 3D Quick input
 libqt53dquickrender5 - Qt 3D Quick Renderer module
 libqt53dquickscene2d5 - Qt 3D Quick scene module
 libqt53drender5 - Qt 3D Renderer module
 qml-module-qt3d - Qt 5 3D QML module
 qml-module-qtquick-scene2d - Qt 5 Quick Scene 2D QML module
 qml-module-qtquick-scene3d - Qt 5 Quick Scene 3D QML module
 qt3d-assimpsceneimport-plugin - Qt 3D GL Assimp scene import plugin
 qt3d-defaultgeometryloader-plugin - Qt 3D default geometry loader plugin
 qt3d-gltfsceneio-plugin - Qt 3D GL Transmission Format scene IO plugin
 qt3d-scene2d-plugin - Qt 3D Scene 2D plugin
 qt3d5-dev  - Qt 5 3D development files
 qt3d5-dev-tools - Qt 3D development tools
 qt3d5-doc  - Qt 3D documentation
 qt3d5-doc-html - Qt 3D HTML documentation
 

Bug#878818: marked as done (ovito: FTBFS - Testsuite fails because executed with python3.5 instead of 3.6)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:10:37 +
with message-id 
and subject line Bug#878818: fixed in ovito 2.9.0+dfsg1-3
has caused the Debian Bug report #878818,
regarding ovito: FTBFS - Testsuite fails because executed with python3.5 
instead of 3.6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ovito
Version: 2.9.0+dfsg1-2
Severity: serious
Tags: patch
Justification: FTBFS

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

With the ongoing python3.6 transition ovito is built with both python3.5 and 
3.6. The latter being the defaut.
This makes the testsuite fails with:
make[1]: Entering directory 
'/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu'

Running tests...
/usr/bin/ctest --force-new-ctest-process -j1
Test project /<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu
Start   1: affine_transformation_modifier.py
  1/184 Test   #1: affine_transformation_modifier.py ..   
Passed0.39 sec
Start   2: affine_transformation_modifier.py_extern
  2/184 Test   #2: affine_transformation_modifier.py_extern 
...***Failed0.13 sec
Traceback (most recent call last):
  File "affine_transformation_modifier.py", line 1, in 
from ovito.io import *
  File 
"/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu/lib/ovito/plugins/python/ovito/__init__.py",
 line 17, in 
import ovito.plugins.PyScript
ImportError: Python version mismatch: module was compiled for version 3.6, 
while the interpreter is running version 3.5.

Start   3: ambient_occlusion_modifier.py
  3/184 Test   #3: ambient_occlusion_modifier.py ..   
Passed0.29 sec
Start   4: ambient_occlusion_modifier.py_extern
  4/184 Test   #4: ambient_occlusion_modifier.py_extern 
...***Failed0.13 sec
Traceback (most recent call last):
  File "ambient_occlusion_modifier.py", line 1, in 
import ovito
  File 
"/<>/ovito-2.9.0+dfsg1/obj-x86_64-linux-gnu/lib/ovito/plugins/python/ovito/__init__.py",
 line 17, in 
import ovito.plugins.PyScript
ImportError: Python version mismatch: module was compiled for version 3.6, 
while the interpreter is running version 3.5.
...

An easy workaround is to tell cmake to use the default python3 interpreter 
instead of the first one it finds.
Patch attached.

Thanks,

_g.


- -- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAlnlGykACgkQ7+hsbH/+
z4ObBwf7BIOnt3YAnvDpLQk6VSyeGDFodYuyyRqsG3a2GaLngyjYTNi9JsMEZ5OL
Bbxo3+exnQANSZqsI/7Iz+K1kN2EQZxIAwym9GLLIn+k4Sv2H5eoOGRM0YnmfsK/
5skaLKsfXmqEBD6p+v35E1/GylJt7AhkqHpd/QqYjgT9tiYyHOYkm6Xkg4rSrjBh
9BWKYeb2ecUYYxJkMzJ92eIjkJ+9qL4NLgDnj5gEclSb7HHpIQN+f7IEDePNqNyA
ZmshKvKF8mrA4/5vIfjr2lAz8u1FcbWGEZxdKf2Vwvw4KX+QkqkO8DveMZmLvmMU
Jb0tHh1m08wt504mfH7A4J3SAdYq9A==
=Mq9q
-END PGP SIGNATURE-
diff -Nru ovito-2.9.0+dfsg1/debian/changelog ovito-2.9.0+dfsg1/debian/changelog
--- ovito-2.9.0+dfsg1/debian/changelog  2017-08-10 19:44:59.0 +0200
+++ ovito-2.9.0+dfsg1/debian/changelog  2017-10-16 12:24:21.0 +0200
@@ -1,3 +1,10 @@
+ovito (2.9.0+dfsg1-2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Force using default Python 3 interpreter
+
+ -- Gilles Filippini   Mon, 16 Oct 2017 12:24:21 +0200
+
 ovito (2.9.0+dfsg1-2) unstable; urgency=medium
 
   * [cdb5bde] Fix FTBFS on archs, where char is unsigned. (Closes: #871248)
diff -Nru ovito-2.9.0+dfsg1/debian/rules ovito-2.9.0+dfsg1/debian/rules
--- ovito-2.9.0+dfsg1/debian/rules  2017-08-06 23:51:10.0 +0200
+++ ovito-2.9.0+dfsg1/debian/rules  2017-10-16 12:24:17.0 +0200
@@ -5,6 +5,7 @@
dh $@ --parallel
 
 extra_flags += \
+   -DPYTHON_EXECUTABLE=/usr/bin/python3 \
-DOVITO_BUILD_DOCUMENTATION=TRUE \
-DOVITO_BUILD_PLUGIN_SCRIPTING=TRUE \
-DOVITO_BUILD_PLUGIN_NETCDF=TRUE \
--- End Message ---
--- Begin Message ---
Source: ovito
Source-Version: 2.9.0+dfsg1-3

We believe that the bug you reported is fixed in the latest version of
ovito, which is due to be 

Bug#882089: libdebian-installer FTBFS since glibc 2.25

[Helmut Grohne]

Source: libdebian-installer
Version: 0.111
Severity: serious
Justification: fails to build from source (but built successfully in the past)
User: helm...@debian.org
Usertags: rebootstrap

| make[5]: Entering directory '/<>/build/src/system'
| /bin/bash ../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. 
-I../../../src/system  -I../../../include -I../../ -Wdate-time 
-D_FORTIFY_SOURCE=2  -Wall -W -Werror -ggdb -Wmissing-declarations -Os 
-fomit-frame-pointer -c -o devfs.lo ../../../src/system/devfs.c
| libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../../src/system 
-I../../../include -I../../ -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -W -Werror 
-ggdb -Wmissing-declarations -Os -fomit-frame-pointer -c 
../../../src/system/devfs.c  -fPIC -DPIC -o .libs/devfs.o
| ../../../src/system/devfs.c: In function 'di_system_devfs_map_from':
| ../../../src/system/devfs.c:127:13: error: In the GNU C Library, "major" is 
defined
|  by . For historical compatibility, it is
|  currently defined by  as well, but we plan to
|  remove this soon. To use "major", include 
|  directly. If you did not intend to use a system-defined macro
|  "major", you should undefine it after including . [-Werror]
|  if (major (s.st_rdev) == e->major &&
|  ^~~~ 



   
| ../../../src/system/devfs.c:128:13: error: In the GNU C Library, "minor" is 
defined
|  by . For historical compatibility, it is
|  currently defined by  as well, but we plan to
|  remove this soon. To use "minor", include 
|  directly. If you did not intend to use a system-defined macro
|  "minor", you should undefine it after including . [-Werror]
|  ((e->type == ENTRY_TYPE_ONE && minor (s.st_rdev) == e->minor) ||
|  ^~~~ 



   
| ../../../src/system/devfs.c:129:13: error: In the GNU C Library, "minor" is 
defined
|  by . For historical compatibility, it is
|  currently defined by  as well, but we plan to
|  remove this soon. To use "minor", include 
|  directly. If you did not intend to use a system-defined macro
|  "minor", you should undefine it after including . [-Werror]
|   (e->type != ENTRY_TYPE_ONE && minor (s.st_rdev) >= e->minor))) {
|  ^



   
| ../../../src/system/devfs.c:151:13: error: In the GNU C Library, "minor" is 
defined
|  by . For historical compatibility, it is
|  currently defined by  as well, but we plan to
|  remove this soon. To use "minor", include 
|  directly. If you did not intend to use a system-defined macro
|  "minor", you should undefine it after including . [-Werror]
|disc = minor (s.st_rdev) - e->minor + e->entry_first;
|  ^~~  



   
| ../../../src/system/devfs.c:159:13: error: In the GNU C Library, "minor" is 
defined
|  by . For historical compatibility, it is
|  currently defined by  as well, but we plan to
|  remove this soon. To use "minor", include 
|  directly. If you did not intend to use a system-defined macro
|  "minor", you should undefine it after including . [-Werror]
|disc = (minor (s.st_rdev) >> e->entry_disc_minor_shift);
|  ^~   



   
| ../../../src/system/devfs.c:160:13: error: In the GNU C Library, "minor" is 
defined
|  by . For historical compatibility, it is
|  currently 

Bug#882088: libicu-le-hb-dev: fails to upgrade from 'sid' - trying to overwrite /usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc

[Andreas Beckmann]

Package: libicu-le-hb-dev
Version: 1.0.3+git161113-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it tries to overwrite other packages files without declaring a
Breaks+Replaces relation.

See policy 7.6 at
https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces

>From the attached log (scroll to the bottom...):

  Unpacking libicu-le-hb-dev:amd64 (1.0.3+git161113-2) ...
  dpkg: error processing archive 
/tmp/apt-dpkg-install-ayU5Lf/29-libicu-le-hb-dev_1.0.3+git161113-2_amd64.deb 
(--unpack):
   trying to overwrite '/usr/lib/x86_64-linux-gnu/pkgconfig/icu-le.pc', which 
is also in package libicu-dev 57.1-8
  Errors were encountered while processing:
   /tmp/apt-dpkg-install-ayU5Lf/29-libicu-le-hb-dev_1.0.3+git161113-2_amd64.deb


cheers,

Andreas


libicu-dev=57.1-8_libicu-le-hb-dev=1.0.3+git161113-2.log.gz
Description: application/gzip

Bug#878562: marked as done (imagemagick: CVE-2017-14989)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#878562: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #878562,
regarding imagemagick: CVE-2017-14989
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.8.9.9-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/781

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14989[0]:
| A use-after-free in RenderFreetype in MagickCore/annotate.c in
| ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a
| crafted font file, because the FT_Done_Glyph function (from FreeType 2)
| is called at an incorrect place in the ImageMagick code.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989
[1] https://github.com/ImageMagick/ImageMagick/issues/781

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 

Bug#878507: marked as done (imagemagick: CVE-2017-13769)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#878507: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #878507,
regarding imagemagick: CVE-2017-13769
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/705

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13769[0]:
| The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick
| through 7.0.6-10 allows an attacker to cause a denial of service
| (buffer over-read) by sending a crafted JPEG file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13769
[1] https://github.com/ImageMagick/ImageMagick/issues/705

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture 

Bug#876488: marked as done (imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken())

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#876488: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #876488,
regarding imagemagick: CVE-2017-14682: Heap buffer overflow in GetNextToken()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876488
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: grave
Tags: upstream security patch
Forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14682[0]:
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote
| attackers to cause a denial of service (heap-based buffer overflow and
| application crash) or possibly have unspecified other impact via a
| crafted SVG document, a different vulnerability than CVE-2017-10928.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14682
[1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726
[2] 
https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 

Bug#878508: marked as done (imagemagick: CVE-2017-13758)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#878508: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #878508,
regarding imagemagick: CVE-2017-13758
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878508
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13758[0]:
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the
| TracePoint() function in MagickCore/draw.c.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13758
[1] https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32583

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - 

Bug#878527: marked as done (imagemagick: CVE-2017-14607)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#878527: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #878527,
regarding imagemagick: CVE-2017-14607
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/765

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14607[0]:
| In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to
| ReadTIFFImage has been reported in coders/tiff.c. An attacker could
| possibly exploit this flaw to disclose potentially sensitive memory or
| cause an application crash.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14607
[1] https://github.com/ImageMagick/ImageMagick/issues/765

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level 

Bug#878578: marked as done (imagemagick: CVE-2017-15277)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#878578: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #878578,
regarding imagemagick: CVE-2017-15277
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878578
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/592

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-15277[0]:
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick
| 1.3.26 leaves the palette uninitialized when processing a GIF file that
| has neither a global nor local palette. If the affected product is used
| as a library loaded into a process that operates on interesting data,
| this data sometimes can be leaked via the uninitialized palette.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277
[1] https://github.com/ImageMagick/ImageMagick/issues/592

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 

Bug#876097: marked as done (imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#876097: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #876097,
regarding imagemagick: CVE-2017-14224: Heap buffer overflow in WritePCXImage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
876097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876097
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: upstream security patch
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/733

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-14224[0]:
| A heap-based buffer overflow in WritePCXImage in coders/pcx.c in
| ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of
| service or code execution via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14224
[1] https://github.com/ImageMagick/ImageMagick/issues/733

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image 

Bug#875800: marked as done (double free or corruption (!prev))

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:42 +
with message-id 
and subject line Bug#875800: fixed in flickcurl 1.26-2+deb9u1
has caused the Debian Bug report #875800,
regarding double free or corruption (!prev)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
875800: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875800
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: flickcurl-utils
Version: 1.26-2
Severity: grave
File: /usr/bin/flickcurl

$ flickcurl oauth.create
*** Error in `flickcurl': double free or corruption (!prev): 0x0176b510 ***
=== Backtrace: =
/lib/i386-linux-gnu/libc.so.6(+0x698aa)[0xb72e18aa]
/lib/i386-linux-gnu/libc.so.6(+0x705f7)[0xb72e85f7]
/lib/i386-linux-gnu/libc.so.6(+0x70e46)[0xb72e8e46]
/usr/lib/i386-linux-gnu/libflickcurl.so.0(flickcurl_free_form+0x22)[0xb7748a62]
/usr/lib/i386-linux-gnu/libflickcurl.so.0(flickcurl_oauth_create_request_token+0x201)[0xb7766f61]
flickcurl(+0xce50)[0x469e50]
flickcurl(main+0x62c)[0x46425c]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7290456]
flickcurl(+0x7310)[0x464310]
=== Memory map: 
0045d000-0047c000 r-xp  08:08 65457  /usr/bin/flickcurl
0047c000-0047d000 r--p 0001e000 08:08 65457  /usr/bin/flickcurl
0047d000-0047f000 rw-p 0001f000 08:08 65457  /usr/bin/flickcurl
00a1b000-017a5000 rw-p  00:00 0  [heap]
b400-b4021000 rw-p  00:00 0 
b4021000-b410 ---p  00:00 0 
b41d4000-b41d9000 r-xp  08:08 228674 
/lib/i386-linux-gnu/libnss_dns-2.25.so
b41d9000-b41da000 r--p 4000 08:08 228674 
/lib/i386-linux-gnu/libnss_dns-2.25.so
b41da000-b41db000 rw-p 5000 08:08 228674 
/lib/i386-linux-gnu/libnss_dns-2.25.so
b41db000-b41e6000 r-xp  08:08 228676 
/lib/i386-linux-gnu/libnss_files-2.25.so...

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.12.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), 
LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages flickcurl-utils depends on:
ii  libc62.25-0experimental3
ii  libcurl3-gnutls  7.55.1-1
ii  libflickcurl01.26-2
ii  libraptor2-0 2.0.14-1+b1
ii  libxml2  2.9.4+dfsg1-4

flickcurl-utils recommends no packages.

flickcurl-utils suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flickcurl
Source-Version: 1.26-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
flickcurl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 875...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kumar Appaiah  (supplier of updated flickcurl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 30 Mar 2017 07:25:12 +0530
Source: flickcurl
Binary: libflickcurl-dev libflickcurl0 libflickcurl0-dbg flickcurl-utils 
flickcurl-doc
Architecture: source all amd64
Version: 1.26-2+deb9u1
Distribution: stable
Urgency: medium
Maintainer: Kumar Appaiah 
Changed-By: Kumar Appaiah 
Description:
 flickcurl-doc - utilities to call the Flickr API from command line - 
documentatio
 flickcurl-utils - utilities to call the Flickr API from command line
 libflickcurl-dev - C library for accessing the Flickr API - development files
 libflickcurl0 - C library for accessing the Flickr API
 libflickcurl0-dbg - C library for accessing the Flickr API - debugging symbols
Closes: 859019 875800
Changes:
 flickcurl (1.26-2+deb9u1) stable; urgency=medium
 .
   * Apply patch from upstream to fix oauth token fetching
   * Apply patch from upstream to prevent double free corruption
 during authentication (Closes: #875800)
   * Remove broken devhelp link in flickcurl-doc (Closes: #859019)
Checksums-Sha1:
 c652fcb0fab9189c31b4755ce544513dc4cb8ea7 2217 flickcurl_1.26-2+deb9u1.dsc
 

Bug#873099: marked as done (imagemagick: CVE-2017-13134)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#873099: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #873099,
regarding imagemagick: CVE-2017-13134
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873099: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/670

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-13134[0]:
| In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the
| function SFWScan in coders/sfw.c, which allows attackers to cause a
| denial of service via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level image manipulation library - 
architecture header files
 libmagickcore-6-headers - low-level image manipulation 

Bug#873134: marked as done (imagemagick: CVE-2017-12983)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 21:03:47 +
with message-id 
and subject line Bug#873134: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u3
has caused the Debian Bug report #873134,
regarding imagemagick: CVE-2017-12983
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
873134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: imagemagick
Version: 8:6.9.7.4+dfsg-11
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/ImageMagick/ImageMagick/issues/682

Hi,

the following vulnerability was published for imagemagick.

CVE-2017-12983[0]:
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c
| in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact
| via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983
[1] https://github.com/ImageMagick/ImageMagick/issues/682

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: imagemagick
Source-Version: 8:6.9.7.4+dfsg-11+deb9u3

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Mühlenhoff  (supplier of updated imagemagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 10 Nov 2017 20:46:29 +0100
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers 
libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl 
libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 
libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 
libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev 
libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 
libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev 
libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 
libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common 
imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev 
imagemagick
Architecture: source all amd64
Version: 8:6.9.7.4+dfsg-11+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Moritz Mühlenhoff 
Description:
 imagemagick - image manipulation programs -- binaries
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-6.q16 - image manipulation programs -- quantum depth Q16
 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI
 imagemagick-common - image manipulation programs -- infrastructure dummy 
package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines 
-- Q16 versio
 libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics 
routines -- Q16HDRI ve
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header 
files
 libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16
 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16)
 libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI
 libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files 
(Q16HDRI)
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-arch-config - low-level 

Processed: Version fix

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 838638 0.9.30+debian1-1.1
Bug #838638 [python3-googlecloudapis] /usr/bin/python3-google-api-tools broken; 
missing several dependencies, does not work even after doing so
No longer marked as found in versions python-googlecloudapis/0.9.30+debian1-1.1.
> found 838638 0.9.30+debian1-1
Bug #838638 [python3-googlecloudapis] /usr/bin/python3-google-api-tools broken; 
missing several dependencies, does not work even after doing so
Marked as found in versions python-googlecloudapis/0.9.30+debian1-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
838638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838638
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart

[Axel Beckert]

Hi,

according to git bisect, commit
8c3cad64d8b11f3acba4a856dcc915400d97380d is the culprit:

→ git bisect run sh -c "ssh root@localhost 
'~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found 
[^0][0-9]* processes using old versions of upgraded files'"
running sh -c ssh root@localhost 
'~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found 
[^0][0-9]* processes using old versions of upgraded files'
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[aa0411a3db01a1d220b19e12dec128691b9377c9] Document --terse option and adjust 
example for --machine output to the real output shown
running sh -c ssh root@localhost 
'~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found 
[^0][0-9]* processes using old versions of upgraded files'
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[8c3cad64d8b11f3acba4a856dcc915400d97380d] Provide machine readable output 
based on patch provided by Simon Ruderich
running sh -c ssh root@localhost 
'~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found 
[^0][0-9]* processes using old versions of upgraded files'
Bisecting: 0 revisions left to test after this (roughly 1 step)
[bad5f00c933eae6a1c4d0048fa08e139e7de7ad8] debian/copyright: Switch one 
previously overseen URL to HTTPS
running sh -c ssh root@localhost 
'~abe/debian-goodies/debian-goodies/checkrestart 2>&1' | egrep 'Found 
[^0][0-9]* processes using old versions of upgraded files'
Found 201 processes using old versions of upgraded files
8c3cad64d8b11f3acba4a856dcc915400d97380d is the first bad commit
commit 8c3cad64d8b11f3acba4a856dcc915400d97380d
Author: Javier Fernandez-Sanguino 
Date:   Mon Nov 6 22:43:26 2017 +0100

Provide machine readable output based on patch provided by Simon Ruderich

:100755 100755 52dbc70e0a143c6fdaeb0b567c0ae6cad3f947c0 
ee28021dc740b409b059f7fa1f9baa5f669f9be0 M  checkrestart
bisect run success

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Processed: Re: Bug#851506: cpanminus embeds other modules in fatpacked library

[Debian Bug Tracking System]

Processing control commands:

> found -1 1.7040-1
Bug #851506 [cpanminus] cpanminus embeds other modules in fatpacked library
Marked as found in versions cpanminus/1.7040-1.
> severity -1 serious
Bug #851506 [cpanminus] cpanminus embeds other modules in fatpacked library
Severity set to 'serious' from 'normal'

-- 
851506: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851506
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 882080

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 882080 + confirmed
Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 
0.77 finds no files to restart
Added tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#882080: debian-goodies: checkrestart from debian-goodies 0.77 finds no files to restart

[Debian Bug Tracking System]

Processing control commands:

> severity -1 serious
Bug #882080 [debian-goodies] debian-goodies: checkrestart from debian-goodies 
0.77 finds no files to restart
Severity set to 'serious' from 'important'

-- 
882080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881756: swi-prolog: FTBFS on mips: Build killed with signal TERM

[Lev Lamberov]

Hi James,

Пт 17 ноя 2017 @ 17:15 James Cowgill :
> IMO the best solution is to remove all the ATOMIC_GENERATION_HACK code
> and use libatomic, but this will take some porting work because
> swi-prolog uses the old __sync primitives everywhere.
>
> I have attached a hack which marks _generation and _last_generation as
> volatile. This seems to work but isn't a long term solution.

Thanks for your input! I've informed upstream about the issue you found
and your suggestions.

Regards,
Lev

Bug#882085: [cowsay] Package includes ASCII representation of Zoophilia

[Felicia Hummel]

Package: cowsay
Version: 3.03+dfsg2-3
Severity: critical

--- Please enter the report below this line. ---
The package cowsay includes an ASCII representation of Zoophilia. The
file in question is /usr/share/cowsay/cows/sodomized-sheep.cow

This is a legal issue in many countries. Even if it's not well-defined
by law if ASCII representations of Zoophilia are legal or not, I'd
rather prefer not to take a chance being involved in a lawsuit when such
a file could be found on my computer.

Please remove the file from the packages as soon as possible. Thank you.

All the best
Felicia
--- System information. ---
Architecture: Kernel:   Linux 4.9.0-3-amd64

Debian Release: buster/sid
  500 testing www.deb-multimedia.org   500 testing
ftp2.de.debian.org   500 testing devel.alephobjects.com   500
stable  repository.spotify.com   500 stable
repos.fds-team.de   500 stable  repo.skype.com   500 stable
repo.adminlounge.org   500 stable  dl.google.com   500
stable  deb.dovetail-automata.com   500 oldstable
ftp2.de.debian.org   100 jessie-backports ftp.de.debian.org
--- Package information. ---
Depends (Version) | Installed
=-+-===
libtext-charwidth-perl| 0.04-7.1
perl:any  |

Recommends  (Version) | Installed
=-+-===
cowsay-off| 3.03+dfsg2-3


Suggests  (Version) | Installed
===-+-===
filters |

Bug#878684: marked as done (python3-libxml2: Import fails in Python 3 with error about undefined symbol)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 18:24:30 +
with message-id 
and subject line Bug#878684: fixed in libxml2 2.9.4+dfsg1-5.1
has caused the Debian Bug report #878684,
regarding python3-libxml2: Import fails in Python 3 with error about undefined 
symbol
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-libxml2
Version: 2.9.4+dfsg1-5
Severity: important

python3-libmlx2 doesn't work:

$ python3
Python 3.6.3 (default, Oct  3 2017, 21:16:13) 
[GCC 7.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libxml2
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/libxml2.py", line 1, in 
import libxml2mod
ImportError: 
/usr/lib/python3/dist-packages/libxml2mod.cpython-36m-x86_64-linux-gnu.so: 
undefined symbol: _PyVerify_fd
>>>

Best regards,
Torquil Sørensen

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-libxml2 depends on:
ii  libc6 2.24-17
ii  libpython3.5  3.5.4-4
ii  libpython3.6  3.6.3-1
ii  libxml2   2.9.4+dfsg1-5
ii  python3   3.6.3-1

python3-libxml2 recommends no packages.

python3-libxml2 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.4+dfsg1-5.1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 878...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 16:39:04 +0100
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc 
python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-5.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group 
Changed-By: Salvatore Bonaccorso 
Closes: 855001 878684 88
Description: 
 libxml2- GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
 python3-libxml2 - Python3 bindings for the GNOME XML library
 python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug 
extension)
Changes:
 libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
 (Closes: #855001)
   * Check for integer overflow in memory debug code (CVE-2017-5130)
 (Closes: #88)
   * Fix copy-paste errors in error messages
   * python: remove single use of _PyVerify_fd (Closes: #878684)
Checksums-Sha1: 
 871bb7ee1f4aa0a11266fdd521f00c03d8b2878e 3131 libxml2_2.9.4+dfsg1-5.1.dsc
 e186b1e483df0dfe248dbb7e28c7304fa7d72a15 35444 
libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Checksums-Sha256: 
 7a43531fcb67956df3973605720b02c09044594c9e7434edb80d336449557826 3131 
libxml2_2.9.4+dfsg1-5.1.dsc
 0a900d807f5de69cb27ddca74db8d6bb83d37abcdfee1c9b2f8a8ddb7ea028f4 35444 
libxml2_2.9.4+dfsg1-5.1.debian.tar.xz
Files: 
 05e2a7b85132c0e38ecb5de2810559a5 3131 libs optional libxml2_2.9.4+dfsg1-5.1.dsc
 64e57ddc61b367103a34e2be4046dd37 35444 libs optional 
libxml2_2.9.4+dfsg1-5.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

Bug#879071: fixed in 0ad 0.0.22-2

[James Cowgill]

Hi,

On 18/11/17 16:41, Ludovic Rousseau wrote:
> 2017-11-18 17:28 GMT+01:00 James Cowgill :
>> On 18/11/17 16:21, Ludovic Rousseau wrote:
>>> 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen :
>>>
 [Ludovic Rousseau]
>  0ad (0.0.22-2) unstable; urgency=medium
>  .
>* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded
>  'abs(unsigned int)' is ambiguous" by removing support of armhf
>  (Closes: #879071)

 Note, this "fix" did not work, as there are armhf binaries in the
>> archive
 and the new version is not allowed to propagate into testing until the
 armhf binaries are updated to the latest version or removed.  Did you
 file a request for removal?

>>>
>>> Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on
>>> armhf"
>>>
>>> I am not sure it will be enough since the versions for arm64,
>>> kfreebsd-amd64 and kfreebsd-i386 must also be removed.
>>> Should I create 3 new bugs for the other 3 architectures?
>>
>> You can just retitle the original bug, with a message explaining the
>> situation (assuming it isn't closed before then).
>>
>> Currently we have:
>>  0ad | 0.0.21-2  | stretch | source, amd64, armhf, i386
>>  0ad | 0.0.21-2  | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386
>>  0ad | 0.0.22-3  | sid | source, amd64, i386
>>
>> So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd
>> doesn't affect testing migration in any case.
> 
> So bug #880058, as it is, will remove the armhf version and 0ad should then
> be able to migrate to testing.

Yes.

> I should _not_ file new bugs. Exact?

It probably doesn't matter much, but I think it's easier to retitle
existing bugs if you want to remove the kfreebsd-* binaries as well.

James



signature.asc
Description: OpenPGP digital signature

Bug#864927: marked as done (kde-l10n-sr and plasma-desktop-data: error when trying to install together)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 18:07:10 +
with message-id 
and subject line Bug#864927: fixed in kde-l10n 4:16.04.3-2
has caused the Debian Bug report #864927,
regarding kde-l10n-sr and plasma-desktop-data: error when trying to install 
together
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864927
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: plasma-desktop-data,kde-l10n-sr
Version: plasma-desktop-data/4:5.8.7.1-1
Version: kde-l10n-sr/4:16.04.3-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite

Date: 2017-06-17
Architecture: amd64
Distribution: sid

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:


Selecting previously unselected package liblz4-1:amd64.
(Reading database ... 11003 files and directories currently installed.)
Preparing to unpack .../liblz4-1_0.0~r131-2+b1_amd64.deb ...
Unpacking liblz4-1:amd64 (0.0~r131-2+b1) ...
Processing triggers for libc-bin (2.24-11) ...
Setting up liblz4-1:amd64 (0.0~r131-2+b1) ...
Processing triggers for libc-bin (2.24-11) ...
Selecting previously unselected package gcc-6-base:amd64.
(Reading database ... 11009 files and directories currently installed.)
Preparing to unpack .../gcc-6-base_6.3.0-18_amd64.deb ...
Unpacking gcc-6-base:amd64 (6.3.0-18) ...
Setting up gcc-6-base:amd64 (6.3.0-18) ...
(Reading database ... 11016 files and directories currently installed.)
Preparing to unpack .../aptitude_0.8.7-1_amd64.deb ...
Unpacking aptitude (0.8.7-1) over (0.6.10-1) ...
Preparing to unpack .../aptitude-common_0.8.7-1_all.deb ...
Unpacking aptitude-common (0.8.7-1) over (0.6.10-1) ...
Selecting previously unselected package libboost-system1.62.0:amd64.
Preparing to unpack .../libboost-system1.62.0_1.62.0+dfsg-4_amd64.deb ...
Unpacking libboost-system1.62.0:amd64 (1.62.0+dfsg-4) ...
Selecting previously unselected package libboost-filesystem1.62.0:amd64.
Preparing to unpack .../libboost-filesystem1.62.0_1.62.0+dfsg-4_amd64.deb ...
Unpacking libboost-filesystem1.62.0:amd64 (1.62.0+dfsg-4) ...
Selecting previously unselected package libboost-iostreams1.62.0:amd64.
Preparing to unpack .../libboost-iostreams1.62.0_1.62.0+dfsg-4_amd64.deb ...
Unpacking libboost-iostreams1.62.0:amd64 (1.62.0+dfsg-4) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for libc-bin (2.24-11) ...
(Reading database ... 11028 files and directories currently installed.)
Removing libcwidget3:amd64 (0.5.17-1) ...
Removing libsigc++-2.0-0c2a:amd64 (2.4.1-1) ...
Selecting previously unselected package libsigc++-2.0-0v5:amd64.
(Reading database ... 10975 files and directories currently installed.)
Preparing to unpack .../libsigc++-2.0-0v5_2.10.0-1_amd64.deb ...
Unpacking libsigc++-2.0-0v5:amd64 (2.10.0-1) ...
Selecting previously unselected package libcwidget3v5:amd64.
Preparing to unpack .../libcwidget3v5_0.5.17-4+b1_amd64.deb ...
Unpacking libcwidget3v5:amd64 (0.5.17-4+b1) ...
Selecting previously unselected package libxapian30:amd64.
Preparing to unpack .../libxapian30_1.4.3-2_amd64.deb ...
Unpacking libxapian30:amd64 (1.4.3-2) ...
Preparing to unpack .../libstdc++6_6.3.0-18_amd64.deb ...
Unpacking libstdc++6:amd64 (6.3.0-18) over (4.8.2-19) ...
Processing triggers for libc-bin (2.24-11) ...
Setting up libstdc++6:amd64 (6.3.0-18) ...
Processing triggers for libc-bin (2.24-11) ...
Selecting previously unselected package libapt-inst2.0:amd64.
(Reading database ... 11050 files and directories currently installed.)
Preparing to unpack .../libapt-inst2.0_1.4.6_amd64.deb ...
Unpacking libapt-inst2.0:amd64 (1.4.6) ...
Selecting previously unselected package libdb5.3:amd64.
Preparing to unpack .../libdb5.3_5.3.28-12+b1_amd64.deb ...
Unpacking libdb5.3:amd64 (5.3.28-12+b1) ...
Preparing to unpack .../apt-utils_1.4.6_amd64.deb ...
Unpacking apt-utils (1.4.6) over (0.9.15.5) ...
Preparing to unpack .../archives/apt_1.4.6_amd64.deb ...
Unpacking apt (1.4.6) over (1.0.4) ...
Selecting previously unselected package libapt-pkg5.0:amd64.
Preparing to unpack .../libapt-pkg5.0_1.4.6_amd64.deb ...
Unpacking libapt-pkg5.0:amd64 (1.4.6) ...
Processing triggers for libc-bin (2.24-11) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libapt-pkg5.0:amd64 (1.4.6) ...
Processing triggers for libc-bin (2.24-11) ...
Selecting previously unselected package libdouble-conversion1:amd64.
(Reading database ... 11169 

Bug#859786: marked as done (vtun: Please migrate to openssl1.1 in Buster)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 17:20:59 +
with message-id 
and subject line Bug#859786: fixed in vtun 3.0.3-4
has caused the Debian Bug report #859786,
regarding vtun: Please migrate to openssl1.1 in Buster
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
859786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859786
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vtun
Version: 3.0.3-3
Severity: important
Tags: sid buster
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-1.1-trans

Please migrate to libssl-dev in the Buster cycle. The bug report about
the FTBFS is #828596. The log of the FTBFS can be found at

https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/vtun_3.0.3-2.2_amd64-20160529-1551

Sebastian
--- End Message ---
--- Begin Message ---
Source: vtun
Source-Version: 3.0.3-4

We believe that the bug you reported is fixed in the latest version of
vtun, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Borowski  (supplier of updated vtun package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 17:38:39 +0100
Source: vtun
Binary: vtun
Architecture: source
Version: 3.0.3-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Adam Borowski 
Description:
 vtun   - virtual tunnel over TCP/IP networks
Closes: 859786
Changes:
 vtun (3.0.3-4) unstable; urgency=medium
 .
   * QA upload.
   * Fix FTBFS with OpenSSL 1.1 and switch to it, patch by Chris West.
 Closes: #859786.
   * dh compat 10.
Checksums-Sha1:
 86d8b8374e1f80427321c21961bb89a2899276c4 1768 vtun_3.0.3-4.dsc
 8c10a36b1a08d5a34c0493361af88ada41dfea6c 27588 vtun_3.0.3-4.debian.tar.xz
 ffb41d8b04d7a21c112da0560e1db853d70cc478 5344 vtun_3.0.3-4_source.buildinfo
Checksums-Sha256:
 4a668cf73311729bf41ea2c48c116c5bbf3084e3257479b11866b7531e56a05a 1768 
vtun_3.0.3-4.dsc
 282ee44b58c182bc23b18a8d6e4fb36d07e3cc2b3a2b742c9695391cee52bd04 27588 
vtun_3.0.3-4.debian.tar.xz
 2bfd6786e6d721f08c1936b9f0d8ad3efa06d05836e551218b1e1700a4e5d2c9 5344 
vtun_3.0.3-4_source.buildinfo
Files:
 fb934f0f4e744946aceea297c954bddd 1768 net optional vtun_3.0.3-4.dsc
 b0f31102381fac82c29597f2b5b56165 27588 net optional vtun_3.0.3-4.debian.tar.xz
 1ccd089ca6312683250eb1b5166612cd 5344 net optional 
vtun_3.0.3-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEkjZVexcMh/iCHArDweDZLphvfH4FAloQYmAUHGtpbG9ieXRl
QGFuZ2JhbmQucGwACgkQweDZLphvfH4AXBAAwf/Lm1y9N1KmvTswNyJoJGEA2zIe
rc77CPPlz0cPcXBCgnoV099hwpcFosWOjE1ocDNnqXwIZhXi3Tr0d8v1nsGwrO0P
XLlLw5c4yq46r+SFr8hX3R/Oee+/rHCJvqaBm/umbw2Wqq04Ff47it022go3+Ouc
mS52LdqL+om0Sxfka0dOz+t0fUVF8nF0LnibbiqP44LJGv0D5zbAsp5UuDop3uRs
dMSkECKIBtbXpmaTOX3vgevQxuno1C5vtFwDjKv4gq4MNVGscw+Dis+wQmOWrOSC
9IA68FTTmpCnD5f7ZEEKUxSrRsmHUH6v3C6Wn3B898K6ErUYM9LRuxnN4KnOwVNN
gwmyUcD1ZEAiW1z7Fj1+QPfJ5bLskkbQ2PbciUDYIDREU3/vuFoPUMbQWVRCdlEg
UEpauDtHjMWwbppxPnIiewuWcAyv17j/9WMgri5byh1RBdSPDNoxiEdoUy6O3wdh
3QfZhQ/lddyQfyhfSi5IHLsOuedeq+Nkw0pS1yZnRkXU7jv/0Jp4KA5d9AqnKeLG
85Mgc9X/yJbB1S12WH4pTlunw55rRXQoLsYpEB3t85UnTQ2lZMc5ukfJ9MAhKdld
NVijmRbvzIQPSoWeJgeqfNdmlQ/8xkZFBi2v/Y2qUo+en95DjXyzn1mAQIjcg+Eg
JbJg4WnC7EauKeQ=
=9lL5
-END PGP SIGNATURE End Message ---

Bug#882052: byte-buddy: missing build dependency on libeclipse-aether-java

[Emmanuel Bourg]

Good catch. Actually it should depend on maven-resolver, eclipse-aether is 
about to be removed.
Emmanuel Bourg

Bug#879071: fixed in 0ad 0.0.22-2

[Ludovic Rousseau]

2017-11-18 17:28 GMT+01:00 James Cowgill :

> Hi,
>
> On 18/11/17 16:21, Ludovic Rousseau wrote:
> > Hello,
> >
> > 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen :
> >
> >> [Ludovic Rousseau]
> >>>  0ad (0.0.22-2) unstable; urgency=medium
> >>>  .
> >>>* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded
> >>>  'abs(unsigned int)' is ambiguous" by removing support of armhf
> >>>  (Closes: #879071)
> >>
> >> Note, this "fix" did not work, as there are armhf binaries in the
> archive
> >> and the new version is not allowed to propagate into testing until the
> >> armhf binaries are updated to the latest version or removed.  Did you
> >> file a request for removal?
> >>
> >
> > Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on
> > armhf"
> >
> > I am not sure it will be enough since the versions for arm64,
> > kfreebsd-amd64 and kfreebsd-i386 must also be removed.
> > Should I create 3 new bugs for the other 3 architectures?
>
> You can just retitle the original bug, with a message explaining the
> situation (assuming it isn't closed before then).
>
> Currently we have:
>  0ad | 0.0.21-2  | stretch | source, amd64, armhf, i386
>  0ad | 0.0.21-2  | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386
>  0ad | 0.0.22-3  | sid | source, amd64, i386
>
> So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd
> doesn't affect testing migration in any case.
>

So bug #880058, as it is, will remove the armhf version and 0ad should then
be able to migrate to testing.
I should _not_ file new bugs. Exact?

Thanks

-- 
 Dr. Ludovic Rousseau

Bug#881915: libidn FTBFS with gtk-doc-tools 1.26: gtkdoc-mktmpl is no longer available

[Adrian Bunk]

On Sat, Nov 18, 2017 at 09:36:58AM +0100, Helmut Grohne wrote:
>...
> +override_dh_autoreconf:
> + rm -f gtk-doc.make
> + gtkdocize
> + dh_autoreconf
>...

The "rm -f gtk-doc.make" has to be done when cleaning,
not in autoreconf.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#879071: fixed in 0ad 0.0.22-2

[James Cowgill]

Hi,

On 18/11/17 16:21, Ludovic Rousseau wrote:
> Hello,
> 
> 2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen :
> 
>> [Ludovic Rousseau]
>>>  0ad (0.0.22-2) unstable; urgency=medium
>>>  .
>>>* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded
>>>  'abs(unsigned int)' is ambiguous" by removing support of armhf
>>>  (Closes: #879071)
>>
>> Note, this "fix" did not work, as there are armhf binaries in the archive
>> and the new version is not allowed to propagate into testing until the
>> armhf binaries are updated to the latest version or removed.  Did you
>> file a request for removal?
>>
> 
> Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on
> armhf"
> 
> I am not sure it will be enough since the versions for arm64,
> kfreebsd-amd64 and kfreebsd-i386 must also be removed.
> Should I create 3 new bugs for the other 3 architectures?

You can just retitle the original bug, with a message explaining the
situation (assuming it isn't closed before then).

Currently we have:
 0ad | 0.0.21-2  | stretch | source, amd64, armhf, i386
 0ad | 0.0.21-2  | sid | source, armhf, kfreebsd-amd64, kfreebsd-i386
 0ad | 0.0.22-3  | sid | source, amd64, i386

So I think only armhf and kfreebsd-* need removing (not arm64). kfreebsd
doesn't affect testing migration in any case.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#879071: fixed in 0ad 0.0.22-2

[Ludovic Rousseau]

Hello,

2017-11-18 6:21 GMT+01:00 Petter Reinholdtsen :

> [Ludovic Rousseau]
> >  0ad (0.0.22-2) unstable; urgency=medium
> >  .
> >* Fix "0ad FTBFS with on armhf with gcc 7: error: call of overloaded
> >  'abs(unsigned int)' is ambiguous" by removing support of armhf
> >  (Closes: #879071)
>
> Note, this "fix" did not work, as there are armhf binaries in the archive
> and the new version is not allowed to propagate into testing until the
> armhf binaries are updated to the latest version or removed.  Did you
> file a request for removal?
>

Adrian Bunk filed bug #880058 "RM: 0ad [armhf] -- NBS; no longer built on
armhf"

I am not sure it will be enough since the versions for arm64,
kfreebsd-amd64 and kfreebsd-i386 must also be removed.
Should I create 3 new bugs for the other 3 architectures?

This bug just caused 0ad to be removed from testing.
>

Yes. I saw that.
Thanks

-- 
 Dr. Ludovic Rousseau

Bug#881986: marked as done (python-kafka FTBFS with python-lz4 0.10.1)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 16:19:26 +
with message-id 
and subject line Bug#881986: fixed in python-kafka 1.3.3-3
has caused the Debian Bug report #881986,
regarding python-kafka FTBFS with python-lz4 0.10.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-kafka
Version: 1.3.3-2
Severity: serious

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-kafka.html

...
=== FAILURES ===
_ test_lz4_old _

@pytest.mark.skipif(not has_lz4() or platform.python_implementation() == 
'PyPy',
reason="python-lz4 crashes on old versions of pypy")
def test_lz4_old():
for i in xrange(1000):
b1 = random_string(100).encode('utf-8')
>   b2 = lz4_decode_old_kafka(lz4_encode_old_kafka(b1))

test/test_codec.py:101: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

payload = 
'eEHdGSeNDtPGdsFoZBWbyPtfiLuqDexMGJjalmLGbflCQlRlJSUkIOlNjprhcByztKullDShkZWcZmimcirvBRYfVAaABLjGAaPy'

def lz4_encode_old_kafka(payload):
"""Encode payload for 0.8/0.9 brokers -- requires an incorrect header 
checksum."""
>   assert xxhash is not None
E   AssertionError

kafka/codec.py:229: AssertionError
== 1 failed, 231 passed, 81 skipped in 21.66 seconds ===
debian/rules:14: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 1
--- End Message ---
--- Begin Message ---
Source: python-kafka
Source-Version: 1.3.3-3

We believe that the bug you reported is fixed in the latest version of
python-kafka, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand  (supplier of updated python-kafka package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 17 Nov 2017 12:11:12 +
Source: python-kafka
Binary: python-kafka python-kafka-doc python3-kafka
Architecture: source all
Version: 1.3.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack 
Changed-By: Thomas Goirand 
Description:
 python-kafka - Pure Python client for Apache Kafka - Python 2.x
 python-kafka-doc - Pure Python client for Apache Kafka - doc
 python3-kafka - Pure Python client for Apache Kafka - Python 3.x
Closes: 881986
Changes:
 python-kafka (1.3.3-3) unstable; urgency=medium
 .
   * Add remove-old-lz4-test.patch (Closes: #881986).
Checksums-Sha1:
 5ab09511e09bcd3900069bca4775d8eb460613f6 2533 python-kafka_1.3.3-3.dsc
 42d0203b190495876289dad52aa19f6f8c5eb01b 4900 
python-kafka_1.3.3-3.debian.tar.xz
 88adabb3a1757632a1e17b38447d4256e37ed964 216072 
python-kafka-doc_1.3.3-3_all.deb
 a4d578e323682ef0dc4d7822929d6101ff82d808 140636 python-kafka_1.3.3-3_all.deb
 1417cd870dfdeaf9b2cd21b63577d4e75df65e9f 10124 
python-kafka_1.3.3-3_amd64.buildinfo
 360bf8cef59437a64995d68417b012142406d48f 140724 python3-kafka_1.3.3-3_all.deb
Checksums-Sha256:
 37f3c051ef025ade1a67e85ee10ba2bd85125ad212b88bc06b0e3df2c7ad1aff 2533 
python-kafka_1.3.3-3.dsc
 678cb957f5ca9432393a2884299b2ec160850757b18a24a8fd19c74d1c496dde 4900 
python-kafka_1.3.3-3.debian.tar.xz
 77d1f7b45f32790b7ca3bb3cbf1773a65236141718363a7f0b420689c1c9834e 216072 
python-kafka-doc_1.3.3-3_all.deb
 1dc5535a4fac6f12d1cc102608632720556c2b949e77f03f44550e7909e136c4 140636 
python-kafka_1.3.3-3_all.deb
 395cf8064d0dda6d20b4111b03215fe089acd9ce34cff1b6de92e8de30ba8438 10124 
python-kafka_1.3.3-3_amd64.buildinfo
 15fe0389e9ce4f64414297c46ffaac32802b1c9b948ee37a952f7c47cecf2291 140724 
python3-kafka_1.3.3-3_all.deb
Files:
 939b2eb036e1badd1b8d29a39e90defd 2533 python optional python-kafka_1.3.3-3.dsc
 c89b1b55a26ed20d974cc261ac2300d6 4900 python optional 
python-kafka_1.3.3-3.debian.tar.xz
 

Bug#882075: ffmpeg: sometimes FTBFS on i386

[James Cowgill]

Source: ffmpeg
Version: 7:3.4-1
Severity: serious
Tags: sid buster

And just after I upload 3.4-3...

ffmpeg 3.4 sometimes FTBFS on i386, possibly due to some hardware
specific thing. It has worked on the buildds so far, but sometimes fails
on the ubuntu builders and in reproducible builds with checkasm errors
(although often rebuilding helps):

> Test checkasm-float_dsp failed. Look at 
> tests/data/fate/checkasm-float_dsp.err for details.
> checkasm: using random seed 2642491962
> SSE:
>  - float_dsp.vector_fmul [OK]
>  - float_dsp.vector_fmac [OK]
>  - float_dsp.butterflies_float   [OK]
>  - float_dsp.scalarproduct_float [OK]
> 93: -53.395181798898 - -53.395181798898 = -7.1054273576e-15
> SSE2:
>vector_dmul_scalar_sse2 (float_dsp.c:171)
>  - float_dsp.vector_dmul [FAILED]
>  - float_dsp.vector_dmac [OK]
> AVX:
>  - float_dsp.vector_fmul [OK]
>  - float_dsp.vector_fmac [OK]
>  - float_dsp.vector_dmul [OK]
>  - float_dsp.vector_dmac [OK]
> FMA3:
>  - float_dsp.vector_fmul [OK]
>  - float_dsp.vector_fmac [OK]
>  - float_dsp.vector_dmac [OK]
> AVX2:
>  - float_dsp.vector_fmul [OK]
> checkasm: 1 of 20 tests have failed
> /build/1st/ffmpeg-3.4/tests/Makefile:225: recipe for target 
> 'fate-checkasm-float_dsp' failed

James



signature.asc
Description: OpenPGP digital signature

Processed: Bug#881986 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 881986 pending
Bug #881986 [src:python-kafka] python-kafka FTBFS with python-lz4 0.10.1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881986: marked as pending

[Thomas Goirand]

tag 881986 pending
thanks

Hello,

Bug #881986 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/openstack/python/python-kafka.git/commit/?id=5b85859

---
commit 5b858592150e85ba1efa62ec485e3ab1358a4669
Author: Thomas Goirand 
Date:   Fri Nov 17 12:11:16 2017 +

Add remove-old-lz4-test.patch (Closes: #881986).

diff --git a/debian/changelog b/debian/changelog
index 5633ec7..4b53927 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-kafka (1.3.3-3) unstable; urgency=medium
+
+  * Add remove-old-lz4-test.patch (Closes: #881986).
+
+ -- Thomas Goirand   Fri, 17 Nov 2017 12:11:12 +
+
 python-kafka (1.3.3-2) unstable; urgency=medium
 
   * Uploading to unstable (Closes: #834033).

Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1

[Debian Bug Tracking System]

Processing control commands:

> tags 855001 + patch
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Ignoring request to alter tags of bug #855001 to the same tags previously set
> tags 855001 + pending
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Ignoring request to alter tags of bug #855001 to the same tags previously set
> tags 878684 + patch
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Ignoring request to alter tags of bug #878684 to the same tags previously set
> tags 878684 + pending
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Ignoring request to alter tags of bug #878684 to the same tags previously set
> tags 88 + pending
Bug #88 [src:libxml2] libxml2: CVE-2017-5130
Ignoring request to alter tags of bug #88 to the same tags previously set

-- 
855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684
88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1

[Debian Bug Tracking System]

Processing control commands:

> tags 855001 + patch
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Added tag(s) patch.
> tags 855001 + pending
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Added tag(s) pending.
> tags 878684 + patch
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Added tag(s) patch.
> tags 878684 + pending
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Added tag(s) pending.
> tags 88 + pending
Bug #88 [src:libxml2] libxml2: CVE-2017-5130
Added tag(s) pending.

-- 
855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684
88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#878684: libxml2: diff for NMU version 2.9.4+dfsg1-5.1

[Salvatore Bonaccorso]

Control: tags 855001 + patch
Control: tags 855001 + pending
Control: tags 878684 + patch
Control: tags 878684 + pending
Control: tags 88 + pending

Dear maintainer,

I've prepared an NMU for libxml2 (versioned as 2.9.4+dfsg1-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru libxml2-2.9.4+dfsg1/debian/changelog libxml2-2.9.4+dfsg1/debian/changelog
--- libxml2-2.9.4+dfsg1/debian/changelog	2017-10-15 02:18:26.0 +0200
+++ libxml2-2.9.4+dfsg1/debian/changelog	2017-11-18 16:39:04.0 +0100
@@ -1,3 +1,15 @@
+libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
+(Closes: #855001)
+  * Check for integer overflow in memory debug code (CVE-2017-5130)
+(Closes: #88)
+  * Fix copy-paste errors in error messages
+  * python: remove single use of _PyVerify_fd (Closes: #878684)
+
+ -- Salvatore Bonaccorso   Sat, 18 Nov 2017 16:39:04 +0100
+
 libxml2 (2.9.4+dfsg1-5) unstable; urgency=medium
 
   * Team upload.
diff -Nru libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch
--- libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch	1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.4+dfsg1/debian/patches/0014-Fix-NULL-pointer-deref-in-xmlDumpElementContent.patch	2017-11-18 16:39:04.0 +0100
@@ -0,0 +1,65 @@
+From: Daniel Veillard 
+Date: Wed, 7 Jun 2017 16:47:36 +0200
+Subject: Fix NULL pointer deref in xmlDumpElementContent
+Origin: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
+Bug-Debian: https://bugs.debian.org/855001
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5969
+
+Can only be triggered in recovery mode.
+
+Fixes bug 758422 (CVE-2017-5969).
+---
+ valid.c | 24 ++--
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/valid.c b/valid.c
+index 9b2df56a..8075d3a0 100644
+--- a/valid.c
 b/valid.c
+@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
+ 	xmlBufferWriteCHAR(buf, content->name);
+ 	break;
+ 	case XML_ELEMENT_CONTENT_SEQ:
+-	if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	(content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	if ((content->c1 != NULL) &&
++	((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	 (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " , ");
+-	if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
+-	((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	if ((content->c2 != NULL) &&
++	((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
++	 ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	else
+ 		xmlDumpElementContent(buf, content->c2, 0);
+ 	break;
+ 	case XML_ELEMENT_CONTENT_OR:
+-	if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
+-	(content->c1->type == XML_ELEMENT_CONTENT_SEQ))
++	if ((content->c1 != NULL) &&
++	((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
++	 (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
+ 		xmlDumpElementContent(buf, content->c1, 1);
+ 	else
+ 		xmlDumpElementContent(buf, content->c1, 0);
+ xmlBufferWriteChar(buf, " | ");
+-	if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
+-	((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
+-		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
++	if ((content->c2 != NULL) &&
++	((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
++	 ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
++		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE
+ 		xmlDumpElementContent(buf, content->c2, 1);
+ 	else
+ 		xmlDumpElementContent(buf, content->c2, 0);
+-- 
+2.15.0
+
diff -Nru libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch
--- libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch	1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.4+dfsg1/debian/patches/0015-Check-for-integer-overflow-in-memory-debug-code.patch	2017-11-18 16:39:04.0 +0100
@@ -0,0 +1,63 @@
+From: Nick Wellnhofer 
+Date: Tue, 6 Jun 2017 13:21:14 +0200
+Subject: Check for integer overflow in memory debug code

Processed: libxml2: diff for NMU version 2.9.4+dfsg1-5.1

[Debian Bug Tracking System]

Processing control commands:

> tags 855001 + patch
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Ignoring request to alter tags of bug #855001 to the same tags previously set
> tags 855001 + pending
Bug #855001 [libxml2] CVE-2017-5969: libxml2: null pointer dereference when 
parsing a xml file using recover mode
Ignoring request to alter tags of bug #855001 to the same tags previously set
> tags 878684 + patch
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Ignoring request to alter tags of bug #878684 to the same tags previously set
> tags 878684 + pending
Bug #878684 [python3-libxml2] python3-libxml2: Import fails in Python 3 with 
error about undefined symbol
Ignoring request to alter tags of bug #878684 to the same tags previously set
> tags 88 + pending
Bug #88 [src:libxml2] libxml2: CVE-2017-5130
Ignoring request to alter tags of bug #88 to the same tags previously set

-- 
855001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
878684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878684
88: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881598: marked as done (ironic-inspector: fails to install: ValueError: invalid literal for int() with base 10: 'ironic_inspector.sqlite')

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 15:49:31 +
with message-id 
and subject line Bug#881598: fixed in ironic-inspector 6.0.0-1
has caused the Debian Bug report #881598,
regarding ironic-inspector: fails to install: ValueError: invalid literal for 
int() with base 10: 'ironic_inspector.sqlite'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881598
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ironic-inspector
Version: 4.2.0-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.

>From the attached log (scroll to the bottom...):

  Selecting previously unselected package ironic-inspector.
  (Reading database ... 
(Reading database ... 16887 files and directories currently installed.)
  Preparing to unpack .../ironic-inspector_4.2.0-2_all.deb ...
  Unpacking ironic-inspector (4.2.0-2) ...
  Setting up ironic-inspector (4.2.0-2) ...
  Traceback (most recent call last):
File "/usr/bin/ironic-inspector-dbsync", line 10, in 
  sys.exit(main())
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line 
94, in main
  CONF.command.func(config, CONF.command.name)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line 
77, in with_revision
  do_alembic_command(config, cmd, revision)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/dbsync.py", line 
82, in do_alembic_command
  getattr(alembic_command, cmd)(config, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/alembic/command.py", line 254, in 
upgrade
  script.run_env()
File "/usr/lib/python2.7/dist-packages/alembic/script/base.py", line 425, 
in run_env
  util.load_python_file(self.dir, 'env.py')
File "/usr/lib/python2.7/dist-packages/alembic/util/pyfiles.py", line 93, 
in load_python_file
  module = load_module_py(module_id, path)
File "/usr/lib/python2.7/dist-packages/alembic/util/compat.py", line 75, in 
load_module_py
  mod = imp.load_source(module_id, path, fp)
File "/usr/lib/python2.7/dist-packages/ironic_inspector/migrations/env.py", 
line 18, in 
  from ironic_inspector import db
File "/usr/lib/python2.7/dist-packages/ironic_inspector/db.py", line 44, in 

  'ironic_inspector.sqlite')
File "/usr/lib/python2.7/dist-packages/oslo_db/options.py", line 193, in 
set_defaults
  conf.set_default('max_pool_size', max_pool_size, group='database')
File "/usr/lib/python2.7/dist-packages/debtcollector/removals.py", line 
261, in wrapper
  return f(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2402, in 
__inner
  result = f(self, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2752, in 
set_default
  opt_info['opt'], default, enforce_type)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 2758, in 
_get_enforced_type_value
  converted = self._convert_value(value, opt)
File "/usr/lib/python2.7/dist-packages/oslo_config/cfg.py", line 3036, in 
_convert_value
  return opt.type(value)
File "/usr/lib/python2.7/dist-packages/oslo_config/types.py", line 282, in 
__call__
  value = self.num_type(value)
  ValueError: invalid literal for int() with base 10: 'ironic_inspector.sqlite'
  dpkg: error processing package ironic-inspector (--configure):
   installed ironic-inspector package post-installation script subprocess 
returned error exit status 1
  Errors were encountered while processing:
   ironic-inspector


cheers,

Andreas


ironic-inspector_4.2.0-2.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: ironic-inspector
Source-Version: 6.0.0-1

We believe that the bug you reported is fixed in the latest version of
ironic-inspector, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand  (supplier of updated ironic-inspector package)

(This message was generated automatically at their request; if you

Processed: reassign 882069 to src:python-cryptography, forcibly merging 882069 882011 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 882069 src:python-cryptography
Bug #882069 [python3-keyring] python3-keyring: ModuleNotFoundError: No module 
named '_cffi_backend'
Bug reassigned from package 'python3-keyring' to 'src:python-cryptography'.
No longer marked as found in versions python-keyring/10.4.0-1.
Ignoring request to alter fixed versions of bug #882069 to the same values 
previously set
> forcemerge 882069 882011
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No 
module named '_cffi_backend'
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No 
module named '_cffi_backend'
Marked as fixed in versions python-cryptography/2.1.3-2.
Marked as found in versions python-cryptography/2.1.3-1.
Bug #882016 {Done: Tristan Seligmann } 
[src:python-cryptography] python-cryptography: no longer depends on 
cffi-backend and enum, programs fail to start
Severity set to 'normal' from 'serious'
Severity set to 'normal' from 'serious'
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions python-cryptography/2.1.3-2.
No longer marked as fixed in versions python-cryptography/2.1.3-2.
Removed indication that 882016 affects python-cryptography and 
python3-cryptography
Removed indication that 882011 affects python3-cryptography and 
python-cryptography
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on 
cffi-backend and enum, programs fail to start
Marked as fixed in versions python-cryptography/2.1.3-2.
Marked as fixed in versions python-cryptography/2.1.3-2.
Merged 882011 882016 882069
> retitle 882069 python-cryptography: missing dependencies
Bug #882069 [src:python-cryptography] python3-keyring: ModuleNotFoundError: No 
module named '_cffi_backend'
Bug #882011 [src:python-cryptography] python-cryptography: no longer depends on 
cffi-backend and enum, programs fail to start
Bug #882016 [src:python-cryptography] python-cryptography: no longer depends on 
cffi-backend and enum, programs fail to start
Changed Bug title to 'python-cryptography: missing dependencies' from 
'python3-keyring: ModuleNotFoundError: No module named '_cffi_backend''.
Changed Bug title to 'python-cryptography: missing dependencies' from 
'python-cryptography: no longer depends on cffi-backend and enum, programs fail 
to start'.
Changed Bug title to 'python-cryptography: missing dependencies' from 
'python-cryptography: no longer depends on cffi-backend and enum, programs fail 
to start'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
882011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882011
882016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882016
882069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881598: marked as pending

[Thomas Goirand]

tag 881598 pending
thanks

Hello,

Bug #881598 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/openstack/services/ironic-inspector.git/commit/?id=5006834

---
commit 5006834e1a09cfd82adf1ceeca5eb360f1f3837f
Author: Thomas Goirand 
Date:   Sat Nov 18 15:25:19 2017 +

Changelog closes #881598

diff --git a/debian/changelog b/debian/changelog
index 355b63e..26a6447 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,7 +7,8 @@ ironic-inspector (6.0.0-1) unstable; urgency=medium
   * Running wrap-and-sort -bast.
   * Standards-Version: 4.1.1.
   * Deprecating priority extra as per policy 4.0.1.
-  * New upstream release.
+  * New upstream release:
+- Can (again) be installed without crashing (Closes: #881598).
   * Fixed (build-)depends for this release.
   * Rebase patch.
   * Do not add python-pydot3 and python-construct as b-d, as that's for the doc

Processed: Bug#881598 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 881598 pending
Bug #881598 [ironic-inspector] ironic-inspector: fails to install: ValueError: 
invalid literal for int() with base 10: 'ironic_inspector.sqlite'
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881598: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881598
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#881929: waterfox or Pale Moon?

[Adam Borowski]

Considering how completely, utterly broken new Firefox is, I have some
doubts whether it'll reach a basic level of usability before Buster.

Thus, it looks likely that someone would upload Waterfox, Pale Moon or
Basilisk, thus there's no need to haste to remove addons for non-crippled
versions of Firefox.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...

Bug#881445: marked as done (ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj)

[Debian Bug Tracking System]

Your message dated Sat, 18 Nov 2017 15:06:17 +
with message-id 
and subject line Bug#881445: fixed in ruby-ox 2.8.2-1
has caused the Debian Bug report #881445,
regarding ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
881445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-ox
Version: 2.1.1-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ohler55/ox/issues/194

Hi,

the following vulnerability was published for ruby-ox.

Rationale for RC severity: think the issue warrants to be adressed for
the next stable release. The issue itself possibly though does not
warrant a DSA on it's own for stretch and jessie.

CVE-2017-15928[0]:
| In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation
| fault when a crafted input is supplied to parse_obj. NOTE: the vendor
| has stated "Ox should handle the error more gracefully" but has not
| confirmed a security implication.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15928
[1] https://github.com/ohler55/ox/issues/194
[2] 
https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-ox
Source-Version: 2.8.2-1

We believe that the bug you reported is fixed in the latest version of
ruby-ox, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cédric Boutillier  (supplier of updated ruby-ox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 18 Nov 2017 15:04:44 +0100
Source: ruby-ox
Binary: ruby-ox
Architecture: source
Version: 2.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Cédric Boutillier 
Description:
 ruby-ox- fast XML parser and object serializer
Closes: 881445
Changes:
 ruby-ox (2.8.2-1) unstable; urgency=medium
 .
   * New upstream version 2.8.2
 + fix CVE-2017-15928: segmentation fault in parse_obj
   (Closes: #881445)
   * Remove version in the gem2deb build-dependency
   * Use https:// in Vcs-* fields
   * Run wrap-and-sort on packaging files
   * Bump Standards-Version to 4.1.1 (no changes needed)
   * Bump debhelper compatibility level to 10
   * Refresh 000-fix-so-load-path.patch
Checksums-Sha1:
 4ad78c2a88cbe629c7ca068fb0b176722ab1cc68 1607 ruby-ox_2.8.2-1.dsc
 3bcb0ee7fd0d7e18c4fe67ec6296a42b3c0e0ca9 79209 ruby-ox_2.8.2.orig.tar.gz
 904b96d86ab63d8052a8603b4a2855b08e2dc9e0 3188 ruby-ox_2.8.2-1.debian.tar.xz
 3f62f2ed914c0a17f790a41a8da5e7796ccff36e 6137 ruby-ox_2.8.2-1_source.buildinfo
Checksums-Sha256:
 d55dcafa972fee1ba6e9b78bb580640151588420f718a5cdf8782f2704ce18f6 1607 
ruby-ox_2.8.2-1.dsc
 0d0bbc69677a204fbe295c3443ddb0fa893e3647b26794c3ca5d5d87ae21f6f4 79209 
ruby-ox_2.8.2.orig.tar.gz
 66ee937680c908e36bb3011db5a110b6cc5b000d5c2bd6555824e489303a838b 3188 
ruby-ox_2.8.2-1.debian.tar.xz
 76f6dca2321b06ef6dc8008eaa9b95f20948c6865e6a2f54a74702d389c1c1de 6137 
ruby-ox_2.8.2-1_source.buildinfo
Files:
 168c8852e890450d5fc1989b1b04c40d 1607 ruby optional ruby-ox_2.8.2-1.dsc
 6e16022002fe0701aafa6bfc71b2d3ae 79209 ruby optional ruby-ox_2.8.2.orig.tar.gz
 ecc166ac9a03c5d7527a14d7cf807bd8 3188 ruby optional 
ruby-ox_2.8.2-1.debian.tar.xz
 9e72028599d5c003c306fb7181cadc37 6137 ruby optional 
ruby-ox_2.8.2-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCgAdFiEEnM1rMZ2/jkCrGr0aia+CtznNIXoFAloQP8QACgkQia+CtznN
IXoM8ggAlvZTDQ3CimHdk/EIGWHNqz1QoxuAS4vk3IAIGi0Lzfb8J7wX9e4mj1ed
rIef72BcYue/uzUgwHWPEoua2H/3Wej0oR1IgZzOpTq/5w2j+SEbcBMGYI9ScMO3

Bug#881630: vdr-plugin-xineliboutput: FTBFS with multiarchified xine-lib-1.2 >= 1.2.6-2

[Holger Schröder]

works :)

thanks...

Bug#824827: mixmaster: hold on..

[Colin Tuckley]

On 18/11/17 14:04, Nomen Nescio wrote:

> You continue to misunderstand the bug report.  This is not a feature
> request for 4k key support.

I know that. What you fail to realise is that the mixmaster
*specification* makes no mention of 4k keys!

Bug#881445: marked as pending

[Cédric Boutillier]

tag 881445 pending
thanks

Hello,

Bug #881445 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-ox.git/commit/?id=e4020d4

---
commit e4020d4e4c45e863e36894751b771f2c17a4cdeb
Author: Cédric Boutillier 
Date:   Thu Nov 16 23:59:28 2017 +0100

prepare changelog

diff --git a/debian/changelog b/debian/changelog
index bf15abb..9e6868c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+ruby-ox (2.8.2-1) unstable; urgency=medium
+
+  * New upstream version 2.8.2
++ fix CVE-2017-15928: segmentation fault in parse_obj
+  (Closes: #881445)
+  * Remove version in the gem2deb build-dependency
+  * Use https:// in Vcs-* fields
+  * Run wrap-and-sort on packaging files
+  * Bump Standards-Version to 4.1.1 (no changes needed)
+  * Bump debhelper compatibility level to 10
+  * Refresh 000-fix-so-load-path.patch
+
+ -- Cédric Boutillier   Sat, 18 Nov 2017 15:04:44 +0100
+
 ruby-ox (2.1.1-2) unstable; urgency=medium
 
   * Team upload.

Processed: Bug#881445 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 881445 pending
Bug #881445 [src:ruby-ox] ruby-ox: CVE-2017-15928: Segmentation fault in the 
parse_obj
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
881445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems