Queue Overview for "proposed-updates"

Removals

List of missing builds
List of missing packages relative to security archive

Resolution Pending (16 uploads for 16 packages)

Package Version Version Problems Installability Problems Architectures Action
brltty 5.6-10+deb10u1 Installability problems Built: source ?

µdebs: present

Lintian issues: source

chromium 80.0.3987.162-1~deb10u1 Installability problems Built: allamd64arm64armhfi386source Ok

DSA: 4654

CVEs referenced: CVE-2020-6450 CVE-2020-6451 CVE-2020-6452

Binary debdiffs: amd64arm64armhfi386

Lintian issues: allamd64arm64armhfi386

el-api 3.0.0-2+deb10u1 Installability problems Built: source Ok

Reason: fix stretch to buster upgrades that involve Tomcat 8

Request: 955508

firefox-esr 68.7.0esr-1~deb10u1 Version problems testing (68.6.0esr-1) Installability problems Built: allamd64arm64armhfi386mipsmips64elmipselppc64els390xsource ?

DSA: 4655

CVEs referenced: CVE-2020-6821 CVE-2020-6822 CVE-2020-6825

Lintian issues: allamd64arm64armhfi386mipsmips64elmipselppc64els390xsource

horizon 3:14.0.2-3+deb10u1 Installability problems Built: source More info needed

Reason: fix change of WEBROOT

Request: 945592

Queries on changes; could also do with better description
         
jsp-api 2.3.4-2+deb10u1 Installability problems Built: source Ok

Reason: fix stretch to buster upgrades that involve Tomcat 8

Request: 955510

libvncserver 0.9.11+dfsg-1.3+deb10u3 Installability problems Built: amd64source Ok

Reason: fix heap overflow [CVE-2019-15690]

Request: 955395

Closes: 954163

CVEs referenced: CVE-2019-15690

lwip 2.0.3-3+deb10u1 Installability problems Built: allamd64source Ok

Reason: security fix [CVE-2020-8597]

Request: 954404

CVEs referenced: CVE-2020-8597

mailutils 1:3.5-4 Installability problems Built: source More info needed

Reason: maidag: drop setuid privileges for all delivery operations but mda [CVE-2019-18862]

Closes: 944265

CVEs referenced: CVE-2019-18862

Awaiting fix in unstable (and potential version change)
         
oar 2.5.8-1+deb10u1 Installability problems Built: source Ok

Reason: revert to stretch behavior for Storable::dclone perl function, fixing recursion depth issues

Request: 942520

Closes: 942467

octavia 3.0.0-3+deb10u1 Installability problems Built: source More info needed

Reason: some changes need further discussion; too late for 10.2

Request: 941901

Closes: 941897

CVEs referenced: CVE-2019-17134

php7.3 7.3.14-1~deb10u1 Installability problems Built: allamd64armelarmhfi386mipsmips64elmipselppc64els390xsource Missing: arm64 Ok

DSA: 4626

resource-agents 1:4.2.0-2+deb10u1 Installability problems Built: source Ok

Reason: fix "ethmonitor does not list interfaces without assigned IP address"; remove no longer required xen-toolstack patch; fix non-standard usage in ZFS agent

Request: 933839

Closes: 927311 933398

samba 2:4.9.5+dfsg-5+deb10u1 Installability problems Built: allsource Missing: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x Ok

DSA: 4513

CVEs referenced: CVE-2019-10197

tinyproxy 1.10.0-2+deb10u1 Installability problems Built: allamd64source Ok

Reason: only set PIDDIR, if PIDFILE is a non-zero length string

Request: 955410

Closes: 948283

websocket-api 1.1-1+deb10u1 Installability problems Built: source Ok

Reason: fix stretch to buster upgrades that involve Tomcat 8

Request: 955509

Pending Processing (0 uploads for 0 packages)

Processed (74 uploads for 67 packages)

Package Version Version Problems Installability Problems Action
apt-cacher-ng 3.2.1-1 Installability problems ACCEPTED

Reason: enforce secured call to the server in maint job triggering [CVE-2020-5202]; allow .zst compression for tarballs; incrase size of the decompression line buffer for config file reading

Request: 948786

Closes: 948259

CVEs referenced: CVE-2020-5202

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

backuppc 3.3.2-2+deb10u1 Installability problems ACCEPTED

Reason: pass the username to start-stop-daemon when reloading, preventing reload failures

Request: 952586

Closes: 944611

bluez 5.50-1.2~deb10u1 Installability problems ACCEPTED

DSA: 4647

Closes: 953770

CVEs referenced: CVE-2020-0556

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

checkstyle 8.15-1+deb10u1 Installability problems ACCEPTED

Reason: fix XML External Entity injection issue [CVE-2019-9658 CVE-2019-10782]

Request: 954862

Closes: 924598

CVEs referenced: CVE-2019-10782 CVE-2019-9658

Binary debdiffs: all

Lintian issues: source

chromium 80.0.3987.149-1~deb10u1 Installability problems ACCEPTED

DSA: 4645

CVEs referenced: CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449

Binary debdiffs: amd64arm64armhfi386

Lintian issues: allamd64arm64armhfi386source

chromium 80.0.3987.132-1~deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4638

CVEs referenced: CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417 CVE-2020-6418 CVE-2020-6420

Binary debdiffs: amd64arm64armhfi386

clamav 0.102.2+dfsg-0+deb10u1 Installability problems ACCEPTED

Reason: new upstream release [CVE-2020-3123]

Request: 951871

Closes: 950944 951057

CVEs referenced: CVE-2020-3123

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

Lintian issues: source

corosync 3.0.1-2+deb10u1 Installability problems ACCEPTED

Reason: totemsrp: Reduce MTU to avoid generating oversized packets

Request: 950478

Closes: 950476

curl 7.64.0-4+deb10u1 Installability problems ACCEPTED

DSA: 4633

Closes: 940009 940010

CVEs referenced: CVE-2019-5481 CVE-2019-5482

Lintian issues: allamd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

dojo 1.14.2+dfsg1-1+deb10u1 Installability problems ACCEPTED

Reason: fix improper regular expression usage [CVE-2019-10785]

Request: 952785

Closes: 952771

CVEs referenced: CVE-2019-10785

Binary debdiffs: all

dpdk 18.11.6-1~deb10u1 Installability problems ACCEPTED

Reason: new upstream stable release

Binary debdiffs: amd64arm64armhfi386ppc64el

Lintian issues: amd64arm64armhfi386ppc64el

dtv-scan-tables 0+git20190925.6d01903-0.1~deb10u1 Installability problems ACCEPTED

Reason: new upstream snapshot; add all current German DVB-T2 muxes and the Eutelsat-5-West-A satellite

Request: 949891

Closes: 901842 940936

Binary debdiffs: all

evince 3.30.2-3+deb10u1 Installability problems ACCEPTED

DSA: 4624

Closes: 927820

CVEs referenced: CVE-2019-11459

firefox-esr 68.6.1esr-1~deb10u1 Version problems testing (68.6.0esr-1) Installability problems ACCEPTED

DSA: 4653

CVEs referenced: CVE-2020-6819 CVE-2020-6820

Lintian issues: allamd64arm64armhfi386mipsmips64elmipselppc64els390xsource

firefox-esr 68.6.0esr-1~deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4639

CVEs referenced: CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814

Lintian issues: armhfi386mipsmipsel

firefox-esr 68.5.0esr-1~deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4620

CVEs referenced: CVE-2020-6796 CVE-2020-6798 CVE-2020-6800

Lintian issues: armhfi386mipsmipsel

gnutls28 3.6.7-4+deb10u3 Installability problems REJECTED_PERMANENTLY: ncbi-tools6/6.1.20170106+dfsg1-0+deb10u2 [arm64] ACCEPTED

DSA: 4652

Closes: 955556

CVEs referenced: CVE-2020-11501

golang-github-prometheus-common 0+git20181119.b36ad28-1+deb10u1 Installability problems ACCEPTED

Reason: extend validity of test certificates

Request: 949897

Closes: 949189

Binary debdiffs: all

graphicsmagick 1.4~hg15978-1+deb10u1 Installability problems ACCEPTED

DSA: 4640

CVEs referenced: CVE-2019-19950 CVE-2019-19951 CVE-2019-19953

haproxy 1.8.19-1+deb10u2 Installability problems ACCEPTED

DSA: 4649

CVEs referenced: CVE-2020-11100

Lintian issues: source

hbci4java 3.1.29+dfsg-1+deb10u1 Installability problems ACCEPTED

Reason: support EU directive on payment services (PSD2)

Request: 943889

Binary debdiffs: all

hibiscus 2.8.21+dfsg-1+deb10u1 Installability problems ACCEPTED

Reason: support EU directive on payment services (PSD2)

Request: 943889

Closes: 946794

Binary debdiffs: all

icu 63.1-6+deb10u1 Installability problems ACCEPTED

DSA: 4646

Closes: 953747

CVEs referenced: CVE-2020-10531

Lintian issues: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

iputils 3:20180629-2+deb10u1 Installability problems ACCEPTED

Reason: correct an issue in which ping would improperly exit with a failure code when there were untried addresses still available in the getaddrinfo() library call return value

Request: 948855

Closes: 947921

ircd-hybrid 1:8.2.24+dfsg.1-1+deb10u1 Installability problems ACCEPTED

Reason: use dhparam.pem to avoid segfault on startup

Request: 939120

Closes: 932774

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

lemonldap-ng 2.0.2+ds-7+deb10u3 Installability problems ACCEPTED

Reason: prevent unwanted access to admin endpoints [CVE-2019-19791]; fix the GrantSession plugin which could not prohibit logon when a 2FA was used; fix arbitrary redirects with OIDC if redirect_uri was not used

Request: 949702

CVEs referenced: CVE-2019-19791

libexif 0.6.21-5.1+deb10u1 Installability problems ACCEPTED

DSA: 4618

Closes: 945948

CVEs referenced: CVE-2019-9278

libpam-krb5 4.8-2+deb10u1 Version problems testing (4.8-2) Installability problems ACCEPTED

DSA: 4648

CVEs referenced: CVE-2020-10595

libreoffice 1:6.1.5-3+deb10u6 Installability problems ACCEPTED

Reason: fix opengl slide transitions

Request: 950918

Closes: 917927

Binary debdiffs: allamd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

libxmlrpc3-java 3.1.3-9+deb10u1 Installability problems ACCEPTED

DSA: 4619

Closes: 949089

CVEs referenced: CVE-2019-17570

Binary debdiffs: all

Lintian issues: all

manila 1:7.0.0-1+deb10u1 Installability problems ACCEPTED

Reason: fix misisng access permissions check [CVE-2020-9543]

Request: 954269

Closes: 953581

CVEs referenced: CVE-2020-9543

Binary debdiffs: all

Lintian issues: all

mediawiki 1:1.31.7-1~deb10u1 Installability problems ACCEPTED

DSA: 4651

CVEs referenced: CVE-2020-10960

Lintian issues: all

mew 1:6.8-4+deb10u1 Installability problems ACCEPTED

Reason: fix server SSL certificate validity checking

Request: 950546

Closes: 950411

mew-beta 7.0.50~6.8+0.20190228-1+deb10u1 Installability problems ACCEPTED

Reason: fix server SSL certificate validity checking

Request: 950547

Closes: 950412

ncbi-blast+ 2.8.1-1+deb10u1 Installability problems ACCEPTED

Reason: disable SSE4.2 support

Request: 952414

Closes: 951280

Binary debdiffs: allamd64arm64

network-manager-ssh 1.2.10-1+deb10u1 Installability problems ACCEPTED

DSA: 4637

CVEs referenced: CVE-2020-9355

node-dot 1.1.1-1+deb10u1 Installability problems ACCEPTED

Reason: prevent code execution after prototype pollution [CVE-2020-8141]

Request: 954398

CVEs referenced: CVE-2020-8141

node-dot-prop 4.1.1-1+deb10u1 Installability problems ACCEPTED

Reason: fix prototype pollution [CVE-2020-8116]

Request: 950773

CVEs referenced: CVE-2020-8116

node-handlebars 3:4.1.0-1+deb10u1 Installability problems REJECTED_PERMANENTLY: node-markdown-it-html5-embed/1.0.0+ds-2 [amd64] node-markdown-it-html5-embed/1.0.0+ds-2 [arm64] node-markdown-it-html5-embed/1.0.0+ds-2 [ppc64el] ACCEPTED

Reason: disallow calling "helperMissing" and "blockHelperMissing" directly [CVE-2019-19919]

Request: 947758

CVEs referenced: CVE-2019-19919

CI: the maintainer wants to look into it and deferred it from the point release
         
node-knockout 3.4.2-2+deb10u1 Installability problems ACCEPTED

Reason: fix escaping with older Internet Explorer versions [CVE-2019-14862]

Request: 954985

Closes: 943560

CVEs referenced: CVE-2019-14862

node-yargs-parser 11.1.1-1+deb10u1 Installability problems ACCEPTED

Reason: fix prototype pollution [CVE-2020-7608]

Request: 954835

CVEs referenced: CVE-2020-7608

nvidia-settings-legacy-340xx 340.108-1~deb10u1 Installability problems ACCEPTED

Reason: new upstream release

Request: 950765

Lintian issues: source

opensmtpd 6.0.3p1-5+deb10u4 Installability problems ACCEPTED

DSA: 4634

Closes: 952453

CVEs referenced: CVE-2020-8794

openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2 Installability problems ACCEPTED

Reason: fix vswitchd abort when a port is added and the controller is down

Request: 953246

Lintian issues: mips

pillow 5.4.1-2+deb10u1 Installability problems ACCEPTED

DSA: 4631

CVEs referenced: CVE-2019-16865 CVE-2019-19911 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313

postfix 3.4.10-0+deb10u1 Installability problems ACCEPTED

Reason: fix panic with Postfix multi-Milter configuration during MAIL FROM

Request: 954073

Lintian issues: allamd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

postfix 3.4.9-0+10debu1 Installability problems ACCEPTED

This upload was superseded by a more current one.

Reason: new upstream stable release; fix d/init.d running change so it works with multi-instance again

Request: 951563

Closes: 920356 944922

postgresql-11 11.7-0+deb10u1 Installability problems ACCEPTED

DSA: 4623

CVEs referenced: CVE-2020-1720

Binary debdiffs: all

CI: elbrus checking 2020-02-20; suspect flaky on arm64; astrisk doesn't seem flaky (retrying anyways)
         
ppp 2.4.7-2+4.1+deb10u1 Version problems testing (2.4.7-2+4.1) ppp/testing [amd64] (2.4.7-2+4.1+b1) ppp-udeb/testing [amd64] (2.4.7-2+4.1+b1) Installability problems ACCEPTED

DSA: 4632

µdebs: present

Closes: 950618

CVEs referenced: CVE-2020-8597

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

proftpd-dfsg 1.3.6-4+deb10u4 Installability problems ACCEPTED

DSA: 4635

Closes: 951800

CVEs referenced: CVE-2020-9273

puma 3.12.0-2+deb10u1 Installability problems ACCEPTED

Reason: fix Denial of Service issue [CVE-2019-16770]

Request: 950795

Closes: 946312

CVEs referenced: CVE-2019-16770

python-bleach 3.1.2-0+deb10u1 Installability problems ACCEPTED

DSA: 4643

Closes: 954236

CVEs referenced: CVE-2020-6816

Binary debdiffs: all

python-bleach 3.1.1-0+deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4636

Closes: 951907

CVEs referenced: CVE-2020-6802

Binary debdiffs: all

python-django 1:1.11.28-1~deb10u1 Installability problems ACCEPTED

DSA: 4629

Closes: 950581

CVEs referenced: CVE-2020-7471

Binary debdiffs: all

python-pysaml2 4.5.0-4+deb10u1 Installability problems ACCEPTED

DSA: 4630

Closes: 949227 949322

CVEs referenced: CVE-2020-5390

Binary debdiffs: all

qbittorrent 4.1.5-1+deb10u1 Installability problems ACCEPTED

DSA: 4650

Closes: 932539

CVEs referenced: CVE-2019-13640

qemu 1:3.1+dfsg-8+deb10u4 Installability problems REJECTED_PERMANENTLY: systemd/241-7~deb10u3 [arm64] ACCEPTED

DSA: 4616

Closes: 939869 946210 949731

CVEs referenced: CVE-2019-15890 CVE-2020-1711 CVE-2020-7039

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 Installability problems c-i running: marble/4:17.08.3-3.2 [ppc64el] ACCEPTED

DSA: 4617

CVEs referenced: CVE-2020-0569 CVE-2020-0570

CI: bluez-qt looks flaky on arm64
         
rails 2:5.2.2.1+dfsg-1+deb10u1 Installability problems ACCEPTED

Reason: fix possible cross-site scripting via Javascript escape helper [CVE-2020-5267]

Request: 954714

Closes: 954304

CVEs referenced: CVE-2020-5267

rake 12.3.1-3+deb10u1 Installability problems ACCEPTED

Reason: fix command injection vulnerability [CVE-2020-8130]

Request: 953124

CVEs referenced: CVE-2020-8130

raspi3-firmware 1.20190215-1+deb10u3 Installability problems ACCEPTED

Reason: fix dtb names mismatch in z50-raspi-firmware; fix boot on RPi families 1 and 0

Request: 953737

Closes: 939727

rootskel 1.131+10u1 Installability problems ACCEPTED

Reason: disable multiple console support if preseeding is in use

Request: 951146

µdebs: only

Closes: 932416 940028

rubygems-integration 1.11+deb10u1 Installability problems ACCEPTED

Reason: avoid deprecation warnings when users install a newer version of Rubygems via `gem update --system`

Request: 950655

serverspec-runner 1.2.2-1+deb10u1 Installability problems ACCEPTED

Reason: support Ruby 2.5

Request: 953005

Closes: 939645

softflowd 0.9.9-5+deb10u1 Installability problems ACCEPTED

Reason: fix broken flow aggregation which might result in flow table overflow and 100% CPU usage

Request: 951399

sssd 1.16.3-3.2 Installability problems ACCEPTED

Reason: fix sssd_be busy-looping when LDAP connection is intermittent

Request: 951769

Closes: 946847

thunderbird 1:68.6.0-1~deb10u1 Version problems testing (1:68.5.0-1) thunderbird/testing [amd64] (1:68.5.0-1+b1) thunderbird/testing [arm64] (1:68.5.0-1+b1) thunderbird/testing [i386] (1:68.5.0-1+b1) thunderbird/testing [mips64el] (1:68.5.0-1+b1) thunderbird/testing [ppc64el] (1:68.5.0-1+b1) thunderbird/testing [s390x] (1:68.5.0-1+b1) Installability problems ACCEPTED

Missing builds: armel armhf

DSA: 4642

Lintian issues: allamd64arm64i386mips64elppc64els390x

thunderbird 1:68.5.0-1~deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4625

Closes: 891848

Lintian issues: allamd64arm64i386mips64elppc64els390x

timeshift 19.01+ds-2+deb10u1 Installability problems ACCEPTED

Reason: fix predictable temporary directory use [CVE-2020-10174]

Request: 954001

Closes: 952685 953385

CVEs referenced: CVE-2020-10174

Binary debdiffs: amd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

tor 0.3.5.10-1 Installability problems ACCEPTED

DSA: 4644

CVEs referenced: CVE-2020-10592

Binary debdiffs: allamd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

user-mode-linux 4.19-1um-1+deb10u1 Installability problems ACCEPTED

Reason: fix build failure with current stable kernels

Request: 952441

Closes: 951329

Binary debdiffs: amd64i386

Lintian issues: amd64i386

webkit2gtk 2.26.4-1~deb10u2 Installability problems ACCEPTED

DSA: 4641

CVEs referenced: CVE-2020-10018

Binary debdiffs: allamd64arm64armelarmhfi386mipsmips64elmipselppc64els390x

Lintian issues: mipsmips64elmipselsource

webkit2gtk 2.26.4-1~deb10u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 4627

Binary debdiffs: allamd64arm64armelarmhfmipsmips64elmipselppc64els390x

Lintian issues: mipsmips64elmipsel

xtrlock 2.8+deb10u1 Installability problems ACCEPTED

Reason: fix blocking of (some) multitouch devices while locked [CVE-2016-10894]

Missing builds: amd64

Request: 949113

Closes: 830726

CVEs referenced: CVE-2016-10894

Binary debdiffs: arm64armelarmhfi386mipsmips64elmipselppc64els390x