Processing control commands:
> retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be made
> to crash remotely
Bug #700234 [transmission-daemon] transmission-daemon: Transmission can be made
to crash remotely
Changed Bug title to 'transmission-daemon: CVE-2012-6129: Transmission
Control: retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be
made to crash remotely
Hi
On Sun, Feb 10, 2013 at 01:22:28PM +0100, Yves-Alexis Perez wrote:
> On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
> > Package: transmission-daemon
> > Version: 2.52-3
> > Seve
Hi,
On Mi, 13 Feb 2013, Aron Xu wrote:
> Here is a relevant commit, though I'm not sure this is the whole story:
> https://github.com/ibus/ibus/commit/53d33ec4e6ad41a116f25cfa7ce12e04f6f93752
Seen that, it is huge, not sure reverting it would help.
There are too many code changes there. I have t
Processing commands for cont...@bugs.debian.org:
> reopen 700471
Bug #700471 {Done: Cédric Boutillier } [ruby1.9.1]
Denial of Service and Unsafe Object Creation Vulnerability in JSON
[CVE-2013-0269]
Bug reopened
Ignoring request to alter fixed versions of bug #700471 to the same values
previous
On Wed, Feb 13, 2013 at 3:11 PM, Aron Xu wrote:
> The option has been hidden in ibus-setup, but I'm worry that whether
> ibus 1.5 itself has removed the capability.
I believe that it is removed since changing dconf key has no effect either.
For IBus (1.4.99+) + GNOME combo, it really depend on w
On Wed, Feb 13, 2013 at 3:04 PM, Norbert Preining wrote:
> Hi Ma,
>
> thanks for your email, good research, horrible reading
> (GNome devs are *sick*, removing features without understanding
> their imprtance)
>
> On Mi, 13 Feb 2013, Ma Xiaojun wrote:
>> On Wed, Feb 13, 2013 at 1:46 PM, Norbert Pr
Hi Ma,
thanks for your email, good research, horrible reading
(GNome devs are *sick*, removing features without understanding
their imprtance)
On Mi, 13 Feb 2013, Ma Xiaojun wrote:
> On Wed, Feb 13, 2013 at 1:46 PM, Norbert Preining wrote:
> > Is this really gone? (BTW, even if they remove it, I
On Wed, Feb 13, 2013 at 1:46 PM, Norbert Preining wrote:
> Is this really gone? (BTW, even if they remove it, I would consider
> it a bug that should be reintroduced upstream )
Yes.
http://code.google.com/p/ibus/issues/detail?id=1568
But GNOME blog says such feature is reintroduced in GNOME 3.7.
On Mi, 13 Feb 2013, Aron Xu wrote:
> > - separate IME for different windows is working?
>
> AFAIK this feature is removed, but not simply caused by bug.
Ok, maybe I was wrong with my explanation: What about the
*activation*status*
of the IME? Before I had the option to have some windows w
On Wed, Feb 13, 2013 at 6:18 AM, Norbert Preining wrote:
> Hi Ma,
>
> On Mi, 13 Feb 2013, Ma Xiaojun wrote:
>> FYI, manually compiled IBus 1.5.0 works fine on my Ubuntu 12.10 box
>> (with MATE as DE); I have used that box for many days.
>
> - separate IME for different windows is working?
AFAIK t
Processing commands for cont...@bugs.debian.org:
> found 699929 1.9.2.0-2
Bug #699929 {Done: Antonio Terceiro } [ruby1.9.1]
ruby1.9.1: CVE-2013-0256
Marked as found in versions ruby1.9.1/1.9.2.0-2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
699929: http://bu
That is not the correct fix for this bug.
In the first instance the user simply installed the wrong package and
although the message displayed in deluge-gtk should not have been an
exception message there was no loss of functionality (as a thin client) and
the proper dialog box to disable classic
Processing commands for cont...@bugs.debian.org:
> forwarded 700076 http://code.google.com/p/ibus/issues/detail?id=1591
Bug #700076 [ibus] ibus: non-functional, setup breaks
Set Bug forwarded-to-address to
'http://code.google.com/p/ibus/issues/detail?id=1591'.
> thanks
Stopping processing here.
Processing control commands:
> clone -1 -2
Bug #700436 {Done: Cédric Boutillier } [ruby-json]
Denial of Service and Unsafe Object Creation Vulnerability in JSON
[CVE-2013-0269]
Bug 700436 cloned as bug 700471
> reassign -2 ruby1.9.1
Bug #700471 {Done: Cédric Boutillier } [ruby-json]
Denial of S
Control: clone -1 -2
Control: reassign -2 ruby1.9.1
Hi!
Reading the description given in
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
I notice that the bug is affecting the version of JSON distributed with
ruby1.9.1. I am therefore duplicating this bug acco
Your message dated Tue, 12 Feb 2013 23:33:34 +
with message-id
and subject line Bug#700436: fixed in ruby-json 1.7.3-3
has caused the Debian Bug report #700436,
regarding Denial of Service and Unsafe Object Creation Vulnerability in JSON
[CVE-2013-0269]
to be marked as done.
This means that
Am Dienstag, den 12.02.2013, 22:47 +0100 schrieb Petter Reinholdtsen:
> This problem is also seen in the chroot upgrade testing for a full
>
> [...]
>
> http://bugs.debian.org/678848 > describe a workaround using
> Breaks. Perhaps it could be used here too?
Please test the attached patch if it re
Marco Nenciarini writes:
> Il giorno 12/feb/2013, alle ore 17:16, Jaldhar H. Vyas ha scritto:
>>>
>>
>> Thanks for the patch but if the diagnosis is correct it seems it will not be
>> needed as -7 took out the perl code. So backporting that should solve the
>> problem. Unfortunately I am ra
Your message dated Tue, 12 Feb 2013 22:32:42 +
with message-id
and subject line Bug#700300: fixed in libinfinity 0.5.2-6.1
has caused the Debian Bug report #700300,
regarding infinoted: needs Breaks: infinoted-0.4 and needs to clean up
forgotten alternative
to be marked as done.
This means t
Hi Aron,
On Di, 12 Feb 2013, Aron Xu wrote:
> It seems to be quite difficult to deal with current situation after my
> checking into details of the whole stack because, ibus 1.5 series
> depends extensively on gobject technology, but due to the nature of
What does upstream say to this problem?
Do
Hi Ma,
On Mi, 13 Feb 2013, Ma Xiaojun wrote:
> FYI, manually compiled IBus 1.5.0 works fine on my Ubuntu 12.10 box
> (with MATE as DE); I have used that box for many days.
- separate IME for different windows is working?
- did you try gnome3 (gnome-shell)?
Norbert
--
Processing commands for cont...@bugs.debian.org:
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 697808 piuparts
There were no usertags set.
Usertags are now: piuparts.
> usertags 699644 piuparts
There were no usertags set.
Usertags ar
This problem is also seen in the chroot upgrade testing for a full
desktop installation, see
http://jenkins.debian.net/job/chroot-installation_squeeze_install_full_desktop_upgrade_to_wheezy/79/parsed_console
>:
[...]
atd: stopping...starting...done.
Services restarted successfully.
(Reading
Hi Dominique,
On Tue, Feb 12, 2013 at 02:26:18PM +0100, Dominique Dumont wrote:
> Here's a summary of the issue for debian-legal folks. Pan package on Debian
> got bug #699892 because Pan GPLv2 only is linked with gnutls LGPLv3, which is
> not permitted by FSF. Pan folks are willing to re-licens
Your message dated Tue, 12 Feb 2013 21:00:08 +
with message-id
and subject line Bug#637273: fixed in gradle 1.1-1
has caused the Debian Bug report #637273,
regarding gradle: FTBFS: A problem occurred evaluating root project 'buildSrc'.
to be marked as done.
This means that you claim that the
Your message dated Tue, 12 Feb 2013 21:00:08 +
with message-id
and subject line Bug#637273: fixed in gradle 1.1-1
has caused the Debian Bug report #637273,
regarding Gradle doesn't work with Groovy 1.8.x
to be marked as done.
This means that you claim that the problem has been dealt with.
If
Processing control commands:
> severity -1 serious
Bug #648965 [comixcursors-righthanded] comixcursors-righthanded:
update-alternatives not used
Severity set to 'serious' from 'normal'
--
648965: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648965
Debian Bug Tracking System
Contact ow...@bu
Your message dated Tue, 12 Feb 2013 20:48:51 +
with message-id
and subject line Bug#698910: fixed in zoneminder 1.25.0-4
has caused the Debian Bug report #698910,
regarding zoneminder: CVE-2013-0232: arbitrary command execution vulnerability
to be marked as done.
This means that you claim tha
On Tue, 2013-02-12 at 19:58 +0100, Stephan Schreiber wrote:
> The xserver-xorg-video-all package doesn't install the following xorg
> video drivers on ia64:
The changelog says that's intentional:
* Drop some videos drivers from the xserver-xorg-video-all meta package
on ia64, they were
Ping?
For the avoidance of doubt, the outstanding point is that:
Debian does not appear to have a license to distribute
src/port/misc/inetutil.c
src/port/misc/inetutil.h
src/fontdb/hfgks.c
This puts xgks and its reverse dependency ferret-vis at risk of removal
from Wheezy.
I
Your message dated Tue, 12 Feb 2013 19:48:47 +
with message-id
and subject line Bug#699929: fixed in ruby1.9.1 1.9.3.194-6
has caused the Debian Bug report #699929,
regarding ruby1.9.1: CVE-2013-0256
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Processing commands for cont...@bugs.debian.org:
> tags 700398 + sid
Bug #700398 [ocl-icd] ocl-icd: FTBFS at FAIL: tests/03-check-own-ICD-loader.sh
Added tag(s) sid.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700398: http://bugs.debian.org/cgi-bin/bugreport.c
Processing control commands:
> tags -1 = sid
Bug #700406 [radare2-bindings] radare2-bindings: FTBFS: cp: cannot stat
'python/*.so': No such file or directory
Added tag(s) sid; removed tag(s) unreproducible and moreinfo.
> severity -1 serious
Bug #700406 [radare2-bindings] radare2-bindings: FTBFS:
Processing control commands:
> severity -1 important
Bug #700406 [radare2-bindings] radare2-bindings: FTBFS: cp: cannot stat
'python/*.so': No such file or directory
Severity set to 'important' from 'serious'
> tags -1 + moreinfo
Bug #700406 [radare2-bindings] radare2-bindings: FTBFS: cp: cannot
Control: severity -1 important
Control: tags -1 + moreinfo
On Tue, Feb 12, 2013 at 01:58:28PM +0100, Roland Stigge wrote:
> trying to build radare2-bindings, I got this result[1]:
>
> Tried on amd64 and powerpcspe.
Neither adsb nor I could reproduce this in clean, up-to-date chroots of
i386/whee
Processing commands for cont...@bugs.debian.org:
> tags 700406 + unreproducible
Bug #700406 [radare2-bindings] radare2-bindings: FTBFS: cp: cannot stat
'python/*.so': No such file or directory
Added tag(s) unreproducible.
> thanks
Stopping processing here.
Please contact me if you need assistanc
I’ve been running the patched daemon for a couple days and it seems to
work fine.
--
.''`. Josselin Mouette
: :' :
`. `'
`-
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Il giorno 12/feb/2013, alle ore 17:16, Jaldhar H. Vyas ha scritto:
>>
>
> Thanks for the patch but if the diagnosis is correct it seems it will not be
> needed as -7 took out the perl code. So backporting that should solve the
> problem. Unfortunately I am rather pressed for time right now a
Your message dated Tue, 12 Feb 2013 19:00:04 +
with message-id
and subject line Bug#689576: fixed in entangle 0.5.0-1
has caused the Debian Bug report #689576,
regarding entangle: modifies a shipped file:
/usr/share/glib-2.0/schemas/gschemas.compiled
to be marked as done.
This means that you
Package: xserver-xorg-video-all
Version: 1:7.7+1
Severity: serious
The xserver-xorg-video-all package doesn't install the following xorg
video drivers on ia64:
xserver-xorg-video-apm
xserver-xorg-video-ark
xserver-xorg-video-chips
xserver-xorg-video-cirrus
xserver-xorg-video-i128
xserver-xo
Package: xserver-xorg-video-ati
Version: 1:6.14.4-6
Severity: serious
Machine: Dell PowerEdge 3250
Processor: 2x Itanium Madison 1.5GHz 6M
Memory: 16G
Graphics: build-in ATI Rage XL
01:01.0 VGA compatible controller [0300]: Advanced Micro Devices [AMD]
nee ATI Rage XL [1002:4752] (rev 27)
Andreas Beckmann wrote:
>Package: infinoted
>Version: 0.5.2-6
>Severity: serious
>Tags: patch
>User: debian...@lists.debian.org
>Usertags: piuparts
>
>Hi,
>
>during a test with piuparts I noticed your package left unowned files
>on
>the system after purge, which is a violation of policy 6.8:
>
>h
On Tue, 12 Feb 2013, Niko Tyni wrote:
It looks like the postinst of dovecot-core uses perl -E, which
implicitly needs feature.pm, without depending on perl-modules.
This works in sid/wheezy because feature.pm has since moved into
perl-base, as Gregor noted.
...
Hope this helps,
Thanks f
Control: severity -1 important
On Wed, Jan 30, 2013 at 05:43:15PM +0100, gregor herrmann wrote:
> Control: retitle -1 cglib: FTBFS: 1)
> testFailOnMemoryLeak(net.sf.cglib.proxy.TestEnhancer)junit.framework.AssertionFailedError:
> Memory leak caused by Enhancer
> Control: tag -1 + unreproducible
Processing control commands:
> severity -1 important
Bug #699256 [src:cglib] cglib: FTBFS: 1)
testFailOnMemoryLeak(net.sf.cglib.proxy.TestEnhancer)junit.framework.AssertionFailedError:
Memory leak caused by Enhancer
Severity set to 'important' from 'serious'
--
699256: http://bugs.debian.org/c
On Tue, Feb 12, 2013 at 06:20:04PM +0100, gregor herrmann wrote:
> On Mon, 11 Feb 2013 23:40:38 +0100, Andreas Beckmann wrote:
>
> > during a test with piuparts I noticed your package fails to upgrade from
> > 'squeeze'.
> > It installed fine in 'squeeze', then the upgrade to 'squeeze-backports'
Package: ntop
Version: 3:4.99.3+ndpi5517+dfsg2-1
Severity: grave
Tags: security
Justification: looks like a buffer overflow
X-Debbugs-CC: deb...@cygnusnetworks.de
Running ntop under gdb. In most cases it segfaults within the first 10 seconds.
# gdb /usr/sbin/ntop
GNU gdb (GDB) 7.4.1-debian
Copyr
On 12/02/2013 17:20, gregor herrmann wrote:
> On Mon, 11 Feb 2013 23:40:38 +0100, Andreas Beckmann wrote:
>> during a test with piuparts I noticed your package fails to upgrade from
>> 'squeeze'.
>> It installed fine in 'squeeze', then the upgrade to 'squeeze-backports'
>> fails.
>
>> Can't loc
On Mon, 11 Feb 2013 23:40:38 +0100, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package fails to upgrade from
> 'squeeze'.
> It installed fine in 'squeeze', then the upgrade to 'squeeze-backports' fails.
> Can't locate feature.pm in @INC (@INC contains: /etc/perl
> /us
Package: ruby-json
Version: 1.7.3-2,1.6.1-1~bpo60+1
Severity: critical
Tags: security patch
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
Denial of Service and Unsafe Object Creation Vulnerability in JSON
There is a denial of service and unsafe object crea
Your message dated Tue, 12 Feb 2013 16:17:42 +
with message-id
and subject line Bug#699255: fixed in ruby-activeresource-2.3 2.3.14-3
has caused the Debian Bug report #699255,
regarding ruby-activeresource-2.3: FTBFS: test_load_yaml_array(BaseTest) fails
to be marked as done.
This means that
Hi, all.
FYI, manually compiled IBus 1.5.0 works fine on my Ubuntu 12.10 box
(with MATE as DE); I have used that box for many days.
For errors like "ERROR:root:Could not find any typelib for IBus"
Have you installed GI stuff properly?
Have you got "gir1.2-ibus-1.0" installed?
--
To UNSUBSCRIBE
On Tue, Feb 12, 2013 at 5:54 PM, Norbert Preining wrote:
> Hi Aron,
>
>> Frankly, I haven't tested it in very detail since Fedora 18 has been
>> released with this version.
>
> Oh, surprise. I guess we should look into the patches fedora applies, they
> wouldn't ship it as it, or?
>
> If I can do
Package: nginx
Version: 0.7.67-3
Severity: grave
Tags: security patch
Hi,
nginx in squeeze and wheezy is vulnerable to the SSL attack CVE-2012-4929
dubbed 'CRIME'. The attack is related to SSL compression.
The popular solution to the attack is to disable SSL compression. This is
what Apache has
Processing commands for cont...@bugs.debian.org:
> tags 700399 +patch
Bug #700399 [lighttpd] vulnerable to CRIME SSL attack (CVE-2012-4929)
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug
tags 700399 +patch
thanks
Hi,
Attached is a proposed update for squeeze-security to address this issue.
Upstream's patch for client side renegotiation also fixed the SSL compression
issue in the same commit. The SSL compression fix however only works with
openssl >= 1. Therefore, I had to backpo
Your message dated Tue, 12 Feb 2013 14:47:45 +
with message-id
and subject line Bug#694352: fixed in lcdf-typetools 2.92+dfsg1-0.1
has caused the Debian Bug report #694352,
regarding [lcdf-typetools] lcdf-typetool include non free adobe data; glyph list
to be marked as done.
This means that y
Hello
Here's a summary of the issue for debian-legal folks. Pan package on Debian
got bug #699892 because Pan GPLv2 only is linked with gnutls LGPLv3, which is
not permitted by FSF. Pan folks are willing to re-license Pan to GPLv2 and
later. But getting copyright owner authorisation for all sof
Package: radare2-bindings
Version: 0.9-1
Severity: serious
Hi,
trying to build radare2-bindings, I got this result[1]:
r_util.vapi:31.17-31.30: error: The type name `string' could not be found
r_util.vapi:31.39-31.41: error: The type name `int' could not be found
r_util.vapi:33.17-33.19: error:
tag 700398 +pending
thanks
Le 12/02/2013 13:15, Roland Stigge a écrit :
> Package: ocl-icd
> Version: 1.3-3
> Severity: serious
>
> Hi,
>
> trying to build ocl, I got this result[1]:
ocl-icd 1.3-3 must be built into a wheezy environment.
If you want to compile it on unstable, use ocl-icd >= 2.0
Processing commands for cont...@bugs.debian.org:
> tag 700398 +pending
Bug #700398 [ocl-icd] ocl-icd: FTBFS at FAIL: tests/03-check-own-ICD-loader.sh
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700398: http://bugs.debian.org/cgi-bin/bugre
Package: lighttpd
Version: 1.4.28-2+squeeze1
Severity: grave
Tags: security
Hi,
lighttpd in squeeze is vulnerable to the SSL attack CVE-2012-4929 dubbed
'CRIME'. The attack is related to SSL compression.
The popular solution to the attack is to disable SSL compression. This is
what Apache has do
Package: ocl-icd
Version: 1.3-3
Severity: serious
Hi,
trying to build ocl, I got this result[1]:
make[4]: Entering directory `/«PKGBUILDDIR»'
PASS: tests/01-no-icd.sh
PASS: tests/02-LIG-icd.sh
FAIL: tests/03-check-own-ICD-loader.sh
==
1 of 3 tests
Your message dated Tue, 12 Feb 2013 11:32:32 +
with message-id
and subject line Bug#72: fixed in curl 7.26.0-1+wheezy1
has caused the Debian Bug report #72,
regarding curl: CVE-2013-0249
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is n
Hi Roland,
Thanks for your bugreport. Ko van der Sloot and me are working on the issue.
The issue will get fixed in a next release.
Bye,
Joost
On Tue, Feb 12, 2013 at 11:12:33AM +0100, Roland Stigge wrote:
> Package: timbl
> Version: 6.4.3-1
> Severity: serious
> Tags: sid
> User: debian-power
Package: timbl
Version: 6.4.3-1
Severity: serious
Tags: sid
User: debian-powerpc...@breakpoint.cc
Usertags: powerpcspe
Hi,
trying to build frog[1] on powerpcspe[2], I got this result[3]:
make[3]: Entering directory `/«PKGBUILDDIR»/build/2.6/src'
g++ -DHAVE_CONFIG_H -I. -I/«PKGBUILDDIR»/./src -I.
Hi Aron,
> Frankly, I haven't tested it in very detail since Fedora 18 has been
> released with this version.
Oh, surprise. I guess we should look into the patches fedora applies, they
wouldn't ship it as it, or?
If I can do anything let me know
Norbert
--
To UNSUBSCRIBE, email to debian-bugs
Hi Norbert,
On Tue, Feb 12, 2013 at 4:02 PM, Norbert Preining wrote:
> Hi Aron,
>
> one more bug I found ... iceweasel/firefox ignores the current ibus plugin.
> It works in sakura/gnome-term etc, but not in iceweasel.
>
Thanks for catching the issue.
> It really seems that this ibus 1.5 was no
Processing commands for cont...@bugs.debian.org:
> # tpu upload did not include quarantine patch
> found 698136 3.10.1+dfsg-8
Bug #698136 [dspam] dspam: recipient corrpution when releasing a message from
quarantine
Marked as found in versions dspam/3.10.1+dfsg-8.
> thanks
Stopping processing here
Hi,
> Ah, I misinterpreted your question: I thought you meant writing to
> oce-dev in order to persuade them to re-license. You instead meant
> writing to oce-dev in order to find other people willing to help to
> persuade Open CASCADE S.A.S. to re-license.
Yes, it is my fault.
> You seem to hav
Hi Noah,
* Alexander Neumann wrote:
> * Noah Meyerhans wrote:
> > I'll see about getting a fixed upgraded for squeeze in the next day or
> > two...
>
> That would be excellent, thanks! And please let me know if I can help you in
> any way.
Did you find time to prepare an update for Squeeze?
Re
Hi Aron,
one more bug I found ... iceweasel/firefox ignores the current ibus plugin.
It works in sakura/gnome-term etc, but not in iceweasel.
It really seems that this ibus 1.5 was not tested *at*all*???
Norbert
PREINING,
72 matches
Mail list logo
