NEW changes in stable-new
Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_amd64.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_arm64.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_armel.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_armhf.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_i386.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_mips.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_mips64el.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_mipsel.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_ppc64el.changes ACCEPT Processing changes file: asterisk_13.14.1~dfsg-2+deb9u3_s390x.changes ACCEPT Processing changes file: awstats_7.6+dfsg-1+deb9u1_amd64.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_multi.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_all.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_amd64.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_arm64.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_armel.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_armhf.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_i386.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_mips.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_mips64el.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_mipsel.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_ppc64el.changes ACCEPT Processing changes file: bind9_9.10.3.dfsg.P4-12.3+deb9u4_s390x.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_amd64.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_all.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_amd64+buildd.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_arm64.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_armel.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_armhf.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_i386.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_mips.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_mips64el.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_mipsel.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_ppc64el.changes ACCEPT Processing changes file: curl_7.52.1-5+deb9u4_s390x.changes ACCEPT Processing changes file: django-anymail_0.8-2+deb9u1_amd64.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_source.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_all.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_amd64.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_arm64.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_armel.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_armhf.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_i386.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_mips.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_mips64el.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_mipsel.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_ppc64el.changes ACCEPT Processing changes file: ffmpeg_3.2.10-1~deb9u1_s390x.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_amd64.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_arm64.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_armel.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_armhf.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_i386.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_mips.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_mips64el.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_mipsel.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_ppc64el.changes ACCEPT Processing changes file: firefox-esr_52.6.0esr-1~deb9u1_s390x.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_source.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_all.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_amd64.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_arm64.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_armel.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_armhf.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_i386.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_mips.changes ACCEPT Processing changes file: gcab_0.7-2+deb9u1_mips64el.changes ACCEPT
Bug#889940: stretch-pu: package miniupnpd/1.8.20140523-4.1 fix for CVE-2017-1000494
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, I'd like to push for an update of miniupnpd in Stretch, in order to fix CVE-2017-1000494. The security team decided to go without a DSA. Attached is the debdiff for the fix. Also, please let me know if my .changes must include the .orig.tar.gz, if it must, I'll rebuild with --force-orig-source. I'm sorry for I never remember when it should or not... :( I've uploaded the built package there if you want to have a look: http://sid.gplhost.com/stretch-proposed-updates/miniupnpd/ Cheers, Thomas Goirand (zigo) diff -Nru miniupnpd-1.8.20140523/debian/changelog miniupnpd-1.8.20140523/debian/changelog --- miniupnpd-1.8.20140523/debian/changelog 2017-01-13 12:52:51.0 +0100 +++ miniupnpd-1.8.20140523/debian/changelog 2018-02-07 12:18:50.0 +0100 @@ -1,3 +1,9 @@ +miniupnpd (1.8.20140523-4.1+deb9u1) stretch; urgency=medium + + * Apply patch from upstream for CVE-2017-1000494 (Closes: #887129). + + -- Thomas GoirandWed, 07 Feb 2018 12:18:50 +0100 + miniupnpd (1.8.20140523-4.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru miniupnpd-1.8.20140523/debian/patches/CVE-2017-1000494.patch miniupnpd-1.8.20140523/debian/patches/CVE-2017-1000494.patch --- miniupnpd-1.8.20140523/debian/patches/CVE-2017-1000494.patch 1970-01-01 01:00:00.0 +0100 +++ miniupnpd-1.8.20140523/debian/patches/CVE-2017-1000494.patch 2018-02-07 12:18:43.0 +0100 @@ -0,0 +1,35 @@ +Description: fix for CVE-2017-1000494 + This patch was backported by upstream. +Author: Thomas Bernard +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/887129 +Last-Update: 2018-02-07 + +diff -ru miniupnpd-1.8.20140523.orig/minixml.c miniupnpd-1.8.20140523/minixml.c +--- miniupnpd-1.8.20140523.orig/minixml.c 2014-02-05 17:29:33.0 +0100 miniupnpd-1.8.20140523/minixml.c 2018-02-02 16:46:19.115527000 +0100 +@@ -161,7 +161,8 @@ + if (p->xml >= p->xmlend) + return; + } +- if(memcmp(p->xml, " */ ++ if((p->xmlend >= (p->xml + (9 + 3))) && (memcmp(p->xml,
NEW changes in stable-new
Processing changes file: linux_4.9.80-1_s390x.changes ACCEPT
Bug#889937: transition: libminiupnpc
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Dear release team, libminiupnpc16 is now in Experimental. I tried rebuilding all reverse dependencies, which are: * 0ad * bitcoin * classified-ads * dogecoin * dolphin-emu * eiskaltdcpp * i2pd * litecoin * megaglest * sushi * swift-im * transmission * warzone2100 Out of this, eiskaltdcpp and bitcoin failed to build for apparently unrelated issues, and for the 3rd one swift-im, I filed a bug: https://bugs.debian.org/889062 2 reverse dependencies seemed to have libminiupnpc upgrade issues, and I fied bugs against them: sushi-1.4.0+git20160822+dfsg https://bugs.debian.org/889055 warzone2100 3.2.1-2: https://bugs.debian.org/889059 I do have proposed patches from upstream, which basically means doing this: #if defined(MINIUPNPC_API_VERSION) && (MINIUPNPC_API_VERSION >= 14) miniupnpc_dev = upnpDiscover(3000, NULL, NULL, 0, 0, 2, ); /* use default TTL of 2 */ #elif defined(MINIUPNPC_API_VERSION) && (MINIUPNPC_API_VERSION >= 8) miniupnpc_dev = upnpDiscover(3000, NULL, NULL, 0, 0, ); #elif defined(MINIUPNPC_API_VERSION) && (MINIUPNPC_API_VERSION >= 3) miniupnpc_dev = upnpDiscover(3000, NULL, NULL, 0); #else miniupnpc_dev = upnpDiscover(3000, NULL, NULL); #endif which seems fairly easy to fix in both sushi and warzone2100, and both of which has been documented in the bug reports by upstream. Therefore, I think it's time to request for a transition slot. Please let me know when I can upload miniupnpc to Sid. Cheers, Thomas Goirand (zigo) Ben file: title = "libminiupnpc"; is_affected = .depends ~ "libminiupnpc10" | .depends ~ "libminiupnpc16"; is_good = .depends ~ "libminiupnpc16"; is_bad = .depends ~ "libminiupnpc10";
NEW changes in stable-new
Processing changes file: linux_4.9.80-1_all.changes ACCEPT Processing changes file: linux_4.9.80-1_ppc64el.changes ACCEPT
Bug#889770: marked as done (nmu: ivtools_1.2.11a1-9)
Your message dated Fri, 9 Feb 2018 09:28:44 +0200 with message-id <20180209072843.GA16952@localhost> and subject line Obsoleted by ivtools 1.2.11a1-10 has caused the Debian Bug report #889770, regarding nmu: ivtools_1.2.11a1-9 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 889770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu ivtools_1.2.11a1-9 . ANY . unstable . -m "Rebuild after glibc 2.26 changed the libace-6.4.5 ABI" See #887774 for details regarding the ABI change caused by changes in glibc 2.26. libdiagnostics0, the other reverse dependency of libace-6.4.5, FTBFS for unreleated reasons (#889748). --- End Message --- --- Begin Message --- No binNMU is required after the ivtools 1.2.11a1-10 upload. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed--- End Message ---
NEW changes in stable-new
Processing changes file: linux_4.9.80-1_amd64.changes ACCEPT Processing changes file: linux_4.9.80-1_armel.changes ACCEPT