Bug#947212: wordpress: 5.3.2 new upstream bug-fixing release available.
Package: wordpress Version: 5.2.4 Severity: critical Dear Maintainer, * What led up to the situation? Wordpress 5.3 was released on November 12, 2019 with the latest maintenance/security release on December 18, 2019. Since then the Debian wordpress package has not been updated from 5.2.4 leaving instances at unnecessary and avoidable risk. Please consider updating Debian wordpress packages to upstream versions. To reduce exposure of wordpress instances deploying Debian wordpress packages I am offering updated and packaged versions of the Debian wordpress packages (tested OK) for sponsored [2] NMU [1]. I intend on contributing updates on a regular basis. Severity "critical" is chosen for this issue being security-related on a large scale putting many users' systems and data at risk. @Craig In addition to our past PMs, I'm merely formally reporting this critical bug for public reference on 3rd party advise. -- 1: https://mentors.debian.net/package/wordpress 2: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D947143 signature.asc Description: PGP signature
Bug#883938: linux-image-3.16.0-4-amd64: Kernel panic on boot after upgrading to debian 8.10 kernel 3.16.51
Package: src:linux Version: 3.16.43-2+deb8u5 Severity: grave Justification: renders package unusable (Note: This bug affects version 3.16.51-2, not 3.16.43-2+deb8u5, but that's the version that "reportbug" filled in after downgrading to get this system back up running) After upgrading from Debian 8.9 to Debian 8.10, this Dell PowerEdge R430 server immediately and consistently throws a kernel panic on boot. (kernel 3.16.51-2) Booting from debian-8.9.0-amd64-netinst.iso in rescue mode let me drop into a shell for the target installation, where I performed something like: cd /var/cache/apt/archives dpkg -i *3.16.43*deb8u5* reboot which restored the previous kernel (3.16.43-deb8u5). This kernel works fine. I only have a terrible java KVM app available for seeing the console, and from what I can see, it logs with timestamps [0.811] through [0.841] (typing in from an image - excuse any typos, and leaving out long hexadecimal numbers that might not be interesting) general protection fault: [#1] SMP CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.16.0-4-amd64 #1 Debian 3.16.51-2 Hardware name: Dell PowerEdge R430/03XKDV, BIOS 1.2.6 06/08/2015 task: 88085fa532d0 ti: 88085fa58000 task.ti: 88085fa58000 RIP: 0010:[] [ build_sched_domains+0x72d/0cf0 (lots of x86_64 registers) Call trace: sched_init_smp+0x398/0x452 mutex_lock+0xe/0x2a put_online_cpus+... stop_machine+... kernel_init_freeable+... rest_init+... kernel_init+... ret_from_fork+... rest_init+... Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x000b I also stopped by #debian on irc.debian.org and other people mentioned getting similar (or same) panics on different types of hardware (HP ProLiant DL380 G7, and a Supermicro server). Downgrading to 3.16.43-deb8u5 seemed to work for them as well. -- Package-specific info: ** Version: Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) ** Command line: BOOT_IMAGE=/vmlinuz-3.16.0-4-amd64 root=UUID=89e3af9f-5bf1-4e93-99c0-0eca2f4fd312 ro quiet ** Tainted: O (4096) * Out-of-tree module has been loaded. ** Kernel log: [5.957932] systemd[1]: Starting udev Kernel Device Manager... [5.961475] ipmi message handler version 39.2 [5.961963] ipmi device interface [5.962401] Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot. [5.963211] IPMI System Interface driver. [5.963253] ipmi_si: probing via SMBIOS [5.963255] ipmi_si: SMBIOS: io 0xca8 regsize 1 spacing 4 irq 10 [5.963256] ipmi_si: Adding SMBIOS-specified kcs state machine [5.963259] ipmi_si: Trying SMBIOS-specified kcs state machine at i/o address 0xca8, slave address 0x20, irq 10 [5.978757] systemd-udevd[396]: starting version 215 [5.978816] systemd[1]: Started udev Kernel Device Manager. [5.978877] systemd[1]: Starting Copy rules generated while the root was ro... [5.979249] systemd[1]: Starting LSB: Set preliminary keymap... [6.010575] systemd[1]: Started Copy rules generated while the root was ro. [6.031435] systemd[1]: Mounted FUSE Control File System. [6.055061] wmi: Mapper loaded [6.060621] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3 [6.060626] ACPI: Power Button [PWRF] [6.082592] ACPI Error: No handler for Region [SYSI] (88107ec271e8) [IPMI] (20140424/evregion-163) [6.082600] ACPI Error: Region IPMI (ID=7) has no handler (20140424/exfldio-297) [6.082605] ACPI Error: Method parse/execution failed [\_SB_.PMI0._GHL] (Node 88107ec26310), AE_NOT_EXIST (20140424/psparse-536) [6.082617] ACPI Error: Method parse/execution failed [\_SB_.PMI0._PMC] (Node 88107ec262c0), AE_NOT_EXIST (20140424/psparse-536) [6.082628] ACPI Exception: AE_NOT_EXIST, Evaluating _PMC (20140424/power_meter-755) [6.120161] ipmi_si ipmi_si.0: Using irq 10 [6.123175] ipmi_si ipmi_si.0: Couldn't set irq info: cc. [6.123177] ipmi_si ipmi_si.0: Maybe ok, but ipmi might run very slowly. [6.142529] ipmi_si ipmi_si.0: Found new BMC (man_id: 0x0002a2, prod_id: 0x0100, dev_id: 0x20) [6.145569] IPMI poweroff: ATCA Detect mfg 0x2A2 prod 0x100 [6.145571] IPMI poweroff: Found a chassis style poweroff function [6.145613] ipmi_si ipmi_si.0: IPMI kcs interface initialized [6.189769] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [6.229237] mei_me :00:16.0: Device doesn't have valid ME Interface [6.237853] IPMI Watchdog: driver initialized [6.288912] systemd[1]: Mounted Debug File System. [6.288984] systemd[1]: Mounted Huge Pages File System. [6.289004] systemd[1]: Mounted POSIX Message Queue File System. [6.289448] systemd[1]: Started Increase datagram queue length. [6.289850] systemd[1]: Started Load Kern
Bug#883938: linux-image-3.16.0-4-amd64: Kernel panic on boot after upgrading to debian 8.10 kernel 3.16.51
On Sat, Dec 09, 2017 at 18:46:08 +0100, Rene Engelhard wrote: > On Sat, Dec 09, 2017 at 06:23:04PM +0100, debbug wrote: > > Package: src:linux > > Version: 3.16.43-2+deb8u5 > > Severity: grave > > Justification: renders package unusable > > > > (Note: This bug affects version 3.16.51-2, not 3.16.43-2+deb8u5, > > but that's the version that "reportbug" filled in after downgrading > > to get this system back up running) > > Then you should have edited the report accordingly... > I was going to, but I wasn't sure about the proper version number or syntax to put in (3.16.51 or 3.16.51-2 or something else) and I didn't want to risk losing the bug in a void or failing to submit. Thanks for fixing up the version number!
Bug#838881: Actual python module files missing
Package: python-parsedatetime Version: 2.1-1 Severity: critical Upgrade from 1.4-1 to 2.1-1 made certbot fail. Short investigation reveals the package contains only files in /usr/share/doc/python-parsedatetime/* but is missing any file in /usr/lib/. -- System Information: Debian Release: stretch/sid Architecture: i386 (i686)
Bug#644930: bad LANG env crashes gnucash on File->New account
Package: gnucash Version: 1:2.4.7-3+b1 Severity: serious Tags: l10n Problem description: Using "export LANG=de_DE; gnucash" to start gnucash. gnucash crashes upon Selecting "File -> New account". Same valid for de_DE@UTF-8 maybe others as well. export LANG=de_DE.UTF-8; gnucash however works as intended. Further problem properties: - exists iirc since 2008 or earlier - gnucash devs at #gnucash hint this might be related to libc or gtk. Stack trace: - gnucash-lang-segfault: http://pastebin.com/4h2Cv0La #0 __strncmp_ssse3 () at ../sysdeps/i386/i686/multiarch/strcmp-ssse3.S:2064 #1 0xb6c7813e in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #2 0xb6de0fc7 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #3 0xb6de5677 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #4 0xb6de59f6 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #5 0xb6ddf4e0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #6 0xb6de079b in gtk_tree_model_foreach () from /usr/lib/libgtk-x11-2.0.so.0 #7 0xb6de4f8c in gtk_tree_model_filter_refilter () from /usr/lib/libgtk-x11-2.0.so.0 #8 0xb6c79566 in gtk_entry_completion_complete () from /usr/lib/libgtk-x11-2.0.so.0 #9 0xb6c65d9c in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #10 0xb678af1c in ?? () from /usr/lib/libgobject-2.0.so.0 #11 0xb676d9f2 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #12 0xb678afb7 in ?? () from /usr/lib/libgobject-2.0.so.0 #13 0xb66b2a41 in ?? () from /lib/libglib-2.0.so.0 #14 0xb66b7252 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #15 0xb66b7a30 in ?? () from /lib/libglib-2.0.so.0 #16 0xb66b80f3 in g_main_loop_run () from /lib/libglib-2.0.so.0 #17 0xb6ceabd9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #18 0xb7695974 in gnc_ui_start_event_loop () at gnc-gnome-utils.c:668 #19 0x0804d4d4 in inner_main (closure=0x0, argc=1, argv=0xbfa77ae4) at gnucash-bin.c:735 #20 0xb73a4416 in ?? () from /usr/lib/libguile.so.17 #21 0xb7376022 in ?? () from /usr/lib/libguile.so.17 #22 0xb73eb518 in scm_c_catch () from /usr/lib/libguile.so.17 #23 0xb7376657 in scm_i_with_continuation_barrier () from /usr/lib/libguile.so.17 #24 0xb7376733 in scm_c_with_continuation_barrier () from /usr/lib/libguile.so.17 #25 0xb73e9d99 in scm_i_with_guile_and_parent () from /usr/lib/libguile.so.17 #26 0xb73e9dee in scm_with_guile () from /usr/lib/libguile.so.17 #27 0xb73a44ff in scm_boot_guile () from /usr/lib/libguile.so.17 #28 0x0804d8b1 in main (argc=1, argv=0xbfa77ae4) at gnucash-bin.c:879 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.39.3 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnucash depends on: ii gnucash-common 1:2.4.7-3 ii guile-1.8 1.8.8+1-6 ii guile-1.8-libs 1.8.8+1-6 ii libaqbanking33 5.0.16-1 ii libart-2.0-2 2.3.21-1 ii libatk1.0-02.2.0-1 ii libbonobo2-0 2.24.3-1 ii libbonoboui2-0 2.24.3-1 ii libc6 2.13-21 ii libcairo2 1.10.2-6.1 ii libcrypt-ssleay-perl 0.57-2+b2 ii libdate-manip-perl 6.25-1 ii libdbi10.8.4-5.1 ii libfinance-quote-perl 1.17+git20110918-1 ii libfontconfig1 2.8.0-3 ii libfreetype6 2.4.6-2 ii libgconf2-42.32.4-1 ii libgdk-pixbuf2.0-0 2.24.0-1 ii libglade2-01:2.6.4-1 ii libglib2.0-0 2.28.6-1 ii libgmp10 2:5.0.2+dfsg-1 ii libgnome-keyring0 3.2.0-2 ii libgnome2-02.32.1-1 ii libgnomecanvas2-0 2.30.3-1 ii libgnomeui-0 2.24.5-2 ii libgnomevfs2-0 1:2.24.4-1 ii libgoffice-0.8-8 0.8.17-1 ii libgtk2.0-02.24.4-3 ii libgwengui-gtk2-0 4.3.0-1 ii libgwenhywfar604.3.0-1 ii libhtml-tableextract-perl 2.11-1 ii libhtml-tree-perl 4.2-1 ii libice62:1.0.7-2 ii libktoblzcheck1c2a 1.35-1 ii libltdl7 2.4-4 ii libofx41:0.9.4-2 ii liborbit2 1:2.14.18-0.2 ii libpango1.0-0 1.28.4-3 ii libpopt0 1.16-1 ii libsm6 2:1.2.0-2 ii libsoup2.4-1 2.34.3-1 ii libwebkitgtk-1.0-0 1.4.2-2 ii libwww-perl6.02-1 ii libx11-6 2:1.4.4-2 ii libxml22.7.8.dfsg-4 ii perl 5.12.4-4 ii slib 3b1-3.1 ii zlib1g 1:1.2.3.4.dfsg-3 Versions of packages gnucash recommends: ii gnucash-docs 2.2.0-3 Versions of packages gnucash suggests: pn libdbd-mysql pn libdbd-pgsql pn libdbd-sqlite3 -- no debconf information -- To UNSUBSCRIBE, email to debi
Bug#644965: reportbug -Q -N bug-ID, subsequent choice "o" -> stacktrace
Package: reportbug Version: 6.2.1 Severity: serious Description: - Using query mode -Q w/ -N 1234, viewing report, then selecting "o" in the menu crashes reportbug. Trace: What do you want to do now? [N|x|o|r|b|e|q|?]? ? N - (default) Show next message (followup). x - Provide extra information. o - Show other bug reports (return to bug listing). r - Redisplay this message. b - Launch web browser to read full log. e - Launch e-mail client to read full log. q - I'm bored; quit please. ? - Display this help. What do you want to do now? [N|x|o|r|b|e|q|?]? o Traceback (most recent call last): File "/usr/bin/reportbug", line 2186, in main() File "/usr/bin/reportbug", line 1073, in main return iface.user_interface() File "/usr/bin/reportbug", line 1354, in user_interface package = exinfo.package or exinfo.source AttributeError: 'NoneType' object has no attribute 'package' -- Package-specific info: ** Environment settings: EDITOR="/usr/bin/vi" INTERFACE="text" ** /home/user/.reportbugrc: reportbug_version "3.31" mode expert ui text realname "debbug" email "l...@think-future.com" paranoid -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.39.3 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages reportbug depends on: ii apt 0.8.15.8 ii python2.7.2-8 ii python-reportbug 6.2.1 reportbug recommends no packages. Versions of packages reportbug suggests: ii debconf-utils1.5.40 ii debsums 2.0.49 ii dlocate ii emacs22-bin-common | emacs23-bin-common ii file 5.08-1 ii gnupg1.4.11-3 ii pgpgpg [pgp] 0.13-9 ii postfix [mail-transport-agent] 2.8.3-1 ii python-gtk2 2.24.0-2 ii python-gtkspell ii python-urwid 0.9.9.2-1 ii python-vte 1:0.28.1-2 ii xdg-utils1.1.0~rc1-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#433806: lighttpd: Multiple DoS vulnerabilities to be patched in 1.4.16?
Package: lighttpd Version: 1.4.13-4etch1 Severity: grave Debian stable's version of Lighttpd crashes in a similar way as explained in this lighttpd trac ticket http://trac.lighttpd.net/trac/ticket/1232 There seems to be other important bugs with fixes coming up in a new version soon; I found the problem from rPath advisories posted on full-disclosure https://issues.rpath.com/browse/RPL-1550 https://issues.rpath.com/browse/RPL-1554 Just a heads-up to put this on the radar (the previous round of lighttpd issues seemed to go unnoticed for almost a month), sorry to bother you if you are already aware of the issues. I set the severity to grave since it's (at least) a DoS vulnerability. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: arm (armv5tel) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-ixp4xx Locale: LANG=C, LC_CTYPE=no_NO.ISO8859-1 (charmap=ISO-8859-1) Versions of packages lighttpd depends on: ii libattr12.4.32-1 Extended attribute shared library ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libldap22.1.30-13.3 OpenLDAP libraries ii libpcre36.7-1Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii lsb-base3.1-23.1 Linux Standard Base 3.1 init scrip ii mime-support3.39-1 MIME files 'mime.types' & 'mailcap ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages lighttpd recommends: pn php4-cgi | php5-cgi(no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#435414: mount: Impossible to upgrade, requires updated nfs-common, nfs-common is already upgraded.
Package: mount Version: 2.12r-19 Severity: grave Justification: renders package unusable It seems to be impossible to install the latest version of mount in unstable: # apt-get install mount nfs-common Reading package lists... Done Building dependency tree Reading state information... Done nfs-common is already the newest version. The following packages will be upgraded: mount 1 upgraded, 0 newly installed, 0 to remove and 65 not upgraded. Need to get 0B/133kB of archives. After unpacking 28.7kB disk space will be freed. (Reading database ... 106061 files and directories currently installed.) Preparing to replace mount 2.12r-19 (using .../mount_2.13~rc2-4_i386.deb) ... You have NFS mounts, and this version of mount requires that nfs-common be upgraded before NFS mounts will work. Aborting install. dpkg: error processing /var/cache/apt/archives/mount_2.13~rc2-4_i386.deb (--unpack): subprocess pre-installation script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/mount_2.13~rc2-4_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) # dpkg -l | grep -i nfs-common ii nfs-common 1:1.1.0-13 NFS support files common to client and serve It might be relevant to note that this computer is running diskless, with root on NFS. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22.1 (SMP w/1 CPU core; PREEMPT) Locale: LANG=C, LC_CTYPE=no_NO.ISO8859-1 (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages mount depends on: ii libblkid1 1.40.2-1 block device id library ii libc6 2.6-5 GNU C Library: Shared libraries ii libuuid1 1.40.2-1 universally unique id library mount recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#608232: flpsed does not save text on certain input documents
Package: flpsed Version: 0.5.2-1 Severity: grave Tags: lenny, squeeze flpsed does not save text on postscript produced by xsane in squeeze. The saved document only has /PSEditWidgetPageCount 1 def % PSEditWidget added in line 12 compared to the original. Re-opening the saved document in flpsed another time, adding text and saving again as postscript yields a document with no changes. PDF export has the same result (i.e. the added text is not saved). Running ps2ps or eps2eps on the postscript document yields a several times bigger postscript document that is handled correctly by flpsed. I stripped the image out of a small sample postscript file generated by xsane and attached the result below and as an attachment. Cheers, Karsten === sample postscript === %!PS-Adobe-3.0 %%Creator: XSane version 0.997 (sane 1.0) - by Oliver Rauch %%DocumentData: Clean7Bit %%LanguageLevel: 3 %%BoundingBox: 0 0 69 23 %%Pages: 1 %%EndComments %%BeginDocument: xsane.ps 20 dict begin %%Page: 1 1 %%PageBoundingBox: 0 0 70 24 /DeviceGray setcolorspace 0 rotate 0 0 translate 69.120003 23.76 scale << /ImageType 1 /Width 96 /Height 33 /BitsPerComponent 8 /Decode [0 1] /ImageMatrix [96 0 0 -33 0 33] /DataSource currentfile /ASCII85Decode filter /FlateDecode filter >> showpage %%PageTrailer end %%EOF %%EndDocument === sample postscript -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages flpsed depends on: ii ghostscript-x 8.71~dfsg2-6 The GPL Ghostscript PostScript/PDF ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libfltk1.1 1.1.10-2+b1 Fast Light Toolkit - shared librar ii libgcc1 1:4.4.5-8GCC support library ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libx11-62:1.3.3-4X11 client-side library Versions of packages flpsed recommends: ii poppler-utils [xpdf-utils]0.12.4-1.2 PDF utilitites (based on libpopple flpsed suggests no packages. -- no debconf information example.ps Description: PostScript document
