Package: libxml2
Severity: grave
Tags: security patch upstream
Hi,
the following vulnerability was published for libxml2.
CVE-2013-1969[0]:
se-after-free error in "htmlParseChunk()" and "xmldecl_done()"
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilitie
Your message dated Fri, 19 Apr 2013 03:02:35 +
with message-id
and subject line Bug#697619: fixed in initramfs-tools 0.109.1
has caused the Debian Bug report #697619,
regarding Many HID drivers not included in initramfs
to be marked as done.
This means that you claim that the problem has been
Processing control commands:
> severity -1 important
Bug #704987 [src:linux] gnome-shell: scrolling in libreoffice-writer freezes
system
Severity set to 'important' from 'critical'
--
704987: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704987
Debian Bug Tracking System
Contact ow...@bugs.d
control: severity -1 important
Reducing severity since this doesn't meet the kernel team's
requirements for a grave or higher.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
control: tag -1 confirmed
On a whim, I tried rebuilding the package against the current
libobjc4, but it didn't make any difference. This likely seems to be
an incompatibility with gobjc 4.7 just like bug #641811.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debi
Processing control commands:
> tag -1 confirmed
Bug #705602 [gnustep-dl2] gnustep-dl2: DBModeler dies with
NSInvalidArgumentException
Added tag(s) confirmed.
--
705602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705602
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Package: src:linux
Followup-For: Bug #704987
> Mmh, the gap is strange. Have to recheck.
Stupid myself. There is some time needed to enter the pw for an encrypted system
Colliar
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Cont
>> 1.a) Patch libgcrypt to revert commit
>> d769529a71ccda4e833f919f3c5693d25b005ff0
>
> Urgs. That is a short sighted fix.
That seems to be the solution the rest of the open source community is
converging toward. Short sighted is an odd categorization since it
seems to have taken 8 years t
On Tue, Apr 16, 2013 at 8:56 PM, Michael Gilbert wrote:
>> Has anyone had chance to look at this? It's getting quite late for a fix
>> for wheezy.
>
> For what its worth, this was tested and confirmed working upstream a
> couple days ago:
> http://www.mail-archive.com/openldap-its@openldap.org/msg0
On Thu, 2013-04-18 at 23:48 +0200, Thomas Preud'homme wrote:
> Le jeudi 18 avril 2013 21:46:18, Adam D. Barratt a écrit :
> > Please go ahead; thanks.
>
> Done.
Thanks; unblocked.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe"
On Thu, 18 Apr 2013 20:24, a...@adam-barratt.org.uk said:
> GnuTLS 3 isn't particularly relevant to getting this RC bug fixed in
> wheezy, given that wheezy will be shipping with 2.12.
It also ships 3.0 (libgnutls28) which then sometimes leads tp processes
linking two different versions of GNUTLS
On Thu, 18 Apr 2013 20:40, clo...@igalia.com said:
> I see two options to get this fixed for Wheezy:
>
> [Option 1] -- Do the same that Ubuntu did. That is:
>
> 1.a) Patch libgcrypt to revert commit
> d769529a71ccda4e833f919f3c5693d25b005ff0
Urgs. That is a short sighted fix.
> [Option 2]
Your message dated Thu, 18 Apr 2013 21:47:50 +
with message-id
and subject line Bug#704940: fixed in subversion 1.6.17dfsg-4+deb7u2
has caused the Debian Bug report #704940,
regarding subversion: cve-2013-1845 cve-2013-1846 cve-2013-1847 cve-2013-1849
cve-2013-1884
to be marked as done.
This
Your message dated Thu, 18 Apr 2013 21:47:50 +
with message-id
and subject line Bug#683188: fixed in subversion 1.6.17dfsg-4+deb7u2
has caused the Debian Bug report #683188,
regarding API change in python-subversion breaks trac
to be marked as done.
This means that you claim that the problem
Le jeudi 18 avril 2013 21:46:18, Adam D. Barratt a écrit :
> Control: tags 705552 + confirmed
>
> On Thu, 2013-04-18 at 14:54 +0200, Thomas Preud'homme wrote:
> > Le jeudi 18 avril 2013 14:38:15, Adam D. Barratt a écrit :
> > > Upstream appear to believe it {does,should}n't -
> > > http://bugs.deb
Processing commands for cont...@bugs.debian.org:
> tags 705649 + patch
Bug #705649 [release-notes] document solutions for re-enabling static mtab
Added tag(s) patch.
> On Tue, Apr 16, 2013 at 10:37:37PM +0100, Roger Leigh wrote:
Unknown command or malformed arguments to command.
> > I've not made
tags 705649 + patch
On Tue, Apr 16, 2013 at 10:37:37PM +0100, Roger Leigh wrote:
> I've not made any changes as yet. Given that this will only affect
> users who are using e.g. nbd as their rootfs, and not any regular
> use of network nfsroot etc., the best option may be to simply
> document how
Control: tags 705552 + confirmed
On Thu, 2013-04-18 at 14:54 +0200, Thomas Preud'homme wrote:
> Le jeudi 18 avril 2013 14:38:15, Adam D. Barratt a écrit :
> >
> > Upstream appear to believe it {does,should}n't -
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940#32
>
> Oh good. I hadn't
Processing control commands:
> retitle 666129 new upstream version fixes security problem with the secret
> file (CVE-2012-6140)
Bug #666129 [libpam-google-authenticator] new upstream version fixes security
problem with the secret file
Changed Bug title to 'new upstream version fixes security pr
Control: retitle 666129 new upstream version fixes security problem with the
secret file (CVE-2012-6140)
Hi all
On Thu, Apr 18, 2013 at 09:13:24AM +0200, Alexander Wirt wrote:
> tag 666129 security
> severity 666129 critical
> retitle 666129 new upstream version fixes security problem with the s
On 18/04/13 20:24, Adam D. Barratt wrote:
> On Thu, 2013-04-18 at 18:58 +0200, Werner Koch wrote:
>> On Tue, 16 Apr 2013 20:37, a...@adam-barratt.org.uk said:
>>
>>> libgcrypt maintainers - any thoughts on this?
>>
>> Did anything change since my comments from 2010?
>>
>> OpenLDAP needs to get it r
On Thu, Apr 18, 2013 at 07:19:48PM +0200, Christian Lauinger wrote:
> Thank you Christian !
>
> I downloaded the with "apt-get source asterisk-chan-capi" from unstable,
> patched it with the "chan-capi-devstate-cachable.diff" and build it like
> you described it.
> It also asked for "dpkg-source -
On Thu, 2013-04-18 at 18:58 +0200, Werner Koch wrote:
> On Tue, 16 Apr 2013 20:37, a...@adam-barratt.org.uk said:
>
> > libgcrypt maintainers - any thoughts on this?
>
> Did anything change since my comments from 2010?
>
> OpenLDAP needs to get it right and it would even be better if all
> appli
Antonin Kral dixit:
>I haven't tried to upload to testing-proposed-uploads yet. But I've
>contacted debian-rele...@lists.debian.org instead (I've sent it moment
>ago as it was sitting in my draft folder for couple hours).
OK, thanks!
I’m not too sure about the procedure, but d-release will proba
Hi Thorsten,
* Thorsten Glaser [2013-04-18 18:40] wrote:
> >and subject line Bug#698064: fixed in aranym 0.9.15-1
> >has caused the Debian Bug report #698064,
> >regarding aranym: crashes from guest userspace when NatFeat is queried
> >to be marked as done.
>
> Do you also take care of wheezy (vi
Thank you Christian !
I downloaded the with "apt-get source asterisk-chan-capi" from unstable,
patched it with the "chan-capi-devstate-cachable.diff" and build it like
you described it.
It also asked for "dpkg-source --commit" before it was possible to build
it. Now my box is up and running with 1
On Tue, 16 Apr 2013 20:37, a...@adam-barratt.org.uk said:
> libgcrypt maintainers - any thoughts on this?
Did anything change since my comments from 2010?
OpenLDAP needs to get it right and it would even be better if all
applications would set up a their policy regarding their demand for
private
Debian Bug Tracking System dixit:
>and subject line Bug#698064: fixed in aranym 0.9.15-1
>has caused the Debian Bug report #698064,
>regarding aranym: crashes from guest userspace when NatFeat is queried
>to be marked as done.
Do you also take care of wheezy (via testing-proposed-uploads
I guess;
On Thu, Apr 11, 2013 at 03:47:19PM -0400, Jon Bernard wrote:
> > Additionally, since upstream is clearly supporting selected
> > architectures and falling back to #error for unsupported ones, your
> > package should properly mark those supported ones in the Architecture
> > field instead of relying
Your message dated Thu, 18 Apr 2013 15:05:02 +
with message-id
and subject line Bug#704457: fixed in php5 5.5.0~beta3-1
has caused the Debian Bug report #704457,
regarding gd extension broken due new embedded libgd functions not added to
gd_compat layer
to be marked as done.
This means that
Hi Michael,
I just realised that your upload of subversion 1.7.9-1+nmu1 was
not targetting wheezy, which has 1.6.17dfsg-4+deb7u1. Was this
intentional? TIA!
Cheers
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@l
Source: padevchooser
Version: 0.9.4-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)
Builds of padevchooser in minimal environments (as on Debian's
autobuilders) have been failing:
In file included from ./pulsecore/refcnt.h:25:0,
Source: editorconfig-core
Version: 0.11.0-1
Severity: serious
Justification: fails to build from source
Binary-only builds of editorconfig-core in minimal environments (as on
the autobuilders) fail when trying to install the man pages:
dh_installman -peditorconfig debian/tmp/usr/share/man/man1/
Processing commands for cont...@bugs.debian.org:
> block 705671 by 705679
Bug #705671 [src:llvm-toolchain] clang uninstallable in unstable
705671 was not blocked by any bugs.
705671 was not blocking any bugs.
Added blocking bug(s) of 705671: 705679
> thanks
Stopping processing here.
Please contac
Le jeudi 18 avril 2013 14:38:15, Adam D. Barratt a écrit :
>
> Upstream appear to believe it {does,should}n't -
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940#32
Oh good. I hadn't time to look at that yet. Should I upload the NMU then?
>
> Regards,
>
> Adam
Best regards,
Thomas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks a lot for the upload and the fast unblock :)
Kind regards,
Ralf
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRb+vUAAoJEEAdTZ0mjB1WmzUH/3P0TLYix
On 13.04.2013 12:35, Adam D. Barratt wrote:
On Wed, 2013-03-20 at 16:49 -0400, Peter Eisentraut wrote:
On 3/19/13 2:48 PM, Steve Singer wrote:
> Since the original bug was opened we've figured out why adding PG
9.1
> support to slony 2.0.x was causing occasional test failures.
>
> The fixes fo
On 17.04.2013 05:35, Salvatore Bonaccorso wrote:
On Tue, Apr 16, 2013 at 06:05:23PM +0200, Thomas Preud'homme wrote:
For #704940 I took the patch from the corresponding CVE entries
(CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849). There
is
no patch for CVE-2013-1884 since it doesn'
Hi,
I saw this bug and I got a bit concerned. I'm a likely user of the
openstack packages in Debian — well I/we could be, if they fit our
needs — but I'm really worried that they are going to be vastly
over-engineered. In a way it reminds me of the exim4 packages: the
situation is not entirely ana
Your message dated Thu, 18 Apr 2013 12:33:32 +
with message-id
and subject line Bug#704521: fixed in virtuoso-opensource 6.1.4+dfsg1-7
has caused the Debian Bug report #704521,
regarding virtuoso-opensource-6.1: Virtuoso server stop script fails to stop
server cleanly, potentially causing dat
On 16.04.2013 09:06, Ralf Jung wrote:
We have a patch waiting for pre-approval at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704833
It's been approved since Tuesday night. What's the status of the
upload?
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.
Hi!
> So I suppose I will have to dust off my email archives from ... longer
> ago than I care to think, and try to figure it out.
Are there any updates on this?
It would be nice to find a quick solution here, we're very close to
release :).
Adrian
--
.''`. John Paul Adrian Glaubitz
: :'
On 04/18/2013 12:30 PM, Christian Staake wrote:
On 2013-04-18 11:53, John Paul Adrian Glaubitz wrote:
> It seems you are using asterisk-chan-capi which is not even
> in wheezy...
So, does this actually mean we can close this as invalid or at least
lower the severity to normal?
I have reassi
Processing commands for cont...@bugs.debian.org:
> merge 705644 702812
Bug #705644 [yate] yate is unable to create a log / pid file
Unable to merge bugs because:
severity of #702812 is 'serious' not 'normal'
Failed to merge 705644: Did not alter merged bugs
Debbugs::Control::set_merged('tr
Processing commands for cont...@bugs.debian.org:
> reassign 705425 asterisk-chan-capi 1.1.6-1
Bug #705425 [asterisk] asterisk: segmentation fault on start after upgrade from
1:1.8.13.1~dfsg-1 to 1:1.8.13.1~dfsg-3 (wheezy amd64)
Bug reassigned from package 'asterisk' to 'asterisk-chan-capi'.
No lo
Processing commands for cont...@bugs.debian.org:
> # Must mark affected version for version tracking to work properly
> found 698698 1.0.0~cvs20100930-7
Bug #698698 {Done: Mathieu Malaterre } [kwwidgets] volview
does not start because of a missing symbol
There is no source info for the package 'k
reassign 705425 asterisk-chan-capi 1.1.6-1
stop
On 2013-04-18 11:53, John Paul Adrian Glaubitz wrote:
> It seems you are using asterisk-chan-capi which is not even
> in wheezy...
So, does this actually mean we can close this as invalid or at least
lower the severity to normal?
I have reassi
Package: src:llvm-toolchain
Version: 1:3.3~svn177638-1
Severity: serious
this is uninstallable in unstable, and relies on components from experimental.
Was there any review, even from ftp-master accepting this package to unstable?
what will happen to the stable clang-3.2, needed by other packages
Hey Julien,
Mathieu just uploaded a fixed version of kwwidgets into unstable, I am
attaching the debdiff for that.
Could you have a look into that and unblock the package if you agree
with the changes?
Cheers,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...
> It seems you are using asterisk-chan-capi which is not even
> in wheezy...
So, does this actually mean we can close this as invalid or at least
lower the severity to normal?
I do not see how issues with packages not available in Wheezy should
affect the actual release.
Please do not let t
I'll switch to ubuntu then
bye
R
On 18 April 2013 10:31:28 you wrote:
> Hi,
>
> Alle giovedì 18 aprile 2013, robert...@libero.it ha scritto:
> > kdelibs4c2a is actually in debian squeeze:
> > http://packages.debian.org/squeeze/kdelibs4c2a
>
> It does not in wheezy, and KDE 4.10 at the moment i
Your message dated Thu, 18 Apr 2013 09:02:51 +
with message-id
and subject line Bug#698698: fixed in kwwidgets 1.0.0~cvs20100930-8
has caused the Debian Bug report #698698,
regarding volview does not start because of a missing symbol
to be marked as done.
This means that you claim that the pr
Hi,
Alle giovedì 18 aprile 2013, robert...@libero.it ha scritto:
> kdelibs4c2a is actually in debian squeeze:
> http://packages.debian.org/squeeze/kdelibs4c2a
It does not in wheezy, and KDE 4.10 at the moment is only in
experimental.
> The only conflict is the presence of ktelnetservice and kma
Hi,
kdelibs4c2a is actually in debian squeeze:
http://packages.debian.org/squeeze/kdelibs4c2a
Some programs, like ktranslator, kcpuload, knetload, ksensors, and others (that
still offer better functionality w.r.t. kde4 counterparts) need kdelibs4c2a.
The only conflict is the presence of ktelnet
Hi,
Alle giovedì 18 aprile 2013, robert...@libero.it ha scritto:
> you should change the breaks/replaces of kde4.10.2 in order to break
> kdelibs4c2a << 4:3.5.10.dfsg.1-6~ so that a version >> -6~ won't
> conflict with the current kde.
There is no kdelibs4c2a in the Debian archive anymore, so the
Dear,
you should change the breaks/replaces of kde4.10.2 in order to break
kdelibs4c2a << 4:3.5.10.dfsg.1-6~ so that a version >> -6~ won't conflict with
the current kde.
Please see the solution here:
https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1100622
Thank you,
Roberto Guerra
On Thu, Apr 18, 2013 at 02:58:21PM +1000, Stuart Prescott wrote:
> Helmut Grohne wrote:
> > The conclusion here is that the only way to fix this bug in sgml-base is
> > to have *no* dependency on dpkg at all.
>
> Actually, removing the dependency on dpkg doesn't change the outcome at all
> --
>
Processing commands for cont...@bugs.debian.org:
> tag 666129 security
Bug #666129 [libpam-google-authenticator] Please update to a newer upstream
release
Added tag(s) security.
> severity 666129 critical
Bug #666129 [libpam-google-authenticator] Please update to a newer upstream
release
Severit
Hi all,
I can reliably test that the layout of files in debian-installer-netboot-
images' debian-installer-7.0-netboot-kfreebsd-amd64 is functional locally
using kvm:
$ kvm -m 256 -net nic -net
user,bootfile=/grub2pxe,tftp=/usr/lib/debian-installer/images/7.0/kfreebsd-amd64/gtk/
(and s/gtk/text
59 matches
Mail list logo
