Hello Daniel,
* Daniel Pocock (dan...@pocock.com.au) wrote:
>
> Hi Eric,
>
> The security team recently made an assessment of Ganglia and decided to
> only provide limited security support for the web interface.
>
> Normally the web interface is only used by knowledgeable users and
> protected
Package: why
Version: 2.30+dfsg-5+b1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
The package frama-c was updated to a new upstream version in sid, but the
versioned dependency in frama-c was not updated, which makes the package
Your message dated Tue, 26 Nov 2013 06:33:51 +
with message-id
and subject line Bug#725545: fixed in ruby-ramaze 2012.12.08-2
has caused the Debian Bug report #725545,
regarding ruby-ramaze: FTBFS: ERROR: Test "ruby1.9.1" failed:
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require':
Your message dated Tue, 26 Nov 2013 05:18:39 +0100
with message-id <1385439519.2203.25.camel@localhost>
and subject line Re: Bug#729681: globus-core: should not migrate yet
has caused the Debian Bug report #729681,
regarding globus-core: should not migrate yet
to be marked as done.
This means that
Processing commands for cont...@bugs.debian.org:
> notfound 729681 globus-core/8.16-1
Bug #729681 [src:globus-core] globus-core: should not migrate yet
No longer marked as found in versions globus-core/8.16-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
729681
Processing commands for cont...@bugs.debian.org:
> found 730518 kfreebsd-10/10.0~svn237137-1
Bug #730518 [kfreebsd-10] kfreebsd-10: CVE-2013-6832 nand memory leak in ioctl
Marked as found in versions kfreebsd-10/10.0~svn237137-1.
> thanks
Stopping processing here.
Please contact me if you need as
Processing commands for cont...@bugs.debian.org:
> found 730519 kfreebsd-10/10.0~svn252032-1
Bug #730519 [kfreebsd-10] kfreebsd-10: CVE-2013-6834, CVE-2013-6833:
qlxgbe/qlxge memory leaks in ioctl
Marked as found in versions kfreebsd-10/10.0~svn252032-1.
> thanks
Stopping processing here.
Please
Package: kfreebsd-10
Version: 10.0~svn257123-1
Severity: grave
Tags: security fixed-upstream
Control: fixed -1 kfreebsd-10/10.0~svn242489-1
http://seclists.org/bugtraq/2013/Nov/74
The qlxgbe and glxge drivers were introduced into kfreebsd-10 by
r250661 and r252206 respectively. kfreebsd-9 and kf
Processing control commands:
> fixed -1 kfreebsd-10/10.0~svn242489-1
Bug #730519 [kfreebsd-10] kfreebsd-10: CVE-2013-6834, CVE-2013-6833:
qlxgbe/qlxge memory leaks in ioctl
Marked as fixed in versions kfreebsd-10/10.0~svn242489-1.
--
730519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7305
Package: kfreebsd-10
Version: 10.0~svn257123-1
Severity: grave
Tags: security fixed-upstream
Control: fixed -1 kfreebsd-10/10.0~svn234760-1
http://seclists.org/bugtraq/2013/Nov/73
The nand driver was introduced into kfreebsd-10 by r235537.
It is not included in kfreebsd-9 or kfreebsd-8 packages.
Processing control commands:
> fixed -1 kfreebsd-10/10.0~svn234760-1
Bug #730518 [kfreebsd-10] kfreebsd-10: CVE-2013-6832 nand memory leak in ioctl
Marked as fixed in versions kfreebsd-10/10.0~svn234760-1.
--
730518: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730518
Debian Bug Tracking Sys
Processing commands for cont...@bugs.debian.org:
> found 730513 0.99.21-3~bpo60+1
Bug #730513 [quagga] CVE-2013-6051 - bgpd crash on valid BGP updates
There is no source info for the package 'quagga' at version '0.99.21-3~bpo60+1'
with architecture ''
Unable to make a source version for version '
Quoting أحمد المحمودي :
href="{% url 'opensearch' %}"
quoting, single or double (i used double in my tests).
MEDIA_URL = 'static/' ?
yes
Sorry i had no time to prepare a proper patch.
Nevertheless, having a program also working on older versions would
need more work.
Please c
Package: quagga
Severity: grave
Tags: security
Version: 0.99.21-4+wheezy1
CVE-2013-6051 was assigned to this issue. DSA is coming soon.
Best Regards
-christian-
On Tue, 19 Nov 2013 16:25:27 +0100
David Lamparter wrote:
> Note that 0.99.21 has another open issue that I don't see the fix for
>
Your message dated Mon, 25 Nov 2013 23:48:50 +
with message-id
and subject line Bug#730488: fixed in dico 2.2-4
has caused the Debian Bug report #730488,
regarding dicoweb: broken with Django >1.4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
Your message dated Mon, 25 Nov 2013 22:49:15 +
with message-id
and subject line Bug#722559: fixed in ocaml-estring 20130822-2
has caused the Debian Bug report #722559,
regarding libestring-ocaml{, -dev}: fails to upgrade from 'testing' - trying to
overwrite /usr/lib/ocaml/estring/META, /usr/l
Hi Eric,
The security team recently made an assessment of Ganglia and decided to
only provide limited security support for the web interface.
Normally the web interface is only used by knowledgeable users and
protected by some kind of web server ACL or HTTP authentication scheme.
At best, pkg-m
tags 720358 + patch
tags 720358 + pending
thanks
Dear maintainer,
I've prepared an NMU for libsvn-notify-perl (versioned as 2.81-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0
Processing commands for cont...@bugs.debian.org:
> tags 720358 + patch
Bug #720358 [src:libsvn-notify-perl] libsvn-notify-perl: FTBFS: POD coverage
Added tag(s) patch.
> tags 720358 + pending
Bug #720358 [src:libsvn-notify-perl] libsvn-notify-perl: FTBFS: POD coverage
Added tag(s) pending.
> thank
Package: ganglia-web
Version: 3.5.8
Severity: grave
Tags: security upstream
Justification: user security hole
Dear Maintainer,
upstream was already notified
(https://github.com/ganglia/ganglia-web/issues/218)
but no reaction so far.
=== Security Advisory ===
Ganglia-Web 3.5.10 - XSS
-
Your message dated Mon, 25 Nov 2013 21:24:00 +
with message-id
and subject line Bug#725599: fixed in squid3 3.3.8-1.1
has caused the Debian Bug report #725599,
regarding squid3: FTBFS: cp: cannot stat
'/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No such file or
directory
t
Your message dated Mon, 25 Nov 2013 21:20:16 +
with message-id
and subject line Bug#729854: fixed in graphite-web 0.9.12+debian-2
has caused the Debian Bug report #729854,
regarding graphite-web: Stop working with python-django 1.6
to be marked as done.
This means that you claim that the prob
Your message dated Mon, 25 Nov 2013 21:19:44 +
with message-id
and subject line Bug#730346: fixed in dh-make-drupal 1.7-1
has caused the Debian Bug report #730346,
regarding dh-make-drupal barfs on undefined method 'search'
to be marked as done.
This means that you claim that the problem has
Your message dated Mon, 25 Nov 2013 21:20:36 +
with message-id
and subject line Bug#701299: fixed in ipsec-tools 1:0.8.0-14.1
has caused the Debian Bug report #701299,
regarding ipsec-tools: ftbfs with GCC-4.8
to be marked as done.
This means that you claim that the problem has been dealt wit
Your message dated Mon, 25 Nov 2013 21:19:12 +
with message-id
and subject line Bug#730360: fixed in apt-cacher-ng 0.7.20-2
has caused the Debian Bug report #730360,
regarding apt-cacher-ng: fails to install: dpkg-statoverride: error: syntax
error: unknown user 'apt-cacher-ng' in statoverride
close 725547 1.3.0-1
thanks
Hello,
forget it to specified it in changelog.
Thanks,
Jonas
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processing commands for cont...@bugs.debian.org:
> close 725547 1.3.0-1
Bug #725547 [src:ruby-hiera] ruby-hiera: FTBFS: ERROR: Test "ruby1.9.1" failed.
Marked as fixed in versions ruby-hiera/1.3.0-1.
Bug #725547 [src:ruby-hiera] ruby-hiera: FTBFS: ERROR: Test "ruby1.9.1" failed.
Marked Bug as done
The full Globus Toolkit 5.2.5 should migrate to testing together.
However many of the updated packages got diverted to the new queue due
to package splits/renames done in order to support Multi-Arch.
This bug is filed to prevent the migration of globus-core before the
packages diverted to the ne
Hi Christos:
Am 25.11.2013 21:07, schrieb Christos Trochalakis:
> We are going to backport 1.4.4 as soon as it migrates to testing.
Thanks even more. :)
FYI: One serious data retention issue is a prime reason for using nginx
>= 1.3.7, thus bpo: OCSP stapling. (rfc4366) So presumably there are
ma
On Mon, Nov 25, 2013 at 04:41:49PM +, Marc Dequènes (Duck) wrote:
> 1) new-style 'url' tag (see
> https://docs.djangoproject.com/en/1.5/releases/1.5/)
> fix in /etc/dicoweb/templates/base.html by quoting the route name ({%
> url "opensearch" %})
So the line should be:
href="{% url 'opense
On Mon, Nov 25, 2013 at 08:37:20PM +0100, Kevin Price wrote:
Hi!
Thanks a lot for fixing this issue! Is there a chance that the still
vulnerable wheezy-backports will soon be either patched or updated?
(I know, security does not include bpo.)
patch: http://nginx.org/download/patch.2013.space.tx
Hi!
Thanks a lot for fixing this issue! Is there a chance that the still
vulnerable wheezy-backports will soon be either patched or updated?
(I know, security does not include bpo.)
patch: http://nginx.org/download/patch.2013.space.txt
update: 1.4.4 or 1.5.7 will do.
(reference:
http://mailman.n
severity 682770 serious
found 682770 0.6.14-1
found 682770 0.6.24-1
found 682770 0.6.49-1
thanks
These binaries do not appear to be rebuilt at build-time, and the source
for them does not appear to be available, thus the package is most
probably not DFSG-compliant.
--
Luke Faraone;; Debian & Ubu
Processing commands for cont...@bugs.debian.org:
> severity 682770 serious
Bug #682770 [distribute] distribute ships windows .exe binaries
Severity set to 'serious' from 'important'
> found 682770 0.6.14-1
Bug #682770 [distribute] distribute ships windows .exe binaries
There is no source info for
Your message dated Mon, 25 Nov 2013 19:51:08 +
with message-id
and subject line Bug#730211: fixed in wxwidgets2.8 2.8.12.1+dfsg-2
has caused the Debian Bug report #730211,
regarding wx-common built by both wxwidgets2.8 and wxwidgets3.0
to be marked as done.
This means that you claim that the
Your message dated Mon, 25 Nov 2013 19:49:25 +
with message-id
and subject line Bug#720060: fixed in mailutils 1:2.99.98-1.1
has caused the Debian Bug report #720060,
regarding segfault after sending password
to be marked as done.
This means that you claim that the problem has been dealt with
Package: gpac
Version: 0.5.0+svn4288~dfsg1-4
Severity: grave
Justification: renders package unusable
Dear Maintainer,
MP4Client is unable to create its configuration file:
GPAC config file .gpacrc not found in /home/robert - creating new file
[Core] default modules not found
Cannot create config
Your message dated Mon, 25 Nov 2013 19:50:23 +0100
with message-id <52939bef.2020...@funzt-halt.net>
and subject line python-django-mumble: not installable in sid
has caused the Debian Bug report #729627,
regarding python-django-mumble: not installable in sid
to be marked as done.
This means that
Processing commands for cont...@bugs.debian.org:
> severity 730209 important
Bug #730209 [plymouth] mountall is relied on to mount /usr but requires library
from /usr to run
Severity set to 'important' from 'critical'
> forcemerge 730209 695706
Bug #730209 [plymouth] mountall is relied on to moun
Sam, were you planning to work on fixing this in krb5-multidev or should I
add it to my list?
-Ben
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Control: tags -1 - moreinfo unreproducible
Control: reassign -1 plymouth
Control: found -1 0.8.5.1-5
Control: fixed -1 0.8.8-6+deb8u3
On Mon, Nov 25, 2013 at 01:16:19PM +0100, Michal Suchanek wrote:
> > What library is that?
> > $ ldd /sbin/mountall |grep usr
> > $
> > I took care to ensure that
Processing control commands:
> tags -1 - moreinfo unreproducible
Bug #730209 [mountall] mountall is relied on to mount /usr but requires library
from /usr to run
Removed tag(s) unreproducible and moreinfo.
> reassign -1 plymouth
Bug #730209 [mountall] mountall is relied on to mount /usr but requi
On Fri, Nov 22, 2013 at 12:04:54PM +0200, Christos Trochalakis wrote:
> Package: ruby1.9.1
> Severity: grave
> Tags: security
>
> Hi,
>
> The follow vulnerability was published for ruby:
>
> CVE-2013-4164: Heap Overflow in Floating Point Parsing
> https://www.ruby-lang.org/en/news/2013/11/22/heap-o
Package: apt
Version: 0.9.13
Severity: grave
Justification: breaks d-i
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch trusty
This bug originated as:
https://bugs.launchpad.net/bugs/1254696
The ExecFork refactoring in 0.9.13~exp1 broke d-i, because APT::Kee
On 25/11/2013 17:39, Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
>
>> # the jessie version also seems to ftbfs atm (though possibly for a
>> different reason)
>> found 723644 5.3.3-10
> Bug #723644 [scilab] scilab: FTBFS on i386: File
> "/«PKGBUILDDIR»/mod
Package: dicoweb
Version: 2.2-3
Severity: grave
With recent Django versions in Debian, dicoweb is broken.
I spotted the following problems which can be solved easily to have a
working version:
1) new-style 'url' tag (see
https://docs.djangoproject.com/en/1.5/releases/1.5/)
fix in /etc/dicoweb/
Processing commands for cont...@bugs.debian.org:
> # the jessie version also seems to ftbfs atm (though possibly for a different
> reason)
> found 723644 5.3.3-10
Bug #723644 [scilab] scilab: FTBFS on i386: File
"/«PKGBUILDDIR»/modules/scicos/macros/scicos_utils/with_modelica_compiler.bin"
does
On Mon, Nov 25, 2013 at 3:14 PM, Ximin Luo wrote:
> Hey, actually I went through this yesterday and I believe this is not the
> fault
> of boost, but of cpp-netlib building against the static libs instead of
> dynamic
> libs. (-Bstatic)
>
> I filed the bug upstream here:
>
> https://github.com/c
Package: libxdg-basedir1
Version: 1.1.1-2
Severity: critical
File: libxdg-basedir
Tags: patch upstream
Dear Maintainer,
Any application using xdgDataHome, xdgConfigHome and possibly others
will trigger invalid reads and writes in valgrind. For example the
following code:
const char *x
On 11/25/2013 04:51 PM, Balint Reczey wrote:
...
>>> The following packages have unmet dependencies:
>>> sbuild-build-depends-modemmanager-dummy : Depends: automake (< 1:1.12) but
>>> 1:1.13.3-1 is to be installed
>>> E: Unable to correct problems, you have held broken packages.
>>> apt-get fail
Your message dated Mon, 25 Nov 2013 16:05:11 +
with message-id
and subject line Bug#713118: fixed in modemmanager 0.5.2.0-2.1
has caused the Debian Bug report #713118,
regarding modemmanager: FTBFS: unsatisfiable build-dependency: automake (<
1:1.12) but 1:1.13.3-1 is to be installed
to be ma
Package: motion
Version: 3.2.12-3.4
Severity: grave
Justification: renders package unusable
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
Control: tags + patch
Fix for struct sigaction initialization.
Patch fixing struct sigaction initialization is attached.
Index: logkeys-0.1.1a/src/logkeys.cc
===
--- logkeys-0.1.1a.orig/src/logkeys.cc 2010-05-31 05:04:57.0 +0
Processing commands for cont...@bugs.debian.org:
> tags 713118 patch confirmed pending
Bug #713118 [src:modemmanager] modemmanager: FTBFS: unsatisfiable
build-dependency: automake (< 1:1.12) but 1:1.13.3-1 is to be installed
Added tag(s) confirmed, pending, and patch.
> thanks
Stopping processing
tags 713118 patch confirmed pending
thanks
Hi,
On 06/22/2013 01:37 PM, Lucas Nussbaum wrote:
> Source: modemmanager
> Version: 0.5.2.0-2
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20130620 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> D
Your message dated Mon, 25 Nov 2013 15:20:37 +
with message-id
and subject line Bug#730157: fixed in kdepimlibs 4:4.11.3-2
has caused the Debian Bug report #730157,
regarding kdepimlibs FTBFS on ia64, linker segfaults.
to be marked as done.
This means that you claim that the problem has been
Hey, actually I went through this yesterday and I believe this is not the fault
of boost, but of cpp-netlib building against the static libs instead of dynamic
libs. (-Bstatic)
I filed the bug upstream here:
https://github.com/cpp-netlib/cpp-netlib/issues/329
I didn't get a chance to verify my t
On Sun, Nov 24, 2013 at 9:48 AM, Dan S wrote:
> 2013/11/6 Felipe Sateler :
>> On Sun, Nov 3, 2013 at 7:44 AM, Dan S wrote:
>>>
>>> Thanks. As discussed previously on pkg-multimedia-maintainers, I
>>> propose that we restrict archs for one package
>>> "supercollider-supernova". The package is opti
Processing commands for cont...@bugs.debian.org:
> reopen 721577
Bug #721577 {Done: s...@debian.org (Steve M. Robbins)} [libboost-thread1.54.0]
libboost-thread1.54.0: should link against Boost.Atomics on some architectures
Bug #721544 {Done: s...@debian.org (Steve M. Robbins)} [libboost-thread1.5
reopen 721577
affects 721577 src:cpp-netlib
found 721577 boost1.54/1.54.0-3
thanks
Seems like #721577 is still present. As can be seen here:
https://buildd.debian.org/status/fetch.php?pkg=cpp-netlib&arch=mips&ver=0.10.1-1&stamp=1385355483
https://buildd.debian.org/status/fetch.php?pkg=cpp-netlib&
Excerpts from Steve Langasek's message of Fri Nov 22 19:23:42 +0100 2013:
> Control: tags -1 moreinfo unreproducible
>
> On Fri, Nov 22, 2013 at 05:34:18PM +0100, Michal Suchanek wrote:
> > Package: mountall
> > Version: 2.46
> > Severity: critical
> > Justification: breaks the whole system
>
> >
Hi all,
Any update on the FTBFS issue. Because of the above, subtitlecomposer
cannot be moved to testing or is this supposed to be removed as no
upstream development seems to be happening.
http://sourceforge.net/projects/subcomposer/files/?source=navbar
Look forward to knowing more.
--
Your message dated Mon, 25 Nov 2013 11:35:31 +
with message-id
and subject line Bug#726860: fixed in mumble 1.2.4-0.1
has caused the Debian Bug report #726860,
regarding mumble: build-depends on obsolete zeroc-ice packages.
to be marked as done.
This means that you claim that the problem has
Your message dated Mon, 25 Nov 2013 11:34:54 +
with message-id
and subject line Bug#728164: fixed in ceph 0.72.1-2
has caused the Debian Bug report #728164,
regarding ceph-fs-common, ceph-mds: fails to upgrade from 'testing' - trying to
overwrite /sbin/mount.ceph, /usr/bin/ceph-mds
to be mark
Your message dated Mon, 25 Nov 2013 11:19:01 +
with message-id
and subject line Bug#713189: fixed in getdp 2.4.2-1
has caused the Debian Bug report #713189,
regarding getdp: FTBFS: /bin/sh: 1: aclocal-1.11: not found
to be marked as done.
This means that you claim that the problem has been de
Processing commands for cont...@bugs.debian.org:
> tags 693248 unreproducible
Bug #693248 [libreadline6-dev] libreadline6-dev: failed to install
libreadline6-dev:i386 on amd64
Added tag(s) unreproducible.
> fixed 693248 6.2-9
Bug #693248 [libreadline6-dev] libreadline6-dev: failed to install
lib
tags 693248 unreproducible
fixed 693248 6.2-9
thanks
Hi Bill,
I could not reproduce it on Wheezy, nor on Sid using the following steps:
debootstrap --include=libreadline6-dev sid sid-test-readline
http://ftp.hu.debian.org/debian
chroot sid-test-readline/
root@chaos:~# dpkg --add-architecture i386
Your message dated Mon, 25 Nov 2013 09:34:26 +
with message-id <529319a2.4090...@ubuntu.com>
and subject line 64 bit build (other than amd64) fixed in 0.72.1-1
has caused the Debian Bug report #728078,
regarding ceph: fails to build, assumes all 64-bit architectures are x86-64
to be marked as d
Package: jenkins
Severity: grave
Tags: security
Justification: user security hole
Please see
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
for
references and patches.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.or
Your message dated Mon, 25 Nov 2013 09:18:52 +
with message-id
and subject line Bug#709465: fixed in libapache2-mod-ruid2 0.9.8-3
has caused the Debian Bug report #709465,
regarding libapache2-mod-ruid2: Apache 2.4 moves to Unstable
to be marked as done.
This means that you claim that the pro
70 matches
Mail list logo
