Hi Otto,
On Mon, Jan 26, 2015 at 09:03:28PM +0200, Otto Kekäläinen wrote:
> The page https://mariadb.com/kb/en/security/ has updated and includes
> info about these latest CVEs.
>
> It seems most issues were fixed in 5.5.41/10.0.16.
> One was for 5.5.39/10.0.13.
>
> 10.0.16 hasn't been yet relea
Package: dleyna-server
Version: 0.4.0-1
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
* What led up to the situation?
Sporadically, when watching video, typically using Totem. Any video.
This did not happen until about a month ago (on testing, keeping up
Hi shirish शिरीष,
On Dienstag, 27. Januar 2015, shirish शिरीष wrote:
> Also Micha Lee made a new 0.1.9 release around 4 days back so guessing
> the new one would be the best.
I'm well aware - just not sure whether I think 0.1.9 is the best for jessie or
0.1.7 plus the new signing key and the fix
Followup-For: Bug #775350
Control: found -1 2.25.2-4.1
maintscript has a wrong path (and version):
-symlink_to_dir /usr/share/doc/libblkid-dev /usr/share/doc/libblkid 2.25.2-4
+symlink_to_dir /usr/share/doc/libblkid-dev /usr/share/doc/libblkid1 2.25.2-4.2~
Andreas
--
To UNSUBSCRIBE, email to
Processing control commands:
> found -1 2.25.2-4.1
Bug #775350 {Done: Jonathan Wiltshire } [libblkid-dev]
libblkid-dev: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
Marked as found in versions util-linux/2.25.2-4.1; no longer marked as fixed in
versions util-linux/2.25.2-4.1
Your message dated Mon, 26 Jan 2015 19:55:53 -0500
with message-id
and subject line re: wine-unstable: not yet ready for stable release
has caused the Debian Bug report #741702,
regarding wine-unstable: not yet ready for stable release
to be marked as done.
This means that you claim that the pro
Hi all,
I just came across this bug myself. Once, twice, thrice then I
investigated what the issue might be. Went to the cache and compared
the sha256sum of the file downloaded with the one given at the tor
project. Saw that it matched, then concluded then it's the small
python egg which might be t
FWIW, I reinstalled another laptop with jessie rc1, and adding a printer
in GNOME fails due to the same problem. If it matters, the printer is a
HP LaserJet P2055DN.
/Simon
pgpY3UL5QA0o2.pgp
Description: OpenPGP digital signatur
Processing control commands:
> affects -1 + php-kdyby-console
Bug #776330 [php-kdyby-console] php-kdyby-console: uninstallable in sid:
php-symfony-console (>= 2.5) is not available anywhere
Added indication that 776330 affects php-kdyby-console
--
776330: http://bugs.debian.org/cgi-bin/bugrepor
Package: php-kdyby-console
Version: 2.3.0-1
Severity: grave
Tags: sid
Justification: renders package unusable
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + php-kdyby-console
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The
Your message dated Mon, 26 Jan 2015 21:19:54 +
with message-id
and subject line Bug#776253: fixed in wv 1.2.9-4.1
has caused the Debian Bug report #776253,
regarding dependency on libwv-1.2-4 too weak
to be marked as done.
This means that you claim that the problem has been dealt with.
If thi
On Mon, Jan 26, 2015 at 12:25:07AM +0100, Helmut Grohne wrote:
> Package: wv
> Version: 1.2.9-4+b1
> Severity: serious
> Justification: policy 12.3 footnote 2
> Tags: patch
>
> wv contains a symlink /usr/share/doc/wv which points to libwv-1.2-4. Its
> dependency on libwv-1.2-4 is unversioned thoug
Processing commands for cont...@bugs.debian.org:
> tags 772076 + moreinfo
Bug #772076 [icedove] confirm certificate exception dialog keeps re-appearing
Added tag(s) moreinfo.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
772076: http://bugs.debian.org/cgi-bin/bu
The page https://mariadb.com/kb/en/security/ has updated and includes
info about these latest CVEs.
It seems most issues were fixed in 5.5.41/10.0.16.
One was for 5.5.39/10.0.13.
10.0.16 hasn't been yet released, but I'll expect it is released soon
and I will try to be as fast as possible in upda
On Mon, Jan 26, 2015 at 01:42:51PM -0500, Michael Gilbert wrote:
> package: src:samba
> version: 2:4.1.13+dfsg-4
> severity: serious
>
> The latest upload failed to build on the mips buildd:
> https://buildd.debian.org/status/package.php?p=samba
See the comment in the build log:
21:17:20 runner
On Sat, Dec 20, 2014 at 9:02 AM, Michael Gilbert wrote:
if [ -L /etc/X11/app-defaults/XScreenSaver ]; then
if [ "$(readlink /etc/X11/app-defaults/XScreenSaver)" =
"XScreenSaver-nogl" -o \
"$(readlink /etc/X11/app-defaults/XScreenSaver)" =
"XScreenSaver-gl"]; the
Hi,
Le 21/01/2015 14:23, David Prévot a écrit :
> Le 19/01/2015 13:34, Daniel Beyer a écrit :
>> I'm not 100% sure if it really fixes the problem, since I'm not able to
>> reproduce those errors on my local system (neither local, nor with
>> pbuilder sid/jessie).
>
> Same here, even within sbuil
package: src:samba
version: 2:4.1.13+dfsg-4
severity: serious
Hi,
The latest upload failed to build on the mips buildd:
https://buildd.debian.org/status/package.php?p=samba
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". T
Your message dated Mon, 26 Jan 2015 18:33:26 +
with message-id
and subject line Bug#745835: fixed in lynx-cur 2.8.9dev4-1
has caused the Debian Bug report #745835,
regarding lynx-cur: can connect to site with expired certificate
to be marked as done.
This means that you claim that the problem
Your message dated Mon, 26 Jan 2015 18:33:26 +
with message-id
and subject line Bug#745835: fixed in lynx-cur 2.8.9dev4-1
has caused the Debian Bug report #745835,
regarding lynx-cur: certificate revocation is not checked
to be marked as done.
This means that you claim that the problem has be
Processing control commands:
> tags -1 upstream fixed-upstream
Bug #775882 [src:mariadb-10.0] mariadb-10.0: affected by CVEs of the Oracle
Patch Update for January 2015?
Added tag(s) upstream and fixed-upstream.
> retitle -1 mariadb-10.0: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381
> CVE-2015-0432
Control: tags -1 upstream fixed-upstream
Control: retitle -1 mariadb-10.0: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381
CVE-2015-0432 CVE-2014-6568 CVE-2015-0374
Hi Otto,
On Fri, Jan 23, 2015 at 08:46:46AM +0200, Otto Kekäläinen wrote:
> I started to search information about this 2 days ago, but so
Your message dated Mon, 26 Jan 2015 17:33:22 +
with message-id
and subject line Bug#775644: fixed in check-postgres 2.21.0-3
has caused the Debian Bug report #775644,
regarding check-postgres: FTBFS in jessie: Tests failures
to be marked as done.
This means that you claim that the problem has
On Mon, Jan 26, 2015 at 09:07:19PM +0530, Ritesh Raj Sarraf wrote:
> On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
> > In the past someone from upstream posted the upstream commits to the
> > bug log, maybe you can contact them for more information so that we
> > can merge the isolated fixes in
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
> On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> > On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > > * The potential invalid writes in modules/services_discovery/sap.c and
> > > modules/access/ftp.c wer
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
> On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> > * The potential invalid writes in modules/services_discovery/sap.c and
> > modules/access/ftp.c were not fixed as I did not provide a
> > trigger. Note, that the code looks
Hi,
How about lowering the severity of this bug?
I just received this:
fusionforge 5.3.2+20141104-3 is marked for autoremoval from testing on
2015-03-02
It (build-)depends on packages with these RC bugs:
775588: darcs: Missing copyright information
Cheers!
Sylvain
--
To UNSUBSCRIBE,
Processing control commands:
> severity -1 important
Bug #768897 [partman-lvm] quietly very aggressive WRT existing LVM-typed
partitions
Severity set to 'important' from 'critical'
> clone -1 -2
Bug #768897 [partman-lvm] quietly very aggressive WRT existing LVM-typed
partitions
Bug 768897 cloned
Your message dated Mon, 26 Jan 2015 15:48:28 +
with message-id
and subject line Bug#774918: fixed in cups-pdf 2.6.1-15
has caused the Debian Bug report #774918,
regarding cups-pdf: copyright file missing after upgrade (policy 12.5)
to be marked as done.
This means that you claim that the prob
Control: severity -1 important
Control: clone -1 -2
Control: retitle -2 Installation manual should warn about the use of LVM
partition types
Control: reassign -2 installation-guide
On Sun, Jan 18, 2015 at 04:24:43PM +, Steve McIntyre wrote:
>On Wed, Nov 19, 2014 at 03:36:19PM -0600, Drake Wil
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
> On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
>> In the past someone from upstream posted the upstream commits to the
>> bug log, maybe you can contact them for more information so that we
>> can merge the isolated fixes into the jessie version
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
> In the past someone from upstream posted the upstream commits to the
> bug log, maybe you can contact them for more information so that we
> can merge the isolated fixes into the jessie version? Cheers, Moritz
Moritz,
For unstable, I've pushed
Processing commands for cont...@bugs.debian.org:
> package resolvconf
Limiting to bugs with field 'package' containing at least one of 'resolvconf'
Limit currently set to 'package':'resolvconf'
> tags 775356 pending
Bug #775356 [resolvconf] resolvconf: bashisms in
/etc/dhcp/dhclient-enter-hooks.
Your message dated Mon, 26 Jan 2015 15:22:05 +
with message-id
and subject line Bug#775888: fixed in virtualbox 4.3.18-dfsg-2
has caused the Debian Bug report #775888,
regarding virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595
CVE-2015-0418 CVE-2015-0427
to be marked as don
Package: fglrx-driver
Version: 1:14.12-1
Severity: critical
Justification: breaks the whole system
Dear Fglrx Maintainers,
When this package is installed the system boots to a completely hung state
with a solid cursor in the upper left hand corner. The hang leaves the system
unaccessible
On Mon, 26 Jan 2015 01:01:03 +0100, Axel Beckert wrote:
> > $ dpkg-divert --list "*ack*"
> > local diversion of /usr/bin/ack-grep to /usr/bin/ack
> ^
> ... which backs my assumption that a _local_ diversion (i.e. none made
> by a package) is the cause.
That's my interpretation as well.
>
Package: mpdscribble
Version: 0.22-5
Severity: grave
Justification: renders package unusable
With default configuration the service tries to create its pidfile in
folder '/var/run/mpdscribble', but such a folder is not created by
installation script, nor it persists to system reboot. This cause
* Moritz Mühlenhoff [150126 13:45]:
> On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
> > AFAICT there is no publicly available patch, and upstream is more or
> > less "dead".
> >
> > Redmine's patched redcloth3 looks very different from the current
> > redcloth 4.x source
Hi Moritz,
On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
> > Package: fex
> > Version: 20140917-1
> > Severity: serious
> > Tags: security patch upstream pending confirmed jessie
> >
> >
> > As upstream has re
On Mon, Jan 26, 2015 at 01:41:54PM +0100, Kilian Krause wrote:
> Hi Moritz,
>
> On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote:
> > On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
> > > Package: fex
> > > Version: 20140917-1
> > > Severity: serious
> > > Tags: sec
On Sun, Jan 18, 2015 at 10:24:30AM +, Ben Hutchings wrote:
> Source: oss4
> Version: 4.2-build2006-2
> Severity: critical
> Tags: security
>
> In kernel/drv/oss_usb/oss_usb.c:
OSS maintainers,
did you forward this upstream?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc
Hi Michael,
Control: tags -1 pending
2015-01-19 7:17 GMT+01:00 Michael Gilbert :
> package: libv8-3.14
> version: 3.14.5.8-8
> severity: grave
> tags: security
>
> Hi, the security team has decided that this package will not receive
> security support for jessie. This has already been documented
Your message dated Mon, 26 Jan 2015 12:48:24 +
with message-id
and subject line Bug#776079: fixed in tkrplot 0.0.23-3
has caused the Debian Bug report #776079,
regarding tkrplot: FTBFS in unstable - fatal error: tk.h: No such file or
directory
to be marked as done.
This means that you claim
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> * The potential invalid writes in modules/services_discovery/sap.c and
> modules/access/ftp.c were not fixed as I did not provide a
> trigger. Note, that the code looks very similar to the confirmed bug
> in rtp_packetize_xi
On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
> AFAICT there is no publicly available patch, and upstream is more or
> less "dead".
>
> Redmine's patched redcloth3 looks very different from the current
> redcloth 4.x sources, so I have my doubts if forward porting this
>
On 23 January 2015 at 17:17, James Cowgill wrote:
| Source: tkrplot
| Version: 0.0.23-2
| Severity: serious
| Tags: sid
|
| Hi,
|
| tkrplot seems to FTBFS in unstable (but not in jessie) with the error:
| > gcc -std=gnu99 -I/usr/share/R/include -DNDEBUG -I/usr/include/tcl8.6
-I/usr/include/tcl8
Processing commands for cont...@bugs.debian.org:
> severity 776039 grave
Bug #776039 [grep] grep: CVE-2015-1345: heap buffer overrun
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
776039: http://bugs.debian.org/cgi-bin/bug
Processing commands for cont...@bugs.debian.org:
> found 775871 0.1.7-1~bpo70+1
Bug #775871 [torbrowser-launcher] torbrowser-launcher: TorBrowser Bundle
signing key changed
Marked as found in versions torbrowser-launcher/0.1.7-1~bpo70+1.
>
End of message, stopping processing here.
Please contact
On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
> Package: fex
> Version: 20140917-1
> Severity: serious
> Tags: security patch upstream pending confirmed jessie
>
>
> As upstream has released a new version of the fex package which closes a
> security issue and there is no CVE ass
Your message dated Mon, 26 Jan 2015 10:33:25 +
with message-id
and subject line Bug#774645: fixed in libevent 1.4.13-stable-1+deb6u1
has caused the Debian Bug report #774645,
regarding libevent: CVE-2014-6272: potential heap overflow in
buffer/bufferevent APIs
to be marked as done.
This mean
Source: phabricator
Version: 0~git20141130-1
Severity: serious
Justification: Policy 10.7.3
Dear Maintainer,
phabricator's postinst script uses bin/config to unconditionally set
configuration parameters to the package/debconf defaults. This happens
on both reinstall and upgrade and overwrites a
encrypted usb drive
Reply-To:
X-Operating-System: Linux ks3353085.kimsufi.com 3.8.13--grs-ipv6-64
X-Debian-Version: 7.8
On Wed, 21 Jan 2015 08:48:53 + Martin Zobel-Helas
wrote:
> Hi,
>
> could this be related to #773250?
>
> Try adding xhci-pc to your initrd.
>
> Cheers,
> Martin
He
Processing commands for cont...@bugs.debian.org:
> severity 776246 important
Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242)
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
776246: http://bugs.debian.
Hi,
> See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
> as part of syncing; given the low strength and size of MD4, and the
> relative ease of computing collisions/preimages, that makes librsync
> unsafe to use on untrusted data, such as when running a duplicity
> backup.
>
54 matches
Mail list logo
