Bug#1008578: buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1

On Fri, 5 Aug 2022, Adam D. Barratt wrote: Please go ahead. ... and uploaded. Thanks! Thorsten

Bug#1010380: buster-pu: flac/1.3.2-3+deb10u2

On Fri, 5 Aug 2022, Adam D. Barratt wrote: Please go ahead; sorry for the delay. ... and uploaded. Thanks! Thorsten

Bug#1009251: buster-pu: fribidi/1.0.5-3.1+deb10u2

On Fri, 5 Aug 2022, Adam D. Barratt wrote: Please go ahead; sorry for the delay. ... and uploaded. Thanks! Thorsten

Bug#1009076: buster-pu: minidlna/1.2.1+dfsg-2+deb10u3

On Fri, 5 Aug 2022, Adam D. Barratt wrote: Please go ahead; sorry for the delay. ... and uploaded. Thanks! Thorsten

Processed: Re: Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

Processing control commands: > tags -1 + confirmed Bug #960396 [release.debian.org] buster-pu: package adminer/4.7.1-1 Added tag(s) confirmed. -- 960396: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960396 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

Control: tags -1 + confirmed On Fri, 2022-08-05 at 22:23 +0200, Alexandre Rossi wrote: > Hi, > > > > > Thanks. Can you attach the debdiff between the current version > > > > in > > > > buster and the proposed one to this bug? > > > > > > Here it is. > > > > > > > Apologies for letting this

Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

Hi, > > > Thanks. Can you attach the debdiff between the current version in > > > buster and the proposed one to this bug? > > > > Here it is. > > > > Apologies for letting this sit for so long without a follow-up. No worries. > We're in the process of arranging the final point release for

Bug#1006550: buster-pu: package tiff/4.1.0+git191117-2~deb10u4

On Sat, 2022-03-19 at 16:43 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2022-02-27 at 18:01 +0100, László Böszörményi wrote: > > A security update of tiff for issues not warrant a DSA but still > > would > > be good to have fixed. > > > > Please go ahead; thanks.

Processed: Re: Bug#1006182: buster-pu: package qtbase-opensource-src/5.11.3+dfsg1-1+deb10u5

Processing control commands: > tags -1 + confirmed Bug #1006182 [release.debian.org] buster-pu: package qtbase-opensource-src/5.11.3+dfsg1-1+deb10u5 Ignoring request to alter tags of bug #1006182 to the same tags previously set -- 1006182:

Bug#1006182: buster-pu: package qtbase-opensource-src/5.11.3+dfsg1-1+deb10u5

Control: tags -1 + confirmed On Sat, 2022-03-26 at 10:20 +0300, Dmitry Shachnev wrote: > Hi all, and sorry for delay. > > On Fri, Mar 18, 2022 at 12:34:33PM +0100, Emilio Pozuelo Monfort > wrote: > > On 18/03/2022 12:28, Adam D. Barratt wrote: > > > On Fri, 2022-03-18 at 12:24 +0100, Emilio

Bug#999430: buster-pu: package publicsuffix/20211109.1735-0+deb10u1

On Mon, 2021-11-29 at 20:45 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2021-11-10 at 16:31 -0500, Daniel Kahn Gillmor wrote: > > Please consider an update to publicsuffix in debian buster. > > > > This package reflects the state of the network, and keeping it > >

Bug#998390: buster-pu: package ruby-activeldap/5.2.2-2+deb10u1

On Sat, 2022-03-19 at 16:37 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2021-11-03 at 15:19 +0100, Daniel Leidert wrote: > > There is an open bug report about ruby-activeldap missing a > > dependency on > > ruby-builder. This issue is only present in Buster and the

Bug#990739: buster-pu: package iptables-netflow/2.3-5+deb10u1

On Sat, 2021-12-04 at 17:55 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2021-07-06 at 02:45 +0200, Axel Beckert wrote: > > an API change in the Linux kernel 4.19.194-1 uploaded with the > > Buster > > 10.10 stable minor update caused a regression in > >

Bug#991628: buster-pu: package pillow/5.4.1-2+deb10u2

On Sat, 2021-12-04 at 17:49 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2021-07-29 at 09:54 +0100, Neil Williams wrote: > > Fix for CVE-2021-34552 (#991293) is mitigated by FORTIFY_SOURCE, so > > this upload targets proposed-updates instead of security after > >

Bug#952960: buster-pu: package ruby-factory-girl-rails/4.7.0-1+deb10u1

On Tue, 2020-03-03 at 19:03 +, Adam D. Barratt wrote: > Control: tags -1 +confirmed -moreinfo > > On Mon, 2020-03-02 at 18:59 +0100, Daniel Leidert wrote: > > Package: release.debian.org > > Followup-For: Bug #952960 > > > > I've uploaded the fix to unstable and updated the diff (Vcs* fields

Bug#990372: buster-pu: package feature-check/0.2.2-3

On Sun, 2021-07-18 at 18:32 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2021-06-27 at 18:10 +0300, Peter Pentchev wrote: > > This is a pre-approval request for feature-check/0.2.2-3+deb10u1 to > > fix the #990276 RC bug already fixed in unstable. > > > > [ Reason ] >

Bug#945578: buster-pu: package libapache2-mod-auth-openidc/2.3.10.2-1

On Fri, 2021-03-26 at 09:22 +0100, Salvatore Bonaccorso wrote: > Hi Moritz, > > On Fri, Jul 31, 2020 at 10:25:13AM +0200, Salvatore Bonaccorso wrote: > > Hi Moritz, > > > > On Tue, Jan 28, 2020 at 10:43:25PM +, Adam D. Barratt wrote: > > > Control: tags -1 + confirmed > > > > > > On Wed,

Bug#942464: Fwd: Re: Bug#941626: Bug#942464: buster-pu: package haveged/1.9.1-7

On Wed, 2019-11-06 at 12:02 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > Control: tags 941626 - confirmed > > Apparently I copied the wrong side of the clone... Ping? We're in the process of organising the final point release for buster, as support for it transitions over to

Bug#977028: buster-pu: package sane-backends/1.0.27-3.2

On Sat, 2021-01-16 at 18:08 +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2020-12-10 at 09:44 +0100, Jörg Frings-Fürst wrote: > > The udev rule to change the owner/group of usb scanners are not > > included. > > > > [ Impact ] > > Scanner working only as root > > > >

Processed: Re: Bug#987941: buster-pu: package pacemaker/2.0.1-5+deb10u2

Processing control commands: > tags -1 + confirmed Bug #987941 [release.debian.org] buster-pu: package pacemaker/2.0.1-5+deb10u2 Added tag(s) confirmed. -- 987941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#987941: buster-pu: package pacemaker/2.0.1-5+deb10u2

Control: tags -1 + confirmed On Thu, 2021-06-10 at 22:09 +0200, wf...@niif.hu wrote: > On Wed, 09 Jun 2021 09:17:26 +0200 wf...@niif.hu wrote: > > > Andreas kindly provided further refinements for his patch in > > #985173. > > I'll update this stable update request with the new debdiff > >

Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

On Wed, 2021-05-26 at 11:20 +0200, Alexandre Rossi wrote: > Hi, > > > Thanks. Can you attach the debdiff between the current version in > > buster and the proposed one to this bug? > > Here it is. > Apologies for letting this sit for so long without a follow-up. We're in the process of

Bug#964176: buster-pu: package gajim/1.1.3-2+deb10u1

On Fri, 2020-07-03 at 09:12 +0200, Martin wrote: > I like to update gajim to the latest 1.1.x stable release in > buster, while bullseye will move to 1.2.x. > > 1.1.3-2 has been been in testing for nearly one year and has not > shown any regressions compared to the current version in stable, >

Bug#975269: marked as done (buster-pu: package linux/TBD - arm64 stolen time support)

Your message dated Fri, 05 Aug 2022 20:17:17 +0100 with message-id and subject line Re: Bug#975269: buster-pu: package linux/TBD - arm64 stolen time support has caused the Debian Bug report #975269, regarding buster-pu: package linux/TBD - arm64 stolen time support to be marked as done. This

Bug#988850: buster-pu: package thunar/1.8.17-1

On Thu, 2021-05-20 at 15:25 +0200, Yves-Alexis Perez wrote: > this is a pre-approval request for updating Thunar in stable, from > 1.8.4 > to 1.8.17. > > The context is the recently found vulnerability CVE-2021-32563 > (#988394), which has been fixed in 1.8.17. > > With my security team hat on,

Bug#1010060: buster-pu: package mutt/1.10.1-2.1+deb10u6

Hi Adam, On Fri, Aug 05, 2022 at 07:40:39PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2022-04-23 at 15:04 +0200, Salvatore Bonaccorso wrote: > > I prepared an update for mutt, fixing CVE-2022-1328, a buffer- > > overflow > > in uudecoder. > > > > Please go ahead;

Processed: Re: Bug#1008578: buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1008578 [release.debian.org] buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1 Added tag(s) confirmed. -- 1008578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008578 Debian Bug Tracking System

Bug#1008578: buster-pu: golang-github-russellhaering-goxmldsig/0.0~git20170911.b7efc62-1+deb10u1

Control: tags -1 + confirmed On Mon, 2022-03-28 at 21:50 +, Thorsten Alteholz wrote: > The attached debdiff for golang-github-russellhaering-goxmldsig > fixes > CVE-2020-7711 in Buster. This CVE has been marked as no-dsa by the > security team. > Please go ahead. Regards, Adam

Bug#987039: buster-pu: package dojo/1.14.2+dfsg1-1+deb10u3

On Fri, 2021-04-16 at 09:49 +0200, Yadd wrote: > dojo/dijit is vulnerable to cross-site-scripting (#97, > CVE-2020-4051). > Apologies for not getting back to this sooner. [...] > This update should minimally affect production applications: > * The behavior of existing links with HTML

Bug#948375: marked as done (buster-pu: package ceph/12.2.12+dfsg-1)

Your message dated Fri, 05 Aug 2022 20:04:27 +0100 with message-id and subject line Re: Bug#948375: buster-pu: package ceph/12.2.12+dfsg-1 has caused the Debian Bug report #948375, regarding buster-pu: package ceph/12.2.12+dfsg-1 to be marked as done. This means that you claim that the problem

Bug#950488: marked as done (buster-pu: package kronosnet/1.8-2)

Your message dated Fri, 05 Aug 2022 19:51:45 +0100 with message-id and subject line Re: Bug#950488: buster-pu: package kronosnet/1.8-2 has caused the Debian Bug report #950488, regarding buster-pu: package kronosnet/1.8-2 to be marked as done. This means that you claim that the problem has been

Processed: Re: Bug#987538: buster-pu: package node-end-of-stream/1.4.1-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #987538 [release.debian.org] buster-pu: package node-end-of-stream/1.4.1-1+deb10u1 Added tag(s) confirmed. -- 987538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987538 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Processed: Re: Bug#1009065: buster-pu: package dropbear/2018.76-5+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1009065 [release.debian.org] buster-pu: package dropbear/2018.76-5+deb10u1 Added tag(s) confirmed. -- 1009065: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009065 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1009065: buster-pu: package dropbear/2018.76-5+deb10u1

Control: tags -1 + confirmed On Wed, 2022-04-06 at 21:26 +0200, Guilhem Moulin wrote: > CVE-2019-12953: Dropbear 2011.54 through 2018.76 has an inconsistent > failure delay that may lead to revealing valid usernames. This is a > different issue than CVE-2018-15599. > Please go ahead; sorry for

Bug#987538: buster-pu: package node-end-of-stream/1.4.1-1+deb10u1

Control: tags -1 + confirmed On Sun, 2021-04-25 at 12:02 +0200, Yadd wrote: > node-end-of-stream test is RC-buggy. This little patch workaround > this > bug which seems not related to node-end-of-stream itself > Please go ahead. Regards, Adam

Processed: Re: Bug#1016706: transition: GNOME 43 mega libsoup3 transition

Processing commands for cont...@bugs.debian.org: > block 1016706 by 1016180 Bug #1016706 [release.debian.org] transition: GNOME 43 mega libsoup3 transition 1016706 was not blocked by any bugs. 1016706 was not blocking any bugs. Added blocking bug(s) of 1016706: 1016180 > End of message, stopping

Processed: Re: Bug#1008163: buster-pu: package node-minimist/1.2.0-1+deb10u2

Processing control commands: > tags -1 + confirmed Bug #1008163 [release.debian.org] buster-pu: package node-minimist/1.2.0-1+deb10u2 Added tag(s) confirmed. -- 1008163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008163 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Bug#1008163: buster-pu: package node-minimist/1.2.0-1+deb10u2

Control: tags -1 + confirmed On Wed, 2022-03-23 at 12:45 +0100, Yadd wrote: > node-minimist is vulnerable to a prototype pollution not totally > fixed > by CVE-2020-7598 patch (pushed in 1.2.5-1 and 1.2.0-1+deb10u1) > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1008154: buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1008154 [release.debian.org] buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1 Added tag(s) confirmed. -- 1008154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008154 Debian Bug Tracking System Contact ow...@bugs.debian.org

Bug#1008154: buster-pu: package node-node-forge/0.8.1~dfsg-1+deb10u1

Control: tags -1 + confirmed On Wed, 2022-03-23 at 11:29 +0100, Yadd wrote: > node-node-forge signature verification code is lenient in checking > the digest > algorithm structure. This can allow a crafted structure that steals > padding > bytes and uses unchecked portion of the PKCS#1 encoded

Processed: Re: Bug#1009076: buster-pu: minidlna/1.2.1+dfsg-2+deb10u3

Processing control commands: > tags -1 + confirmed Bug #1009076 [release.debian.org] buster-pu: minidlna/1.2.1+dfsg-2+deb10u3 Added tag(s) confirmed. -- 1009076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009076 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1009076: buster-pu: minidlna/1.2.1+dfsg-2+deb10u3

Control: tags -1 + confirmed On Wed, 2022-04-06 at 21:49 +, Thorsten Alteholz wrote: > The attached debdiff for minidlna fixes CVE-2022-26505 in Buster. > This > CVE has been marked as no-dsa by the security team. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1010060: buster-pu: package mutt/1.10.1-2.1+deb10u6

Processing control commands: > tags -1 + confirmed Bug #1010060 [release.debian.org] buster-pu: package mutt/1.10.1-2.1+deb10u6 Added tag(s) confirmed. -- 1010060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1010060: buster-pu: package mutt/1.10.1-2.1+deb10u6

Control: tags -1 + confirmed On Sat, 2022-04-23 at 15:04 +0200, Salvatore Bonaccorso wrote: > I prepared an update for mutt, fixing CVE-2022-1328, a buffer- > overflow > in uudecoder. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1009652: buster-pu: package nvidia-graphics-drivers/418.226.00-3

Processing control commands: > tags -1 + confirmed Bug #1009652 [release.debian.org] buster-pu: package nvidia-graphics-drivers/418.226.00-3 Added tag(s) confirmed. -- 1009652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009652 Debian Bug Tracking System Contact ow...@bugs.debian.org

Bug#1009652: buster-pu: package nvidia-graphics-drivers/418.226.00-3

Control: tags -1 + confirmed On Wed, 2022-04-13 at 18:26 +0200, Andreas Beckmann wrote: > I'd like to update nvidia-graphics-drivers in buster to the final > upstream release. It has reached EoL in 03/2022, that should be > documented with a NEWS entry (as we had done with the 340xx legacy >

Processed: Re: Bug#1009251: buster-pu: fribidi/1.0.5-3.1+deb10u2

Processing control commands: > tags -1 + confirmed Bug #1009251 [release.debian.org] buster-pu: fribidi/1.0.5-3.1+deb10u2 Added tag(s) confirmed. -- 1009251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1009251: buster-pu: fribidi/1.0.5-3.1+deb10u2

Control: tags -1 + confirmed On Sat, 2022-04-09 at 23:03 +, Thorsten Alteholz wrote: > > The attached debdiff for fribidi fixes CVE-2022-25308, CVE-2022-25309 > and > CVE-2022-25310 in Buster. These CVEs have been marked as no-dsa by > the > security team. > Please go ahead; sorry for the

Bug#1016706: transition: GNOME 43 mega libsoup3 transition

Package: release.debian.org Tags: moreinfo User: release.debian@packages.debian.org Usertags: transition X-Debbugs-Cc: debian-gtk-gn...@lists.debian.org As requested, I am filing this bug early but I still need to do local rebuilds and testing. GNOME 43 is switching its core apps and

Bug#1010380: buster-pu: flac/1.3.2-3+deb10u2

Control: tags -1 + confirmed On Fri, 2022-04-29 at 22:33 +, Thorsten Alteholz wrote: > The attached debdiff for flac fixes CVE-2021-0561 in Buster. This > CVE > has been marked as no-dsa by the security team. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1010380: buster-pu: flac/1.3.2-3+deb10u2

Processing control commands: > tags -1 + confirmed Bug #1010380 [release.debian.org] buster-pu: flac/1.3.2-3+deb10u2 Added tag(s) confirmed. -- 1010380: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1010858 [release.debian.org] buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1 Added tag(s) confirmed. -- 1010858: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010858 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Bug#1011030: buster-pu: package htmldoc/1.9.3-1+deb10u4

Control: tags -1 + confirmed On Sun, 2022-05-15 at 20:32 +0200, Håvard Flaget Aasen wrote: > Fixes three CVE's CVE-2022-24191, CVE-2022-27114 and CVE-2022-28085 > > [ Reason ] > One minor issue, two unimportant, still nice to have them all fixed > at > the same time. > > [ Impact ] > Images is

Processed: Re: Bug#1011030: buster-pu: package htmldoc/1.9.3-1+deb10u4

Processing control commands: > tags -1 + confirmed Bug #1011030 [release.debian.org] buster-pu: package htmldoc/1.9.3-1+deb10u4 Added tag(s) confirmed. -- 1011030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1010858: buster-pu: package unrar-nonfree/1:5.6.6-1+deb10u1

Control: tags -1 + confirmed On Thu, 2022-05-12 at 02:31 +0900, yokota wrote: > CVE-2022-30333 is directory traversal vulnerability. > It write to files during an extract operation on outside of > extraction > directory. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1010388: buster-pu: package node-ejs/2.5.7-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1010388 [release.debian.org] buster-pu: package node-ejs/2.5.7-1+deb10u1 Added tag(s) confirmed. -- 1010388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010388 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1010388: buster-pu: package node-ejs/2.5.7-1+deb10u1

Control: tags -1 + confirmed On Sat, 2022-04-30 at 10:23 +0200, Yadd wrote: > node-ejs is vulnerable to server-side template injection > (CVE-2022-29078, #1010359) and probably to prototype pollution. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1015243: buster-pu: package commons-daemon/1.0.15-8

Processing control commands: > tags -1 + confirmed Bug #1015243 [release.debian.org] buster-pu: package commons-daemon/1.0.15-8 Added tag(s) confirmed. -- 1015243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1015243: buster-pu: package commons-daemon/1.0.15-8

Control: tags -1 + confirmed On Mon, 2022-07-18 at 11:49 +0200, Chris Hofstaedtler wrote: > Running a java daemon using jsvc and the JVM from (old)stable does > not > work. It appears no java programs inside Debian still use jsvc, > otherwise people would have noticed earlier. This is bug

Processed: Re: Bug#1012048: buster-pu: package composer/1.8.4-1+deb10u2

Processing control commands: > tags -1 + confirmed Bug #1012048 [release.debian.org] buster-pu: package composer/1.8.4-1+deb10u2 Added tag(s) confirmed. -- 1012048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012048 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#1012048: buster-pu: package composer/1.8.4-1+deb10u2

Control: tags -1 + confirmed On Sun, 2022-05-29 at 12:37 +0200, David Prévot wrote: > I’d like to address CVE-2022-24828 that has been tagged as no-dsa. > Some > people may also wish to see #989315 fixed (it was reported twice), as > well as #955485, and the fixes are trivial, so I’m proposing a

Bug#1011943: buster-pu: package php-guzzlehttp-psr7/1.4.2-0.1+deb10u1

Control: tags -1 + confirmed On Fri, 2022-05-27 at 14:23 +0200, David Prévot wrote: > The security team asked me to address #1008236 [CVE-2022-24775] via a > point release, so here I am. > Please go ahead; sorry for the delay. Regards, Adam

Processed: Re: Bug#1011943: buster-pu: package php-guzzlehttp-psr7/1.4.2-0.1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1011943 [release.debian.org] buster-pu: package php-guzzlehttp-psr7/1.4.2-0.1+deb10u1 Added tag(s) confirmed. -- 1011943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011943 Debian Bug Tracking System Contact ow...@bugs.debian.org

Processed: Re: Bug#1016198: buster-pu: package gif2apng/1.9+srconly-2+deb10u1

Processing control commands: > tags -1 + confirmed Bug #1016198 [release.debian.org] buster-pu: package gif2apng/1.9+srconly-2+deb10u1 Added tag(s) confirmed. -- 1016198: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016198 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Bug#1016198: buster-pu: package gif2apng/1.9+srconly-2+deb10u1

Control: tags -1 + confirmed On Fri, 2022-07-29 at 08:57 +0200, Håvard F.Aasen wrote: > This upload fixes three CVE's; > * CVE-2021-45909, Closes: #1002668: > heap based buffer overflow in the DecodeLZW > * CVE-2021-45910, Closes: #1002667: > heap-based buffer overflow within the main

Bug#1002956: Remote RCE in rabbitmq-server

On 8/5/22 01:24, Tim Abbott wrote: On Wed, Aug 3, 2022 at 12:22 AM Thomas Goirand > wrote: Hi Tim, Please don't top-post, we don't do that in Debian, and also: Apologies! FYI, I'm sad too, but there's nothing I can do but pinging again the stable