Your message dated Sun, 17 Feb 2013 07:47:29 +
with message-id
and subject line Bug#700669: fixed in pyrad 1.2-1+deb7u2
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing and
packet IDs
to be marked as done.
This means that you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/17/2013 01:19 AM, Jonathan Wiltshire wrote:
> It's traditional to seek approval *before* uploading; more so in this case
> since adding a
patch system is a no-no. The change itself is fine, please upload with this
only. You will
have to bump t
Hi Jeremy
On Sun, Feb 17, 2013 at 12:09:32AM +0100, Jeremy Lainé wrote:
> I have just uploaded the requested version to
> testing-proposed-updates and will get in touch with the release team
> to allow it into wheezy.
Thank you, have seen the mail.
> For squeeze, the package will be exactly the
Hi all
On Sun, Feb 17, 2013 at 12:19:00AM +, Jonathan Wiltshire wrote:
> On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote:
> > Dear release team,
> >
> > Yesterday the following security vulnerability in the "pyrad"
> > package was brought to my attention by Salvatore Bonaccorso:
Processing commands for cont...@bugs.debian.org:
> # Sunday 17 February 07:03:19 UTC 2013
> # Tagging as pending bugs that are closed by packages in NEW
> # http://ftp-master.debian.org/new.html
> #
> # Source package in NEW: href="http://packages.qa.debian.org/camitk";>camitk
> tags 689021 + pe
Package: jenkins
Version: 1.447.2+dfsg-3
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, three vulnerabilities are rated high severity,
one is medium and one is low.
See:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Se
Your message dated Sun, 17 Feb 2013 01:17:30 +
with message-id
and subject line Bug#700535: fixed in fts 1.1-1.1
has caused the Debian Bug report #700535,
regarding fts: several issues w.r.t. configuration file handling
to be marked as done.
This means that you claim that the problem has been
Your message dated Sun, 17 Feb 2013 00:17:05 +
with message-id
and subject line Bug#695224: fixed in perl 5.10.1-17squeeze5
has caused the Debian Bug report #695224,
regarding perl-modules: Locale::Maketext code injection
to be marked as done.
This means that you claim that the problem has be
On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote:
> Dear release team,
>
> Yesterday the following security vulnerability in the "pyrad" package was
> brought to my attention by Salvatore Bonaccorso:
>
> https://security-tracker.debian.org/tracker/CVE-2013-0294
>
> It is tracked in
Processing commands for cont...@bugs.debian.org:
> tags 700215 - pending patch
Bug #700215 [httpie] Documentation is not converted to common documentation
formats
Removed tag(s) pending and patch.
> # sorry, my mistake
> tags 700315 + pending patch
Bug #700315 [rawstudio] rawstudio: please remove
Dear release team,
Yesterday the following security vulnerability in the "pyrad" package was
brought to my attention by Salvatore Bonaccorso:
https://security-tracker.debian.org/tracker/CVE-2013-0294
It is tracked in the following bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700669
I
Your message dated Sat, 16 Feb 2013 23:17:26 +
with message-id
and subject line Bug#700669: fixed in pyrad 1.2-1+deb7u1
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing and
packet IDs
to be marked as done.
This means that you
Hi Salvatore,
I have just uploaded the requested version to testing-proposed-updates and will
get in touch with the release team to allow it into wheezy.
For squeeze, the package will be exactly the same (squeeze / wheezy both have
pyrad 1.2-1), but what should the version number be?
Cheers,
J
Processing commands for cont...@bugs.debian.org:
> # squeeze is not affected
> tags 653883 + wheezy sid
Bug #653883 {Done: Jakub Wilk } [src:python-ldap-doc]
python-ldap-doc: FTBFS: /usr/lib/python2.5/doc/tools/mkhowto: No such file or
directory
Added tag(s) sid and wheezy.
> thanks
Stopping pro
Your message dated Sat, 16 Feb 2013 17:48:17 -0500
with message-id
and subject line re: CSS visited elements allow for disclosure of users browser
history
has caused the Debian Bug report #579136,
regarding CSS visited elements allow for disclosure of users browser history
to be marked as done.
Dear maintainer,
I've prepared an NMU for rawstudio (versioned as 2.0-1.1) which will be
uploaded by Jonathan Wiltshire to DELAYED/2. Please feel free to tell us if we
should delay it longer.
Regards.
Ivo
diff -u rawstudio-2.0/debian/changelog rawstudio-2.0/debian/changelog
--- rawstudio-2.0/de
On Sat, Feb 16, 2013 at 09:29:57PM +0100, Ivo De Decker wrote:
> Hi Jonathan,
>
> On Sat, Feb 16, 2013 at 07:58:06PM +, Jonathan Wiltshire wrote:
> > Ok. Please build a package if you want and I will sponsor it into
> > DELAYED/2; by then the maintainers will have had 1 week to fix this which
Processing commands for cont...@bugs.debian.org:
> notfound 700530 4:4.8.2+dfsg-10
Bug #700530 [src:qt4-x11] qt frames remain empty in kfreebsd since -10 to -11
update
Ignoring request to alter found versions of bug #700530 to the same values
previously set
> thanks
Stopping processing here.
Pl
Your message dated Sat, 16 Feb 2013 20:48:44 +
with message-id
and subject line Bug#697373: fixed in colorhug-client 0.1.11-2
has caused the Debian Bug report #697373,
regarding colorhug-client: must Depends: on librsvg2-common for SVG loading
to be marked as done.
This means that you claim t
Your message dated Sat, 16 Feb 2013 20:47:30 +
with message-id
and subject line Bug#696155: fixed in fglrx-driver 1:10-9-3squeeze1
has caused the Debian Bug report #696155,
regarding fglrx-glx-ia32: fails to upgrade from lenny
to be marked as done.
This means that you claim that the problem h
Your message dated Sat, 16 Feb 2013 20:47:06 +
with message-id
and subject line Bug#688849: fixed in ffmpeg 4:0.5.10-1
has caused the Debian Bug report #688849,
regarding ffmpeg/squeeze/stable: multiple CVEs that need further investigation
to be marked as done.
This means that you claim that
Processing commands for cont...@bugs.debian.org:
> tags 700530 + confirmed
Bug #700530 [src:qt4-x11] qt frames remain empty in kfreebsd since -10 to -11
update
Added tag(s) confirmed.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
700530: http://bugs.debian.org/
On Tue, 29 Jan 2013 17:39:24 +0100, gregor herrmann wrote:
> Same here (with different times, slightly lower values), in both a
> wheezy and a sid chroot ony ma laptop, while a backup is running.
I looked into the code now. lib/IO/Async/Loop/Glib.pm and especially
loop_once() (lines 295 ff.) seem
Hi Jonathan,
On Sat, Feb 16, 2013 at 07:58:06PM +, Jonathan Wiltshire wrote:
> Ok. Please build a package if you want and I will sponsor it into
> DELAYED/2; by then the maintainers will have had 1 week to fix this which I
> think is fair.
The package is available at
http://mentors.debian.ne
On Sat, Feb 16, 2013 at 10:34:51AM +0100, Ivo De Decker wrote:
> Hi Jonathan,
>
> On Wed, Feb 13, 2013 at 01:00:21PM +, Jonathan Wiltshire wrote:
> > On Mon, Feb 11, 2013 at 04:06:44PM +0100, Ivo De Decker wrote:
> > > Control: tags -1 patch
> > >
> > > On Mon, Feb 11, 2013 at 03:53:11PM +010
Source: tty-clock
Version: 1.1-1
Severity: serious
Justification: use-after-free and who knows what else
Hi!
Just saw ttyclock in the wanna-build Needs-Build list for m68k,
and thought to have a look at what it can do (comparison with
my /usr/share/doc/mksh/examples/uhr.gz script, for example),
c
Hello Andreas,
> long ago you had reported #543163 lvm2: Please don't depend on udev
> http://bugs.debian.org/543163
>
> Unfortunately the fix included in squeeze was incomplete (and you
> promptly reopened the bug) as the dependencies in the init script were
> not adjusted accordingly.
>
> I'd li
Your message dated Sat, 16 Feb 2013 19:03:36 +
with message-id
and subject line Bug#700348: fixed in samba4 4.0.3+dfsg1-0.1
has caused the Debian Bug report #700348,
regarding samba4: fails to upgrade from sid: libserver-role.so: version
`SAMBA_4.0.0' not found
to be marked as done.
This mea
Your message dated Sat, 16 Feb 2013 17:47:41 +
with message-id
and subject line Bug#699124: fixed in libbusiness-isbn-perl 2.05-2
has caused the Debian Bug report #699124,
regarding [PATCH] Resolve FTBFS based on new group data
to be marked as done.
This means that you claim that the problem
Processing commands for cont...@bugs.debian.org:
> tag 699124 + pending
Bug #699124 [src:libbusiness-isbn-perl] [PATCH] Resolve FTBFS based on new
group data
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
699124: http://bugs.debian.org/cgi-
tag 699124 + pending
thanks
Some bugs in the libbusiness-isbn-perl package are closed in revision
8316fb44bedf760a3b688027a8648d915339c81f in branch 'master' by gregor
herrmann
The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libbusiness-isbn-perl.git;a=commitdif
Processing commands for cont...@bugs.debian.org:
> found 700597 4.0~a15-1
Bug #700597 [live-config-systemd] systemd-backend fails to install on
non-systemd systems
Marked as found in versions live-config/4.0~a15-1.
> found 700597 3.0.21-1
Bug #700597 [live-config-systemd] systemd-backend fails to
Package: postfix
Version: 2.9.3-2.1
Severity: serious
Postfix 2.9 <= x < 2.9.6 computes completely bogus public key
fingerprints for TLS checks. Please fix this for Wheezy.
Bastian
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'),
Hi Pierre,
long ago you had reported #543163 lvm2: Please don't depend on udev
http://bugs.debian.org/543163
Unfortunately the fix included in squeeze was incomplete (and you
promptly reopened the bug) as the dependencies in the init script were
not adjusted accordingly.
I'd like to get this fix
On 02/16/2013 03:46 PM, Julian Taylor wrote:
> found 700525 2.5.0-2
> thanks
>
>> Hello,
>>
>> Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
>> #700525 (fix by Christophe).
>> The change is basically adding -lblas -llapack -lm to LDFLAGS
>>
>
>
> LDFLAGS is the wrong place
Package: python-numpy
Version: 1:1.6.2-1.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'squeeze'.
It installed fine in 'squeeze', then the upgrade to 'wheezy' fails.
>From the attached log (scr
Source: python-imaging
Version: 1.1.7+1.7.8-2
Severity: serious
Justification: fails to build from source
python-imaging FTBFS on buildds:
| dh_movefiles -ppython-imaging-tk \
| --sourcedir=debian/python-imaging \
| usr/lib/python2.6/$(basename $(_py_=2.6; python${_py_#pyt
Processing commands for cont...@bugs.debian.org:
> found 700525 2.5.0-2
Bug #700525 {Done: Christophe Trophime }
[sundials] sundials: several binary packages not linked properly against blas
and lapack
There is no source info for the package 'sundials' at version '2.5.0-2' with
architecture ''
found 700525 2.5.0-2
thanks
> Hello,
>
> Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
> #700525 (fix by Christophe).
> The change is basically adding -lblas -llapack -lm to LDFLAGS
>
LDFLAGS is the wrong place for this, it must be placed in LIBS or your
build systems eq
Processing control commands:
> severity -1 serious
Bug #690172 {Done: Matthias Klose } [gcc-4.7-base]
gcc-4.7-base: adding Breaks: gcc-4.4-base (<< 4.4.7) ?
Severity set to 'serious' from 'normal'
--
690172: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690172
Debian Bug Tracking System
Cont
Package: python-quantum
Version: 2012.2.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it t
Package: clang-3.2,clang
Version: 1:3.2-1~exp6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because i
Processing control commands:
> affects -1 + fcitx-libs-dev
Bug #700710 [fcitx-libs-gclient] fcitx-libs-gclient: fails to upgrade from
'testing' - trying to overwrite
/usr/lib/x86_64-linux-gnu/libfcitx-gclient.so.0.1
Added indication that 700710 affects fcitx-libs-dev
--
700710: http://bugs.deb
Package: fcitx-libs-gclient
Version: 1:4.2.7-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + fcitx-libs-dev
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'si
Your message dated Sat, 16 Feb 2013 13:47:32 +
with message-id
and subject line Bug#695866: fixed in lintian 2.5.10.4
has caused the Debian Bug report #695866,
regarding lintian: regression in memory usage or memory leak
to be marked as done.
This means that you claim that the problem has bee
Processing commands for cont...@bugs.debian.org:
> tags 699892 + pending
Bug #699892 [pan] pan: Incompatible license: GPLv2 binary linked against
LGPLv3+ library
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
699892: http://bugs.debian.org/
Processing control commands:
> tag -1 pending
Bug #693984 [libzorpll-dev] libzorpll-dev: fails to upgrade lenny -> squeeze -
trying to overwrite /usr/include/zorp/streamblob.h
Added tag(s) pending.
--
693984: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693984
Debian Bug Tracking System
Con
Control: tag -1 pending
On 2013-02-16 00:46, Andreas Beckmann wrote:
> A proposed patch is attached, I intend to NMU libzorpll once that
> request was accepted. Unfortunately p-u-NEW will close on Monday for the
> next point release that is scheduled for 23rd, so I can probably only
> upload this
Your message dated Sat, 16 Feb 2013 13:00:08 +
with message-id
and subject line Bug#681654: fixed in kstars-data-extra-tycho2 1.1r1-9
has caused the Debian Bug report #681654,
regarding kstars-data-extra-tycho2: should be moved to non-free
to be marked as done.
This means that you claim that
Your message dated Sat, 16 Feb 2013 12:59:42 +0100
with message-id <511f74ae.6000...@gambaru.de>
and subject line Done
has caused the Debian Bug report #691452,
regarding lgc-pg: ships non-free files in contrib
to be marked as done.
This means that you claim that the problem has been dealt with.
I
On Sat, 2013-02-16 at 12:03 +0100, Andreas Beckmann wrote:
> On 2013-02-16 11:09, Adam D. Barratt wrote:
> > Does "should be fixable" mean you haven't tested your patch? It looks
> > okay but I'd really feel happier knowing it had been tested...
>
> The fusionforge packages are not really in a goo
Processing control commands:
> found -1 2.5.9
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Marked as found in versions lintian/2.5.9.
> tags -1 pending
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Added tag(s) pending.
--
695866: http://bug
Control: found -1 2.5.9
Control: tags -1 pending
On 2013-02-16 11:34, Niels Thykier wrote:
> [...]
>
> It seems that (part of) this leak can be triggered with something like:
>
> $LAB->visit_packages (sub {
> my ($entry) = @_;
> while (1) {
> eval { $entry->info->index (
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hello,
Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
#700525 (fix by Christophe).
The change is basically adding -lblas -llapack -lm to LDFLAGS
debdiff attached.
Th
On Fri, Feb 15, 2013 at 11:12:57PM +0100, Kurt Roeckx wrote:
> On Fri, Feb 15, 2013 at 09:27:14AM +0100, Thijs Kinkhorst wrote:
> > Hi wb-team,
> >
> > I read in this bug log that most aspects of wheezy-security have been
> > taken care of, but Philipp reported on Jan 4 that the buildds still need
On 2013-02-16 11:09, Adam D. Barratt wrote:
> On Sat, 2013-02-16 at 01:34 +0100, Andreas Beckmann wrote:
>> that should be fixable by adding to gforge-web-apache2
>> Breaks/Replaces: gforge-common (<< 4.8)
>
> Does "should be fixable" mean you haven't tested your patch? It looks
> okay but I'd r
Hi Jeremy
Thanks for already fixing the issue for pyrad in unstable. As the
debdiff between 1.2-1 and 2.0-2 looks quite big, it cannot be a
candidate for a unblock per se to testing.
Could you prepare also a package targetting wheezy (versioned as
1.2-1+deb7u1) only containing the changes to fix
Control: tags -1 confirmed
On 2012-12-13 21:26, Niels Thykier wrote:
>> [...]
>
> top tells me that Lintian starts its memory usage at about 450MB/300MB
> and ends at about 620MB/450MB[1]. During this interval, Lintian
> processed about 512 groups[2].
>
> Assuming the entire change is a leak, L
Processing control commands:
> tags -1 confirmed
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Added tag(s) confirmed.
--
695866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSU
Your message dated Sat, 16 Feb 2013 10:32:09 +
with message-id
and subject line Bug#696375: fixed in gmime2.2 2.2.25-2+squeeze1
has caused the Debian Bug report #696375,
regarding mono-gac: fails to upgrade from lenny if libgmime2.2-cil is still
installed
to be marked as done.
This means tha
Processing commands for cont...@bugs.debian.org:
> # improve subject
> retitle 700669 pyrad: CVE-2013-0294: potentially predictable password hashing
> and packet IDs
Bug #700669 {Done: Jeremy Lainé } [pyrad] pyrad:
CVE-2013-0294: potentially predictable password hashing
Changed Bug title to 'pyr
Your message dated Sat, 16 Feb 2013 09:48:04 +
with message-id
and subject line Bug#700525: fixed in sundials 2.5.0-2
has caused the Debian Bug report #700525,
regarding sundials: several binary packages not linked properly against blas
and lapack
to be marked as done.
This means that you cl
Hi Jonathan,
On Wed, Feb 13, 2013 at 01:00:21PM +, Jonathan Wiltshire wrote:
> On Mon, Feb 11, 2013 at 04:06:44PM +0100, Ivo De Decker wrote:
> > Control: tags -1 patch
> >
> > On Mon, Feb 11, 2013 at 03:53:11PM +0100, Ivo De Decker wrote:
> > > You package rawstudio has a (build) dependency
Your message dated Sat, 16 Feb 2013 09:33:18 +
with message-id
and subject line Bug#700669: fixed in pyrad 2.0-2
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing
to be marked as done.
This means that you claim that the problem
Le mardi 12 février 2013 14:26:18, Dominique Dumont a écrit :
> Since this is the first time I'm dealing with a trciky licensing issue,
> I'd like some folks from debian-legal mailing list to confirm my opinion.
As mentioned here [1], my proposal is a bad idea. GPL license is transitive.
Since a
Processing commands for cont...@bugs.debian.org:
> reopen #694473 =
Bug #694473 {Done: Ondřej Surý } [libapache2-mod-php5]
session extension causes endless recursion after graceful reload
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared,
16.02.2013 12:18, Michael Tokarev wrote:
> Control: tag -1 + patch
>
> The attached patch fixes the issue. It uses st.st_mode as a base
> when creating a new file (falling back to usual 0666 when dealing
> with stdin). It also uses the same stat attributes as used when
> creating the file.
And
Control: tag -1 + patch
The attached patch fixes the issue. It uses st.st_mode as a base
when creating a new file (falling back to usual 0666 when dealing
with stdin). It also uses the same stat attributes as used when
creating the file.
One more thing which is good to have here (it is also pot
Processing control commands:
> tag -1 + patch
Bug #700608 [pigz] pigz creates temp files with too wide permissions
(CVE-2013-0296)
Added tag(s) patch.
--
700608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
T
69 matches
Mail list logo
