Package: chicken
Severity: grave
Tags: security
Hi,
multiple security issues have been found in chicken. Please see here for more
information: http://marc.info/?l=oss-security&m=136030422026406&w=2
These are fixed in sid, but if simple, isolated backports of the changes
can be identified, we coul
On Mon, Mar 4, 2013 at 4:49 PM, Josselin Mouette wrote:
> Le dimanche 03 mars 2013 à 12:35 +0800, Chow Loong Jin a écrit :
>> On 03/03/2013 05:27, Josselin Mouette wrote:
>> > I’m not using banshee so I didn’t test it, but the bug should be fixed
>> > by the attached patch.
>>
>> Thanks for the pa
On Sun, Mar 03, 2013 at 01:04:32AM +, Dominic Hargreaves wrote:
> On Sat, Mar 02, 2013 at 03:57:50PM +, Dominic Hargreaves wrote:
> > Dear maintainer,
> >
> > I've prepared an NMU for syslog-ng (versioned as 3.3.6-1.1) and
> > uploaded it to DELAYED/4. Please feel free to tell me if I
> >
Hello,
is this bug still reproducible on Wheezy?
Thanks in advance,
Regards.
--
Alessio Treglia | www.alessiotreglia.com
Debian Developer | ales...@debian.org
Ubuntu Core Developer| quadris...@ubuntu.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A
--
To UNSUBSCRIBE
Package: eucalyptus
Severity: grave
Tags: security
Hi,
please see http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: moodle
Severity: grave
Tags: security
Hi,
the following security issues need to be fixed in Moodle:
(unfortunately testing differs from sid, so both need to be fixed :-/ )
CVE-2012-6098:
https://moodle.org/mod/forum/discuss.php?d=220158
CVE-2012-6099:
https://moodle.org/mod/forum/discus
On Tue, 2013-03-05 at 21:05 +0100, Michael Biebl wrote:
> On 03.03.2013 22:53, Michael Biebl wrote:
> >
> > Seeing the poor handling of symlinked conffiles, I'm wondering if we
> > should also remove them for the other affected packages, which do that:
[...]
> After a closer look, all those packag
I didn't pay enough attention while reporting the bug.
I upgraded from version 2.9.6-1 to 2.10.0-1 and sasl started working (for me)
I downgraded _only_ postfix and everything started working again.
ix:/tmp# dpkg -i postfix_2.9.6-1_i386.deb
dpkg: warning: downgrading postfix from 2.10.0-1 to 2.9.6
Your message dated Tue, 05 Mar 2013 21:32:32 +
with message-id
and subject line Bug#696642: fixed in ifupdown 0.7.40
has caused the Debian Bug report #696642,
regarding ifupdown: fails to bring up eth0.xx alias in bridge/vlan setup
to be marked as done.
This means that you claim that the prob
Your message dated Tue, 05 Mar 2013 21:32:32 +
with message-id
and subject line Bug#695906: fixed in ifupdown 0.7.40
has caused the Debian Bug report #695906,
regarding ifupdown: removal of /etc/network/interfaces is not preserved
to be marked as done.
This means that you claim that the probl
On Tue, Mar 05, 2013 at 08:28:32PM +0100, Michael Stapelberg wrote:
> Roger Leigh writes:
> > The reason for this change is that with file-rc now using insserv
> > to maintain the links in part, it is not really meaningful to
> > "restore" the links. Both file-rc and sysv-rc use insserv, and so
>
On Mon, 2013-03-04 at 18:02 +, Guido Günther wrote:
> libvirt (0.9.12-8) unstable; urgency=low
> .
>* [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
> instances. This makes sure we don't chown files to groups possibly used
> by other programs. (Closes: #7016
On 03.03.2013 22:53, Michael Biebl wrote:
>
> Seeing the poor handling of symlinked conffiles, I'm wondering if we
> should also remove them for the other affected packages, which do that:
>
> acpid:
> /etc/systemd/system/sockets.target.wants/acpid.socket
> avahi-daemon:
> /etc/systemd/system/d
Package: postfix
Version: 2.9.6-1
Severity: grave
Justification: renders package unusable
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=
Your message dated Tue, 05 Mar 2013 19:32:38 +
with message-id
and subject line Bug#700389: fixed in frog 0.12.16-4
has caused the Debian Bug report #700389,
regarding libtimbl3-dev: Broken dependencies make other packages FTBFS (needs
ticcutils/StringOps.h from libticcutils1-dev)
to be marke
Hi Roger,
Sorry for replying late.
Roger Leigh writes:
> The reason for this change is that with file-rc now using insserv
> to maintain the links in part, it is not really meaningful to
> "restore" the links. Both file-rc and sysv-rc use insserv, and so
Could you elaborate on that, please? I d
Processing commands for cont...@bugs.debian.org:
> close 702221 5.3.3-7+squeeze15
Bug #702221 {Done: Ondřej Surý } [php5] php5: CVE-2013-1635
CVE-2013-1643
Marked as fixed in versions php5/5.3.3-7+squeeze15.
Bug #702221 {Done: Ondřej Surý } [php5] php5: CVE-2013-1635
CVE-2013-1643
Bug 702221 is
Your message dated Tue, 05 Mar 2013 17:47:50 +
with message-id
and subject line Bug#624507: fixed in gvfs 1.15.4-1
has caused the Debian Bug report #624507,
regarding gvfsd-metadata: gvfsd-metadata creates a large amount of NFS network
I/O on NFS-mounted user home directory
to be marked as do
Your message dated Tue, 05 Mar 2013 17:47:50 +
with message-id
and subject line Bug#624507: fixed in gvfs 1.15.4-1
has caused the Debian Bug report #624507,
regarding Started looping and continuously rewriting metadata file
to be marked as done.
This means that you claim that the problem has
❦ 3 mars 2013 00:28 CET, Holger Levsen :
>> > Here is my proposition:
>> > http://anonscm.debian.org/gitweb/?p=pkg-roundcube/roundcube.git;a=commitd
>> > iff;h=15f5a10444c9d4c8bf7b3e83a82dd6f9e2a4b384
>
> seems right, yes, but it misses a pointer to instructions how to upgrade to a
> working i
On 2013-03-04 22:01:21, Julien Cristau wrote:
> On Sun, Mar 3, 2013 at 23:08:27 +0100, Sebastian Ramacher wrote:
>
> > -Build-Depends: libglib2.0-dev (>= 2.4), libevent-dev, gnutls-dev |
> > libgnutls-dev, po-debconf, libpurple-dev, libotr2-dev, debhelper (>=
> > 6.0.7~), asciidoc
> > +Build-De
Your message dated Tue, 05 Mar 2013 15:18:08 +
with message-id
and subject line Bug#661342: fixed in python-gevent 0.13.6-1+nmu2
has caused the Debian Bug report #661342,
regarding python-gevent-dbg: fails to import
to be marked as done.
This means that you claim that the problem has been de
Your message dated Tue, 05 Mar 2013 15:18:08 +
with message-id
and subject line Bug#661342: fixed in python-gevent 0.13.6-1+nmu2
has caused the Debian Bug report #661342,
regarding python-gevent-dbg: Need to build debugging versions
to be marked as done.
This means that you claim that the pro
Package: icu
Severity: grave
Tags: security
Justification: user security hole
Hi Jay,
Google fixed a security issue in icu, which is embedded in Chrome:
http://googlechromereleases.blogspot.de/2013/02/stable-channel-update_21.html
| [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to
Processing commands for cont...@bugs.debian.org:
> tags 685243 + pending
Bug #685243 {Done: Benjamin Drung } [vlc-nox] breaks
squeeze-wheezy upgrade into very bad state
Bug #693695 {Done: Benjamin Drung } [vlc-nox] general:
"error while loading shared libraries" on system upgrade
Added tag(s) pe
Hi Raphael, Ganglia maintainers
On Thu, Feb 21, 2013 at 02:50:13PM +0100, Raphael Geissert wrote:
> The other operations related to views (in views_view.php) are all
> still vulnerable to XSS via the view_name GET parameter.
Also reported this now to upstream issue tracker, sorry for the delay.
On 04/03/13 23:37, Jonathan Wiltshire wrote:
> The problem is apparently introduced in r83855 and at this stage, I do not
> believe it affects stable, though I would not be confident enough to be sure
> yet.
Stable is based on 1.15.5, branched on r48811
It "only" affects since mediawiki 1.18
--
Processing commands for cont...@bugs.debian.org:
> tag 702336 +moreinfo
Bug #702336 [openxenmanager] virtual console not working, black screen
Added tag(s) moreinfo.
> severity 702336 normal
Bug #702336 [openxenmanager] virtual console not working, black screen
Severity set to 'normal' from 'serio
tag 702336 +moreinfo
severity 702336 normal
thanks
On Tuesday 05 March 2013 06:14 PM, Daniel Pocock wrote:
> I can connect to my Xen server (also running on another wheezy) and
> perform various administrative tasks
>
> However, whenever I click on the virtual console tab for any domU, it is
> jus
Package: openxenmanager
Version: 0.r80+dfsg-4
Severity: serious
I can connect to my Xen server (also running on another wheezy) and
perform various administrative tasks
However, whenever I click on the virtual console tab for any domU, it is
just a black window, nothing appears
The domUs are PV
Hi,
On 05/03/13 03:26, Jeff Epler wrote:
> On Sun, Mar 03, 2013 at 12:20:57PM +, Steven Chamberlain wrote:
>>> #5 0x000800d21f2c in *__GI___libc_free (mem=) at
>>> malloc.c:3736
>>> ar_ptr = 0x800ff3240
>>> p =
>>> #6 0x000800844a79 in gvFreeContext () from /usr/lib
Your message dated Tue, 05 Mar 2013 11:22:02 +0100
with message-id <20130305102202.3793.92...@auryn.jones.dk>
and subject line Fixed in 0.75-1
has caused the Debian Bug report #627174,
regarding sd: failing tests in t/sd-usage.t
to be marked as done.
This means that you claim that the problem has
Processing commands for cont...@bugs.debian.org:
> package checkinstall
Limiting to bugs with field 'package' containing at least one of 'checkinstall'
Limit currently set to 'package':'checkinstall'
> tag 702314 patch pending
Bug #702314 [checkinstall] checkinstall aborts with illegal instructio
package checkinstall
tag 702314 patch pending
thanks
Hi,
I can reproduce this on amd64 and i386. The following is from
fisher.debian.org (i386):
/bin/dash -c
'LD_PRELOAD=/home/lindi/debian/debian-checkinstall/checkinstall-1.6.2/installwatch/installwatch.so
exec cat /etc/motd'
Illegal instructi
[Added upstream support address to CC]
Hi,
Coin3D developers - this relates to a license issue in the Debian Linux
distribution concerning the linking of Coin3D to code licensed in a
GPL-incompatible manner. Later releases of Coin3D were relicensed under
a BSD license, but it is unclear wheth
On 05.03.2013 08:06, Anton Gladky wrote:
Looking again at coin3-library and trying to get a newer version, I
realized, that the latest available version is the same as in
Debian, 3.1.3. This version, seems, has been released in 2010,
when the license was GPL.
The last commit into VCS was in Dece
Processing commands for cont...@bugs.debian.org:
> found 656088 5.2.1+20130227-1
Bug #656088 [gforge-web-apache2] gforge-web-apache2: prompting due to modified
conffiles which where not modified by the user
Marked as found in versions fusionforge/5.2.1+20130227-1.
> thanks
Stopping processing her
Processing commands for cont...@bugs.debian.org:
> found 699622 1.1.1~a021+cvs20130302-1
Bug #699622 [freewnn-cserver,freewnn-jserver,freewnn-kserver] freewnn-cserver,
freewnn-jserver, freewnn-kserver: fails to install: chown: cannot access
'/var/lib/wnn/xx_YY/dic': No such file or directory
Mar
>> Only (and only) if midgard2-core[0] and php5-midgard2[1] are
>> distributed together.
>
> Why?
Because php5-midgard2 provides language bindings to midgard2 content repository.
Unfortunately there's no php-gir bindings. Testing distribution has
midgard2-core 10.05.7 and php5-midgard2 10.05.6. Bo
I reported a removal bug #702193 [1].
Looking again at coin3-library and trying to get a newer version, I
realized, that the latest available version is the same as in
Debian, 3.1.3. This version, seems, has been released in 2010,
when the license was GPL.
The last commit into VCS was in December
40 matches
Mail list logo
