apache2 (2.4.38-3) unstable; urgency=high . [ Marc Deslauriers ] * SECURITY UPDATE: read-after-free on a string compare in mod_http2 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and request method in modules/http2/h2_request.c. - CVE-2019-0196 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_ssl access control bypass - debian/patches/CVE-2019-0215.patch: restore SSL verify state after PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c. - CVE-2019-0215 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 . [ Stefan Fritsch ] * Pull security fixes from 2.4.39 via Ubuntu * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade ca-certificates-java (20190405) unstable; urgency=medium . * Team upload. * Support Java 12-17 (Closes: #925431) cairocffi (0.7.2-2.2) unstable; urgency=medium . * Non-maintainer upload. * Revert changes from previous NMU: - Remove Build-Depends and Recommends on xcffib, which is not in buster (Closes: #918277, Reopens: #861680) - Disable failing xcb tests (Closes: #868872) * Backport upstream patch to fix tests for Cairo 1.15.12 ceph (12.2.11+dfsg1-2.1) unstable; urgency=medium . * Non-maintainer upload. * [3194010] Install ceph-volume@.service into ceph-osd. (Closes: #924061) debian-timeline (42) unstable; urgency=medium . * Team upload. . [ Boyuan Yang ] * debian/links: Removed, useless file. . [ Birger Schacht ] * Various updates to events: + Bug Squashing Parties from 2019-01-25 to 2019-04-07. + Debian Installer releases from Jessie RC 1 to Buster Alpha 5. + Debian Bug milestonts for 920000. + SnowCamp 2019 in Laveno, Italy (2019-02). + Mini Debconf in Marseille, France (2019-05). + Debian Policy 4.3.0.2 and 4.3.0.3. + DebConf Video team sprint (2019-02). + Debian Med 2019 Sprint (2019-03). + Debian Web Team Sprint (2019-03). + Mini Debconf in Hamburg, Germany (2019-06). + DPL 2019 Electrons (2019-03). . [ Donald Norwood ] * Add Debian 9.7 and Debian 9.8 release events. java-atk-wrapper (0.33.3-22) unstable; urgency=medium . * patches/remove_component_listener: Fix memory leak (Closes: Bug#926420) node-deep-extend (0.4.1-2) unstable; urgency=medium . * Team upload * Add patch to prevent Object prototype pollution (Closes: #926616, CVE-2018-3750) * Enable upstream tests using pkg-js-tools * Fix VCS fields * Fix debian/copyright years * Add upstream/metadata * Change section to javascript pbgenomicconsensus (2.3.2-5) unstable; urgency=medium . * Team upload. * Fix autopkgtest dependencies Closes: #925909 pbgenomicconsensus (2.3.2-4) unstable; urgency=medium . * Fix dependencies Closes: #925909 * unset GZIP in autopkgtest pbgenomicconsensus (2.3.2-3) unstable; urgency=medium . * Really fix autopkgtest pbgenomicconsensus (2.3.2-2) unstable; urgency=medium . [ Afif Elghraoui ] * Remove myself from Uploaders . [ Andreas Tille ] * Add myself to Uploaders * python-pbgenomicconsensus Depends: python-pbconsensuscore * Test Depends: poa * Ignore some warnings which are breaking test results, remove tests that are based on non-existing input data * Move exclusion of tests to upstream Makefile via patch rather than in d/rules. This is needed to run autopkgtest successfully Closes: #925909 ruby-hangouts-chat (0.0.5-2) unstable; urgency=medium . * Team upload * Add patch to avoid internet (Closes: #926247) samba (2:4.9.5+dfsg-3) unstable; urgency=high . * This is a security release in order to address the following defects: - CVE-2019-3870 pysmbd:missing restoration of original umask after umask(0) - CVE-2019-3880 Save registry file outside share as unprivileged user * samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9) (Closes: #910242) torsocks (2.3.0-2) unstable; urgency=medium . [ intrigeri & Sandro Knauß ] * Cherry-pick patch from upstream Git, to fix Totem crashing when run under torsocks, by adding support for the getdents and getdents64 syscalls. (Closes: Tails#16618, which would be severity: important in a Debian context.) . [ Ulrike Uhlig ] * Update package description: don't make safety promises that upstream prefers not to. (Closes: #870763) virt-viewer (7.0-2) unstable; urgency=medium . [ Andreas Beckmann ] * [b6ce527] Remove obsolete /usr/bin/spice-xpi-client alternative on upgrades. (Closes: #915030) . [ Guido Günther ] * [1a38fe4] Drop useless autotools-dev build-dep