Hi Chris,
On Thu, Jul 10, 2025 at 11:59:31AM -0700, Chris Lamb wrote:
> Hello Security Team,
>
> Would you be interested in a bullseye update for redis in order to
> address the two latest CVEs?
>
> That would be:
>
> * CVE-2025-32023 (#1108975)
> * CVE-2025-48367 (#1108981)
>
> I'm prepar
Source: receptor
Version: 1.5.5-1
Severity: serious
User: debian...@lists.debian.org
Usertags: flaky
User: release.debian@packages.debian.org
Usertags: trixie-no-auto-remove
Dear maintainer(s),
I looked at the results of the autopkgtest of your package because it
was blocking the migration
Your message dated Sun, 20 Jul 2025 01:04:17 +
with message-id
and subject line Bug#1109547: fixed in package-lint-el 0.26-2
has caused the Debian Bug report #1109547,
regarding package-lint-el: Broken by Emacs with new dependency relationships
to be marked as done.
This means that you claim
Sean Whitton writes:
> Source: package-lint-el
> Version: 0.26-1
> Severity: serious
> X-debbugs-cc: manp...@gmail.com
>
> Dear maintainer,
>
> package-lint-el's autopkgtest is failing against Emacs uploaded
> yesterday. Please investigate. Thanks.
>
It looks like package-lint only considers e
Package: hunspell-dz
Version: 0.1.0-2
Severity: serious
X-Debbugs-Cc: so...@debian.org
The dictionary in this package does not work properly with LibreOffice
because the affix and dictionary files use only the language code (e.g.,
"dz.aff" and "dz.dic") without the country suffix.
LibreOffice
Hi Henrique,
On Thu, Jul 10, 2025 at 09:12:23AM +0200, Salvatore Bonaccorso wrote:
> Source: amd64-microcode
> Version: 3.20250311.1
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
> Control: found -1 3.20250311.1~deb12u1
>
> Hi Henrique,
>
Oh thank you!
/Simon
> 19 juli 2025 kl. 22:05 skrev Bastian Germann :
>
>
> I have already filed bug#1109540 (unblock:
> golang-github-containers-ocicrypt/1.1.10-3)
Source: package-lint-el
Version: 0.26-1
Severity: serious
X-debbugs-cc: manp...@gmail.com
Dear maintainer,
package-lint-el's autopkgtest is failing against Emacs uploaded
yesterday. Please investigate. Thanks.
--
Sean Whitton
signature.asc
Description: PGP signature
Bastian Germann writes:
> All of the reverse dependencies should be okay when #1109389 is fixed.
How do we stop the autoremoval from happening on 2025-08-22? The
migration of golang-github-containers-ocicrypt from unstable to testing
won't happen before then. Is this a situation where we shoul
Hi Jochen,
Ok. It looked like sort of miscommunication between online and offline.
Thanks for figuring out a working solution with offline folks.
The /var/lib/apt method is indeed a great way to experiment fixes.
And I confirm that Breaks+Replaces still does not resolving the issue.
I rethought
On 19/07/25 at 18:30 +0200, Yves-Alexis Perez wrote:
> On Sat, 2025-07-19 at 11:51 +0200, Lucas Nussbaum wrote:
> > The following fails:
> > - In bookworm, install strongswan
> > - dist-upgrade to trixie
> > I would expect strongswan to be upgraded, but it is not. It remains at the
> > bookworm ver
Hi,
I talked to the apt maintainer and other experienced DDs at DebConf and we
don't think it will work without a transition package in bookworm. Jilian said
that it would work with apt from experimental but that's not an option.
Basically apt will sort keeping libatlas3-base installed over any
Your message dated Sat, 19 Jul 2025 17:00:13 +
with message-id
and subject line Bug#1109176: fixed in lapack 3.12.1-3
has caused the Debian Bug report #1109176,
regarding Broken liblapacke:amd64 Breaks on libatlas3-base
to be marked as done.
This means that you claim that the problem has been
Your message dated Sat, 19 Jul 2025 17:00:13 +
with message-id
and subject line Bug#1109176: fixed in lapack 3.12.1-3
has caused the Debian Bug report #1109176,
regarding Broken liblapacke:amd64 Breaks on libatlas3-base
to be marked as done.
This means that you claim that the problem has been
Your message dated Sat, 19 Jul 2025 17:00:13 +
with message-id
and subject line Bug#1109176: fixed in lapack 3.12.1-3
has caused the Debian Bug report #1109176,
regarding Broken liblapacke:amd64 Breaks on libatlas3-base
to be marked as done.
This means that you claim that the problem has been
Your message dated Sat, 19 Jul 2025 17:00:13 +
with message-id
and subject line Bug#1109176: fixed in lapack 3.12.1-3
has caused the Debian Bug report #1109176,
regarding Broken liblapacke:amd64 Breaks on libatlas3-base
to be marked as done.
This means that you claim that the problem has been
I disagree. You may have incorrectly understood the package
relationship here.
The binary package liblapacke is not a transitional package.
The latest liblapacke cannot provide what the old libatlas3-base
package provides. Instead, libatlas3-base is always a candidate
that may serve as a dependenc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, 2025-07-19 at 11:51 +0200, Lucas Nussbaum wrote:
> The following fails:
> - In bookworm, install strongswan
> - dist-upgrade to trixie
> I would expect strongswan to be upgraded, but it is not. It remains at the
> bookworm version.
> 'apt ins
Hi,
I looked into it a bit more and got it working with a transitional dummy
package as described here:
https://wiki.debian.org/RenamingPackages
I have added this to lapack:
Package: libatlas3-base
Depends: libblas3, ${misc:Depends}
Architecture: all
Priority: optional
Section: oldlibs
Your message dated Sat, 19 Jul 2025 14:40:06 +
with message-id
and subject line Bug#1098586: fixed in orange-canvas-core 0.2.5-2
has caused the Debian Bug report #1098586,
regarding orange-canvas-core: FTBFS: Segmentation fault
to be marked as done.
This means that you claim that the problem
Processing commands for cont...@bugs.debian.org:
> affects 1101839 - src:orange-canvas-core
Bug #1101839 [python3-tqdm] python3-tqdm: segmentation fault in destructor
method
Removed indication that 1101839 affects src:orange-canvas-core
> thanks
Stopping processing here.
Please contact me if you
Processing commands for cont...@bugs.debian.org:
> affects 1101839 - src:orange-canvas-core
Bug #1101839 [python3-tqdm] python3-tqdm: segmentation fault in destructor
method
Removed indication that 1101839 affects
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Your message dated Sat, 19 Jul 2025 13:05:28 +
with message-id
and subject line Bug#1109511: fixed in pyqso 1.1.0-9
has caused the Debian Bug report #1109511,
regarding PyQSO has missing python3 telnetlib dependency and does not run
to be marked as done.
This means that you claim that the pro
Processing commands for cont...@bugs.debian.org:
> retitle 1109494 7zip-rar: CVE-2025-53816
Bug #1109494 {Done: Salvatore Bonaccorso } [src:7zip-rar]
p7zip-rar: CVE-2025-53816
Changed Bug title to '7zip-rar: CVE-2025-53816' from 'p7zip-rar:
CVE-2025-53816'.
> thanks
Stopping processing here.
Pl
Processing commands for cont...@bugs.debian.org:
> reassign 1109494 src:7zip-rar 24.09+ds-3
Bug #1109494 {Done: Salvatore Bonaccorso } [src:p7zip-rar]
p7zip-rar: CVE-2025-53816
Bug reassigned from package 'src:p7zip-rar' to 'src:7zip-rar'.
No longer marked as found in versions p7zip-rar/24.09+ds-
Processing commands for cont...@bugs.debian.org:
> reassign 1109494 src:p7zip-rar 24.09+ds-3
Bug #1109494 {Done: Salvatore Bonaccorso } [src:7zip] 7zip:
CVE-2025-53816 CVE-2025-53817
Bug reassigned from package 'src:7zip' to 'src:p7zip-rar'.
No longer marked as found in versions 7zip/24.09+dfsg-8
Hi
On Sat, Jul 19, 2025 at 12:15:37PM +0200, Sylvain Beucler wrote:
> Hi,
>
> Looking at https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/ it
> seems CVE-2025-53816 is affecting [p]7zip-rar.
>
> The analyzed faulty code lies in CPP/7zip/Compress/Rar5Decoder.cpp which is
> excluded f
Processing commands for cont...@bugs.debian.org:
> retitle 1109494 p7zip-rar: CVE-2025-53816
Bug #1109494 {Done: Salvatore Bonaccorso } [src:p7zip-rar]
7zip: CVE-2025-53816 CVE-2025-53817
Changed Bug title to 'p7zip-rar: CVE-2025-53816' from '7zip: CVE-2025-53816
CVE-2025-53817'.
> thanks
Stoppi
Processing commands for cont...@bugs.debian.org:
> affects 1101839 - orange-canvas-core
Bug #1101839 [python3-tqdm] python3-tqdm: segmentation fault in destructor
method
Removed indication that 1101839 affects
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1101
The root cause looks like the golang-github-golang-protobuf-1-3-dev
-> golang-github-golang-protobuf-1-5-dev transition.
signature.asc
Description: This is a digitally signed message part
Processing control commands:
> severity -1 important
Bug #1109518 [qgis] qgis: fails to dist-upgrade from bookworm to trixie
(removed during dist-upgrade)
Severity set to 'important' from 'serious'
--
1109518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109518
Debian Bug Tracking System
Control: severity -1 important
Let's not trigger testing autoremoval for this issue.
On 7/19/25 12:46 PM, Lucas Nussbaum wrote:
The following fails:
- In bookworm, install qgis
- apt upgrade to trixe (to upgrade what can easily be upgraded)
- apt dist-upgrade # qgis gets removed
- apt install q
Processing commands for cont...@bugs.debian.org:
> tags 1109518 + moreinfo
Bug #1109518 [qgis] qgis: fails to dist-upgrade from bookworm to trixie
(removed during dist-upgrade)
Added tag(s) moreinfo.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1109518: https:
Processing commands for cont...@bugs.debian.org:
> severity 1109511 grave
Bug #1109511 [pyqso] PyQSO has missing python3 telnetlib dependency and does
not run
Severity set to 'grave' from 'normal'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1109511: https://b
On 19/07/2025 12:15, Sylvain Beucler wrote:
The My_ZeroMemory logic appears to have been introduced in the 24.05
import:
https://github.com/ip7z/7zip/
commit/395149956d696e6e3099d8b76d797437f94a6942#diff-88a43083a0af8a34f1f0839670eea79d7b201bad3e5662e97159075880cbL1905-R1941
Correction, si
Hi,
Looking at
https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/ it seems
CVE-2025-53816 is affecting [p]7zip-rar.
The analyzed faulty code lies in CPP/7zip/Compress/Rar5Decoder.cpp which
is excluded from [p]7zip (per debian/copyright).
The code is modified in 25.00 import:
ht
Package: golang-github-dgraph-io-badger-dev
Version: 2.2007.2-4
Severity: serious
Hi,
The following fails:
- In bookworm, install golang-github-dgraph-io-badger-dev
- dist-upgrade to trixie
I would expect golang-github-dgraph-io-badger-dev to be upgraded, but it is
not. It remains at the bookwor
Package: golang-gomega-dev
Version: 1.36.2-1
Severity: serious
Hi,
The following fails:
- In bookworm, install golang-gomega-dev
- dist-upgrade to trixie
I would expect golang-gomega-dev to be upgraded, but it is not. It remains at
the bookworm version.
'apt install'ing manually in trixie works
Package: golang-github-googleapis-gnostic-dev
Version: 0.2.0-7
Severity: serious
Hi,
The following fails:
- In bookworm, install golang-github-googleapis-gnostic-dev
- dist-upgrade to trixie
I would expect golang-github-googleapis-gnostic-dev to be upgraded, but it is
not. It remains at the book
Package: golang-github-nats-io-go-nats-dev
Version: 1.41.0-1
Severity: serious
Hi,
The following fails:
- In bookworm, install golang-github-nats-io-go-nats-dev
- dist-upgrade to trixie
I would expect golang-github-nats-io-go-nats-dev to be upgraded, but it is not.
It remains at the bookworm ver
Package: golang-github-denverdino-aliyungo-dev
Version: 0.0~git20180921.13fa8aa-4
Severity: serious
Hi,
The following fails:
- In bookworm, install golang-github-denverdino-aliyungo-dev
- dist-upgrade to trixie
I would expect golang-github-denverdino-aliyungo-dev to be upgraded, but it is
not. I
Package: liblldb-dev
Version: 1:19.0-63
Severity: serious
Hi,
The following fails:
- In bookworm, install liblldb-dev
- dist-upgrade to trixie
I would expect liblldb-dev to be upgraded, but it is not. It remains at the
bookworm version.
'apt install'ing manually in trixie works fine.
There migh
Package: strongswan
Version: 6.0.1-5
Severity: serious
Hi,
The following fails:
- In bookworm, install strongswan
- dist-upgrade to trixie
I would expect strongswan to be upgraded, but it is not. It remains at the
bookworm version.
'apt install'ing manually in trixie works fine.
There might be
Package: gcc-offload-amdgcn
Version: 4:14.2.0-1
Severity: serious
Hi,
The following fails:
- In bookworm, install gcc-offload-amdgcn
- dist-upgrade to trixie
I would expect gcc-offload-amdgcn to be upgraded, but it is not.
Instead, it stays at version 4:12.2.0-3.
MWE:
PKG=gcc-offload-amdgcn; mm
On Sat, Jul 19, 2025 at 11:06:17AM +0200, Niels Thykier wrote:
> FWIW, I checked the stable version of bacula-common and it has the same
> story. The `systemd-tmpfiles` call only appears in the `postinst`, so there
> is no way I can find that a `bacula-common.preinst` call would trigger
> `systemd-
Chris Hofstaedtler:
[...]
The preinst script should be this:
https://binarycontrol.debian.net/cache/unstable/bacula-common/preinst
which does not invoke systemd-tmpfiles.
I wonder whats really happening. Is dpkg invoking the new postinst
(at postinst time), but putting "pre-installation" into
Hi,
Happened to come across this bug.
On Sat, 12 Jul 2025 15:38:41 +0100 Mark Hindley wrote:
+ # Remove any timestamp to force regeneration of all scripts.
+ rm -f /var/tmp/${DPKG_MAINTSCRIPT_PACKAGE}.stamp
This is a very predictable path. Normally those have security concerns
a
On Wed, 16 Jul 2025 17:43:59 +0200 Paul Gevers wrote:
Hi,
Thanks for all working on this.
On 13-07-2025 21:37, Niels Thykier wrote:
> My recommendation is to:
>
> 1) Patch `libexpat1` to use `Pre-Depends: ${shlibs:Depends}`. It only
> has a single dependency on amd64 (libc), so it sho
On Sat, Jul 19, 2025 at 10:10:22AM +0200, Lucas Nussbaum wrote:
> The error is:
> > Preparing to unpack .../bacula-common_15.0.3-3_amd64.deb ...
> > dpkg: error processing archive
> > /var/cache/apt/archives/bacula-common_15.0.3-3_amd64.deb (--unpack):
> > new bacula-common package pre-installati
Package: python3-minimal,dh-python
Severity: serious
X-Debbugs-Cc: ni...@thykier.net
Tags: trixie-ignore
Hi,
Per https://bugs.debian.org/1108934#27, I am opening this RC bug that is
immediately marked trixie-ignore with the backing of the release team.
As I concluded in #1108934: The `prerm`
Package: bacula-director-sqlite3
Version: 15.0.3-3
Severity: serious
Hi,
The following fails:
- In bookworm, install bacula-director-sqlite3
- dist-upgrade to trixie
MWE:
PKG=bacula-director-sqlite3; mmdebstrap --chrooted-customize-hook="set -x ; apt
-y install $PKG && sed -e s/bookworm/trixie
Your message dated Sat, 19 Jul 2025 07:24:00 +
with message-id <1dce49968aa15f5d2fa090669350f1a97b7509e6.ca...@debian.org>
and subject line Re: snapd: autopkgtest regression: error: nothing matches
provider filter
has caused the Debian Bug report #1108759,
regarding snapd: autopkgtest regressi
Your message dated Sat, 19 Jul 2025 07:23:52 +
with message-id
and subject line Re: snapd: statically linked against glibc without a
Built-Using: field
has caused the Debian Bug report #1106808,
regarding snapd: statically linked against glibc without a Built-Using: field
to be marked as done
53 matches
Mail list logo
