NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_mips64el.changes ACCEPT
NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_mipsel.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_mips64el.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_mipsel.changes ACCEPT
NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_mips.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_mips.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_amd64.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_arm64.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_armel.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_armhf.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_ppc64el.changes ACCEPT
NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_amd64.changes ACCEPT Processing changes file: jigdo_0.7.3-5+deb10u1_arm64.changes ACCEPT Processing changes file: jigdo_0.7.3-5+deb10u1_armel.changes ACCEPT Processing changes file: jigdo_0.7.3-5+deb10u1_armhf.changes ACCEPT Processing changes file: jigdo_0.7.3-5+deb10u1_i386.changes ACCEPT Processing changes file: jigdo_0.7.3-5+deb10u1_ppc64el.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_all.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_i386.changes ACCEPT Processing changes file: cups_2.2.1-8+deb9u6_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_s390x.changes ACCEPT
Bug#963229: nmu: bsdmainutils_12.1.1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: binnmu Severity: normal Hello, bsdmainutils 12.1.1 had to pass through NEW, please schedule a binNMU to get rid of the amd64 binaries. nmu bsdmainutils_12.1.1 . ANY . -m 'Rebuild on buildd network' Thanks, Chris
Bug#963228: nmu: openscap_1.2.17-0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu This is a binNMU request after having a non-source-only upload due to NEW queue. nmu openscap_1.2.17-0.1 . amd64 . unstable . -m "Rebuild on buildd" -- Regards, Boyuan Yang
Bug#963224: nmu: pulseeffects_4.7.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu pulseeffects_4.7.1-2 . ANY . unstable . -m "rebuild with meson that has bug 960877 fixed" pulseeffects is currently statically linked with Boost due to #960877.
NEW changes in oldstable-new
Processing changes file: cups_2.2.1-8+deb9u6_source.changes ACCEPT Processing changes file: drupal7_7.52-2+deb9u11_source.changes ACCEPT Processing changes file: drupal7_7.52-2+deb9u11_all.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_amd64.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_arm64.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_armel.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_armhf.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_i386.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_mips.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_mips64el.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_mipsel.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_ppc64el.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u2_s390x.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_amd64.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_arm64.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_armel.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_armhf.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_i386.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_mips.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_mips64el.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_mipsel.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_ppc64el.changes ACCEPT Processing changes file: mutt_1.7.2-1+deb9u3_s390x.changes ACCEPT Processing changes file: python-django_1.10.7-2+deb9u9_amd64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_source.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_all.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_amd64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_arm64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_armel.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_armhf.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_i386.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_mips.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_mips64el.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_mipsel.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_ppc64el.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb9u1_s390x.changes ACCEPT
NEW changes in stable-new
Processing changes file: jigdo_0.7.3-5+deb10u1_source.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_source.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_amd64+buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_arm64.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_armel.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_armhf.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_i386.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_mips.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_mips64el.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_mipsel.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_ppc64el.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u1_s390x.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_source.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_amd64+buildd.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_arm64.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_armel.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_armhf.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_i386.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_mips.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_mips64el.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_mipsel.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_ppc64el.changes ACCEPT Processing changes file: mutt_1.10.1-2.1+deb10u2_s390x.changes ACCEPT Processing changes file: python-django_1.11.29-1~deb10u1_amd64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_source.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_all.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_amd64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_arm64.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_armel.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_armhf.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_i386.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_mips.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_mips64el.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_mipsel.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_ppc64el.changes ACCEPT Processing changes file: vlc_3.0.11-0+deb10u1_s390x.changes ACCEPT
Bug#962982: jigdo 0.7.3-5+deb10u1 flagged for acceptance
package release.debian.org tags 962982 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details == Package: jigdo Version: 0.7.3-5+deb10u1 Explanation: fix HTTPS support in jigdo-lite and jigdo-mirror
Processed: jigdo 0.7.3-5+deb10u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 962982 = buster pending Bug #962982 [release.debian.org] buster-pu: package jigdo/0.7.3-5 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 962982: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962982 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cups 2.2.1-8+deb9u6 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 958953 = stretch pending Bug #958953 [release.debian.org] stretch-pu: package cups/2.2.1-8+deb9u6 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 958953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958953 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#958953: cups 2.2.1-8+deb9u6 flagged for acceptance
package release.debian.org tags 958953 = stretch pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details == Package: cups Version: 2.2.1-8+deb9u6 Explanation: fix heap buffer overflow [CVE-2020-3898] and "the `ippReadIO` function may under-read an extension field" [CVE-2019-8842]
Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1
Control: tags -1 + confirmed d-i On Tue, 2020-06-02 at 21:30 +0100, Simon McVittie wrote: > dbus 1.10.30 fixes a local denial of service vulnerability for which > the Security Team have indicated they do not intend to issue a DSA > (the same one as 1.12.18). > > If possible I would like to continue to fix dbus issues in stretch > via new upstream releases; this one only contains the CVE fix, plus > its regression test and the usual Autotools noise. I suspect this will be the last such update before stretch moves to LTS, but that seems fair. This will need the usual KiBi ack, so tagging and CCing. Regards, Adam
Processed: Re: Bug#962068: stretch-pu: package dbus/1.10.30-0+deb9u1
Processing control commands: > tags -1 + confirmed d-i Bug #962068 [release.debian.org] stretch-pu: package dbus/1.10.30-0+deb9u1 Added tag(s) d-i and confirmed. -- 962068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#962067: buster-pu: package dbus/1.12.18-0+deb10u1
Control: tags -1 + confirmed d-i On Tue, 2020-06-02 at 21:22 +0100, Simon McVittie wrote: > dbus 1.12.18 fixes a local denial of service vulnerability for which > the Security Team have indicated they do not intend to issue a DSA. > > If possible I would like to use upstream 1.12.x versions of dbus for > buster (security and) stable updates, similar to the policy used in > stretch and jessie. This branch includes security fixes and selected > non-intrusive bug fixes (and unfortunately also the usual Autotools > noise). > That sounds OK to me, but will need the usual KiBi-ack due to the udeb. Regards, Adam
Processed: Re: Bug#962067: buster-pu: package dbus/1.12.18-0+deb10u1
Processing control commands: > tags -1 + confirmed d-i Bug #962067 [release.debian.org] buster-pu: package dbus/1.12.18-0+deb10u1 Added tag(s) d-i and confirmed. -- 962067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#948650: stretch-pu: package nginx/1.10.3-1+deb9u3
On Mon, 2020-03-30 at 22:05 +0100, Adam D. Barratt wrote: > On Mon, 2020-01-20 at 22:43 +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sat, 2020-01-11 at 12:19 +0200, Christos Trochalakis wrote: > > > I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non- > > > critical > > > CVE-2019-20372. > > > > Please go ahead, thanks. > > Ping? As a note, we're now planning for the final point release for stretch before it moves to LTS. Is this update still something of interest? Regards, Adam
Bug#930374: stretch-pu: package node-url-parse/1.0.5-2+deb9u1
On Sat, 2020-04-25 at 20:28 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2019-06-11 at 18:32 +0200, Xavier Guimard wrote: > > node-url-parse does not parse correctly hostname which leads to > > multiple vulnerabilities such as SSRF, Open Redirect, Bypass > > Authentication Protocol,... (#906058, CVE-2018-3774) > > > > I imported upstream patch in debian/patches/CVE-2018-3774.patch. > > This > > is the only changes enabled on installed files. Since this package > > didn't launch upstream test, I added also some build dependencies > > and > > installed some little required test dependencies in > > debian/tests/test_modules, and of course modify debian/rules. > > > > If you prefer to have only the security change without test, I just > > can just this commit with a debian/changelog entry: > > https://salsa.debian.org/js-team/node-url-parse/commit/e4204c37 > > > > Apologies for the long delay. Please go ahead. As a note, we're now planning for the final point release for stretch before it moves to LTS. Regards, Adam
Bug#941617: stretch-pu: package publicsuffix/20190925.1705-0+deb9u1
On Mon, 2020-03-30 at 22:03 +0100, Adam D. Barratt wrote: > Hi, > > On Tue, 2020-01-28 at 08:33 +, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On 2019-10-02 22:29, Daniel Kahn Gillmor wrote: > > > > Apologies for the delay in getting back to you on this, but please > > feel free to upload. > > Gentle ping. As a note, we're now planning for the final point release for stretch before it moves to LTS. Is this update still something of interest? Regards, Adam
Bug#961443: buster-pu: package perl/5.28.2
Control: tags -1 - moreinfo On Thu, Jun 04, 2020 at 09:44:29AM +0100, Dominic Hargreaves wrote: > Control: tags -1 + moreinfo > > On Tue, Jun 02, 2020 at 12:14:27AM +0100, Dominic Hargreaves wrote: > > Further to the above, we now have a no-dsa security issue to push out > > to buster (and stretch, but we prefer a more traditional approach there > > because of the relative size of changes and age of the release). > > > > The security issues in question are tracked at #962005. > > > > I attach the additional diff between 5.28.2 and 5.28.3 (which was > > purely a security release) - again, excluding doc and version churn. > > > > Please do let me know if you would be okay with this approach, and > > we can get the ball rolling. > > We're no longer proposing this approach for the immediate update > pending concerns around smooth upgrades (cf #962138). We expect this > an be fixable but in the meantime I'm temporarily withdrawing the > proposal. > > Expect to see a regular point release proposal with cherry-picks > shortly (for both buster and stretch). Okay, we seem to have a stable fix for this issue (as of 5.30.3-4), so I think we can put the new version bump proposal for buster back on the table. What do you think? Cheers Dominic
Bug#962234: stretch-pu: package perl/5.24.1-3+deb9u7
On Mon, Jun 15, 2020 at 08:46:03PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2020-06-04 at 22:02 +0100, Dominic Hargreaves wrote: > > Upstream released fixes for three regexp-related security issues > > on Monday: > > > > https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod > > > > The Debian security team would like these as no-dsa, so we would like > > to provide them in a point release. The patches have been trivially > > backported from 5.28. See #962005. > > > > Please go ahead. Thanks; uploaded.
Processed: Re: Bug#961443: buster-pu: package perl/5.28.2
Processing control commands: > tags -1 - moreinfo Bug #961443 [release.debian.org] buster-pu: package perl/5.28.3 Removed tag(s) moreinfo. -- 961443: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961443 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#948087: future of aufs in Debian.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear all, I have create a RFH since I have currently no time due to personal issue s: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963191 I hope somebody can help with the maintaining. Best, Jan Am 26.05.20 um 16:33 schrieb Jan Luca Naumann: > Dear Peter, > > I am in general still active but due to private stuff I was quite > bad maintaining aufs the last months, I am really sorry. I will try > to take a look into the package at the weekend. Additionally, I > will create a RFH bug, maybe somebody wants to help me so there is > no single point of failure in the future. > > Best, Jan > > On 26.05.20 15:18, peter green wrote: >> The aufs package last saw a maintainer upload in September 2019 >> and was last-updated (by a NMU) in October 2019. It has had >> broken build-dependencies in testing for half a year now (since >> Linux 5.3.9-3 migrated to testing in November 2019). >> >> According to dak rm the aufs source-package has two >> reverse-dependencies, aufs-tools and fsprotect neither of which >> has any reverse-dependencies. >> >> Adrian filed a rc bug in November 2019 which received no >> maintainer response, however the package was not autoremoved from >> testing due to aufs and aufs-tools being considered a "key >> packages" due to high popcon. This popcon actually seems to be >> growing in both absolute and percentage terms. I presume the high >> popcon is due to some deriviative (hence debian-derivatives and >> debian-live in cc) using aufs in their live image builds (as far >> as I can tell debian's own live images seem to use overlayfs >> instead nowadays). >> >> aufs does seem to still be maintained upstream with upstream >> claiming support for Linux 5.6. >> >> According to contributors.debian.net Jan Luca Naumann (the aufs >> maintainer) was last active in September 2019. Jan: are you >> still around? and if so do you still intend to maintain the aufs >> package? if not is someone else going to step up to the plate? or >> should these packages be removed from testing? -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEwNbeTg2NJIWRcwSlfhHX8Rn5cbsFAl7t5xkACgkQfhHX8Rn5 cbtQIRAAoOQXpteSVFE/ssF81zS80AqOTSTCjLzh76oXc7/az6eHUZpdVrNkPqd/ Cbz+iZiO2NDdpfw0APPA3bKoC9s9R+J9EpOxx7zS5eb87R7xJDAvTk5oskHl8lYH V2oXcZvai8Rzf+l+sLKG2k3c4WRuoli/QxLZP8TnE0ySVqmtYOZCUUSeCRYwjLed qAT6vW/5mgCaIIynZMXwYNW5889h8AVIt+n9WOHYCYEtltRTDkJU+n6ZpNx2VhbE HdDS98T/RWhwNq2oZEIkQlfZfYp7yNP0MtThvCnPRML1dSZwuMTLd4/nrNaL3ITK MBjt0/IZ6wlp1E18kePfpaHFLX7ekqhBqTr5PmCiQzyPorcgCaEq6rTkwfReuLWR g58wQmx/8GkrYh4HcCziETSoODGscicskBkzipk6yT9lA9JDROFMqnu8mudUc5B5 /VocELuPiQaEql4h1G/tkoZ/KSkZterDFZ72ssYoYzLgJQxLLY1wSlVKovtKaMcX 5kJ3dzHjmjEO1IRfpbPyFJ5HaFlfTHAbkXx3Ll5saz08KiX+isHr6JGU+ZEt4O3R P4+rc8Z+gjTURY/2xHo8XRvehEyuoRYfHDaXOmR3a7pazt6e4TZ0bR1uyOsbJWhy StTmrl72U6dTEXk20IhJdMlG1pp7I0aMfoW85nl182TJwnhxFWc= =W+Dn -END PGP SIGNATURE-