All Projects

ProjectCategoryTask TypePrioritySeveritySummaryStatus  descProgress
InstallationGeneralFreedom IssueVery LowHighFS#1445 - [fluxbox] provides nonfree software support i...Unconfirmed
Task Description

recommended fix, remove non-free software entries in menu and replace them with applications that actually exist.

PackagesAnyBug ReportVery LowHigh[rubyripper] GUI doesn't workUnconfirmed
Task Description

rrip_gui does not work. The fix is to install cairo-gobject which is not in the repos. Attached is a working PKGBUILD adapted from the official one.

PackagesStableBug ReportVery LowHigh[nftables] init service ERROR: nftables failed to startUnconfirmed
Task Description

Error: conflicting protocols specified: inet-service vs. icmp

when using

ip protocol icmp icmp type echo-request counter accept comment “accept ICMP echo-request type” ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment “Accept ICMPv6”

It is a known bug on 0.7 and solved on 0.9 commit 0011985554e269e1cc8f8e5b41eb9dcd795ebe8c fixes this problem upstream.

PackagesAnyUpdate RequestVery LowHigh[mpv] request for package bumpUnconfirmed
Task Description


Would it be possible to get a package bump for mpv ?

Currently, Debian Buster (stable) uses 0.29.1-1. This would be great as it introduces many fixes and support for lua scripts I heavily use.
0.29.* requires a ffmpeg to 4.x series as well.


PackagesAnyUpdate RequestMediumHigh[php] is out of date/supportUnconfirmed
Task Description


From official PHP page, our php 7.1 is out of support and security

Our package :

PHP page :

PackagesAnyFreedom IssueVery LowHighSynergy en teclado en español no tiene tildes ni ñUnconfirmed
Task Description

Share a single mouse and keyboard between multiple computers, with libressl and OpenRC support

Synergy no es capas de trasmitir tildes ni eñes y demás caracteres del español españa

Additional info:
* package version(s): community/synergy 1.8.8-2.hyperbola1
* config and/or log files etc.

Steps to reproduce:
instalarar synergy en 2 PCs con hyperbola 0.3, he intentar escribir tildes, no funcionará...

ServicesMail Service IssueSecurity IssueVery LowHighPlease "support" TLS 1.2 instead of requiring it for em...Unconfirmed
Task Description

The requirement for TLS 1.2 in email effectively isolated us from internet, and yelling for change isn’t working even in communications with other free/libre system distributions and mailing lists related to free/libre software (both for software and for discussions related to the movement itself). :)

Many mailing lists at,,,, and also in other free/libre system distributions aren’t accessible (e.g.: Trisquel).

PackagesStableDrop RequestVery LowCritical[osdbattery] Unmaintained and unsupportableUnconfirmed
Task Description

osdbattery is (probably) useless and broken so Conky did compete because It is still unmaintained and unsupported over 14 years ago (last released version 1.4 on August 23, 2005), and should be removed per anti-abandonware rule at the packaging guidelines.

Also, the default config file contains non-libre/free Microsoft font Verdana as X11 font format property in font variable.

PackagesStableSecurity IssueVery LowCritical[lts-kernel][sec] filter /dev/mem access & restrict acc...Unconfirmed
Task Description

These two options could be enabled :

Kernel hacking → [*] Filter access to /dev/mem
[*] Filter I/O access to /dev/mem

Security options → [*] Restrict unprivileged access to the kernel syslog

PackagesAnySecurity IssueVery LowCritical[opensmtpd] CVE-2020-8794Unconfirmed
Task Description


Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)




We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

PackagesStableBug ReportVery LowCritical[gtk-2] Severe problems with GTK2-applicationsUnconfirmed
Task Description

Description: Since the migration to xenocara there seems to be a bug with applications using GTK-2. From time to time there are crashes with assertion `!xcb_xlib_threads_sequence_lost’.

Looking into this a little bit more deep there are also other distributions affected and this is an upstream-bug. But the concrete situation is not that easy, while it could be also part of the library libX11 itself. Looking therefore here:

Affected are for example LXDE in general, icedove, iceweasel and many more!

PackagesStableFreedom IssueVery LowCritical[keybase] Complete removal of toolUnconfirmed
Task Description

There is only the source code of the client available and since years nothing more happened. With keybase joining “Zoom” nothing more seems to happen. Look also here in the forum:

PackagesAnySecurity IssueVery HighCritical[grub2] UEFI SecureBoot vulnerability + multiple flaws ...Unconfirmed
Task Description

Showing tasks 501 - 513 of 513 Page 11 of 11<<First - 7 - 8 - 9 - 10 - 11

Available keyboard shortcuts


Task Details

Task Editing