Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-globalid.
Recently, there was a bug (#925178) reported against the package with
severity: important.
The package was in testing and the bug was reported
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-chromedriver-helper.
There was a bug (#924125) reported against the package with severity:
serious.
The bug was reported on 9th March and was resolved in
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-doorkeeper-openid-connect.
There was a CVE bug (#924747) reported against the package with severity:
grave.
It was reported on 16th March and was resolved
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package rails.
There were 2 bugs (#924520 and #924521) reported against the package with
severity: grave and severity: important, respectively.
Both the bugs were
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-carrierwave.
There was a bug (#924830) reported against the package with severity:
serious.
The bug was reported on 17th March and was resolved in the
Hey,
On Sat, Mar 30, 2019 at 9:41 PM Ivo De Decker wrote:
> Control: tags -1 moreinfo
>
> Hi,
>
> On Wed, Mar 27, 2019 at 07:11:57PM +0530, Utkarsh Gupta wrote:
> > Please unblock package ruby-doorkeeper-openid-connect.
> >
> > There was a CVE bug (#924
Hey,
On Thu, Mar 28, 2019 at 2:16 AM Paul Gevers wrote:
> Control: tags -1 moreinfo
>
> Hi Utkarsh,
>
> On 27-03-2019 14:30, Utkarsh Gupta wrote:
> > Please unblock package ruby-globalid.
> >
> > Recently, there was a bug (#925178) reported against the pac
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-hangouts-chat.
This was affected by #926247, which was an RC bug.
However, in the latest upload, this has been fixed and is good to go.
The bug was
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-jquery-ui-rails
I am writing this on behalf of the Ruby team, requesting you to unblock
ruby-jquery-ui-rails[1] by the soft freeze.
The autopkgtest
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-leaflet-rails
I am writing this on behalf of the Ruby team, requesting you to unblock
ruby-leaflet-rails[1] by the soft freeze.
The autopkgtest regression
Hey,
On Mon 13 May, 2019, 12:42 AM Paul Gevers, wrote:
> Hi Utkarsh,
>
> On 12-05-2019 11:44, Utkarsh Gupta wrote:
> > Hence, requesting you to:
> > unblock ruby-globalid/0.4.2+REALLY.0.3.6-1
>
> It would have been easier if you would have left the old patches in
&
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-globalid.
The latest upload fixes the FTBFS and thus the bug #925178.
It has no test failures now and builds fine with rails, too.
Hence, requesting you
Hi Dominik,
On 26/12/18 2:16 am, Dominik George wrote:
> Heisann, alle sammen,
>
> as announced in the recent thread about maintaining, I hereby propose a
> repository that allows making “backports” of packages available to users
> of the stable distribution, if those packages cannot be
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hey,
Please unblock package ruby-devise.
The latest upload contains a CVE-2019-5421 (and #926348) fix.
Thus requesting you to:
unblock ruby-devise/4.5.0-3
Best,
Utkarsh
---
-- System
/changelog2016-03-01 23:45:05.0 +0530
+++ rake-10.5.0/debian/changelog2020-02-29 20:57:18.0 +0530
@@ -1,3 +1,10 @@
+rake (10.5.0-2+deb9u1) stretch; urgency=high
+
+ * Team upload
+ * Add patch to use File.open explicitly. (Fixes: CVE-2020-8130)
+
+ -- Utkarsh Gupta S
:40:36.0 +0530
@@ -1,3 +1,10 @@
+rake (12.3.1-3+deb10u1) buster; urgency=high
+
+ * Team upload
+ * Add patch to use File.open explicitly. (Fixes: CVE-2020-8130)
+
+ -- Utkarsh Gupta Sat, 29 Feb 2020 20:40:36 +0530
+
rake (12.3.1-3) unstable; urgency=medium
* Revert the drop of the r
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
This package hasn't been in testing since 1242 days and also fails to build
against Ruby 2.7. And also has an RC bug since a long time.
Each of its reverse dependencies are being filed for
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
This package hasn't been in testing since 1402 days and also fails to build
against Ruby 2.7. And also has an RC bug since a long time.
Each of its reverse dependencies are being filed for
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
This package hasn't been in testing since 1124 days and also fails to build
against Ruby 2.7. And also has an RC bug since a long time.
Each of its reverse dependencies are being filed for
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
This package hasn't been in testing since 1578 days and was last uploaded
on 13th October, 2015. This fails to build against Ruby 2.7. And also has
an RC bug since a long time.
Each of its
reassign 951129 ftp.debian.org
User pkg-ruby-extras-maintain...@lists.alioth.debian.org
Usertags: ruby2.7-transition
thanks
On Tue, Feb 11, 2020 at 9:39 AM Adam D. Barratt
wrote:
> This sounds like you want the package removing from unstable?
>
Ah, yes. Reassigned to ftp.d.o.
Shall fix the
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Hi,
This package hasn't been in testing since 1057 days and also fails to build
against Ruby 2.7. And also has an RC bug since a long time.
Each of its reverse dependencies are being filed for
reassign 951130 ftp.debian.org
user pkg-ruby-extras-maintain...@lists.alioth.debian.org
usertags 951130 + ruby2.7-transition
thanks
On Tue, Feb 11, 2020 at 9:39 AM Adam D. Barratt
wrote:
> This sounds like you want the package removing from unstable?
>
Ah, yes. Fixed.
Thanks!
Best,
Utkarsh
Hi Adam.
On Tue, 28 Jan 2020 08:35:54 + "Adam D. Barratt"
wrote:
> Control: tags -1 + confirmed
> Thanks. Please go ahead.
For some reason, this upload never happened.
However, now, the maintainer, William (CCed here) has prepared these
CVE fixes + some new CVEs on top of this, too.
All of
Hi all,
On Sat, Mar 28, 2020 at 6:56 PM William Desportes wrote:
> Done
Thank you! :)
> Done, thank you for the suggestion
Thank you! :)
> I uploaded the file to
> https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.6.6-4+deb9u1.dsc
Thank you, this has been uploaded from
s (2:4.2.7.1-1+deb9u2) stretch; urgency=high
+
+ * Team upload.
+ * Add patch to fix possible XSS vector in JS escape helper.
+(Fixes: CVE-2020-5267) (Closes: #954304)
+
+ -- Utkarsh Gupta Sun, 22 Mar 2020 18:05:32 +0530
+
rails (2:4.2.7.1-1+deb9u1) stretch; urgency=medium
* CVE-2018-164
1,3 +1,11 @@
+rails (2:5.2.2.1+dfsg-1+deb10u1) buster; urgency=high
+
+ * Team upload.
+ * Add patch to fix possible XSS vector in JS escape helper.
+(Fixes: CVE-2020-5267) (Closes: #954304)
+
+ -- Utkarsh Gupta Sun, 22 Mar 2020 18:47:31 +0530
+
rails (2:5.2.2.1+dfsg-1) unstable; urgency=medi
EBrick. (Fixes: CVE-2020-25613)
+
+ -- Utkarsh Gupta Tue, 13 Oct 2020 18:32:32 +0530
+
ruby2.5 (2.5.5-3+deb10u2) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru ruby2.5-2.5.5/debian/patches/CVE-2020-25613.patch
ruby2.5-2.5.5/debian/patches/CVE-2020-25613.patch
--- ru
02-25 23:03:06.0 +0530
+++ ruby-json-2.1.0+dfsg/debian/changelog2020-06-05 12:13:54.0 +0530
@@ -1,3 +1,10 @@
+ruby-json (2.1.0+dfsg-2+deb10u1) buster; urgency=high
+
+ * Add patch to fix unsafe object creation vulnerability.
+(Fixes: CVE-2020-10663)
+
+ -- Utkarsh Gupta F
12-06 05:03:24.0 +0530
+++ ruby-json-2.0.1+dfsg/debian/changelog2020-06-05 12:33:14.0 +0530
@@ -1,3 +1,10 @@
+ruby-json (2.0.1+dfsg-3+deb9u1) stretch; urgency=high
+
+ * Add patch to fix unsafe object creation vulnerability.
+(Fixes: CVE-2020-10663
+
+ -- Utkarsh Gupta F
00 +0530
+++ ruby2.3-2.3.3/debian/changelog2020-06-05 14:25:50.0 +0530
@@ -1,3 +1,11 @@
+ruby2.3 (2.3.3-1+deb9u8) stretch; urgency=high
+
+ * Non-maintainer upload.
+ * Add patch to fix unsafe object creation vulnerability.
+(Fixes: CVE-2020-10663)
+
+ -- Utkarsh Gupta F
Hi Peter,
On Sun, Dec 6, 2020 at 11:06 AM peter green wrote:
> In addition to the packages mentioned here, it seems there is another
> package involved: golang-gopkg-libgit2-git2go.v28 . It only builds
> arch-all packages and does not directly depend on the library, but it
> FTBFS and it's
Hi Sebastian,
On Fri, Dec 4, 2020 at 10:54 PM Sebastian Ramacher wrote:
> Please go ahead with the upload to unstable.
Great, thanks, I did an upload just now! :)
- u
Hi,
On Sat, Dec 5, 2020 at 1:41 AM Sebastian Ramacher wrote:
> Scheduled the binNMUs except for horizon-eda (involved in python3.9-defaults).
Great, thank you!
I've, meanwhile, uploaded python-pygit2 and libgit-raw-perl! Will
hopefully get on to ruby-rugged, as well! \o/
- u
Hi Sebastian,
On Tue, Dec 8, 2020 at 3:30 PM Sebastian Ramacher wrote:
> v30 was accepted. Please perform a source-only upload for the arch: all
> packages.
That should be done now! \o/
> > The only reverse-{,build-}dependency is gitaly, it seems. So I'm CCing
> > Praveen so he gets a heads
Hello,
On Wed, Dec 9, 2020 at 2:23 AM Sebastian Ramacher wrote:
> > So I conclude that it's probably fine to upload libgit2 1.1.0 to unstable
> > now?
> Okay, then let's do this now. Please go ahead.
Awesome, uploaded!
I'll take a look at python-pygit2 today as well. So leaves us with
Hey,
On Wed, Dec 9, 2020 at 3:13 PM Utkarsh Gupta wrote:
> I'll take a look at python-pygit2 today as well. So leaves us with
> ruby-rugged. I'll come to that in next few days if no one beats me to
> it.
FWIW, I've uploaded both, thereby completing all the blockers.
Hopefully this t
Henrique de Moraes Holschuh wrote:
> But just in case, what about Jessie ELTS non-free ?
A source-only upload should work and the builders would pick it from there.
However, uploading to jessie now is not straightforward. There's a
different repository altogether, so only those who have their
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:eterm has been affected by CVE-2021-33477 which is fixed in sid &
stretch. -pu update for buster has also been filed.
Since this is just a CVE fix, I'd request you to unblock
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: buster
Severity: normal
Hello,
src:eterm has been affected by CVE-2021-33477 which is fixed in sid &
stretch. Since the version in stretch & buster is the same, I'd like
to get this update into -pu in the next release
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org
Hello,
Rails was recently affected by 3 CVEs (CVE-2021-2290{2,4} and CVE-2021-22885).
I'm attaching a filtered diff for your review; the diff is
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-r...@lists.debian.org
Hello,
We had to bump ruby-marcel to a newer version because the mimemagic
dependency - which relies on GPL-licensed mime type data from
Hi Paul,
On Fri, Jun 4, 2021 at 1:38 AM Paul Gevers wrote:
> > You haven't answered my question: "does rails still work with the old
> > version of ruby-marcel and can the version bump be reverted"
>
> Ping. Without a proper answer, I can't decide.
Thanks, I'm yet to figure that out and
Hi Paul,
[CC'ed team@s.d.o]
On Sat, Jul 10, 2021 at 1:34 AM Paul Gevers wrote:
> Unblocked the latest version in unstable.
Awesome, thank you so much!
Just as a heads up, I'll be also filing unblock requests for ruby2.7
(already uploaded) and libjdom1-java & libjdom2-java (yet to upload).
All
Package: release.debian.org
User: release.debian@packages.debian.org
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org
Usertags: pu bsp-2021-04-AT-Salzburg
Tags: buster
Severity: normal
Hello,
src:jackson-databind has been affected by 18 CVEs which are fixed in
unstable and bullseye
user debian-release@lists.debian.org
usertags -1 + bsp-2021-04-AT-Salzburg
thank you
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock bsp-2021-04-AT-Salzburg
Hello,
This upload fixes #987113 and is actually a one-liner change:
```
- project_path = Pathname.new(__FILE__).expand_path
+
Package: release.debian.org
User: release.debian@packages.debian.org
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org
Usertags: pu bsp-2021-04-AT-Salzburg
Tags: buster
Severity: normal
Hello,
src:fluidsynth has been affected by CVE-2021-28421 which is fixed in
sid and unblocked for
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
User: debian-release@lists.debian.org
Usertags: bsp-2021-04-at-salzburg
X-Debbugs-Cc: t...@security.debian.org
Tags: buster
Severity: normal
Hello,
src:opendmarc has been affected by CVE-2020-12460, which is
;` anymore. (Fixes: CVE-2020-28473)
+
+ -- Utkarsh Gupta Thu, 28 Jan 2021 20:22:22 +0530
+
python-bottle (0.12.15-2) unstable; urgency=medium
* Update tox dependency (Closes: #924836)
diff -Nru python-bottle-0.12.15/debian/patches/CVE-2020-28473.patch
python-bottle-0.12.15/debian/patches/CVE-
Hello,
Awesome, thanks for this upload, Thomas.
I can confirm that this is a pure bug-fix release only and indeed
fixes the problems raised, thereby making this package even better for
bullseye.
A huge +1 for unblocking.
- u
Hi Sebastian,
On Sat, Apr 17, 2021 at 3:08 PM Sebastian Ramacher wrote:
> Thanks, please go ahead and remove the moreinfo tag once the version is
> available in unstable.
Uploaded to unstable, thanks. And removed the tag as well.
- u
/changelog2019-01-04 16:57:45.0 +0530
+++ ruby-mechanize-2.7.6/debian/changelog2021-02-19 22:47:27.0 +0530
@@ -1,3 +1,10 @@
+ruby-mechanize (2.7.6-1+deb10u1) buster; urgency=medium
+
+ * Team upload for buster-pu.
+ * Add patch to prevent OS command injection. (Fixes: CVE-20
Hi Raphael,
On Wed, Aug 25, 2021 at 11:27 PM Raphael Hertzog wrote:
> it would be nice if we could get an update of debian-archive-keyring
> in stretch to add the bullseye key just like it has been done in buster a
> while ago: [...]
>
> The missing key creates problems for example with
Hello all,
On Thu, Aug 26, 2021 at 12:33 AM Utkarsh Gupta wrote:
> > The missing key creates problems for example with simple-cdd:
> > https://bugs.debian.org/992966
>
> Okay, I'll be happy to do the update. Though I wonder if it'd rather
> be helpful in just doing a rebuild
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libjdom1-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.
Since this is just a CVE fix, I'd request you to
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. -pu update for buster is also being filed. This
update also helps in fixing the versioning
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hey,
src:libjdom2-java has been affected by CVE-2021-33813 which is fixed
in sid & stretch. -pu update for buster is also being filed.
Since this is just a CVE fix, I'd request you to
Hi Paul,
On Tue, Aug 3, 2021 at 9:46 PM Paul Gevers wrote:
> On 03-08-2021 10:46, Utkarsh Gupta wrote:
> > src:libpam-tacplus
>
> ... is not in testing.
>
> closing this bug as there's nothing to do (no, we're not going to let it
> in now).
Ugh, my bad for n
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: buster
Severity: normal
Hello,
src:libpam-tacplus has been affected by CVE-2020-13881 which is fixed
in sid & stretch. Thus this -pu update for buster. This update also
helps in fixing the versioning problem because
Hi Sebastian,
On Tue, Aug 3, 2021 at 10:35 PM Sebastian Ramacher wrote:
> Unstable and bullseye contain the same version of libjdom2-java. Are you
> sure that the upload reached unstable?
There was a bit of a fiasco and processing delay from dak (see my mail
at -devel for more information) but
Hi Jonathan,
On Tue, Oct 5, 2021 at 1:26 PM Jonathan Wiltshire wrote:
> You will need (but may not want) the commit removing jessie's keys as
well.
> Basically all intermediate commits which touch keyrings - a removal is
> really a move from the main keyring to the archive keyring, so it will
>
Hi Jonathan,
On Wed, Aug 25, 2021 at 11:27 PM Raphael Hertzog wrote:
> it would be nice if we could get an update of debian-archive-keyring
> in stretch to add the bullseye key just like it has been done in buster a
> while ago:
>
On Sat, Oct 2, 2021 at 9:35 PM Utkarsh Gupta wrote:
> With these 3 commits, I tried to build the package and it failed
> with the following error:
> 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<
> gpg --no-options --no-def
Hi Jonathan,
On Mon, Oct 11, 2021 at 6:24 AM Utkarsh Gupta wrote:
> On Tue, Oct 5, 2021 at 1:26 PM Jonathan Wiltshire wrote:
> > You will need (but may not want) the commit removing jessie's keys as well.
> > Basically all intermediate commits which touch keyrings - a remova
Package: release.debian.org
User: release.debian@packages.debian.org
Tags: bullseye
Severity: normal
Hello,
src:tomcat9 has been affected by debbug #1020948 which was fixed in
sid and thus would want to backport the fix to bullseye in the next
point release.
It was noticed that the
Hi Otto,
On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen wrote:
> I didn't get a reply to this, so asking again.
I could take care of the upload but if you'd like to do that, please
feel free to do so and I can take care of the paperwork. One quick
thing I spotted in the target in d/ch is
67 matches
Mail list logo
