Package: mantis
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
Some vulnerabilities in mantis where reported:
[1]: http://www.mantisbt.org/bugs/view.php?id=15373 (CVE-2013-0197)
http://marc.info/?l=oss-security&m=135853
Processing commands for cont...@bugs.debian.org:
> found 694889 openjdk-7-source/7u3-2.1.4-1
Bug #694889 [ca-certificates-java] ca-certificates-java: early triggered
jks-keystore may fail and leave the temporary /etc/java-7-openjdk/jvm-$arch.cfg
Bug #694888 [ca-certificates-java] ca-certificates-
Package: apt-cacher-ng
Version: 0.7.12-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.
>From
Package: openarena-dbg
Version: 0.8.8-7
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
a test with piuparts revealed that your package misses the copyright
file after an upgrade from squeeze to wheezy, which is a violation of
Policy 12.5:
http://www.debian.org/doc/debia
Package: taurus
Version: 3.0.0-1
Severity: serious
inkscape ask a few question during the build.
It means that it stop the build -> FTBFS
now we use imagemagick as fallback
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500
Your message dated Fri, 18 Jan 2013 21:19:42 +
with message-id
and subject line Bug#696930: Removed package(s) from unstable
has caused the Debian Bug report #694138,
regarding docbookwiki: fails to install: svn: E180001: Unable to connect to a
repository at URL 'file:///usr/share/docbookwiki
Your message dated Fri, 18 Jan 2013 21:19:42 +
with message-id
and subject line Bug#696930: Removed package(s) from unstable
has caused the Debian Bug report #688738,
regarding docbookwiki: ships a SVN repository in /usr, modified by postinst,
overwritten during upgrade
to be marked as done.
Followup-For: Bug #687947
Control: found -1 1:4.04~dfsg-2
Hi,
not much has changed in the last release ... therefore reopening.
1m19.5s ERROR: FAIL: debsums reports modifications inside the chroot:
/var/lib/wims/public_html/gifs/symbols/20/_Arrow-h.gif
/var/lib/wims/public_html/gifs/symbols/
Processing control commands:
> found -1 1:4.04~dfsg-2
Bug #687947 {Done: Georges Khaznadar } [wims] wims:
modifies shipped files: /var/lib/wims/public_html/gifs/*,
/var/lib/wims/public_html/themes/*
Marked as found in versions wims/1:4.04~dfsg-2; no longer marked as fixed in
versions wims/1:4.0
Your message dated Fri, 18 Jan 2013 20:47:33 +
with message-id
and subject line Bug#698439: fixed in couchdb 1.2.0-4
has caused the Debian Bug report #698439,
regarding couchdb: CVE-2012-5650 CVE-2012-5649
to be marked as done.
This means that you claim that the problem has been dealt with.
I
Control: found -1 0.09-11
On Fri, 2013-01-18 at 14:57 +, Gerrit Pape wrote:
> as suggested by Jonathan below, I prepared a bcron package fixing
> #686650 as candidate for the next squeeze point release. A debdiff is
> attached, the package ready for upload.
Please go ahead; thanks.
Regards
Processing control commands:
> found -1 0.09-11
Bug #686650 {Done: Gerrit Pape } [bcron] bcron:
CVE-2012-6110: bcron file descriptors not closed
Marked as found in versions bcron/0.09-11.
--
686650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686650
Debian Bug Tracking System
Contact ow...
Processing control commands:
> found -1 3.7.6-4
Bug #690151 {Done: Ricardo Mones } [claws-mail] claws-mail:
CVE-2012-4507
Marked as found in versions claws-mail/3.7.6-4.
--
690151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690151
Debian Bug Tracking System
Contact ow...@bugs.debian.org w
Control: found -1 3.7.6-4
On Fri, 2013-01-18 at 20:08 +0100, Ricardo Mones wrote:
> As requested by Jonathan, I've prepared an upload with the minimal changes
> required for fixing this, debdiff attached.
>
> IIRC this is the first time I'm going to upload something to stable, so,
> before up
Upstream here. It's a six-line patch:
http://maradns.org/download/patches/security/maradns-1.4.11-ghostdomain.patch
This should not be too difficult to apply.
Also, the security report is somewhat inaccurate. Both MaraDNS and
Deadwood were never vulnerable to the "Ghost Domain" bug as describe
Hi release team,
As requested by Jonathan, I've prepared an upload with the minimal changes
required for fixing this, debdiff attached.
IIRC this is the first time I'm going to upload something to stable, so,
before uploading, any hints on missing bits or common pitfalls awaiting would
be
Your message dated Fri, 18 Jan 2013 18:32:47 +
with message-id
and subject line Bug#697892: fixed in kbuild 1:0.1.9998svn2543+dfsg-1
has caused the Debian Bug report #697892,
regarding kmk_sed fails to parse character classes
to be marked as done.
This means that you claim that the problem ha
On Thu, Jan 10, 2013 at 2:29 PM, Miguel Landaeta wrote:
> On Thu, Jan 10, 2013 at 2:03 PM, James Page wrote:
>> I'm trying to get some advice from upstream on this - hopefully I'll
>> hear back in the next ~24hrs
>
> Good to know, I'll stay tuned.
>
Hi James, is there any news about this issue?
On Wed, Dec 05, 2012 at 04:05:01PM -0500, Ricardo Signes wrote:
> * Dominic Hargreaves [2012-12-05T13:51:19]
> > I wondered (and the question has arised within the Debian project) whether
> > anyone might be relying on the previous behaviour? Have you been able to do
> > any assessment of this?
>
Hi,
as suggested by Jonathan below, I prepared a bcron package fixing
#686650 as candidate for the next squeeze point release. A debdiff is
attached, the package ready for upload.
Regards, Gerrit.
On Thu, Jan 17, 2013 at 11:42:08AM -, Jonathan Wiltshire wrote:
> Package: bcron
>
> Dear ma
Package: ruby-rack
Severity: grave
Tags: security
Justification: user security hole
Please see these links for details:
http://seclists.org/oss-sec/2013/q1/80
http://seclists.org/oss-sec/2013/q1/83
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with
Package: couchdb
Severity: grave
Tags: security
Justification: user security hole
Please see
http://seclists.org/fulldisclosure/2013/Jan/82
http://seclists.org/fulldisclosure/2013/Jan/80
Please apply isolated fixes instead of updating to a full new release.
Cheers,
Moritz
--
To UNSUBS
Your message dated Fri, 18 Jan 2013 13:47:59 +
with message-id
and subject line Bug#697197: fixed in mha4mysql-manager 0.53-2
has caused the Debian Bug report #697197,
regarding mha4mysql-manager: masterha_master_switch aborts during failover with
'Use of uninitialized value'
to be marked as
Your message dated Fri, 18 Jan 2013 14:33:48 +0100
with message-id
and subject line Re: Bug#698402: please close, solved
has caused the Debian Bug report #698402,
regarding wicd-curses: crashes on start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Package: xen
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) - use
Package: revelation
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7)
Package: freeradius
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7)
Package: plib
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) - use
Package: libxslt
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) -
Package: rhythmbox-plugins
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze
30 matches
Mail list logo
