Control: retitle -1 sup-mail: CVE-2013-4478 and CVE-2013-4479
Actually I was not correct, there should be two issues:
CVE-2013-4478: For the issue specifically covered in
http://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt which
is
https://github.com/sup-heliotrope/sup/commit/8b46cdbf
Processing control commands:
> retitle -1 sup-mail: CVE-2013-4478 and CVE-2013-4479
Bug #728232 [sup-mail] sup-mail: CVE-2013-4478: remote command injection in
content_type
Changed Bug title to 'sup-mail: CVE-2013-4478 and CVE-2013-4479' from
'sup-mail: CVE-2013-4478: remote command injection in
Your message dated Wed, 30 Oct 2013 04:33:22 +
with message-id
and subject line Bug#725588: fixed in maven 3.0.5-1
has caused the Debian Bug report #725588,
regarding maven: FTBFS: java.lang.ClassNotFoundException:
com.google.common.collect.Multimap
to be marked as done.
This means that you
Package: west-chamber-dkms
Version: 20100405+svn2007.r124-1
Severity: grave
west-chamber-dkms depends on linux-headers-generic | linux-headers.
linux-headers-generic never existed in Debian and
linux-headers is a virtual package that is no longer provided,
starting with Linux 3.11. This is b
Package: blktap-dkms
Version: 2.0.91-3
Severity: grave
blktap-dkms depends on linux-headers-generic | linux-headers.
linux-headers-generic never existed in Debian and
linux-headers is a virtual package that is no longer provided,
starting with Linux 3.11. This is because any level of dependency
Package: blcr-dkms
Version: 0.8.5-2
Severity: grave
blcr-dkms depends on linux-headers-2.6-686 | linux-headers-2.6-amd64 |
linux-headers-generic | linux-headers.
Of these, linux-headers-2.6-686 and linux-headers-2.6-amd64 have been
removed, linux-headers-generic never existed in Debian.
linux-he
Processing commands for cont...@bugs.debian.org:
> fixed 719457 331.13-1
Bug #719457 {Done: Drew Parsons } [nvidia-driver]
nvidia-driver: fails to repaint/refresh windows
Marked as fixed in versions nvidia-graphics-drivers/331.13-1.
> tags 719457 - moreinfo
Bug #719457 {Done: Drew Parsons } [nvid
Package: gdm3
Version: 3.8.4-3
Followup-For: Bug #724731
Hi,
I solved the blank screen issue (3.8.4-3) installing systemd-ui package.
I tested using both sysvinit and systemd, working like a charm.
Victor
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (
Processing commands for cont...@bugs.debian.org:
> #debian-faq (5.0.3) UNRELEASED; urgency=low
> #
> # * Workaround #725931 (po4a became disrespectful about tag order)
> #(Closes: #725586)
> #
> limit source debian-faq
Limiting to bugs with field 'source' containing at least one of 'debian-fa
Processing control commands:
> affects -1 + liblttng-ust-dev
Bug #728256 [liblttng-ust2] liblttng-ust2: fails to upgrade from 'testing' -
trying to overwrite /usr/share/man/man3/lttng-ust.3.gz
Added indication that 728256 affects liblttng-ust-dev
--
728256: http://bugs.debian.org/cgi-bin/bugrep
Package: liblttng-ust2
Version: 2.3.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + liblttng-ust-dev
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fa
Processing commands for cont...@bugs.debian.org:
> tags 707277 - wheezy
Bug #707277 [src:gnat-4.4] gnat-4.4: gcc-4.4 is targeted for removal in unstable
Bug #669513 [src:gnat-4.4] gnat-4.4: FTBFS: unsatisfiable build-dependency:
gcc-4.4-source (< 4.4.7) but 4.4.7-1 is to be installed
Removed tag(
On Tue, 2013-10-29 at 00:35 +0100, Jelmer Vernooij wrote:
> On Mon, Oct 28, 2013 at 10:00:12PM +0100, Ivo De Decker wrote:
> > Hi,
> >
> > On Mon, Oct 21, 2013 at 10:37:49PM +1300, Andrew Bartlett wrote:
> > > > Ok. I think we need to undo this /var/lib/samba/private nonsense. It
> > > > is a
>
Package: mpqc
Version: 2.3.1-15
Severity: serious
Tags: patch upstream
Justification: fails to build from source (but built successfully in the past)
mpqc fails to build from source on mips, mipsel and s390x due to the
following error:
| atominfo.cc: In member function 'int sc::AtomInfo::string_t
Processing control commands:
> retitle -1 sup-mail: CVE-2013-4478: remote command injection in content_type
Bug #728232 [sup-mail] sup-mail: remote command injection in content_type
Changed Bug title to 'sup-mail: CVE-2013-4478: remote command injection in
content_type' from 'sup-mail: remote com
Control: retitle -1 sup-mail: CVE-2013-4478: remote command injection in
content_type
Control: user debian-secur...@lists.debian.org
Control: usertags -1 + tracked
Hi
CVE-2013-4478 was now assigned to this issue.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.deb
Your message dated Tue, 29 Oct 2013 21:25:37 +
with message-id
and subject line Bug#728130: fixed in vlc 2.1.0-2
has caused the Debian Bug report #728130,
regarding vlc: FTBFS on kfreebsd-*
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not th
Your message dated Tue, 29 Oct 2013 21:25:37 +
with message-id
and subject line Bug#727831: fixed in vlc 2.1.0-2
has caused the Debian Bug report #727831,
regarding vlc: FTBFS on architectures built with --disable-mmx
to be marked as done.
This means that you claim that the problem has been d
Your message dated Tue, 29 Oct 2013 21:20:00 +
with message-id
and subject line Bug#728199: fixed in dokuwiki 0.0.20130510a-3
has caused the Debian Bug report #728199,
regarding fails to upgrade: ln: failed to create symbolic link
'/etc/apache2/conf-available/dokuwiki.conf': File exists
to be
Your message dated Tue, 29 Oct 2013 21:17:41 +
with message-id
and subject line Bug#710351: fixed in ruby-passenger 3.0.13debian-1+deb7u1
has caused the Debian Bug report #710351,
regarding ruby-passenger: CVE-2013-2119
to be marked as done.
This means that you claim that the problem has been
Your message dated Tue, 29 Oct 2013 21:17:42 +
with message-id
and subject line Bug#727628: fixed in xfce4-weather-plugin 0.7.4-4
has caused the Debian Bug report #727628,
regarding broken by weather.com URI change
to be marked as done.
This means that you claim that the problem has been deal
Your message dated Tue, 29 Oct 2013 21:17:39 +
with message-id
and subject line Bug#727668: fixed in roundcube 0.7.2-9+deb7u1
has caused the Debian Bug report #727668,
regarding roundcube: CVE-2013-6172: vulnerability in handling _session argument
of utils/save-prefs
to be marked as done.
Th
Processing control commands:
> affects -1 + icinga
Bug #728245 [icinga-cgi] icinga-cgi: fails to install: subprocess installed
post-installation script returned error exit status 1
Added indication that 728245 affects icinga
--
728245: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728245
Deb
Package: icinga-cgi
Version: 1.10.0-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + icinga
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release,
Processing control commands:
> affects -1 + redmine-mysql
Bug #728243 [redmine] redmine: fails to install: Please install the mysql
adapter
Added indication that 728243 affects redmine-mysql
--
728243: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728243
Debian Bug Tracking System
Contact ow
Package: redmine
Version: 2.3.3-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + redmine-mysql
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a releas
Package: pnopaste
Version: 1.5-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.
This was obser
Hello again.
I finally understood what caused this error. This is subtle and I was
not expecting it! In the postinst, I test for the existence of
/etc/apache2/conf-available/dokuwiki.conf, and I install it a a link to
/etc/dokuwiki/apache.conf only if it does not. The problem is that the
test
Hi,
On Mon, Oct 28, 2013 at 10:00:12PM +0100, Ivo De Decker wrote:
> It is quite possible that the issue is triggered by a race condition in the
> tdb-handling (especially for passdb.tdb), which can result in the creation of
> the wrong tdb file during the upgrade, which messes up our move. This c
Package: dolibarr
Version: 3.3.4-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.
>From the at
Package: keystone
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for keystone.
CVE-2013-4477[0]:
OpenStack Keystone: Unintentional role granting with Keystone LDAP backend
Patches are available trough the bugreport at [1].
If you fix the vulnerabili
Your message dated Tue, 29 Oct 2013 19:48:27 +
with message-id
and subject line Bug#711572: fixed in libhtml-widget-perl 1.11-4
has caused the Debian Bug report #711572,
regarding libhtml-widget-perl: FTBFS with perl 5.18: test failure
to be marked as done.
This means that you claim that the
Package: sup-mail
Severity: grave
Tags: security upstream patch fixed-upstream
Hi
A remote command injection in sup-mail was reported, see [0] and [1]
for more details. Upstream also released new versions fixing this
issue, see [3] for the diff between 0.13.2 and 0.13.2.1.
[0] http://rubyforge.
tag 711572 + pending
thanks
Some bugs in the libhtml-widget-perl package are closed in revision
f578f88e6e4f8ee7c741d13e1657c524c16c294d in branch 'master' by gregor
herrmann
The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libhtml-widget-perl.git;a=commitdiff;h=
Processing commands for cont...@bugs.debian.org:
> tag 711572 + pending
Bug #711572 [src:libhtml-widget-perl] libhtml-widget-perl: FTBFS with perl
5.18: test failure
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
711572: http://bugs.debian.
> "Aaron" == Aaron M Ucko writes:
Aaron> Thanks for the prompt fix to #728212! Linux and Hurd builds now
Aaron> succeed, but kFreeBSD builds are still failing, as libtool (presumably
Aaron> an old version) doesn't know how to build shared libraries there:
Prompt after letting the package bit
Package: src:lintian
After a little bit of debugging it seems this entry is strange see type:
bless( {
'gid' => '0',
Your message dated Tue, 29 Oct 2013 19:03:41 +
with message-id
and subject line Bug#727657: fixed in uc-echo 1.12-2
has caused the Debian Bug report #727657,
regarding unconditional build dependency on g++-multilib
to be marked as done.
This means that you claim that the problem has been deal
Ola Lundqvist writes:
> Found it. It was a missing dependency on pkg-config. I thought that one was
> build-essential, but I was apparently wrong.
So I see; sorry for misdiagnosing this failure. Thanks for promptly
identifying and fixing the actual problem! (In general, build-essential
is pret
Your message dated Tue, 29 Oct 2013 18:03:25 +
with message-id
and subject line Bug#728151: fixed in libimobiledevice 1.1.5-2
has caused the Debian Bug report #728151,
regarding libimobiledevice4: fails upgrade
to be marked as done.
This means that you claim that the problem has been dealt wi
Source: dime
Version: 0.20030921-4
Severity: serious
Justification: fails to build from source (but built successfully in the past)
Thanks for the prompt fix to #728212! Linux and Hurd builds now
succeed, but kFreeBSD builds are still failing, as libtool (presumably
an old version) doesn't know h
Your message dated Tue, 29 Oct 2013 17:48:34 +
with message-id
and subject line Bug#707442: fixed in scim-chewing 0.3.4-4.1
has caused the Debian Bug report #707442,
regarding scim-chewing: FTBFS: conftest.c:68: undefined reference to `shl_load'
to be marked as done.
This means that you claim
Your message dated Tue, 29 Oct 2013 17:33:42 +
with message-id
and subject line Bug#728172: fixed in ploop 1.9-3
has caused the Debian Bug report #728172,
regarding ploop: FTBFS: libxml/parser.h: No such file or directory
to be marked as done.
This means that you claim that the problem has be
Processing commands for cont...@bugs.debian.org:
> severity 728173 important
Bug #728173 [src:ploop] ploop: FTBFS on non-x86: misses fallocate, syncfs
syscall numbers
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
72817
severity 728173 important
thanks
Hi Kir
I have a question about ploop and vzctl.
The question is regarding architecture support in the kernel. What
architectures have working ploop and/or vzctl support in the openvz patched
kernel?
vzctl is currently built for: i386, amd64, ia64, powerpc and sp
Found it. It was a missing dependency on pkg-config. I thought that one was
build-essential, but I was apparently wrong.
On Tue, Oct 29, 2013 at 6:01 PM, Ola Lundqvist wrote:
> Hi
>
> Now I have checked. There is already a build dependency on libxml2-dev.
>
> Build-Depends: debhelper (>= 9.0.0)
Control: tags -1 pending
On Wed, Aug 21, 2013 at 03:36:25PM +0200, Julien Cristau wrote:
> Source: valgrind
> Version: 1:3.8.1-4
> Severity: serious
> Justification: fails to build from source (but built successfully in the past)
>
> Hi,
>
> Debian's armel port targets armv5. valgrind uses -mar
Processing control commands:
> tags -1 pending
Bug #720409 [src:valgrind] valgrind: FTBFS on armel (SIGILL)
Added tag(s) pending.
--
720409: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720409
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email t
Hi
Now I have checked. There is already a build dependency on libxml2-dev.
Build-Depends: debhelper (>= 9.0.0), e2fslibs-dev, libxml2-dev, dh-exec
(>=0.3), hardening-wrapper.
I can also see from the build logs that it installs that one. I'll
investigate further.
// Ola
On Tue, Oct 29, 2013 at
Thijs Kinkhorst, 2013-10-29 13:35+0100:
dokuwiki fails to upgrade, and exits the upgrade with an error.
Turning set -x on in postinst, this is what happens:
+ [ -e /etc/apache2/conf.d/dokuwiki.conf ]
+ [ -d /etc/apache2/conf-available -a ! -e
/etc/apache2/conf-available/dokuwiki.conf ]
+ ln -s
On Wed, 09 Oct 2013 10:23:34 +0200, Vincent Danjean wrote:
> To fix 723964, you just need to allow autoreconf to install new
> files. For example, instead of "autoreconf", you can put
> "autoreconf -vif" in debian/rules.
That's true but then the package doesn't build twice:
dpkg-source -b dev
Your message dated Tue, 29 Oct 2013 16:33:22 +
with message-id
and subject line Bug#728134: fixed in python-markdown 2.3.1-2
has caused the Debian Bug report #728134,
regarding python-markdown: Copyright file incomplete
to be marked as done.
This means that you claim that the problem has been
Your message dated Tue, 29 Oct 2013 16:18:35 +
with message-id
and subject line Bug#728212: fixed in dime 0.20030921-4
has caused the Debian Bug report #728212,
regarding dime: FTBFS on buildds: doxygen: not found
to be marked as done.
This means that you claim that the problem has been dealt
Processing commands for cont...@bugs.debian.org:
> tag 728134 + pending
Bug #728134 [python-markdown] python-markdown: Copyright file incomplete
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
728134: http://bugs.debian.org/cgi-bin/bugreport.
Source: dime
Version: 0.20030921-3
Severity: serious
Justification: fails to build from source (but built successfully in the past)
Builds of dime in minimal environments geared towards building only its
architecture-dependent packages (as on the autobuilders) have been failing:
debian/rules
Your message dated Tue, 29 Oct 2013 15:20:43 +
with message-id
and subject line Bug#728171: fixed in plexus-containers1.5 1.5.5-6
has caused the Debian Bug report #728171,
regarding plexus-containers1.5: FTBFS: Compilation errors (incompatible types)
to be marked as done.
This means that you
Your message dated Tue, 29 Oct 2013 13:18:26 +
with message-id
and subject line Bug#726778: fixed in libvistaio 1.2.16-1
has caused the Debian Bug report #726778,
regarding libvistaio: GPL code not mentioned in debian/copyright, license
incorrect
to be marked as done.
This means that you cla
Processing commands for cont...@bugs.debian.org:
> reassign 707277 src:gnat-4.4
Bug #707277 [gnat-4.4] gnat-4.4: gcc-4.4 is targeted for removal in unstable
Bug reassigned from package 'gnat-4.4' to 'src:gnat-4.4'.
No longer marked as found in versions gnat-4.4/4.4.6-6.
Ignoring request to alter f
Hi,
the same error occurs on mips/mipsel.
Full build log:
https://buildd.debian.org/status/fetch.php?pkg=python-scrypt&arch=mips&ver=0.6.1-5&stamp=1377211402
Header openssl/aes.h is part of libssl-dev package.
After I installed it, package was built successfully.
Is it a correct solution to add
Please just disable hal support and drop
/usr/share/hal/fdi/information/20thirdparty/31-apple-mobile-device.fdi
hal is completely broken nowadays and it doesn't make sense pretending
this file is useful.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed
Package: dokuwiki
Version: 0.0.20130510a-2
Severity: serious
Hi,
dokuwiki fails to upgrade, and exits the upgrade with an error.
Turning set -x on in postinst, this is what happens:
+ [ -e /etc/apache2/conf.d/dokuwiki.conf ]
+ [ -d /etc/apache2/conf-available -a ! -e
/etc/apache2/conf-available
Your message dated Tue, 29 Oct 2013 12:33:29 +
with message-id
and subject line Bug#618716: fixed in ekg2 1:0.4~pre+20120506.1-2
has caused the Debian Bug report #618716,
regarding failed armel build of ekg2 1:0.4~pre+20110317.1-1
to be marked as done.
This means that you claim that the probl
Processing commands for cont...@bugs.debian.org:
> tags 722018 - sid
Bug #722018 [src:evolution-mapi] evolution-mapi: FTBFS agains
evolution-data-server 3.8
Removed tag(s) sid.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
722018: http://bugs.debian.org/cgi-bin
Package: php-gearman
Severity: serious
User: paul...@debian.org
Usertags: ftp
X-Debbugs-CC: ftpmas...@ftp-master.debian.org
thanks
From the REJECT faq:
/
| You have a PHP add-on package (any php script/"app"/thing, not PHP
| itself) and it's licensed only under the standard PHP license. That
| li
Package: clamav-milter
Version: 0.97.8+dfsg-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
clamav-milter fails to start without any notice:
root@binky:/etc/clamav# /etc/init.d/clamav-milter stop
[ ok ] Stopping Sendmail milter plugin for ClamAV: clamav-milter.
root@b
Package: plasma-desktop
Version: 4:4.10.5-3
Severity: grave
Justification: renders package unusable
Since an update to the packages on Debian testing last night, the KDE desktop
crashes on boot, giving a message that prompts to create a backtrace. Here is
that backtrace.
As you can see, running D
Your message dated Tue, 29 Oct 2013 07:03:29 +
with message-id
and subject line Bug#726040: fixed in netmaze 0.81+jpg0.82-14.1
has caused the Debian Bug report #726040,
regarding netmaze: depends on obsolete Tck/Tk 8.4
to be marked as done.
This means that you claim that the problem has been
Thanks. Will fix.
On Tue, Oct 29, 2013 at 4:02 AM, Aaron M. Ucko wrote:
> Source: ploop
> Version: 1.9-2
> Severity: serious
> Justification: fails to build from source
>
> Builds of ploop on Linux architectures other than amd64 and i386 have
> been failing:
>
> ploop.h:21:2: error: #error "N
Thanks for the report. I'll do so. I thought I had checked it on a minimal
install but it turned out to be more than a minimal one.
// Ola
On Tue, Oct 29, 2013 at 3:59 AM, Aaron M. Ucko wrote:
> Source: ploop
> Version: 1.9-2
> Severity: serious
> Justification: fails to build from source
>
>
69 matches
Mail list logo
