you'd like.
Thanks!
Neil
user debian-rele...@lists.debian.org
usertag 1040396 + bsp-2025-03-ca-montreal
thank you
Probably caused by https://github.com/Perl/perl5/commit/0351a629e7 which marked
the Perl_init_debugger symbol as hidden.
Seems like Perl_init_debugger was never meant to be part of the public API.
Merge request submitted
https://salsa.debian.org/gnome-team/cairomm1.16/-/merge_requests/3
Thanks,
-Neil
Are those library updates part of the security update?
The following packages will be REMOVED:
libc++1-16 libc++abi1-16 libunwind-16
The following NEW packages will be installed:
libc++1-19 libc++abi1-19 libunwind-19
The following packages will be upgraded:
chromium c
In Thunderbird 128.5.0esr (64-bit), this regression only exhibits when
checkbox **Sign-on at startup** for that account is *true*. (From tab
**Chat**, click button **Show Accounts**.)
However, if the checkbox is *false* when Thunderbird is started, and so
you manually push button **Connect**, the
Package: thunderbird
Version: 1:128.4.0esr-1~deb12u1
Regression coinciding with the Thunderbird security update in Debian
`stable` a few days ago.
Thunderbird Chat no longer shows IRC channels in the left pane of the
Chat window if the server is the ZNC bouncer, and the channel is already
joined
Package: kde-plasma-desktop
Version: 5:142
I have a Microsoft Natural Ergonomic Keyboard 4000. It has buttons
along the top for shortcuts to various applications and functions. I
use one of them as a launcher for kcalc. When I assign a KDE keyboard
shortcut key to it, it is labelled "Launch (1)" a
I took the second approach suggested by Gregor, of changing the install
order. Massive rewrite of d/rules to happen at a later date. :-)
--
Neil Roeth
Package: mkosi
Version: 20-1
Severity: normal
Tags: upstream patch
X-Debbugs-Cc: n...@aldur.co.uk
Dear Maintainer,
v20 erroneously removed the copy nspawn settings functionality even
though it continues to be used by 'machinectl pull-tar'. This has been
reversed upstream, and I would if you could
s not work
even in the simplest operation.
As I have reported here - https://github.com/apple/swift/issues/60690
<https://github.com/apple/swift/issues/60690> - even the basic swiftc complier
is not working.
Neil
> On Dec 2, 2023, at 5:52, Steve M wrote:
>
> Neil,
>
> Th
Package: swiftlang
Version: 5.6.3-2
Severity: important
X-Debbugs-Cc: futurejonesa...@gmail.com
Dear Maintainer,
* What led up to the situation?
Installed swiftlang and tried to build and run a simple Hello World project
* What exactly did you do (or not do) that was effective (or
in
It is not clear to me how to test if the path is embedded in the
libraries and whether the fix for this is still needed. I did a simple
grep for part of my local build path in the libraries of this package
and got no hits. Maybe something has changed since this bug was filed
so that this is n
Package: inetutils-telnetd
Version: 2:2.4-3
Severity: wishlist
Tags: patch
X-Debbugs-Cc: n...@aldur.co.uk
Dear Maintainer,
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-3-cloud-amd64 (SMP
intend to salvage
it with the plan to orphan it in three weeks. Please notify me if you
object.
--
Neil Roeth
parses '*.changes',
'*.dsc', and '*.buildinfo' better than I can, then perhaps it could be extended
to print the files being verified. Maybe it should grow a new option
'--print-files' to support exactly that.
Anywho, I'm happy to help if someone can sho
r Bug report
> which was filed against the tcsh package:
> #905649: tcsh: Filetest Built-In Does Not Recognize Filenames Containing '{'
> (left curly brace), Whether Quoted or Escaped
> It has been closed by Josef Schneider .
Thank you, Josef. I agree that the problem is not p
Package: rclone
Version: 1.53.3-4ubuntu1
Severity: normal
Dear Maintainer,
rclone uses TLS to connect to remote repositories, but lacks a Suggests
on ca-certificates. This leads to "x509: certificate signed by unknown
authority" errors.
Adding it in would mirror the Suggests in the 'openssl' pac
ON@@ARCHIVE_EXT@
Thanks,
—Neil
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.86 (SMP w/24 CPU threads)
Ker
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
As outlined in the orphaning bug (994986), the centreon-* packages
are no longer being maintained. centreon-clib was left in unstable
because it (initially) built OK without needing extra work. Other
centreon-* packages hav
Source: cimg
Version: 3.0.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cimg.
CVE-2022-1325[0]:
| A flaw was found in Clmg, where with the help of a maliciously crafted
| pandore or
Source: jpegqs
Version: 1.20210408-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jpegqs.
CVE-2022-35434[0]:
| jpeg-quantsmooth before commit 8879454 contained a floating point
| exception
Source: ring
Version: 20210112.2.b757bac~ds1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ring STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source multimedia communication
Source: asterisk
Version: 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for asterisk STUN support.
CVE-2022-31031[0]:
| PJSIP is a free and open source mul
pendencies to see if isotpsend support can be provided inside
autopkgtest. If that fails, the upstream tests will need to be confined
to Salsa and autopkgtests limited only to autopkgtest-pkg-python.
https://salsa.debian.org/pkg-security-team/scapy/-/commit/59a4c0e2ed8c24cf5a3d4412cecdd5086a5b0395
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
xprobe is an old package with no upstream development - the old SF page
links to a Wiki, other links in d.copyright go to 404.
The current RC bug can be fixed but the package no longer works in a
useful manner. xprobe is u
On Fri, 5 Aug 2022 11:22:30 +0200
=?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian_GNU=7cLinux=29?=
wrote:
> On Fri, 05 Aug 2022 09:41:46 +0100 Neil Williams
> wrote:
> > The following vulnerability was published for v4l2loopback (and is
> > not included in the recent v0.12.7 git
On Mon, 1 Aug 2022 18:25:04 +0200 Sylvestre Ledru wrote:
> Hello,
>
> Le 05/07/2022 à 11:19, Neil Williams a écrit :
> > Source: scilab
> > Version: 6.1.1+dfsg2-3
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: codeh...@debian.org,
Source: v4l2loopback
Version: 0.12.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for v4l2loopback (and is not
included in the recent v0.12.7 git tag).
CVE-2022-2652[0]:
| Depending on the wa
onstant<_Tp, __v>::value' 71 |
> template |
>^ /usr/include/c++/10/type_traits:59:29: note:
> 'constexpr const _Tp value' previously declared here 59 |
> static constexpr _Tp value = __v; | ^
>
> Andreas
--
Neil Will
Source: milkytracker
Version: 1.03.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for milkytracker.
CVE-2022-34927[0]:
| MilkyTracker v1.03.00 was discovered to contain a stack overflow
solete field Name from debian/upstream/metadata
> .
>[ Ole Streicher ]
>* Switch build depends on libnetpbm10-dev to libnetpbm-dev
> (Closes: #1003165)
1003165 is the wrong bug number and a different package. The B-D bug in
astrometry.net is 1016400.
https://bugs.debian.org
On Tue, 5 Jul 2022 11:58:12 +0200
Sebastiaan Couwenberg wrote:
> On 7/5/22 11:14, Neil Williams wrote:
> > CVE-2022-30045[0]:
> > | An issue was discovered in libezxml.a in ezXML 0.8.6. The function
> > | ezxml_decode() performs incorrect memory handling while parsing
&g
Source: scilab
Version: 6.1.1+dfsg2-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for scilab.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() pe
Source: navit
Version: 0.5.0+dfsg.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for navit.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() per
Source: mapcache
Version: 1.12.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for mapcache.
CVE-2022-30045[0]:
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function
| ezxml_decode() per
Source: passportjs
Version: 0.5.2+~1.0.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for passportjs.
CVE-2022-25896[0]:
| This affects the package passport before 0.6.0. When a user logs in or
| logs
not ideal and it is a
lot of work but it may be necessary to have libavcodec4-dev and
libavcodec-dev with a new source package ffmpeg4 alongside ffmpeg.
>
> Thank you,
> -Steve
>
> [1] https://mail.kde.org/pipermail/digikam-users/2022-July/033796.html
>
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgpbx_gmG9Uix.pgp
Description: OpenPGP digital signature
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-22577[0]:
| An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that
| could allow
Source: rails
Version: 2:6.1.4.6+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rails.
CVE-2022-21831[0]:
| A code injection vulnerability exists in the Active Storage >=
| v5.2.0 that
Source: smarty3
Version: 3.1.39-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty3.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentati
Source: smarty4
Version: 4.1.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for smarty4.
CVE-2022-29221[0]:
| Smarty is a template engine for PHP, facilitating the separation of
| presentati
Source: pyjwt
Version: 2.3.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for pyjwt.
CVE-2022-29217[0]:
| PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple
| different JWT
Source: golang-github-hashicorp-go-getter
Version: 1.4.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for
golang-github-hashicorp-go-getter.
CVE-2022-26945[0]:
| HashiCorp go-getter befor
Source: golang-github-tidwall-gjson
Version: 1.6.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-tidwall-gjson.
CVE-2021-42248[0]:
| GJSON <= 1.9.2 allows attackers to cause
Source: snowflake
Version: 1.1.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for snowflake.
CVE-2022-29222[0]:
| Pion DTLS is a Go implementation of Datagram Transport L
Source: snowflake
Version: 1.1.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for snowflake, via the
github.com/pion/dtls/v2 package included into debian/vendor/
CVE-2022-29189[0]:
| Pion DTLS is a
Source: node-formidable
Version: 3.2.3+20220426git971e3a7+~cs4.0.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-formidable.
CVE-2022-29622[0]:
| An arbitrary file upload vulnerability in form
Source: golang-gopkg-yaml.v3
Version: 3.0.0~git20200121.a6ecf24-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-gopkg-yaml.v3-dev.
CVE-2022-28948[0]:
| An issue in the Unmarshal function in Go
Package: texlive-binaries
Version: 2022.20220321.62855-1
Severity: important
File: /usr/bin/pdftosrc
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
texlive-binaries in unstable, experimental and bookworm embeds
xpdfreader 4.03 and the code is exposed via the pdftosrc bina
Source: dokuwiki
Version: 0.0.20200729-0.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for dokuwiki.
CVE-2022-28919[0]:
| HTMLCreator release_stable_2020-07-29 was discovered to contain a
| cross-site
Source: apscheduler
Version: 3.8.1-1
Severity: normal
X-Debbugs-Cc: codeh...@debian.org
Other packages using python3-apscheduler as a dependency have to work
around an error in the apscheduler packaging:
/usr/lib/python3/dist-packages/APScheduler-0.0.0.egg-info/PKG-INFO
Please fix the package so
Source: uclibc
Version: 1.0.35-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for uclibc.
CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions ma
I've encountered the same issue when attempting to install the aiohttp
package or anything that depends on it, which seems to be a lot.
File "/usr/lib/python3.10/_distutils_system_mod.py", line 125, in
_inject_headers
scheme['headers'] =
orig_install._load_schemes()['posix_prefix'
Package: libsdl2-ttf-dev
Version: 2.0.18+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libsdl2-ttf.
CVE-2022-27470[0]:
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
| memo
Source: libgoogle-gson-java
Version: 2.8.8-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libgoogle-gson-java.
CVE-2022-25647[0]:
| The package com.google.code.gson:gson before 2.8.9 are vulnerable
Source: ruby-xmlhash
Version: 1.3.6-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-xmlhash.
CVE-2022-21949[0]:
| A Improper Restriction of XML External Entity Reference vulnerability
| in SUSE
Source: ecdsautils
Version: 0.3.2+git20151018-2
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: codeh...@debian.org
Hi,
I was checking new CVEs and noticed that ecdsautils uses an old fork of
the upstream project at https://github.com/tcatm/ecdsautils . This site
has since moved to https://github
Source: google-oauth-client-java
Version: 1.28.0-2
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for google-oauth-client-java.
CVE-2021-22573[0]:
| The vulnerability is that
16:14:53.825: g_file_get_child:
assertion 'G_IS_FILE (file)' failed
L 257710 2022-05-04 16:14:53 [CRT] plugins_search_for_plugins: assertion
'G_TYPE_CHECK_INSTANCE_TYPE (dir, g_file_get_type ())' failed
https://bugs.launchpad.net/ubuntu/+source/shotwell/+bug/1969439 may also
ontinues to build in Ubuntu.
> >
> > Please re-enable building on riscv64 as we would like to promote
> > riscv64 to a release architecture.
>
> Neil, is there a particular reason riscv64 support was disabled in
> 2021.12+ds1-3?
I didn't see it as particularly likely that
Source: node-ejs
Version: 3.1.6-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for node-ejs.
CVE-2022-29078[0]:
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js
| allows server-si
Source: horizon-eda
Version: 2.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for horizon-eda.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData functi
Source: librecad
Version: 2.1.3-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for librecad.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData functionalit
Source: cloudcompare
Version: 2.11.3-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cloudcompare.
CVE-2021-21897[0]:
| A code execution vulnerability exists in the
| DL_Dxf::handleLWPolylineData fun
Source: libowasp-esapi-java
Version: 2.2.3.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for libowasp-esapi-java.
CVE-2022-24891[0]:
| ESAPI (The OWASP Enterprise Security API) is a free, open sou
Source: httpx
Version: 0.22.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for httpx.
CVE-2021-41945[0]:
| Encode OSS httpx <=1.0.0.beta0 is affected by improper input
| validation in `httpx.
On Mon, 25 Apr 2022 21:43:30 -0700 tony mancill
wrote:
> On Mon, Apr 25, 2022 at 07:22:12PM +0200, Salvatore Bonaccorso wrote:
> > Hi!
> >
> > On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote:
> > > On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams
>
On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams wrote:
> Please note, the current homepage for libowasp-antisamy-java appears to
> have no commits beyond version 1.5.3 but the change for CVE-2022-29577
> does match the source code for libowasp-antisamy-java:
> https://sources.de
Source: libowasp-antisamy-java
Version: 1.5.3+dfsg-1.1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
Please note, the current homepage for libowasp-antisamy-java appears to
have no commits beyond version 1.5.3 but the change for CVE-2022-29577
do
pecify the location of omniMapper's config file.
Alternatively, set the environment variable OMNIMAPPER_CONFIG
or use the default /etc/omniMapper.cfg.
Use -v to verbosely record what's going on.
I'll close this bug report with the next upload of omniorb.
--
Neil Williams
=
Source: composer
Version: 2.2.9-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for composer.
CVE-2022-24828[0]:
| Composer is a dependency manager for the PHP programming language.
| Integrators using C
thout such an upgrade feature. If there is time, then we are
> working a V7 version with the V6 to V7 block upgrade capability and
> would like to release that.
Seems sensible.
>
> Thanks,
> Amul
>
> -Original Message-
> From: Andreas Tille
> Sent: Wednesday
Source: fis-gtm
Version: 6.3-014-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for fis-gtm.
CVE-2021-44492[0]:
| An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS
| GT.M through
Source: haskell-aeson
Version: 1.4.7.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for haskell-aeson.
CVE-2021-41119[0]:
| Wire-server is the system server for the wire back-end services.
| Releases
Source: grunt
Version: 1.4.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for grunt.
CVE-2022-0436[0]:
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
If you fix the vulnerabilit
On Wed, 13 Apr 2022 11:18:50 +0100 Neil Williams
wrote:
> Source: ruby-devise-two-factor
> Version: 4.0.2-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability was publis
Source: ruby-devise-two-factor
Version: 4.0.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-devise-two-factor.
CVE-2021-43177[0]:
| As a result of an incomplete fix for CVE-2015-7225, in versi
Source: android-platform-frameworks-base
Version: 1:10.0.0+r36-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for android-platform-frameworks-base.
CVE-2021-39796[0]:
| In HarmfulAppWarningActivity of H
Source: mruby
Version: 3.0.0-3
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for mruby.
CVE-2022-1212[0]:
| Use-After-Free in str_escape in mruby/mruby in GitHub repository
| mruby/mruby prior to 3.2. Possibl
Source: ruby-asciidoctor-include-ext
Version: 0.3.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ruby-asciidoctor-include-ext.
CVE-2022-24803[0]:
| Asciidoctor-include-ext is Asciidoctor’s s
Source: twisted
Version: 22.2.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for twisted.
CVE-2022-24801[0]:
| Twisted is an event-based framework for internet applications,
| supporting Python 3.6+.
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: pyimagetool
Version : 1.0
Upstream Author : Kyle Gordon
* URL : https://github.com/kgord831/PyImageTool
* License : GPL3
On 2022-04-02 09:14, tony mancill wrote:
I will work on patching 8.12.46 and also mention this upstream. The
changelogs for 8.12.45 and 8.12.46 only reference metadata updates.
If there was a non-metadata change that wasn't mentioned in the
changelog, it will be the second time this has happen
Source: puma
Version: 5.5.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puma.
CVE-2022-24790[0]:
| Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for
| Ruby/Rack applications. W
in but it may be necessary to retain the current patch method
and I don't see why that is against Policy. It's not pretty, I agree,
but I have not (yet) found an alternative.
--
Neil Williams
=
https://linux.codehelp.co.uk/
pgp0AGDKt81aG.pgp
Description: OpenPGP digital signature
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: xrt
Version : 1.4.0-1
Upstream Author : Konstantin Klementiev
* URL : https://github.com/kklmn/xrt
* License : Expat
Source: clickhouse
Version: 18.16.1+ds-7.2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for clickhouse.
The vulnerabilities require authentication, but can be triggered by any user
with read
permis
Package: wnpp
Severity: wishlist
Owner: Neil Williams
X-Debbugs-Cc: debian-de...@lists.debian.org, codeh...@debian.org
* Package name: looktxt
Version : 1.5-1
Upstream Author : Emmanuel Farhi
* URL : https://github.com/farhi/looktxt
* License : GPL-2
Source: python-model-mommy
Version: Replaced by python-model-bakery
Severity: normal
Background:
https://linux.codehelp.co.uk/moving-to-bakery.html
"Model Bakery is a rename of the legacy Model Mommy project."
https://github.com/model-bakers/model_bakery
IMPORTANT: Model Mommy is no longer maint
Source: kotlin
Version: 1.3.31+~1.0.1+~0.11.12-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for kotlin.
CVE-2022-24329[0]:
| In JetBrains Kotlin before 1.6.0, it was not possible to lock
| dependencie
Source: tightvnc
Version: 1:1.3.10-5
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for tightvnc.
CVE-2022-23967[0]:
| In TightVNC 1.3.10, there is an integer signedness error and resultant
| heap-based b
Source: jackson-databind
Version: 2.13.0-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jackson-databind.
CVE-2020-36518[0]:
| jackson-databind before 2.13.0 allows a Java StackOverflow exception
|
Source: ruby-commonmarker
Version: 0.23.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
iHi,
The following vulnerability was published for ruby-commonmarker.
https://sources.debian.org/src/ruby-commonmarker/0.23.2-2/ext/commonmarker/table.c/?hl=16
Source: r-cran-commonmark
Version: 1.7-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for r-cran-commonmark.
https://sources.debian.org/src/r-cran-commonmark/1.7-2/src/extensions/table.c/?hl=140#L140
CVE-2
Source: python-cmarkgfm
Version: 0.4.2-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for python-cmarkgfm.
https://sources.debian.org/src/python-cmarkgfm/0.4.2-1/third_party/cmark/extensions/table.c/?hl
Source: cmark-gfm
Version: 0.29.0.gfm.2-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for cmark-gfm.
CVE-2022-24724[0]:
| cmark-gfm is GitHub's extended version of the C reference
| implementation of Commo
Source: ghostwriter
Version: 2.1.1-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostwriter.
https://sources.debian.org/src/ghostwriter/2.1.1-1/3rdparty/cmark-gfm/extensions/table.c/?hl=154#L154
Source: hoteldruid
Version: 3.0.3-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
The following vulnerability was published for hoteldruid.
CVE-2022-22909[0]:
| HotelDruid v3.0.3 was discovered to contain a remote code execution
| (RCE) vulnerabilit
Source: puppet-module-puppetlabs-firewall
Version: 1.12.0-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for puppet-module-puppetlabs-firewall.
CVE-2022-0675[0]:
| In certain situations it is possible f
.
Kind regards,
Neil.
-- Package-specific info:
/etc/X11/X does not exist.
/etc/X11/X is not a symlink.
/etc/X11/X is not executable.
VGA-compatible devices on PCI bus:
--
07:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc.
[AMD/ATI] Cezanne [100
1 - 100 of 3424 matches
Mail list logo
