Bug#773085: Regression in escaped url handling with patch applied for #773085

Control: tags -1 + patch ❦ 3 janvier 2015 23:22 +0100, Vincent Bernat  : > However, the whole stuff is quite fragile. I can't say for sure if > spaces would do something good or bad, but a star would not work. Here > is an improved version which is easier to understand. I have found a way to b

Processed: Re: Bug#773085: Regression in escaped url handling with patch applied for #773085

Processing control commands: > tags -1 + patch Bug #773085 [src:xdg-utils] xdg-utils: command injection vulnerability Added tag(s) patch. -- 773085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE,

Bug#773805: liblucene4-java: Incomplete poms installed in /usr/share/maven-repo

Le 08/01/2015 07:41, Niels Thykier a écrit : > If the bug only prevents "new packages" from being build (i.e. packages > not already in Jessie/sid), it /sounds/ like it might not be RC after > all (maybe "important"). However, please keep in mind that my answer is > solely based on the above mail

Bug#742048: systemd-remount-fs.service fails for split-usr

Hey Michael, Michael Biebl [2015-01-07 13:17 +0100]: > Updated patch attached (tested with a split-usr setup and with both > initramfs-tools 0.116 and 0.118) Looks great to me, thanks! Will you commit yourself? (I figure there's no point trying to send that upstream, even with #ifdef HAVE_SPLIT_U

Bug#773805: liblucene4-java: Incomplete poms installed in /usr/share/maven-repo

On 2015-01-08 05:17, tony mancill wrote: > [...] > > > Hello Hilko, Emmanuel, > > I'm taking a look at this, but in the interest of the jessie release, I > wanted to ask Emmanuel whether it would be okay to decrease the severity. > > We have a number of other packages with missing or incomplete

Bug#773805: liblucene4-java: Incomplete poms installed in /usr/share/maven-repo

On 12/23/2014 08:55 PM, Hilko Bengen wrote: > * Emmanuel Bourg: > >> Package: liblucene4-java >> Version: 1:4.6.1+dfsg-2 >> Severity: serious >> >> The liblucene4-java package installs dummy pom.xml files in >> /usr/share/maven-repo >> which are missing important information to be usable by other

Bug#769941: libgstreamer-plugins-base1.0-0: No iceweasel crashes on my i386 testing

Package: libgstreamer-plugins-base1.0-0 Version: 1.4.4-2 Followup-For: Bug #769941 I was upgrading my i386 testing box, which included upgrading libgstreamer-plugins-base1.0-0 from 1.4.3-1 to 1.4.4-2. Before and after the upgrade, I had no crashes when using Iceweasel to login GMail. Everything

Bug#774607: gitweb breaks apache upgrade

Guillem Jover wrote: > In this case though, it seems switching to interest-noawait is the > correct fix, because gitweb just wants to be notified when the > apache2-maintscript-helper program appears to be able to configure > itself, but apache does not care and does not need to await the > trigge

Bug#774794: Debian Bug#774794: Re: dpkg: Add breaks for new trigger cycles

Hi! On Wed, 2015-01-07 at 20:12:28 +0100, Niels Thykier wrote: > On 2015-01-07 18:41, Niels Thykier wrote: > > Package: dpkg > > Version: 1.17.23 > > Severity: serious > > Control: block -1 by 774791 > > This is a bug to track missing "Breaks" for new trigger cycles > > (i.e. cycles found after t

Bug#773147: marked as done (libx52pro0: cannot be removed after an upgrade from wheezy to jessie (or sid))

Your message dated Thu, 08 Jan 2015 01:03:44 + with message-id and subject line Bug#773147: fixed in x52pro 0.1.1-2.2 has caused the Debian Bug report #773147, regarding libx52pro0: cannot be removed after an upgrade from wheezy to jessie (or sid) to be marked as done. This means that you cl

Bug#774464: nginx: change to index.html lost on upgrade

I can understand the concern about loss. However, /usr/share/ is for packages. This is where packages put things. This is essentially a web app installed and maintained by the nginx-common package. It is *not* a configuration file. There is no need to handle it as if it were a configuration file.

Bug#767675: marked as done (libx52pro0: fails to install: subprocess installed post-installation script returned error exit status 2)

Your message dated Thu, 08 Jan 2015 01:03:44 + with message-id and subject line Bug#767675: fixed in x52pro 0.1.1-2.2 has caused the Debian Bug report #767675, regarding libx52pro0: fails to install: subprocess installed post-installation script returned error exit status 2 to be marked as do

Bug#774607: gitweb breaks apache upgrade

Control: unmerge -1 Control: reopen -1 Control: affects -1 - gitweb src:git Control: reassign -1 gitweb 1:2.1.4-2 Control: forcemerge 774803 -1 Hi! Giving it back. :) On Mon, 2015-01-05 at 16:54:19 -0800, Jonathan Nieder wrote: > Jonathan Nieder wrote: > > Erwan David wrote[1]: > > >> dpkg: cyc

Processed: Re: gitweb breaks apache upgrade

Processing control commands: > unmerge -1 Bug #774607 {Done: Guillem Jover } [dpkg] gitweb breaks apache upgrade Bug #771730 {Done: Guillem Jover } [dpkg] dpkg: yet another trigger cycle, involving initramfs-tools and libc-bin Bug #774341 {Done: Guillem Jover } [dpkg] Error on trigger processi

Bug#774815: php-monolog: Versionned Provides field

On 08/01/2015 00:44, David Prévot wrote: > On Wed, Jan 07, 2015 at 10:23:24PM +0100, Vincent Danjean wrote: >> Package: php-monolog >> Version: 1.12.0-1 >> Severity: serious >> Justification: Policy 7.1 >> >> Your package in experimental declare a versionned Provides field. > > Indeed, as suppor

Processed: your mail

Processing commands for cont...@bugs.debian.org: > severity 774464 grave Bug #774464 [nginx] nginx: change to index.html lost on upgrade Severity set to 'grave' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 774464: http://bugs.debian.org/cgi-bin/bu

Bug#774815: php-monolog: Versionned Provides field

On Wed, Jan 07, 2015 at 10:23:24PM +0100, Vincent Danjean wrote: > Package: php-monolog > Version: 1.12.0-1 > Severity: serious > Justification: Policy 7.1 > > Your package in experimental declare a versionned Provides field. Indeed, as supported by apt since 1.0.7 (#758153) and dpkg since 1.17

Bug#774788: [PKG-Openstack-devel] Bug#774788: neutron-metadata-agent overwrites config on update

On 07.01.2015 22:40, Thomas Goirand wrote: > On 01/07/2015 05:43 PM, Benedikt Trefzer wrote: >> Package: neutron-metadata-agent >> Version: 2014.1.3-8 >> Severity: serious >> >> Hi >> Upgrade of neutron-metadata-agent overwrites the parameter >> auth_url in /etc/neutron/metadata_agent.ini > > Hi

Processed: notfound 774584 in 1.2.1-1, found 774584 in 1.2.1-2

Processing commands for cont...@bugs.debian.org: > notfound 774584 1.2.1-1 Bug #774584 [rtpproxy] rtpproxy: Deamon does not start as init script points to wrong executable path No longer marked as found in versions rtpproxy/1.2.1-1. > found 774584 1.2.1-2 Bug #774584 [rtpproxy] rtpproxy: Deamon d

Bug#774285: marked as done (package mod-proxy-msrpc_0.5-1 FTBFS on big-endian)

Your message dated Wed, 07 Jan 2015 22:18:39 + with message-id and subject line Bug#774285: fixed in mod-proxy-msrpc 0.5-2 has caused the Debian Bug report #774285, regarding package mod-proxy-msrpc_0.5-1 FTBFS on big-endian to be marked as done. This means that you claim that the problem has

Bug#750312: marked as done (flask: FTBFS: Tests failures)

Your message dated Wed, 7 Jan 2015 22:46:27 +0100 with message-id <20150107214627.gi28...@sts0.p1otr.com> and subject line fixed in 0.9.6+dfsg-1 has caused the Debian Bug report #750312, regarding flask: FTBFS: Tests failures to be marked as done. This means that you claim that the problem has bee

Bug#774788: [PKG-Openstack-devel] Bug#774788: neutron-metadata-agent overwrites config on update

On 01/07/2015 05:43 PM, Benedikt Trefzer wrote: > Package: neutron-metadata-agent > Version: 2014.1.3-8 > Severity: serious > > Hi > Upgrade of neutron-metadata-agent overwrites the parameter > auth_url in /etc/neutron/metadata_agent.ini Hi Benedict, What happens is that the auth_url in neutron.

Bug#774815: php-monolog: Versionned Provides field

Package: php-monolog Version: 1.12.0-1 Severity: serious Justification: Policy 7.1 Hi, Your package in experimental declare a versionned Provides field. It is wrong, and this has been catched by lintian: https://lintian.debian.org/maintainer/pkg-php-p...@lists.alioth.debian.org.html#php-monol

Bug#774589: [enno@mash: nmap seems to depend on libpcre3, but isn't marked accordingly.]

> "Hilko" == Hilko Bengen writes: >> Inconsistency detected by ld.so: dl-version.c: >> 224: _dl_check_map_versions: Assertion `needed != ((void *)0)' >> failed! > Thank you. Pleasure. May it be of help, my commandline was: $ nmap -A -T4 10.0.0.0/24 Brgds, e. -- // e

Bug#774803: gitweb: dpkg trigger cycle via apache2

On 2015-01-07 21:29, Jonathan Nieder wrote: > Hi Niels, > > Niels Thykier wrote: > >> Debian `dpkg' package management program version 1.17.23 (amd64). > [...] >> chain of packages whose triggers are or may be responsible: >> gitweb -> gitweb >> packages' pending triggers which are or may be

Processed: Re: gitweb: dpkg trigger cycle via apache2

Processing commands for cont...@bugs.debian.org: > tags 774803 + help Bug #774803 [gitweb] gitweb: dpkg trigger cycle via apache2 Added tag(s) help. > End of message, stopping processing here. Please contact me if you need assistance. -- 774803: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7

Bug#774803: gitweb: dpkg trigger cycle via apache2

Hi Niels, Niels Thykier wrote: > Debian `dpkg' package management program version 1.17.23 (amd64). [...] > chain of packages whose triggers are or may be responsible: > gitweb -> gitweb > packages' pending triggers which are or may be unresolvable: > gitweb: /usr/share/apache2/apache2-maint

Bug#773846: exiv2: diff for NMU version 0.24-4.1

Control: tags 773846 + pending Dear maintainer, I've prepared an NMU for exiv2 (versioned as 0.24-4.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Salvatore diff -Nru exiv2-0.24/debian/changelog exiv2-0.24/debian/changelog --- exiv2-0.24/debian

Processed: exiv2: diff for NMU version 0.24-4.1

Processing control commands: > tags 773846 + pending Bug #773846 [exiv2] exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler Added tag(s) pending. -- 773846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773846 Debian Bug Tracking System Contact ow...@bugs.debian.org with pro

Processed: your mail

Processing commands for cont...@bugs.debian.org: > package src:haskell-hgettext Limiting to bugs with field 'package' containing at least one of 'src:haskell-hgettext' Limit currently set to 'package':'src:haskell-hgettext' > fixed 774802 0.1.30-4 Bug #774802 [src:haskell-hgettext] Incompatibili

Bug#774767: libmspack: CHM decompression: pointer arithmetic overflow

* Sebastian Andrzej Siewior | 2015-01-07 13:13:57 [+0100]: >* Jakub Wilk | 2015-01-06 21:18:30 [+0100]: >>Two sample CHM files that trigger segfaults, which are caused by the >>overflows, are also attached. >> >>This bug does affect ClamAV. > >How do you trigger this? got it. 32bit arch is the key

Processed: tagging 773029

Processing commands for cont...@bugs.debian.org: > tags 773029 + patch Bug #773029 [groonga-server-common] groonga-server-common: purging deletes conffiles owned by other packages: /etc/groonga/{groonga.conf, synonyms.tsv} Added tag(s) patch. > thanks Stopping processing here. Please contact me

Processed: found 773846 in 0.24-1

Processing commands for cont...@bugs.debian.org: > found 773846 0.24-1 Bug #773846 [exiv2] exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler Marked as found in versions exiv2/0.24-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 773846: http:/

Processed: bug 773846 is forwarded to http://dev.exiv2.org/issues/960

Processing commands for cont...@bugs.debian.org: > forwarded 773846 http://dev.exiv2.org/issues/960 Bug #773846 [exiv2] Buffer overflow in INFO tags of riff (patch from upstream) Changed Bug forwarded-to-address to 'http://dev.exiv2.org/issues/960' from 'http://dev.exiv2.org/issues/1002' > thanks

Bug#774794: Debian Bug#774794: Re: dpkg: Add breaks for new trigger cycles

On 2015-01-07 18:41, Niels Thykier wrote: > Package: dpkg > Version: 1.17.23 > Severity: serious > Control: block -1 by 774791 > > Hi, > > This is a bug to track missing "Breaks" for new trigger cycles > (i.e. cycles found after the 1.17.23 upload). > > * grace (#774558, fixed in sid and testin

Processed: retitle 773846 to exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler

Processing commands for cont...@bugs.debian.org: > retitle 773846 exiv2: CVE-2014-9449: buffer overflow in > RiffVideo::infoTagsHandler Bug #773846 [exiv2] Buffer overflow in INFO tags of riff (patch from upstream) Changed Bug title to 'exiv2: CVE-2014-9449: buffer overflow in RiffVideo::infoTag

Bug#774803: gitweb: dpkg trigger cycle via apache2

Package: gitweb Version: 1:2.1.4-2 Severity: serious Control: block 774794 by -1 Hi, The gitweb package has a trigger cycle via apache2. Steps to reproduce the cycle (in a Jessie/sid chroot): """ # apt-get install apache2 gitweb # dpkg --version | grep ' version 1.17' && \ dpkg --unpack /var/c

Processed: gitweb: dpkg trigger cycle via apache2

Processing control commands: > block 774794 by -1 Bug #774794 [dpkg] dpkg: Add breaks for new trigger cycles 774794 was blocked by: 774791 774794 was not blocking any bugs. Added blocking bug(s) of 774794: 774803 -- 774794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774794 774803: http://b

Bug#774802: Incompatibility between Setup.hs and cabal-install when using hgettext

Source: haskell-hgettext Version: 0.1.30-2 Severity: grave When trying to build a package, that uses function from hgettext in its Setup.hs, with cabal-install and libghc-cabal-dev is installed, the build fails with a bunch of messages about not matching command line options. This happens, becaus

Processed: downgrade 774793

Processing commands for cont...@bugs.debian.org: > severity 774793 important Bug #774793 [src:openssh] openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default Bug #774711 [src:openssh] openssh: OpenSSH should have stronger ciphers selected at least on the server side. Severity set

Bug#774711: openssh: OpenSSH should have stronger ciphers selected at least on the server side.

On Wed, 2015-01-07 at 15:25 +, Matthew Vernon wrote: > Christoph Anton Mitterer writes: > > > On Tue, 2015-01-06 at 18:52 +0200, Vasil Kolev wrote: > > > - get openssh to generate 4096-bit RSA keys by default; > > ... and disable DSA and RSA1 keys, which is possible if you name all > > othe

Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

On Wed, 2015-01-07 at 18:13 +, Colin Watson wrote: > The defaults should be changed upstream first (has anyone contacted > them?) Well I've had some discussions with them as I've noted in #774711, but more with respect to the issues in DH-GEX (moduli sizes, that the client basically accepts an

Processed: Re: Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

Processing commands for cont...@bugs.debian.org: > forcemerge 774793 774711 Bug #774793 [src:openssh] openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default Bug #774711 [src:openssh] openssh: OpenSSH should have stronger ciphers selected at least on the server side. Severity set t

Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

forcemerge 774793 774711 stop Hi. This is basically the same as #774711, therefore merging. On Wed, 2015-01-07 at 18:29 +0100, comot...@krutt.org wrote: > The attached patch updates openssh-server debian defaults through the > postinst script according to bettercrypto.org[2], stribika[3] and

Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

On Wed, Jan 07, 2015 at 06:29:17PM +0100, comot...@krutt.org wrote: > The latest batch of Snowden documents[1] has shown that misbehaving > nationstates can decrypt many of the SSH ciphers at least some of the > time. Every debian system ships with openssh-server and many rely on > openssh in varie

Processed: your mail

Processing commands for cont...@bugs.debian.org: > tags 774213 unreproducible Bug #774213 [zope2.13] zope2.13: import zope.security._proxy -> SystemError: dynamic module not initialized properly Added tag(s) unreproducible. > End of message, stopping processing here. Please contact me if you nee

Bug#774213: zope2.13: import zope.security._proxy -> SystemError: dynamic module not initialized properly

On Dec 30, 2014, at 02:32 PM, Kirill Smelkov wrote: >Package: zope2.13 >Version: 2.13.22-1 >Severity: grave >Justification: renders package unusable > >With zope2.13 I've tried to create a (user) instance and start it, but a >`SystemError: dynamic module not initialized properly` is raised while >

Bug#774795: php5, mysql-server-5.5: php5 FTBFS on ppc64el due to mysql assertion failure "InnoDB: Failing assertion: node->n_pending == 0"

Package: php5,mysql-server-5.5 Severity: serious Hi PHP5 maintainers and MySQL maintainers, I noticed that PHP5 FTBFS on powerpc64el with the following[1]: """ 150105 16:07:30 InnoDB: 5.5.40 started; log sequence number 0 150105 16:07:30 InnoDB: Starting shutdown... 150105 16:07:31 InnoDB: Ass

Bug#774794: dpkg: Add breaks for new trigger cycles

Package: dpkg Version: 1.17.23 Severity: serious Control: block -1 by 774791 Hi, This is a bug to track missing "Breaks" for new trigger cycles (i.e. cycles found after the 1.17.23 upload). * grace (#774558, fixed in sid and testing) * php5 (#774559, fixed in sid - has a FTBFS on ppc64el) * x

Processed: dpkg: Add breaks for new trigger cycles

Processing control commands: > block -1 by 774791 Bug #774794 [dpkg] dpkg: Add breaks for new trigger cycles 774794 was not blocked by any bugs. 774794 was not blocking any bugs. Added blocking bug(s) of 774794: 774791 -- 774794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774794 Debian Bug

Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

Source: openssh Severity: critical Tags: patch security Justification: root security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The latest batch of Snowden documents[1] has shown that misbehaving nationstates can decrypt many of the SSH ciphers at least some of the time. Every debian s

Bug#774791: xine-ui: Creates dpkg trigger cycle via libxine2-ffmpeg, libxine2-misc-plugins or libxine2-x

Source: xine-ui Version: 0.99.9-1.1 Severity: serious Hi, The libxine2-ffmpeg, libxine2-misc-plugins and libxine2-x packages have a trigger cycle via the xine-ui package. This was detected by a script on jenkins.debian.net[1]. Steps to reproduce the cycle (in a Jessie/sid chroot): """ apt-get

Bug#774788: neutron-metadata-agent overwrites config on update

Package: neutron-metadata-agent Version: 2014.1.3-8 Severity: serious Hi Upgrade of neutron-metadata-agent overwrites the parameter auth_url in /etc/neutron/metadata_agent.ini Steps to reproduce on a fresh jessie system: add deb http://snapshot.debian.org/archive/debian/20150101T040509Z/

Bug#774531: marked as done (keysync: missing Depends: python-pkg-resources)

Your message dated Wed, 07 Jan 2015 15:20:12 + with message-id and subject line Bug#774531: fixed in keysync 0.2.1.1-2 has caused the Debian Bug report #774531, regarding keysync: missing Depends: python-pkg-resources to be marked as done. This means that you claim that the problem has been d

Bug#774780: sound-juicer: Refuses to start: “The plugin necessary for file access was not found”

Package: sound-juicer Version: 3.14.0-1+b1 Severity: serious The bug #717391 still exists in testing. I have been able to work around it by executing $ rm ~/.cache/gstreamer-1.0/registry.x86_64.bin see also [1,2]. [1]

Bug#768189: should not automatically change MAC (w/o user consent)

I've sent out a call for translations directly a while back. I don't know how to get any translations that might have been produced. signature.asc Description: OpenPGP digital signature

Processed: keysync

Processing commands for cont...@bugs.debian.org: > severity 774531 serious Bug #774531 [keysync] keysync: missing Depends: python-pkg-resources Severity set to 'serious' from 'important' > affects 774531 keysync/0.2.1.1-1 Bug #774531 [keysync] keysync: missing Depends: python-pkg-resources Added i

Bug#768189: should not automatically change MAC (w/o user consent)

[Hans-Christoph Steiner] > The freeze exception I put in was rejected until there are some > translations of the strings. So help with getting the translations > in, if you want this to happen sooner rather than later. I've never > handled translations or debconf questions in a package before. P

Processed: retitle 773041 to libmspack: CVE-2014-9556: frame_end overflow which could cause infinite loop

Processing commands for cont...@bugs.debian.org: > retitle 773041 libmspack: CVE-2014-9556: frame_end overflow which could cause > infinite loop Bug #773041 {Done: Marc Dequènes (Duck) } [libmspack0] libmspack: hangs on a crafted CAB file Changed Bug title to 'libmspack: CVE-2014-9556: frame_end

Processed: fixed 774772 in 0.1.15.2-10

Processing commands for cont...@bugs.debian.org: > fixed 774772 0.1.15.2-10 Bug #774772 [policyd-weight] policyd-weight: rhsbl.ahbl.org flags all domains Marked as fixed in versions policyd-weight/0.1.15.2-10. > thanks Stopping processing here. Please contact me if you need assistance. -- 774772

Bug#773806: marked as done (libdb5.3-java: Pre-installation script fails)

Your message dated Wed, 07 Jan 2015 13:04:00 + with message-id and subject line Bug#773806: fixed in db5.3 5.3.28-7~deb8u2 has caused the Debian Bug report #773806, regarding libdb5.3-java: Pre-installation script fails to be marked as done. This means that you claim that the problem has been

Bug#774772: policyd-weight: rhsbl.ahbl.org flags all domains

Package: policyd-weight Version: 0.1.15.2-9 Severity: critical Justification: causes serious data loss Control: found -1 0.1.15.2-5+wheezy1 Hi, Per http://ahbl.org/content/last-notice-wildcarding-services-jan-1st the default policyd-weight configuration needs to change ASAP to stop including rhsb

Processed: policyd-weight: rhsbl.ahbl.org flags all domains

Processing control commands: > found -1 0.1.15.2-5+wheezy1 Bug #774772 [policyd-weight] policyd-weight: rhsbl.ahbl.org flags all domains Marked as found in versions policyd-weight/0.1.15.2-5+wheezy1. -- 774772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774772 Debian Bug Tracking System Co

Bug#774645: marked as done (libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs)

Your message dated Wed, 07 Jan 2015 12:49:01 + with message-id and subject line Bug#774645: fixed in libevent 2.0.21-stable-2 has caused the Debian Bug report #774645, regarding libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs to be marked as done. This means that

Bug#774645: libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs

Hi Anibal, On Wed, Jan 07, 2015 at 11:18:15PM +1100, Aníbal Monsalve Salazar wrote: > On Wed, 2015-01-07 13:10:51 +0100, Salvatore Bonaccorso wrote: > > > > Please find attached debdiff for unstable. I have *not* uploaded it to > > any delayed queue so far. Are you working on the update yourself?

Bug#774726: libmspack: CHM decompression: pointer arithmetic overflow

* Jakub Wilk | 2015-01-06 21:18:30 [+0100]: >Two sample CHM files that trigger segfaults, which are caused by the >overflows, are also attached. > >This bug does affect ClamAV. How do you trigger this? I tried both files with "cabextract -t", clamdscan, clamscan and chmd_md5. None of those segfau

Bug#774645: libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs

On Wed, 2015-01-07 13:10:51 +0100, Salvatore Bonaccorso wrote: > > Please find attached debdiff for unstable. I have *not* uploaded it to > any delayed queue so far. Are you working on the update yourself? Hello Salvatore, I'm about to upload a package with the fix. Before the upload, I'll compa

Bug#742048: systemd-remount-fs.service fails for split-usr

control: tags -1 + patch Am 06.01.2015 um 10:37 schrieb Michael Biebl: > Am 06.01.2015 um 08:23 schrieb Martin Pitt: >> Also, I think there is a simpler way to check if a dir is a >> mountpoint: s1 = stat(dir), s2 = stat(parent(dir)) >> (i. e. dir + "/.."), and check >> >> is_mount = (st.st_dev !

Processed: Re: Bug#742048: systemd-remount-fs.service fails for split-usr

Processing control commands: > tags -1 + patch Bug #742048 [systemd] systemd-remount-fs.service fails for split-usr Bug #763327 [systemd] [systemd] FAILED to remount / Added tag(s) patch. Added tag(s) patch. -- 742048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742048 763327: http://bugs.d

Bug#774645: libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs

Control: tags -1 + patch Hi Anibal, Please find attached debdiff for unstable. I have *not* uploaded it to any delayed queue so far. Are you working on th update yourself? Regards, Salvatore diff -Nru libevent-2.0.21-stable/debian/changelog libevent-2.0.21-stable/debian/changelog --- libevent-2

Processed: Re: Bug#774645: libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs

Processing control commands: > tags -1 + patch Bug #774645 [src:libevent] libevent: CVE-2014-6272: potential heap overflow in buffer/bufferevent APIs Ignoring request to alter tags of bug #774645 to the same tags previously set -- 774645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774645

Bug#768189: should not automatically change MAC (w/o user consent)

The freeze exception I put in was rejected until there are some translations of the strings. So help with getting the translations in, if you want this to happen sooner rather than later. I've never handled translations or debconf questions in a package before. .hc signature.asc Description:

Processed: new libmspack bugs in clamav

Processing commands for cont...@bugs.debian.org: > clone 774725 -1 Bug #774725 [libmspack0] libmspack: CHM decompression: division by zero Bug 774725 cloned as bug 774766 > clone 774726 -2 Bug #774726 [libmspack0] libmspack: CHM decompression: pointer arithmetic overflow Bug 774726 cloned as bug

Bug#773777: marked as done (libapache2-mod-authz-securepass: incompatible with Apache 2.4 due to use of ap_requires)

Your message dated Wed, 07 Jan 2015 10:19:20 + with message-id and subject line Bug#773777: fixed in mod-authz-securepass 0~20140715+0git93f271f5-3 has caused the Debian Bug report #773777, regarding libapache2-mod-authz-securepass: incompatible with Apache 2.4 due to use of ap_requires to b