Bug#1070158: qtbase-opensource-src 5.15.2+dfsg-9+deb11u1 flagged for acceptance
package release.debian.org tags 1070158 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: qtbase-opensource-src Version: 5.15.2+dfsg-9+deb11u1 Explanation: security fixes [CVE-2022-25255 CVE-2023-24607 CVE-2023-32762 CVE-2023-32763 CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 CVE-2023-51714 CVE-2024-25580]
Bug#1064029: mailman3 3.3.8-2~deb12u2 flagged for acceptance
package release.debian.org tags 1064029 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: mailman3 Version: 3.3.8-2~deb12u2 Explanation: depend alternatively on cron-daemon; fix postgresql:// url in post-installation script
Bug#1055656: ms-gsl 4.0.0-2+deb12u1 flagged for acceptance
package release.debian.org tags 1055656 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ms-gsl Version: 4.0.0-2+deb12u1 Explanation: mark not_null constructors as noexcept
Bug#1070158: distro-info-data 0.51+deb11u6 flagged for acceptance
package release.debian.org tags 1070158 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: distro-info-data Version: 0.51+deb11u6 Explanation: declare intentions for bulllseye/bookworm; fix past data; add Ubuntu 24.10
Bug#1070137: bullseye-pu: package cloud-init/22.4.2-1
Control: tag -1 moreinfo Hi, On Tue, Apr 30, 2024 at 11:21:01AM -0700, Noah Meyerhans wrote: > There are pros and cons to each option. Given bullseye's age and > cloud-init's blast radius (a regression could potentially disrupt the > provisioning process of cloud VMs, which is particularly disruptive in > such environments) I lean toward option (2) above, as it minimizes the > changes. The obvious drawback is that we now have two versions of > cloud-init in the bullseye repositories, which was not the case > previously. The cloud team is committed to supporting this situation > for the duration of the bullseye LTS lifetime. I think I lean towards option 2 as well. I assume the versioning is calendar-based not semantic, so it's hard to know how disruptive 20.x -> 22.x would be, and meaningful testing across all the platforms it could be deployed on is unrealistic. Can you attach proposed debian/control and debian/changelog files please? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069880: bullseye-pu: package cpu/1.4.3-14~deb11u1
Control: tag -1 confirmed On Fri, Apr 26, 2024 at 12:01:33PM +0200, Andreas Beckmann wrote: > The last QA upload four years ago fixed a FTBFS (multiple definitions of > a global variable) by replacing that variable with an extern declaration > and zero definitions. This didn't result in a linker error (missing > symbol) because it happens in a plugin library and thus is only detected > at runtime when the plugin gets loaded (i.e. always). > So let's ship the plugin with *one* definition of the global variable > ;-) Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069943: bullseye-pu: package emacs/27.1+1-3.1+deb11u3
Control: tag -1 moreinfo Hi, On Sat, Apr 27, 2024 at 12:34:45PM +0100, Sean Whitton wrote: > This update also has the effect of rolling in changes already in > oldstable-security earlier than the usual point release copy, as > oldstable-security has deb11u2, while oldstable still has deb11u1. The security release hasn't been accepted into bullseye yet because there were reports of it being broken on mips64el. There was a bug but I'm afraid I don't have a reference to it. Do you know if your version solves the issue? If it does I can accept the security first for you to rebase against if that helps with the diffs. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070158: bullseye-pu: package distro-info-data/0.51+deb11u6
On Sun, May 12, 2024 at 11:55:45AM +, stefa...@debian.org wrote: > Hi Jonathan (2024.05.12_10:56:13_+) > > Control: tag -1 confirmed > > > > On Tue, Apr 30, 2024 at 08:58:52PM -0400, Stefano Rivera wrote: > > > 1. bullseye and bookworm LTS & ELTS. > > > 2. Ubuntu 24.10 Oracular Oriole > > > > Please go ahead, but if you'd prefer to wait until the final date for > > bullseye is determined feel free to wait and amend. > > It was uploaded when I filed the bug. So it was, sorry. > I'd say accept it now, and if we miss getting bullseye's final EoL in, > we can do it via LTS. Ok. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070761: bart-cuda 0.6.00-1+deb11u1 flagged for acceptance
package release.debian.org tags 1070761 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: bart-cuda Version: 0.6.00-1+deb11u1 Explanation: fix build test failures by relaxing a floating-point comparison
Bug#1070723: bart 0.6.00-3+deb11u1 flagged for acceptance
package release.debian.org tags 1070723 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: bart Version: 0.6.00-3+deb11u1 Explanation: fix build test failures by relaxing a floating-point comparison
Bug#1070154: bullseye-pu: qtbase-opensource-src/5.15.2+dfsg-9+deb11u1
Control: tag -1 confirmed On Tue, Apr 30, 2024 at 11:26:17PM +, Thorsten Alteholz wrote: > The attached debdiff for qtbase-opensource-src fixes several CVEs in > Bullseye. All CVEs are marked as no-dsa by the security team. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070799: bullseye-pu: package rustc-web/1.70.0+dfsg1-7~deb11u1
Control: tag -1 confimed moreinfo Hi, On Thu, May 09, 2024 at 12:36:16PM +0200, Emilio Pozuelo Monfort wrote: > rustc-web is needed to keep supporting firefox-esr/thunderbird on bullseye, > for the upcoming ESR 128 releases. Instead of updating rustc-mozilla, I > decided to backport the newer rustc-web (adopting that name) from bookworm. > The backport is clean, just a changelog bump. I'm attaching the debdiff from > the bookworm update to this one. Should rustc-mozilla be removed from oldstable as well as rustc-web introduced? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1070158: bullseye-pu: package distro-info-data/0.51+deb11u6
Control: tag -1 confirmed On Tue, Apr 30, 2024 at 08:58:52PM -0400, Stefano Rivera wrote: > 1. bullseye and bookworm LTS & ELTS. > 2. Ubuntu 24.10 Oracular Oriole Please go ahead, but if you'd prefer to wait until the final date for bullseye is determined feel free to wait and amend. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067544: libmicrohttpd 0.9.72-2+deb11u1 flagged for acceptance
package release.debian.org tags 1067544 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libmicrohttpd Version: 0.9.72-2+deb11u1 Explanation: fix out of bounds read with crafted POST requests [CVE-2023-27371]
Bug#1068082: intel-microcode 3.20240312.1~deb11u1 flagged for acceptance
package release.debian.org tags 1068082 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240312.1~deb11u1 Explanation: fixes for INTEL-SA-INTEL-SA-00972 [CVE-2023-39368], INTEL-SA-INTEL-SA-00982 [CVE-2023-38575], INTEL-SA-INTEL-SA-00898 [CVE-2023-28746], INTEL-SA-INTEL-SA-00960 [CVE-2023-22655] and INTEL-SA-INTEL-SA-01045 [CVE-2023-43490]
Bug#1064550: libjwt 1.10.2-1+deb11u1 flagged for acceptance
package release.debian.org tags 1064550 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libjwt Version: 1.10.2-1+deb11u1 Explanation: fix a timing side channel via strcmp() [CVE-2024-25189]
Bug#1070157: distro-info-data 0.58+deb12u2 flagged for acceptance
package release.debian.org tags 1070157 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: distro-info-data Version: 0.58+deb12u2 Explanation: declare intentions for bulllseye/bookworm; fix past data; add Ubuntu 24.10
Bug#1066842: extrepo-data 1.0.3+deb12u1 flagged for acceptance
package release.debian.org tags 1066842 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: extrepo-data Version: 1.0.3+deb12u1 Explanation: update repository information
Bug#1068695: bookworm-pu: package json-smart/2.2-2+deb12u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1066842: Updating extrepo-offline-data in Debian Stable (debdiff)
On Tue, Apr 23, 2024 at 09:10:54AM +0200, Thomas Goirand wrote: > diff -Nru extrepo-data-1.0.3/debian/changelog > extrepo-data-1.0.3+deb12u1+1/debian/changelog > --- extrepo-data-1.0.3/debian/changelog 2022-10-13 16:27:28.0 > +0200 > +++ extrepo-data-1.0.3+deb12u1+1/debian/changelog 2024-04-23 > 09:03:00.0 +0200 > @@ -1,3 +1,10 @@ > +extrepo-data (1.0.3+deb12u1+1) bookworm; urgency=medium > + > + * Update the repo data from the Debian unstable branch. > + * Fix d/copyright mime syntax. > + > + -- Thomas Goirand Tue, 23 Apr 2024 09:03:00 +0200 There's a stray "+1" in the version, should be 1.0.3+deb12u1. Is this actually a backport of current unstable though? In which case it should include the changelog from 1.0.4 and be 1.0.4~deb12u1. With one fix or the other, go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
On Thu, Feb 29, 2024 at 10:19:45AM +0100, Andreas Beckmann wrote: > nvidia-graphics-drivers-tesla-470 (470.239.06-1~deb12u1) bookworm; > urgency=medium > > * Rebuild for bookworm. > > -- Andreas Beckmann Thu, 29 Feb 2024 02:41:42 +0100 > > nvidia-graphics-drivers-tesla-470 (470.239.06-1) unstable; urgency=medium > > * New upstream long term support branch release 470.239.06 (2024-02-22). > * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265. (Closes: #1064989) > https://nvidia.custhelp.com/app/answers/detail/a_id/5520 > * Improved compatibility with recent Linux kernels. > > [ Andreas Beckmann ] > * Refresh patches. > > -- Andreas Beckmann Wed, 28 Feb 2024 02:22:39 +0100 > > nvidia-graphics-drivers (470.239.06-1) bullseye; urgency=medium > > * New upstream long term support branch release 470.239.06 (2024-02-22). > * Fixed CVE-2024-0074, CVE-2024-0078, CVE-2022-42265. (Closes: #1064983) > https://nvidia.custhelp.com/app/answers/detail/a_id/5520 > * Improved compatibility with recent Linux kernels. > > [ Andreas Beckmann ] > * Refresh patches. > * Upload to bullseye. > > -- Andreas Beckmann Thu, 29 Feb 2024 00:25:42 +0100 Is this apparent duplication correct? Sorry not to have spotted it before. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067148: hovercraft 2.7-2+deb11u1 flagged for acceptance
package release.debian.org tags 1067148 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: hovercraft Version: 2.7-2+deb11u1 Explanation: depend on python3-setuptools
Bug#1065268: phpseclib 1.0.19-3+deb11u2 flagged for acceptance
package release.debian.org tags 1065268 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: phpseclib Version: 1.0.19-3+deb11u2 Explanation: force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
Bug#1065266: php-phpseclib 2.0.30-2+deb11u2 flagged for acceptance
package release.debian.org tags 1065266 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-phpseclib Version: 2.0.30-2+deb11u2 Explanation: force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
Bug#1065079: php-doctrine-annotations 1.11.2-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065079 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-doctrine-annotations Version: 1.11.2-1+deb11u1 Explanation: force system dependency loading
Bug#1065077: php-zend-code 4.0.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1065077 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-zend-code Version: 4.0.0-2+deb11u1 Explanation: force system dependency loading
Bug#1065076: php-proxy-manager 2.11.1+1.0.3-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065076 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-proxy-manager Version: 2.11.1+1.0.3-1+deb11u1 Explanation: force system dependency loading
Bug#1065075: symfony 4.4.19+dfsg-2+deb11u5 flagged for acceptance
package release.debian.org tags 1065075 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: symfony Version: 4.4.19+dfsg-2+deb11u5 Explanation: force system dependency loading; DateTypTest: ensure submitted year is accepted choice
Bug#1065070: php-composer-xdebug-handler 1.4.5-1+deb11u1 flagged for acceptance
package release.debian.org tags 1065070 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-composer-xdebug-handler Version: 1.4.5-1+deb11u1 Explanation: force system dependency loading
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
On Tue, Apr 23, 2024 at 08:29:06PM +0200, Tormod Volden wrote: > On Tue, Apr 23, 2024 at 7:05 PM Jonathan Wiltshire wrote: > > > > Thanks for the upload. Once built I intend to release it through the > > stable-updates mechanism, but the announcement will carry your name. Any > > comments on the following text? > > > > | The XScreenSaver package as released in Debian 12 includes an "out-of-date > > | software warning", which is displayed prior to each unlock operation. > > | This update disables such warnings. > > | > > | Users can rest assured that XScreenSaver remains supported by Debian > > | for the lifetime of the stable distribution. > > > > Thanks a lot for processing this update. Your suggested text is very > well formulated, I have nothing to add. Amusingly it turns out our template example is the last xscreensaver update, so I've just used that. It says the same things anyway. Should be published tonight or tomorrow. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
Thanks for the upload. Once built I intend to release it through the stable-updates mechanism, but the announcement will carry your name. Any comments on the following text? | The XScreenSaver package as released in Debian 12 includes an "out-of-date | software warning", which is displayed prior to each unlock operation. | This update disables such warnings. | | Users can rest assured that XScreenSaver remains supported by Debian | for the lifetime of the stable distribution. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1057107: libssh2 1.9.0-2+deb11u1 flagged for acceptance
package release.debian.org tags 1057107 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libssh2 Version: 1.9.0-2+deb11u1 Explanation: fix out of bounds memory check in _libssh2_packet_add [CVE-2020-22218]
Bug#1068947: curl 7.74.0-1.3+deb11u12 flagged for acceptance
package release.debian.org tags 1068947 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: curl Version: 7.74.0-1.3+deb11u12 Explanation: fix memory leak when HTTP/2 server push is aborted [CVE-2024-2398]
Bug#1069704: xscreensaver 6.06+dfsg1-3+deb12u1 flagged for acceptance
package release.debian.org tags 1069704 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: xscreensaver Version: 6.06+dfsg1-3+deb12u1 Explanation: disable warning about old versions
Bug#1069704: bookworm-pu: package xscreensaver/6.06+dfsg1-3+deb12u1
Control: tag -1 confirmed On Tue, Apr 23, 2024 at 08:37:21AM +0200, Tormod Volden wrote: > Bug #1069617: xscreensaver 6.06 shows upstream upgrade warning from 2024-05-04 Urgh, I thought this was long since dealt with. Please go ahead urgently. I presume you've taken steps to avoid it creeping back into future releases? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065053: bullseye-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067106: bullseye-pu: package nvidia-settings/470.239.06-1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065268: bullseye-pu: package phpseclib/1.0.19-3+deb11u2
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065266: bullseye-pu: package php-phpseclib/2.0.30-2+deb11u2
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065079: bullseye-pu: package php-doctrine-annotations/1.11.2-1+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065077: bullseye-pu: package php-zend-code/4.0.0-2+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065076: bullseye-pu: package php-proxy-manager/2.11.1+1.0.3-1+deb11u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065075: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u5
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065071: bullseye-pu: package php-symfony-contracts/1.1.10-2+deb11u1
Control: tag -1 confirmed On Thu, Feb 29, 2024 at 12:30:50PM +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1, similar to #1065058 in > bookworm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1065070: bookworm-pu: package php-composer-xdebug-handler/1.4.5-1+deb11u1
Control: tag -1 confirmed On Thu, Feb 29, 2024 at 12:25:45PM +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1, similar to #1065057 in > bookworm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069253: libapache2-mod-auth-openidc 2.4.9.4-0+deb11u4 flagged for acceptance
package release.debian.org tags 1069253 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libapache2-mod-auth-openidc Version: 2.4.9.4-0+deb11u4 Explanation: fix mising input validation leading to DoS [CVE-2024-24814]
Bug#1068514: imlib2 1.7.1-2+deb11u1 flagged for acceptance
package release.debian.org tags 1068514 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: imlib2 Version: 1.7.1-2+deb11u1 Explanation:
Bug#1065743: postfix 3.5.25-0+deb11u1 flagged for acceptance
package release.debian.org tags 1065743 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: postfix Version: 3.5.25-0+deb11u1 Explanation: upstream bugfix release
Bug#1068118: amavisd-new 2.11.1-5+deb11u1 flagged for acceptance
package release.debian.org tags 1068118 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: amavisd-new Version: 2.11.1-5+deb11u1 Explanation: handle multiple boundary parameters that contain conflicting values [CVE-2024-28054]
Bug#1064550: bullseye-pu: libjwt/1.10.2-1+deb11u1
Control: tag -1 confirmed On Sat, Feb 24, 2024 at 12:49:21AM +, Thorsten Alteholz wrote: > The attached debdiff for libjwt fixes CVE-2024-25189 in Bullseye. It is > marked as no-dsa by the security team. > The fix is straightfoward and should not make any problems. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1057107: bullseye-pu: package libssh2/1.9.0-2
Control: tag -1 confirmed On Tue, Dec 19, 2023 at 07:52:02PM -0500, Nicolas Mora wrote: > Hello, > > Thank you for the feedback, the new attached debdiff should fix these. > > Thanks! Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068514: bullseye-pu: package imlib2/1.7.1-2
Control: tag -1 confirmed On Sat, Apr 06, 2024 at 10:55:25PM +0200, Markus Koschany wrote: > Fixing CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 in bullseye. > Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067148: bullseye-pu: package hovercraft/2.7-2+deb11u1
Control: tag -1 confirmed On Tue, Mar 19, 2024 at 11:55:34AM +0100, Andreas Beckmann wrote: > @@ -25,6 +25,7 @@ Package: hovercraft > Architecture: all > Depends: python3-docutils, > libjs-impress (>= 1.0.0~), > + python3-setuptools, > ${misc:Depends}, > ${python3:Depends}, > ${sphinxdoc:Depends} This alignment looks funny; with it fixed please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1067544: bullseye-pu: libmicrohttpd/0.9.72-2+deb11u1.debdiff
Control: tag -1 confirmed On Sat, Mar 23, 2024 at 12:01:09PM +, Thorsten Alteholz wrote: > The attached debdiff for libmicrohttpd fixes CVE-2023-27371 in Bullseye. It > is marked as no-dsa by the security team. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068082: bullseye-pu: package intel-microcode/3.20240312.1~deb11u1
Control: tag -1 confirmed On Sat, Mar 30, 2024 at 07:50:45AM -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the microcode > update level for Intel processors in Bullseye and Bookworm to match what > we have in Sid and Trixie. This is the bug report for Bullseye, a > separate one will be filled for Bookmorm. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
Control: tag -1 confirmed On Tue, Apr 09, 2024 at 10:01:11AM +0200, Andreas Beckmann wrote: > +++ b/debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch > @@ -0,0 +1,27 @@ > +From: HAPPY Well if that doesn't tickle my antennae nothing will :) Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069297: bullseye-pu: package reportbug/7.10.3+deb11u2
Control: tag -1 confirmed On Fri, Apr 19, 2024 at 04:03:37PM +0200, Andreas Beckmann wrote: > After the release of bookworm, we should rotate the release codenames in > reportbug/bullseye again to keep reportbug/bullseye useful. Fixed in > sid/bookworm via #1034260. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069253: bullseye-pu: package libapache2-mod-auth-openidc/2.4.9.4-0+deb11u4
Control: tag -1 confirmed On Thu, Apr 18, 2024 at 09:44:59PM +0200, Moritz Schlarb wrote: > Backported the patch to fix CVE-2024-24814. > Does not require DSA as per #1064183#28. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068947: bullseye-pu: package curl/7.74.0-1.3+deb11u12
Control: tag -1 confirmed On Sat, Apr 13, 2024 at 11:36:17PM -0300, Guilherme Puida Moreira wrote: > 1. Fix CVE-2024-2398 Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1069286: dcmtk 3.6.7-9~deb12u1 flagged for acceptance
package release.debian.org tags 1069286 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dcmtk Version: 3.6.7-9~deb12u1 Explanation: clean up properly on purge
Bug#1069274: pdudaemon 0.0.8.58.g597052b-1+deb12u1 flagged for acceptance
package release.debian.org tags 1069274 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: pdudaemon Version: 0.0.8.58.g597052b-1+deb12u1 Explanation: depend on python3-aiohttp
Bug#1069262: u-boot 2023.01+dfsg-2+deb12u1 flagged for acceptance
package release.debian.org tags 1069262 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: u-boot Version: 2023.01+dfsg-2+deb12u1 Explanation: fix orion-timer for booting sheevaplug and related platforms
Bug#1069252: libapache2-mod-auth-openidc 2.4.12.3-2+deb12u1 flagged for acceptance
package release.debian.org tags 1069252 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libapache2-mod-auth-openidc Version: 2.4.12.3-2+deb12u1 Explanation: fix mising input validation leading to DoS [CVE-2024-24814]
Bug#1068836: yapet 2.6-2~deb12u1 flagged for acceptance
package release.debian.org tags 1068836 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: yapet Version: 2.6-2~deb12u1 Explanation: do not call EVP_CIPHER_CTX_set_key_length() in crypt/blowfish and crypt/aes
Bug#1051024: igtf-policy-bundle 1.128-1~deb12u1 flagged for acceptance
package release.debian.org tags 1051024 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: igtf-policy-bundle Version: 1.128-1~deb12u1 Explanation: address CAB Forum S/MIME policy change; apply accumulated updates to trust anchors
Bug#1068242: libtool 2.4.7-7~deb12u1 flagged for acceptance
package release.debian.org tags 1068242 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libtool Version: 2.4.7-7~deb12u1 Explanation: conflict with libltdl3-dev; fix check for += operator in func_append
Re: Re-planning for 12.6
On Sun, Apr 21, 2024 at 05:44:48PM +0100, Andy Simpkins wrote: > > On 21/04/2024 01:57, Steve McIntyre wrote: > > On Sat, Apr 20, 2024 at 05:41:13PM +0100, Jonathan Wiltshire wrote: > > > On Thu, Apr 18, 2024 at 10:58:41PM +0100, Steve McIntyre wrote: > > > > Hiya! > > > > > > > > Not wanting to pester *too* much, but where are we up to? > > > > > > > Right now I can still have 27th April on the cards but we're missing FTP > > > and > > > press. It's next week, we'd have to know this weekend and get frozen. > > > Mark indicated "maybe" and no answer from press. > > > > > > If that date works please reply urgently otherwise we're looking into May > > > and possibly just skipping to line up with the final bullseye anyway. > > It works for me, I guess. Dunno about other folks. > > > > I can still do 27th but as I have already stated Isy is now unavailable > until July due to exams. > > Please can we make a decision by Tuesday otherwise I'll end up doing > something else Too late now in any case. SRMs will regroup and decide whether we push for one in May or just wait for June anyway. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Re: Re-planning for 12.6
On Thu, Apr 18, 2024 at 10:58:41PM +0100, Steve McIntyre wrote: > Hiya! > > Not wanting to pester *too* much, but where are we up to? > Right now I can still have 27th April on the cards but we're missing FTP and press. It's next week, we'd have to know this weekend and get frozen. Mark indicated "maybe" and no answer from press. If that date works please reply urgently otherwise we're looking into May and possibly just skipping to line up with the final bullseye anyway. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068411: schleuder 4.0.3-7+deb12u1 flagged for acceptance
package release.debian.org tags 1068411 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: schleuder Version: 4.0.3-7+deb12u1 Explanation: fix argument parsing insufficient validation; fix importing keys from attachments sent by Thunderbird and handle mails without further content; look for keywords only at the start of mail; validate downcased email addresses when checking subscribers; consider From header for finding reply addresses
Bug#1068654: bioawk 1.0-4+deb12u1 flagged for acceptance
package release.debian.org tags 1068654 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: bioawk Version: 1.0-4+deb12u1 Explanation: disable parallel builds to fix random failures
Bug#1068574: icinga2 2.13.6-2+deb12u1 flagged for acceptance
package release.debian.org tags 1068574 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: icinga2 Version: 2.13.6-2+deb12u1 Explanation: fix segmentation fault on ppc64el
Bug#1068344: curl 7.88.1-10+deb12u6 flagged for acceptance
package release.debian.org tags 1068344 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: curl Version: 7.88.1-10+deb12u6 Explanation: do not keep default protocols when deselected [CVE-2024-2004]; fix memory leak [CVE-2024-2398]
Bug#1056936: glewlwyd 2.7.5-3+deb12u1 flagged for acceptance
package release.debian.org tags 1056936 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glewlwyd Version: 2.7.5-3+deb12u1 Explanation: fix potential buffer overflow during FIDO2 credential validation [CVE-2023-49208]; fi xopen redirection via redirect_uri [CVE-2024-25715]
Bug#1068574: bookworm-pu: package icinga2/2.13.6-2+deb12u1
Control: tag -1 confirmed Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1055966: openvpn-dco-dkms 0.0+git20231103-1~deb12u1 flagged for acceptance
package release.debian.org tags 1055966 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openvpn-dco-dkms Version: 0.0+git20231103-1~deb12u1 Explanation: build for Linux >= 6.5; install compat-include directory; fix refcount imbalance
Bug#1055802: qtbase-opensource-src 5.15.8+dfsg-11+deb12u1 flagged for acceptance
package release.debian.org tags 1055802 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qtbase-opensource-src Version: 5.15.8+dfsg-11+deb12u1 Explanation: fix regression in patch for CVE-2023-24607; avoid using system CA certificates when not wanted [CVE-2023-34410]; fix buffer overflow [CVE-2023-37369]; fix infinite loop in XML recursive entity expansion [CVE-2023-38197]
Bug#1063417: bookworm-pu: package libapache2-mod-qos/11.74-1+deb12u1
Control: tag -1 moreinfo Hi, On Mon, Feb 26, 2024 at 10:50:39AM -0500, Jérôme Charaoui wrote: > Hello, > > I had an exchange with a fellow DD about this update and uploading this to > bookworm-backports was suggested as a possible alternative considering the > large size of the .debdiff : > > > olasd | lavamind: in terms of policy, a backport would be allowed (it's a > new upstream release, it's in testing, and you seem to be using the package, > so you might as well upload it to bpo); That still leaves a buggy package in > bookworm, if the bookworm package has never worked, pulling in the newer > upstream release into a stable update may be deemed acceptable by the SRMs; > looking at the upstream changelog of libapache2-mod-qos, the changes for > compatibility with pcre2 (which is what our apache2 now builds against, > since 2.4.52-2) have been introduced in libapache2-mod-qos upstream 11.73. > Backporting the pcre2 support to the libapache2-mod-qos version in bookworm > isn't a very sensible option IMO, in terms of maintainability > > If SRMs agree with this assessement, I can close this bug and prepare and > upload to bookworm-backports instead. It's one sensible path forward and it gives you more flexibility, but it leaves a gap for users upgrading from bullseye. Long term, is a new maintainer forthcoming? The orphan bug doesn't seem to have any interest since being opened in 2019 and there weren't any uploads at all until last year. Maybe its future should be considered first and then that will inform the decision about how to handle stable. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1061594: bookworm-pu: package vasttrafik-cli/1.9-1
Control: tag -1 moreinfo On Sat, Jan 27, 2024 at 02:32:26AM +0100, Salvo "LtWorf" Tomaselli wrote: > [ Reason ] > The tool is a client to a public API. > > The provider of the API has shut down the public API used by that version and > made a new one. > > https://developer.vasttrafik.se/news/3 > > The new version of the package that is in sid uses the new API. > > I just want to bump. The changes are rather extensive, it does not make sense > to backport them. Does the API vendor give any stability guarantees? It seems quite new and we don't really want this same situation again. Since this package is not in oldstable, has relatively few users, and needs a rewrite, have you considered removal from stable and providing it through backports instead? That gives you a lot more flexibility throughout bookworm's lifetime. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1056936: bookworm-pu: package glewlwyd/2.7.5-3
Control: tag -1 confirmed Hi, On Wed, Feb 14, 2024 at 05:42:24PM -0500, Nicolas Mora wrote: > Hello, > > I've updated the debdiff to add a fix for CVE-2024-25715 Sorry for the delay; please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1055802: bookworm-pu: package qtbase-opensource-src/5.15.8+dfsg-11+deb12u1
Control: tag -1 confirmed On Sat, Nov 11, 2023 at 09:36:48PM +0300, Dmitry Shachnev wrote: > [ Reason ] > The main goal of the proposed update is to fix bug #1055280: broken Unicode > support in libqt5sql5-odbc because of patch for CVE-2023-24607. > > Additionally, I backported fixes for three more CVEs which were discovered > in the meantime: CVE-2023-34410, CVE-2023-37369 and CVE-2023-38197. Sorry for the delay; please go ahead (targetting bookworm in your debian/changelog). Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068326: mksh 59c-28+deb12u1 flagged for acceptance
package release.debian.org tags 1068326 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: mksh Version: 59c-28+deb12u1 Explanation: handle merged /usr in /etc/shells; fix crash with nested bashism; fix arguments to the dot command; distinguish unset and empty in `typeset -p`
Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Control: tag -1 moreinfo On Sun, Oct 15, 2023 at 12:55:48PM +0900, yokota wrote: > Trivial autopkgtest was passed, but I don't know that this debdiff > really fixes CVE-2023-31102 and CVE-2023-40481. > > Please examine attached debdiff. I am not in a position to assess that for you. You're the maintainer, you need to be able to vouch for your proposed upload. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1050588: bookworm-pu: package nsis/3.08-3+deb12u1
Control: tag -1 moreinfo Hi, On Mon, Feb 05, 2024 at 11:26:12AM +0100, Didier 'OdyX' Raboud wrote: > Le samedi, 3 février 2024, 10.46:29 h CET Adam D. Barratt a écrit : > > On Sat, 2024-02-03 at 10:33 +0100, Thomas Gaugler wrote: > > > I am the maintainer of Nullsoft Scriptable Install System (NSIS) and > > > propose the changes committed into the debian/bookworm branch on the > > > 27th January 2024 to be released as updated nsis 3.08-3+deb12u1 > > > packages > > > (<https://salsa.debian.org/debian/nsis/-/commits/debian/bookworm>). > > > > Thanks, but you've still not attached a debdiff of a prepared package, > > as requsted. Pointers to git are useful, but they're not the same as an > > actual package debdiff, which sometimes reveals changes that aren't > > immediately obvious from git. > > > > (A debdiff attached to the bug is also there in perpetuity.) > > Here comes the debdiff as I would upload it. Thanks. The bug #1050288 isn't fixed in unstable according to the BTS, which is a requirement. What's the status? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1051024: bookworm-pu: package igtf-policy-bundle/1.22-1~deb12u1
Control: tag -1 confirmed On Sat, Sep 23, 2023 at 10:54:50PM +0200, Dennis van Dok wrote: > On 23-09-2023 22:36, Adam D. Barratt wrote: > > > [ Checklist ] > > > [*] *all* changes are documented in the d/changelog > > > [*] I reviewed all changes and I approve them > > > [*] attach debdiff against the package in (old)stable > > > > You appear to have forgotten the debdiff. > > It could not be attached on the initial submission for some reason, so > I attached it in message #12: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051024#12 The target distribution in d/changelog should be 'bookworm'; with that fixed please go ahead. > > > > > > [ ] the issue is verified as fixed in unstable > > > > Is this fixed in unstable or not? > > Yes, 1.122 is accepted into unstable in the mean time. You may wish to adjust found versions to cover current stable. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1053832: bookworm-pu: package ceph/16.2.11+ds-2 (CVE-2023-43040)
Control: tag -1 confirmed On Thu, Oct 12, 2023 at 11:34:58AM +0200, Thomas Goirand wrote: > [ Reason ] > CVE-2023-43040 > > [ Impact ] > security issue with RGW with improperly verified POST keys. Sorry for the delay; please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068242: bookworm-pu: package libtool/2.4.7-7~deb12u1
Control: tag -1 confirmed On Tue, Apr 02, 2024 at 04:48:50PM +0200, Andreas Beckmann wrote: > [ Reason ] > I'd like to rebuild libtool from sid in order to fix two RC bugs: > * missing Conflicts against an obsolete (now virtual) package name > causing file conflicts on some upgrade paths of systems initially > installed while the obsolete package was still a real package > * incorrect detection of the += feature causing problems for packages > using it Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068411: bookworm-pu: package schleuder/4.0.3-7+deb12u1
Control: tag -1 confirmed On Thu, Apr 04, 2024 at 06:45:44PM +, Georg Faerber wrote: > Schleuder, as currently present in bookworm, 4.0.3-7, is affected by > multiple bugs, which I would like to address via this proposed-update, > 4.0.3-7+deb12u1. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068106: bookworm-pu: package libarchive/3.6.2-1+deb12u1
Control: tag -1 confirmed Hi, On Sat, Mar 30, 2024 at 08:51:10PM +0200, Peter Pentchev wrote: > [ Reason ] > Revert a change made by the same person that smuggled > the backdoor into xz. See #1068047 for more details. Please go ahead. However I wonder if you also want to wait for a patch for https://github.com/libarchive/libarchive/issues/2107 and include that? If so please un-confirm this bug and provide an updated debdiff when ready. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068451: libtommath 1.2.0-6+deb12u1 flagged for acceptance
package release.debian.org tags 1068451 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libtommath Version: 1.2.0-6+deb12u1 Explanation: fix integer overflow [CVE-2023-36328]
Bug#1068326: bookworm-pu: package mksh/59c-28+deb12u1
Control: tag -1 confirmed On Wed, Apr 03, 2024 at 02:59:08PM +0200, Thorsten Glaser wrote: > I would like to ask for pre-approval to uploading a > proposed stable update for mksh. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068344: bookworm-pu: package curl/7.88.1-10+deb12u6
Control: tag -1 confirmed On Wed, Apr 03, 2024 at 04:05:17PM -0300, Guilherme Puida Moreira wrote: > [ Reason ] > 1. Fix CVE-2004 > 2. Fix CVE-2398 Please detail what these actually are in the changelog; other than that, go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068362: uif 1.99.0-4.1+deb12u1 flagged for acceptance
package release.debian.org tags 1068362 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: uif Version: 1.99.0-4.1+deb12u1 Explanation: support VLAN interface names
Bug#1068084: intel-microcode 3.20240312.1~deb12u1 flagged for acceptance
package release.debian.org tags 1068084 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: intel-microcode Version: 3.20240312.1~deb12u1 Explanation: security mitigations [CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490]
Bug#1068034: gross 1.0.2-4.1~deb11u1 flagged for acceptance
package release.debian.org tags 1068034 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: gross Version: 1.0.2-4.1~deb11u1 Explanation: fix stack-based buffer overflow [CVE-2023-52159]
Bug#1061190: gnutls28 3.7.1-5+deb11u5 flagged for acceptance
package release.debian.org tags 1061190 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: gnutls28 Version: 3.7.1-5+deb11u5 Explanation: fix assertion failure verifying a certificate chain with a cycle of cross signatures [CVE-2024-0567]; fix timing side-channel attack inside RSA-PSK key exchange [CVE-2024-0553]
Re: Re-planning for 12.6
On Mon, Apr 01, 2024 at 01:07:27PM +0100, Adam D. Barratt wrote: > April 13th > April 20th > April 27th At current progress I expect to be available for the SRM side 13th or 27th. We're in a good position to freeze this weekend to make the 13th, if others are available then. The 20th is a no for me. > May 4th > May 11th Currently OK for me. Though as soon as we're heading into the middle of May we might as well wait for the next cadence in June. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068084: bookworm-pu: package intel-microcode/3.20240312.1~deb12u1
Control: tag -1 confirmed On Sat, Mar 30, 2024 at 07:47:05AM -0300, Henrique de Moraes Holschuh wrote: > As requested by the security team, I would like to bring the microcode > update level for Intel processors in Bullseye and Bookworm to match what > we have in Sid and Trixie. This is the bug report for Bookworm, a > separate one will be filled for Bullseye. Please go ahead. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1068033: gross 1.0.2-4.1~deb12u1 flagged for acceptance
package release.debian.org tags 1068033 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: gross Version: 1.0.2-4.1~deb12u1 Explanation: fix stack-based buffer overflow [CVE-2023-52159]
Bug#1067980: gpaste 43.1-3+deb12u1 flagged for acceptance
package release.debian.org tags 1067980 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: gpaste Version: 43.1-3+deb12u1 Explanation: fix conflict with older libpgpaste6