Processing commands for cont...@bugs.debian.org:
> tags 700669 + patch
Bug #700669 [pyrad] pyrad: CVE-2013-0294: potentially predictable password
hashing
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700669: http://bugs.debian.org/cgi-bin/bu
Control: retitle -1 pyrad: CVE-2013-0294: potentially predictable password
hashing
Hi
CVE-2013-0295 was rejected and only CVE-2013-0294 to be used for both
issues.
http://marc.info/?l=oss-security&m=136099660015589&w=2
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@
Processing control commands:
> retitle -1 pyrad: CVE-2013-0294: potentially predictable password hashing
Bug #700669 [pyrad] pyrad: CVE-2013-0294 and CVE-2013-0295
Changed Bug title to 'pyrad: CVE-2013-0294: potentially predictable password
hashing' from 'pyrad: CVE-2013-0294 and CVE-2013-0295'
Control: retitle -1 pigz creates temp files with too wide permissions
(CVE-2013-0296)
This issue has been assigned CVE-2013-0296.
Thanks,
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processing control commands:
> retitle -1 pigz creates temp files with too wide permissions (CVE-2013-0296)
Bug #700608 [pigz] CVE-2013-0296: pigz creates temp files with too wide
permissions
Changed Bug title to 'pigz creates temp files with too wide permissions
(CVE-2013-0296)' from 'CVE-2013-
Control: retitle -1 CVE-2013-0296: pigz creates temp files with too wide
permissions
Hi
On Fri, Feb 15, 2013 at 12:30:09PM +0400, Michael Tokarev wrote:
> When asked to compress a file with restricted permissions (like
> mode 0600), the .gz file pigz creates while doing this has
> usual mode der
Processing control commands:
> retitle -1 CVE-2013-0296: pigz creates temp files with too wide permissions
Bug #700608 [pigz] pigz creates temp files with too wide permissions
Changed Bug title to 'CVE-2013-0296: pigz creates temp files with too wide
permissions' from 'pigz creates temp files wit
Processing commands for cont...@bugs.debian.org:
> severity 680436 serious
Bug #680436 [src:sra-sdk] sra-sdk: FTBFS: gcc/i386/atomic32.h:125:5: error:
impossible constraint in 'asm'
Ignoring request to change severity of Bug 680436 to the same value.
> thanks
Stopping processing here.
Please con
severity 680436 serious
thanks
Just set the Architecture field of the source package if you
do not want to have it build on all architectures, then.
But an Architecture: any package that fails to build on some
architectures *by design* since it needs to positively be
ported to every single new ar
Processing commands for cont...@bugs.debian.org:
> severity 680436 serious
Bug #680436 [src:sra-sdk] sra-sdk: FTBFS: gcc/i386/atomic32.h:125:5: error:
impossible constraint in 'asm'
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assist
Followup-For: Bug #696369
Control: tag -1 patch
Hi,
I'm attaching a patch that should fix this file conflict. I checked the
packages on snapshot.d.o to find the point where the files were moved
around.
I also asked to fix this issue via PU: http://bugs.debian.org/700675
I'd offer to NMU, but I p
Processing control commands:
> tag -1 patch
Bug #696369 [gforge-web-apache2] gforge-web-apache2: fails to upgrade from
'lenny' - trying to overwrite /usr/share/gforge/www/include/vote_function.php
Added tag(s) patch.
--
696369: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696369
Debian Bug
Your message dated Sat, 16 Feb 2013 01:00:12 +
with message-id
and subject line Bug#700398: fixed in ocl-icd 2.0.2-1
has caused the Debian Bug report #700398,
regarding ocl-icd: FTBFS at FAIL: tests/03-check-own-ICD-loader.sh
to be marked as done.
This means that you claim that the problem ha
Your message dated Sat, 16 Feb 2013 01:00:17 +
with message-id
and subject line Bug#697697: fixed in ecere-sdk 0.44.03-1
has caused the Debian Bug report #697697,
regarding ecere-sdk: binary package conflict with eclib
to be marked as done.
This means that you claim that the problem has been
Your message dated Sat, 16 Feb 2013 01:00:04 +
with message-id
and subject line Bug#694030: fixed in skytools3 3.1.3-1
has caused the Debian Bug report #694030,
regarding skytools3: FTBFS: unsatisfiable build-dependency:
postgresql-server-dev-8.4
to be marked as done.
This means that you cla
Your message dated Sat, 16 Feb 2013 01:00:04 +
with message-id
and subject line Bug#644540: fixed in skytools3 3.1.3-1
has caused the Debian Bug report #644540,
regarding skytools3: FTBFS:
/usr/lib/postgresql/9.1/lib/pgxs/src/makefiles/pgxs.mk: No such file or
directory
to be marked as done.
Your message dated Sat, 16 Feb 2013 00:02:39 +
with message-id
and subject line Bug#700526: fixed in mksh 42b-1
has caused the Debian Bug report #700526,
regarding mksh-static breaks debconf
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not t
Followup-For: Bug #693984
Hi,
I have just asked the SRM for fixing via s-p-u:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700672
and this will be granted very likely.
A proposed patch is attached, I intend to NMU libzorpll once that
request was accepted. Unfortunately p-u-NEW will close on
Processing commands for cont...@bugs.debian.org:
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 700527 piuparts
There were no usertags set.
Usertags are now: piuparts.
> affects 700527 + movabletype-opensource
Bug #700527 [libjs-jquer
Package: ruby
Version: 4.9
Severity: serious
Justification: breaks squeeze->wheezy upgrades
The transition of the default version from ruby1.8 to ruby1.9.1 causes
the upgrade from squeeze to wheezy to fail if apt-listbugs is installed.
After replacing squeeze with wheezy in /etc/apt/sources.list a
Package: cltl
Version: 1.0.26
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
[Note: this bug is slightly different from the other bugs where the
copyright file is missing after an upgrade, but I didn't have time to
analyze and test it further, so you are getting a maybe not
Package: pyrad
Version: 2.0-1
Severity: grave
Tags: security
Control: found -1 1.2-1
Hi,
the following vulnerabilities were published for pyrad.
CVE-2013-0294[0]:
potentially predictable password hashing
CVE-2013-0295[1]:
CreateID() creates serialized packet IDs for RADIUS
Note: it's currently
Processing control commands:
> found -1 1.2-1
Bug #700669 [pyrad] pyrad: CVE-2013-0294 and CVE-2013-0295
There is no source info for the package 'pyrad' at version '1.2-1' with
architecture ''
Unable to make a source version for version '1.2-1'
Marked as found in versions 1.2-1.
--
700669: http
On Fri, Feb 15, 2013 at 09:27:14AM +0100, Thijs Kinkhorst wrote:
> Hi wb-team,
>
> I read in this bug log that most aspects of wheezy-security have been
> taken care of, but Philipp reported on Jan 4 that the buildds still need
> to be taken care of. Can something be said about the progress of tha
Processing commands for cont...@bugs.debian.org:
> found 700638 0.76-1
Bug #700638 [libdbus-glib-1-2] CVE-2013-0292: authentication bypass due to
insufficient checks in dbus-glib < 0.100.1
Marked as found in versions dbus-glib/0.76-1.
> thanks
Stopping processing here.
Please contact me if you n
Your message dated Fri, 15 Feb 2013 21:32:43 +
with message-id
and subject line Bug#694301: fixed in gnome-settings-daemon 3.6.4-1
has caused the Debian Bug report #694301,
regarding gnome-settings-daemon: ibus integration makes ibus useless
to be marked as done.
This means that you claim tha
Processing control commands:
> affects -1 + koffice koffice-data
Bug #700667 [calligrasheets] calligrasheets: fails to upgrade from squeeze -
trying to overwrite /usr/share/templates/SpreadSheet.desktop
Added indication that 700667 affects koffice and koffice-data
--
700667: http://bugs.debian.
Your message dated Fri, 15 Feb 2013 21:00:42 +
with message-id
and subject line Bug#691451: fixed in lgeneral 1.2.3+dfsg-1
has caused the Debian Bug report #691451,
regarding lgeneral: ships non-free files in contrib
to be marked as done.
This means that you claim that the problem has been de
Your message dated Fri, 15 Feb 2013 21:00:42 +
with message-id
and subject line Bug#690683: fixed in lgeneral 1.2.3+dfsg-1
has caused the Debian Bug report #690683,
regarding lgeneral: Unusable due to missing game data converter and outdated
to be marked as done.
This means that you claim tha
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these lines ***
-- Package-specific info:
Boot method: CD
Image version: wheezy-DI-b4-amd64-netinst, wheezy-DI-20130215-5-amd64-netinst
Date: Fri 2013-02-15 19:00 UTC
Your message dated Fri, 15 Feb 2013 21:19:19 +0100
with message-id <20130215201919.GA14993@elende>
and subject line Re: Bug#700548: padre: Failed to start: Can't locate object
method "select" via package "Padre::DB::SyntaxHighlight"
has caused the Debian Bug report #700548,
regarding padre: Failed
Processing commands for cont...@bugs.debian.org:
> fixed 661018 3.1.0~rc2-2
Bug #661018 [src:spatialite] FTBS due to new freexl
Marked as fixed in versions spatialite/3.1.0~rc2-2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
661018: http://bugs.debian.org/cgi-b
Hi
(Hmm, strange I have not recieved this followup)
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
> Which allowed a shell accessible via netcat on port 1337 with the version
> present in squeeze (1.24.2-8).
>
> With a package built with the patch applied, I was not able to r
On Fri, 2013-02-15 at 20:20 +0100, Salvatore Bonaccorso wrote:
> On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote:
> > Upstream released 1.8.6 with the patches, I have them staged in git
> > and am discussing with the release team what other fixes can get in
> > wheezy.
>
> Did you he
Processing commands for cont...@bugs.debian.org:
> tags 684654 + moreinfo
Bug #684654 [fglrx-legacy-driver] [fglrx-legacy-driver] Xorg shows blank screen
with fglrx legacy driver
Bug #684655 [fglrx-legacy-driver] [fglrx-legacy-driver] Xorg shows blank screen
with fglrx legacy driver
Added tag(s)
Your message dated Fri, 15 Feb 2013 19:17:46 +
with message-id
and subject line Bug#700526: fixed in mksh 40.9.20120630-7
has caused the Debian Bug report #700526,
regarding mksh-static breaks debconf
to be marked as done.
This means that you claim that the problem has been dealt with.
If thi
Hi Timo
On Thu, Feb 07, 2013 at 12:51:59AM +0200, Timo Aaltonen wrote:
> On 03.02.2013 23:59, Moritz Mühlenhoff wrote:
> >On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
> >>On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
> >>>Hi Timo
> >>>
> >>>On Thu, Jan 24, 2013 at 08:46:43PM +
Your message dated Fri, 15 Feb 2013 19:00:10 +
with message-id
and subject line Bug#698151: fixed in libguestfs 1:1.20.1-2
has caused the Debian Bug report #698151,
regarding libguestfs: FTBFS in unstable due to dropped fuse-utils
(Build-Depends)
to be marked as done.
This means that you cla
Processing commands for cont...@bugs.debian.org:
> found 700638 0.88-2.1
Bug #700638 [libdbus-glib-1-2] CVE-2013-0292: authentication bypass due to
insufficient checks in dbus-glib < 0.100.1
Marked as found in versions dbus-glib/0.88-2.1.
> thanks
Stopping processing here.
Please contact me if y
found 700638 0.88-2.1
thanks
On 15/02/13 17:44, Simon McVittie wrote:
> pam_fprintd is not present in stable or oldstable, but I'll check whether
> this bug was present in those versions of dbus-glib, in case there are other
> exploitation vectors.
I can confirm that this bug is present in the ve
Processing control commands:
> fixed -1 0.100.1-1
Bug #700638 [libdbus-glib-1-2] CVE-2013-0292: authentication bypass due to
insufficient checks in dbus-glib < 0.100.1
There is no source info for the package 'libdbus-glib-1-2' at version
'0.100.1-1' with architecture ''
Unable to make a source v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libdbus-glib-1-2
Version: 0.100-1
Severity: critical
Tags: upstream patch security
Justification: root security hole
Control: fixed -1 0.100.1-1
Sebastian Krahmer discovered and published an authentication bypass
vulnerability in pam_fprint
Processing commands for cont...@bugs.debian.org:
> notfound 700526 mksh/40.9.20120630-4
Bug #700526 [mksh] mksh-static breaks debconf
Ignoring request to alter found versions of bug #700526 to the same values
previously set
> found 700526 mksh/40.9.20120630-5
Bug #700526 [mksh] mksh-static breaks
/home/debuser# apt-get install --reinstall
padre
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not
upgraded.
Need to get 0 B/1,326 kB of archives.
After this operation, 0 B of addit
Your message dated Fri, 15 Feb 2013 15:39:19 +0100
with message-id <20130215143918.ga29...@gaara.hadrons.org>
and subject line Re: Bug#700609: dpkg: /var/lib/dpkg/arch is a configuration
file, and should be in /etc/dpkg
has caused the Debian Bug report #700609,
regarding dpkg: /var/lib/dpkg/arch i
Processing control commands:
> found -1 1.8.1-1
Bug #625956 {Done: Matthias Klose } [src:doxygen] src:doxygen:
missing source for src/jquery.js
Marked as found in versions doxygen/1.8.1-1 and reopened.
--
625956: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625956
Debian Bug Tracking System
Control: found -1 1.8.1-1
doxygen 1.8.1 and later versions include minified jQuery 1.7.1, but
Debian package include source only for jQuery 1.3.2.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@li
Processing commands for cont...@bugs.debian.org:
> unarchive 625956
Bug #625956 {Done: Matthias Klose } [src:doxygen] src:doxygen:
missing source for src/jquery.js
Unarchived Bug 625956
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
625956: http://bugs.debian.or
Hi,
Daniel Kahn Gillmor wrote (08 Feb 2013 19:03:48 GMT) :
> now that i have a volunteer other than myself to test it, i will wait
> until i hear back from you :)
I've been using the proposed msva-perl's integration into the SSH
client for a week and have not experienced any regression.
> meanwh
Your message dated Fri, 15 Feb 2013 12:17:11 +
with message-id
and subject line Bug#699887: fixed in polarssl 0.12.1-1squeeze1
has caused the Debian Bug report #699887,
regarding TLS timing attack in polarssl (Lucky 13)
to be marked as done.
This means that you claim that the problem has been
Processing commands for cont...@bugs.debian.org:
> retitle 700597 systemd-backend fails to install on non-systemd systems
Bug #700597 [live-config-systemd] live-config-systemd: fails to install in a
chroot on a non-systemd host
Changed Bug title to 'systemd-backend fails to install on non-systemd
retitle 700597 systemd-backend fails to install on non-systemd systems
severity 700597 minor
thanks
On 02/15/2013 11:49 AM, Andreas Beckmann wrote:
It's the only package with such a requirement (i.e. host is running
systemd, just depending on systemd is fine) making it untestable by
piuparts :-(
Processing control commands:
> retitle -1 live-config-systemd: fails to install in a chroot on a non-systemd
> host
Bug #700597 [live-config-systemd] live-config-systemd: fails to install:
post-installation script returned error exit status 1
Changed Bug title to 'live-config-systemd: fails to i
Control: retitle -1 live-config-systemd: fails to install in a chroot on a
non-systemd host
On 2013-02-15 11:28, Daniel Baumann wrote:
> On 02/15/2013 11:03 AM, Andreas Beckmann wrote:
>> Reproducible in a chroot on a non-systemd host:
>
> you're not supposed to install live-config-systemd on a
Package: nova-common
Version: 2012.2.2-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid'.
It installed fine in 'sid', then the upgrade to 'experimental' fails.
>From the attached log (scroll
Followup-For: Bug #677080
Hi,
the problem has reappeared in experimental, upgrading from sid to
experimental fails:
Setting up glance-common (2012.2.1-1) ...
/var/lib/dpkg/info/glance-common.postinst: 536: .: Can't open
/usr/share/dbconfig-common/dpkg/postinst
dpkg: error processing glanc
Processing commands for cont...@bugs.debian.org:
> tags 700341 + pending
Bug #700341 [src:fonts-ipafont] fonts-ipafont: does not remove
ttf-japanese-*.ttf alternatives on upgrades from squeeze
Added tag(s) pending.
> tags 700511 + moreinfo
Bug #700511 {Done: Andreas Beckmann } [ca-certificates-ja
On 02/15/2013 11:03 AM, Andreas Beckmann wrote:
Reproducible in a chroot on a non-systemd host:
you're not supposed to install live-config-systemd on a non-systemd host
in the first place, which is why the package has a depends against systemd.
--
Address:Daniel Baumann, Donnerbuehlw
On 2013-02-15 09:43, Daniel Baumann wrote:
> not reproducible in a chroot and not reproducible on a real system with
> version 4.0~a14-1, closing.
Reproducible in a chroot on a non-systemd host:
# systemctl enable live-config.service ; echo $?
1
# systemctl --no-reload enable live-config.service
Hi,
Le jeudi 14 février 2013 à 20:12 +, Jo Shields a écrit :
> > * We can make the library raise a warning or exception when
> > someone tries to use the class.
>
> Huh, so currently it just crashes. I thought it just rendered a white
> control - I guess that was the behaviour
Your message dated Fri, 15 Feb 2013 09:43:14 +0100
with message-id <511df522.90...@progress-technologies.net>
and subject line Re: live-config-systemd: fails to install: post-installation
script returned error exit status 1
has caused the Debian Bug report #700597,
regarding live-config-systemd: f
Package: pigz
Version: 2.2.4-1
Severity: serious
Tags: security
When asked to compress a file with restricted permissions (like
mode 0600), the .gz file pigz creates while doing this has
usual mode derived from umask (like 0644). If the file is
large enough (and why we would use pigz instead of
Package: dpkg
Version: 1.16.9
Justification: Policy 10.7.2
Severity: serious
Dear Maintainer,
To me, it seems that the file 'arch', which is currently in /var/lib/dpkg,
is a configuration file, which means it should be in /etc/dpkg.
Kind reagards,
Rogier.
-- System Information:
Debian Release
Hi wb-team,
I read in this bug log that most aspects of wheezy-security have been
taken care of, but Philipp reported on Jan 4 that the buildds still need
to be taken care of. Can something be said about the progress of that? How
far along are we?
It would be great if we could have a guinea pig s
Package: libunwind
Version: 1.0.1-4
Severity: serious
Hi,
libunwind FTBFS on armel and armhf, but has built there previously
making them "out of date". The last couple of lines from buildd.d.o
looks something like this[1]:
"""
/bin/bash ../libtool --tag=CC --mode=link gcc -g -O2 -Wformat
-W
65 matches
Mail list logo
