Debian Package Tracker

general

source: sympa (main)
version: 6.2.40~dfsg-4
maintainer: Debian Sympa team (DMD)
uploaders: Stefan Hornburg (Racke) [DMD] – Jonas Smedegaard [DMD] – Emmanuel Bouthenot [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 6.1.23~dfsg-2+deb8u1
o-o-sec: 6.1.23~dfsg-2+deb8u3
oldstable: 6.2.16~dfsg-3+deb9u2
old-sec: 6.2.16~dfsg-3+deb9u1
stable: 6.2.40~dfsg-1
testing: 6.2.40~dfsg-4
unstable: 6.2.40~dfsg-4

versioned links

6.1.23~dfsg-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.1.23~dfsg-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.16~dfsg-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.16~dfsg-3+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.40~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.2.40~dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

sympa (39 bugs: 1, 23, 15, 0)

action needed

Marked for autoremoval on 23 June: #961491 high

Version 6.2.40~dfsg-4 of sympa is marked for autoremoval from testing on Tue 23 Jun 2020. It is affected by #961491. You should try to prevent the removal by fixing these RC bugs.

Created: 2020-06-01 Last update: 2020-06-04 01:36

A new upstream version is available: 6.2.56 high

A new upstream version 6.2.56 is available, you should consider packaging it.

Created: 2020-05-03 Last update: 2020-06-04 01:13

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2019-09-23 Last update: 2020-06-02 01:34

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2020-10936: Sympa before 6.2.56 allows privilege escalation.

1 issue skipped by the security teams:

CVE-2020-9369: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.

Please fix them.

Created: 2020-02-24 Last update: 2020-05-29 06:41

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-10936: Sympa before 6.2.56 allows privilege escalation.

Please fix it.

Created: 2020-05-25 Last update: 2020-05-29 06:41

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-10936: Sympa before 6.2.56 allows privilege escalation.

Please fix it.

Created: 2020-05-25 Last update: 2020-05-29 06:41

1 security issue in jessie high

There is 1 open security issue in jessie.

1 important issue:

CVE-2020-10936: Sympa before 6.2.56 allows privilege escalation.

Please fix it.

Created: 2020-05-25 Last update: 2020-05-29 06:41

2 security issues in stretch high

There are 2 open security issues in stretch.

1 important issue:

CVE-2020-10936: Sympa before 6.2.56 allows privilege escalation.

1 issue skipped by the security teams:

CVE-2018-1000671: sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

Please fix them.

Created: 2018-09-07 Last update: 2020-05-29 06:41

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-06-04 01:33

Depends on packages which need a new maintainer normal

The packages that sympa depends on which need a new maintainer are:

libintl-perl (#945988)
- Build-Depends: libintl-perl
- Depends: libintl-perl

Created: 2019-11-22 Last update: 2020-06-03 23:32

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2020-02-26 02:06

news

[rss feed]

[2020-03-02] sympa 6.2.40~dfsg-4 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted sympa 6.2.40~dfsg-4 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-09-12] sympa 6.2.40~dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-09-07] Accepted sympa 6.2.40~dfsg-3 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-09-02] sympa 6.2.40~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-08-28] Accepted sympa 6.2.40~dfsg-2 (source) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-01-27] sympa 6.2.40~dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-21] Accepted sympa 6.2.40~dfsg-1 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2019-01-03] Accepted sympa 6.2.16~dfsg-3+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2018-12-30] sympa 6.2.38~dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-25] Accepted sympa 6.2.38~dfsg-1 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-12-20] sympa 6.2.36~dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-12-19] sympa REMOVED from testing (Debian testing watch)
[2018-12-08] sympa 6.2.36~dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-12-02] Accepted sympa 6.2.36~dfsg-2 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2018-10-03] sympa 6.2.36~dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-10-02] Accepted sympa 6.2.16~dfsg-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2018-09-27] Accepted sympa 6.2.36~dfsg-1 (source amd64) into unstable (Emmanuel Bouthenot)
[2018-09-21] Accepted sympa 6.1.23~dfsg-2+deb8u3 (source) into oldstable (Abhijith PA) (signed by: Roberto C. Sanchez)
[2018-09-05] Accepted sympa 6.2.16~dfsg-3+deb9u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2018-07-24] Accepted sympa 6.1.23~dfsg-2+deb8u2 (source amd64) into oldstable (Markus Koschany)
[2018-07-09] sympa 6.2.32~dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-07-02] Accepted sympa 6.2.32~dfsg-2 (source amd64) into unstable (Emmanuel Bouthenot)
[2018-06-23] sympa REMOVED from testing (Debian testing watch)
[2018-05-08] sympa 6.2.32~dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] Accepted sympa 6.2.32~dfsg-1 (source amd64) into unstable (Emmanuel Bouthenot)
[2017-12-27] sympa 6.2.24~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-12-22] Accepted sympa 6.2.24~dfsg-1 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)
[2017-10-08] sympa 6.2.22~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-10-03] Accepted sympa 6.2.22~dfsg-1 (source amd64) into unstable (Stefan Hornburg (Racke)) (signed by: Stefan Hornburg)

bugs [bug history graph]

all: 39
RC: 1
I&N: 23
M&W: 15
F&P: 0
patch: 4

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (99, 38)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.2.40~dfsg-4
28 bugs (1 patch)