Processing control commands:
> affects 1057096 + rsopv
Bug #1057096 [src:rust-rsa] rust-rsa: CVE-2023-49092: RUSTSEC-2023-0071: Marvin
Attack: potential key recovery through timing sidechannels
Added indication that 1057096 affects rsopv
--
1057096: https://bugs.debian.org/cgi-bin/bugreport.cgi
Control: affects 1057096 + rsopv
On Wed 2023-11-29 17:27:15 +0100, Salvatore Bonaccorso wrote:
> The following vulnerability was published for rust-rsa.
>
> CVE-2023-49092[0]:
My understanding is that we have other instances of the MARVIN attack
available in debian which have not yet been solved.
Control: severity -1 important
Lowering the severity as the security-tracker marks it as a no-dsa minor issue.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Processing control commands:
> severity -1 important
Bug #1014124 [qt5-image-formats-plugins] buffer overflow in the mng plugin for
Qt (CVE-2020-23884)
Severity set to 'important' from 'grave'
--
1014124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014124
Debian Bug Tracking System
Conta
Your message dated Fri, 25 Oct 2024 21:16:45 +
with message-id
and subject line Bug#1086025: fixed in rustc 1.82.0+dfsg1-1
has caused the Debian Bug report #1086025,
regarding cargo wrapper: `--config lto` wrongly gets passed along to cargo test
to be marked as done.
This means that you claim
Your message dated Fri, 25 Oct 2024 20:56:17 +
with message-id
and subject line Bug#1075559: fixed in telepathy-logger 0.8.2-4.1
has caused the Debian Bug report #1075559,
regarding telepathy-logger: ftbfs with GCC-14
to be marked as done.
This means that you claim that the problem has been d
Processing commands for cont...@bugs.debian.org:
> found 1086042 1.2.5-1
Bug #1086042 [src:openrefine-butterfly] openrefine-butterfly: CVE-2024-47883
Marked as found in versions openrefine-butterfly/1.2.5-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1086042:
Your message dated Fri, 25 Oct 2024 18:39:04 +
with message-id
and subject line Bug#1082910: fixed in uronode 2.15-5
has caused the Debian Bug report #1082910,
regarding src:uronode: fails to migrate to testing for too long
to be marked as done.
This means that you claim that the problem has
Your message dated Fri, 25 Oct 2024 18:21:32 +
with message-id
and subject line Bug#1081861: fixed in ftgl 2.4.0-4
has caused the Debian Bug report #1081861,
regarding ftgl: FTBFS: FTVectoriser.cpp:171:25: error: invalid conversion from
'unsigned char*' to 'char*' [-fpermissive]
to be marked
On Fri, 25 Oct 2024 20:04, Fabian Grünbichler wrote:
Yes, src:rustc / bin:cargo is correct. I already prepared a fix and hopefully
Rust 1.82 with that included will hit unstable later tonight :)
Thanks for the quick fix :)
best,
werdahias
On October 25, 2024 6:29:05 PM GMT+02:00, Simon McVittie
wrote:
>On Fri, 25 Oct 2024 at 16:24:40 +0200, Matthias Geiger wrote:
>> On Fri, 25 Oct 2024 10:41, Simon McVittie wrote:
>> > I don't know Rust, but this looks to me to be more like a problem with
>> > how `cargo test` is invoking the
Processing control commands:
> reassign -1 cargo
Bug #1086025 [src:loupe] loupe: FTBFS with DEB_BUILD_OPTIONS=optimize=-lto:
Unrecognized option: 'config'
Bug reassigned from package 'src:loupe' to 'cargo'.
No longer marked as found in versions loupe/47.1-2.
Ignoring request to alter fixed versio
Control: reassign -1 cargo
Control: retitle -1 cargo wrapper: `--config lto` wrongly gets passed along to
cargo test
Control: affects -1 + src:loupe
> > Where does that wrapper come from? I'm guessing src:rustc? Are its
> > maintainers aware of this problem?
> It comes from bin:cargo. f_g (added
On Fri, 25 Oct 2024 10:41, Simon McVittie wrote:
Source: loupe
Version: 47.1-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: debian-r...@lists.debian.org
loupe failed to build (again) on the 32-bit release architecture
On Fri, 25 Oct 2024 19:34, Simon McVittie wrote:
Control: reassign -1 cargo
Control: retitle -1 cargo wrapper: `--config lto` wrongly gets passed along to
cargo test
Control: affects -1 + src:loupe
Something went wrong with your mail headers, really reassigning now.
When reassigning a bug tha
On Fri, 25 Oct 2024 at 16:24:40 +0200, Matthias Geiger wrote:
> On Fri, 25 Oct 2024 10:41, Simon McVittie wrote:
> > I don't know Rust, but this looks to me to be more like a problem with
> > how `cargo test` is invoking the test executable, rather than a problem
> > with this specific package.
>
Processing commands for cont...@bugs.debian.org:
> tags 1086038 + upstream
Bug #1086038 [src:pam] pam: CVE-2024-10041
Added tag(s) upstream.
> tags 1086039 + upstream
Bug #1086039 [src:botan] botan: CVE-2024-50383
Added tag(s) upstream.
> tags 1086042 + upstream
Bug #1086042 [src:openrefine-butter
El 25/10/24 a las 16:33, Andrea Pappacoda escribió:
override_dh_auto_build:
---> ln -s ../meson-docs subprojects/
CC="$(CC_FOR_BUILD)" CFLAGS="$(CPPFLAGS_FOR_BUILD) $(CFLAGS_FOR_BUILD)"
LDFLAGS="$(LDFLAGS_FOR_BUILD)" ./bootstrap.sh build
build/muon setup -Dprefix=/usr -Dsamu
Processing commands for cont...@bugs.debian.org:
> severity 1083157 normal
Bug #1083157 [src:acl2] acl2: Includes non-free RFC again
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1083157: https://bugs.debian.org/cgi-bin/bu
Hi Santiago,
On Thu Oct 24, 2024 at 1:43 PM CEST, Santiago Vila wrote:
I think this is a Debian bug, which adds "meson-docs" to
the build but without extra dependencies:
override_dh_auto_build:
--->ln -s ../meson-docs subprojects/
CC="$(CC_FOR_BUILD)" CFLAGS="$(CPPFLAGS_FOR_BUILD)
Your message dated Fri, 25 Oct 2024 13:59:41 +
with message-id
and subject line Bug#1077463: fixed in r-cran-backports 1.5.0-2
has caused the Debian Bug report #1077463,
regarding r-cran-backports: autopkgtest regression: Testing test_dotlibPaths.R
to be marked as done.
This means that you cl
Source: openrefine-butterfly
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for openrefine-butterfly.
CVE-2024-47883[0]:
| The OpenRefine fork of the MIT Simile Butterfly server is a modular
| web application framework. The But
Source: openrefine
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openrefine.
CVE-2024-49760[0]:
| OpenRefine is a free, open source tool for working with messy data.
| The load-language command expects a `lang` paramete
Processing commands for cont...@bugs.debian.org:
> severity 1086043 important
Bug #1086043 [src:assimp] assimp: CVE-2024-48426
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1086043: https://bugs.debian.org/cgi-bin/bugrepo
Processing commands for cont...@bugs.debian.org:
> block 1078531 with 1086040
Bug #1078531 [src:python-mp-api] python-mp-api: new release requires unpackaged
maggma package
1078531 was not blocked by any bugs.
1078531 was not blocking any bugs.
Added blocking bug(s) of 1078531: 1086040
> thanks
S
Source: assimp
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for assimp.
CVE-2024-48426[0]:
| A segmentation fault (SEGV) was detected in the
| SortByPTypeProcess::Execute function in the Assimp library during
| fuzz testing w
I am CCing one of the maintainers, so that they can see this, as it
affects both Debian and likely ubuntu MATE as well.
-John
Package: libgio-2.0-dev
Version: 2.82.1-1
Severity: serious
Justification: undeclared conflict/depends
Hi,
during update dpkg failed with:
Unpacking libgio-2.0-dev:amd64 (2.82.1-1) ...
dpkg: error processing archive
/tmp/apt-dpkg-install-vCerzj/09-libgio-2.0-dev_2.82.1-1_amd64.deb (--unpack):
Hi,
On Thu, Oct 24, 2024 at 10:12:12PM -0500, Aaron Rainbolt wrote:
> gzip is a package with priority "essential". It currently suggests the
> "less" package, which has priority "important". less is a hard
> dependency of zless - if it is not installed, zless will error out with
> "exec: less: not
Your message dated Fri, 25 Oct 2024 10:40:24 +
with message-id
and subject line Bug#1062879: fixed in safeclib 3.7.1-2.1
has caused the Debian Bug report #1062879,
regarding safeclib: NMU diff for 64-bit time_t transition
to be marked as done.
This means that you claim that the problem has be
Processing control commands:
> severity -1 important
Bug #1086028 [src:loupe] loupe: FTBFS on mips64el: failed to acquire jobserver
token: Bad address (os error 14)
Severity set to 'important' from 'serious'
> tags -1 + unreproducible
Bug #1086028 [src:loupe] loupe: FTBFS on mips64el: failed to a
Control: severity -1 important
Control: tags -1 + unreproducible
On Fri, 25 Oct 2024 at 09:48:45 +0100, Simon McVittie wrote:
> > error: failed to acquire jobserver token
> >
> > Caused by:
> > Bad address (os error 14)
>
> I've retried the build: if it succeeds, we can downgrade the severity
Processing control commands:
> severity -1 serious
Bug #1085853 [libclang-rt-19-dev] libclang-rt-19-dev: please re-enable for
32-bit archs
Severity set to 'serious' from 'normal'
--
1085853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085853
Debian Bug Tracking System
Contact ow...@bugs.
Your message dated Fri, 25 Oct 2024 09:14:28 +
with message-id
and subject line Bug#1084844: fixed in nvidia-graphics-drivers 545.23.06-3
has caused the Debian Bug report #1084844,
regarding nvidia-graphics-drivers - fails autopkgtest
to be marked as done.
This means that you claim that the p
Your message dated Fri, 25 Oct 2024 09:13:55 +
with message-id
and subject line Bug#1084844: fixed in nvidia-graphics-drivers 535.183.06-2
has caused the Debian Bug report #1084844,
regarding nvidia-graphics-drivers - fails autopkgtest
to be marked as done.
This means that you claim that the
Source: loupe
Version: 47.1-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: debian-m...@lists.debian.org, debian-r...@lists.debian.org
User: debian-m...@lists.debian.org
Usertags: mips64el
loupe 47.1-2 failed to build on
Source: loupe
Version: 47.1-2
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: debian-r...@lists.debian.org
loupe failed to build (again) on the 32-bit release architectures armel,
armhf and i386:
https://buildd.debian.org/
Processing commands for cont...@bugs.debian.org:
> tags 1085354 - fixed-upstream
Bug #1085354 [src:mbedtls] mbedtls FTBFS on arm64 with gcc 14
Removed tag(s) fixed-upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1085354: https://bugs.debian.org/cgi-bin/b
Processing commands for cont...@bugs.debian.org:
> forwarded 1085979 https://github.com/greenbone/gvm-libs/issues/846
Bug #1085979 [src:gvm-libs] gvm-libs: FTBFS on 32 bit architectures
Set Bug forwarded-to-address to
'https://github.com/greenbone/gvm-libs/issues/846'.
>
End of message, stopping
Processing commands for cont...@bugs.debian.org:
> #
> # bts-link upstream status pull for source package src:neo
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting
Processing commands for cont...@bugs.debian.org:
> #
> # bts-link upstream status pull for source package src:libunwind
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
S
Your message dated Wed, 23 Oct 2024 17:55:46 +
with message-id
and subject line Bug#1085275: Removed package(s) from unstable
has caused the Debian Bug report #1035698,
regarding cpl-plugin-hawki-calib: hawki-kit-2.4.8*.tar.gz is no longer
downloadable
to be marked as done.
This means that y
Hi,
On Wed, 16 Oct 2024 10:12:18 +0200 Guido =?iso-8859-1?Q?G=FCnther?=
wrote:
Hi,
thanks for looking into this.
On Wed, Oct 16, 2024 at 02:50:15PM +0800, zhangdandan wrote:
> 3. Solution
> Please take care of the d/control file in phoc packages.
> ```
> libwlroots-dev (>= 0.17.0),
> libwlr
Processing commands for cont...@bugs.debian.org:
> #
> # bts-link upstream status pull for source package cups
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Setting us
Your message dated Thu, 24 Oct 2024 18:35:43 +
with message-id
and subject line Bug#1079785: fixed in pmbootstrap 2.3.1-1
has caused the Debian Bug report #1079785,
regarding pmbootstrap: out of date, no longer functional (≥2.3.0 now required)
to be marked as done.
This means that you claim t
Processing control commands:
> tags -1 + patch
Bug #1086011 [src:fence-agents] fence-agents: Please set
net.ipv4.ping_group_range sysctl in autopkgtests
Added tag(s) patch.
--
1086011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086011
Debian Bug Tracking System
Contact ow...@bugs.debian
Your message dated Thu, 24 Oct 2024 20:02:14 +
with message-id
and subject line Bug#1085958: fixed in waagent 2.12.0.2~pre-2
has caused the Debian Bug report #1085958,
regarding waagent: FTBFS: FileNotFoundError: [Errno 2] No such file or
directory: '/usr/bin/openssl'
to be marked as done.
T
Your message dated Thu, 24 Oct 2024 17:49:02 +
with message-id
and subject line Bug#1085057: fixed in guile-commonmark 0.1.2+20240812-3
has caused the Debian Bug report #1085057,
regarding guile-commonmark: FTBFS: failing tests
to be marked as done.
This means that you claim that the problem
48 matches
Mail list logo
