Hi Scott,
On Thu, Dec 11, 2014 at 07:09:11AM -0500, Scott Kitterman wrote:
> On December 11, 2014 6:37:51 AM EST, Moritz Muehlenhoff
> wrote:
> >Package: pyyaml
> >Severity: grave
> >Tags: security
> >
> >Hi,
> >CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
> >reproducer.
Source: docker.io
Version: 1.3.2~dfsg1-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for docker.io.
CVE-2014-9356[0]:
Path traversal during processing of absolute symlinks
CVE-2014-9357[1]:
Escalation of privileges during decompression
Processing commands for cont...@bugs.debian.org:
> severity 772730 serious
Bug #772730 [python-pip] python-pip: pyvenv created virtual environments are
missing their .whl files
Severity set to 'serious' from 'important'
> reassign 772730 python3.4
Bug #772730 [python-pip] python-pip: pyvenv creat
Processing commands for cont...@bugs.debian.org:
> severity 765780 important
Bug #765780 [src:linux] systemd: "systemd-udevd blocked" journal message when
writing ISO to USB stick
Severity set to 'important' from 'critical'
> thanks
Stopping processing here.
Please contact me if you need assista
Package: src:python-ghost
Version: 0.1b6+git20141209-1
Severity: serious
Justification: fails to build from source
Dear Maintainer,
Please build-depend on python-django and python3-django to fix the tests that
are currently erroring out on a build in a clean chroot. Here is the relevant
tail of
Processing commands for cont...@bugs.debian.org:
> tags 767554 + pending
Bug #767554 [python-persistent,python-zodb] python-persistent and python-zodb:
error when trying to install together
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
767
Processing commands for cont...@bugs.debian.org:
> tags 767554 + patch
Bug #767554 [python-persistent,python-zodb] python-persistent and python-zodb:
error when trying to install together
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
767554:
Hi,
Julien Cristau writes:
> I don't think that's ok. Can't you remove the conflicting files from
> python-zodb, and make it depend on python-persistent?
Thanks for the suggestion. I talked with upstream authors and this
should be fine. However, python-persistent in the archive (4.
Processing control commands:
> severity -1 normal
Bug #772896 [browser-plugin-vlc] browser-plugin-vlc: VLC Web Plugin is outdated
and vulnerable
Severity set to 'normal' from 'grave'
> reassign -1 iceweasel 31.3.0esr-1
Bug #772896 [browser-plugin-vlc] browser-plugin-vlc: VLC Web Plugin is outdate
Control: severity -1 normal
Control: reassign -1 iceweasel 31.3.0esr-1
Control: retitle -1 iceweasel: broken vlc plugin version check
On 2014-12-12 01:56:46, Vincent Lefevre wrote:
> Package: browser-plugin-vlc
> Version: 2.0.6-4
> Severity: grave
> Tags: security upstream
> Justification: user se
Package: browser-plugin-vlc
Version: 2.0.6-4
Severity: grave
Tags: security upstream
Justification: user security hole
https://www.mozilla.org/en-US/plugincheck/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=plugincheck-update
says that the VLC Web Plugin is outdated and vuln
Your message dated Fri, 12 Dec 2014 00:33:58 +
with message-id
and subject line Bug#772860: fixed in xfonts-traditional 1.7
has caused the Debian Bug report #772860,
regarding xfonts-traditional: Trigger cycle causes dpkg to fail processing
to be marked as done.
This means that you claim that
Your message dated Fri, 12 Dec 2014 00:19:10 +
with message-id
and subject line Bug#768730: fixed in python-mne 0.8.6+dfsg-2
has caused the Debian Bug report #768730,
regarding python-mne: FTBFS in jessie: Tests failures
to be marked as done.
This means that you claim that the problem has bee
Control: retitle -1 RM: trac-git -- ROM; superseded by trac
Control: reassign -1 ftp.debian.org
Control: severity -1 normal
On Sun, 7 Dec 2014 18:56:32 +0100 "W. Martin Borgert"
wrote:
> On 2014-12-07 14:22, Jean-Michel Nirgal Vourgère wrote:
> > Can you confirm trac-git is obsolete?
> Yes, its f
Processing control commands:
> retitle -1 RM: trac-git -- ROM; superseded by trac
Bug #754860 [trac-git] Remove trac-git from jessie
Changed Bug title to 'RM: trac-git -- ROM; superseded by trac' from 'Remove
trac-git from jessie'
> reassign -1 ftp.debian.org
Bug #754860 [trac-git] RM: trac-git -
Guillem Jover writes ("Bug#772860: xfonts-traditional: Trigger cycle causes
dpkg to fail processing"):
> This package can get involved in a trigger cycle. The problem is that
> it installs interests on /usr/share/fonts/X11 which is is provided by
> xfonts-encodings and xfonts-utils, both directly
I just upgraded dovecot 1:2.2.13-10. I also tested --reinstall.
There were no hangs. The upgrade completed without the previous hang
problem.
I did however run into a file conflict which I reported as
https://bugs.debian.org/772885
I think that might simply be a bad -8 and will test and follow
Processing commands for cont...@bugs.debian.org:
> severity 772881 serious
Bug #772881 [gnome-tweak-tool] gnome-tweak-tool: Fails to start: ImportError:
cannot import name Soup
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
On Fri, Dec 12, 2014 at 03:34:07AM +0530, shirish शिरीष wrote:
> Hi all,
> I get the following on my console, can't make a head or a tail of it.
>
> 1418334775460 GMPInstallManager.simpleCheckAndInstall INFOLast check
> was: 1418334775 seconds ago, minimum seconds: 86400
> 1418334775461 GMPIns
tags 713472 +fixed-upstream
thanks
This bug (gtklp: FTBFS: libgtklp.c:348:10: error: dereferencing pointer
to incomplete type) seems to be fixed in upstream release 1.2.10.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been
Processing commands for cont...@bugs.debian.org:
> tags 713472 +fixed-upstream
Bug #713472 [src:gtklp] gtklp: FTBFS: libgtklp.c:348:10: error: dereferencing
pointer to incomplete type
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
71
If anyone could tell me how to build djmount with debug information (a simple
./configure; make does not work, see #772630 for the details), I think I can
produce a more useful stack trace.
Kind regards
Patrick
signature.asc
Description: This is a digitally signed message part.
Processing commands for cont...@bugs.debian.org:
> severity 701680 grave
Bug #701680 [djmount] Segfault when attempting to read a file
Bug #674753 [djmount] djmount: Cannot read any media from mounted DLNA server
Severity set to 'grave' from 'important'
Severity set to 'grave' from 'important'
> t
Hi all,
I get the following on my console, can't make a head or a tail of it.
1418334775460 GMPInstallManager.simpleCheckAndInstall INFOLast check
was: 1418334775 seconds ago, minimum seconds: 86400
1418334775461 GMPInstallManager._getURL INFOUsing override url:
data:text/plain,
> Issue is a false positive then, as Dario said. I've build package on my
> machine (Debian Jessie, amd64).
Yes, thanks for the information.
Executing
> apt-get -b source djmount
in a newly created directory works indeed, while
> apt-get source djmount
> cd djmount-0.71
> ./configure
> make
> cd
Package: src:mc
Version: 3:4.8.13-2
Severity: serious
Dear Maintainers,
The mc package from jessie cannot be built twice in a row, e.g.
$ apt-get source mc
$ cd mc-4.8.13
$ dpkg-buildpackage
$ dpkg-buildpackage
the last command fails with the message:
dpkg-source: error: aborting due to unexp
On Thu, 11 Dec 2014, Alexandre Gramfort wrote:
> hey,
> > ok -- god blessing from release team for uploading patched 0.8.6
> cool.
> > got stuck now though since with sid's version of pandas (never migrated
> > to jessie since some builds were failing... yeah... busy busy) mne build
> > was fa
On Thu, 11 Dec 2014, Andreas Tille wrote:
> Hi Yaroslav,
> On Thu, Dec 11, 2014 at 04:27:05PM -0500, Yaroslav Halchenko wrote:
> > I have had discussed with debian-release on IRC about feasibility of
> > fixing the RC on top of the 0.8.6 in sid. Here is the transcript:
> > 09:14 yoh: I am to
Hi Yaroslav,
On Thu, Dec 11, 2014 at 04:27:05PM -0500, Yaroslav Halchenko wrote:
> I have had discussed with debian-release on IRC about feasibility of
> fixing the RC on top of the 0.8.6 in sid. Here is the transcript:
>
> 09:14 yoh: I am to fix up a RC (tests failures) for python-mne package
On Thu, 11 Dec 2014, Andreas Tille wrote:
> Hi,
> I have not fully understood your conversation whether release team was
> contacted about 0.8.6 or not. I also failed to understand the issue
> with failed tests in connection with pandas. So I do not know whether
> you expect me to do something
Your message dated Thu, 11 Dec 2014 21:21:23 +
with message-id
and subject line Bug#772648: fixed in graphviz 2.26.3-5+squeeze3
has caused the Debian Bug report #772648,
regarding graphviz: format string vulnerability (CVE-2014-9157)
to be marked as done.
This means that you claim that the pr
Processing control commands:
> reassign -1 src:linux
Bug #765780 [systemd] systemd: "systemd-udevd blocked" journal message when
writing ISO to USB stick
Bug reassigned from package 'systemd' to 'src:linux'.
No longer marked as found in versions systemd/215-5 and systemd/215-8.
Ignoring request t
Control: reassign -1 src:linux
On Sat, 18 Oct 2014 11:58:07 +1100 Scott Leggett wrote:
> -- Log snippet
>
> Oct 17 22:56:56 whist kernel: Tainted: G O 3.16-2-amd64 #1
> Oct 17 22:56:56 whist kernel: "echo 0 >
/proc/sys/kernel/hung_task_timeout_secs" disables this message.
> Oct 17 22:56:56 whis
Processing commands for cont...@bugs.debian.org:
> found 772868 0.5.908-3
Bug #772868 [gxine] gxine: Trigger cycle causes dpkg to fail processing
Marked as found in versions gxine/0.5.908-3.
> notfound 772868 2.4.0+dfsg-2
Bug #772868 [gxine] gxine: Trigger cycle causes dpkg to fail processing
Ther
Package: apt-cudf
Version: 3.3~beta1-1
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/cudf/solvers with files there
provided by aspcud, mccs and packup, which are directly or transitively
depended on by apt-cudf itse
Package: auctex
Version: 11.88-1
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/texmf with files there provided by
preview-latex-style and tex-common, which are directly or transitively
depended on by auctex itself.
Package: cups
Version: 1.7.5-9
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/cups/ppd-updaters with files there
provided by cups-filters, which is directly or transitively depended on
by cups itself.
A solution to
Package: fusionforge-plugin-mediawiki
Version: 5.3.2+20141104-2
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/mediawiki with files there
provided by mediawiki and mediawiki-classes, which are directly or
transitivel
Package: gap-core
Version: 4r7p5-1
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/gap with files there provided by
gap-gapdoc and gap-libs, which are directly or transitively depended
on by gap-core itself.
A solut
hi,
> I have not fully understood your conversation whether release team was
> contacted about 0.8.6 or not.
I understood yes.
> I also failed to understand the issue
> with failed tests in connection with pandas.
latest pandas release makes a test failing.
> So I do not know whether
> you exp
Package: gxine
Version: 2.4.0+dfsg-2
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/lib/xine/plugins with files there
provided by libxine2-ffmpeg, libxine2-gnome, libxine2-misc-plugins
and libxine2-x, which is directly or
Package: hoogle
Version: 4.2.33-3
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/lib/ghc-doc/hoogle with files there
provided by ghc-doc, which is directly or transitively depended on
by hoogle itself.
A solution to the
Package: icecc
Version: 1.0.1-1
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/lib/gcc with files there provided by
cpp-4.x, g++-4.x, gcc-4.x, gcc-4.x-base, libgcc-4.x-dev, libobjc-4.x-dev,
libstdc++-4.x-dev and libstdc++6
Package: libjs-protoaculous
Version: 4
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/javascript/scriptaculous and with
files there provided by libjs-scriptaculous and libjs-prototype, which
are directly or transitiv
Package: pypy
Version: 2.4.0+dfsg-2
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/lib/pypy/lib-python with files there
provided by pypy-lib, which is directly or transitively depended on
by pypy itself.
A solution to th
Package: mcollective
Version: 2.6.0+dfsg-2
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/mcollective/plugins with files there
provided by mcollective-common, which is directly or transitively
depended on by mcollect
Package: wordpress
Version: 4.0.1+dfsg-2
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/wordpress/wp-content with files
there provided by wordpress-theme-twentyfourteen, which is directly or
transitively depended on
Hi,
On Tue, Dec 09, 2014 at 11:55:25AM +0100, Andreas Henriksson wrote:
> I have absolutely no idea how the buildds work, but I imagine it's
> overall somewhat similar to how pbuilder handles chroots.
>
> ie. throw away chroots for builds, a pristine chroot as a base.
On IRC, Ansgar noted that t
Am 11.12.2014, 04:28 Uhr, schrieb :
Dear Debian Dovecot user,
I am writing to you because you have helped me in debugging bug #770695.
I have just uploaded -10 which I think should finally fix this once and
for all. (Famous last words! :-) Please test it and let me know what
happens. It also
Package: xfonts-traditional
Version: 1.6
Severity: serious
Hi!
This package can get involved in a trigger cycle. The problem is that
it installs interests on /usr/share/fonts/X11 which is is provided by
xfonts-encodings and xfonts-utils, both directly or transitively
depended on by xfonts-traditi
Hi all,
Am 10.12.2014 um 17:39 schrieb Julien Cristau:
> On Wed, Dec 10, 2014 at 13:41:13 +0100, Micha Lenk wrote:
>> Julien, could you please elaborate why we can't have the 'lid'
>> command be shipped both by libuser and id-utils (as you stated in
>> 748728#34) *even if* a Conflicts: dependency
Maybe I'm missing something, but...
why not just dropping a script in /etc/init.d to detect the situation?
Something like:
test -e /etc/inittab||exit
inittab_contains_daemontools && exit # grep magic here
warn "daemontools will not start, either disable this check
Processing commands for cont...@bugs.debian.org:
> tags 772641 + patch
Bug #772641 [apt] apt: "E: Setting TIOCSCTTY for slave fd failed" when run
as a session leader
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
772641: http://bugs.debian.o
Package: grml-debootstrap
Version: 0.67
Severity: serious
Hi,
as reported in #772846 util-linux's blkid behaviour changed
recently, resulting in a broken grml-debootstrap dialog command line
which causes the interface to exit as soon as grml-debootstrap hits
an unformated partition. It fails with
Ben,
Are you going to work on this issue? I just discover it, and if it isn't
fixed fast enough, it's going to pull Neutron out of Jessie as well. So
we need a fix soon.
Would you accept that I nmu the fix using the provided patch in the BTS?
Cheers,
Thomas Goirand (zigo)
--
To UNSUBSCRIBE,
Your message dated Thu, 11 Dec 2014 16:50:20 +
with message-id
and subject line Bug#771122: fixed in systemd 217-4
has caused the Debian Bug report #771122,
regarding systemd: Desktop services not working after systemd upgrade, until a
reboot is done: enabling WiFi in NetworkManager, reboot
t
Your message dated Thu, 11 Dec 2014 16:50:20 +
with message-id
and subject line Bug#771122: fixed in systemd 217-4
has caused the Debian Bug report #771122,
regarding restarting the journal breaks other services
to be marked as done.
This means that you claim that the problem has been dealt w
Hi,
I have not fully understood your conversation whether release team was
contacted about 0.8.6 or not. I also failed to understand the issue
with failed tests in connection with pandas. So I do not know whether
you expect me to do something after I'm slowly recovering to normal
operation after
Hi!
On Thu, 2014-12-11 at 08:50:23 +0100, Guillem Jover wrote:
> > Reasoning: I just tried the following sequence:
> > dpkg -i trigdepends-interest_1.0_all.deb triggerable-interest_1.0_all.deb
> > # ^ dependency ^ interest /usr/share/doc
> > dpkg --unpack trigdepends-inte
Processing commands for cont...@bugs.debian.org:
> found 772692 2.17.3.1.dfsg-3
Bug #772692 [tau] tau: More bashisms
Marked as found in versions tau/2.17.3.1.dfsg-3.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
772692: http://bugs.debian.org/cgi-bin/bugreport.c
hey,
> ok -- god blessing from release team for uploading patched 0.8.6
cool.
> got stuck now though since with sid's version of pandas (never migrated
> to jessie since some builds were failing... yeah... busy busy) mne build
> was failing:
pandas is a weak dependency of mne. mne works without
On Wed, 10 Dec 2014, Alexandre Gramfort wrote:
> hi,
> thanks Yarik for your help make v0.8.6 available on neurodebian.
> Regarding the patch I sent it via email as I don't know the procedure.
> Currently the master branch is packaged and it's already at 0.8.6.
> I am not sure if I should branc
Your message dated Thu, 11 Dec 2014 21:35:10 +0900
with message-id <20141211123510.ga13...@lilith.infoblue.home>
and subject line
has caused the Debian Bug report #768678,
regarding ruby-faraday: FTBFS in jessie: build-dependency not installable:
ruby-em-synchrony
to be marked as done.
This mean
Hi,
On 01:35 Thu 11 Dec , David Kalnischkies wrote:
> Attached is a patch which hopefully does exactly this. It is against
> experimental, but that shouldn't matter (expect for the testcase
> I think). I have run it on Linux amd64 (and armel) hardware as well
> as on a kfreebsd kvm, so I have
Your message dated Thu, 11 Dec 2014 12:19:38 +
with message-id
and subject line Bug#772008: fixed in mpfr4 3.1.2-2
has caused the Debian Bug report #772008,
regarding libmpfr4: buffer overflow in mpfr_strtofr
to be marked as done.
This means that you claim that the problem has been dealt with
On December 11, 2014 6:37:51 AM EST, Moritz Muehlenhoff wrote:
>Package: pyyaml
>Severity: grave
>Tags: security
>
>Hi,
>CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
>reproducer.
I'm away from any computer I could test this on today.
Is this still a problem with a fixed
Processing commands for cont...@bugs.debian.org:
> found 772811 0.19.3-1
Bug #772811 [unrtf] unrtf: CVE-2014-9274 CVE-2014-9275
Marked as found in versions unrtf/0.19.3-1.
> tags 772811 + upstream
Bug #772811 [unrtf] unrtf: CVE-2014-9274 CVE-2014-9275
Added tag(s) upstream.
> thanks
Stopping proce
Package: pyyaml
Severity: grave
Tags: security
Hi,
CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
reproducer.
Cheers,
Moritz
import yaml
import codecs
with codecs.open('CVE-2014-9130.yaml', 'r') as stream:
foo = yaml.load(stream)
for key, value in foo.items():
Your message dated Thu, 11 Dec 2014 11:34:18 +
with message-id
and subject line Bug#772417: fixed in desktop-base 8.0.0
has caused the Debian Bug report #772417,
regarding desktop-base: debian/copyright file needs to be updated
to be marked as done.
This means that you claim that the problem
Am 11.12.2014 um 11:31 schrieb Michael Biebl:
>> Changes:
>> sane-backends (1.0.24-5) unstable; urgency=medium
>> .
>>* debian/rules:
>> - change saned.service to saned@.service to install it as
>>template (Closes: #769196).
>
> I'm not sure if this change was actually tested :
Package: unrtf
Severity: grave
Tags: security
Please see http://www.openwall.com/lists/oss-security/2014/12/03/4
for more information and references to patches.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
Processing control commands:
> severity -1 critical
Bug #765780 [systemd] systemd: "systemd-udevd blocked" journal message when
writing ISO to USB stick
Severity set to 'critical' from 'normal'
--
765780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765780
Debian Bug Tracking System
Contact
Processing control commands:
> found -1 1.0.24-5
Bug #769196 {Done: Jörg Frings-Fürst } [sane-utils]
sane-utils: systemd socket activation doesn't work
Marked as found in versions sane-backends/1.0.24-5; no longer marked as fixed
in versions sane-backends/1.0.24-5 and reopened.
> severity -1 ser
On Tue, Dec 09, 2014 at 11:24:11AM +, Gerrit Pape wrote:
> On Mon, Nov 24, 2014 at 10:08:49PM +, Simon McVittie wrote:
> > On 24/11/14 21:41, Gerrit Pape wrote:
> > > Better than (2) would be to make the existence of /etc/inittab still
> > > essential for jessie, by moving the corresponding
On jeu., 2014-12-11 at 09:35 +0100, Ansgar Burchardt wrote:
> >
> > Ansgar: will it not be an issue to have both debian.tar.{gz,xz} in the
> > archive?
>
> No, the second .debian.tar.* is not kept: it's referenced by the
> .changes so dak verifies that it's included in the upload, but then gets
>
Processing commands for cont...@bugs.debian.org:
> severity 772796 normal
Bug #772796 [installation-reports] debian installer don't detect
dmraid/sataraid/fakeraid
Severity set to 'normal' from 'critical'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
772796: ht
Hi,
Yves-Alexis Perez writes:
> I guess Ansgar put the debian.tar.xz at the right place, the processing
> was successful in the end.
>
> Ansgar: will it not be an issue to have both debian.tar.{gz,xz} in the
> archive?
No, the second .debian.tar.* is not kept: it's referenced by the
.changes so
Processing commands for cont...@bugs.debian.org:
> block 772796 by 772795
Bug #772796 [installation-reports] debian installer don't detect
dmraid/sataraid/fakeraid
772796 was not blocked by any bugs.
772796 was not blocking any bugs.
Added blocking bug(s) of 772796: 772795
>
End of message, stopp
package: installation-reports
severity: critical
It took a long research online to finally install wheezy on Dell
PowerEdge T20 server. I had to manually enter dmraid=true at installer
prompt and then manually install grub.
Bug report against grub for correctly installing when dmraid=true is set
On mer., 2014-12-10 at 17:38 -0500, Robert Edmonds wrote:
> Salvatore Bonaccorso wrote:
> > [23:26] < ansgar> As the .dsc looks right (it only has one), the uploader
> > can just fix the .changes and upload to ftp-master. Or give me the missing
> > .debian.tar.*.
> >
> > Can you do one of the b
80 matches
Mail list logo
