On 2022-02-19 19:52, Adam D. Barratt wrote:
> Please go ahead.
Thanks, uploaded.
Best wishes,
Andrius
On Sat 2022-02-19 17:09:21 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
>
> On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
>> Please consider an update to GnuPG in debian bullseye, from version
>> 2.2.27-2 to 2.2.27-2+deb11u1.
>>
>
> The version mentioned above
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal
Please schedule this rebuild to finish the auto-upperlimit evolution
3.43 mini-transition:
nmu evolution-rss_0.3.96-4 . ANY . unstable . -m "Rebuild against
evolution 3.43"
Thanks,
Jeremy
On Sun, 23 Jan 2022 22:59:21 +0200 Adrian Bunk wrote:
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org
* CVE-2019-17041: Heap overflow in the AIX message parser.
Processing control commands:
> tags -1 + confirmed
Bug #1001454 [release.debian.org] buster-pu: package privoxy/3.0.28-2+deb10u1
Added tag(s) confirmed.
--
1001454: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001454
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Fri, 2021-12-10 at 13:00 +0100, Roland Rosenfeld wrote:
> This fixes CVE-2021-44540 and CVE-2021-44543.
> Since all are tagged "minor issue" in the security-tracer, I tend to
> send this into the next point release of buster.
>
Please go ahead. Sorry for the
Processing control commands:
> tags -1 + confirmed
Bug #1003826 [release.debian.org] buster-pu: package
libjackson-json-java/1.9.13-2~deb10u1
Added tag(s) confirmed.
--
1003826: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003826
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Processing control commands:
> tags -1 + confirmed
Bug #1003825 [release.debian.org] buster-pu: package libetpan/1.9.3-2+deb10u1
Added tag(s) confirmed.
--
1003825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003825
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
On Sat, 19 Feb 2022 at 17:32:40 +, Adam D. Barratt wrote:
> On Sun, 2022-01-30 at 17:45 +, Simon McVittie wrote:
> > Bug fix updates from upstream gnome-3-38 branch, prompted by user
> > request in #1002651.
>
> Please go ahead; thanks.
Uploaded.
smcv
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 13:59 +0200, Adrian Bunk wrote:
> * CVE-2020-15953: STARTTLS response injection that
> affects IMAP, SMTP, and POP3. (Closes: #966647)
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 14:17 +0200, Adrian Bunk wrote:
> * Add upstream fixes.
> - Serializing types for deeply nested Maps.
> - Set Secure Processing flag on DocumentBuilderFactory.
> - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172)
>
Processing control commands:
> tags -1 + confirmed
Bug #1003795 [release.debian.org] buster-pu: package
evolution-data-server/3.30.5-1+deb10u2
Added tag(s) confirmed.
--
1003795: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003795
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 00:27 +0200, Adrian Bunk wrote:
> * CVE-2020-16117: Crash on malformed server response with
> minimal capabilities.
Please go ahead.
Regards,
Adam
On Sat, 19 Feb 2022 at 17:49:13 +, Adam D. Barratt wrote:
> That looks OK to me, but will need a d-i ack as gtk+3.0 builds
> a udeb
Since kibi confirmed that d-i doesn't actually use GTK 3, I've uploaded.
smcv
Processing control commands:
> clone -1 -2
Bug #1003841 [release.debian.org] buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Bug 1003841 cloned as bug 1006142
> retitle -2 nmu: beads/1.1.18+dfsg-3
Bug #1006142 [release.debian.org] buster-pu: package cimg/2.4.5+dfsg-1+deb10u1
Changed Bug title to
Control: clone -1 -2
Control: retitle -2 nmu: beads/1.1.18+dfsg-3
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 20:51 +0200, Adrian Bunk wrote:
> * CVE-2020-25693: Fix multiple heap buffer overflows.
> (Closes: #973770)
>
Please go ahead.
> This is a headers-only library, the only
Processing control commands:
> tags -1 + confirmed
Bug #1003827 [release.debian.org] buster-pu: package wireshark/2.6.20-0+deb10u3
Added tag(s) confirmed.
--
1003827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003827
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 15:08 +0200, Adrian Bunk wrote:
> * CVE-2021-22207: Excessive memory consumption in the MS-WSP
> dissector.
> (Closes: #987853)
> * CVE-2021-22235: Crash in the DNP dissector.
> * CVE-2021-39921: NULL pointer exception in the Modbus
Processing control commands:
> tags -1 + confirmed
Bug #1004055 [release.debian.org] buster-pu: package raptor2/2.0.14-1.1~deb10u2
Added tag(s) confirmed.
--
1004055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004055
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Wed, 2022-01-19 at 22:30 +, Thorsten Alteholz wrote:
> The attached debdiff for raptor2 fixes CVE-2020-25713 in Buster. This
> CVE
> is marked as no-dsa by the security team.
>
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Wed, 2022-01-19 at 22:19 +, Thorsten Alteholz wrote:
> The attached debdiff for zziplib fixes CVE-2020-18442 in Bullseye.
> This
> CVE is marked as no-dsa by the security team.
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1004050 [release.debian.org] bullseye-pu: package
zziplib/0.13.62-3.3+deb11u1.debdiff
Added tag(s) confirmed.
--
1004050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004050
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Processing control commands:
> tags -1 + confirmed
Bug #1003842 [release.debian.org] buster-pu: package flac/1.3.2-3+deb10u1
Added tag(s) confirmed.
--
1003842: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003842
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-16 at 21:03 +0200, Adrian Bunk wrote:
> * CVE-2020-0499: Out of bounds read due to a heap buffer overflow.
> (Closes: #977764)
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1004249 [release.debian.org] buster-pu: package weechat/2.3-1+deb10u1
Added tag(s) confirmed.
--
1004249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004249
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 17:27 +0200, Adrian Bunk wrote:
> * CVE-2020-8955: A crafted irc message 324 (channel mode) could
> result in a crash. (Closes: #951289)
> * CVE-2020-9759: A crafted irc message 352 (who) could result
> in a crash.
> *
Processing control commands:
> tags -1 + confirmed
Bug #1004265 [release.debian.org] buster-pu: package rsyslog/8.1901.0-1+deb10u1
Added tag(s) confirmed.
--
1004265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 23:07 +0200, Adrian Bunk wrote:
> * CVE-2019-15165: Improper PHB header length validation.
> (Closes: #941697)
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 22:59 +0200, Adrian Bunk wrote:
> * CVE-2019-17041: Heap overflow in the AIX message parser.
> (Closes: #942067)
> * CVE-2019-17042: Heap overflow in the Cisco log message parser.
> (Closes: #942065)
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1004267 [release.debian.org] buster-pu: package libpcap/1.8.1-6+deb10u1
Added tag(s) confirmed.
--
1004267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004267
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 + confirmed
Bug #1004261 [release.debian.org] buster-pu: package opensc/0.19.0-1+deb10u1
Added tag(s) confirmed.
--
1004261: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004261
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 20:21 +0200, Adrian Bunk wrote:
> * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
> (Closes: #939668)
> * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
> (Closes: #939669)
> * CVE-2019-19479: Incorrect
Processing control commands:
> tags -1 + confirmed
Bug #1004268 [release.debian.org] buster-pu: package
libextractor/1:1.8-2+deb10u1
Added tag(s) confirmed.
--
1004268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004268
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 23:15 +0200, Adrian Bunk wrote:
> * CVE-2019-15531: Invalid read for malformed DVI files.
> (Closes: #935553)
The reformatting in the patch makes things rather noisier than they
need be, given that so far as I can tell the actual changes
Control: tags -1 + confirmed
On Wed, 2022-02-09 at 03:31 -0400, David Prévot wrote:
> Two security issues (XSS) have been fixed in the latest upstream
> version. As agreed with the security team, those are not worth a DSA.
>
> [ Impact ]
> Without these fixes, websites are vulnerable to already
Processing control commands:
> tags -1 + confirmed
Bug #1002051 [release.debian.org] bullseye-pu: package
heartbeat/1:3.0.6-11+deb11u1
Added tag(s) confirmed.
--
1002051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Tue, 2021-12-21 at 00:27 +0100, Valentin Vidic wrote:
> heartbeat deamon starts correctly after installation, but not
> after reboot because of missing /run/heartbeat directories.
> The change reintroduces a tempfiles configuration for creating
> the required
Processing control commands:
> tags -1 + confirmed
Bug #1005218 [release.debian.org] buster-pu: package spip/3.2.4-1+deb10u6
Added tag(s) confirmed.
--
1005218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005218
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 + confirmed
Bug #1001740 [release.debian.org] bullseye-pu: package
fcitx5-chinese-addons/5.0.4-1+deb11u1
Added tag(s) confirmed.
--
1001740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001740
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tags -1 + confirmed
On Tue, 2021-12-14 at 20:39 -0500, Boyuan Yang wrote:
> Currently the table input methods provided by fcitx5-table (in
> src:fcitx5-
> chinese-addons) will not work due to missing dependencies on fcitx5-
> module-
> pinyinhelper and fcitx5-module-punctuation. This is
Processing commands for cont...@bugs.debian.org:
> tags 1004050 - buster + bullseye
Bug #1004050 [release.debian.org] bullseye-pu: package
zziplib/0.13.62-3.3+deb11u1.debdiff
Removed tag(s) buster.
Bug #1004050 [release.debian.org] bullseye-pu: package
zziplib/0.13.62-3.3+deb11u1.debdiff
Added
Control: tags -1 + confirmed
On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> This update fixes the download of container images using the
> "download"
> template. pool.sks-keyservers.net is not active anymore, so the patch
> (already included in the upstream release present in
Processing control commands:
> tags -1 + confirmed
Bug #1004459 [release.debian.org] bullseye-pu: package lxc/1:4.0.6-2+deb11u1
Added tag(s) confirmed.
--
1004459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004459
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 + confirmed
Bug #1003765 [release.debian.org] bullseye-pu: package
node-markdown-it/10.0.0+dfsg-2+deb11u1
Added tag(s) confirmed.
--
1003765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003765
Debian Bug Tracking System
Contact
Processing control commands:
> tags -1 + confirmed
Bug #1004247 [release.debian.org] bullseye-pu: package weechat/3.0-1+deb11u1
Added tag(s) confirmed.
--
1004247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004247
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-23 at 17:18 +0200, Adrian Bunk wrote:
> * CVE-2021-40516: A crafted WebSocket frame could result in a crash
> in the Relay plugin. (Closes: #993803)
Please go ahead.
Regards,
Adam
Control: tags -1 + confirmed
On Sat, 2022-01-15 at 12:52 +0100, Yadd wrote:
> [ Reason ]
> node-markdown-it is vulnerable to regex denial of service
> (CVE-2022-21670)
>
Please go ahead.
Regards,
Adam
Hi,
Adam D. Barratt (2022-02-19):
> Thanks. That looks OK to me, but will need a d-i ack as gtk+3.0 builds
> a udeb; tagging and CCing accordingly.
d-i in bullseye is still on gtk2 (sorry), so gtk3 should be a no-brainer. :)
Cheers,
--
Cyril Brulebois (k...@debian.org)
Processing commands for cont...@bugs.debian.org:
> block 1004915 by 1005947
Bug #1004915 [release.debian.org] transition: ruby2.7-rm
1004915 was blocked by: 1001217
1004915 was blocking: 1006119
Added blocking bug(s) of 1004915: 1005947
> thanks
Stopping processing here.
Please contact me if you
Processing commands for cont...@bugs.debian.org:
> block 1004915 by 1001217
Bug #1004915 [release.debian.org] transition: ruby2.7-rm
1004915 was not blocked by any bugs.
1004915 was blocking: 1006119
Added blocking bug(s) of 1004915: 1001217
> thanks
Stopping processing here.
Please contact me
On 2022-02-18 10:26:26 +0100, Sebastian Ramacher wrote:
> On 2022-02-16 20:49:44, Jeff Breidenbach wrote:
> > libwebp 1.2.1-7 has been successfully uploaded to unstable.
> >
> > Anthony and Iustin, help is very strongly appreciated for the NMUs.
>
> Almost all reverse dependencies have
Control: tags -1 + moreinfo
On Wed, 2022-01-05 at 20:28 +0100, Johannes Schauer Marin Rodrigues
wrote:
> Currently, when a user happens to have an ASCII armored key in
> /etc/apt/trusted.gpg.d, running mmdebstrap without any special
> options
> will not work. See #1003175 for details.
>
> The
Processing control commands:
> tags -1 + moreinfo
Bug #1003188 [release.debian.org] bullseye-pu: package mmdebstrap/0.7.5-2.2
Added tag(s) moreinfo.
--
1003188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 confirmed
Bug #1006000 [release.debian.org] transition: draco
Added tag(s) confirmed.
> forwarded -1 https://release.debian.org/transitions/html/auto-draco.html
Bug #1006000 [release.debian.org] transition: draco
Set Bug forwarded-to-address to
Control: tags -1 confirmed
Control: forwarded -1
https://release.debian.org/transitions/html/auto-draco.html
On 2022-02-18 20:06:20 +0100, Timo Röhling wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
>
> Dear release
Processing control commands:
> tags -1 + confirmed
Bug #1003058 [release.debian.org] bullseye-pu: package openvswitch/2.15.0+ds1-2
Added tag(s) confirmed.
--
1003058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Mon, 2022-01-03 at 14:25 +0100, Thomas Goirand wrote:
> [ Reason ]
> Indeed, the updated version I would like to push contains a fix for
> CVE-2021-36980 (Debian bug #991308), and a fix for having libofproto
> properly installed if activating dpdk (which fixes
Processing control commands:
> tags -1 + confirmed
Bug #1003018 [release.debian.org] bullseye-pu: package
php-laravel-framework/6.20.14+dfsg-2+deb11u1
Added tag(s) confirmed.
--
1003018: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003018
Debian Bug Tracking System
Contact
Control: tags -1 + confirmed
On Mon, 2021-12-27 at 22:10 +0200, Peter Pentchev wrote:
> This is a future unblock request before I upload
> libarchive-3.4.3-2+deb11u1 to fix a couple of bugs that were
> fixed in later upstream versions and in unstable. They are all
> related to setting permissions
Control: tags -1 + confirmed
On Sun, 2022-01-02 at 21:10 +0100, Robin Gustafsson wrote:
> [ Reason ]
> Security issues affecting the version in bullseye.
> * Bug #1001333 (CVE-2021-43808)
> * Bug #1002728 (CVE-2021-43617)
>
> [ Impact ]
> * Users of web applications using certain templating
Processing control commands:
> tags -1 + confirmed
Bug #1002703 [release.debian.org] bullseye-pu: package
libarchive/3.4.3-2+deb11u1
Added tag(s) confirmed.
--
1002703: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
On Sat, 2022-02-19 at 18:52 +0100, Sebastian Andrzej Siewior wrote:
> On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> > Control: tags -1 + confirmed d-i
> …
> > Thanks. Assuming the above is still accurate, then this looks good
> > to
> > me.
> >
> > As the package builds a udeb, it will
Control: tags -1 + confirmed
On Mon, 2021-12-27 at 13:21 +0200, Peter Pentchev wrote:
> This is a future unblock request before I upload prips-1.1.1-
> 3+deb11u1
> to fix two upstream bugs that affect the base functionality of the
> program:
> an infinite loop if it is asked to print the
Processing control commands:
> tags -1 + confirmed
Bug #1002685 [release.debian.org] bullseye-pu: package prips/1.1.1-3+deb11u1
Added tag(s) confirmed.
--
1002685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002685
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 + confirmed
Bug #1002652 [release.debian.org] bullseye-pu: package schleuder/3.6.0-3+deb11u1
Added tag(s) confirmed.
--
1002652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002652
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sun, 2021-12-26 at 17:49 +, Georg Faerber wrote:
> [ Reason ]
> Since ActiveRecord >= 6.0, the SQLite3 connection adapter relies on
> boolean
> serialization to use 1 and 0, but does not natively recognize 't' and
> 'f' as
> booleans were previously serialized.
Processing control commands:
> tags -1 + confirmed
Bug #1005861 [release.debian.org] bullseye-pu: package
pdb2pqr/2.1.1+dfsg-7+deb11u1
Added tag(s) confirmed.
--
1005861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005861
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Wed, 2022-02-16 at 10:19 +0200, Andrius Merkys wrote:
> Executable propka from pdb2pqr is unusable with python3 (>= 3.8) due
> to
> the change in relative imports handling. The package has been
> migrated
> from python2 to python3 via patch, so the change just
On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
…
> Thanks. Assuming the above is still accurate, then this looks good to
> me.
>
> As the package builds a udeb, it will need a d-i ack; tagging and CCing
> accordingly.
I'm confused. May I upload or do I
Control: tags -1 + confirmed d-i
On Sun, 2022-02-13 at 13:44 +, Simon McVittie wrote:
> Typeahead search in the file chooser (File -> Save As... dialog)
> doesn't
> work on networked filesystems (NFS/CIFS) under some circumstances.
> (Having Tracker installed might accidentally avoid the bug,
Processing control commands:
> tags -1 + confirmed d-i
Bug #1005694 [release.debian.org] bullseye-pu: package gtk+3.0/3.24.24-4+deb11u1
Added tag(s) d-i and confirmed.
--
1005694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005694
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Processing control commands:
> tags -1 + confirmed
Bug #1005340 [release.debian.org] bullseye-pu: package
golang-1.15/1.15.15-1~deb11u3
Added tag(s) confirmed.
--
1005340: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005340
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sat, 2022-02-12 at 00:52 +0800, Shengjing Zhu wrote:
> [ Reason ]
> Backport patches for CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
>
> [ Impact ]
>
> + CVE-2022-23806: crypto/elliptic: fix IsOnCurve for big.Int values
> that are not valid coordinates
> +
Control: tags -1 + confirmed
On Tue, 2022-02-15 at 21:33 -0300, Antonio Terceiro wrote:
> Control: reopen -1
>
> > On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > > [ Reason ]
> > > Version 0.8.0-1 contains a bug caused by extra whitespace in
> > > src=""
> > > attributes
but yes its a 5 tree debian, oldstable stable testing unstable experimental
On Sat, Feb 19, 2022, 18:10 Adam D. Barratt
wrote:
> Control: tags -1 + confirmed d-i
>
> On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
> > Please consider an update to GnuPG in debian bullseye, from
Processing control commands:
> tags -1 + confirmed
Bug #1005288 [release.debian.org] bullseye-pu: package
sphinx-bootstrap-theme/0.7.1-1+deb11u1
Added tag(s) confirmed.
--
1005288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005288
Debian Bug Tracking System
Contact
Processing control commands:
> tags -1 + confirmed
Bug #1005217 [release.debian.org] bullseye-pu: package spip/3.2.11-3+deb11u2
Added tag(s) confirmed.
--
1005217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005217
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Wed, 2022-02-09 at 03:30 -0400, David Prévot wrote:
> Le 09/02/2022 à 03:04, David Prévot a écrit :
>
> >[x] attach debdiff against the package in (old)stable
>
> For real now…
Please go ahead; thanks.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1005013 [release.debian.org] bullseye-pu: package cinnamon/4.8.6-2+deb11u1
Added tag(s) confirmed.
--
1005013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005013
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> tags -1 + confirmed
Bug #1005010 [release.debian.org] bullseye-pu: package
node-nth-check/2.0.0-1+deb11u1
Added tag(s) confirmed.
--
1005010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005010
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sat, 2022-02-05 at 13:57 +0100, Fabio Fantoni wrote:
> [ Reason ]
> When an user attempts to add an online account that requires logging
> in
> through
> a web component, such as, Google, Facebook, Microsoft and/or
> Foursquare,
> cinnamon-settings crashes and
Control: tags -1 + confirmed
On Sat, 2022-02-05 at 12:46 +0100, Yadd wrote:
> [ Reason ]
> Regex Denial of Service (CVE-2021-3803)
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1005007 [release.debian.org] bullseye-pu: package
node-trim-newlines/3.0.0-1+deb11u1
Added tag(s) confirmed.
--
1005007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005007
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tags -1 + confirmed
On Sat, 2022-02-05 at 12:26 +0100, Yadd wrote:
> Regex Denial of Service (CVE-2021-33623)
>
Please go ahead.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1004575 [release.debian.org] bullseye-pu: package mutter/3.38.6-2~deb11u2
Added tag(s) confirmed.
--
1004575: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004575
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed
On Sun, 2022-01-30 at 17:45 +, Simon McVittie wrote:
> Bug fix updates from upstream gnome-3-38 branch, prompted by user
> request
> in #1002651.
>
Please go ahead; thanks.
Regards,
Adam
Processing control commands:
> tags -1 + confirmed
Bug #1004192 [release.debian.org] bullseye-pu: package
django-allauth/0.44.0+ds-1
Added tag(s) confirmed.
--
1004192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004192
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Sat, 2022-01-22 at 14:25 +0100, Pierre-Elliott Bécue wrote:
> Due to some changes in Python that upstream failed to take into
> account,
> django-allauth 0.44.0+ds-1 fails to work with the OpenID auth method.
> The fix in itself is a simple patch replacing the call
Processing control commands:
> tags -1 + confirmed
Bug #1004033 [release.debian.org] bullseye-pu: package
node-fetch/2.6.1-5+deb11u1
Added tag(s) confirmed.
--
1004033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004033
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tags -1 + confirmed
On Wed, 2022-01-19 at 16:49 +0100, Yadd wrote:
> node-fetch is vulnerable to privacy breach (CVE-2022-0235)
>
+node-fetch (2.6.1-5+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Don't forward secure headers to 3th party (Closes: CVE-2022-0235)
s/3th/3rd/
Processing control commands:
> tags -1 + confirmed
Bug #1004533 [release.debian.org] bullseye-pu: package
golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Added tag(s) confirmed.
> clone -1 -2 -3
Bug #1004533 [release.debian.org] bullseye-pu: package
Control: tags -1 + confirmed
Control: clone -1 -2 -3
Control: retitle -2 bullseye-pu: package
golang-github-containers-common/0.33.4+ds1-1+deb11u1
Control: retitle -3 bullseye-pu: package libpod/3.0.1+dfsg1-3+deb11u1
On Sat, 2022-01-29 at 21:00 -0500, Reinhard Tartler wrote:
> podman (produced
Processing control commands:
> tags -1 + confirmed
Bug #1004384 [release.debian.org] bullseye-pu: package
node-cached-path-relative/1.0.2-1+deb11u1
Added tag(s) confirmed.
--
1004384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004384
Debian Bug Tracking System
Contact
Control: tags -1 + confirmed
On Wed, 2022-01-26 at 15:02 +0100, Yadd wrote:
> node-cached-path-relative is vulnerable to prototype pollution
> (CVE-2021-23518)
>
Please go ahead.
Regards,
Adam
Processing changes file: redis_5.0.14-1+deb10u2_amd64.changes
ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_arm64-buildd.changes
ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_armel-buildd.changes
ACCEPT
Processing changes file: redis_5.0.14-1+deb10u2_armhf-buildd.changes
Processing changes file: chromium_98.0.4758.102-1~deb11u1_source.changes
ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_all-buildd.changes
ACCEPT
Processing changes file: chromium_98.0.4758.102-1~deb11u1_amd64-buildd.changes
ACCEPT
Processing changes file:
Processing control commands:
> tags -1 + confirmed d-i
Bug #1004452 [release.debian.org] bullseye-pu: package gnupg2/2.2.27-2+deb11u1
Added tag(s) d-i and confirmed.
--
1004452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004452
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Control: tags -1 + confirmed d-i
On Thu, 2022-01-27 at 17:02 -0500, Daniel Kahn Gillmor wrote:
> Please consider an update to GnuPG in debian bullseye, from version
> 2.2.27-2 to 2.2.27-2+deb11u1.
>
The version mentioned above is correct, but the proposed changelog is
not:
+gnupg2
Control: tags -1 + confirmed d-i
On Tue, 2022-01-11 at 00:00 +0100, Sebastian Andrzej Siewior wrote:
> This is an update to the latest stable update of the openssl package
> provided by upstream. It contains fixes for bugs which were not
> identified as security critical but still worth fixing.
>
Processing control commands:
> tags -1 + confirmed d-i
Bug #1003484 [release.debian.org] bullseye-pu: package openssl/1.1.1m-0+deb11u1
Added tag(s) confirmed and d-i.
--
1003484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003484
Debian Bug Tracking System
Contact ow...@bugs.debian.org
1 - 100 of 102 matches
Mail list logo
