ocaml-gettext is marked for autoremoval from testing
ocaml-gettext 0.3.7-1 is marked for autoremoval from testing on 2019-03-03 It is affected by these RC bugs: 919658: ocaml-gettext: ocaml-gettext ftbfs (comomile module not found)
Bug#920466: mldonkey-server: Init script fails to stop daemon properly
Package: mldonkey-server Version: 3.1.6-1+b1 Severity: normal Tags: patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Maintainer, As part of adding mldonkey into FreedomBox, we noticed that the mldonkey-server does not stop properly. This is because start-stop-daemon is asked to stop based only on the PID file which is owned by non-root user. Making the process match more specific fixes the problem. # start-stop-daemon --stop --pidfile /var/run/mldonkey/mlnet.pid start-stop-daemon: matching only on non-root pidfile /var/run/mldonkey/mlnet.pid is insecure # echo $? 2 # start-stop-daemon --stop --pidfile /var/run/mldonkey/mlnet.pid --exec /usr/bin/mlnet # echo $? 0 I have created a merge request to fix the issue. Tagging this issue with 'patch'. https://salsa.debian.org/ocaml-team/mldonkey/merge_requests/1 - -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mldonkey-server depends on: ii adduser3.118 ii debconf [debconf-2.0] 1.5.70 ii libbz2-1.0 1.0.6-9 ii libc6 2.28-5 ii libgcc11:8.2.0-14 ii libgd3 2.2.5-5 ii libjpeg62-turbo1:1.5.2-2+b1 ii libpng16-161.6.36-2 ii libstdc++6 8.2.0-14 ii lsb-base 10.2018112800 ii mime-support 3.61 ii ucf3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 mldonkey-server recommends no packages. -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlxLhiMRHHN1bmlsQG1l ZGhhcy5vcmcACgkQQ+oc/wqnxfK/1w/9H/vFfCW/N7EM1DkzWkHoNzKtaW/Xn0Ih rJzb7fUyq3LFBexILTMHvgz8d/hPoRFuktgY2Thvq8E546bRB4oYfStXfFO+njXd LkMKEPhyKqTgOfRjCMKVr7QUtBpYN5XBze99esEhIGzg9Al/vZXyBxtz4voFJ2LL R0p/0FlWCT6fXsy3z0T5Mfm0jV4IyC42bh/1MemzR7ATmvc6mL9/TMXV3vZEdX2A OMu+XRkJhown5vQVeC32hfJWreb5J93urVPdHXltXZb5tJjvx9X3tfNAK3i/EEx+ 5aXktK4/TP8BAj/A2uJ6yxf4vE5HFPxrca8ZrX4qcjstHuaB/yGCru2oWaUzkBD5 0RFn5HOtwXI8NXVP6zTIimVQqkoXzeY8SQsSQBToWkxjJchXQ0u9EiijdZM5nDNJ qfJVp/qk6okK9MerP2sNwtHAWyxgOa5iqFrifITmLoJfZrmtkkg4VRs1eYpCGHr9 v9E2wCsKfRp2V/tKzASbxk6Oc7P7iEBWMmQTAmuSmK84k2VvQTwjMy+OCOOeIue5 Gqdwz1+BgpIF4baRgIalYIu9iGHfQBErfY3GLgcdjJx+ketfqZHw3VTlLjCipfUt D/ppP5q4FlHnlb5OraNakVwei1Bdn2wK7UnevjqGcMMYRm5m1YkK3Ci3gUnwz4zv Ruln29zlUD8= =5KnO -END PGP SIGNATURE-
[Git][ocaml-team/advi] Pushed new tag debian/1.10.2-4
Ralf Treinen pushed new tag debian/1.10.2-4 at Debian OCaml Maintainers / advi -- View it on GitLab: https://salsa.debian.org/ocaml-team/advi/tree/debian/1.10.2-4 You're receiving this email because of your account on salsa.debian.org.
ocaml_4.05.0-11_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Jan 2019 14:59:28 +0100 Source: ocaml Binary: ocaml ocaml-base ocaml-base-dbgsym ocaml-base-nox ocaml-base-nox-dbgsym ocaml-compiler-libs ocaml-interp ocaml-mode ocaml-nox ocaml-nox-dbgsym ocaml-source Architecture: source amd64 all Version: 4.05.0-11 Distribution: unstable Urgency: medium Maintainer: Debian OCaml Maintainers Changed-By: Stéphane Glondu Description: ocaml - ML language implementation with a class-based object system ocaml-base - Runtime system for OCaml bytecode executables ocaml-base-nox - Runtime system for OCaml bytecode executables (no X) ocaml-compiler-libs - OCaml interpreter and standard libraries ocaml-interp - OCaml interactive interpreter and standard libraries ocaml-mode - major mode for editing Objective Caml in Emacs ocaml-nox - ML implementation with a class-based object system (no X) ocaml-source - Sources for Objective Caml Closes: 895472 895994 Changes: ocaml (4.05.0-11) unstable; urgency=medium . [ Ralf Treinen ] * Dropped "Recommends: camlp4" from ocaml-nox since that package is being deprecated. (Closes: #895994) . [ Stéphane Glondu ] * Fix integer overflows when unmarshaling a bigarray (Closes: #895472, CVE-2018-9838) * Update Vcs-* to point to salsa Checksums-Sha1: 37d9bf6495bf112f9261a580e2d4bc8cde7f38e7 2188 ocaml_4.05.0-11.dsc b497d05819ad5be9398e59e66311c3f0d3f91a66 47516 ocaml_4.05.0-11.debian.tar.xz fa2bd1020e7009a845e169967c644653e2ac612d 8432 ocaml-base-dbgsym_4.05.0-11_amd64.deb ea09bba58180bd30ca5d401b38fefe4343f50f3d 72076 ocaml-base-nox-dbgsym_4.05.0-11_amd64.deb e51de73897117e4886eec27643e4a63a15f4150c 653900 ocaml-base-nox_4.05.0-11_amd64.deb 9a3c1143c6bffab48b1449ba9821e1e62b2b9d8e 161208 ocaml-base_4.05.0-11_amd64.deb 94362422a396064737b3091b45b032157f30f416 19019648 ocaml-compiler-libs_4.05.0-11_amd64.deb ec0bd02f30a6d1c6de459489bac4cd220a774672 3581524 ocaml-interp_4.05.0-11_amd64.deb 6a2f2e3a5972171ba4c245f00b34b098e112f0bb 164272 ocaml-mode_4.05.0-11_all.deb 6e8d5f0145210ab2418d72c66a273d73655caf93 6813668 ocaml-nox-dbgsym_4.05.0-11_amd64.deb 3e1bfe4ec9932c1e87d9d1f34048414eb11ad092 27580180 ocaml-nox_4.05.0-11_amd64.deb 4803d9de49d6711fc3e62964e44b9bde0e1033ad 2571960 ocaml-source_4.05.0-11_all.deb d8235bfc79529116de61b2b2b6420ade6ff3716a 8864 ocaml_4.05.0-11_amd64.buildinfo c2d8ecd25019884dec947f8c1e6e1239505d3ca0 161904 ocaml_4.05.0-11_amd64.deb Checksums-Sha256: 40a7a550feaeff45a5ca81e904e6cce7752c5dfb6e94269ba155c38f979226cd 2188 ocaml_4.05.0-11.dsc 2e95316bd6637e02bed169e1e838a87bbe97ef1b8eee022e39a9ec7a196f42ba 47516 ocaml_4.05.0-11.debian.tar.xz 2f62dc50b796e8045719da00ebd8e0ff9f9fdf513b3351845c0b46dd7bade6ae 8432 ocaml-base-dbgsym_4.05.0-11_amd64.deb 23ea4155b20730377428235d5d011a42ec15c8334f488e59c99c6dd8c8119b05 72076 ocaml-base-nox-dbgsym_4.05.0-11_amd64.deb 139d0afe5839cb90f1e48b592771f245876d801d85b1640f07f272d63cfa8622 653900 ocaml-base-nox_4.05.0-11_amd64.deb 291620c7eff2713bc3c6d1a1ffb8caf788accca17c72fd0d3bdb760629d79082 161208 ocaml-base_4.05.0-11_amd64.deb 8064924bfcbf2286bf085ecbbcc048a3cc9097de4491df32bcbac46fc3331a40 19019648 ocaml-compiler-libs_4.05.0-11_amd64.deb 752ce942cc4c18d33e52133d4f2b5372a823009f9c52231547950e36ad14b95e 3581524 ocaml-interp_4.05.0-11_amd64.deb bcb77afe5c8a97ce72fcb48e436c2715d4da9167275d040be9de7100b26ee524 164272 ocaml-mode_4.05.0-11_all.deb 4355cc2bbc6ad3155982ddd07568a7e6d694f620831502224ac5ececb7750db3 6813668 ocaml-nox-dbgsym_4.05.0-11_amd64.deb 10d3279593f3e4ce39ba030cd5491394257a43dcb11c1df0c1f6a95fd255 27580180 ocaml-nox_4.05.0-11_amd64.deb cf8b1ab47f659256a732520f41ab30c986f9ecd103691a14c4cf9c834d2ebe0b 2571960 ocaml-source_4.05.0-11_all.deb e75e88c20783229ddab4cf52d4bd76f8c5aebf88b5581b18334bf8ce9c288982 8864 ocaml_4.05.0-11_amd64.buildinfo 9ede37e4425e64bbe1c5f0d3e4c0d45f1333936cc71c02051099130e67aa9e28 161904 ocaml_4.05.0-11_amd64.deb Files: 00d89fde018e53c778e7f388440b6c03 2188 ocaml optional ocaml_4.05.0-11.dsc 6e392d1d2d54b71bc83d9ce28db0d8c4 47516 ocaml optional ocaml_4.05.0-11.debian.tar.xz 76f7619ecc402b7845dd136cb436f2c4 8432 debug optional ocaml-base-dbgsym_4.05.0-11_amd64.deb 606b17148d4c5405f0d6cd0993075500 72076 debug optional ocaml-base-nox-dbgsym_4.05.0-11_amd64.deb daba2401348b0bc84ce0514181226f12 653900 ocaml optional ocaml-base-nox_4.05.0-11_amd64.deb 8de425d5ebab7d24a754208c1c7740c7 161208 ocaml optional ocaml-base_4.05.0-11_amd64.deb d55218e699f742fcc18abc815f49beab 19019648 ocaml optional ocaml-compiler-libs_4.05.0-11_amd64.deb 9c79b6699b1d16b693f46c6787db914e 3581524 ocaml optional ocaml-interp_4.05.0-11_amd64.deb 829585a67bd1301e68d578bd02add060 164272 ocaml optional ocaml-mode_4.05.0-11_all.deb bebc7619106150c0554f7eec3e6e72e8 6813668 debug optional ocaml-nox-dbgsym_4.05.0-11_amd64.deb 826a2f4b6161400df5690da0cf626435 27580180 ocaml optional
Bug#895472: marked as done (ocaml: CVE-2018-9838)
Your message dated Fri, 25 Jan 2019 15:00:47 + with message-id and subject line Bug#895472: fixed in ocaml 4.05.0-11 has caused the Debian Bug report #895472, regarding ocaml: CVE-2018-9838 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ocaml Version: 4.05.0-10 Severity: important Tags: security upstream Forwarded: https://caml.inria.fr/mantis/view.php?id=7765 Hi, The following vulnerability was published for ocaml. CVE-2018-9838[0]: | The caml_ba_deserialize function in byterun/bigarray.c in the standard | library in OCaml 4.06.0 has an integer overflow which, in situations | where marshalled data is accepted from an untrusted source, allows | remote attackers to cause a denial of service (memory corruption) or | possibly execute arbitrary code via a crafted object. A solution is still beeing discussed upstream in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-9838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9838 [1] https://caml.inria.fr/mantis/view.php?id=7765 [2] https://github.com/ocaml/ocaml/pull/1718 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ocaml Source-Version: 4.05.0-11 We believe that the bug you reported is fixed in the latest version of ocaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stéphane Glondu (supplier of updated ocaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Jan 2019 14:59:28 +0100 Source: ocaml Binary: ocaml ocaml-base ocaml-base-dbgsym ocaml-base-nox ocaml-base-nox-dbgsym ocaml-compiler-libs ocaml-interp ocaml-mode ocaml-nox ocaml-nox-dbgsym ocaml-source Architecture: source amd64 all Version: 4.05.0-11 Distribution: unstable Urgency: medium Maintainer: Debian OCaml Maintainers Changed-By: Stéphane Glondu Description: ocaml - ML language implementation with a class-based object system ocaml-base - Runtime system for OCaml bytecode executables ocaml-base-nox - Runtime system for OCaml bytecode executables (no X) ocaml-compiler-libs - OCaml interpreter and standard libraries ocaml-interp - OCaml interactive interpreter and standard libraries ocaml-mode - major mode for editing Objective Caml in Emacs ocaml-nox - ML implementation with a class-based object system (no X) ocaml-source - Sources for Objective Caml Closes: 895472 895994 Changes: ocaml (4.05.0-11) unstable; urgency=medium . [ Ralf Treinen ] * Dropped "Recommends: camlp4" from ocaml-nox since that package is being deprecated. (Closes: #895994) . [ Stéphane Glondu ] * Fix integer overflows when unmarshaling a bigarray (Closes: #895472, CVE-2018-9838) * Update Vcs-* to point to salsa Checksums-Sha1: 37d9bf6495bf112f9261a580e2d4bc8cde7f38e7 2188 ocaml_4.05.0-11.dsc b497d05819ad5be9398e59e66311c3f0d3f91a66 47516 ocaml_4.05.0-11.debian.tar.xz fa2bd1020e7009a845e169967c644653e2ac612d 8432 ocaml-base-dbgsym_4.05.0-11_amd64.deb ea09bba58180bd30ca5d401b38fefe4343f50f3d 72076 ocaml-base-nox-dbgsym_4.05.0-11_amd64.deb e51de73897117e4886eec27643e4a63a15f4150c 653900 ocaml-base-nox_4.05.0-11_amd64.deb 9a3c1143c6bffab48b1449ba9821e1e62b2b9d8e 161208 ocaml-base_4.05.0-11_amd64.deb 94362422a396064737b3091b45b032157f30f416 19019648 ocaml-compiler-libs_4.05.0-11_amd64.deb ec0bd02f30a6d1c6de459489bac4cd220a774672 3581524 ocaml-interp_4.05.0-11_amd64.deb 6a2f2e3a5972171ba4c245f00b34b098e112f0bb 164272 ocaml-mode_4.05.0-11_all.deb 6e8d5f0145210ab2418d72c66a273d73655caf93 6813668 ocaml-nox-dbgsym_4.05.0-11_amd64.deb 3e1bfe4ec9932c1e87d9d1f34048414eb11ad092 27580180 ocaml-nox_4.05.0-11_amd64.deb 4803d9de49d6711fc3e62964e44b9bde0e1033ad 2571960 ocaml-source_4.05.0-11_all.deb
Bug#895994: marked as done (ocaml-nox: Stop recommending deprecated camlp4)
Your message dated Fri, 25 Jan 2019 15:00:47 + with message-id and subject line Bug#895994: fixed in ocaml 4.05.0-11 has caused the Debian Bug report #895994, regarding ocaml-nox: Stop recommending deprecated camlp4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895994: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895994 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ocaml-nox Version: 4.05.0-10 Severity: normal Dear Maintainer, I just realized that ocaml-nox is the reason I still have camlp4 installed on my system even though I have no intentions of using it. In fact, the upstream website at https://github.com/ocaml/camlp4 says: > Since 2017, Camlp4 is not actively maintained anymore, and only receives > occasional fixes for compatibility with new OCaml versions. Maintainers of > Camlp4-using projects are actively encouraged to switch to other systems. Sounds like it is time to drop the Recommends: camlp4 from ocaml-nox? Kind regards, Ralf -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (100, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ocaml-nox depends on: ii binutils2.30-15 ii gcc 4:7.2.0-1d1 ii libc6 2.27-3 ii libncurses5 6.1-1 ii libncurses5-dev 6.1-1 ii libtinfo5 6.1-1 ii ocaml-base-nox [ocaml-base-nox-4.05.0] 4.05.0-10 ii ocaml-interp4.05.0-10 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages ocaml-nox recommends: pn camlp4 ii file1:5.32-2 Versions of packages ocaml-nox suggests: pn ocaml-doc pn tuareg-mode | ocaml-mode -- no debconf information --- End Message --- --- Begin Message --- Source: ocaml Source-Version: 4.05.0-11 We believe that the bug you reported is fixed in the latest version of ocaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stéphane Glondu (supplier of updated ocaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Jan 2019 14:59:28 +0100 Source: ocaml Binary: ocaml ocaml-base ocaml-base-dbgsym ocaml-base-nox ocaml-base-nox-dbgsym ocaml-compiler-libs ocaml-interp ocaml-mode ocaml-nox ocaml-nox-dbgsym ocaml-source Architecture: source amd64 all Version: 4.05.0-11 Distribution: unstable Urgency: medium Maintainer: Debian OCaml Maintainers Changed-By: Stéphane Glondu Description: ocaml - ML language implementation with a class-based object system ocaml-base - Runtime system for OCaml bytecode executables ocaml-base-nox - Runtime system for OCaml bytecode executables (no X) ocaml-compiler-libs - OCaml interpreter and standard libraries ocaml-interp - OCaml interactive interpreter and standard libraries ocaml-mode - major mode for editing Objective Caml in Emacs ocaml-nox - ML implementation with a class-based object system (no X) ocaml-source - Sources for Objective Caml Closes: 895472 895994 Changes: ocaml (4.05.0-11) unstable; urgency=medium . [ Ralf Treinen ] * Dropped "Recommends: camlp4" from ocaml-nox since that package is being deprecated. (Closes: #895994) . [ Stéphane Glondu ] * Fix integer overflows when unmarshaling a bigarray (Closes: #895472, CVE-2018-9838) * Update Vcs-* to point to salsa Checksums-Sha1: 37d9bf6495bf112f9261a580e2d4bc8cde7f38e7 2188 ocaml_4.05.0-11.dsc b497d05819ad5be9398e59e66311c3f0d3f91a66 47516 ocaml_4.05.0-11.debian.tar.xz fa2bd1020e7009a845e169967c644653e2ac612d 8432 ocaml-base-dbgsym_4.05.0-11_amd64.deb
Processing of ocaml_4.05.0-11_amd64.changes
ocaml_4.05.0-11_amd64.changes uploaded successfully to localhost along with the files: ocaml_4.05.0-11.dsc ocaml_4.05.0-11.debian.tar.xz ocaml-base-dbgsym_4.05.0-11_amd64.deb ocaml-base-nox-dbgsym_4.05.0-11_amd64.deb ocaml-base-nox_4.05.0-11_amd64.deb ocaml-base_4.05.0-11_amd64.deb ocaml-compiler-libs_4.05.0-11_amd64.deb ocaml-interp_4.05.0-11_amd64.deb ocaml-mode_4.05.0-11_all.deb ocaml-nox-dbgsym_4.05.0-11_amd64.deb ocaml-nox_4.05.0-11_amd64.deb ocaml-source_4.05.0-11_all.deb ocaml_4.05.0-11_amd64.buildinfo ocaml_4.05.0-11_amd64.deb Greetings, Your Debian queue daemon (running on host usper.debian.org)
[Git][ocaml-team/ocaml] Pushed new tag debian/4.05.0-11
Stéphane Glondu pushed new tag debian/4.05.0-11 at Debian OCaml Maintainers / ocaml -- View it on GitLab: https://salsa.debian.org/ocaml-team/ocaml/tree/debian/4.05.0-11 You're receiving this email because of your account on salsa.debian.org.
Bug#874700: marked as done (ocaml: CVE-2017-9779)
Your message dated Fri, 25 Jan 2019 15:23:24 +0100 with message-id <2bb85e3b-831e-a6b8-b6ba-3ff17e133...@debian.org> and subject line Re: Bug#874700: ocaml: CVE-2017-9779 has caused the Debian Bug report #874700, regarding ocaml: CVE-2017-9779 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874700: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ocaml Version: 4.01.0-5 Severity: important Tags: security upstream Hi, the following vulnerability was published for ocaml. CVE-2017-9779[0]: | OCaml compiler allows attackers to have unspecified impact via unknown | vectors, a similar issue to CVE-2017-9772 "but with much less impact." This is the secondary, lesser critical issue affecting as well older versions as mentioned in [1] and [2]. Can you get in touch with upstream to identify the required patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9779 [1] https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html [2] https://caml.inria.fr/mantis/view.php?id=7557 Regards, Salvatore --- End Message --- --- Begin Message --- Version: 4.05.0-1 Le 08/09/2017 à 21:47, Salvatore Bonaccorso a écrit : > the following vulnerability was published for ocaml. > > CVE-2017-9779[0]: > | OCaml compiler allows attackers to have unspecified impact via unknown > | vectors, a similar issue to CVE-2017-9772 "but with much less impact." > > This is the secondary, lesser critical issue affecting as well older > versions as mentioned in [1] and [2]. Can you get in touch with > upstream to identify the required patch. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-9779 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9779 > [1] https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html > [2] https://caml.inria.fr/mantis/view.php?id=7557 The bug has been fixed in OCaml 4.04.2 whereas the version in sid is 4.05.0. Hence, closing the bug. Cheers, -- Stéphane--- End Message ---
Bug#920440: unison-gtk: New upstream version
Package: unison-gtk Version: 2.48.4-1+b1 Severity: wishlist Tags: upstream Dear Maintainer, please package the new upstream version 2.51.2 that was released on 28 Jan 2018. https://github.com/bcpierce00/unison/releases -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (400, 'unstable'), (300, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages unison-gtk depends on: ii libatk1.0-0 2.30.0-2 ii libc62.28-5 ii libcairo21.16.0-2 ii libfontconfig1 2.13.1-2 ii libfreetype6 2.9.1-3 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-7 ii libglib2.0-0 2.58.2-3 ii libgtk2.0-0 2.24.32-3 ii libpango-1.0-0 1.42.4-6 ii libpangocairo-1.0-0 1.42.4-6 ii libpangoft2-1.0-01.42.4-6 Versions of packages unison-gtk recommends: ii lxqt-openssh-askpass [ssh-askpass] 0.13.0-1 ii openssh-client [ssh-client] 1:7.9p1-5 Versions of packages unison-gtk suggests: pn unison-all-gtk -- no debconf information
Processed: Bug #895472 in ocaml marked as pending
Processing control commands: > tag -1 pending Bug #895472 [src:ocaml] ocaml: CVE-2018-9838 Added tag(s) pending. -- 895472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#895472: ocaml: CVE-2018-9838
Le 21/01/2019 à 22:33, Moritz Mühlenhoff a écrit : >> The following vulnerability was published for ocaml. >> >> CVE-2018-9838[0]: >> | The caml_ba_deserialize function in byterun/bigarray.c in the standard >> | library in OCaml 4.06.0 has an integer overflow which, in situations >> | where marshalled data is accepted from an untrusted source, allows >> | remote attackers to cause a denial of service (memory corruption) or >> | possibly execute arbitrary code via a crafted object. > > What's the status? There hasn't been an upload for src:ocaml over all > of 2018? Indeed. I will upload a fix. Cheers, -- Stéphane
morsmall_0.1-1_amd64.changes is NEW
binary:libmorsmall-ocaml-dev is NEW. binary:libmorsmall-ocaml-dev is NEW. source:morsmall is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will receive an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html or https://ftp-master.debian.org/backports-new.html for *-backports
advi_1.10.2-4_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 25 Jan 2019 08:09:34 +0100 Source: advi Binary: advi advi-examples Architecture: source Version: 1.10.2-4 Distribution: unstable Urgency: medium Maintainer: Debian OCaml Maintainers Changed-By: Ralf Treinen Description: advi - active DVI previewer and presenter advi-examples - example presentations for Active-DVI (advi) Changes: advi (1.10.2-4) unstable; urgency=medium . * Update Vcs-* to salsa * Standards-Version 4.3.0 - d/copyright: https in format header * patch examples-scripts: fix spelling error in description * Debhelper compatibility level 11 - d/rules: override dh_autoreconf * Remove trailing whitespace in this file. * d/copyright: change pointer to complete license from LGPL to LGPL-2.1 Checksums-Sha1: 5e9e186582942b25dc5be94464da3fe61a9dd952 2261 advi_1.10.2-4.dsc 076f6faf2cf1737dbbf71ef0539c1c77168d1161 21756 advi_1.10.2-4.debian.tar.xz 7fb5f466fa28228bb0db00d8bb29ac1c5f96b423 9687 advi_1.10.2-4_source.buildinfo Checksums-Sha256: a815e5ddbc8101d53de93f285e67932e0f0065646a3fa6fe4c52f7d966d4 2261 advi_1.10.2-4.dsc 0f6ec24bd8de8f8476cfb01d476f3486aec59386b21a6f856e237869eda6452e 21756 advi_1.10.2-4.debian.tar.xz b14367f914279076fe4ad2b6354426d597e2e0919e5d0701245a657bb22feb0e 9687 advi_1.10.2-4_source.buildinfo Files: 5dac7927882eaa854f0aa8d827fb9a97 2261 tex optional advi_1.10.2-4.dsc 05d8b60d513bb982b3c5fe3e6c01b3e4 21756 tex optional advi_1.10.2-4.debian.tar.xz 7d4e4b42a173654c6e006ca3764825ab 9687 tex optional advi_1.10.2-4_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEAgVIKeEtDyqOZI5idFxHZtTKzf8FAlxKvaIACgkQdFxHZtTK zf/T7A/9EbUuX7IvshVwehUAvlBpXL9Ity4+v2ntqauRTiXKK2Rec/i9SAyZYCed FWthgK9YRyFFpef1OL00gfwj8mrJLyHNLdfgKvRIbugecSZ3LsAHAXTroAZnX9Wn DIjZhRASx1oR68IHaRmEyif6BtmWflkZoe1oyWTn4cqE39UemPWMY5Yg/PSyQsFG Jx+h35DlcxM0KXN6cYsRvH9m8uZi7dOm79XrxiRo6CVAQDYk1uvmRo3G3iS3qsGC HfPN29ABeXbuxCMYDqXdec7YMghs1TaH0noITaqhslawANeAlJZqlS/vZHMRo2Mf GUwL8ECtld8HhabMAw1lJq5h9LtCcWzDNKetqVP+9hxjYs/2L6YAKqBVLguJ7jbx xLktYIw+T+S6l2Gk4PiQElXXADhs1krkUIQ0LUN8tMpU9qP2be2RAFyzn39Isnfa h1yw53q4SDVDHnj/vMUEjA4QZ8WEeDwOLre2JzkH93korbHE7rvlRlXyynT32/9J dgFgPrhrptiLrR6NzsEJ6p+/DPfi5hkzgbo/NptgFlmkePfkvKYT/xA0f9zCPfhJ V0DeWrGvUC7WtSoR9EDCtWBWqhHCOStUSnjvbMIlLW3kXnbLA+2GrbjRKjwWwwo5 B6+DiPzcDwajufv/kfcF+eBJijOLPejpE2uGaf/FUh3THOih/4c= =7Ksw -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of morsmall_0.1-1_amd64.changes
morsmall_0.1-1_amd64.changes uploaded successfully to localhost along with the files: morsmall_0.1-1.dsc morsmall_0.1.orig.tar.xz morsmall_0.1-1.debian.tar.xz libmorsmall-ocaml-dev-dbgsym_0.1-1_amd64.deb libmorsmall-ocaml-dev_0.1-1_amd64.deb morsmall_0.1-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processing of advi_1.10.2-4_source.changes
advi_1.10.2-4_source.changes uploaded successfully to localhost along with the files: advi_1.10.2-4.dsc advi_1.10.2-4.debian.tar.xz advi_1.10.2-4_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Re: camomile / ocaml-gettext bootstrap?
Hi Ralf, On 2019/01/24 21:55, Ralf Treinen wrote: > Hi, > [...] > the input file on which camomilelocaledef fails, zh__PINYIN.mar, is > almost double the size of the other files on which it succeeds. > So if you can somehow increase the the stack size (say, 2x or better 4x) > than that might do the trick. > > There probably is somewhere a recursion that should be turned > tail-recursive in case you really want to dive into the code. > > If you have a patch I can test it on a porter machine. I have increased the stack size of the bytecode interpreter. Can you please check if this fixes the problem? The fix is in git. Cheers Kyle
Processed: Bug #918563 in camomile marked as pending
Processing control commands: > tag -1 pending Bug #918563 [src:camomile] camomile FTBFS on ppc64{,el}: camomilelocaledef got signal SEGV Bug #919472 [src:camomile] camomile ftbfs on ppc64el Added tag(s) pending. Added tag(s) pending. -- 918563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918563 919472: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919472 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems