Hi
This 'security' update fixes the bug in unstable, though it doesn't seem
to be meant for lenny:
367 files changed, 57532 insertions(+), 74819 deletions(-)
Can an upload be prepared with targeted fixes for the security issue?
Cheers
Luk
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...
Hi
This 'security' update was uploaded to unstable, but seems to be still
outstanding for testing. Unblocking the version from unstable doesn't
seem to be an option:
1130 files changed, 253693 insertions(+), 131172 deletions(-)
Can an upload be prepared with targeted fixes for the security issue
Your message dated Sun, 11 Jan 2009 20:46:56 -0800
with message-id <20090112044656.gb5...@dario.dodds.net>
and subject line Re: libqt3-mt: QTime::addMSecs(int) is compiled wrongly on
sparc
has caused the Debian Bug report #490999,
regarding libqt3-mt: QTime::addMSecs(int) is compiled wrongly on s
Processing commands for cont...@bugs.debian.org:
> Version: 0.5.4-2.2
Unknown command or malformed arguments to command.
> tags 510766 patch fixed
Bug#510766: kazehakase-webkit: Kazehakase should not provide webkit in a stable
release
There were no tags set.
Tags added: patch, fixed
> thanks
St
Your message dated Sun, 11 Jan 2009 20:20:08 -0800
with message-id <20090112042008.ga5...@dario.dodds.net>
and subject line Re: kazehakase-webkit: Kazehakase should not provide webkit in
a stable release
has caused the Debian Bug report #510766,
regarding kazehakase-webkit: Kazehakase should not
Package: rhythmbox
Version: 0.11.6-1
Severity: grave
Justification: renders package unusable
*** Please type your report below this line ***
The rhythmbox package should depend on python-gst0.10, otherwise the plugins
do not load.
Notice the "ImportError" when starting the application.
$ rhythm
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#509008: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #509008,
regarding xine-lib: CVE-2008-5241
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#509353: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #509353,
regarding xine-lib: CVE-2008-5239 multiple heap overflows due to type promotion
to be marked as done.
This means that you claim tha
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#508313: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #508313,
regarding xine-lib: CVE-2008-5234 heap overflow in atom parsing
to be marked as done.
This means that you claim that the problem ha
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#509265: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #509265,
regarding CVE-2008-5237: Several integer overflows
to be marked as done.
This means that you claim that the problem has been dealt
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#509352: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #509352,
regarding xine-lib: CVE-2008-5240 missing check for allocation failures
to be marked as done.
This means that you claim that the pr
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#507165: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #507165,
regarding xine-lib: CVE-2008-5242 heap-based buffer overflow
to be marked as done.
This means that you claim that the problem has b
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#510662: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #510662,
regarding xine-lib: FTBFS (i386 with 64bit kernel)
to be marked as done.
This means that you claim that the problem has been dealt
Your message dated Mon, 12 Jan 2009 03:02:12 +
with message-id
and subject line Bug#509521: fixed in xine-lib 1.1.14-4
has caused the Debian Bug report #509521,
regarding CVE-2008-5236: overflows of size fields
to be marked as done.
This means that you claim that the problem has been dealt w
Processing commands for cont...@bugs.debian.org:
> tag 511519 + pending
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Tags were: pending security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking sys
tag 511519 + pending
thanks
Some bugs are closed in revision 29568
by Ryan Niebur (ryan52-guest)
Commit message:
Fix man page to specify that an error happened when the return value
for verify is -1 (Closes: #511519)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
You won £ 1,350,000, In the Irish Lottery, with winning numbers 06, 10, 33, 38,
39, 45, Bonus 14,contact Mrs Sally Michael on sallymichaelsd...@btinternet.com
with your names and address.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trou
You won £ 1,350,000, In the Irish Lottery, with winning numbers 06, 10, 33, 38,
39, 45, Bonus 14,contact Mrs Sally Michael on sallymichaelsd...@btinternet.com
with your names and address.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trou
Processing commands for cont...@bugs.debian.org:
> tags 510885 pending
Bug#510885: tdb ftbfs
Tags were: patch
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
To
tags 510886 +confirmed
thanks
Thanks for the bug report and apologies for not looking into it earlier. I'll
see about uploading a fixed version tomorrow.
--
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.
Processing commands for cont...@bugs.debian.org:
> severity 511538 important
Bug#511538: audacious-plugins: audacious crashes when unloading status icon in
sid amd64
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug
tags 508292 lenny-ignore
thanks
David,
Please don't NMU to version 1.1 via t-p-u. It should be sufficient to copy
upstream's license exception statement into debian/copyright, which is a
much more straightforward fix and avoids clobbering the maintainer's
versioning (you should definitely not nu
Processing commands for cont...@bugs.debian.org:
> close 508565 20061008-4.1
Bug#508565: f2c: does not translate properly in EMT64 machines
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 20061008-4.1, send any further explanations to
Juan C
Processing commands for cont...@bugs.debian.org:
> tags 508292 lenny-ignore
Bug#508292: gkrellm-snmp links against openssl without exception
Tags were: patch
Tags added: lenny-ignore
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administ
On Sun, Jan 11, 2009 at 09:56:07PM +,
pkg-perl-maintain...@lists.alioth.debian.org wrote:
> tag 511519 + pending
> thanks
>
> Some bugs are closed in revision 29567
> by Ryan Niebur (ryan52-guest)
>
> Commit message:
>
> check the return code of DSA_do_verify, and croak on error (Closes:
>
thanks
Sorry for bump up the severity, I notice that this not deserve severity
Grave
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
thanks
Sorry for bump up the severity, I notice that this not deserve severity
Grave
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklqiKYACgkQJUJMlLolgqIkgA
Processing commands for cont...@bugs.debian.org:
> # reassign to the package that fixed it
> reassign 508565 libf2c2
Bug#508565: f2c: does not translate properly in EMT64 machines
Bug reassigned from package `f2c' to `libf2c2'.
> found 508565 20050501-2
Bug#508565: f2c: does not translate properl
Hello,
This bug appears to be fixed upstream now; has anyone isolated a pointer to
the correct changeset that should be applied to the Debian package?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the
Hi Jochen,
You wrote:
> debian/patches/41_snmptrapd_close_handles.patch should fix the issue and
> is present since net-snmp/5.4.1~dfsg-1. If someone is able to reproduce
> the problem with net-snmp/5.4.1~dfsg-4 or later, please let me know.
But it is precisely against version 5.4.1~dfsg-4 that
Package: audacious-plugins
Version: 1.5.1-2
Severity: grave
Justification: renders package unusable
When I try to disable the status icon the program gets a segfault
uli...@dante:~$ audacious
amidi-plug(amidi-plug.c:amidiplug_init:97): init, read configuration
amidi-plug(i_backend.c:i_backend_l
Processing commands for cont...@bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.26etch1
> tags 511430 + pending
Bug#511430: glibc_2.9-0exp1(hppa/experimental): FTBFS: error: macro
"__libc_tsd_define" requires 3 arguments, but only 2 given
Tags were: pending
Tag
Processing commands for cont...@bugs.debian.org:
> severity 511526 important
Bug#511526: dbus: Latest Dbus Breaks Wireless networking when using
networkmanager 0.7
Severity set to `important' from `serious'
> tags 511526 moreinfo unreproducible
Bug#511526: dbus: Latest Dbus Breaks Wireless netwo
severity 511526 important
tags 511526 moreinfo unreproducible
thanks
Jon Westgate wrote:
> Michael Biebl wrote:
>> Jon Westgate wrote:
>>
>>> Michael Biebl wrote:
>>>
>>
Hm, do you use static groups memberships (i.e. group netdev) or consolekit
for
access control?
>
Processing commands for cont...@bugs.debian.org:
> # does not FTBFS anymore now that dietlibc has been fixed
> close 509874
Bug#509874: util-vserver: FTBFS (ia64): exec-remount.c:110: undefined reference
to `umount2'
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug clo
Processing commands for cont...@bugs.debian.org:
> tag 511519 + pending
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Tags were: security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system admi
tag 511519 + pending
thanks
Some bugs are closed in revision 29567
by Ryan Niebur (ryan52-guest)
Commit message:
check the return code of DSA_do_verify, and croak on error (Closes:
#511519)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". T
Michael Biebl wrote:
Jon Westgate wrote:
Michael Biebl wrote:
Hm, do you use static groups memberships (i.e. group netdev) or consolekit for
access control?
I use consolekit (or rather my laptop does)
Then it might just be a matter of consolekit being restarted
Processing commands for cont...@bugs.debian.org:
> reassign 511482 genisoimage
Bug#511482: tovid: cannot burn a dvd using makedvd. Nerolinux works, as does
cdrecord 2.01.01
Warning: Unknown package 'tovid'
Bug reassigned from package `tovid' to `genisoimage'.
> --
Stopping processing here.
Plea
Processing commands for cont...@bugs.debian.org:
> tags 508989 pending
Bug#508989: Typo in description: "dinamically"
Tags were: pending
Tags added: pending
> tags 511493 pending
Bug#511493: CVE-2008-5557: buffer overflow
Tags were: pending patch security
Tags added: pending
> thanks
Stopping pr
Jon Westgate wrote:
> Michael Biebl wrote:
>> Hm, do you use static groups memberships (i.e. group netdev) or consolekit
>> for
>> access control?
>>
>>
>>
> I use consolekit (or rather my laptop does)
>
Then it might just be a matter of consolekit being restarted (due to the dbus
restart) a
On Sun January 11 2009, you wrote:
> tovid is not in Debian. Do you know where you got the package from?
>
> What does
> dpkg -p tovid | grep Maintainer:
> say?
$ dpkg -p tovid | grep Maintainer:
Maintainer: Joe Friedrichsen
the issue is also with k3b and brasero. It is more a genisoima
Michael Biebl wrote:
Jon Westgate wrote:
Package: dbus
Version: 1.2.1-5
Severity: important
Wireless networking stops working, knetworkmanager just displays a grey planet,
downgrading to 1.2.1-4 fixes things.
I see this error in syslog:
--start error--
Jan 1
Jon Westgate wrote:
> Package: dbus
> Version: 1.2.1-5
> Severity: important
>
>
> Wireless networking stops working, knetworkmanager just displays a grey
> planet, downgrading to 1.2.1-4 fixes things.
> I see this error in syslog:
> --start error--
> Jan 11 20:06
Processing commands for cont...@bugs.debian.org:
> forwarded 511430 http://sourceware.org/bugzilla/show_bug.cgi?id=9717
Bug#511430: glibc_2.9-0exp1(hppa/experimental): FTBFS: error: macro
"__libc_tsd_define" requires 3 arguments, but only 2 given
Noted your statement that Bug has been forwarded t
Package: boinc
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In lib/crypt.C there
is this code:
int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
RSA* rp = RSA_ne
Package: erlang
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In
lib/crypto/c_src/crypto_drv.c there is this code:
i = DSA_do_verify(hmacbuf, SHA_DIGEST_LENGTH,
Package: libcrypt-openssl-dsa-perl
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl.
It seems that your package calls functions like DSA_verify
and DSA_do_verify and just returns those values. Loo
Package: hanterm-xf
Version: 1:3.3.1p18-10
Severity: grave
Tags: security
Justification: user security hole
hanterm-xf does not seem vulnerable to DECRQSS (DSA-1694), but is
vulnerable to "window title" (DSA-380).
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
Package: libnasl
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In nasl/nasl_crypto2.c
there is this code:
if (DSA_do_verify((unsigned char*)data, datalen, sig, dsa))
retc->x.i_val = 1;
Processing commands for cont...@bugs.debian.org:
> tags 511493 pending
Bug#511493: CVE-2008-5557: buffer overflow
Tags were: patch security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, D
Package: slurm-llnl
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In
src/plugins/crypto/openssl/crypto_openssl.c there is this piece of code:
rc = EVP_VerifyFinal(&ectx, (unsigned char
Package: tqsllib
Severity: serious
Tags: security
Hi,
I've been checking packages to see if they properly check the return
value of some of the functions in openssl. In openssl_cert.cpp
there is this piece of code:
if (!EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key)) {
Your message dated Sun, 11 Jan 2009 17:47:08 +
with message-id
and subject line Bug#510709: fixed in smart-notifier 0.28-1.1
has caused the Debian Bug report #510709,
regarding smart-notifier: DBus configuration file doesn't allow introspection
and will be broken by the fix to 503532
to be m
Your message dated Sun, 11 Jan 2009 17:47:08 +
with message-id
and subject line Bug#510709: fixed in smart-notifier 0.28-1.1
has caused the Debian Bug report #510709,
regarding smart-notifier: /etc/dbus-1/system.d file needs alterations for fd.o
#18961
to be marked as done.
This means that
On closer inspection, the part of smart-notifier running as root doesn't
need to be introspectable, because it only runs for a moment, and only
sends a signal. However, at the moment any local user can send that
signal, and the applet will happily display it, with no indication that
it did not, in
* pauls [2009-01-11 09:06]:
> Package: tovid
tovid is not in Debian. Do you know where you got the package from?
What does
dpkg -p tovid | grep Maintainer:
say?
--
Martin Michlmayr
http://www.cyrius.com/
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subjec
Processing commands for cont...@bugs.debian.org:
> tag 511460 fixed-upstream
Bug#511460: ekiga 3.0.1 (from experimental) fails with gconf schema error
message
There were no tags set.
Tags added: fixed-upstream
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian
tag 511460 fixed-upstream
thanks
Soeren Sonnenburg wrote:
Package: ekiga
Version: 3.0.1-1
Severity: grave
(only the package in experimental!) gives this on
$ ekiga
Ekiga got an invalid value for the configuration key
"/apps/ekiga/general/gconf_test_age".
It probably m
Package: php5
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for php5.
CVE-2008-5557[0]:
| Heap-based buffer overflow in
| ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring
| extensi
Hello Wouter,
I'm not quite familiar with your app internals, but it seems your fix makes no
big difference between 0 and 1 return codes. You really want to use
EVP_VerifyFinal as openssl guys did it [1], and provide the above functioning
level with the all possible returns. Their doc suggests
On Sun, Jan 11, 2009, Moritz Muehlenhoff wrote:
> Two approaches to resolve this have been proposed:
As far as I know, there should be patches in Ubuntu to build some of
the packages you listed against xulrunner 1.9; I guess that would be
the best solution. I'm not sure icedove / xulrunner 1.
Package: tovid
Version: 0.31-1
Severity: grave
Justification: renders package unusable
here is the output of makedvd -burn my_video. the disc was empty when it
finished.
Nero linux works, as does cdrecord:
$ makedvd -burn my_video
makedvd
A script to create a DVD-
Hi Robert!
You wrote:
> > If the work will be modified in Debian, and if that would require a
> > name change under the trademark license, presumably we have another
> > “Firefox” → “Iceweasel” situation and would have to rename the work
> > ourselves in order to redistribute it in Debian.
>
Hi,
>> and Word->Define; the latter shows a dialog, but interaction with
>> it leads to a different crash.
Agreed. There is a lots of potential for random crashes, mainly related to
interface handling. Further a breaf peek at code reveals more flaws: peopen()
return value not being inspected
Package: iceape
Severity: serious
The Debian Mozilla maintainers don't have the resources to support Iceape
over the timeframe of Lenny security support. Other people have been asked
on debian-devel to help out, but with no effect.
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505565#10)
The
Processing commands for cont...@bugs.debian.org:
> severity 239111 important
Bug#239111: Freeze when installing GRUB on XFS boot partition
Bug#243835: grub-install hangs with xfs root/boot
Bug#246111: grub hangs on xfs
Bug#309218: broken xfs_freeze calls in grub-install
Bug#425367: grub-update fre
severity 239111 important
clone 239111 -1
retitle -1 should refuse to install on XFS unless embedding can be used
reassign -1 grub2
thanks
On Sun, Jan 04, 2009 at 02:25:28AM +, Steve McIntyre wrote:
>
> After several hours of working through the source, I give up. It's a
> total mess and I'd
Removing from testing as maintainer doesn't seem to want it fixed.
Neil
--
* Tolimar votes for debconf7 to be somewhere where he speaks the
language.
That would a veto for switzerland ;)
Tolimar: that also vetos germany
signature.asc
Description: Digital signature
Hi Reinhard,
thanks a lot for having taken care of this bug and of the latest
jack-audio-connection it upload. I hadn't add time for Debian
packaging last wee.
I've noticed that you committed the changes in the git repo and added
yourself as uploader, very good, seems that Debian-Multimedia/Pkg-M
Processing commands for cont...@bugs.debian.org:
> severity 506766 important
Bug#506766: OSError: [Errno 17] File exists: '/var/lib/apt-xapian-index'
Severity set to `important' from `serious'
> tags 506766 + moreinfo unreproducible
Bug#506766: OSError: [Errno 17] File exists: '/var/lib/apt-xapia
severity 506766 important
tags 506766 + moreinfo unreproducible
thanks
This hasn't been reproduced, so obviously doesn't affect everyone or the
majority of people. Hence downgrading.
--
return (test == true)? ( (test == false)? false : true) : ((test == false) ?
false : true);
signature.asc
De
Hi Ben,
On Tue, Oct 07, 2008 at 07:58:25PM +1100, Ben Finney wrote:
> If the work will be modified in Debian, and if that would require a
> name change under the trademark license, presumably we have another
> “Firefox” → “Iceweasel” situation and would have to rename the work
> ourselves in o
Your message dated Sun, 11 Jan 2009 10:32:08 +
with message-id
and subject line Bug#510685: fixed in gcstar 1.3.2-1.1
has caused the Debian Bug report #510685,
regarding [gcstar] Gcstar freeze when trying to retrieve data from a website
to be marked as done.
This means that you claim that th
Package: ekiga
Version: 3.0.1-1
Severity: grave
(only the package in experimental!) gives this on
$ ekiga
Ekiga got an invalid value for the configuration key
"/apps/ekiga/general/gconf_test_age".
It probably means that your configuration schemas have not been
co
75 matches
Mail list logo
