Processed: tagging 780565, tagging 780566, tagging 780567, tagging 780568

Processing commands for cont...@bugs.debian.org: > tags 780565 + security Bug #780565 [capnproto] Integer overflow in pointer validation Added tag(s) security. > tags 780566 + security Bug #780566 [capnproto] Integer underflow in pointer validation Added tag(s) security. > tags 780567 + security B

Bug#780568: CPU usage amplification attack #2

Package: capnproto Version: 0.4.1-2 Severity: critical Upstream has reported a number of security issues in capnproto 0.4.1. Creating bugs to track these issues while I work on getting them fixed. This bug is tracking the second "CPU usage amplification attack" bug reported on 2015-03-05. Full d

Bug#780567: CPU usage amplification attack

Package: capnproto Version: 0.4.1-2 Severity: critical Upstream has reported a number of security issues in capnproto 0.4.1. Creating bugs to track these issues while I work on getting them fixed. This bug is tracking the "CPU usage amplification attack" bug reported on 2015-03-02. Full details

Bug#780566: Integer underflow in pointer validation

Package: capnproto Version: 0.4.1-2 Severity: critical Upstream has reported a number of security issues in capnproto 0.4.1. Creating bugs to track these issues while I work on getting them fixed. This bug is tracking the "Integer underflow in pointer validation" bug reported on 2015-03-02. Full

Bug#780565: Integer overflow in pointer validation

Package: capnproto Version: 0.4.1-2 Severity: critical Upstream has reported a number of security issues in capnproto 0.4.1. Creating bugs to track these issues while I work on getting them fixed. This bug is tracking the "Integer overflow in pointer validation" bug reported on 2015-03-02. Full

Processed: your mail

Processing commands for cont...@bugs.debian.org: > tag 780506 + pending Bug #780506 [src:requests] requests: CVE-2015-2296: session fixation and cookie stealing issue Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 780506: http://bugs.debian

Bug#773823: marked as done ([src:libpng1.6] Heap overflow)

Your message dated Mon, 16 Mar 2015 00:48:42 + with message-id and subject line Bug#773823: fixed in libpng1.6 1.6.16-1 has caused the Debian Bug report #773823, regarding [src:libpng1.6] Heap overflow to be marked as done. This means that you claim that the problem has been dealt with. If th

Bug#775583: New initramfs-tools boot script needed to activate VG needed only for /usr

On Sun, 15 Mar 2015 11:23:34 +0100 Benoit GUERIN wrote: > >> For the benefit of others affected, the /usr entry in fstab *must* begin > >> with /dev/mapper/. My fstab had the /dev/$VG/$LV style and the script > >> does not know what to do with that. > > > Right, that the lvm2 initramfs code has

Bug#780162: default read error timeouts: drives dropped regularly + data loss on array re-build

Control: Severity 780207 important Control: Severity 780162 wishlist Hi Chris, can you please let us know the link to the upstream discussion? From your description, I don't see a imminent risk of data loss which warrants a RC bug level. Therefore downgrading to important. (CC'ing also the sma

Processed: Re: default read error timeouts: drives dropped regularly + data loss on array re-build

Processing control commands: > Severity 780207 important Bug #780207 [mdadm] default read error timeouts: drives dropped regularly + data loss on array re-build Severity set to 'important' from 'serious' > Severity 780162 wishlist Bug #780162 [smartmontools] default timeouts causing data loss Sev

Bug#780400: libkio5: cut and paste files on sftp can cause data loss

Control: severity -1 important Hi Salvo, thanks for the report. I'm currently doing some bug triaging and saw your report. Please note that the effect you described is unfortunate but it is not "serious data" loss by defintion -- "serious" is here to be read as massive data loss, like wiping hal

Processed: Re: libkio5: cut and paste files on sftp can cause data loss

Processing control commands: > severity -1 important Bug #780400 [libkio5] libkio5: cut and paste files on sftp can cause data loss Severity set to 'important' from 'critical' -- 780400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780400 Debian Bug Tracking System Contact ow...@bugs.debian.

Processed: your mail

Processing commands for cont...@bugs.debian.org: > found 780519 7.0.28-4+deb7u1 Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests Marked as found in versions tomcat7/7.0.28-4+deb7u1. > thanks Stopping processing here. Please contact me if you need assistance. -- 780519: http://bugs.d

Bug#780452: libwebkitgtk-3.0-0: Segfault in `VectorBufferBase` at `../Source/WTF/wtf/Vector.h:330`

Control: Severity -1 normal -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: libwebkitgtk-3.0-0: Segfault in `VectorBufferBase` at `../Source/WTF/wtf/Vector.h:330`

Processing control commands: > Severity -1 normal Bug #780452 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: Segfault in `VectorBufferBase` at `../Source/WTF/wtf/Vector.h:330` Severity set to 'normal' from 'grave' -- 780452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780452 Debian Bug Tracking

Processed: Re: libwebkitgtk-3.0-0: Crash with SIGBUS in `WebCore::WidthIterator::advanceInternal`

Processing control commands: > severity -1 normal Bug #776686 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: Crash with SIGBUS in `WebCore::WidthIterator::advanceInternal` Severity set to 'normal' from 'critical' -- 776686: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776686 Debian Bug Tracking S

Bug#776686: libwebkitgtk-3.0-0: Crash with SIGBUS in `WebCore::WidthIterator::advanceInternal`

Control: severity -1 normal Hi Paul, all good things are three ;-) Same as on the first one, please tell how often sometimes it. This is for sure not critical. Your described scenario is not _serious_ data loss. *Serious* would be if it wipes half of your filesystem, for example, but not a sing

Bug#780447: marked as done (tomcat-native: SSLv23_* calls shouldn't be disabled)

Your message dated Sun, 15 Mar 2015 21:25:57 + with message-id and subject line Bug#780447: fixed in tomcat-native 1.1.32~repack-2 has caused the Debian Bug report #780447, regarding tomcat-native: SSLv23_* calls shouldn't be disabled to be marked as done. This means that you claim that the p

Bug#780444: libwebkitgtk-3.0-0: use after free: GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure->ref_count > 0' failed

Control: severity -1 normal Hi Paul, I have the feeling this is not grave. Please see https://www.debian.org/Bugs/Developer#severities for the defintions. Or do if I miss something, then please clarify. Thanks! -- tobi On Fri, 13 Mar 2015 23:54:09 +0100 Paul Menzel wrote: > Package: libweb

Processed: Re: libwebkitgtk-3.0-0: use after free: GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure->ref_count > 0' failed

Processing control commands: > severity -1 normal Bug #780444 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: use after free: GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure->ref_count > 0' failed Severity set to 'normal' from 'grave' -- 780444: http://bugs.debian.org/cgi-bin/bugreport.

Bug#780452: libwebkitgtk-3.0-0: Segfault in `VectorBufferBase` at `../Source/WTF/wtf/Vector.h:330`

Hi Paul, On Sat, 14 Mar 2015 10:00:01 +0100 Paul Menzel wrote: (...) > > Evolution sometimes crashes due to a segmentation fault in > libwebkitgtk-3.0.so.0.22.14. > > evolution[2714]: segfault at bfd27b2c ip b5708819 sp bfd25a20 error 6 > in libwebkitgtk-3.0.so.0.22.14[b54b7000+1c5c00

Bug#780519: tomcat7: FTBFS due to failing tests

found 780519 7.0.28-4+deb7u1 thanks I also found I can't rebuild tomcat7 in stable due to failing unit tests. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche sign

Processed: severity of 779547 is grave

Processing commands for cont...@bugs.debian.org: > severity 779547 grave Bug #779547 [src:dokuwiki] dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API Severity set to 'grave' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 779547:

Bug#778646: Multiple issues

On Tue, Feb 17, 2015 at 10:02:37PM +0100, Moritz Muehlenhoff wrote: > Package: potrace > Version: 1.11-2 > Severity: grave > Tags: security > > Hi, > please see https://bugzilla.redhat.com/show_bug.cgi?id=955808 > Could you report this upstream? > > A CVE ID has been requested, but not yet assign

Bug#773626: marked as done (libav: multiple security issues)

Your message dated Sun, 15 Mar 2015 21:12:34 +0100 with message-id <20150315201234.gc14...@ramacher.at> and subject line Re: Bug#773626: libav: multiple security issues has caused the Debian Bug report #773626, regarding libav: multiple security issues to be marked as done. This means that you cla

Bug#779550: qt4-x11: CVE-2015-0295

On Mon, Mar 02, 2015 at 03:37:03PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > On Monday 02 March 2015 18:20:22 Moritz Muehlenhoff wrote: > > On Mon, Mar 02, 2015 at 07:32:11PM +0300, Dmitry Shachnev wrote: > > > clone -1 -2 > > > reassign -2 libqt5gui5 5.3.2+dfsg-4 > > > thanks > > > > >

Bug#775235: gnome-shell not starting with gdm3/mesa/llvm-3.4 but does start from startx & lightdm regardless

Bernhard Übelacker writes: > Hello Philip, > probably your case is more an example for the problem described in bugs > #770130 and #776911. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770130 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776911 > > When you rebuilt your mesa

Processed: tagging 780444

Processing commands for cont...@bugs.debian.org: > tags 780444 + pending Bug #780444 [libwebkitgtk-3.0-0] libwebkitgtk-3.0-0: use after free: GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure->ref_count > 0' failed Added tag(s) pending. > thanks Stopping processing here. Please cont

Bug#780519: tomcat7: FTBFS due to failing tests

On 15.03.2015 17:52, Miguel Landaeta wrote: > tags 780519 + jessie > thanks > > It is also failing in jessie. Confirmed. I also see messages like SEVERE: Unable to join multicast group, make sure your system has multicasting enabled. Caused by: java.net.SocketException: No such device Markus

Bug#775235: gnome-shell not starting with gdm3/mesa/llvm-3.4 but does start from startx & lightdm regardless

Hello Philip, probably your case is more an example for the problem described in bugs #770130 and #776911. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770130 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776911 When you rebuilt your mesa packages did you apply the patch mentioned

Processed: Re: Bug#776911: gnome-session: session fails to start with "something went wrong" message

Processing control commands: > reassign 770130 xserver-xorg-video-intel Bug #770130 [gnome-shell] gnome-shell: crashes with "Failed to create texture 2d" after "[drm:i8xx_irq_handler] *ERROR* pipe A underrun" Bug #776911 [gnome-shell] gnome-shell: crashes with "Failed to create texture 2d" after

Bug#776911: gnome-session: session fails to start with "something went wrong" message

Control: reassign 770130 xserver-xorg-video-intel On 15/03/15 13:59, Rafał Pietrak wrote: > W dniu 13.03.2015 20:56, Simon McVittie pisze: >> On Fri, 06 Feb 2015 at 18:20:35 +, Simon McVittie wrote: >>> This sounds a lot like another instance of >>> and >>>

Bug#780429: snmp-mibs-downloader: postinst uses /usr/share/doc content (Policy 12.3): /usr/share/doc/mibrfcs/*

Hi, > a test with piuparts revealed that your package uses files from > /usr/share/doc in its maintainer scripts which is a violation of > Policy 12.3: "Packages must not require the existence of any files in > /usr/share/doc/ in order to function." > cp: cannot stat '/usr/share/doc/mibrfcs/*':

Processed: Re: tomcat7: FTBFS due to failing tests

Processing commands for cont...@bugs.debian.org: > tags 780519 + jessie Bug #780519 [src:tomcat7] tomcat7: FTBFS due to failing tests Added tag(s) jessie. > thanks Stopping processing here. Please contact me if you need assistance. -- 780519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7805

Bug#780519: tomcat7: FTBFS due to failing tests

tags 780519 + jessie thanks It is also failing in jessie. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche signature.asc Description: Digital signature

Processed: reassign 762950 to libsolid4

Processing commands for cont...@bugs.debian.org: > reassign 762950 libsolid4 Bug #762950 [digikam] digikam: Removes all images from database when unaccessible mount is found Bug reassigned from package 'digikam' to 'libsolid4'. No longer marked as found in versions digikam/4:4.1.0-1 and digikam/4

Bug#762950: Bug most likely in solid

I've poked around in core/libs/database/collectionmanager.cpp and it appears that the digikam code tries to do the right thing and the most likely issue is something about how solid handles these cases, so reassigning. signature.asc Description: This is a digitally signed message part.

Bug#780139: marked as done (CVE-2015-0885)

Your message dated Sun, 15 Mar 2015 16:33:29 + with message-id and subject line Bug#780139: fixed in checkpw 1.02-1.1 has caused the Debian Bug report #780139, regarding CVE-2015-0885 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case

Bug#746885: [patch] nget: build with GCC-4.9

Hi! Since I got no feedback, I'm guessing that my mail could have been rejected or marked as spam because of the attachment. Here is my patch that gets nget-0.27.1 built with gcc 4.9.x: https://github.com/alllexx88/optware/blob/master/sources/nget/nget-0.27.1-gcc49.patch 2015-03-09 19:35 GMT+02:00

Bug#776911: gnome-session: session fails to start with "something went wrong" message

W dniu 13.03.2015 20:56, Simon McVittie pisze: On Fri, 06 Feb 2015 at 18:20:35 +, Simon McVittie wrote: This sounds a lot like another instance of and on which some debugging has already been done. I am able to reproduce a si

Bug#780519: tomcat7: FTBFS due to failing tests

Package: src:tomcat7 Version: 7.0.56-1 Severity: serious Tags: sid Justification: fails to build from source (but built successfully in the past) I tried to rebuild tomcat7 this morning in sid and I found its build is broke. Relevant messages, (the complete build log is attached): [junit] I

Bug#775689: mkusb-nox

Den 2015-03-13 10:34, Nio Wiklund skrev: ... > I would suggest wrapping safety around dd with the shell-script 'mkusb'. > > Extra safety can be very important because dd is nick-named 'disk > destroyer' for a reason: It does what you *tell* it to do without > questions, even if it is not what you

Bug#772076: marked as done (confirm certificate exception dialog keeps re-appearing)

Your message dated Sun, 15 Mar 2015 14:07:31 +0100 with message-id <20150315130731.ga1...@jessie.cruise.homelinux.net> and subject line Re: Bug#772076: confirm certificate exception dialog keeps re-appearing has caused the Debian Bug report #772076, regarding confirm certificate exception dialog k

Bug#779621: marked as done (jakarta-taglibs-standard: CVE-2015-0254)

Your message dated Sun, 15 Mar 2015 12:34:03 + with message-id and subject line Bug#779621: fixed in jakarta-taglibs-standard 1.1.2-3 has caused the Debian Bug report #779621, regarding jakarta-taglibs-standard: CVE-2015-0254 to be marked as done. This means that you claim that the problem ha

Bug#780506: requests: CVE-2015-2296: session fixation and cookie stealing issue

Hello Salvatore, Salvatore Bonaccorso wrote: > Hi, > > the following vulnerability was published for requests. > > CVE-2015-2296[0]: > session fixation and cookie stealing Thanks for notifing, I was alredy update by upstream. I'im going to work on this today. Kind regards, -- Daniele Trico

Processed: tagging 780473, tagging 780473

Processing commands for cont...@bugs.debian.org: > # kissplice is not in Wheezy, hence this tag doesn't make any sense for this > package > tags 780473 - wheezy Bug #780473 {Done: Andreas Tille } [src:kissplice] Architecture attribute must be a single line, not multiple lines Removed tag(s) whee

Processed: #777164 is fixed in systemd-219

Processing commands for cont...@bugs.debian.org: > fixed 777164 219-1 Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from machine.slice after systemctl daemon-reload Marked as fixed in versions systemd/219-1. > thanks Stopping processing here. Please contact me if you need ass

Processed: Re: systemd: libvirt cgroups start to disappear from machine.slice after systemctl daemon-reload

Processing control commands: > severity -1 serious Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from machine.slice after systemctl daemon-reload Severity set to 'serious' from 'important' > tags -1 + patch Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from

Bug#725301: marked as done (suricata: init script looking for unexisting /proc/net/netfilter/nf_queue)

Your message dated Sun, 15 Mar 2015 10:34:41 + with message-id and subject line Bug#725301: fixed in suricata 2.0.7-2 has caused the Debian Bug report #725301, regarding suricata: init script looking for unexisting /proc/net/netfilter/nf_queue to be marked as done. This means that you claim

Bug#775583: New initramfs-tools boot script needed to activate VG needed only for /usr

>> For the benefit of others affected, the /usr entry in fstab *must* begin >> with /dev/mapper/. My fstab had the /dev/$VG/$LV style and the script >> does not know what to do with that. > Right, that the lvm2 initramfs code has never supported that naming > scheme for root, and now we have the s

Bug#779797: marked as done (gdisk: Returns exit code 1 after successful operations)

Your message dated Sun, 15 Mar 2015 09:49:18 + with message-id and subject line Bug#779797: fixed in gdisk 0.8.10-2 has caused the Debian Bug report #779797, regarding gdisk: Returns exit code 1 after successful operations to be marked as done. This means that you claim that the problem has b

Bug#775235: gnome-shell not starting with gdm3/mesa/llvm-3.4 but does start from startx & lightdm regardless

Package: libgl1-mesa-dri Version: 10.3.2-1~hands.1 Followup-For: Bug #775235 Just installed jessie on a Dell Latitude D505 and got the symptoms described here (getting the "Oops" screen from attempting to log in via gdm3, and seeing the underrun errors in the logs) Tried rebuilding mesa with llvm