adms (2.3.6-2) unstable; urgency=high . * debian/rules: - Add '--no-parallel' since it is not safe (Closes: #924822) apt-cacher (1.7.20.1) unstable; urgency=medium . * Avoid unnecessary dpkg prompting when upgrading from lenny/squeeze (closes: #905178). chromium (73.0.3683.75-1) unstable; urgency=medium . * New upstream stable release. - CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin - CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand - CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand - CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny - CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han - CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5793: Excessive permissions for private API in Extensions. Reported by Jun Kokatsu - CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori - CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand - CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand - CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung - CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt - CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu - CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing - CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew Comminos chromium (73.0.3683.56-2) experimental; urgency=medium . * Fix build failure on armhf. chromium (73.0.3683.56-1) experimental; urgency=medium . * New upstream beta release. chromium (73.0.3683.39-1) experimental; urgency=medium . * New upstream beta release. chromium (72.0.3626.122-1) unstable; urgency=medium . * New upstream stable release. chromium (72.0.3626.121-1) unstable; urgency=medium . * New upstream stable release. - CVE-2019-5786: Use-after-free in FileReader diffoscope (113) unstable; urgency=medium . * Replace over 8 MB of Android boot ROM test suite fixtures with 14 KB equivalents. (Closes: #894334, reproducible-builds/diffoscope#13) * Compare .asc PGP signatures as text, not as a hexdump. (Closes: #908991, reproducible-builds/diffoscope#7) * Improve the displayed comment when falling back to a binary diff to include the file type. (Closes: reproducible-builds/diffoscope#49) * Explicitly mention when the guestfs module is missing at runtime and we are falling back to a binary diff. (Closes: reproducible-builds/diffoscope#45) * Provide explicit help when the libarchive system package is missing or "incomplete". (Closes: reproducible-builds/diffoscope#50) * Improve the --help outout: * Indent and wrap the list of supported file formats. * Include links to the diffoscope homepage and bug tracker. * Refer to the Debian package names when indicating how to obtain the tlsh and argcomplete modules. * Drop "DOS/MBR" source string test. * Correct a "recurse" typo. * Adopt the "black" source code formatter: - Add an initial configuration in a PEP 518 pyproject.toml file and update MANIFEST.in to include pyproject.toml in future release tarballs. - Run the formatter against the source. - Test that the source code satisfies the formatter. netlib-java (0.9.3-6) unstable; urgency=medium . * Drop /build/netlib-java-0.9.3 from URLs netlib-java (0.9.3-5) unstable; urgency=medium . * Fix URLClassLoader Closes: #923759 octave-fits (1.0.7-3) unstable; urgency=medium . * Team upload * Add missing Build-Depends on pkg-config (Closes: #925618) python-bottle (0.12.15-2) unstable; urgency=medium . * Update tox dependency (Closes: #924836) ruby2.5 (2.5.5-1) unstable; urgency=medium . * New upstream version 2.5.5. Includes a series of bug fixes, most notably for 6 security bugs discovered in Rubygems: - CVE-2019-8320: Delete directory using symlink when decompressing tar - CVE-2019-8321: Escape sequence injection vulnerability in verbose - CVE-2019-8322: Escape sequence injection vulnerability in gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution - CVE-2019-8325: Escape sequence injection vulnerability in errors * Rebase patches. The following patches were applied upstream and dropped from the Debian package: - 0011-Update-for-tzdata-2018f.patch - 0012-test-update-test-certificate.patch squid-deb-proxy (0.8.14+nmu2) unstable; urgency=medium . * Non-maintainer upload. * move /etc/apt/conf.d/30autoproxy to under /usr/share/squid-deb-proxy-client and make symlink to it, to avoid package fetch failure after removed its package (Closes: #867682)