Package: yaws
Version: 1.91-1
Severity: critical
Tags: security upstream sid
Hi,
A directory traversal vulnerability in yaws has been discovered and
disclosed at [1].
At least the version of yaws currently in sid (1.91) is affected. One
can reproduce the issue by running:
curl 'http://localhost
Hi,
I also see this problem on amd64 with collectd 4.4.2-3 (current lenny).
Specifying an ip address for the server setting in the network plugin
section instead of a hostname seems to be a successful workaround,
however that of course has its own problems when deploying in a larger
network, so t
> since i am the maintainer, i also am planning an upload soon after the 1.1
> release is done.
i have created a new version of the package based on the release candidate,
since it would be a shame to have such a buggy version in lenny.
as far as i have tested it, it works just fine with darcs 2
Package: darcsweb
Version: 1.0-1
Severity: important
Tags: patch
trying to view annotate on any file in an existing repository or even a minimal
one created like
mkdir darcs2test
cd darcs2test
darcs initialize
echo test>>test
darcs add test
darcs record
will cause an exception.
upstream has fi
tags 420588 confirm patch
thanks
i agree with the approach you are suggesting. this will be in the next
upload.
fabian
--
fabian linzberger -- http://lefant.net/ -- http://debienna.at/
- do yourself a favour: use and support free software!
--
To UNSUBSCRIBE, email to [EMAIL
ME'])
if p == '80':
p = ''
else:
it will be fixed in the next release.
thanks for the report,
fabian
--
fabian linzberger -- http://lefant.net/ -- http://debienna.at/
- do yourself a favour: use and support free software!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
hi,
Luca Capello wrote:
> Hello,
>
> please keep [EMAIL PROTECTED] outside the bug report.
yes, i meant to cc: the bug report in a mail to [EMAIL PROTECTED], not the
other way round, i know they are busy people.
> On Tue, 21 Aug 2007 14:34:23 +0200, fabian linzberger wrote:
&g
dex},
> as soon as we decide on which web interface we want to use.
it would have been strange to package darcsweb when darcs-server was
already available if i didn't like it and think it was better. i hope
my example above will be useful in implementing darcs.debian.org ;)
cheers,
fabian
--
tags 407262 +patch
severity 407262 important
thanks
rationale for bumping severity: being unable to use passwords from a
password vault without having to disclose them to the eyes of
bystanders has a major effect on the usability of the program.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wit
hi,
as suggested by Nicolas Dade including libxmu-headers,
11proto-core-dev and libx11-dev in the build dependencies fixes this
issue.
including a patch to document the triviality of fixing this
issue. please upload an improved version soon.
thanks a lot,
fabian
--
fabian linzberger
o this bug, please post
download instructions if you have anything to test.
i also added a link to this bug on
http://bbdev.fluffy.co.uk/trac/wiki/Installation so people don't miss
out on our efforts.
cheers,
fabian
--
fabian linzberger -- http://lefant.net/ -- http://debienna.
reassign 385809 slapd
merge 385809 412781
thanks
i agree with the approach taken in #412781, this is almost exactly
what i have done on our systems and it works fine so far.
cheers,
fabian
--
fabian linzberger -- http://lefant.net/ -- http://debian.org/
- do yourself a favour: use
.17-1) and not on the new libldap-2.3-0.
symlinking /var/run/ldapi to /var/run/slapd/ldapi immediately works
around the problem.
fabian
--
Mit freundlichen Gr��en / Best regards
Fabian Linzberger
System Engineer
Corporate IT - Infrastructure
Mayr-Melnhof Karton Gesellschaft m.b.H.
Brahmspl
.
cheers,
fabian
--
fabian linzberger -- http://lefant.net/ -- http://debian.org/
- do yourself a favour: use and support free software!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
hi,
on my (powerpc based) ibook with a ZyXEL Zyair 802.11b/g (ID
0586:3401), i was loosing 3 bytes per packet as well with
0.0.0.svnr67-2.
grabbing r76 from upstream and building manually it now works
fine. (linux-2.6.16-1-powerpc)
also revision log at http://zd1211.ath.cx/changeset/76 talks of
thanks David for helping me clean up my firewall config ;)
works fine over here.
a small suggestion:
maybe remove the "exit 0" statements. they usually don't help a
lot. and actually get in the way of something like:
use6to4 yes
6to4subnet 2
6to4base_iface br0
ie. it brea
source, and beta-test it *simultaneously* over here:
http://lefant.net/darcsweb
rotty said he would sponsor it, but if you feel like you absolutely
must upload this to the archive yourself, now. just do so, and drop me
a line.
enjoy & thanks
fabian
--
fabian linzberger -- http://lefant
owner 346564 [EMAIL PROTECTED]
retitle ITP: darcsweb -- web interface for browsing darcs repositories
thanks
there is the question if this will duplicate the functionality of
package darcs-server, however i like it better and there was a RFP, so
i will create a package by the end of the weekend,
retitle 347754 ratpoison: crashes when using switchwin hooks in .ratpoisonrc
severity 347754 normal
thanks
Martin Samuelsson <[EMAIL PROTECTED]> writes:
> I've experienced similar problems when adding a hook for switchwin in my
> .ratpoisonrc, but I havn't yet looked up exactly why.
>
> Do you ha
severity 346102 important
tags 346102 +unreproducible
thanks
hi,
downgrading severity from grave to important, since it works on my
powerpc just fine, contradicting the initial assumption of the package
being completely broken for a release arch.
it works just fine on my ibook g3/800 running si
Package: ratpoison
Version: 1.4.0-beta4-4
Severity: grave
Justification: renders package unusable
hi,
usually ratpoison is launched via "exec ratpoison" in ~/.xsession, however after
the recent upgrade to 1.4.0-beta4-4 it immediately terminates.
~/.xsession-errors
does not seem to contain useful
reassign 328438 fillets-ng-data
tags 328438 + upstream patch
forwarded 328438 [EMAIL PROTECTED]
thanks
--
.''`. fabian linzberger http://lefant.net/ ,= ,-_-. =.
: :' : do yourself a favour: ((_/)o o(\_))
`. `'` use and s
above version.
(strictly speaking this could be a seperate bug, but then it's all
minor fixes in the same file)
thx
fabian
--
.''`. fabian linzberger http://lefant.net/ ,= ,-_-. =.
: :' : do yourself a favour: ((_/)o o(\_))
`. `
Package: zsh
Version: 4.2.5-7
Severity: normal
hi,
while plain echoing of $RANDOM works as expected:
(%:~)- echo $RANDOM && echo $RANDOM && echo $RANDOM
30712
13406
8950
doing the same in a backquoted statement yields a strange res
Package: apticron
Version: 1.1.9
Severity: normal
after removing (not purging) apticron from my system i receive the
following report from the cronjob:
/etc/cron.daily/apticron:
/etc/cron.daily/apticron: line 4: /usr/sbin/apticron: No such file or directory
run-parts: /etc/cron.daily/apticron ex
it actually works,
there is no justification for severity of grave anymore. still keeping
it open, since i can recreate it reliably over here.
cheers
fabian
--
.''`. fabian linzberger http://lefant.net/ ,= ,-_-. =.
: :' : do yourself a favour:
replying to myself to add more info:
the problem seems to go away, if i apt-get source openmcl, build the
package locally and install that one. as far as i can tell, things
work fine now. let me know if i can do anything to help you reproduce
this.
cheers
fabian
--
.''`. fabian
Package: openmcl
Version: 0.14.2.p1
Severity: grave
Justification: renders package unusable
Installing openmcl causes the following error on my system:
--- snip ---
(#:~)- aptitude install openmcl
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information
Initiali
28 matches
Mail list logo
