Bug#109431: See What You Missed Out In 2008

Invest in the best way to get the hottest chicks in town http://www.spentraks.com/ 15 tips on mind blowing foreplay -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335078: Pink and perfect lips

Give your girl the perfect present when she takes off your boxers. http://www.Pleasuredromes.com/ Pink and perfect lips -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#120503: periods off Mar

If you do do anything, upload it to me, I will be very interested to see it. AN ALLE FINANZINVESTOREN! DIESE AKTIE WIRD DURCHSTARTEN! FREITAG 20. APRIL STARTET DIE HAUSSE! REALISIERTER KURSGEWINN VON 400%+ IN 5 TAGEN! Symbol: G7Q.F Company: COUNTY LINE ENERGY 5 Tages Kursziel: 0.95 Schlusskurs:

Bug#343832: Suggest tinycdb instead of freecdb (no longer available)

package: qpsmtpd Please remove freecdb (no longer available) and suggest tinycdb. Thank you for maintaining this package! This appears to be a perfect drop-in replacement for qmail-smtpd which allows qmail/vpopmail to continue to be used. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with

Bug#343675: Add "trac-admin /path/to/projenv upgrade" as postinstall

package: trac severity: wishlist The following command should be automatically executed after a new version replaces an older version: trac-admin /path/to/projenv upgrade This command will do nothing if the environment is already up-to-date so it should be safe to always run after installati

Bug#343638: New upstream version fixes stack overflow and more

package: jfsutils severity: important New upstream version 1.1.9 and 1.1.10 are available. In particular, a stack buffer overflow in Is_Device_Mounted has been fixed. Changes in 1.1.10 - 2005-10-19 * More stdio cleanup * fsck was not recognizing the root filesystem as jfs Changes in 1.1.9 - 20

Bug#343519: libapache2-mod-fastcgi

package: libapache2-mod-fastcgi severity: wishlist Please remove uneccessary dependencies for packages already provided by apache2-common. This will make it easier to track libapache2-mod-fastcgi/testing from Sarge. Thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "u

Bug#343514: SEGV due to NULL pointer r->filename

package: libapache2-mod-fastcgi A SEGV can happen in fcgi-fs_get_by_id() because fixups() passes a NULL pointer to it. Basically, mod_fastcgi.c:fixups() should verify r->filename is not NULL before calling fcgi_util_fs_get_by_id(r->filename, uid, gid). Here's the current mod_fastcgi.c:fixu

Bug#343382: New upstream versions 1.8 and 1.9 available

package: libapache2-mod-scgi New upstream versions 1.8 and 1.9 are available. Changes include: 1.9 (2005-12-13) r27717 * Make passfd.c work on 64-bit machines. Thanks to Dryice Liu. * For Apache 2, set REQUEST_URI using the original request URI (r->unparsed_uri may be different if there

Bug#343264: [CVE-2004-0564] attackers can overwrite any files when run with setuid root

package: pppoe severity: grave tags: security Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root, an attacker could overwrite any file on the file system. CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe),

Bug#343143: Install errors when /tmp is mounted noexec

package: squid When /tmp is mounted noexec, performing 'apt-get install squid' bombs. To reproduce, simply mount /tmp with noexec then perform 'apt-get install squid'. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#340337: CVE-2005-2970 exists in 2.0.54 too -- please fix stable branch

This problem exists in Debian's stable branch with apache2-mpm-worker 2.0.54. It appears to have been fixed already in Ubuntu versions 4.10, 5.4, and 5.10. From http://www.ubuntulinux.org/usn/usn-225-1 "The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu

Bug#342849: New upstream version 0.75 released on 23-Aug-2005

package: tinycdb A new upstream version 0.75 is available. User-visible changes include: - make cdb_make_put(CDB_PUT_REPLACE) to actually *remove* all (was only first previously) matching records, by rewriting the file. - new mode CDB_PUT_REPLACE0, which zeroes out old duplicate records

Bug#342847: Please replace freecdb with tinycdb

package: vpopmail-bin Please replace freecdb with tinycdb. freecdb is marked for deletion. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#342140: New upstream version 3.02 available

package: shorewall Thank you for maintaining shorewall. A new upstream bugfix release was recently made available. Problems Corrected in 3.0.2 1) A couple of typos in the one-interface sample configuration have been corrected. 2) The 3.0.1 version of Shorewall was incompatible with old ve

Bug#342080: Problem with configure and debian/rules file with CFLAGS

package: pound version: 1.9.4-1 While using 'dpkg-source -x' and 'dpkg-buildpackage', I noticed that CFLAGS changes to debian/rules file were completely ignored. 1. For some reason, CFLAGS always ended up '-g -O2' during the build no matter what was specified in debian/rules. 2. Exporting C

Bug#342038: New stable upstream release 2.2.6 available

package: postfix A new upstream release (patch 6) is available for postfix 2.2. CHANGES IN 2.2 PATCH LEVEL 6: 20050806 Workaround: accept(2) fails with EPROTO when the client already disconnected (SunOS 5.5.1). File: sane_accept.c. 20050815 Workaround: old Solaris compilers can't link an arc

Bug#340252: Add 'upgrade' and 'failed-upgrade' to debian/libapache2-mod-fcgid.prerm

package: libapache2-mod-fcgid Please consider adding 'upgrade' and 'failed-upgrade' case branches to: debian/libapache2-mod-fcgid.prerm. Also, this error message should probably say 'prerm' instead of 'postrm' in the same file: echo "postrm called with unknown argument \`$1'" >&2 Thanks.

Bug#340128: Patch to fix debian/rules dropping CFLAGS

Tatsuki Sugiura wrote: Hello, Thanks for information. But..., this problem was solved in 1.06 by using CDBS. I think, update for sarge isn't needed because it affects on performance trivial... How about that you think? BTW, I'v fixed #334011 by removing unnecessary dependency. I'll ask uploa

Bug#340128: Patch to fix debian/rules dropping CFLAGS

package: libapache2-mod-fcgid SUMMARY: CFLAGS is getting dropped due to error in debian/rules. This patch can be applied to debian/rules in version 1.05 to fix CFLAGS getting discarded. The patch puts CFLAGS inside MAKE_DEFS definition, and moves CFLAGS definition above MAKE_DEFS. --- rul

Bug#340003: Update bogons file to reflect IANA allocs in stable branch

package: shorewall version: 2.2.3-2 On 2005-07-30, the bogons file in version 2.2.6 was updated to reflect recent IANA allocations. Please backport the updated bogons file, /usr/share/shorewall/bogons, to the stable branch. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of

Bug#339980: Newer upstream version 2.2.5 (19-July-2005) available

package: postfix A newer upstream version 2.2.5 released on 19-July-2005 is available as a small patch. http://postfix.messinet.com/source/official/postfix-2.2-patch05.gz Changes in 2.2 patch 5 include: 20050630 Portability: the connection caching code broke on LP64 systems (inherited from

Bug#339953: Suggest mod_fcgid

package: rails severity: wishlist Please consider suggesting mod_fcgid for use with rails. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#339604: New upstream version 1.07 available

package: libapache2-mod-fcgid A new upstream version is available with the following changes: Version 1.07 ( Nov 10, 2005 ) 1. Configuration IPCConnectTimeout, IPCCommTimeout, BusyTimeout can be overwritten in VirtualHost section 2. Add EXTRA_CFLAGS = -I$(builddir) in Makefile 3. Support Apach

Bug#338409: New upstream version 1.9

package: libapache2-mod-security A new upstream stable version is available. mod_security 1.9 contains the following changes since 1.8.7: 06/11/2005 1.9 -- * No changes since 1.9RC4. 03/11/2005 1.9RC4 - * Warning messages emitted from chained rules are now lo

Bug#338055: New upstream version 1.0.2 available

package: rdiff-backup A new upstream version is available. Changes in v1.0.2 (2005/10/24) include: Fix for spurious security violation from --create-full-path (reported by Mike Bydalek). Fix for bug 14545 which was introduced in version 1.0.1: Quoting caused a spurious security violation.

Bug#242066: [Pound Mailing List] PROPFIND 501 Not Implemented - after upgrading from 1.8.2 to 1.9.4

Sam Johnston wrote: I don't recall this ever having been the case for the Debian package (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242066), but it would be easy enough to verify - it's public information :) Here were my comments on the issue back in August: #242066: please enable D

Bug#336137: Version 6.4-1.1 (4-Sept-2005) does not exist in stable (CAN-2005-152)

package: awstats severity: grave tags: security Version 6.4-1.1 which fixed CAN-2005-152 on Sept 4, 2005 is still not available in the stable branch as of October 28, 2005. Running 'apt-get update && apt-get upgrade' on Debian 3.1 does not yet fix CAN-2005-152 which was fixed roughly 2 months

Bug#334833: CAN-2005-1527 still not fixed in stable branch

package: awstats tags: security The stable branch of awstats-6.4-1 still contains the security vulnerability CAN-2005-1527 (arbitrary command injection). I was under the impression fixes to security bugs such as CAN-2005-1527 would automatically be fixed in the stable branch by simply perform

Bug#334417: New upstream version 1.3.14

package: geoip-bin Thank you for maintaining geoip-bin. A new upstream version is available with the following changes: 1.3.142005-9-7 * Check if byte, ushort, ulong, u16, u32 are defined in configure script. Fixes compilation issue on FreeBSD systems. * Check for Big Endian byt

Bug#334011: Lower the requirement for libc6 >= 2.3.5 and locales >= 2.3.5 in version 1.4.6

package: libapache2-mod-fcgid severity: wishlist Thanks for maintaining this package. Are the requirements for libc6 >= 2.3.5 and locales >= 2.3.5 necessary? Would >= 2.3.2.ds1-22 be sufficient? It would be great if the minimum requirement matched libc6 and locales versions present in Sarg

Bug#326941: No response after 35 days on very important bugs

package: pound It has been 35 days since this was reported and there has been no reponse. Simply stated, pound cannot be used reliably without the fixes in the upstream bugfix release if: 1. we want any Firefox users to utilize SSL 2. we want any IE users to download files 3. we want to re

Bug#333559: New upstream version 1.9.3 - username was missing while logging CLF and Basic Authentication

package: pound Pound v1.9.3 is primarily a bug-fix interim release. Changes in this version: - the user name will now appear correctly in the log entries if you use one of the CLF variants and Basic Authentication file: http://www.apsis.ch/pound/Pound-1.9.3.tgz signed:htt

Bug#331604: New upstream release 1.9.2 (26-Sept-2005)

package: pound This is to announce the release of Pound v1.9.2 (26-Sept-2005). This is primarily a bug-fix interim release. Changes in this version: - added a NoDaemon configuration directive. This replaces the existing --disable-daemon flag for the autoconf script and allows you to decide

Bug#326941: New upstream 1.9.1 fixes 'serious problem with polling code' and more

package: pound severity: important Fixes two important and unrelated problems: downloads with IE craps out and Firefox 1.06 gets virtually hung using SSL Changes in pound 1.9.1: - fixed a serious problem with the polling code: it would mistakenly identify a (read) HUP condition as a "can't w

Bug#324600: gfortran-4.0: format( 1000(a,$)) (forwarded from Dr. Markus Waldeck)

t; Since this (a $ as format specifier) is an extension, there is nothing in the standard against this. On the other hand, all the compilers I have at hand accept this, so I think we might as well remove this contraint. I think this can be reported as a bug. FX -- To UNSUBSCRIBE, email

Bug#320248: New upstream version 3.0.6-1.0

package: bastille tags: security A new upstream of Bastille, version 3.0.6, is available. The current Debian package of Bastille is version 1.2.1. Background: Version 3.0.2 was released in April 2005 and there have been several minor releases thereafter. The latest minor release, 3.0.6 was

Bug#320220: SSL problem with pound-1.9 and Firefox 1.0.6

package: pound An SSL problem exists with pound-1.9 when the client is Firefox 1.0.6. This problem was described in the pound mailing list as: "It shows up as excruciating slowness when making multiple requests, i.e., a web page with images, where the secondary requests come in very slowly.

Bug#318341: New upstream version 3.2.2

package: sqlite3 Changelog for version 3.2.2 * Added the sqlite3_db_handle() API * Added the sqlite3_get_autocommit() API * Added a REGEXP operator to the parser. There is no function to back up this operator in the standard build but users can add their own using sqlite3_create_funct

Bug#315145: New upstream version 0.8.4 fixes security bug

package: trac severity: important tags: security New upstream version 0.8.4 fixes a security problem where trac can be tricked into uploading a file outside the environment directory. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTE

Bug#314753: New upstream version 1.1.8 (fixes bug that corrupted inodes)

package: jfsutils severity: important Release 1.1.8 of jfsutils was made available on May 3, 2005. Changes include: - fsck should not bail out if reserved (but unused) inode 1 is bad - code cleanup - remove unused variables, eliminate compiler warnings - Added blocks parameter to jfs_mkfs to sp

Bug#311548: New upstream production version 1.9. (version 1.8.2 is beta release!)

package: pound severity: important tags: security The current version of pound in Sarge (1.8.2) is a beta release with a buffer overflow issue. Pound 1.9 is the first non-beta release since Pound 1.8. Changes in version 1.9: - Added the VerifyList configuration flag (CA root certs + CRL) - CRL

Bug#310646: New upstream interim bug-fix releases 1.8.5, 1.8.4, 1.8.3

package: pound severity: important Pound 1.8.2 currently in Sarge is considered beta and contains numerous bugs including a buffer overflow. Please unfreeze pound to get much-needed bugfixes. New upstream versions 1.8.5, 1.8.4, 1.8.3 are interim bugfix releases that fix all known bugs and i

Bug#310525: New upstream version 2.2.5 fixes 3 bugs

package: shorewall Version 2.2.5 is a minor bugfix release. Problems corrected in version 2.2.5: 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the 'tunnel' script has been corrected (Thanks to Patrik Varmecký)

Bug#310524: New upstream version 3.4.4 fixes 163 bugs

package: gcc-3.4 New upstream version 3.4.4 fixes 163 bugs. List of problems fixed in 3.4.4 are at: http://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=3.4.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? C

Bug#310474: New upstream version 1.2 fixes 50+ bugs

package: subversion New upstream version 1.2 is available with more than 50 new bugfixes. Development of 1.1 branch is stopped. Changelog is as follows: Version 1.2.0 (21 May 2005, from /branches/1.2.x) http://svn.collab.net/repos/svn/tags/1.2.0 See the 1.2 release notes for a more verbose

Bug#308247: Segmentation fault in uri/common.rb

akira yamada / ãã wrote: On 2005/05/09, at 8:44, FX wrote: With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in uri/common.rb line 287 when the firewall (iptables) blocks outgoing connection. Please show me how to be able to re-produce the bug. Thank you. Akira, If you c

Bug#308247: Segmentation fault in uri/common.rb

akira yamada / ãã wrote: On 2005/05/09, at 8:44, FX wrote: With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in uri/common.rb line 287 when the firewall (iptables) blocks outgoing connection. Please show me how to be able to re-produce the bug. Thank you. Here is one w

Bug#308247: Segmentation fault in uri/common.rb

package: ruby1.8 With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in uri/common.rb line 287 when the firewall (iptables) blocks outgoing connection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#306649: New upstream version 1.8.3

package: pound severity: important tags: security New upstream version 1.8.3 is a bug-fix interim release that includes a fix for sprintf buffer overflow. Changes include: - fixed a potential buffer overflow problem (thanks to Steven Van Acker for bringing it to my attention). Hopefully this is th

Bug#305602: Missing builds have been blocking high-priority package going into testing

package: ruby1.8 Thanks for maintaing ruby1.8 and providing frequent updates. I noticed 1.8.2-5 is 'high' priority but missing builds have been preventing it from going into sarge. Do you need volunteers with specific hardware to help? Thanks again for the great job keeping ruby1.8 up-to-date.

Bug#305143: New upstream version 1.3.10

package: geoip-bin New upstream version available. http://www.maxmind.com/download/geoip/api/c/GeoIP-1.3.10.tar.gz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#305121: New upstream version 2.0.54 available

package: apache2 New upstream version 2.0.54 is available. Couple security-related fixes include a bug where httpd processes can stay alive after shutdown and permissions of created files in htdigest. Changes with Apache 2.0.54 *) mod_cache: Add CacheIgnoreHeaders directive. PR 30399. [] *

Bug#304966: New upstream version 1.6.7 available

package: syslog-ng The latest stable release of syslog-ng is 1.6.7. Changes from 1.6.6 -> 1.6.7 include: * Fixed a memory leak and possible fd leak in spoof-source support. * Fixed destination port byte order on little-endian machines, triggered when a non-514 port was used. * Added fedora-core

Bug#304894: Log messages getting dropped

Matt Zimmerman wrote: On Sat, Apr 16, 2005 at 05:29:19AM -0500, FX wrote: package: syslog-ng severity: important tags: security Log messages are getting dropped during HUP. This could allow certain forms of attacks to perform activities without getting logged. How long does syslog-ng

Bug#304894: Log messages getting dropped

package: syslog-ng severity: important tags: security Log messages are getting dropped during HUP. This could allow certain forms of attacks to perform activities without getting logged. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTE

Bug#303179: New upstream version 1.1.4

package: subversion New upstream version 1.1.4 is available. Changelog: Version 1.1.4 (1 April 2005, from /branches/1.1.x) http://svn.collab.net/repos/svn/tags/1.1.4 User-visible-changes: - Client: * fixed: win32 not ignoring versioned symlinks (issue #2173) * fixed: 'svn merge' can cause

Bug#302790: Directory ownership gets lost

package: hdup severity: important tags: security The ownership/permission information of directories/subdirectories are getting lost when restoring from backup. Unlike individual files within directories, the directories themselves are not getting backed up. This results in files having proper

Bug#301658: Patch and explanation about 16K/request memory leak

package: libfcgi-ruby1.8 severity: important Thank you for maintaining this package. Here is a patch to fix a 16K/request memory leak. The folowing explanation and patch is from comp.lang.ruby, posted by Kirk Haines. 8< Nutshell: The 0.8.5 version of the C e

Bug#301618: Two new stable upstream versions fix serious bugs

package: zorp severity: important Two new stable upstream versions available fix serious bugs including segfaults, deadlocks, memory leaks, fd leaks, race conditions, etc.: 3.0 branch: version 3.0.3 (stable) released on 2005.01.06 2.1 branch: version 2.1.8 (stable) released on 2004.09.14 Chan

Bug#301617: New upstream version 1.6.6

package: syslog-ng New upstream version syslog-ng 1.6.6 released on 02/04/2005 fixes possible loss of log messages during HUP. Seems to be primarily a bugfix release. Changelog since previous version: 2005-02-03 Balazs Scheidler <[EMAIL PROTECTED]> * src/sources.c (do_read_line): added a n

Bug#299747: New upstream version 2.2.2

package: shorewall New upstream version 2.2.2 is available. Problems corrected in version 2.2.2 1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP ranges (assuming that your iptables and kernel support ranges). 2) If A is a user-defined action and you have file /etc/shorewall/A

Bug#292511: Simple Fix for Potential Denial of Service Vulnerability

package: libfcgi-ruby1.8 severity: important Clients breaking connection cause fastcgi process to terminate with untrapped signal 6. This can be exploited in a denial of service attack because the process won't respawn if it fails to live for more than 30 seconds. The following solution was po

Bug#292268: New upstream versions 2.60 final and 2.61

package: siege Two new upstream versions available: 2.60 final (2004-06-28) and 2.61 (2004-11-19). Please consider updating the 2.60beta1currently in Debian with a newer non-beta version. Thank you for maintaining siege. Changelog: 2004/11/19 Jeff Fulmer

Bug#292255: New upstream version 1.15.1 released on 2004-12-21

package: tar New upstream versions available: 1.15.1, 1.1.5, and 1.1.4.90. Changes in 1.15.1 (2004-12-21): Unpacking archives piped from standard input now works correctly. This logic flaw was introduced in version 1.15 and has unfortunately passed unnoticed the pretesting phase. Changes in 1.15

Bug#291350: New upstream version 8.0 released on 2005-01-19

package: postgresql New upstream version 8.0 was released on 2005-01-19. Detailed release notes are at: http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0 Summary of new features are: * Native Windows port * Savepoints/nested transactions * Exception handling inside functions * Tab

Bug#290610: New upstream version 1.1.3

package: subversion New upstream version 1.1.3 (14 Jan 2005) fixes the problem which prevented 1.1.2 (20 Dec 2004) from getting packaged in Debian. Since the changes in 1.1.2 (20 Dec 2004) include fixes for data corruption, race condition, memory leak and more, I hope we can get this into Debia

Bug#290293: New upstream versions 2.3.3, 2.3.4, 2.3.5, 2.3.6 available

package: vqadmin Several newer upstream versions are available from: http://sourceforge.net/projects/vqadmin/ Changelogs for 2.3.3, 2.3.4, 2.3.5, 2.3.6 are as follows: 2.3.6 09/17/03Chris Stump <[EMAIL PROTECTED]> - Incorporated db_owner.c for domain owner MySQL tracking capability.

Bug#290245: SECURITY: Five new upstream versions 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9 available

package: vpopmail-bin severity: grave This package still contains an SQL Injection vulnerabilty that was fixed in an upstream version on 30-Jun-04. In all, five new upstream versions were released after 5.4.4 which contain numerous fixes. Most importantly, upstream version 5.4.6 released on 30