+
+ * Fix CVE-2024-25447 and CVE-2024-25448 and CVE-2024-25450.
+A heap-buffer overflow vulnerability was discovered in imlib2 when using
+the tgaflip function in loader_tga.c
+
+ -- Markus Koschany Sat, 06 Apr 2024 22:40:50 +0200
+
imlib2 (1.7.1-2) unstable; urgency=medium
* Drop
Hi,
I was told to contact you in order to unblock src:spring for testing. At the
moment tracker.debian.org shows that: "spring-javaai/arm64 has unsatisfiable
dependency". This is a bit confusing because spring builds only binary packages
for arch all, i386 and amd64. I don't see any real issues
uld expose the application to
+DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
+
+ -- Markus Koschany Tue, 17 Oct 2023 14:05:20 +0200
+
axis (1.4-28) unstable; urgency=medium
* Fixed the build failure with Java 11 (Closes: #911187)
diff -Nru axis-1.4/debian/patches/CVE-2023-40743.p
uld expose the application to
+DoS, SSRF and even attacks leading to RCE. (Closes: #1051288)
+
+ -- Markus Koschany Tue, 17 Oct 2023 14:05:20 +0200
+
axis (1.4-28) unstable; urgency=medium
* Fixed the build failure with Java 11 (Closes: #911187)
diff -Nru axis-1.4/debian/patches/CVE-2023-40743.p
+
+ * Fix CVE-2023-41887 and CVE-2023-41886:
+OpenRefine is a powerful free, open source tool for working with messy
+data. Prior to this version, a remote code execution vulnerability allows
+any unauthenticated user to execute code on the server.
+
+ -- Markus Koschany Wed, 04 Oct 2023 15
od_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 16:40:59 +0200
+
libapache-mod-jk (1:1.2.48-2) unstable; urgency=medium
* Declare compliance with Debian Policy 4.6.2.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patche
od_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 17:09:51 +0200
+
libapache-mod-jk (1:1.2.48-1) unstable; urgency=medium
* New upstream version 1.2.48.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patches/CVE-2023-4
to import it. (Closes: #1041422)
+
+ -- Markus Koschany Thu, 07 Sep 2023 21:22:17 +0200
+
openrefine (3.6.2-2) unstable; urgency=medium
* Depend on libjoda-time-java and liboro-java.
diff -Nru openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
openrefine-3.6.2/debian/patches/CVE-2023-37476.patch
There was another vulnerability, CVE-2023-40477, fixed in version 2:6.23-
1~deb11u1 now.
signature.asc
Description: This is a digitally signed message part
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Please see Debian bug #1050044. Same reasoning applies to Bookworm.
Here rar is only affected by CVE-2023-40477 though.
[ Checklist ]
[x] *all*
:6.0.3-1+deb11u2) bullseye; urgency=high
+
+ [ Markus Koschany ]
+ * Fix CVE-2022-48579:
+It was discovered that UnRAR, an unarchiver for rar files, allows
+extraction of files outside of the destination folder via symlink chains.
+(Closes: #1050080)
+
+ -- YOKOTA Hiroshi Thu, 17 Aug
) bookworm; urgency=medium
+
+ * Fix imlib_clone_image() no longer preserves the alpha channel flag.
+ (Closes: #1041406)
+
+ -- Markus Koschany Tue, 22 Aug 2023 22:52:24 +0200
+
imlib2 (1.10.0-4) unstable; urgency=medium
* Really ignore libjxl-dev on s390x.
diff -Nru imlib2-1.10.0/debian
=high
+
+ * Non maintainer upload.
+ * Fix CVE-2022-48579:
+It was discovered that UnRAR, an unarchiver for rar files, allows
+extraction of files outside of the destination folder via symlink chains.
+(Closes: #1050080)
+
+ -- Markus Koschany Sun, 20 Aug 2023 09:58:26 +0200
+
unrar
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
[ Reason ]
I would like to update rar in bullseye because it is affected by
CVE-2022-30333. This issue has been fixed in all other suites
I have uploaded a new revision of boxer-data and debian-parl to Bookworm now.
This update removes the dependency on webext-https-everywhere. Jonas agreed to
this change.
https://bugs.debian.org/1041350
AFAIK nothing else should prevent the removal of https-everywhere from
Bookworm.
Markus
upload.
+ * Fix class Desktop.web.firefox.harden. No longer install obsolete Firefox
+addon https-everywhere.
+
+ -- Markus Koschany Wed, 19 Jul 2023 00:04:50 +0200
+
boxer-data (10.9.12) unstable; urgency=medium
* add class l10n.mythes.pt.BR since bookworm
rtags 1041348 = rm
> tags 1041348 + bookworm moreinfo
> thanks
>
> On Mon, 2023-07-17 at 21:07 +0200, Markus Koschany wrote:
> > Dear ftp and release team,
> >
>
> Just Release. Reassigning and fixing up the metadata.
Perhaps we should change the reportbug template
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: debian-release@lists.debian.org, a...@debian.org
Dear ftp and release team,
please remove https-everywhere from stable. This addon for Firefox and
Chromium has become obsolete because major browsers offer native
support for HTTPS only mode
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package closure-compiler
[ Reason ]
It turned out that closure-compiler would not function correctly with
the latest version of librhino-java
.
+(Closes: #1034824)
+
+ -- Markus Koschany Sat, 27 May 2023 17:51:32 +0200
+
tomcat9 (9.0.70-1) unstable; urgency=medium
* New upstream release
diff -Nru tomcat9-9.0.70/debian/control tomcat9-9.0.70/debian/control
--- tomcat9-9.0.70/debian/control 2022-12-05 16:29:55.0
to libtomcat10-java. For now Jetty 9 only works correctly
+with libtomcat9-java. (Closes: #1036798)
+
+ -- Markus Koschany Sat, 27 May 2023 16:28:19 +0200
+
jetty9 (9.4.50-3) unstable; urgency=medium
* Team upload.
diff -Nru jetty9-9.4.50/debian/control jetty9-9.4.50/debian/control
--- jetty9-9.4.50
Am Freitag, dem 26.05.2023 um 21:44 +0200 schrieb Emmanuel Bourg:
>
> The changes to jetty9 have to be reverted too, the package is broken
> (#1036798).
>
> Sadly we can't do without tomcat9. The path forward implies packaging
> Jetty 11 or 12 first and migrating all the reverse dependencies,
Hi,
> Markus, can you please revert you logback change by tomorrow at the latest?
Sure. I will take care if it.
Do I understand you correctly, that we only ship libtomcat9-java in Bookworm
now? Shall I upload a new revision of tomcat9 too?
Regards,
Markus
signature.asc
Description: This is
First of all trapperkeeper-webserver-jetty9-clojure should add a build-
dependency on logback to detect such regressions in advance.
#1036250 is mainly a logback problem, not a tomcat problem. I still would like
to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we
don't
Sorry, that should have been #1036249.
signature.asc
Description: This is a digitally signed message part
Control: tags -1 patch
Hello,
I have been working on #1036159 and before I go ahead with my solution I would
like to hear your opinion whether this is acceptable.
Apparently closure-compiler embeds rhino classes and thus every time rhino is
updated, closure-compiler must be rebuilt too. I did
) unstable; urgency=medium
+
+ * Add noiz2sa.maintscript: Handle symlink to directory conversion.
+Thanks to Andreas Beckmann for the report. (Closes: #1035632)
+
+ -- Markus Koschany Sun, 14 May 2023 15:10:17 +0200
+
noiz2sa (0.51a-12) unstable; urgency=medium
* d/control: Add Vcs fields.
have DejaVuSans which is the
+better alternative. (Closes: #1020237)
+ * Remove the symlinks to gsfonts-x11 fonts.
+ * Rename VeraBd.ttf symlink to DejaVuSans-Bold.ttf.
+
+ -- Markus Koschany Mon, 15 May 2023 00:44:03 +0200
+
pokerth (1.1.2-1.1) unstable; urgency=medium
* Non-maintainer
: Drop versioned constraint on blends-dev.
+
+ [ Markus Koschany ]
+ * Declare compliance with Debian Policy 4.6.2.
+ * New games:
+- puzzle: chromono, explosive-c4, parolottero
+- console: chroma-curses, nbsdgames, tty-solitaire
+- platform: davegnukem
+- fps: dsda-doom, ktx, mvdsv
Hi Salvatore,
adding Timo Aaltonen, maintainer of dogtag-pki and tomcatjss, to CC
Am Samstag, dem 13.05.2023 um 20:50 +0200 schrieb Salvatore Bonaccorso:
> Hi Markus,
>
> On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote:
> > I have just pushed the necessary cha
Hello Paul,
Am Donnerstag, dem 11.05.2023 um 21:44 +0200 schrieb Paul Gevers:
> Hi Markus,
>
> On Tue, 25 Apr 2023 16:04:09 +0200 Markus Koschany wrote:
> > We can only support one major Tomcat version per release. Tomcat9 has
> > been part of Buster and Bullseye alre
) unstable; urgency=medium
+
+ * Do not install wbar.glade because it is not required and breaks wbar on
+upgrade from Bullseye to Bookworm (leftover from the wbar-config removal).
+Thanks to Helmut Grohne for the report. (Closes: #1035001)
+
+ -- Markus Koschany Thu, 27 Apr 2023 15:44:41 +0200
build-dependency on resteasy3.0.
+ * Ignore test failures because some tests are not 100 % reliable.
+(Closes: #1031055)
+
+ -- Markus Koschany Fri, 21 Apr 2023 15:41:45 +0200
+
apache-curator (5.4.0-2) unstable; urgency=medium
* Team upload
diff -Nru apache-curator-5.4.0/debian/control
Hi Paul,
Am Donnerstag, dem 20.04.2023 um 18:07 +0200 schrieb Paul Gevers:
> [...]
> > Since I already followed the Debian Policy and included the missing sources
> > in
> > debian/missing-sources, I felt that shipping the 3rdparty directory in
> > debian/missing-sources/3rdparty would be a good
Hello,
Am Donnerstag, dem 20.04.2023 um 11:57 +0200 schrieb Paul Gevers:
> Control: tags -1 moreinfo
>
> Hi,
>
> On Mon, 10 Apr 2023 23:55:44 +0200 Markus Koschany wrote:
> > This unblock is related to #1034127 and the unblock of rhino.
>
> rhino is now unblocked.
) unstable; urgency=medium
+
+ * QA upload.
+ * Tighten dependency on librhino-java to >= 1.7.14.
+ * Fix FTBFS with rhino 1.7.14.
+ * Use canonical VCS URI.
+
+ -- Markus Koschany Tue, 14 Feb 2023 00:18:02 +0100
+
closure-compiler (20130227+dfsg1-12) unstable; urgency=medium
* QA upl
Am Sonntag, dem 09.04.2023 um 22:28 +0200 schrieb Paul Gevers:
>
> [ Risks ]
> This is a new upstream release. This is not a small change. And while
> typing this unblock request, I'm getting uncomfortable and wonder if
> we want this. But as it's all prepared, let's discuss and pull Markus
> in
; urgency=medium
+
+ * Team upload.
+ * Depend on maven-resources-plugin 3.3.0 and maven-compiler-plugin 3.10.1.
+Fixes FTBFS when building zstd-jni-java for binary-arch only.
+Thanks to Andreas Beckmann for the report. (Closes: #1034059)
+
+ -- Markus Koschany Sat, 08 Apr 2023 22:46:57
delegation information is
+about to expire making the rogue delegation information ever-updating. From
+now on Unbound stores the start time for a query and uses that to decide if
+the cached delegation information can be overwritten.
+
+ -- Markus Koschany Wed, 05 Apr 2023 23:0
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to update unbound in Bullseye and fix three no-dsa CVE,
namely CVE-2022-3204, CVE-2022-30698 and CVE-2022-30699. The same
+
+ * Team upload.
+ * Migrate to Tomcat 10. Depend on libtomcat10-java instead of tomcat9-java.
+Add tomcat10-migration.patch.
+
+ -- Markus Koschany Sun, 05 Mar 2023 01:43:23 +0100
+
logback (1:1.2.11-1) unstable; urgency=medium
* New upstream version 1.2.11
diff -Nru logback-1.2.11/debian
; urgency=medium
+
+ * Fix detection of zstd version 1.5.4 and later. (Closes: #1032591)
+
+ -- Markus Koschany Sun, 12 Mar 2023 12:48:14 +0100
+
xarchiver (1:0.5.4.20-1) unstable; urgency=medium
* New upstream version 0.5.4.20.
diff -Nru xarchiver-0.5.4.20/debian/patches/fix-detection
Hi,
Am Freitag, dem 24.02.2023 um 16:01 +0100 schrieb Moritz Mühlenhoff:
[...]
> Could we also ship the README.Debian.security that was recently added
> in unstable to bullseye/buster?
I've just uploaded a new revision of snakeyaml, 1.28.1+deb11u2. This one
includes the README file. There have
, which could facilitate a denial of service attack whenever
+maliciously crafted input files are processed by SnakeYaml.
+
+ -- Markus Koschany Sun, 19 Feb 2023 17:05:00 +0100
+
snakeyaml (1.28-1) unstable; urgency=medium
* Team upload.
diff -Nru snakeyaml-1.28/debian/patches/CVE-2022-25857
+1,10 @@
+jersey1 (1.19.3-6+deb11u1) bullseye; urgency=medium
+
+ * Team upload.
+ * Fix FTBFS with libjettison-java 1.5.3.
+
+ -- Markus Koschany Sat, 31 Dec 2022 16:49:13 +0100
+
jersey1 (1.19.3-6) unstable; urgency=medium
* Fixed the build failure with librome-java >= 1.6
diff -Nru jers
Am Dienstag, dem 10.01.2023 um 22:34 +0100 schrieb Sebastian Ramacher:
> Please go ahead
Thank you! Uploaded.
Markus
signature.asc
Description: This is a digitally signed message part
Short follow-up:
The bug in dart (#1028247) has already been fixed. That means only 7 binNMU
would be required to complete this transition now.
signature.asc
Description: This is a digitally signed message part
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to request a transition slot for Bullet 3.24 which is
already available in experimental.
I have successfully rebuilt all
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to update the ublock-origin add-on for Firefox and
Chromium. This is just a normal update which improves the ability to
block ads,
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to update the ublock-origin add-on for Firefox and
Chromium. This is just a normal update which improves the ability to
block
ion.
+
+ -- Markus Koschany Tue, 28 Jun 2022 15:58:18 +0200
+
isync (1.3.0-2.2~deb10u1) buster; urgency=medium
* Non-maintainer upload.
diff -Nru isync-1.3.0/debian/patches/CVE-2021-3657.patch
isync-1.3.0/debian/patches/CVE-2021-3657.patch
--- isync-1.3.0/debian/patches/CVE-2021-3657.pa
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hi,
I would like to update and sync the version of wireshark in Buster. It
is identical to the version in Stretch. Multiple CVE have been fixed.
They
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and
CVE-2022-23307 in apache-log4j1.2. These issues are less severe
because
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hello,
I would like to fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and
CVE-2022-23307 in apache-log4j1.2. These issues are less severe
because
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hi,
I would like to fix CVE-2021-44832 in Buster. Apache Log4j2 has been
affected by some serious remote code execution vulnerabilities in the
past
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hi,
I would like to fix CVE-2021-44832 in Bullseye. Apache Log4j2 has been
affected by some serious remote code execution vulnerabilities in the
Hi,
Am Sonntag, dem 05.09.2021 um 14:21 +0200 schrieb Rene Engelhard:
> [...]But not for libreoffice, and libreoffice DOES use box2d since 7.1.x
> which is in testing.
Sorry, I thought that was a copy error and you only meant to rebuild
caveexpress. Ok, if I had known that I would have
Hello,
Am Sonntag, dem 05.09.2021 um 09:48 +0200 schrieb Rene Engelhard:
[...]
> without any coordination or a transition approved on debian-release.
> That a transition would be needed was viisble since months at
> https://release.debian.org/transitions/html/auto-box2d.html.
>
>
> @release:
Hi,
Am Donnerstag, dem 02.09.2021 um 22:29 +0100 schrieb Adam D. Barratt:
> On Sat, 2021-08-28 at 22:52 +0200, Markus Koschany wrote:
> > Fixing CVE-2021-36773 in Buster and updating various filter lists.
> >
>
> The changelog appears to include a conflict marker:
>
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fixing CVE-2021-36773 in Bullseye and updating various filter lists.
[ Impact ]
CVE-2021-36773 would be unfixed.
[ Tests ]
I have
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fixing CVE-2021-36773 in Buster and updating various filter lists.
[ Impact ]
CVE-2021-36773 would be unfixed.
[ Tests ]
I have tested
ut not further above (thus "limited" path traversal), if the calling code
+would use the result to construct a path value.
+
+ -- Markus Koschany Fri, 20 Aug 2021 22:25:28 +0200
+
commons-io (2.6-2) unstable; urgency=medium
* Team upload.
diff -Nru commons-io-2.6/debian/patches
by the XMPParser. By using a
+specially-crafted argument, an attacker could exploit this vulnerability to
+cause the underlying server to make arbitrary GET requests.
+(Closes: #984949)
+
+ -- Markus Koschany Mon, 02 Aug 2021 07:48:42 +0200
+
xmlgraphics-commons (2.4-1) unstable
exploit this vulnerability to
+cause the underlying server to make arbitrary GET requests.
+(Closes: #984949)
+
+ -- Markus Koschany Wed, 04 Aug 2021 13:31:34 +0200
+
xmlgraphics-commons (2.3-1) unstable; urgency=medium
* Team upload.
diff -Nru xmlgraphics-commons-2.3/debian/patches/CVE
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package jetty9
[ Reason ]
jetty9 in Bullseye is vulnerable to CVE-2021-34429.
https://bugs.debian.org/991188
[ Tests ]
I have backported all
to David Harte for the report and Ingo Brückl for the patch.
+
+ -- Markus Koschany Tue, 13 Jul 2021 14:02:25 +0200
+
xarchiver (1:0.5.4.17-1) unstable; urgency=medium
* New upstream version 0.5.4.17.
diff -Nru xarchiver-0.5.4.17/debian/patches/debian-bug-990906.patch
xarchiver-0.5.4.17/debian
.qtopengl
+
+ -- Markus Koschany Sun, 04 Jul 2021 08:50:03 +0200
+
debian-games (3.3) unstable; urgency=medium
* arcade: Remove fofix from Suggests.
@@ -15,7 +33,7 @@
- board: kgames
- rpg: openmw
- rpg: openmw-cs
-- arcarde: pinball-table-gnu
+- arcade: pinball-table-gnu
. This can result in an
+application used on a shared computer being left logged in.
+
+Thanks to Salvatore Bonaccorso for the report. (Closes: #98, #990578)
+
+ -- Markus Koschany Sat, 03 Jul 2021 19:09:58 +0200
+
jetty9 (9.4.39-1) unstable; urgency=high
* New upstream release
-7+deb10u1) buster; urgency=medium
+
+ [ Phil Wyett ]
+ * Add fix segfault at startup patch.
+- 944431-avoid-no-return-statement-in-function-returning-non-void.patch
+ Thanks to Bernhard Übelacker . (Closes: #944431)
+
+ -- Markus Koschany Wed, 28 Apr 2021 13:14:06 +0200
+
berusky2
Control: tags -1 -moreinfo
On Mon, 26 Apr 2021 15:42:34 +0200 Graham Inggs wrote:
[...]
> > The full diff is attached. May I upload it to unstable?
>
> Please go ahead and upload, and remove the moreinfo tag once the new
> version is available in unstable.
Hi,
I have just uploaded mgba for
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Dear release team,
[ Reason ]
Please unblock the sauerbraten content package for the cube2 engine in
testing. The current version of sauerbraten in testing
and xcf2pnm binaries of
+xcftools. An integer overflow can occur while walking through tiles that
+could be exploited to corrupt memory and execute arbitrary code. In order
+to trigger this vulnerability, a victim would need to open a specially
+crafted XCF file.
+
+ -- Markus Koschany
Control: severity -1 normal
Am Dienstag, den 02.03.2021, 01:32 +0200 schrieb Adrian Bunk:
[...]
> > I would really like to understand what the current drawback is for our
> > users.
> > If you could provide the build flags with march=native and march=x86-64 and
> > then prove that march=x86-64
Am Sonntag, den 22.11.2020, 18:37 + schrieb Adam D. Barratt:
[...]
> Assuming that's the only required change, please go ahead.
Thanks. Reverting the debhelper bump to 12 was the only packaging change. I
have uploaded ublock-origin 1.30.0 a few minutes ago.
Regards,
Markus
signature.asc
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hello,
I would like to update the Firefox/Chromium addon ublock-origin in
Buster. We have had several bug reports in the past about sandboxing
problems in regard to ublock-origin
Am 18.10.20 um 12:14 schrieb Sebastian Ramacher:
> Please go ahead with the upload to unstable
Thank you. Uploaded to unstable.
Markus
signature.asc
Description: OpenPGP digital signature
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hello,
I would like to request a transition slot for Bullet 3.06 which is
already available in experimental.
I have successfully rebuilt all reverse-dependencies except of
siconos.
m property "enable.dih.dataConfigParam" to
+true. For example this can be achieved with solr-tomcat by adding
+-Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.
+
+ -- Markus Koschany Sun, 16 Aug 2020 15:56:26 +0200
+
lucene-solr (3.6.2+dfsg-20+deb10u1) bu
-10672,
+CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
+
+ -- Markus Koschany Thu, 09 Jul 2020 16:42:01 +0200
+
jackson-databind (2.8.6-1+deb9u6) stretch-security; urgency=high
* Fix CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
diff -Nru
jackson-databind-2.8.6/debian
,
+CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
+
+ -- Markus Koschany Thu, 09 Jul 2020 17:21:32 +0200
+
jackson-databind (2.9.8-3+deb10u1) buster-security; urgency=high
- * Fix CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335,
+ * Fix CVE-2019-12384, CVE-2019-14439
)
+
+ -- Markus Koschany Thu, 04 Jun 2020 21:18:07 +0200
+
libapache-mod-jk (1:1.2.46-1) unstable; urgency=medium
* New upstream version 1.2.46.
diff -Nru libapache-mod-jk-1.2.46/debian/libapache2-mod-jk.install
libapache-mod-jk-1.2.46/debian/libapache2-mod-jk.install
--- libapache-mod-jk
-04-01 21:06:44.0 +0200
@@ -1,3 +1,11 @@
+jsp-api (2.3.4-2+deb10u1) buster; urgency=medium
+
+ * Team upload.
+ * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg
+error when upgrading tomcat 8 from Stretch to Buster.
+
+ -- Markus Koschany Wed, 01 Apr 2
ngelog 2020-04-01 21:11:54.0 +0200
@@ -1,3 +1,11 @@
+websocket-api (1.1-1+deb10u1) buster; urgency=medium
+
+ * Team upload.
+ * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg
+error when upgrading tomcat 8 from Stretch to Buster.
+
+ -- Markus Koschany
-01 20:59:11.0 +0200
@@ -1,3 +1,11 @@
+el-api (3.0.0-2+deb10u1) buster; urgency=medium
+
+ * Team upload.
+ * Change Breaks and Replaces for libservlet3.1-java to << 9 and fix dpkg
+error when upgrading tomcat 8 from Stretch to Buster.
+
+ -- Markus Koschany Wed, 01 Apr 2020 20
+External Entity (XXE) injection. (Closes: #924598)
+
+ -- Markus Koschany Tue, 24 Mar 2020 13:18:16 +0100
+
checkstyle (6.15-1) unstable; urgency=medium
* Team upload.
diff -Nru checkstyle-6.15/debian/patches/CVE-2019-9658-and-CVE-2019-10782.patch
checkstyle-6.15/debian/patches/CVE
+External Entity (XXE) injection. (Closes: #924598)
+
+ -- Markus Koschany Tue, 24 Mar 2020 14:03:07 +0100
+
checkstyle (8.15-1) unstable; urgency=medium
* Team upload.
diff -Nru checkstyle-8.15/debian/patches/CVE-2019-9658-and-CVE-2019-10782.patch
checkstyle-8.15/debian/patches/CVE-2019
Am 13.12.19 um 01:09 schrieb Adam D. Barratt:
> On Fri, 2019-12-13 at 00:08 +0100, Markus Koschany wrote:
>>
>> Am 12.12.19 um 23:37 schrieb Adam D. Barratt:
>>> Control: tags -1 + moreinfo
>>>
>>> On Thu, 2019-12-12 at 21:52 +0100, Markus Koschany
Am 12.12.19 um 23:37 schrieb Adam D. Barratt:
> Control: tags -1 + moreinfo
>
> On Thu, 2019-12-12 at 21:52 +0100, Markus Koschany wrote:
>> I would like to update dispmua in Buster because the current
>> Thunderbird addon is incompatible with the latest version of
&g
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hello,
I would like to update dispmua in Stretch because the current Thunderbird
addon is incompatible with the latest version of Thunderbird. The new
version restores the old
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hello,
I would like to update dispmua in Buster because the current Thunderbird
addon is incompatible with the latest version of Thunderbird. The new
version restores the old
Am 26.10.19 um 18:38 schrieb Adam D. Barratt:
> On Sat, 2019-10-26 at 16:35 +0200, Markus Koschany wrote:
>>
>> Am 26.10.19 um 16:27 schrieb Adam D. Barratt:
>> [...]
>>> What does the binary debdiff for that look like?
>>
>> The debdiff is 6 MB.
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
similar to ublock-origin's buster-pu, there must be a pu for Stretch
as well.
See https://bugs.debian.org/942349 for further information. The
dependency on fonts-font-awesome has
Am 26.10.19 um 16:41 schrieb Adam D. Barratt:
> On Sat, 2019-10-26 at 16:35 +0200, Markus Koschany wrote:
>>
>> Am 26.10.19 um 16:27 schrieb Adam D. Barratt:
>> [...]
>>> What does the binary debdiff for that look like?
>>
>> The debdiff is 6 MB.
Am 26.10.19 um 16:27 schrieb Adam D. Barratt:
[...]
> What does the binary debdiff for that look like?
The debdiff is 6 MB. It consists mostly of translation updates and
changes to the various ad blocker lists.
>
>> If you agree with the backport I will upload
>>
>> 1.22.2+dfsg-1~deb10u1 to
Control: block 943470 by 942349
Hello,
Am 25.10.19 um 01:49 schrieb Jens Rottmann:
> Ping.
>
> As Jonas anticipated, regression in Stable: ublock no longer works after
> Firefox ESR updated to 68.
>
> Thanks and best regards,
> Jens
The testing version of ublock-origin is pending approval by
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hello release team,
there will be a new Firefox ESR version in Buster and Stretch soon.
Unfortunately the popular Firefox/Chromium addon ublock-origin in
Buster and Stretch will
Am 12.10.19 um 15:46 schrieb Emilio Pozuelo Monfort:
> Control: tags -1 confirmed
[...]
> Please go ahead.
>
> Emilio
Uploaded to unstable, thanks.
Markus
signature.asc
Description: OpenPGP digital signature
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
I would like to request a transition slot for Bullet 2.88 which is
already available in experimental.
The affected reverse-dependencies are:
* cyphesis-cpp
* efl
* gazebo
* hkl
* kido
/system/jetty9.service.d/
and
+override read-only permissions of Jetty9 which will allow the service to
+start out-of-the-box again.
+Thanks to Stephan Beirer for the report. (Closes: #933854, #933857)
+
+ -- Markus Koschany Wed, 04 Sep 2019 22:30:29 +0200
+
lucene-solr (3.6.2+dfsg-20
(0.4.8-1+deb10u1) buster; urgency=medium
+
+ * Backport "Fix save or load game crash" patch to Buster.
+
+ -- Markus Koschany Sat, 27 Jul 2019 03:24:19 +0200
+
+freeorion (0.4.8-3) unstable; urgency=medium
+
+ * Really fix save or load game crash. (Closes: #930417)
+
+ -- Markus Kosc
1 - 100 of 245 matches
Mail list logo
