On Wed, Jul 27, 2005 at 01:41:01PM +0800, Steven wrote:
> Package: sysklogd
> Version: 1.4.1-17
> Severity: grave
> Justification: causes non-serious data loss
> After upgrading our main syslog server to sarge, I found that some log files
> were not updating. This was traced to the fact that lar
Package: sysklogd
Version: 1.4.1-17
Severity: grave
Justification: causes non-serious data loss
After upgrading our main syslog server to sarge, I found that some log files
were not updating. This was traced to the fact that large filesystem support
was not enabled properly. I applied the foll
On Tue, Jul 26, 2005 at 07:27:47PM +0200, Stefan Esterer wrote:
> Package: kernel-image-2.6.8-2-686
> Severity: critical
> Justification: breaks the whole system
>
> I was installing Sarge on to my new notebook (Acer Extensa 4102 WLMI)
> with linux26 (so it installs the 2.6.8-2 kernel).
> Everythi
Package: vifm
Version: 0.3-1
Severity: serious
Justification: fails to build from source
vifm fails to build on on buildds, duplicated on sparc pbuilder:
./configure --host=sparc-linux-gnu --build=sparc-linux-gnu \
--prefix=`pwd`/debian/tmp/usr --mandir=`pwd`/debian/tmp/usr/share/man/man1
configu
Package: qiv
Version: 2.0-3
Severity: grave
Justification: causes non-serious data loss
I tried to reopen 294293, but obviously don't know how to do this
correctly...
This causes major breakage in case of fullscreen (you can't destroy a
window when it is the root window!) - renders the X session
Hi,
On Fri, Jul 15, 2005 at 09:21:40AM -0400, Anthony DeRobertis wrote:
> Don't the testing scripts already keep it out due to the gnumach bugs,
> without needing to file this fake bug?
>
> At least reading:
> http://bjorn.haxx.se/debian/testing.pl?package=gnumach
> seems to indicated they will.
Processing commands for [EMAIL PROTECTED]:
> unmerge 320048
Bug#320048: Security: buffer-overrun in apache2-ssl
Bug#320063: Security: buffer-overrun in apache2-ssl
Disconnected #320048 from all other report(s).
> submitter 320048 [EMAIL PROTECTED]
Bug#320048: Security: buffer-overrun in apache2-s
On Tuesday 26 July 2005 19:27, Stefan Esterer wrote:
> After i choose the Sarge install in grub the kernel stops after some
> time with :
> modprobe: FATAL: Error inserting pciehp
> (/lib/modules/2.6.8-2-686/kernel/drivers/pci/hotplug/shpchp.ko):
> Operation not permitted
> shpchp: can't be loaded
severity 320041 important
tags 320041 moreinfo unreproducible
reassign 320041 libx11-dev
thanks
On Tue, Jul 26, 2005 at 06:38:50PM +0200, nb wrote:
> Package: libgtk1.2-dev
> Severity: grave
> Justification: renders package unusable
> at install time I have the following :
> Reading package list
Getting the same error with kmail on a different system. Adding valgrind
output.
$ valgrind /usr/bin/kmail
==17096== Memcheck, a memory error detector for x86-linux.
==17096== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==17096== Using valgrind-2.4.0, a program supervision fram
Processing commands for [EMAIL PROTECTED]:
> severity 320041 important
Bug#320041: libgtk1.2-dev: fails to install
Severity set to `important'.
> tags 320041 moreinfo unreproducible
Bug#320041: libgtk1.2-dev: fails to install
There were no tags set.
Tags added: moreinfo, unreproducible
> reassig
Package: dar
Version: 2.2.1-2
Severity: serious
Hi,
Dar is now failing to build on all 64 bit arches.
Configure fails to find the version of gettext in libc and ends
up building the internal version instead, and then fails when
linking, because it's also in libc.
The reason it failed:
configure:
Processing commands for [EMAIL PROTECTED]:
> reassign 317762 openoffice.org
Bug#317762: openoffice.org-bin: broken dependencies with libmyspell3 and libwpd8
Bug reassigned from package `openoffice.org-bin' to `openoffice.org'.
> severity 317762 grave
Bug#317762: openoffice.org-bin: broken depende
Obviously, if the sole purpose of the bug was to keep debpartial-mirror
out of sarge, you could close the bug (and get a wider audience when the
package gets into testing).
regards,
Sven
signature.asc
Description: OpenPGP digital signature
Your message dated Tue, 26 Jul 2005 20:23:55 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320043: additional .pc files
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your r
- Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> -
Date: Tue, 26 Jul 2005 15:06:02 -0400 (EDT)
From: "Steven M. Christey" <[EMAIL PROTECTED]>
To: Martin Pitt <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Requesting CAN for vim vulnerability [was: [Full-disclosure]
Processing commands for [EMAIL PROTECTED]:
> Package: apache2
Unknown command or malformed arguments to command.
> severity 320048 critical
Bug#320048: security: Buffer overflow in ssl_engine_kernel.c
Severity set to `critical'.
> Tags 320048 +fixed-upstream
Bug#320048: security: Buffer overflow
* Matthias Klose <[EMAIL PROTECTED]> [2005-07-26 18:46]:
> Package: mozilla-firefox-dev
>
> usr/lib/pkgconfig/firefox-nspr.pc
> usr/lib/pkgconfig/firefox-nss.pc
Are you talking about Debian? I can find neither this package nor
these files.
--
Martin Michlmayr
http://www.cyrius.com/
--
To UNS
Processing commands for [EMAIL PROTECTED]:
> Package apache2
Ignoring bugs not assigned to: apache2
> Tags 316173 +patch
Bug#316173: apache2: Security issues in HTTP proxy responses with both
Transfer-Encoding and Content-Length headers
Tags were: security
Tags added: patch
> thanks
Stopping pr
Package apache2
Tags 316173 +patch
thanks
Borut Mrak wrote on 08/07/2005 17:25:
> I hope this will be of some help.
Me too ;-)
> If it's OK, someone tag this bug with PATCH or whatever is appropriate:
>
> sorry about the long URL:
>
> http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.
Package: apache2
Version: 2.0.54-4
Severity:critical
Tags: security, fixed-upstream
There is a possible remote-exploitable buffer overrun in the Apache2 ssl
implementation. A patch is available.
See
http://issues.apache.org/bugzilla/show_bug.cgi?id=35081
and
http://svn.apache.org/viewcvs?rev=18
Package: curl
Version: 7.14
Severity: serious
ifneq (${DEB_BUILD_GNU_SYSTEM},m68k-linux)
... and maybe others. Don't rely on the GNU variables
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: openoffice.org
Severity: grave
Justification: renders package unusable
At install time, I hyave the following :
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you ar
Package: apache2
Version: 2.0.54-4
Severity: grave
Tags: security, patch
Justification: possible DoS
There is a buffer overflow (off-by-one in buffer size checks) in
ssl_engine_kernel.c which could be exploited to DoS the server.
Upstream bug report at
http://issues.apache.org/bugzilla/show_bug.
Package: kernel-image-2.6.8-2-686
Severity: critical
Justification: breaks the whole system
I was installing Sarge on to my new notebook (Acer Extensa 4102 WLMI)
with linux26 (so it installs the 2.6.8-2 kernel).
Everything goes ok till the next reboot in which Sarge would ask me
further questions
the kernelversion of the dmesg you posted and the initial bugreport
are different. the dmesg seems to be selfcompiled.
did you try latest 2.6.12 from unstable?
did it help?
--
maks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.8.14
> forwarded 309317 http://pauillac.inria.fr/bin/caml-bugs/fixed?id=3637
Bug#309317: ocaml FTBFS with gcc-4.0 on i386
Forwarded-to-address changed from
http://pauillac.inria.fr/bin/caml
Processing commands for [EMAIL PROTECTED]:
> tags 320017 +pending
Bug#320017: vim: Arbitrary code execution in modelines
Tags were: security
Tags added: pending
> tags 320017 +patch
Bug#320017: vim: Arbitrary code execution in modelines
Tags were: pending security
Tags added: patch
> thanks
Stop
package clamav
merge 320014 319898
thanks
On Tuesday, July 26, 2005 1:47 PM, Oliver Paulus <[EMAIL PROTECTED]>
wrote:
> Package: clamav
> Version: 0.86.1-2
> Severity: critical
>
> clamav <= 0.86.1 has several heap overflows. "At least 4 of its file
This has already been reported as #319898, so
* Norbert Tretkowski wrote:
> * Martin Pitt wrote:
> > For unstable, you should probably just upgrade to the latest
> > upstream version.
>
> Thanks, I'm currently preparing an update, and upload it as soon as
> possible.
http://people.debian.org/~nobse/upload/vim/
Upload when ftp-master is back
tags 320017 +pending
tags 320017 +patch
thanks
* Martin Pitt wrote:
> For unstable, you should probably just upgrade to the latest
> upstream version.
Thanks, I'm currently preparing an update, and upload it as soon as
possible.
Norbert
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a sub
# Fixed in r212 by kink
tag 317739 + pending
tag 310827 + pending
thanks
These bugs are fixed in revision 212 by kink
Log message:
Update changelog with these items:
* Security: Update existing bbcode xss patch to incorporate latest
XSS vulnerability [CAN-2005-2161]. (Closes: #317739)
* Add miss
Package: mozilla-firefox-dev
Version: 1.0.6
Severity: serious
usr/lib/pkgconfig/firefox-nspr.pc
usr/lib/pkgconfig/firefox-nss.pc
these files break other packages to build from source, pointing to
header files which are not included in the package. please remove.
--
To UNSUBSCRIBE, email to [EM
Package: bash
Version: 2.05a-11
Severity: grave
chiark:~> bash 0>/dev/null
chiark:~> echo $?
0
chiark:~> strace bash 0>/dev/null 2>&1 | egrep '^read\(0|^_?exit'
read(0, 0x80cadb0, 1) = -1 EBADF (Bad file descriptor)
_exit(0)= ?
chiark:~> dpkg -s ba
Package: libgtk1.2-dev
Severity: grave
Justification: renders package unusable
at install time I have the following :
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are us
On Tue, Jul 26, 2005 at 04:05:34PM +0200, Lionel Elie Mamane wrote:
> Due to the gravity of this bug (and it blocking my uploading a
> package I want to adopt ), I have NMU'd isdnutils with a fix
> for this bug.
Forgot to attach the patch. Here it is.
--
Lionel
--- isdnutils-3.7.2005-07-09/debi
Processing commands for [EMAIL PROTECTED]:
> # Fixed in r212 by kink
> tag 317739 + pending
Bug#317739: XSS in phpbb2 (MS IE only) [CAN-2005-2161]
Tags were: fixed-upstream patch confirmed security
Tags added: pending
> tag 310827 + pending
Bug#310827: CAN-2005-1290: Multiple cross-site scripting
Processing commands for [EMAIL PROTECTED]:
> reassign 319542 linux-kernel-headers
Bug#319542: FTBFS: sparc
Bug reassigned from package `isdnutils' to `linux-kernel-headers'.
> severity 319542 serious
Bug#319542: FTBFS: sparc
Severity set to `serious'.
> merge 319542 319303
Bug#319303: capi.h use
On Tue, Jul 26, 2005 at 03:47:49PM +0200, Lars Brueckner wrote:
>
>I just found out that my bug report is totally inaccurate.
>
>The missing files were caused by .cvsignore files in the source
>tree, even if you specify
>cvs import -I !
>
>While the man page has a clear warning on this, the info
tags 318808 +pending
thanks
Due to the gravity of this bug (and it blocking my uploading a package
I want to adopt ), I have NMU'd isdnutils with a fix for this
bug.
The NMU has been uploaded to the delayed/14 queue (Tollef Fog Heen's
implementation in his home on gluck). This means that you (Pau
On Tue, Jul 26, 2005 at 04:05:34PM +0200, Lionel Elie Mamane wrote:
> Due to the gravity of this bug (and it blocking my uploading a
> package I want to adopt ), I have NMU'd isdnutils with a fix
> for this bug.
I forgot to mention that building my NMU'd package needs a version of
linux-kernel-he
Processing commands for [EMAIL PROTECTED]:
> tags 318808 +pending
Bug#318808: libcapi20-3: missing library files and links
Tags were: patch
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, D
I just found out that my bug report is totally inaccurate.
The missing files were caused by .cvsignore files in the source
tree, even if you specify
cvs import -I !
While the man page has a clear warning on this, the info
manual (which I used) requires you to check another note
to find the inf
Your message dated Tue, 26 Jul 2005 15:49:51 +0200
with message-id <[EMAIL PROTECTED]>
and subject line (no subject)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reo
Package: cvs
Version: 1:1.12.9-13
Severity: critical
Hello,
I found that a cvs import does not import all
files it should. The only testcase if have is
the mozilla source code.
I have a test script that creates a fresh local
repo (see below).
The following files are missing in the export
(to be
Package: vim
Version: 1:6.3-078+1
Severity: grave
Tags: security
Hi!
Georgi Guninski found another modeline vuln in vim:
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
I already asked for a CAN number, I'll forward it when I get one.
You can get the Ubuntu debdiff from
tags 319490 +pending
thanks
On Fri, Jul 22, 2005 at 04:29:40PM +0200, Andreas Barth wrote:
> please do not include .o-files into your uploads:
> [EMAIL PROTECTED]:~$ tar tzf pool/main/c/cruft/cruft_0.9.6-0.6.tar.gz | grep
> \\.o$
> cruft-0.9.6/shellexp.o
Oops, forgot to add a clean command for t
* Marcin Owsiany ([EMAIL PROTECTED]) [050726 13:57]:
> What makes you think it is not debian native? The -0.x debian revision
> is recommended by developers' reference for NMUs of packages without
> debian revision.
Yes, you're right here, sorry for that.
> On Fri, Jul 22, 2005 at 04:29:40PM +020
Package: clamav
Version: 0.86.1-2
Severity: critical
clamav <= 0.86.1 has several heap overflows. "At least 4 of its file format
processors contain remote security bugs. Specifically, during the
processing of TNEF, CHM and FSG formats an attacker is able to trigger
several integer overflows that a
Package: winbind
Version: 3.0.14a-3
Severity: grave
Justification: user security hole
I have found an error in a similar way to the bug 2776 in the samba bugzilla
https://bugzilla.samba.org/show_bug.cgi?id=2776 i'm configuring a samba
server in an ADS domain (not in native mode but with security
Hello
On 2005-07-26 Moritz MÃŒhlenhoff wrote:
> > The patch is incomplete because it does not address the CAN-2005-1849
> > issue.
>
> Are you referring to the extended ENOUGH and MAXD sizes? Yes, this
> really seems missing and should be reported upstream.
I'll do.
thanks,
-christian-
Hi,
I've noted that kernelcapi.h also uses __user and is #include'd by
capi.h . So maybe the "best" fix is to #include compiler.h in
kernelcapi.h, not in capi.h.
--
Lionel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> tags 319490 +pending
Bug#319490: FTBFS in experimental
Tags were: experimental
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs datab
Package: amule
Followup-For: Bug #318572
# apt-get install amule
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required pack
tags 319929 + confirmed pending
thanks
On Sun, 2005-07-24 at 21:18 +0200, bholliger wrote:
> Package: nsis
> Version: 2.07-1
> Severity: grave
> Tags: experimental
> Justification: renders package unusable
>
> An installer compiled with NSIS 2.07-1 leads to a crash (GPF) when it is
> executed
>
Processing commands for [EMAIL PROTECTED]:
> tags 319929 + confirmed pending
Bug#319929: nsis: Included DLLs and stubs leads to crashes on Windows
Tags were: experimental
Tags added: confirmed, pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug track
Hi,
I think I know what the problem is - it's the new gcc4 compatibility
patch. Try to replace debian/patches/03_gcc4.dpatch with[0].
Unfortunately, I'm not really good at C, so I have no idea if it
introduces some side effects.
Cheers,
Igor
[0]:
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_gcc
Thijs Kinkhorst wrote:
> Since aspell-nl now has an RC bug (#319156) it might be the right time
> to adopt the package?
I don't want to be the chief maintainer, but I am prepared to help
with the packaging as general packaging mankracht. For this to work,
the package must be in svn on alioth (or
Processing commands for [EMAIL PROTECTED]:
> tags 319973 + pending
Bug#319973: FTBFS: Unable to find libpq-fe.h
Tags were: patch
Tags added: pending
> --
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs data
Hello Kurt, Thomas,
Since aspell-nl now has an RC bug (#319156) it might be the right time
to adopt the package?
regards,
Thijs
signature.asc
Description: OpenPGP digital signature
* Moritz Muehlenhoff:
> MySQL bundles a copy of zlib, which is vulnerable to DoS and potential
> arbitrary code execution due to a buffer overflow in the inflate function.
It doesn't seem to be compiled into the executables, though.
Could you provide some evidence that static linking is indeed t
On 05-Jul-26 01:26, Florian Weimer wrote:
> * Andreas Jochens:
>
> > Package: cogito
> > Version: 0.11.3+20050610-1
> > Severity: serious
> > Tags: patch
>
> Looks like you forgot to attach the patch.
Sorry for the omission. The attached patch changes the asciidoc command
line parameter '-b css-
On Monday 25 July 2005 18:16, Matt Kraai wrote:
> Package: clisp
> Version: 2.33.2-10
> Severity: serious
>
> clisp fails to build because it is not compiled with
>
> '-falign-functions=4':
> > ./lisp.run -B . -N locale -Efile UTF-8 -Eterminal UTF-8 -norc -m 750KW -x
> > "(and (load \"init.lisp\")
Processing commands for [EMAIL PROTECTED]:
> tags 319993 + pending
Bug#319993: regina-normal: FTBFS with gcc-3.4/gcc-4.0: various
Tags were: patch
Tags added: pending
> severity 319993 serious
Bug#319993: regina-normal: FTBFS with gcc-3.4/gcc-4.0: various
Severity set to `serious'.
> thanks mate
64 matches
Mail list logo
