Package: gsoap
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2020-13574
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
CVE-2020-13575
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186
CVE-2020-13576
Okay, I do see a difference in behaviour now in sqlitebrowser: with my
soci-enabled liblinphone packages installed I see entries being added
to table ~/.local/share/linphone/linphone.db:chat_message_content and
other tables. The timestamps in chat_message_participant also line up
perfectly with
Processing commands for cont...@bugs.debian.org:
> tag 974828 + patch
Bug #974828 [printer-driver-hpcups] printer-driver-hpcups: SIGABRT with
"free(): invalid next size (normal)" in HPCupsFilter::cleanup
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
> tags 983596 + upstream
Bug #983596 [gsoap] CVE-2020-13574 CVE-2020-13575 CVE-2020-13576 CVE-2020-13577
CVE-2020-13578
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
983596:
Processing commands for cont...@bugs.debian.org:
> found 983596 2.8.104-2
Bug #983596 [gsoap] CVE-2020-13574 CVE-2020-13575 CVE-2020-13576 CVE-2020-13577
CVE-2020-13578
Marked as found in versions gsoap/2.8.104-2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Processing commands for cont...@bugs.debian.org:
> limit source pulseaudio
Limiting to bugs with field 'source' containing at least one of 'pulseaudio'
Limit currently set to 'source':'pulseaudio'
> tags 982740 + pending
Bug #982740 [pulseaudio] pulseaudio: FTBFS on ppc64el
Added tag(s) pending.
Processing commands for cont...@bugs.debian.org:
> severity 983471 normal
Bug #983471 [rspamd] rspamd should depend libjs-jquery
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
983471:
On Wed, Feb 24, 2021 at 07:09:20PM (+0100), Jean Charles Delépine wrote:
> Versions of packages rspamd depends on:
> ii adduser 3.118
> ii ca-certificates 20200601
> ii fonts-glyphicons-halflings 1.009~3.4.1+dfsg-1
> ii init-system-helpers 1.60
> ii
Your message dated Sat, 27 Feb 2021 05:33:26 +
with message-id
and subject line Bug#983373: fixed in gzip 1.10-3
has caused the Debian Bug report #983373,
regarding gzip-win32: Link gzip.exe with static libssp library
to be marked as done.
This means that you claim that the problem has been
Processing control commands:
> tag -1 pending
Bug #982740 [pulseaudio] pulseaudio: FTBFS on ppc64el
Ignoring request to alter tags of bug #982740 to the same tags previously set
--
982740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982740
Debian Bug Tracking System
Contact
Control: tag -1 pending
Hello,
Bug #982740 in pulseaudio reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing commands for cont...@bugs.debian.org:
> severity 964796 grave
Bug #964796 [src:bsdiff] bsdiff: CVE-2020-14315
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
964796:
Your message dated Fri, 26 Feb 2021 23:04:04 +
with message-id
and subject line Bug#982740: fixed in pulseaudio 14.2-2
has caused the Debian Bug report #982740,
regarding pulseaudio: FTBFS on ppc64el
to be marked as done.
This means that you claim that the problem has been dealt with.
If
Processing commands for cont...@bugs.debian.org:
> close 972656 0.11.1-2
Bug #972656 [src:hypercorn] hypercorn FTBFS: test failures
Ignoring request to alter fixed versions of bug #972656 to the same values
previously set
Bug #972656 [src:hypercorn] hypercorn FTBFS: test failures
Marked Bug as
close 972656 0.11.1-2
thanks
--
Cheers,
Andrej
Your message dated Fri, 26 Feb 2021 08:18:17 +
with message-id
and subject line Bug#982993: fixed in python-molotov 2.1-2
has caused the Debian Bug report #982993,
regarding python-aiohttp breaks python-molotov autopkgtest: result changed
to be marked as done.
This means that you claim that
Package: ipxe-qemu
Version: 1.0.0+git-20190125.36a4c85-5.1
Followup-For: Bug #929983
X-Debbugs-Cc: t...@mirbsd.de
This is also broken on an up-to-date-enough sid system.
$ qemu-system-x86_64 -device virtio-net-pci,netdev=net0 -netdev user,id=net0
-nographic
boots.
$ qemu-system-x86_64 -device
Your message dated Fri, 26 Feb 2021 09:19:10 +
with message-id
and subject line Bug#983516: fixed in python2.7 2.7.18-3
has caused the Debian Bug report #983516,
regarding python2.7: autopkgtest regression on amd64, i386 and ppc64el:
test_ctypes fails
to be marked as done.
This means that
Your message dated Fri, 26 Feb 2021 09:19:16 +
with message-id
and subject line Bug#983516: fixed in python2.7 2.7.18-4
has caused the Debian Bug report #983516,
regarding python2.7: autopkgtest regression on amd64, i386 and ppc64el:
test_ctypes fails
to be marked as done.
This means that
Processing commands for cont...@bugs.debian.org:
> reassign 982993 src:python-molotov 2.1-1
Bug #982993 {Done: Andrej Shadura } [src:python-aiohttp,
src:python-molotov] python-aiohttp breaks python-molotov autopkgtest: result
changed
Bug reassigned from package 'src:python-aiohttp,
Processing control commands:
> tag -1 pending
Bug #982993 [src:python-aiohttp, src:python-molotov] python-aiohttp breaks
python-molotov autopkgtest: result changed
Added tag(s) pending.
--
982993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982993
Debian Bug Tracking System
Contact
Control: tag -1 pending
Hello,
Bug #982993 in python-molotov reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Hi Dennis,
thanks a lot for debugging this! BTW, linphone is in desperate need of
co-maintainers :-) That's a lot more useful than complaining about the
package not being tested (it is, but I do not know anyone using the Chat
feature, and I certainly don't).
Honestly I don't know why there is
Processing control commands:
> tags -1 patch
Bug #983533 [src:vinagre] [vinagre] black screen when launching RDP session
Added tag(s) patch.
--
983533: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983533
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing commands for cont...@bugs.debian.org:
> reassign 983010 src:debiman 0.0~git20200217.fc82521-1
Bug #983010 [debiman] mdocml breaks debiman autopkgtest: different output
Bug reassigned from package 'debiman' to 'src:debiman'.
No longer marked as found in versions
Processing commands for cont...@bugs.debian.org:
> tags 983010 + ftbfs
Bug #983010 [debiman] mdocml breaks debiman autopkgtest: different output
Added tag(s) ftbfs.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
983010:
Dixi quod…
>Downgrading *only* the package ipxe-qemu to 1.0.0+git-20161027.b991c67-1
(the version in stretch)
>on that very sid system…
>
>… doesn’t make this succeed either. Huh.
Downgrading seabios along (need to remove -nographic to make that work)
also doesn’t yield netboot success, so
Your message dated Fri, 26 Feb 2021 09:04:18 +
with message-id
and subject line Bug#982482: fixed in nettle 3.7-2.1
has caused the Debian Bug report #982482,
regarding libnettle8: chacha breakage on ppc64(el)
to be marked as done.
This means that you claim that the problem has been dealt
Package: qdbus
Version: 4:5.15.2-4
Severity: serious
Justification: unupgradable
The new qdbus arch:all package is no longer Multi-Arch:foreign,
making it uninstallable on, for example, an amd64 system which
has an i386 package with Depends: qdbus installed.
Given qdbus 4:4.8.7+dfsg-20
Hi,
> Have you reached out to the SOCI maintainer in private already? I don't
> see a bug report on this. If we can get a targeted fix uploaded for this
> within the next days (next step of the freeze is on March 10th, with a
> migration time of 10 days right now) I will attempt to push through a
Source: golang-github-sylabs-sif
Version: 1.0.9-2
Severity: serious
X-Debbugs-Cc: z...@debian.org
Tried 3 times on buildd and failed at same test.
=== RUN TestAddDelObject
unexpected fault address 0xffc8a0c000
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x2
Dear Maintainer,
with the original PPD and input files from Ian I could
reproduce the issue and with the help of rr-debugger
this is what I assume what happens:
- The buffer m_pPrinterBuffer is allocated here with
the current sizes inside cups_header. [1]
- The first page got processed and
On Thu, 03 Sep 2020 at 11:46:56 +0200, Cyril Brulebois wrote:
> Simon McVittie (2020-09-03):
> > One way to resolve [needing a libstdc++ udeb]
> > might be to build the vte2.91 udeb with
> > -static-libstdc++, which makes it about 200K larger than it would
> > otherwise have been, but avoids
Your message dated Fri, 26 Feb 2021 16:18:28 +
with message-id
and subject line Bug#983511: fixed in cdebootstrap 0.7.8
has caused the Debian Bug report #983511,
regarding cdebootstrap: autopkgtest needs update for new version of
debian-archive-keyring:
to be marked as done.
This means that
Hi Thorsten!
On Fri, Feb 26, 2021 at 09:09:50AM +, Thorsten Glaser wrote:
> The new qdbus arch:all package is no longer Multi-Arch:foreign,
> making it uninstallable on, for example, an amd64 system which
> has an i386 package with Depends: qdbus installed.
>
> Given qdbus 4:4.8.7+dfsg-20
Control: tag -1 pending
Hello,
Bug #983560 in qttools-opensource-src reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #983560 [qdbus] qdbus: not upgradable: no longer M-A:foreign
Added tag(s) pending.
--
983560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983560
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
On Fri, 2021-02-26 at 15:41 +0100, Bernhard Übelacker wrote:
> The attached patch is an attempt to grow the buffer size
> if the header changes on a new page.
> This is just tested for the given crash, nothing more, therefore
> there might be side effects on replacing this buffer?
It doesn't look
Control: tags -1 patch
I have done more tests with vinagre. I have attached a .debdiff that
fixes Vinagre's connection initialization and gives me a working RDP
session.
Upstream authors of FreeRDP mentioned that Vinagre's way of using the
FreeRDP API is rather old and it should be
Your message dated Fri, 26 Feb 2021 12:35:13 +
with message-id
and subject line Bug#983560: fixed in qttools-opensource-src 5.15.2-5
has caused the Debian Bug report #983560,
regarding qdbus: not upgradable: no longer M-A:foreign
to be marked as done.
This means that you claim that the
Source: freecad
Version: 0.19+dfsg1-1
Severity: serious
https://ci.debian.net/data/autopkgtest/testing/amd64/f/freecad/10706923/log.gz
...
** run FEM TestObjectOpen tests
Your message dated Fri, 26 Feb 2021 20:48:43 +
with message-id
and subject line Bug#980641: fixed in nml 0.5.3-2
has caused the Debian Bug report #980641,
regarding nml: FTBFS: dh_auto_test: error: make -j4 test _V= returned exit code
2
to be marked as done.
This means that you claim that
Processing commands for cont...@bugs.debian.org:
> block 983365 with 983573
Bug #983365 [linphone-desktop] linphone-desktop: chat messages
983365 was not blocked by any bugs.
983365 was not blocking any bugs.
Added blocking bug(s) of 983365: 983573
> thanks
Stopping processing here.
Please
Am 26.02.21 um 15:19 schrieb Bill Blough:
Hi Bill,
> Hi,
>
>> Have you reached out to the SOCI maintainer in private already? I don't
>> see a bug report on this. If we can get a targeted fix uploaded for this
>> within the next days (next step of the freeze is on March 10th, with a
>>
On Fri, Feb 26, 2021 at 10:23:04AM +0100, Bernhard Schmidt wrote:
> Have you confirmed already that the whole soci/linphone dance really
> fixes this issue?
No. I installed my liblinphone* packages with soci support and I
don't see a difference in behaviour yet. I must state though that I
Package: vuls
Version: 0.6.1-2
Severity: serious
X-Debbugs-Cc: z...@debian.org
Recently goval-dictionary was upgraded 0.2.0-4, causes this package FTBFS.
https://buildd.debian.org/status/fetch.php?pkg=vuls=amd64=0.6.1-2%2Bb2=1614218113=0
# github.com/future-architect/vuls/oval
Your message dated Fri, 26 Feb 2021 18:03:45 +
with message-id
and subject line Bug#971713: fixed in insserv 1.21.0-1.1
has caused the Debian Bug report #971713,
regarding sysstat: init or systemd file has overlapping runlevels
to be marked as done.
This means that you claim that the problem
47 matches
Mail list logo