date:20220728

Re: libxslt: some CVEs not fixed in debian buster

2022-07-28 Thread David Bremner

Akira Shibakawa  writes:

> CVE-2019-5815 and CVE-2021-30560 are vulnerabilities of libxslt
> included in chromium source code as third-party code.
> And not only chromium but also libxslt upstream has already fixed them.
> https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258
> https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3
>
> Because libxslt in debian buster is older than the fixed version in
> upstream, these bugs are still present in debian buster.
> Is there any plans to fix them in debian buster ?
> (I am wonder why these CVEs are linked to only chromium, not libxslt.)

Since security support for buster will expire in a few days, I suggest
following up with the LTS team. More information is available at

  https://wiki.debian.org/LTS



signature.asc
Description: PGP signature

Bug#1016181: ITP: gap-edim -- GAP EDIM - Elementary Divisors of Integer Matrices

2022-07-28 Thread Joachim Zobel

Package: wnpp
Severity: wishlist
Owner: Joachim Zobel 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: gap-edim
  Version : 1.3.5
  Upstream Author : Frank Lübeck 
* URL : https://github.com/frankluebeck/EDIM
* License : GPL-2+
  Programming Lang: GAP 4
  Description : GAP EDIM - Elementary Divisors of Integer Matrices

This package provides a collection of functions for computing the Smith normal
form of integer matrices and some related utilities.

I am packaging this because it is suggested by gap-hap where it enables some
optional functionality.

Work-needing packages report for Jul 29, 2022

2022-07-28 Thread wnpp

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 1260 (new: 7)
Total number of packages offered up for adoption: 179 (new: 0)
Total number of packages requested help for: 62 (new: 2)

Please refer to https://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   dianara (#1015843), orphaned 6 days ago
 Description: client for the pump.io federated social network
 Installations reported by Popcon: 25
 Bug Report URL: https://bugs.debian.org/1015843

   gpscorrelate (#1015844), orphaned 6 days ago
 Description: correlates digital photos with GPS data filling EXIF
   fields (command line)
 Reverse Depends: gpscorrelate-gui
 Installations reported by Popcon: 200
 Bug Report URL: https://bugs.debian.org/1015844

   gtkhash (#1015845), orphaned 6 days ago
 Description: GTK+ utility for computing checksums and more
 Reverse Depends: caja-gtkhash nautilus-gtkhash nemo-gtkhash
   thunar-gtkhash
 Installations reported by Popcon: 1835
 Bug Report URL: https://bugs.debian.org/1015845

   slick (#1015846), orphaned 6 days ago
 Description: responsive carousel jQuery plugin
 Reverse Depends: wims-modules
 Installations reported by Popcon: 6
 Bug Report URL: https://bugs.debian.org/1015846

   unhtml (#1015847), orphaned 6 days ago
 Description: Remove the markup tags from an HTML file
 Installations reported by Popcon: 142
 Bug Report URL: https://bugs.debian.org/1015847

   xmlstarlet (#1015848), orphaned 6 days ago
 Description: command line XML toolkit
 Reverse Depends: ceph-test daps
 Installations reported by Popcon: 3566
 Bug Report URL: https://bugs.debian.org/1015848

   xsol (#1015849), orphaned 6 days ago
 Description: Solitaire game for the X Window system
 Installations reported by Popcon: 250
 Bug Report URL: https://bugs.debian.org/1015849

1253 older packages have been omitted from this listing, see
https://www.debian.org/devel/wnpp/orphaned for a complete list.



No new packages have been given up for adoption, but a total of 179 packages
are awaiting adoption.  See https://www.debian.org/devel/wnpp/rfa_bypackage
for a complete list.



For the following packages help is requested:

[NEW] chromium (#1016047), requested 2 days ago
 Description: web browser
 Reverse Depends: chromium chromium-driver chromium-l10n
   chromium-shell cinnamon-desktop-environment gnome-core
   icingaweb2-module-pdfexport node-puppeteer qunit-selenium
   x2gothinclient-minidesktop
 Installations reported by Popcon: 24811
 Bug Report URL: https://bugs.debian.org/1016047

[NEW] crun (#1016183), requested today
 Description: lightweight OCI runtime for running containers
 Reverse Depends: podman
 Installations reported by Popcon: 1356
 Bug Report URL: https://bugs.debian.org/1016183

   apache2 (#910917), requested 1384 days ago
 Description: Apache HTTP Server
 Reverse Depends: apache2 apache2-ssl-dev apache2-suexec-custom
   apache2-suexec-pristine backuppc bfh-container-server
   courier-webadmin cvsweb debbugs-web doc-central (132 more omitted)
 Installations reported by Popcon: 94243
 Bug Report URL: https://bugs.debian.org/910917

   apparmor (#1006872), requested 143 days ago
 Description: user-space parser utility for AppArmor
 Reverse Depends: apparmor-notify apparmor-profiles
   apparmor-profiles-extra apparmor-utils content-hub-testability
   dbus-daemon dbus-tests debian-cloud-images-packages dovecot-core
   firejail (17 more omitted)
 Installations reported by Popcon: 181954
 Bug Report URL: https://bugs.debian.org/1006872

   aufs (#963191), requested 768 days ago
 Description: driver for a union mount for Linux filesystems
 Reverse Depends: fsprotect
 Installations reported by Popcon: 7849
 Bug Report URL: https://bugs.debian.org/963191

   autopkgtest (#846328), requested 2066 days ago
 Description: automatic as-installed testing for Debian packages
 Reverse Depends: debci-worker sbuild-qemu
 Installations reported by Popcon: 1176
 Bug Report URL: https://bugs.debian.org/846328

   balsa (#642906), requested 3959 days ago
 Description: An e-mail client for GNOME
 Reverse Depends: balsa
 Installations reported by Popcon: 637
 Bug Report URL: https://bugs.debian.org/642906

   cargo (#860116), requested 1934 days ago
 Description: Rust package manager
 Reverse Depends: dh-cargo python3-setuptools-rust rust-all
 Installations reported by Popcon: 2793
 Bug Rep

Re: adduser default for sgid home directories

2022-07-28 Thread Marc Haber

On Wed, 27 Jul 2022 16:10:18 +0200, Wouter Verhelst
 wrote:
>On Mon, Jul 25, 2022 at 07:06:59PM +0200, Marc Haber wrote:
>> I don't like the idea of messing with old NEWS entries at all.
>
>I'm trying to understand why you feel this way.

It feels like rewriting history. Maybe the similiarity of the format
to debian/changelog AND the fact that the same tool is used to edit
supports that.

[correct rationale snipped]

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: libxslt: some CVEs not fixed in debian buster

Bug#1016181: ITP: gap-edim -- GAP EDIM - Elementary Divisors of Integer Matrices

Work-needing packages report for Jul 29, 2022

Re: adduser default for sgid home directories

4 matches

Site Navigation

Mail list logo

Footer information