Hi Gregor,
On Sat, Mar 16, 2013 at 4:25 AM, gregor herrmann wrote:
> Control: tag -1 + patch
>
> On Fri, 15 Mar 2013 09:27:32 +0100, Salvatore Bonaccorso wrote:
>
>> the following vulnerabilities were published for owncloud.
>>
>> CVE-2013-1851[0]:
>> user_migrate: Local file disclosure
>>
>> CVE
Processing control commands:
> found -1 1.4.0.6~dfsg1-2
Bug #703141 [scratch] scratch: fails to install if gnome-session-common is
installed but hicolor-icon-theme is not
Ignoring request to alter found versions of bug #703141 to the same values
previously set
--
703141: http://bugs.debian.org
Package: scratch
Version: 1.4.0.6~dfsg1-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 1.4.0.6~dfsg1-2
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a
Processing control commands:
> tag -1 + fixed-upstream
Bug #677929 [python-docutils] python-docutils: remote copy of MathJax needed to
render maths
Added tag(s) fixed-upstream.
--
677929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677929
Debian Bug Tracking System
Contact ow...@bugs.debia
Control: tag -1 + fixed-upstream
| Release 0.9 (2012-05-02)
|
| [...]
| * docutils/writers/html4css1/__init__.py
|
| - Change default for `math-output` setting to MathJax.
Apparently this is going to be fixed in the next release:
Changes Since 0.10
=
Source: davical
Version: 1.1.1-1
Severity: grave
Tags: security
Hi.
Marking this as important and security, as such ungracefull errors tend to be
prone to attacks.
When accessing several of the /usr/share/davical/htdocs/*.php files as
a non-admin user (that means e.g. HTTP Basic autht or a sess
On Tue, Mar 12, 2013 at 01:07:37PM +0100, Thijs Kinkhorst wrote:
> On Mon, March 11, 2013 21:47, Niko Tyni wrote:
> > Cc'ing the security team. Once we have a fix, I suppose we'll need to
> > fix libapache2-mod-perl2 via stable-security?
>
> Yes please.
Hi security team,
Forgot to include you in
Processing commands for cont...@bugs.debian.org:
> tag 702821 + pending
Bug #702821 {Done: Dominic Hargreaves } [libapache2-mod-perl2]
libapache2-mod-perl2: FTBFS: the CVE-2013-1667 fix breaks t/perl/hash_attack.t
Ignoring request to alter tags of bug #702821 to the same tags previously set
> tha
tag 702821 + pending
thanks
Some bugs in the libapache2-mod-perl2 package are closed in revision
2fbdcea15163af48b29294c77854d29b33e25541 in branch ' squeeze' by
Dominic Hargreaves
The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libapache2-mod-perl2.git;a=commi
On Fri, Mar 15, 2013 at 08:43:58PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Fri, Mar 15, 2013 at 05:56:05PM -, Steve Hay wrote:
> [...]
> > Zefram has now come up with an even better patch (on the same RT
> > ticket), after reproducing the Debian 5.10.1 failure himself.
> >
> > Please t
Processing commands for cont...@bugs.debian.org:
> found 557103 8:2007e~dfsg-3.1
Bug #557103 [uw-imapd] uw-imapd occasionally corrupts /var/spool/mail/[user]
and ~/mbox
Marked as found in versions uw-imap/8:2007e~dfsg-3.1.
> found 450665 8:2007e~dfsg-3.1
Bug #450665 [uw-imapd] uw-imapd: suggests
Processing commands for cont...@bugs.debian.org:
> forwarded 438664 http://sourceforge.net/p/docutils/bugs/127/
Bug #438664 [python-docutils] rst.el: RFE rst-compile "multifile" support
Changed Bug forwarded-to-address to
'http://sourceforge.net/p/docutils/bugs/127/' from
'http://sourceforge.net
Following up on my previous update [0]:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674908#38
Only Hartwig responded to my call to testing of fixed binary [1], and,
unfortunately, it still crashes for him on the same site [2]. It does
not for me, however I have a different CPU: UltraSPARC
Stig Sandbeck Mathisen writes:
> The patches apply, and the tests run fine. All that remains is to see
> it actually work in practice, before I upload 2.7.18-4, and ask for a
> freeze exemption.
,[ setup ]
| # echo testing > testfile
| # ln -s testfile testlink
| # md5sum testfile
| eb1a322
Russ Allbery writes:
> The problem is mildly obscure (many Puppet manifests, including very
> complex and non-trivial ones, will never trigger this error condition)
> and absolutely does not warrant removing the package from testing. In
> fact, I'm tempted to downgrade it to important again, alth
Hi,
Based on your system information, I don't think it's the same bug.
This bug is about Javascript-related crashes on sparc hardware and
your backtrace was obtained on a x86 machine. It also does not look
too useful, as it was obtained with 'xulrunner-stub' binary (no idea
what this is). If y
Chris Boot writes:
> I've spent quite some time this week getting to the bottom of this
> problem. For those of you not following the upstream bug, I wrote a
> patch for the Puppet master branch (now accepted for 3.2.x) and followed
> it up with a backport for 2.7.x, which has also been accepted.
On Fri, Mar 15, 2013 at 18:56:21 +0100, Ralf Treinen wrote:
> diff -ur rinputd-1.0.5.old/debian/config rinputd-1.0.5/debian/config
> --- rinputd-1.0.5.old/debian/config 2012-04-12 20:06:14.0 +0200
> +++ rinputd-1.0.5/debian/config 2013-03-15 17:44:54.0 +0100
> @@ -2,8 +2,6
Control: tag -1 + patch
On Fri, 15 Mar 2013 09:27:32 +0100, Salvatore Bonaccorso wrote:
> the following vulnerabilities were published for owncloud.
>
> CVE-2013-1851[0]:
> user_migrate: Local file disclosure
>
> CVE-2013-1850[1]:
> Contacts: Bypass of file blacklist
I've now taken the commits
Processing control commands:
> tag -1 + patch
Bug #703094 [owncloud] owncloud: multiple vulnerabilities (oC-SA-2013-009,
oC-SA-2013-010)
Added tag(s) patch.
--
703094: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703094
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
My impression of this bug is that HVM networking is not possible with
XCP, or at least it is not possible without some undocumented
configuration setting or missing dependency package
If there is a workaround from upstream, I would propose lowering the
severity to important again. I am happy t
Processing commands for cont...@bugs.debian.org:
> severity 702428 serious
Bug #702428 [xcp-xapi] HVM fails to start with VIF / qemu-dm error
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702428: http://bugs.debian.org/
Your message dated Fri, 15 Mar 2013 20:49:04 +
with message-id
and subject line Bug#703106: fixed in nautilus 3.7.91-2
has caused the Debian Bug report #703106,
regarding nautilus fails to start with missing 'org.gnome.desktop.privacy'
to be marked as done.
This means that you claim that the
Your message dated Fri, 15 Mar 2013 20:47:35 +
with message-id
and subject line Bug#702646: fixed in cil 0.07.00-6
has caused the Debian Bug report #702646,
regarding FTBFS: Can't locate File/Slurp.pm
to be marked as done.
This means that you claim that the problem has been dealt with.
If thi
Your message dated Fri, 15 Mar 2013 13:32:54 +
with message-id
and subject line Bug#690373: fixed in gdcm 2.2.2-1
has caused the Debian Bug report #690373,
regarding gdcm: incomplete copyright file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this i
Hi folks,
I've spent quite some time this week getting to the bottom of this
problem. For those of you not following the upstream bug, I wrote a
patch for the Puppet master branch (now accepted for 3.2.x) and followed
it up with a backport for 2.7.x, which has also been accepted.
Now that th
Processing commands for cont...@bugs.debian.org:
> severity 702976 important
Bug #702976 [epiphany-browser] epiphany-browser: domainname not checked on https
Severity set to 'important' from 'critical'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702976: http:/
On Mon, Mar 11, 2013 at 11:34:49 +0100, Raphael Geissert wrote:
> Given the recent issues in Ganglia's web frontend and a review of some
> portions of the code we, as in the security team, have decided to
> limit ganglia's security support to installations behind a trusted
> HTTP zone.
> Any vulne
Adding hydra maintainer to cc, because...
On Tue, Mar 12, 2013 at 16:10:11 +0100, Michael Tautschnig wrote:
> Package: afpfs-ng
> Version: 0.8.1-5
> Severity: critical
> Tags: security
> Justification: user-controllable pointer value
> Usertags: goto-cc
>
> When typechecking the linked binary us
On Fri, Mar 15, 2013 at 00:01:52 +0100, Gianluca Ciccarelli wrote:
> Dear Michael,
>
> I have pushed a new version of the package, including the
> fix, to the repository of cil on collab-maint [1]. I have a
> sponsor for the upload, but he can't access his GPG key for
> the next few days. Can you
The patch in svn.apache.org r1455340 is not correct for Perl 5.10 due
to a slight difference in hash splitting logic. Full explanation and
revised patch now available on the RT ticket.
-zefram
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe".
Processing commands for cont...@bugs.debian.org:
> # security bug, can be fixed post release
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was
jcris...@debian.org).
> usertags 702410 wheezy-can-defer
There were no usertags set.
Usertags are
Processing commands for cont...@bugs.debian.org:
> severity 702337 important
Bug #702337 [xcp-xapi] xen-xapi / Open vSwitch not really working
Severity set to 'important' from 'serious'
> thanks!
Unknown command or malformed arguments to command.
> I don't think this bug should be RC. Even without
Hi
On Fri, Mar 15, 2013 at 05:56:05PM -, Steve Hay wrote:
[...]
> Zefram has now come up with an even better patch (on the same RT
> ticket), after reproducing the Debian 5.10.1 failure himself.
>
> Please take a look (I've also attached it here for your convenience) and
> let me know whether
On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> Hi,
> sorry for the delay but attached is the diff for the stable update. This
> addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
> CVE-2013-0170). Is this enough for the security team to issue the DSA?
> Let me know if I can he
On Fri, Mar 15, 2013 at 10:40:12AM +0100, Yves-Alexis Perez wrote:
> On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> > Hi,
> > sorry for the delay but attached is the diff for the stable update. This
> > addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
> > CVE-2013-0170). Is
On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> Hi,
> sorry for the delay but attached is the diff for the stable update.
> This
> addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
> CVE-2013-0170). Is this enough for the security team to issue the DSA?
> Let me know if I can
On 03/03/13 13:57, Vitaly Pashkov wrote:
> On Thu, 2013-02-28 at 10:08 +0100, Bastian Blank wrote:
>> popcon showed exactly _zero_ installations.
>
> Probably a popcon bug or something, which is a different question. We
> are using clvm in 2 clusters currently and all of the nodes in it have
> pop
Here is an update of my patch, with randomly generated passord as suggested by
vagrand. -Ralf.
diff -ur rinputd-1.0.5.old/debian/changelog rinputd-1.0.5/debian/changelog
--- rinputd-1.0.5.old/debian/changelog 2012-04-12 20:20:15.0 +0200
+++ rinputd-1.0.5/debian/changelog 2013-03-15 17:33:19
Your message dated Fri, 15 Mar 2013 14:06:45 -0400
with message-id <3600722.GQtqmMnkU1@scott-latitude-e6320>
and subject line Fixed in Testing/Unstable and N/A for Stable
has caused the Debian Bug report #700719,
regarding postfix - Computes bogus public key fingerprints
to be marked as done.
This
Processing commands for cont...@bugs.debian.org:
> fixed 703038 1.3.1-2
Bug #703038 [libncurses-ruby1.9.1] libncurses-ruby1.9.1: undefined symbol:
rb_str2cstr
Marked as fixed in versions ruby-ncurses/1.3.1-2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
703038
Processing commands for cont...@bugs.debian.org:
> tags 703038 + upstream
Bug #703038 [libncurses-ruby1.9.1] libncurses-ruby1.9.1: undefined symbol:
rb_str2cstr
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
703038: http://bugs.debian.org/
Processing commands for cont...@bugs.debian.org:
> unarchive 673970
Bug #673970 {Done: Stig Sandbeck Mathisen }
[puppetmaster-passenger] puppetmaster-passenger: fails to install: ERROR: Site
puppetmaster does not exist!
Unarchived Bug 673970
> found 673970 3.1.1-1
Bug #673970 {Done: Stig Sandbec
Processing commands for cont...@bugs.debian.org:
> tags #703038 + squeeze
Bug #703038 [libncurses-ruby1.9.1] libncurses-ruby1.9.1: undefined symbol:
rb_str2cstr
Added tag(s) squeeze.
> This bug affetcts only Squeeze. Because after Wheezy, the pacakge
Unknown command or malformed arguments to com
Processing commands for cont...@bugs.debian.org:
> tags 702633 + patch
Bug #702633 [src:krb5] CVE-2012-1016: NULL pointer dereference (DoS) in
plugins/preauth/pkinit/pkinit_srv.c
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702633: http://b
Steve Hay wrote on 2013-03-14:
> Niko Tyni wrote on 2013-03-13:
>> On Wed, Mar 13, 2013 at 09:13:15AM -, Steve Hay wrote:
>>> Dominic Hargreaves wrote on 2013-03-12:
>>
When trying to fix this issue in Debian stable, I found that the
patch at
http://svn.apache.org/viewvc?v
On Thu, 14 Mar 2013 22:22:26 -0700, tony mancill wrote:
> > My line of thought was: d/copyright requires to include the origin of
> > the upstream source, which means that for repacked tarballs a note
> > about what/why/how was changed should be included. [0]- But in this
> > case -- as you say --
tags 702633 + patch
thanks
Hello,
After checking the source code, this part of the code does not seem to
have changed between 1.10.1 and 1.10.4, so AFAIU this bug affects at
least the version available in testing and unstable. The current code
is:
if ((rep9 != NULL &&
rep9-
On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> Hi,
> sorry for the delay but attached is the diff for the stable update.
> This
> addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
> CVE-2013-0170). Is this enough for the security team to issue the DSA?
> Let me know if I can
On Fri, Mar 15, 2013 at 10:17:29AM +0100, Guido Günther wrote:
> On Fri, Mar 15, 2013 at 08:15:15AM +0100, Yves-Alexis Perez wrote:
> > On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> > > Hi,
> > > sorry for the delay but attached is the diff for the stable update.
> > > This
> > > addrs
On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> Hi,
>
> I've prepared new nss packages fixing the "lucky 13" issue:
> http://people.debian.org/~mgilbert
>
> For the mozilla team, this is a new upstream, so would you be ok with
> it uploaded as an nmu, or would you like to upload?
>
On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> Hi,
>
> I've prepared new nss packages fixing the "lucky 13" issue:
> http://people.debian.org/~mgilbert
>
> For the mozilla team, this is a new upstream, so would you be ok with
> it uploaded as an nmu, or would you like to upload?
It
On Fri, Mar 15, 2013 at 05:50:08PM +0100, Yves-Alexis Perez wrote:
> On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> > Hi,
> >
> > I've prepared new nss packages fixing the "lucky 13" issue:
> > http://people.debian.org/~mgilbert
> >
> > For the mozilla team, this is a new upstream,
Hi!
On Fri, Mar 15, 2013 at 03:33:05PM +0100, Yves-Alexis Perez wrote:
> On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> > Hi,
> >
> > I've prepared new nss packages fixing the "lucky 13" issue:
> > http://people.debian.org/~mgilbert
> >
> > For the mozilla team, this is a new upstr
package: nautilus
version: 3.7.91-1
severity: grave
$ nautilus
(nautilus:5290): GLib-GIO-ERROR **: Settings schema
'org.gnome.desktop.privacy' is not installed
Trace/breakpoint trap
after installing gsettings-desktop-schemas 3.7.90-1 I was able to
start nautilus, so a versioned dependency on gs
Package: owncloud
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for owncloud.
CVE-2013-1851[0]:
user_migrate: Local file disclosure
CVE-2013-1850[1]:
Contacts: Bypass of file blacklist
If you fix the vulnerabilities please also make sure to include the
CVE (Co
package: src:owncloud
version: 4.0.4debian2-3.3
severity: grave
This package should not be shipped with wheezy. The biggest problem
is lack of upstream security support. See:
https://lists.debian.org/debian-release/2013/03/msg00535.html
Removal request already filed:
http://bugs.debian.org/7021
57 matches
Mail list logo
