Queue Overview for "proposed-updates"

TODO items

Removals

List of missing builds
List of missing packages relative to security archive

Resolution Pending (12 uploads for 12 packages)

Package Version Version Problems Installability Problems Architectures Action
ansible-core 2.14.18-0+deb12u1 Installability problems Built: source ?

Closes: 1082851

CVEs referenced: CVE-2024-11079 CVE-2024-8775 CVE-2024-9902

chromium 131.0.6778.204-1~deb12u1 Version problems testing (131.0.6778.139-1) Installability problems Built: allamd64arm64armhfi386source Missing: ppc64el ?

DSA: 5834

CVEs referenced: CVE-2024-12692 CVE-2024-12693 CVE-2024-12694 CVE-2024-12695

Binary debdiffs: arm64

Lintian issues: amd64arm64armhfi386source

containerd 1.6.20~ds1-1+b2 Installability problems Built: amd64armeli386mips64elmipsel More info needed

Distribution mismatch: bookworm, sid

Reason: some builds fail (#1070411)

Binary debdiffs: amd64armeli386mips64elmipsel

debian-security-support 1:12+2024.12.22 Installability problems Built: source ?

Closes: 1057343 1079693 1082885 1087718

geoclue-2.0 2.6.0-2+deb12u1 Installability problems Built: source ?

Closes: 1074427

golang-github-containers-buildah 1.28.2+ds1-3+b3 Installability problems Built: amd64armeli386mips64elppc64els390x More info needed

Reason: some builds fail (#1072147)

Binary debdiffs: amd64armeli386mips64elppc64els390x

gunicorn 20.1.0-6+deb12u1 Installability problems Built: source ?

Closes: 1069126

CVEs referenced: CVE-2024-1135

pypy3 7.3.11+dfsg-2+deb12u3 Installability problems Built: source ?

CVEs referenced: CVE-2023-27043 CVE-2024-11168 CVE-2024-4032 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8088 CVE-2024-9287

thunderbird 1:128.5.0esr-1~deb12u1 Installability problems Built: allamd64arm64ppc64elsource Missing: i386mips64els390x Ok

DSA: 5821

ucf 3.0043+nmu1+deb12u1 Installability problems Built: source ?

Closes: 1089015

xen 4.17.5-1~deb12u1 Version problems testing (4.17.3+36-g54dacb5c02-1) Installability problems Built: source More info needed

Reason: new upstream stable release

CVEs referenced: CVE-2023-28746 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146

Newer than unstable
         
zookeeper 3.8.0-11+deb12u2 Installability problems Built: source ?

Closes: 1066947

CVEs referenced: CVE-2024-23944

Pending Processing (0 uploads for 0 packages)

Processed (79 uploads for 68 packages)

Package Version Version Problems Installability Problems Action
allow-html-temp 10.0.4-1~deb12u1 Installability problems all ACCEPTED

Reason: update for Thunderbird 128 compatibility

Request: 1082118

Binary debdiffs: all

Lintian issues: source

Lock-step with TB128
         
bochs 2.7+dfsg-4+deb12u1 Installability problems ACCEPTED

Reason: build BIOS images for 386 CPUs

Request: 1086347

Closes: 1082917

ceph 16.2.15+ds-0+deb12u1 Installability problems ACCEPTED

DSA: 5825

Closes: 1088993

CVEs referenced: CVE-2022-3650 CVE-2023-43040 CVE-2024-48916

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: amd64arm64armelarmhfi386mips64elmipselppc64els390xsource

chromium 131.0.6778.139-1~deb12u1 Installability problems ACCEPTED

DSA: 5829

CVEs referenced: CVE-2024-12381 CVE-2024-12382

Binary debdiffs: amd64arm64armhfi386ppc64el

Lintian issues: amd64arm64armhfi386ppc64elsource

chromium 131.0.6778.108-1~deb12u1 Installability problems amd64 arm64 armhf i386 ppc64el ACCEPTED

This upload was superseded by a more current one.

DSA: 5824

Closes: 1088162 1088974

CVEs referenced: CVE-2024-12053

Binary debdiffs: amd64arm64armhfi386ppc64el

Lintian issues: amd64arm64armhfi386ppc64el

chromium 131.0.6778.85-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5817

CVEs referenced: CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113 CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117 CVE-2024-11395

Binary debdiffs: amd64arm64armhfi386ppc64el

Lintian issues: amd64arm64armhfi386ppc64el

chromium 130.0.6723.116-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5810

CVEs referenced: CVE-2024-10826 CVE-2024-10827

criu 3.17.1-2+deb12u1 Installability problems ACCEPTED

Reason: dynamically handle different libc at runtime than compilation time

Missing builds: armhf

Request: 1087931

Closes: 1081683

Binary debdiffs: amd64arm64ppc64els390x

dpdk 22.11.7-1~deb12u1 Installability problems ACCEPTED

DSA: 5833

CVEs referenced: CVE-2024-11614

Binary debdiffs: amd64arm64i386ppc64el

eas4tbsync 4.11-1~deb12u1 Installability problems all ACCEPTED

Reason: update for Thunderbird 128 compatibility

Request: 1082086

Binary debdiffs: all

Lintian issues: source

Lock-step with TB128
         
firefox-esr 128.5.0esr-1~deb12u1 Installability problems ACCEPTED

Missing builds: mips64el

DSA: 5820

CVEs referenced: CVE-2024-11691 CVE-2024-11692 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11699

Lintian issues: armhfi386

firefox-esr 128.4.0esr-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5801

CVEs referenced: CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467

Lintian issues: armhfi386

ghostscript 10.0.0~dfsg-11+deb12u6 Installability problems ACCEPTED

DSA: 5808

CVEs referenced: CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956

glib2.0 2.74.6-2+deb12u5 Installability problems ACCEPTED

Reason: fix buffer overflow when configured to use a SOCKS4a proxy with a very long username [CVE-2024-52533]

Request: 1087658

µdebs: present

Closes: 1087419

CVEs referenced: CVE-2024-52533

gsl 2.7.1+dfsg-5+deb12u1 Installability problems ACCEPTED

Reason: fix buffer overflow calculating the quantile value [CVE-2020-35357]

Request: 1089299

Closes: 1052655

CVEs referenced: CVE-2020-35357

gst-plugins-base1.0 1.22.0-3+deb12u3 Installability problems ACCEPTED

DSA: 5831

CVEs referenced: CVE-2024-47538 CVE-2024-47541 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835

Lintian issues: source

gstreamer1.0 1.22.0-2+deb12u1 Installability problems ACCEPTED

DSA: 5832

CVEs referenced: CVE-2024-47606

Lintian issues: source

guix 1.4.0-3+deb12u2 Installability problems ACCEPTED

DSA: 5805

icinga2 2.13.6-2+deb12u2 Installability problems ACCEPTED

Reason: prevent TLS certificate bypass [CVE-2024-49369]

Request: 1087411

Closes: 1087384

CVEs referenced: CVE-2024-49369

intel-microcode 3.20241112.1~deb12u1 Installability problems ACCEPTED

Reason: new upstream security release [CVE-2024-21853 CVE-2024-23918 CVE-2024-24968 CVE-2024-23984]

Request: 1089279

Closes: 1086483

CVEs referenced: CVE-2024-21853 CVE-2024-23918 CVE-2024-23984 CVE-2024-24968

jinja2 3.1.2-1+deb12u1 Installability problems ACCEPTED

Reason: prevent HTML attribute injection [CVE-2024-22195 CVE-2024-34064]

Request: 1089556

Closes: 1060748 1070712

CVEs referenced: CVE-2024-22195 CVE-2024-34064

kexec-tools 1:2.0.25-3+deb12u2 Installability problems ACCEPTED

Reason: fix path for systemd units with merged /usr; drop depedencies no longer required

Request: 1086622

µdebs: present

Binary debdiffs: amd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: amd64arm64armelarmhfi386mips64elmipselppc64els390x

lemonldap-ng 2.16.1+ds-deb12u4 Installability problems ACCEPTED

Reason: fix privilege escalation when adaptive auth levels used [CVE-2024-52946]; fix XSS in upgrade plugin [CVE-2024-52947]

Request: 1087200

CVEs referenced: CVE-2024-52946 CVE-2024-52947

libarchive 3.6.2-1+deb12u2 Installability problems ACCEPTED

DSA: 5806

Closes: 1086155

CVEs referenced: CVE-2024-20696

libmodule-scandeps-perl 1.31-2+deb12u1 Installability problems ACCEPTED

DSA: 5816

CVEs referenced: CVE-2024-10224

libpgjava 42.5.5-0+deb12u1 Installability problems ACCEPTED

Reason: fix SQL injection issue [CVE-2024-1597]

Request: 1090757

CVEs referenced: CVE-2024-1597

Binary debdiffs: all

Lintian issues: all

libsoup2.4 2.74.3-1+deb12u1 Installability problems ACCEPTED

Reason: prevent HTTP request smuggling [CVE-2024-52530]; fix buffer overflow in soup_header_parse_param_list_strict [CVE-2024-52531]; fix DoS reading from WebSocket clients [CVE-2024-52532]

Request: 1089688

Closes: 1088812 1089238 1089240

CVEs referenced: CVE-2024-52530 CVE-2024-52531 CVE-2024-52532

linux 6.1.119-1 Installability problems ACCEPTED

DSA: 5818

µdebs: present

Closes: 1062421 1085762 1086447 1087602

CVEs referenced: CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553 CVE-2024-41080 CVE-2024-42322 CVE-2024-43904 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50267 CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290 CVE-2024-50296 CVE-2024-50299 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53072 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: amd64arm64armhfi386mips64elmipselppc64els390x

linux-signed-amd64 6.1.119+1 Installability problems amd64 ACCEPTED

DSA: 5818

µdebs: present

Closes: 1062421 1085762 1086447 1087602

CVEs referenced: CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553 CVE-2024-41080 CVE-2024-42322 CVE-2024-43904 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50267 CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290 CVE-2024-50296 CVE-2024-50299 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53072 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Binary debdiffs: amd64

Lintian issues: source

linux-signed-arm64 6.1.119+1 Installability problems arm64 ACCEPTED

DSA: 5818

µdebs: present

Closes: 1062421 1085762 1086447 1087602

CVEs referenced: CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553 CVE-2024-41080 CVE-2024-42322 CVE-2024-43904 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50267 CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290 CVE-2024-50296 CVE-2024-50299 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53072 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Binary debdiffs: arm64

Lintian issues: source

linux-signed-i386 6.1.119+1 Installability problems i386 ACCEPTED

DSA: 5818

µdebs: present

Closes: 1062421 1085762 1086447 1087602

CVEs referenced: CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553 CVE-2024-41080 CVE-2024-42322 CVE-2024-43904 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50267 CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290 CVE-2024-50296 CVE-2024-50299 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53072 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Binary debdiffs: i386

Lintian issues: source

live-boot 1:20230131+deb12u1 Installability problems ACCEPTED

Reason: attempt DHCP on all connected interfaces

Request: 1088638

Closes: 1069048

llvm-toolchain-19 1:19.1.4-1~deb12u1 Installability problems c-i failed: llvm-toolchain-19/1:19.1.4-1~deb12u1 [amd64] llvm-toolchain-19/1:19.1.4-1~deb12u1 [arm64] ACCEPTED

Reason: new source package, to support builds of chromium

Request: 1088699

Binary debdiffs: arm64-neededarmel-neededarmhf-neededi386-neededmips64el-neededmipsel-neededppc64el-neededs390x-needed

Lintian issues: allamd64arm64-neededarmel-neededarmhf-neededi386-neededmips64el-neededmipsel-neededppc64el-neededs390x-needed

mailmindr 1.7.1-1~deb12u1 Installability problems ACCEPTED

Reason: update for Thunderbird 128 compatibility

Request: 1082115

Binary debdiffs: all

Lintian issues: source

Lock-step with TB128
         
mariadb 1:10.11.9-0+deb12u1 Installability problems ACCEPTED

Reason: new upstream stable release; fix security issue [CVE-2024-21096]

Missing builds: s390x

Request: 1080370

CVEs referenced: CVE-2024-21096

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64el

Lintian issues: allsource

mpg123 1.31.2-1+deb12u1 Installability problems ACCEPTED

DSA: 5811

Closes: 1086443

CVEs referenced: CVE-2024-10573

needrestart 3.6-4+deb12u3 Installability problems ACCEPTED

DSA: 5815

Closes: 1087917 1087918 1087957 1087958 1088012 1088047

needrestart 3.6-4+deb12u2 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5815

CVEs referenced: CVE-2024-11003 CVE-2024-48990 CVE-2024-48991 CVE-2024-48992

Binary debdiffs: all

nfs-utils 1:2.6.2-4+deb12u1 Installability problems ACCEPTED

Reason: fix referrals when --enable-junction=no

Request: 1089700

Closes: 1035908 1083098

nss 2:3.87.1-1+deb12u1 Installability problems ACCEPTED

DSA: 5807

CVEs referenced: CVE-2024-0743 CVE-2024-6602 CVE-2024-6609

nvidia-graphics-drivers 535.216.01-1~deb12u1 Installability problems ACCEPTED

Reason: upstream stable release [CVE-2024-0126]

Request: 1087493

Closes: 1073744 1074350 1077841 1078424 1078425 1078462 1078489 1084844 1085968

CVEs referenced: CVE-2024-0126

Binary debdiffs: amd64arm64i386ppc64el

Lintian issues: amd64arm64i386ppc64elsource

nvidia-open-gpu-kernel-modules 535.216.01-1~deb12u1 Installability problems amd64 arm64 ACCEPTED

Reason: new upstream LTS release [CVE-2024-0126]

Request: 1087482

Closes: 1085976

CVEs referenced: CVE-2024-0126

Binary debdiffs: amd64arm64

Lintian issues: amd64arm64source

oar 2.5.9-1+deb12u1 Installability problems ACCEPTED

Reason: add missing dependency on libcgi-fast-perl; fix oar user creation on new installations; fix SVG functions with PHP 8

Request: 1068762

Closes: 1068444 1068711 1068713

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

openssh 1:9.2p1-2+deb12u4 Installability problems ACCEPTED

Reason: always use internal mkdtemp implementation; fix gssapi-keyex declaration; add ssh-gssapi automated test; don't prefer host-bound public key signatures if there was no initial host key; make sntrup761x25519-sha512 key exchange algorithm available without the @openssh.com suffix too

Request: 1088969

µdebs: present

Closes: 1001186 1041521 1064898 1088248 1088873

Binary debdiffs: amd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: source

pgtcl 1:3.0.0-1+deb12u1 Installability problems ACCEPTED

Reason: install library in default Tcl auto_path

Request: 1089599

Closes: 1089166

Binary debdiffs: amd64arm64armelarmhfi386mips64elmipselppc64els390x

php8.2 8.2.26-1~deb12u1 Installability problems ACCEPTED

DSA: 5819

CVEs referenced: CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-8929 CVE-2024-8932

Lintian issues: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

postgresql-15 15.10-0+deb12u1 Installability problems ACCEPTED

DSA: 5812

CVEs referenced: CVE-2024-10978

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: amd64arm64armelarmhfi386mips64elmipselppc64els390x

postgresql-15 15.9-0+deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5812

CVEs referenced: CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979

Binary debdiffs: allamd64arm64armelarmhfi386mips64elppc64els390x

Lintian issues: amd64arm64armelarmhfi386mips64elppc64els390x

proftpd-dfsg 1.3.8+dfsg-4+deb12u4 Installability problems ACCEPTED

DSA: 5827

Closes: 1082326

CVEs referenced: CVE-2024-48651

prometheus-node-exporter-collectors 0.0~git20230203.6f710f8-1+deb12u2 Installability problems ACCEPTED

Reason: reinstate missing `apt_package_cache_timestamp_seconds` metrics; fix apt_upgrades_pending and apt_upgrades_held metrics; improve heuristic for apt update last run time

Request: 1086879

Closes: 1077694

Lintian issues: all

python-aiohttp 3.8.4-1+deb12u1 Installability problems ACCEPTED

DSA: 5828

Closes: 1057163 1057164 1062709 1070364 1088109

CVEs referenced: CVE-2023-47627 CVE-2023-49081 CVE-2023-49082 CVE-2024-23334 CVE-2024-30251 CVE-2024-52304

python-django 3:3.2.19-1+deb12u2 Installability problems c-i failed: python-django-storages/1.13.2-1 [amd64] python-django-storages/1.13.2-1 [arm64] python-django-storages/1.13.2-1 [armel] python-django-storages/1.13.2-1 [armhf] python-django-storages/1.13.2-1 [i386] python-django-storages/1.13.2-1 [ppc64el] python-django-storages/1.13.2-1 [s390x] ACCEPTED

Reason: fix regular expression-based denial of service issue [CVE-2023-36053], denial of service issues [CVE-2024-38875 CVE-2024-39614 CVE-2024-41990 CVE-2024-41991], user enumeration issue [CVE-2024-39329], directory traversal issue [CVE-2024-39330], excessive memory consumption issue [CVE-2024-41989], SQL injection issue [CVE-2024-42005]

Request: 1079454

Closes: 1076069 1078074

CVEs referenced: CVE-2023-36053 CVE-2024-38875 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989 CVE-2024-41990 CVE-2024-41991 CVE-2024-42005

Binary debdiffs: all

Lintian issues: all

python-werkzeug 2.2.2-3+deb12u1 Installability problems ACCEPTED

Reason: fix denial of service when file upload begins with CR or LF [CVE-2023-46136]; fix arbitrary code execution on developer's machine via the debugger [CVE-2024-34069]; fix denial of service when processing multipart/form-data requests [CVE-2024-49767]

Request: 1089079

Closes: 1054553 1070711 1086062

CVEs referenced: CVE-2023-46136 CVE-2024-34069 CVE-2024-49767

python3.11 3.11.2-6+deb12u5 Installability problems ACCEPTED

Reason: reject malformed addresses in email.parseaddr() [CVE-2023-27043]; encode newlines in headers in the email module [CVE-2024-6923]; quadratic complexity parsing cookies with backslashes [CVE-2024-7592]; venv activation scripts did't quote paths [CVE-2024-9287]; urllib functions improperly validated bracketed hosts [CVE-2024-11168]

Request: 1089071

Closes: 1059298

CVEs referenced: CVE-2023-27043 CVE-2024-11168 CVE-2024-6923 CVE-2024-7592 CVE-2024-9287

Lintian issues: amd64arm64armelarmhfi386mips64elmipselppc64els390x

qemu 1:7.2+dfsg-7+deb12u9 Installability problems ACCEPTED

Reason: update to upstream bugfix release

Missing builds: arm64

Request: 1088273

Closes: 1053101 1087822

Binary debdiffs: amd64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: amd64s390x

qemu 1:7.2+dfsg-7+deb12u8 Installability problems ACCEPTED

This upload was superseded by a more current one.

Reason: new upstream bugfix release [CVE-2024-7409]

Request: 1086572

CVEs referenced: CVE-2024-7409

Binary debdiffs: amd64armelarmhfi386mips64elppc64els390x

Lintian issues: amd64

quicktext 5.16-1~deb12u1 Installability problems ACCEPTED

Reason: update for Thunderbird 128 compatibility

Request: 1082111

Binary debdiffs: all

Lintian issues: source

Lock-step with TB128
         
redis 5:7.0.15-1~deb12u2 Installability problems ACCEPTED

Reason: fix denial of service with malform ACL selectors [CVE-2024-31227]; fix denial of service through unbound pattern matching [CVE-2024-31228]; fix stack overflow [CVE-202431449]

Request: 1088709

Closes: 1084805

CVEs referenced: CVE-2024-31227 CVE-2024-31228 CVE-2024-31449

renderdoc 1.24+dfsg-1+deb12u1 Installability problems ACCEPTED

Reason: fix integer overflows [CVE-2023-33863 CVE-2023-33864]; fix symlink attack vector [CVE-2023-33865]

Request: 1089542

Closes: 1037208

CVEs referenced: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865

Lintian issues: amd64arm64armelarmhfi386

ruby-doorkeeper 5.5.0-2+deb12u1 Installability problems ACCEPTED

Reason: prevent skipping of authorization steps [CVE-2023-34246]

Request: 1089568

Closes: 1038950

CVEs referenced: CVE-2023-34246

Binary debdiffs: all

simplesamlphp 1.19.7-1+deb12u1 Version problems testing (1.19.7-1) Installability problems ACCEPTED

DSA: 5822

CVEs referenced: CVE-2024-52596

smarty3 3.1.47-2+deb12u1 Installability problems ACCEPTED

DSA: 5826

Closes: 1033964 1072530

CVEs referenced: CVE-2023-28447 CVE-2024-35226

smarty4 4.3.0-1+deb12u2 Installability problems ACCEPTED

DSA: 5830

Closes: 1072529

CVEs referenced: CVE-2024-35226

srt 1.5.1-1+deb12u1 Installability problems ACCEPTED

Reason: fix dependencies for consumers of the -dev packages

Request: 1087067

Closes: 1086751

Binary debdiffs: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

symfony 5.4.23+dfsg-1+deb12u4 Installability problems ACCEPTED

DSA: 5813

CVEs referenced: CVE-2024-50342 CVE-2024-51996

symfony 5.4.23+dfsg-1+deb12u3 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5809

CVEs referenced: CVE-2024-50340 CVE-2024-50342 CVE-2024-50343 CVE-2024-50345

systemd 252.33-1~deb12u1 Installability problems c-i failed: munin/2.0.73-1 [i386] ACCEPTED

Reason: new upstream stable release

Request: 1088790

µdebs: present

Binary debdiffs: amd64arm64armelarmhfi386mips64elmipselppc64els390x

Lintian issues: armel

systemd 252.32-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

Reason: new upstream stable release

Request: 1087654

µdebs: present

tango 9.3.4+dfsg1-2+deb12u1 Installability problems ACCEPTED

Reason: make the property_* tables compatible with MariaDB 10.11 at install time; add autopkgtest

Request: 1089157

Closes: 1062979

Binary debdiffs: all

Lintian issues: allamd64arm64armelarmhfi386mips64elmipselppc64els390x

tbsync 4.12-1~deb12u1 Installability problems all ACCEPTED

Reason: update for Thunderbird 128 compatibility

Request: 1082029

Binary debdiffs: all

Lintian issues: source

Lock-step with TB128
         
texlive-bin 2022.20220321.62855-5.1+deb12u2 Installability problems ACCEPTED

Reason: fix data loss when using discretionaries with priorities; fix heap buffer overflow [CVE-2024-25262]

Request: 1085395

Closes: 1041441

CVEs referenced: CVE-2024-25262

Lintian issues: armhf

thunderbird 1:128.4.3esr-1~deb12u1 Installability problems ACCEPTED

Missing builds: i386 mips64el s390x

DSA: 5814

Binary debdiffs: allamd64arm64ppc64el

Lintian issues: amd64arm64ppc64elsource

thunderbird 1:128.4.0esr-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5803

Binary debdiffs: allamd64arm64ppc64el

Lintian issues: amd64arm64ppc64el

tzdata 2024b-0+deb12u1 Installability problems ACCEPTED

Reason: new upstream release; improve historical data for some zones; confirm lack of leap second for 2024

Request: 1088145

Binary debdiffs: all

util-linux 2.38.1-5+deb12u3 Installability problems ACCEPTED

Reason: fix wider mitigation for CVE-2024-28085

Request: 1088008

µdebs: present

CVEs referenced: CVE-2024-28085

webkit2gtk 2.46.4-1~deb12u1 Installability problems ACCEPTED

Missing builds: mipsel

DSA: 5823

Binary debdiffs: amd64arm64armelarmhfi386mips64elppc64els390x

Lintian issues: mips64el

webkit2gtk 2.46.3-1~deb12u1 Installability problems ACCEPTED

This upload was superseded by a more current one.

DSA: 5804

Binary debdiffs: amd64arm64armelarmhfi386mips64elppc64els390x

Lintian issues: mips64el

xsane 0.999-12.1~deb12u1 Installability problems ACCEPTED

Reason: add Recommends for firefox-esr as well as firefox

Request: 1083004

Closes: 1076101

Binary debdiffs: amd64arm64armelarmhfi386mips64elmipselppc64els390x

zfs-linux 2.1.11-1+deb12u1 Installability problems ACCEPTED

Reason: add missing symbols in libzfs4linux and libzpool5linux; fix dnode dirty test [CVE-2023-49298]; fix sharenfx IPv6 address parsing [CVE-2013-20001]; fixes related to NULL pointer, memory allocation, etc.

Request: 1086617

Closes: 1056752 1063497

CVEs referenced: CVE-2013-20001 CVE-2023-49298

Lintian issues: allamd64arm64armelarmhfi386mips64elmipselppc64els390x