Bug#357474: rplay write useless messages to ~/.xsession-errors

Michelle Konzack <[EMAIL PROTECTED]> writes: >> > Since my Upgrade to Sarge, some programs are crashing my disk quota >> > whilee filling up my ~/.xsession-errors with tonns uf useless messges. >> >> afaict, that was happening when xmms-rplay was actively playing and lost >> it's connection to th

Bug#357474: rplay write useless messages to ~/.xsession-errors

Michelle Konzack <[EMAIL PROTECTED]> writes: reassign 357474 xmms-rplay 1.0.3-1 thanks > Since my Upgrade to Sarge, some programs are crashing my disk quota > whilee filling up my ~/.xsession-errors with tonns uf useless messges. afaict, that was happening when xmms-rplay was actively playing an

Bug#372623: xmms-scrobbler: hard-coded to submit data from session 0

Package: xmms-scrobbler Version: 0.3.8.1-4 Severity: normal Tags: patch when you have two xmms sessions running, xmms-scrobbler will always submit the data from session 0. ie, you're listening to foo in session 1, but it submits bar from session 0. -- System Information: Debian Release: testing/

Bug#334946: chkrootkit: MySQL threads false positive: me too

Lionel Elie Mamane <[EMAIL PROTECTED]> writes: > We are getting chkproc false positive on MySQL and pdns threads. > > A "ps -eLf" shows all pids that "chkproc -v" complains about in the LWP > column. can you copy the output from running chkrootkit *and* from "chkproc -v"? thanks. -l -- To UN

Bug#334946: chkrootkit: Chkrootkit reports mysql threads in, linux 2.6 as hidden from ps and readdir

Nolan Andres <[EMAIL PROTECTED]> writes: > downgraded to chkrootkit 0.44-2 (stable): > > # /usr/sbin/chkrootkit lkm > ROOTDIR is `\' > Checking `lkm'... nothing detected > > hm. right. afaik, the adore check in 0.44 is completely broken. it will *not* detect adore at all (nor should it give a f

Bug#334946: chkrootkit: Chkrootkit reports mysql threads in, linux 2.6 as hidden from ps and readdir

Nolan Andres <[EMAIL PROTECTED]> writes: > The more recent results were shown given: > > kernel: 2.6.15 > chkrootkit: 0.46a-3 > arch(unchanged): i386 > > ...and you're right...no more hidden processes for ps or readdir > > so I guess this part is ok, now. Sorry for any confusion. I've been > getti

Bug#334946: chkrootkit: Chkrootkit reports mysql threads in, linux 2.6 as hidden from ps and readdir

Nolan Andres <[EMAIL PROTECTED]> writes: > yah...it does... > > /usr/sbin# chkrootkit lkm > ROOTDIR is `/' > Checking `lkm'... SIGINVISIBLE Adore found > chkproc: Warning: Possible LKM Trojan installed but this is complaining about SIGINVISIBLE which has nothing to do with mysql and 2.6 threads.

Bug#334946: chkrootkit: Chkrootkit reports mysql threads in, linux 2.6 as hidden from ps and readdir

Nolan Andres <[EMAIL PROTECTED]> writes: > We're running Sarge with kernel 2.6.11, and have tried both > > chkrootkit 0.45-1 > chkrootkit 0.46a-2 > > ...both of them have the same problem: > > # ps aux | grep 10767 > mysql10767 0.0 2.8 73396 14844 ? S 2005 25:04 > /usr/sbin/mysql

Bug#351221: chkrootkit: bindshell gives false positive for cfsd

Oliver Elphick writes: tags 351221 + wontfix thanks for the report. > The cfsd daemon (from package cfs) runs on localhost:3049. This gives a > false positive in the bindshell test. > > Workaround: > $OPT=-anp > netstat $OPT | ... | grep -v '127\.0\.0\.1:3049.*/cfsd' unfortunately, becau

Bug#343523: chkrootkit: False positive on dhcp3

Sebastian Galletto <[EMAIL PROTECTED]> writes: tags 343523 + wontfix thanks for the report. > When running chkrootkit in a computer with dhcp3 daemon, it detects > dhcp3 as a packet sniffer. this is "by design." currently, chkrootkit simply reports that there are packet sniffers without furthe

Bug#351861: Failures in getCMD()

tags 351861 + upstream thanks for the report. Elliott Mitchell <[EMAIL PROTECTED]> writes: > First, the RUNNING=... will only give a string if the program is running > at the time. this portion of the bug report has already been fixed as of 0.45-1. > Second, the RUNNING=`...| ${egrep} -v chkro

Bug#346333: chkrootkit on pa-risc

"Michael S. Zick" <[EMAIL PROTECTED]> writes: > Symptom: Display WCHAN in top, find 'init' @ pause() > Cause: Hardcoded sig-15 in ckproc.c (SIGTSTP) > > Ref: > thanks for the report. does changing the hardcoded 25 to

Bug#337791: Bug#326302: Intention to NMU

Luk Claes <[EMAIL PROTECTED]> writes: > Attached the patch for the version I intend to upload. Please respond if > you don't want this NMU to happen, if you are working yourself on a > patch or if you think that the attached patch won't work. thanks. however, i'll make an upload this afternoon c

Bug#334946: chkrootkit: Chkrootkit reports mysql threads in linux 2.6 as hidden from ps and readdir

Vincas Ciziunas <[EMAIL PROTECTED]> writes: > Package: chkrootkit > Version: 0.44-2 > Severity: normal > > A little googling tracked this down: > > chkrootkit currently fails to recognize threads in Linux kernel 2.6 and > therefore warns about LKM. Attached patch fixes that problem: under 2.6 > t

Bug#309386: False positive if epmd (from erlang-base) is running

Peter Thomassen <[EMAIL PROTECTED]> writes: > Am Donnerstag, 24. November 2005 22:50 schrieb lantz moore: >> bindshell listens on port 4369. chkrootkit bases it's checks simply on >> whether the port is being listened on. this is the design that upstream >> pr

Bug#327728: chkrootkit: False positive with reaim

Nathan Summers <[EMAIL PROTECTED]> writes: > With reaim version 0.8-3, chkrootkit reports that the bindshell rootkit > is present with infected port 5190. This port is used by the reaim AIM > proxy. thanks for the report. bindshell listens on a lot of ports. these ports are also used by other

Bug#309387: chkrootkit: False postive for Perl 5.8.0 File/Spec/.packlist

root <[EMAIL PROTECTED]> writes: > Package: chkrootkit > Version: 0.45-1 > Severity: normal > > > The following false postive finding was found. Perhaps it should > be excluded? > > /usr/lib/perl/5.8.0/auto/CPAN/.packlist > /usr/lib/perl/5.8.0/auto/Digest/MD5/.packlist > /usr/lib/perl/5.8.0/auto

Bug#309386: False positive if epmd (from erlang-base) is running

Peter Thomassen <[EMAIL PROTECTED]> writes: > Package: chkrootkit > Version: 0.45-1 > > If the Erlang portmapper daemon (epmd) included in erlang-base is running, > chkrootkit reports: > > | Checking `bindshell'... INFECTED (PORTS: 4369) > > This is wrong, please fix this. > > For reference, usi

Bug#306784: chkrootkit mindi false-positive

a design feature of chkrootkit is that it marks any hidden files under /usr/lib as suspicious. see http://www.chkrootkit.org/faq/#8 for an explanation why upstream will not ignore these files. i'll add a note to /usr/share/doc/chkrootkit/README.FALSE-POSITIVES listing mindi as having hidden files

Bug#322889: [crt-users] [ Announce - chkrootkit 0.46 is out ]

this bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322889 mentions a possible false positive between bitlbee and LPD. my assumption is that LPD listens on any of the following ports: 666 666[0-9] and, therefore the regex is correct. if not, maybe the regex should be tightened up? thanks.

Bug#330134: chkrootkit: false positive when kaffe is installed

Vincent Lefevre <[EMAIL PROTECTED]> writes: > Bug 286057 wasn't fixed: > > # chkrootkit -q > > /usr/lib/kaffe/.system it wasn't "fixed" because it's not a bug. by design, chkrootkit flags any file under /usr/lib that starts with a dot, a so-called "hidden" file, as being suspicious. see http://

Bug#323191: chkrootkit: False positives for smlnj

Johannes Kloos <[EMAIL PROTECTED]> writes: > chkrootkit finds numerous false positives when smlnj is installed: i'll add smlnj to the README.FALSE-POSITIVES. > /usr/lib/smlnj/110.42/basis.cm/.cm > /usr/lib/smlnj/110.42/burg-ext.cm/.cm > /usr/lib/smlnj/110.42/controls-lib.cm/.cm > > and so on (i

Bug#322834: rplay: please remove /usr/doc symlink

Julien Cristau <[EMAIL PROTECTED]> writes: > in order to complete the /usr/doc -> /usr/share/doc transition, rplay > needs to stop creating symlinks in /usr/doc from its postinst. Please > apply the attached patch (which removes most debian/*.postinst files, > because they aren't needed now). tha

Bug#318103: chkrootkit: still false positives for bindshell on port 4000 with mldonkey running

wim delvaux <[EMAIL PROTECTED]> writes: > bug #304561 was closed because 0.45-1 would have a solution for the > problem. THis is not the case. > > Hence new bug filed this is essentially a side-effect of upstream's 'better safe than sorry' approach. binshell is a real PITA as far as false posit

Bug#309942: chkrootkit: false positive on realplayer

Max Kamenetsky <[EMAIL PROTECTED]> writes: > Package: chkrootkit > Version: 0.45-1 > Severity: normal > > Chkrootkit reports a false positive on > > /usr/lib/realplay-10.0.4/share/default/.realplayerrc > > which is part of the realplayer package. Perhaps it should be > excluded/whitelisted. than

Bug#306648: [INTL:it] chkrootkit debconf templates translation

Luca Monducci <[EMAIL PROTECTED]> writes: > Please update the italian debconf templates translation (attached). will do, thanks! -l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290282: acknowledged by developer (listed in README.FALSE-POSITIVES)

package. >> >> It has been closed by one of the developers, namely >> lantz moore <[EMAIL PROTECTED]>. >> > [snip] >> >> i've listed kaffe in README.FALSE-POSITIVES as having a hidden file under >> /usr/lib. >> >> -l > &

Bug#290282: exim4-config clashes with exim mailx mutt mysql-server

"nodata" <[EMAIL PROTECTED]> writes: > Package: chkrootkit > Version: 0.44-2 > > chkrootkit sends me the following e-mail every day through cron: > > /etc/cron.daily/chkrootkit: > > /usr/lib/kaffe/.system > > unable to open wtmp-file wtmp > not tested: not found wtmp and/or lastlog file > run-part