On 2012-08-22 00:50, Ondřej Surý wrote:
> Debian dind't enable bind9 stats so it's not vulnerable.
There are people who build from the source package and who might enable
this, from that perspective it would be good to upgrade to it.
And there are also other fixes in that version note the seg
Processing control commands:
> found -1 20100208+debian1-1+squeeze3
Bug #685585 [src:fex] src:fex: GPL + additional restrictions
Marked as found in versions fex/20100208+debian1-1+squeeze3.
--
685585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685585
Debian Bug Tracking System
Contact ow..
Source: fex
Version: 20120215-3
Control: found -1 20100208+debian1-1+squeeze3
Severity: serious
Philipp Kern writes:
> On Sat, Aug 18, 2012 at 09:13:42PM +0100, Adam D. Barratt wrote:
>> + YOU ARE NOT ALLOWED TO USE THIS SOFTWARE FOR MILITARY PURPOSES OR WITHIN
>> + MILITARY ORGANIZATIONS! THIS I
Package: xml-light
Severity: grave
Tags: security
Justification: user security hole
This was posted to oss-security:
--
Xml-Light has been moved to google code SVN here :
http://ocamllibs.googlecode.com/svn/trunk/xml-light/
I've applied a fix in r234 by using String Map instead of Hashtbl for
DT
Package: inn
Version: 1.7.2q-41
Severity: grave
>From oss-security mailing list:
the STARTTLS implementation in INN's NNTP server for readers,
nnrpd, before 2.5.3 does not properly restrict I/O buffering,
which allows man-in-the-middle attackers to insert commands
into encrypted sessions by sendi
Your message dated Wed, 22 Aug 2012 05:17:44 +
with message-id
and subject line Bug#685551: fixed in ntfs-3g 1:2012.1.15AR.6-1
has caused the Debian Bug report #685551,
regarding ntfs-3g: returns incorect type for junction points in readdir()
to be marked as done.
This means that you claim th
Your message dated Wed, 22 Aug 2012 03:02:37 +
with message-id
and subject line Bug#682627: fixed in ddd 1:3.3.12-4
has caused the Debian Bug report #682627,
regarding ddd: FTBFS: configure hangs for 60 minutes
to be marked as done.
This means that you claim that the problem has been dealt wi
On Sat, Aug 18, 2012 at 7:29 AM, Scott Howard wrote:
> On Sat, Aug 18, 2012 at 3:32 AM, Marco Righi wrote:
>> do you ask about this?
>>
>> Command 36 of 1 $avr-gcc --verbose
>> Using built-in specs.
>> COLLECT_GCC=avr-gcc
>> COLLECT_LTO_WRAPPER=/usr/lib/gcc/avr/4.7.0/lto-wrapper
>> Target: avr
>>
Hi!
When I was using gnome3 some months ago this bug annoyed me more than a
couple of times, I was able to work-around it by making the annoying
whale window to be a normal desktop window, so when it pop-ups you can
move it to a corner with the mouse and save your data before logging out.
To mak
On Tue, 2012-08-21 at 09:07 +0200, Ondřej Surý wrote:
> > Maybe add just a small paragraph that the configuration of the
> > extensions has changed and php users should read the NEWS file?
>
> That's probably sensible approach. I have quickly drafted short
> paragraph which can be used for releas
Hi!
On 21/08/12 22:43, Roger Leigh wrote:
> I've put a test package here:
> http://people.debian.org/~rleigh/sysvinit/sysvinit_2.88dsf-33.dsc
>
> I'd be grateful if anyone could build this [...]
That works okay, even with a genuinely dirty rootfs where fsck carries
out a repair. I'm using kfr
On Tue, Aug 21, 2012 at 10:28:07PM +0100, Roger Leigh wrote:
> On Sun, Aug 19, 2012 at 12:53:21PM -0700, Steve Langasek wrote:
> > On Sun, Aug 12, 2012 at 09:48:02AM +0100, Roger Leigh wrote:
> > > On Sun, Aug 12, 2012 at 03:37:52PM +1000, James Tocknell wrote:
> > > I've patched startpar to speci
Debian dind't enable bind9 stats so it's not vulnerable.
Ondřej Surý
On 21. 8. 2012, at 22:40, Jeroen Massar wrote:
> Package: nsd3
> Severity: critical
>
> 3.2.13 is out for a month already, might be nice to get an updated
> package...
>
> Greets,
> Jeroen
>
> --
>
> https://www.nlnetlabs.
Processing commands for cont...@bugs.debian.org:
> close 685323 1.0.8.4-1
Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script
Marked as fixed in versions geshi/1.0.8.4-1.
Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script
Marked Bug as done
> thanks
S
Hi Roger,
Roger Leigh wrote:
> I've put a test package here:
> http://people.debian.org/~rleigh/sysvinit/sysvinit_2.88dsf-33.dsc
>
> I'd be grateful if anyone could build this and double-check that this
> is correct, and fixes the bug. I'll upload this as soon as that's
> done.
Works for me o
Processing commands for cont...@bugs.debian.org:
> tags 685324 = security upstream patch
Bug #685324 [php-geshi] Local File Inclusion Vulnerability in contrib script
Added tag(s) patch; removed tag(s) unreproducible and moreinfo.
> thanks
Stopping processing here.
Please contact me if you need as
Processing commands for cont...@bugs.debian.org:
> tags 685323 = unreproducible upstream security
Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script
Removed tag(s) moreinfo.
> notfound 685323 geshi/1.0.8.4-1
Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contri
tags 685323 = unreproducible upstream security
notfound 685323 geshi/1.0.8.4-1
close 685323 geshi/1.0.8.4-1
thanks
Bug supposedly affected langwiz.php where a leftover var_dump($_GET)
could pose an XSS risk if deployed on a public-facing webserver. [1]
That file does not exist in the source versi
Processing commands for cont...@bugs.debian.org:
> found 681963 2.0.5-1
Bug #681963 [munin-node] munin-node: removes directories that were installed by
another package: /etc/munin/plugin-conf.d/, /var/lib/munin/plugin-state/
Marked as found in versions 2.0.5-1/.
> affects 685060 + gfs2-tools
Bug
Your message dated Tue, 21 Aug 2012 21:47:37 +
with message-id
and subject line Bug#684415: fixed in bins 1.1.29-16
has caused the Debian Bug report #684415,
regarding Doesn't work anymore with subdirectories
to be marked as done.
This means that you claim that the problem has been dealt with
On Tue, Aug 21, 2012 at 10:47:57AM +0200, Axel Beckert wrote:
> Hi,
>
> Petr Salinger wrote:
> > >I'm beginning to think that startpar is malfunctioning in some way
> > >(after checkroot.sh returns, but before it runs the next script).
> >
> > Thanks to Steven for excelent hint.
>
> Indeed. That
On Sun, Aug 19, 2012 at 12:53:21PM -0700, Steve Langasek wrote:
> On Sun, Aug 12, 2012 at 09:48:02AM +0100, Roger Leigh wrote:
> > On Sun, Aug 12, 2012 at 03:37:52PM +1000, James Tocknell wrote:
>
> > I've patched startpar to special-case lightdm as for gdm/kdm, but this
> > doesn't appear to have
On Thu, Aug 16, 2012 at 05:16:23PM +0200, Cyril Brulebois wrote:
> Roger Leigh (04/07/2012):
> > This was fixed in 4bc2072701ddd last week, and is pending upload.
> > (Should already be tagged pending.)
> >
> > I have a few other bugs to fix in sbuild, but should be uploading it
> > in the next w
On Mon, May 07, 2012 at 03:37:48PM +0200, Moritz Muehlenhoff wrote:
> Package: nspluginwrapper
> Severity: grave
> Tags: security
>
> Please see this Red Hat bugzilla entry for more information and a reference
> to the
> upstream fix: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2486
Thi
Processing commands for cont...@bugs.debian.org:
> tag 683742 + pending
Bug #683742 [python-pastedeploy] python-pastedeploy: Missing dependency on
python-paste or missing paste package file
Added tag(s) pending.
> tag 671247 + pending
Bug #671247 [src:pastedeploy] pastedeploy: FTBFS if built twic
Hello,
this is just a reminder and a ping. I would like to know if you are
still interested in maintaining MediathekView?
If you are busy at the moment or if you can't maintain the package
anymore, please say so.
Otherwise i think it would be best to contact the Debian Release Team
and ask them
Your message dated Tue, 21 Aug 2012 21:17:42 +
with message-id
and subject line Bug#685469: fixed in ekg2 1:0.3.1-2
has caused the Debian Bug report #685469,
regarding ekg2: missing copyright file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
I can confirm this bug, a workaround for this problem is:
Press the: "System (Windows) key or Alt+F1" these key combinations
will take you to the overview, where you will be able to see the top
menu bar and the bottom menu bar.
ii gnome-common 3.4.0.1-1
ii mutter-common 3.4
Package: ntfs-3g
Version: 1:2012.1.15AR.5-4
Severity: serious
Tags: patch upstream
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
*** /tmp/tmpkpCNMv/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* ntfs-3g-junction-point-fix.patch
Package: nsd3
Severity: critical
3.2.13 is out for a month already, might be nice to get an updated
package...
Greets,
Jeroen
--
https://www.nlnetlabs.nl/projects/nsd/
{{{
NSD 3.2.13
Jul 27, 2012
Bugfixes
Bugfix #461 (VU#517036 CVE-2012-2979): NSD denial of service
vulnerability from DNS pack
Hello,
In fact the problem is in the line :
define('STATE_DIR', '/var/lib/d-push/state');
that should be :
define('STATE_DIR', '/var/lib/d-push/state/');
Notice the trailing '/'. This solves the problem.
Regards
nb
Le 21-08-2012 21:24, ow...@bugs.debian.org a écrit :
Thank you for filing a n
Processing commands for cont...@bugs.debian.org:
> tags 685469 + confirmed
Bug #685469 [ekg2] ekg2: missing copyright file
Added tag(s) confirmed.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
685469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685469
Debia
retitle 685502 fails to install when system has no FQDN
thanks
On 08/21/2012 08:37 PM, Dominic Hargreaves wrote:
> hostname is called from /var/lib/dpkg/info/request-tracker4.config.
> Specifically it calls hostname -f.
indeed.
> This would normally be configured by debootstrap
(personally, i t
Processing commands for cont...@bugs.debian.org:
> retitle 685502 fails to install when system has no FQDN
Bug #685502 [request-tracker4] fails to install in chroots
Changed Bug title to 'fails to install when system has no FQDN' from 'fails to
install in chroots'
> thanks
Stopping processing her
tag confirmed
thanks
On Tue, Aug 21, 2012 at 09:30:34AM +0200, Andreas Beckmann wrote:
> [resending, forgot to Cc: the bug]
>
> On 2012-08-21 08:38, Marcin Owsiany wrote:
> >> # ls -la /usr/share/doc/ekg2
> >> total 0
> >> drwxr-xr-x 2 root root 140 Aug 21 02:42 .
> >> drwxr-xr-x 154 root root
Processing commands for cont...@bugs.debian.org:
> unmerge 685324
Bug #685324 [php-geshi] Local File Inclusion Vulnerability in contrib script
Bug #685323 [php-geshi] Non-persistent XSS vulnerability in contrib script
Disconnected #685324 from all other report(s).
> thanks
Stopping processing here
unmerge 685324 685323
thanks
Hi Benny,
If I seem annoyed, it's because I was alerted about security issues in a
package deployed on one of my systems, and had to spend time looking
into it urgently. (And I still don't know what the issues really are.)
All I could find out is that you've been in
Hi:
Using chmod 1777 could help?
I attached a patch just in case it does.
Cheers,
--
Jeremías--- ilisp.postinst.orig 2012-08-21 16:39:21.911900568 -0300
+++ ilisp.postinst 2012-08-21 16:38:51.211748311 -0300
@@ -65,7 +65,7 @@
case "$1" in
configure)
set_keybindings
- chmod 777 /usr/li
Dear Steven,
Am 20.08.2012 05:12, schrieb Steven Chamberlain:
> tags 685324 + moreinfo unreproducible
> tags 685323 + moreinfo unreproducible
> merge 685324 685323
> severity 685326 wishlist
> merge 685326 584251
> thanks
>
> Hi,
>
> Were these reports of security issues supposed to be genuine?
Ye
Package: d-push
Version: 2.0-1
Severity: grave
Tags: d-i
Justification: renders package unusable
Dear Maintainer,
When I try to use https://myserver/Microsoft-Server-ActiveSync to test d-push,
I have the following error messages :
d-push - Open Source ActiveSync
Version 2.0-1
FatalMisconfigurati
Package: asterisk-flite
Version: 2.1-1
Severity: grave
Using asterisk 1:1.8.13.0~dfsg-1+b1 on wheezy.
asterisk01-noc01*CLI> module load app_flite
Unable to load module app_flite
Command 'module load app_flite' failed.
[Aug 21 15:02:01] WARNING[10528]: loader.c:779 inspect_module: Module
'app_fl
On Tue, Aug 21, 2012 at 12:50:47PM +0200, Daniel Baumann wrote:
> request-tracker4 fails to install in a chroot (standard debian sid
> chroot, with /proc mounted, recommends disabled):
>
> [...]
> Setting up request-tracker4 (4.0.6-4) ...
> **WARNING**··
> **WARNING** If you are using mod_perl or
Package: routino
Severity: grave
Version: 2.2-4
If You download current planet.osm.bz2 and try to use planetsplitter
with it it will crash (accert):
$ pv ../map/planet-latest.osm.bz2 | bunzip2|planetsplitter --loggable
Parse OSM Data
==
22,1GB 11:57:50 [ 537kB/s] [=
Your message dated Tue, 21 Aug 2012 17:02:35 +
with message-id
and subject line Bug#681903: fixed in python-melangeclient 0.1-1.2
has caused the Debian Bug report #681903,
regarding melange-client: missing dependency on python-pkg-resources
to be marked as done.
This means that you claim that
Control: severity -1 important
On Tue 21 Aug 2012 12:49:57 Arto Jantunen escribió:
> Package: qt4-x11
> Version: 4:4.8.2+dfsg-1
> Severity: grave
>
> Starting KDE with qt4 version 4:4.8.2+dfsg-1 installed causes kwin to
> segfault on startup somewhere in libpthread, with 4:4.8.2-2+b1 everything
>
Processing control commands:
> severity -1 important
Bug #685524 [qt4-x11] After upgrading to 4:4.8.2+dfsg-1 kwin segfaults on
startup
Severity set to 'important' from 'grave'
--
685524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685524
Debian Bug Tracking System
Contact ow...@bugs.debian
Processing control commands:
> tag -1 unreproducible moreinfo
Bug #685524 [qt4-x11] After upgrading to 4:4.8.2+dfsg-1 kwin segfaults on
startup
Ignoring request to alter tags of bug #685524 to the same tags previously set
--
685524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685524
Debian
Processing control commands:
> tag -1 unreproducible moreinfo
Bug #685524 [qt4-x11] After upgrading to 4:4.8.2+dfsg-1 kwin segfaults on
startup
Added tag(s) unreproducible and moreinfo.
--
685524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685524
Debian Bug Tracking System
Contact ow...@b
Control: tag -1 unreproducible moreinfo
thanks
Hi Arto!
On Tue 21 Aug 2012 12:49:57 Arto Jantunen escribió:
> Package: qt4-x11
> Version: 4:4.8.2+dfsg-1
> Severity: grave
>
> Starting KDE with qt4 version 4:4.8.2+dfsg-1 installed causes kwin to
> segfault on startup somewhere in libpthread, with
H David,
On Tuesday 21 August 2012 08:50:34 David Kalnischkies wrote:
> For clarity: This partial upgrade thing effects not only aptitude, but
> APT itself and "just" by extension all front-ends even if the message
> just talks about how aptitude is unable to handle the internal change in
> libapt
Package: qt4-x11
Version: 4:4.8.2+dfsg-1
Severity: grave
Starting KDE with qt4 version 4:4.8.2+dfsg-1 installed causes kwin to segfault
on startup somewhere in libpthread, with 4:4.8.2-2+b1 everything works as
expected.
I'll see if I can generate a proper backtrace..
-- System Information:
Debia
Your message dated Tue, 21 Aug 2012 15:17:49 +
with message-id
and subject line Bug#678189: fixed in packagekit 0.7.6-1
has caused the Debian Bug report #678189,
regarding packagekit-backend-aptcc: insecure tempfile use
to be marked as done.
This means that you claim that the problem has been
Your message dated Tue, 21 Aug 2012 14:47:43 +
with message-id
and subject line Bug#683927: fixed in libcloud 0.5.0-1.1
has caused the Debian Bug report #683927,
regarding CVE-2012-3446: MITM vulnerability in TLS/SSL certificates verification
to be marked as done.
This means that you claim th
For clarity: This partial upgrade thing effects not only aptitude, but APT
itself and "just" by extension all front-ends even if the message just talks
about how aptitude is unable to handle the internal change in libapt and
how it talks to his own http-method shipped in 'apt'.
And I doubt that a
retitle 672959 startpar triggers kfreebsd panic: vm_fault_copy_wired
thanks
On 21/08/12 09:16, Petr Salinger wrote:
>> I'm beginning to think that startpar is malfunctioning in some way
>> (after checkroot.sh returns, but before it runs the next script).
>
> Thanks to Steven for excelent hint.
I
Processing commands for cont...@bugs.debian.org:
> retitle 672959 startpar triggers kfreebsd panic: vm_fault_copy_wired
Bug #672959 [src:sysvinit] kfreebsd-*: panic: vm_fault_copy_wired
Changed Bug title to 'startpar triggers kfreebsd panic: vm_fault_copy_wired'
from 'kfreebsd-*: panic: vm_fault_
Package: graphicsmagick
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.
Package: rsync
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - us
Package: request-tracker4
Version: 4.0.6-4
Severity: serious
Hi,
request-tracker4 fails to install in a chroot (standard debian sid
chroot, with /proc mounted, recommends disabled):
[...]
Setting up request-tracker4 (4.0.6-4) ...
**WARNING**··
**WARNING** If you are using mod_perl or any form o
Konstantin Khomoutov writes:
...
> Then I suggest it to be rephrased "... extensions on the rightmost
> place ...", or may be even simpler: "... php5-cgi now only serves files
> which have .php, .php[345] or .phtml as their rightmost extension
> ...".
how about "... have .php, .php[345] or .phtml
Your message dated Tue, 21 Aug 2012 10:33:23 +
with message-id
and subject line Bug#683288: fixed in rt-authen-externalauth 0.10-2
has caused the Debian Bug report #683288,
regarding rt-authen-externalauth: privilege escalation
to be marked as done.
This means that you claim that the problem
The error message is:
Fetched 79,4 MB in 1min 16s (1.037 kB/s)
febootstrap: aptitude: error: no file was downloaded corresponding to package
On Tue, 21 Aug 2012 09:48:37 +0200
Ondřej Surý wrote:
[...]
> >> The mime-types package has dropped non-standard definitions of
> >> PHP MIME-Types as a security measure. Default PHP configuration
> >> for libapache2-mod-php5{filter} and php5-cgi now only serve files
> >> which have .php, .php[3
Processing commands for cont...@bugs.debian.org:
> retitle 685360 AMD SB 750 + Logitech USB keyboard brokenness with Linux 3.2
> (regression from 2.6.38)
Bug #685360 [src:linux] AMD SB 750 + Logitech USB keyboard broken and system
unbootable with Linux 3.2 (regression from 2.6.38)
Changed Bug ti
Hi,
Petr Salinger wrote:
> >I'm beginning to think that startpar is malfunctioning in some way
> >(after checkroot.sh returns, but before it runs the next script).
>
> Thanks to Steven for excelent hint.
Indeed. That fits perfectly with my observation that always the last
thing I saw before the
Hi Neil,
Am 19.08.2012 10:10, schrieb Neil Williams:
> Any news on a fix for netdisco packages to not use /home ?
>
> If this bug is not fixed, the package will have to be removed from
> testing and probably from unstable too.
>
> If, as Gabriele has already mentioned in this bug, the user crea
tags 672959 +patch
--
Hi.
/sbin/startpar -p 4 -t 20 -T 3 -M boot -P N -R S
And the same happens even with -p 0. This is a single-CPU VM running
kfreebsd-i386.
I'm beginning to think that startpar is malfunctioning in some way
(after checkroot.sh returns, but before it runs the next script).
Processing commands for cont...@bugs.debian.org:
> tags 672959 +patch
Bug #672959 [src:sysvinit] kfreebsd-*: panic: vm_fault_copy_wired
Added tag(s) patch.
> --
Stopping processing here.
Please contact me if you need assistance.
--
672959: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672959
On Tue, Aug 21, 2012 at 9:38 AM, Konstantin Khomoutov
wrote:
> On Tue, Aug 21, 2012 at 09:07:59AM +0200, Ondřej Surý wrote:
>
> [...]
>>> Maybe add just a small paragraph that the configuration of the
>>> extensions has changed and php users should read the NEWS file?
>>
>> That's probably sensibl
On Tue, Aug 21, 2012 at 09:07:59AM +0200, Ondřej Surý wrote:
[...]
>> Maybe add just a small paragraph that the configuration of the
>> extensions has changed and php users should read the NEWS file?
>
> That's probably sensible approach. I have quickly drafted short
> paragraph which can be use
Hi,
> Thanks for fixing the issue in unstable!
> But I fear you will have to fix it in testing too, as I do not think RT
> will allow 2.2-2 in testing at this point of the freeze.
I submited an ublokck request (#685484). If freeze exception for new
upstream version if not granted, I will prepare
[resending, forgot to Cc: the bug]
On 2012-08-21 08:38, Marcin Owsiany wrote:
>> # ls -la /usr/share/doc/ekg2
>> total 0
>> drwxr-xr-x 2 root root 140 Aug 21 02:42 .
>> drwxr-xr-x 154 root root 3580 Aug 21 02:42 ..
>> lrwxrwxrwx 1 root root 26 Nov 14 2011 commands-pl.txt ->
>> ../../ekg2/
> Default PHP extension configuration
^^^
This needs Apache 2, e.g.
Default PHP extension configuration for Apache 2.
> ---
>
> The mime-types package has dropped non-standard definitions of
> PHP MIME-Types as a security measure. Default PHP configuration
> for
Your message dated Tue, 21 Aug 2012 07:17:39 +
with message-id
and subject line Bug#683648: fixed in python-django 1.4.1-2
has caused the Debian Bug report #683648,
regarding Django's HTMLParser incompatible with python 2.7.3
to be marked as done.
This means that you claim that the problem ha
On Mon, Aug 20, 2012 at 8:12 PM, Stefan Fritsch wrote:
> On Monday 20 August 2012, Ondřej Surý wrote:
>> Ah, I see; it gets executed when there is no know handler or
>> mime-type for second extension.
>>
>> E.g. index.php.jpeg works as expected (e.g. returning PHP source
>> code), index.php.blubb
75 matches
Mail list logo
