Bug#780772: [drupal7] Security update for drupla7 & drupal6

Package: drupal7 Version: 7.32-1+deb8u1 Severity: serious Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org --- Please enter the report below this line. --- Hi! https://www.drupal.org/drupal-7.35 says: >Drupal 7.35 and Drupal 6.35, maintenance releases which contain fixes

Processed: tagging 779048, notfound 779048 in libjpeg-turbo/1:1.3.1-11 ..., closing 779048

Processing commands for cont...@bugs.debian.org: > # Decided to revert and document it in the Release-notes > tags 779048 - jessie Bug #779048 {Done: Ondřej Surý } [src:libjpeg-turbo] libjpeg-turbo: Migration of jpeg-progs from Wheezy to Jessie Removed tag(s) jessie. > notfound 779048 libjpeg-tur

Processed: tagging 780675

Processing commands for cont...@bugs.debian.org: > tags 780675 + patch fixed-upstream Bug #780675 [systemd] systemd: segfault in systemd when running systemctl daemon-reload Added tag(s) fixed-upstream and patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 78

Bug#780675: systemd: segfault in systemd when running systemctl daemon-reload

Am 18.03.2015 um 19:01 schrieb Michael Biebl: > Control: fixed -1 219-4 > > Am 18.03.2015 um 18:00 schrieb Michael Biebl: >> Thanks for sharing the contents of the file. I can confirm the crash and >> we have enough information now to debug this issue properly. >> Marking the bug accordingly. > >

Bug#779420: marked as done (debconf-{i18n,utils}: dependency on debconf too weak)

Your message dated Thu, 19 Mar 2015 01:18:52 + with message-id and subject line Bug#779420: fixed in debconf 1.5.56 has caused the Debian Bug report #779420, regarding debconf-{i18n,utils}: dependency on debconf too weak to be marked as done. This means that you claim that the problem has bee

Bug#761815: fixed in partman-target 94

Hi, Christian Perrier (2015-01-26): > partman-target (94) unstable; urgency=medium > . >[ Steve McIntyre ] >* Don't add entries for random USB media to /etc/fstab, they're not > useful. Closes: #761815 I'd like to know how that was tested. Using libvirt, importing mini.iso as a US

Bug#773136: marked as done (debsums: modified files of arch-qualified (multiarch) packages are not being reported)

Your message dated Wed, 18 Mar 2015 21:34:28 + with message-id and subject line Bug#773136: fixed in debsums 2.0.53 has caused the Debian Bug report #773136, regarding debsums: modified files of arch-qualified (multiarch) packages are not being reported to be marked as done. This means that

Processed: severity of 780102 is important

Processing commands for cont...@bugs.debian.org: > severity 780102 important Bug #780102 [libjbcrypt-java] libjbcrypt-java: CVE-2015-0886 Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 780102: http://bugs.debian.org/cgi-bi

Bug#780102: libjbcrypt-java: CVE-2015-0886

On Mon, Mar 09, 2015 at 03:00:27PM +0100, Emmanuel Bourg wrote: > Thank you for the report Moritz. > > According to the Bugzilla report the issue happens when BCrypt.gensalt() > is called with the value 31. jenkins is the only package using this > library and it calls this method with no parameter

Processed: fixed 762852 in 2:3.3.9-8

Processing commands for cont...@bugs.debian.org: > fixed 762852 2:3.3.9-8 Bug #762852 [src:procps] libprocps4-dev: broken symlink /usr/lib/i386-linux-gnu/libprocps.so Marked as fixed in versions procps/2:3.3.9-8. > thanks Stopping processing here. Please contact me if you need assistance. -- 76

Bug#780680: libpam-modules: pam_userdb.so depends on a library in /usr

severity 780680 normal thanks Hi, Adam Heath writes: > A library in /lib shouldn't depend on a library in /usr/lib. However, > pam_userdb.so has such an issue. Arguably pam_userdb.so is not a library, but a plugin. So I don't think this is a release critical bug or even a real bug at all, but I

Processed: Re: Bug#780680: libpam-modules: pam_userdb.so depends on a library in /usr

Processing commands for cont...@bugs.debian.org: > severity 780680 normal Bug #780680 [libpam-modules] libpam-modules: pam_userdb.so depends on a library in /usr Severity set to 'normal' from 'serious' > thanks Stopping processing here. Please contact me if you need assistance. -- 780680: http:

Processed: found 780756 in 0.10.1-1

Processing commands for cont...@bugs.debian.org: > found 780756 0.10.1-1 Bug #780756 [src:libzip] libzip: CVE-2015-2331: ZIP integer overflow Marked as found in versions libzip/0.10.1-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 780756: http://bugs.debian.or

Bug#780756: libzip: CVE-2015-2331: ZIP integer overflow

Source: libzip Version: 0.11.2-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for libzip. CVE-2015-2331[0]: ZIP Integer Overflow The issue was originally reported to php5 for the embedded (modified) copy of libzip there,

Bug#780751: mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320

Source: mono Version: 3.2.8+dfsg-9 Severity: grave Tags: security upstream fixed-upstream the following vulnerabilities were published for mono. CVE-2015-2318[0]: SKIP-TLS issue CVE-2015-2319[1]: FREAK issue CVE-2015-2320[2]: Remove the client-side SSLv2 fallback If you fix the vulnerabilities

Bug#771485: Processed: jessie

Hi, On Montag, 9. März 2015, Cyril Brulebois wrote: > Well, what happened in #757413 doesn't fill me with joy indeed. And > now the same happens with these bug reports a few hours after that… about #771617: I often setup LVM inside encrypted partitions on wheezy, so I was fairly sure this bug do

Bug#765379: gcc-4.7 should not ship with jessie

Hi, this was a bad one; gcc-4.9-base from jessie breaks gcc-4.7-base from wheezy, so you had to update gcc-4.7-base to jessie/unstable for a stable/testing mix as soon as some package required gcc-4.9-base from testing. For now using gcc-4.7-base from unstable seems to work; wheezy/jessie mix is

Bug#765577: netboot install writes duplicates to 70-persistent-net.rules

Am 18.03.2015 um 18:52 schrieb Michael Biebl: > Am 18.03.2015 um 18:15 schrieb Faidon Liambotis: >> Another less arbitrary/racy workaround I suggesed was a grep near the >> top of write_net_rules' write_rule() function. Since write_rule() >> operates under a lock, this would completely eliminate a

Bug#765577: (no subject)

On Wed, Mar 18, 2015 at 06:52:14PM +0100, Michael Biebl wrote: > I'm with Marco here. Before adding any workarounds, we need to > understand what the underlying problem is. Otherwise we are adding cruft > which nobody understands anymore a few years from now. > > Since I can't reproduce the issue

Bug#780675: systemd: segfault in systemd when running systemctl daemon-reload

Am 18.03.2015 um 16:29 schrieb Robert Pumphrey: > #!/bin/bash > ### BEGIN INIT INFO > # Provides: iptables > # Required-Start:$network $remote_fs $syslog > # Required-Stop: $network $remote_fs $syslog > # Should-Start: iptables > # Default-Start: 2 3 4 5 > # Default-Stop:

Bug#780675: systemd: segfault in systemd when running systemctl daemon-reload

Control: fixed -1 219-4 Am 18.03.2015 um 18:00 schrieb Michael Biebl: > Thanks for sharing the contents of the file. I can confirm the crash and > we have enough information now to debug this issue properly. > Marking the bug accordingly. Can't reproduce the issue with the version from experiment

Processed: Re: Bug#780675: systemd: segfault in systemd when running systemctl daemon-reload

Processing control commands: > fixed -1 219-4 Bug #780675 [systemd] systemd: segfault in systemd when running systemctl daemon-reload Marked as fixed in versions systemd/219-4. -- 780675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780675 Debian Bug Tracking System Contact ow...@bugs.debia

Bug#765577: (no subject)

Am 18.03.2015 um 18:15 schrieb Faidon Liambotis: > Another less arbitrary/racy workaround I suggesed was a grep near the > top of write_net_rules' write_rule() function. Since write_rule() > operates under a lock, this would completely eliminate any kind of race > here. I pitched this to Marco but

Processed: Re: Bug#765577: (no subject)

Processing commands for cont...@bugs.debian.org: > severity 765577 serious Bug #765577 [udev-udeb] netboot install writes duplicates to 70-persistent-net.rules Bug #777126 [udev-udeb] udev: duplicate eth? entries Severity set to 'serious' from 'important' Severity set to 'serious' from 'important

Processed: Re: Bug#780675: systemd: segfault in systemd when running systemctl daemon-reload

Processing control commands: > tags -1 = confirmed Bug #780675 [systemd] systemd: segfault in systemd when running systemctl daemon-reload Added tag(s) confirmed; removed tag(s) unreproducible and moreinfo. > severity -1 serious Bug #780675 [systemd] systemd: segfault in systemd when running syst

Processed: found 780249 in 1.2.6-1, fixed 780249 in 1.2.6-1+deb6u1

Processing commands for cont...@bugs.debian.org: > found 780249 1.2.6-1 Bug #780249 {Done: Salvatore Bonaccorso } [src:libssh2] libssh2: CVE-2015-1782: Using SSH_MSG_KEXINIT data unbounded Marked as found in versions libssh2/1.2.6-1. > fixed 780249 1.2.6-1+deb6u1 Bug #780249 {Done: Salvatore Bona

Processed: found 780713 in 5.4.38-0+deb7u1

Processing commands for cont...@bugs.debian.org: > found 780713 5.4.38-0+deb7u1 Bug #780713 [src:php5] php5: CVE-2015-2331 Marked as found in versions php5/5.4.38-0+deb7u1. > thanks Stopping processing here. Please contact me if you need assistance. -- 780713: http://bugs.debian.org/cgi-bin/bugr

Processed: found 780713 in 5.4.4-1

Processing commands for cont...@bugs.debian.org: > found 780713 5.4.4-1 Bug #780713 [src:php5] php5: CVE-2015-2331 Marked as found in versions php5/5.4.4-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 780713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=78

Processed: retitle 780713 to php5: CVE-2015-2331

Processing commands for cont...@bugs.debian.org: > retitle 780713 php5: CVE-2015-2331 Bug #780713 [src:php5] CVE-2015-2331 Changed Bug title to 'php5: CVE-2015-2331' from 'CVE-2015-2331' > thanks Stopping processing here. Please contact me if you need assistance. -- 780713: http://bugs.debian.or

Bug#780735: icedove: Segfault at startup, even in safe mode

Package: icedove Version: 36.0~b1-1 Severity: serious Justification: Segfault at startup After installing the last experimental version (36.0~b1-1), icedove segfault at startup, even in safe mode. Previous installed version (34.0~b1-2) worked correctly. Here is bellow a gdb backtrace of ice

Processed: Re: Processed (with 5 errors): Re: Bug#780725: PATH used for building is not specified

Processing commands for cont...@bugs.debian.org: > retitle 780729 pbuilder must define PATH as in debian-policy (and as used on > buildds) Bug #780729 [pbuilder] pbuilder must defines PATH as in debian-policy (and as on buildds) Changed Bug title to 'pbuilder must define PATH as in debian-policy

Processed (with 5 errors): Re: Bug#780725: PATH used for building is not specified

Processing commands for cont...@bugs.debian.org: > clone 780724 -1 Bug #780724 [simutrans-pak128.britain] simutrans-pak128.britain ftbfs if PATH does not contain /usr/games Bug 780724 cloned as bug 780729 > reassign -1 pbuilder Bug #780729 [simutrans-pak128.britain] simutrans-pak128.britain ftbfs

Bug#769145: atheme-services: fails to upgrade from 'sid' - trying to overwrite /usr/sbin/dbverify

It looks to me like the problem here is simply that "dbverify" is a very generic name being used for a very specific utility. As far as I can tell, the 'dbverify' utility in Atheme is completely unrelated to that in 389-ds. Neither works as a replacement for the other. It is just a namespace c

Bug#780703: closed by Markus Koschany (eclipse-pydev fails to build from source)

Control: tags -1 unreproducible On 18.03.2015 11:32, Matthias Klose wrote: > reopen -1 > thanks > > On 03/18/2015 09:33 AM, Debian Bug Tracking System wrote: >> This is an automatic notification regarding your Bug report which was filed >> against the src:eclipse-pydev package: >> >> #780703: ecl

Processed: Re: Bug#780703: closed by Markus Koschany (eclipse-pydev fails to build from source)

Processing control commands: > tags -1 unreproducible Bug #780703 [src:eclipse-pydev] eclipse-pydev fails to build from source Added tag(s) unreproducible. -- 780703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780703 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Processed: Re: Processed: your mail

Processing control commands: > severity -1 normal Bug #542899 [os-prober] os-prober: please add a man page Severity set to 'normal' from 'serious' -- 542899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542899 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNS

Bug#542899: Processed: your mail

Control: severity -1 normal Debian Bug Tracking System (2015-03-18): > Processing commands for cont...@bugs.debian.org: > > > severity 542899 serious > Bug #542899 [os-prober] os-prober: please add a man page > Severity set to 'serious' from 'normal' Pretty sure that's in no way a serious bug.

Bug#780713: [php-maint] Bug#780713: CVE-2015-2331

There are couple more heading our way: https://bugs.php.net/bug.php?id=68976 Sec Bug #68976 Use After Free Vulnerability in unserialize() and https://bugs.php.net/bug.php?id=69133 Sec Bug #69133 Use after free vulnerability in unserialize() with DateInterval also https://bugs.php.net/bug.ph

Bug#780716: marked as done (flightgear-data: nasal scripts can ready any file)

Your message dated Wed, 18 Mar 2015 11:14:10 + with message-id and subject line Bug#780716: fixed in flightgear-data 3.0.0-3 has caused the Debian Bug report #780716, regarding flightgear-data: nasal scripts can ready any file to be marked as done. This means that you claim that the problem h

Bug#780712: marked as done (flightgear: permissive file access allowed from nasal)

Your message dated Wed, 18 Mar 2015 10:48:52 + with message-id and subject line Bug#780712: fixed in flightgear 3.0.0-5 has caused the Debian Bug report #780712, regarding flightgear: permissive file access allowed from nasal to be marked as done. This means that you claim that the problem ha

Processed: reopen, still fails in the build-indep parts

Processing commands for cont...@bugs.debian.org: > reopen 780703 Bug #780703 {Done: Markus Koschany } [src:eclipse-pydev] eclipse-pydev fails to build from source Bug reopened Ignoring request to alter fixed versions of bug #780703 to the same values previously set > thanks Stopping processing h

Bug#780703: closed by Markus Koschany (eclipse-pydev fails to build from source)

reopen -1 thanks On 03/18/2015 09:33 AM, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report which was filed > against the src:eclipse-pydev package: > > #780703: eclipse-pydev fails to build from source > > It has been closed by Markus Koschany . thi

Processed: your mail

Processing commands for cont...@bugs.debian.org: > severity 542899 serious Bug #542899 [os-prober] os-prober: please add a man page Severity set to 'serious' from 'normal' > End of message, stopping processing here. Please contact me if you need assistance. -- 542899: http://bugs.debian.org/cgi-

Processed: forwarded, rejected upstream.

Processing commands for cont...@bugs.debian.org: > forwarded 780650 > http://lists.freedesktop.org/archives/systemd-devel/2015-March/029565.html Bug #780650 [systemd] systemd: Sources not shipped for hwdb files Set Bug forwarded-to-address to 'http://lists.freedesktop.org/archives/systemd-devel/

Bug#780716: flightgear-data: nasal scripts can ready any file

Package: flightgear-data Version: 3.0.0-1 Severity: grave Tags: security Upstream has reported two related security issues in how FlightGear restricts what files Nasal (its built-in scripting language for aircraft) can access. This bug is tracking the portion related to the flightgear-data packag

Bug#780712: flightgear: permissive file access allowed from nasal

Package: flightgear Version: 3.0.0-1 Severity: grave Tags: security Upstream has reported two related security issues in how FlightGear restricts what files Nasal (its built-in scripting language for aircraft) can access. This bug is tracking the portion related to the flightgear source package:

Bug#780713: CVE-2015-2331

Source: php5 Severity: grave Tags: security This has been assigned CVE-2015-2331: https://bugs.php.net/bug.php?id=69253 https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org wit

Processed (with 2 errors): eclipse-pydev bug triaging

Processing commands for cont...@bugs.debian.org: > unarchive 480693 Bug #480693 {Done: Debian FTP Masters } [eclipse-pydev] eclipse-pydev: FTBFS: tries to write in $HOME Unarchived Bug 480693 > fixed 480693 3.9.2-2 Bug #480693 {Done: Debian FTP Masters } [eclipse-pydev] eclipse-pydev: FTBFS: tri

Bug#780703: marked as done (eclipse-pydev fails to build from source)

Your message dated Wed, 18 Mar 2015 09:30:11 +0100 with message-id <55093793.9010...@gambaru.de> and subject line eclipse-pydev fails to build from source has caused the Debian Bug report #780703, regarding eclipse-pydev fails to build from source to be marked as done. This means that you claim th