Processing control commands:
> clone -1 -2
Bug #700173 [src:ruby-rack] ruby-rack: CVE-2013-0262 and CVE-2013-0263
Bug 700173 cloned as bug 700226
> retitle -1 ruby-rack: CVE-2013-0262: Path sanitization information disclosure
Bug #700173 [src:ruby-rack] ruby-rack: CVE-2013-0262 and CVE-2013-0263
C
Control: clone -1 -2
Control: retitle -1 ruby-rack: CVE-2013-0262: Path sanitization information
disclosure
Control: retitle -2 ruby-rack: CVE-2013-0263: Timing attack in cookie sessions
Hi
On Sun, Feb 10, 2013 at 11:14:50AM +0900, Satoru KURASHIKI wrote:
> hi,
>
> > For further information see
Your message dated Sun, 10 Feb 2013 06:33:16 +
with message-id
and subject line Bug#689396: fixed in digikam 4:3.0.0-1
has caused the Debian Bug report #689396,
regarding digikam-data: fails to upgrade from 'sid' - trying to overwrite
/usr/share/kde4/apps/libkexiv2/data/topicset.iptc-subjectc
On Sun, Feb 10, 2013 at 7:59 AM, Norbert Preining wrote:
> On Sa, 09 Feb 2013, Adam D. Barratt wrote:
>> It might be an issue for the release if any of the reverse dependencies
>> need an update for some other reason, given that the new ibus upload
>> changes SONAME..,
>
> Ok, conceeded. Indeed in
hi,
> For further information see:
> [0] http://security-tracker.debian.org/tracker/CVE-2013-0262
> [1] http://security-tracker.debian.org/tracker/CVE-2013-0263
> Please adjust the affected versions in the BTS as needed.
> Note: According to the red hat bugtracker for CVE-2013-0262 only
>
On Sa, 09 Feb 2013, Adam D. Barratt wrote:
> It might be an issue for the release if any of the reverse dependencies
> need an update for some other reason, given that the new ibus upload
> changes SONAME..,
Ok, conceeded. Indeed in this case upload to experimental would have been
better.
Norbert
Processing commands for cont...@bugs.debian.org:
> #vim (2:7.3.547-7) UNRELEASED; urgency=low
> #
> # * Add vim-lesstif.preinst to handle transitioning
> /usr/share/doc/vim-lesstif
> #from a symlink to a directory. (Closes: #700069)
> # * Add clarification to short description of vim-nox.
Am 09.02.2013 23:07, schrieb Bjartur Thorlacius:
> On 02/09/2013 09:39 PM, Adam D. Barratt wrote:
>> Control: tags -1 + moreinfo
>>
>> On Sat, 2013-02-09 at 21:00 +, Bjartur Thorlacius wrote:
>>> Package: avahi-daemon
>>> Version: 0.6.31-1
>> [...]
>>> for avahi-daemon to work, dbus must first
Processing commands for cont...@bugs.debian.org:
> notfound 698582 4.2.2.dfsg.1-5+deb70u2
Bug #698582 [isc-dhcp-client] isc-dhcp-client: prompting due to modified
conffiles which were not modified by the user: /etc/dhcp/dhclient.conf
No longer marked as found in versions isc-dhcp/4.2.2.dfsg.1-5+d
Processing commands for cont...@bugs.debian.org:
> notfound 698597 4.2.2.dfsg.1-5+deb70u2
Bug #698597 [isc-dhcp] isc-dhcp: CVE-2012-1667 patch (for Wheezy)
There is no source info for the package 'isc-dhcp' at version
'4.2.2.dfsg.1-5+deb70u2' with architecture ''
Unable to make a source version f
On 02/09/2013 09:39 PM, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
On Sat, 2013-02-09 at 21:00 +, Bjartur Thorlacius wrote:
Package: avahi-daemon
Version: 0.6.31-1
[...]
for avahi-daemon to work, dbus must first have been started. The
package should declare this.
As your bug repo
Processing control commands:
> severity -1 important
Bug #700164 [src:webkit] src:webkit: first pile of 2013 CVEs
Severity set to 'important' from 'grave'
--
700164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700164
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
-
control: severity -1 important
> Please verify which of them (if any) actually apply to Debian's version
> of webkit. All of the appear to apply to some kind of memory corruption
> or access restriction bypass which makes them good candidates. If they
> turn out not to pose a risk for the user, pl
Processing commands for cont...@bugs.debian.org:
> forcemerge 680566 696909
Bug #680566 [chromium] binutils-gold 2.22 buggy on arm
Bug #696909 [chromium] chromium segfaults on startup on armhf
Severity set to 'important' from 'grave'
Marked as found in versions chromium-browser/20.0.1132.43~r14382
Processing commands for cont...@bugs.debian.org:
> tags 685812 + patch
Bug #685812 [python-numpy] ABI change in 1.6.1 version
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
685812: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685812
Debian
Control: tags -1 + moreinfo
On Sat, 2013-02-09 at 21:00 +, Bjartur Thorlacius wrote:
> Package: avahi-daemon
> Version: 0.6.31-1
[...]
> for avahi-daemon to work, dbus must first have been started. The
> package should declare this.
As your bug report shows, the package has a dependency;
> V
Processing control commands:
> tags -1 + moreinfo
Bug #700202 {Done: Michael Biebl } [avahi-daemon]
avahi-daemon: Undeclared dbus dependency
Added tag(s) moreinfo.
--
700202: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700202
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pr
Your message dated Sat, 09 Feb 2013 22:37:19 +0100
with message-id <5116c18f.3050...@debian.org>
and subject line Re: [Pkg-utopia-maintainers] Bug#700202: avahi-daemon:
Undeclared dbus dependency
has caused the Debian Bug report #700202,
regarding avahi-daemon: Undeclared dbus dependency
to be mar
Your message dated Sat, 09 Feb 2013 21:33:20 +
with message-id
and subject line Bug#699616: fixed in gosa 2.7.4-4.2
has caused the Debian Bug report #699616,
regarding gosa: postinst/rm uses "-d /etc/apache2/conf.d" as guard across calls
to Apache
to be marked as done.
This means that you cl
Processing commands for cont...@bugs.debian.org:
> tags 700098 + pending
Bug #700098 [cfingerd] cfingerd: CVE-2013-1049 remote buffer overflow
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700098: http://bugs.debian.org/cgi-bin/bugreport.cg
tags 700098 + pending
thanks
Hi Martin,
I've prepared an NMU for cfingerd (versioned as 1.4.3-3.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Note, I know with this upload I'm not strictly following the NMU
guidelines mentioned in the dev-ref (the bug
Package: avahi-daemon
Version: 0.6.31-1
Severity: serious
Justification: Policy 3.5
Dear Maintainer,
for avahi-daemon to work, dbus must first have been started. The package should
declare this. It took me a few minutes to realize that I was not missing a dbus
helper but needed simply `{service
2013/2/9 Aron Xu :
> Do you have gir1.2-ibus-1.0 installed? This time the error should be
> related to locale, IMHO.
yes, I have it installed. I installed the version I built from git,
but I get the same error.
--
പ്രവീണ് അരിമ്പ്രത്തൊടിയില്
You have to keep reminding your government that you d
On Sun, 2013-02-10 at 04:01 +0900, Norbert Preining wrote:
> On Sa, 09 Feb 2013, Julien Cristau wrote:
> > Why was that thing uploaded to sid anyway... We're in the middle of a
> > freeze, breaking sid is not particularly helpful...
>
> Breaking sid has no connection to freeze and release, if the
Hi,
On Sat, Feb 9, 2013 at 9:05 AM, Giovanni Rapagnani wrote:
> a 3rd solution is to recompile without ssl support.
Yes.
Turns out that porting to gnutls is not as simple as the openssl
wrapper is not enough.
I will apply your patch this weekend.
Thanks!
Ludovico
--
To UNSUBSCRIBE, email t
On Sa, 09 Feb 2013, Julien Cristau wrote:
> Why was that thing uploaded to sid anyway... We're in the middle of a
> freeze, breaking sid is not particularly helpful...
Breaking sid has no connection to freeze and release, if the maintainer
do not plan to ask for a freeze exception.
Don't go over
severity 685469 important
thanks
From the bug log, it seems that this bug now only happens when
upgrading from a version of the package in backports.d.o
If I'm right, the bug should then be downgraded to "important". We
shouldn't keep "RC" bugs that are not RC in sight of people who are
working t
Processing commands for cont...@bugs.debian.org:
> tags 700098 + security
Bug #700098 [cfingerd] cfingerd: CVE-2013-1049 remote buffer overflow
Added tag(s) security.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700098: http://bugs.debian.org/cgi-bin/bugreport.
On 07/12/12 22:13, Francesco Poli (wintermute) wrote:
> The possible solutions I can think of are:
>
> A) ntop is modified so that it can link with GNUTLS, instead
> of OpenSSL
>
> B) an OpenSSL linking exception is granted to all the relevant
> files by the respective copyright holder
Processing commands for cont...@bugs.debian.org:
> severity 685469 important
Bug #685469 [ekg2] ekg2: missing copyright file
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
685469: http://bugs.debian.org/cgi-bin/bugreport
Hi Martin
Do you want to upload cfingerd? Otherwise I can prepare a NMU for this
issue with Marc's submitted patch. In any case I would upload it to a
delayed.
Regards,
Salvatore
diff -u cfingerd-1.4.3/debian/changelog cfingerd-1.4.3/debian/changelog
--- cfingerd-1.4.3/debian/changelog
+++ cfinge
Your message dated Sat, 09 Feb 2013 17:02:32 +
with message-id
and subject line Bug#681750: fixed in astk 1.11.0-1
has caused the Debian Bug report #681750,
regarding aster: FTBFS: IOError: [Errno 2] No such file or directory:
'/etc/codeaster/astkrc/prefs'
to be marked as done.
This means th
Hi,
Le 06/02/2013 13:56, Michael Stapelberg a écrit :
> I would like to upload lcdf-typetools/2.92+dfsg1-1.1 to
> testing-proposed-updates to fix #694352 in wheezy. At the moment,
> 2.92-1+b1 is in testing and 2.92-2 is in unstable.
Is there any reason not to push this version directly in unstab
Your message dated Sat, 09 Feb 2013 17:02:32 +
with message-id
and subject line Bug#681750: fixed in astk 1.11.0-1
has caused the Debian Bug report #681750,
regarding code-aster-run (as_run) seems to need code-aster-gui (astk)
to be marked as done.
This means that you claim that the problem h
Hi Michael,
I looked at it and uploaded a new package version to the mentors site.
It does locking in correct order as Tim showed in his strace output
before.
I have read the patch carefully and from what I can see there is no
problem with it. But again, someone with more experience of locking
sho
On Sat, Feb 9, 2013 at 8:44 PM, Praveen A wrote:
> 2013/2/9 Aron Xu :
>> You forgot to tell me what's your locale - the one that doesn't work, ;-)
>
> My locale is ml_IN (it was in the log - ValueError: unknown locale: ml_IN).
>
> Now it is failing even with en_IN
>
> $ LANG=en_IN ibus-setup
> Tra
On Sat, 09 Feb 2013 18:05:21 +0100 Giovanni Rapagnani wrote:
[...]
> Hello,
Hi!
Thanks for following up on this bug.
> a 3rd solution is to recompile without ssl support.
Yes, at the cost of losing some functionality, I guess.
[...]
> I was able to recreate a deb package and
> install it. An l
Hello Andreas,
Andreas Beckmann wrote on 2013-02-08 03:41:
> Note that dpkg intentionally does not replace directories with symlinks
> and vice versa, you need the maintainer scripts to do this.
That was new for me, but after a test I see the problem, too. In squeeze
the both packages xfe-i18n an
On Sa, 09 Feb 2013, Aron Xu wrote:
> > But there are still three problems I see:
> > - when *left*clicking on the icon in the gnome top bar, a window pops up
> > which has two part:
> > upper part: configuration for the input method
> > lower part: list of input methods
> > now
Your message dated Sat, 09 Feb 2013 16:48:04 +
with message-id
and subject line Bug#700068: fixed in xfe 1.32.5-2
has caused the Debian Bug report #700068,
regarding xfe-themes, xfe-i18n: unhandled symlink to directory conversion:
/usr/share/doc/PACKAGE
to be marked as done.
This means that
On Sat, Feb 9, 2013 at 00:42:29 +0800, Aron Xu wrote:
> Thanks for the report, I was on train when I first saw the report,
> I'll deal with it very soon.
>
Why was that thing uploaded to sid anyway... We're in the middle of a
freeze, breaking sid is not particularly helpful...
Cheers,
Julien
Hello Andreas,
before answering I want to say that I have overtaken capi4hylafax a short
time before the freeze of wheezy and since them I only try to fix all RC
relevant bugs. With the same intention I worked on hylafax together with
the maintainer.
Andreas Beckmann wrote on 2013-02-07 00:02:
>
Source: ruby-rack
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for ruby-rack.
CVE-2013-0262[0]:
Path sanitization information disclosure
CVE-2013-0263[1]:
Timing attack in cookie sessions
If you fix the vulnerabilities please also make sure to include the
CVE
Processing commands for cont...@bugs.debian.org:
> reassign 700162 gksu
Bug #700162 [libgksu2-0] libgksu2-0: should default to sudo if no root password
(see bug #481689)
Bug reassigned from package 'libgksu2-0' to 'gksu'.
No longer marked as found in versions libgksu/2.0.13~pre1-6.
Ignoring reque
2013/2/9 Aron Xu :
> You forgot to tell me what's your locale - the one that doesn't work, ;-)
My locale is ml_IN (it was in the log - ValueError: unknown locale: ml_IN).
Now it is failing even with en_IN
$ LANG=en_IN ibus-setup
Traceback (most recent call last):
File "/usr/share/ibus/setup/ma
On Sat, Feb 9, 2013 at 8:28 PM, Praveen A wrote:
> 2013/2/9 Aron Xu :
>> Yes, I pushed another patch to git, can you try it? I see no problem so far.
>>
>> http://anonscm.debian.org/gitweb/?p=pkg-ime/ibus.git;a=blob;f=debian/patches/correct-type-of-shortcuts.patch;h=57da4f5342ecea88c653d0b08f6ec57
Package: src:acpica-unix
Version: 20100528-1
Severity: serious
The last condition in debian/copyright looks non-free:
4.3. Licensee shall not export, either directly or indirectly, any of this
software or system incorporating such software without first obtaining any
required license or o
2013/2/9 Aron Xu :
> Yes, I pushed another patch to git, can you try it? I see no problem so far.
>
> http://anonscm.debian.org/gitweb/?p=pkg-ime/ibus.git;a=blob;f=debian/patches/correct-type-of-shortcuts.patch;h=57da4f5342ecea88c653d0b08f6ec5788478f358;hb=HEAD
I did a rebuild and ibus-setup doesn
On Sat, Feb 9, 2013 at 7:41 PM, Norbert Preining wrote:
> Hi Aron,
>
> On Sa, 09 Feb 2013, Aron Xu wrote:
>> Yes, I pushed another patch to git, can you try it? I see no problem so far.
>
> getting better. I have now:
> - ibus* 1.5.1-2~1
> (your version -2 from git)
> - mozc* 1.6.1187.102-1~exp2
Hi Aron,
On Sa, 09 Feb 2013, Aron Xu wrote:
> Yes, I pushed another patch to git, can you try it? I see no problem so far.
getting better. I have now:
- ibus* 1.5.1-2~1
(your version -2 from git)
- mozc* 1.6.1187.102-1~exp2.1
(experimental version rebuild with ibus1.5)
ibus-setup is now work
Processing control commands:
> severity -1 normal
Bug #694622 [nut-snmp] nut-snmp: Can't connect to UPS [apcpdu]
(snmp-ups-apcpdu): No such file or directory
Severity set to 'normal' from 'grave'
--
694622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694622
Debian Bug Tracking System
Conta
Control: severity -1 normal
Hi,
On Wed, Feb 06, 2013 at 08:28:53PM +0100, Michael Stapelberg wrote:
> > ups.conf
> > [apcpdu]
> > driver = snmp-ups
> > port = apc
> > mibs = apcc
> > community = public
> Try removing the “mibs = apcc” line.
> Also, maybe specify “s
Package: src:webkit
Severity: grave
Tags: security
Justification: user security hole
Dear webkit maintainers,
On behalf of the security team I am creating a bug for the following
CVE identifiers supposedly affecting webkit.
CVE-2013-0948
CVE-2013-0949
CVE-2013-0950
CVE-2013-0951
CVE-2013-0952
CV
On Sa, 09 Feb 2013, Norbert Preining wrote:
> /etc/dconf/db/ibus
> /etc/dconf/db/ibus.d/00-upstream-settings
And on purge of ibus and friends, I see:
dpkg: warning: while removing ibus, directory '/etc/dconf/db' not empty so not
removed
because /etc/dconf/db/ibus is still present
No
On Sat, Feb 9, 2013 at 7:16 PM, Norbert Preining wrote:
> Hi Aron,
>
> On Sa, 09 Feb 2013, Aron Xu wrote:
>> Can you please try to run "dconf update" as root? As to see whether a
>> file named /etc/dconf/db/ibus get created.
>
> Yes, I have now
> /etc/dconf/db/ibus
> /etc/dconf/db/
Hi Aron,
On Sa, 09 Feb 2013, Aron Xu wrote:
> Can you please try to run "dconf update" as root? As to see whether a
> file named /etc/dconf/db/ibus get created.
Yes, I have now
/etc/dconf/db/ibus
/etc/dconf/db/ibus.d/00-upstream-settings
but ibus-setup still crashes:
[~] ibus-set
Package: libgksu2-0
Version: 2.0.13~pre1-6
Severity: serious
Tags: patch
Justification: 0.
Dear Maintainer,
Since 2008, if root account has no password or is locked
(e.g. by `passwd -d root`, using sudo accounts), then certain
desktop gksu invocations fail (unetbootin from the menu, wicd, ...).
T
Hi Norbert,
Can you please try to run "dconf update" as root? As to see whether a
file named /etc/dconf/db/ibus get created.
Thank you.
On Sat, Feb 9, 2013 at 4:50 PM, Aron Xu wrote:
> On Sat, Feb 9, 2013 at 3:35 PM, Norbert Preining wrote:
>> Hi Aron,
>>
>> On Sa, 09 Feb 2013, Aron Xu wrote:
On Sat, Feb 9, 2013 at 3:35 PM, Norbert Preining wrote:
> Hi Aron,
>
> On Sa, 09 Feb 2013, Aron Xu wrote:
>> The problem seems to be a easy one, just install gir1.2-ibus-1.0 and
>> ibus-setup/ibus-daemon will work without problem. I'll upload new
>> version very soon.
>
> I just saw in the git rep
59 matches
Mail list logo
