close 858410 8.13.11+dfsg-7
thanks
Processing commands for cont...@bugs.debian.org:
> close 858410 8.13.11+dfsg-7
Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue
and Merge Request Trackers
Ignoring request to alter fixed versions of bug #858410 to the same values
previously set
Bug #858410 [src:git
Source: gitlab
Version: 8.13.11+dfsg-2
Severity: grave
Tags: patch upstream security fixed-upstream
Control: fixed -1 8.13.11+dfsg-7
Hi,
the following vulnerability was published for gitlab.
CVE-2017-0882[0]:
Information Disclosure in Issue and Merge Request Trackers
If you fix the vulnerabilit
Processing control commands:
> fixed -1 8.13.11+dfsg-7
Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue
and Merge Request Trackers
Marked as fixed in versions gitlab/8.13.11+dfsg-7.
--
858410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858410
Debian Bug Trac
Hi Nis,
Others may have some additional comments but a couple of thoughts from an
observer (I'm not the maintainer).
C.UTF-8 is provided within glibc (it's in the libc-bin package so it is always
available). Is it worth setting that as the locale for all communication with
subprocesses? It str
Your message dated Wed, 22 Mar 2017 00:18:56 +
with message-id
and subject line Bug#801564: fixed in squid3 3.5.23-2
has caused the Debian Bug report #801564,
regarding squid: prompting due to modified conffiles which were not modified by
the user: /etc/squid/squid.conf
to be marked as done.
Package: docker.io
Version: 1.11.2~ds1-6
Severity: grave
I tried to install docker.io in Debian stretch (I know, it's banned,
but I figured I'd try my luck) and it completely hangs apt-get
install:
$ LANG=C sudo dpkg --configure -a
Setting up docker.io (1.11.2~ds1-6) ...
addgroup: The group `dock
Source: odin
Version: 2.0.3-0.1
Severity: serious
https://buildd.debian.org/status/package.php?p=odin&suite=sid
...
/usr/bin/make check-TESTS
make[4]: Entering directory '/«PKGBUILDDIR»'
make[5]: Entering directory '/«PKGBUILDDIR»'
./test-driver: line 107: 3180 Aborted "$@" > $l
Thank you for your report, and for the nice recipe to reproduce the bug.
Can you try the attached patch?
>From f42c5879b91b11a986e93f7f92244cf938dae0fb Mon Sep 17 00:00:00 2001
From: Nis Martensen
Date: Tue, 21 Mar 2017 22:23:49 +0100
Subject: [PATCH] Stop using subprocess.getoutput()
To avoid cr
Hi Paul,
Have you tested your workaround with libjs-jquery-migrate-1 recently?
The jQuery package in Debian got upgraded to 3.1.1 last October and I
read on the page you link above:
Hrm, I hadn't noticed this. Thanks for the heads up.
which leaves me to wonder if your package is now broken
Your message dated Tue, 21 Mar 2017 22:14:05 +0100
with message-id
and subject line Not free
has caused the Debian Bug report #787338,
regarding ftp.debian.org: incorrect lintian error leads to auto-rejection
to be marked as done.
This means that you claim that the problem has been dealt with.
I
Hi Raoul,
On 20-03-17 21:32, Raoul Snyman wrote:
>> If that is all, that would be a great solution to the problem at hand
>> indeed. Does it require other adaptations? I guess one would need to
>> guarantee that the migrate calls are actually included. How did you do
>> that? I guess every package
Processing commands for cont...@bugs.debian.org:
> user pkg-openssl-de...@lists.alioth.debian.org
Setting user to pkg-openssl-de...@lists.alioth.debian.org (was
sebast...@breakpoint.cc).
> # PKGNAME
> unarchive 844828
Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
build-dependency not
Processing control commands:
> severity -1 important
Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885
CVE-2016-3861
Severity set to 'important' from 'grave'
> tags -1 -security
Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885
CVE-2016-3861
Remo
Control: severity -1 important
Control: tags -1 -security
Almost all of the Android CVEs are for the Android OS, not the Android
SDK. The tricky part is that they are built from the same source tree.
Another thing to note is that some of the Android SDK libs used in the
SDK run at elevated privileges in Android OS, but not when part of the
SDK. So ther
Processing commands for cont...@bugs.debian.org:
> severity 858382 wishlist
Bug #858382 [gambas3] gambas3: No documentation
Severity set to 'wishlist' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
858382: http://bugs.debian.org/cgi-bin/bugreport.cgi
Processing control commands:
> severity -1 important
Bug #809167 [cron] cron: Cron Daemon Use-After-Free Vulnerability May Cause
Local Root Privilege Escalation
Severity set to 'important' from 'critical'
--
809167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
Debian Bug Tracking Sys
Control: severity -1 important
Hi,
On Thu, Nov 17, 2016 at 08:10:34AM +, Anton Ivanov wrote:
> https://samy.pl/poisontap/
>
> This is a variation on an ancient "gem" by a DSL Modem vendor
> where the router pretends to be the entire internet by spoofing
> arp so that it captures all traffic.
Control: severity -1 important
Hi,
On Sun, Jan 29, 2017 at 07:32:59PM +, Ben Hutchings wrote:
> (I think this probably can be downgraded. At least on Linux, I expect
> memory allocation to either succeed or kill the program. But this
> should be fixed, anyway)
Doing so now.
Cheers,
Ivo
Processing control commands:
> severity -1 important
Bug #844584 [isc-dhcp-client] dhclient should perform additional validity checks
Severity set to 'important' from 'serious'
--
844584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844584
Debian Bug Tracking System
Contact ow...@bugs.debian
Package: src:llvm-toolchain-3.7
Version: 1:3.7.1-3
Severity: serious
Dear maintainer:
I tried to build this package in stretch with "dpkg-buildpackage -A"
but it failed:
[...]
debian/rules build-indep
dh build-inde
Processing commands for cont...@bugs.debian.org:
> found 857991 0.2.6-1
Bug #857991 [npm2deb] npm2deb: Please Recommend npm instead of Depend
Marked as found in versions npm2deb/0.2.6-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
857991: http://bugs.debian.or
Package: libblkmaker
Version: 0.5.3-1
Severity: grave
Tags: fixed-upstream
Hi,
The version of libblkmaker in sid/stretch supports bitcoin blocks up to
version 4 only:
http://sources.debian.net/src/libblkmaker/0.5.3-1/blkmaker.h/#L15
But since early 2016, the tip of the blockchain uses predemonan
Package: libmongo-client-doc
Version: 0.1.8-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
libmongo-client-doc : Depends: libmongo-cli
Processing commands for cont...@bugs.debian.org:
> severity 857296 important
Bug #857296 [hol88-library] hol88-library is an empty package on arm64, hppa,
and m68k
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
857296: ht
severity 857296 important
thanks
Greetings and thanks for your report! Am looking into this now
Take care,
--
Camm Maguirec...@maguirefamily.org
==
"The earth is but one country,
Package: mono-fpm-server
Version: 4.2-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
mono-fpm-server (arch:all) is no longer installable after the recent binNMU of
xsp:
The following packages have unmet dependencies:
mono-fpm-server : Depends: libfpm-helper0 (= 4.2-2) b
Your message dated Tue, 21 Mar 2017 16:33:55 +
with message-id
and subject line Bug#858215: fixed in aodh 3.0.0-3
has caused the Debian Bug report #858215,
regarding aodh-api: Missing dependency to net-tools
to be marked as done.
This means that you claim that the problem has been dealt with.
Processing commands for cont...@bugs.debian.org:
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 851986 piuparts
There were no usertags set.
Usertags are now: piuparts.
> usertags 724479 piuparts
There were no usertags set.
Usertags ar
Package: libwhy-coq
Version: 2.36-5
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
libwhy-coq : Depends: coq-8.5+4.02.3 but it is not in
Processing commands for cont...@bugs.debian.org:
> fixed 858217 2:10.0.0-7
Bug #858217 [src:keystone] keystone: Missing dependency to net-tools
Marked as fixed in versions keystone/2:10.0.0-7.
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
858217: http:/
Followup-For: Bug #856599
Control: tag -1 pending patch
Hi,
I just uploaded the attached patch as a NMU to DELAYED/5.
Please let me know if I should delay it longer.
Andreas
diff -Nru ktp-common-internals-15.08.3/debian/changelog ktp-common-internals-15.08.3/debian/changelog
--- ktp-common-inte
Processing control commands:
> tag -1 pending patch
Bug #856599 [libktpcommoninternals9] libktpcommoninternals9: please add Breaks:
libktpcommoninternalsprivate7
Added tag(s) pending and patch.
--
856599: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856599
Debian Bug Tracking System
Contact
Your message dated Tue, 21 Mar 2017 15:04:30 +
with message-id
and subject line Bug#858215: fixed in keystone 2:10.0.0-7
has caused the Debian Bug report #858215,
regarding aodh-api: Missing dependency to net-tools
to be marked as done.
This means that you claim that the problem has been deal
Hi Gregor,
On Tue, Mar 21, 2017 at 1:36 PM, gregor herrmann wrote:
> On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote:
>
>> > This looks like a problem in perl itself possibly causing random crashes
>> > elsewhere, too.
>> Does this problem also show up with 5.24.1-1 in testing and/or
>>
Package: pmw-doc
Version: 1:4.28-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
pmw-doc : Depends: pmw (= 1:4.28-2) but it is not goin
On 03/21/2017 03:32 PM, Christian Marillat wrote:
>>> I restored a directory today with rdiff-backup without problem.
>>
>> That was on amd64, I asumme?
>
> No on the i386 machine.
Ah, sorry, I missed the difference between rdiff-backup and
rdiff-backup-fs.
>> Ok, then I definitely have to test
On 21 mars 2017 08:40, John Paul Adrian Glaubitz
wrote:
> Hi Christian!
>
> On 03/21/2017 08:37 AM, Christian Marillat wrote:
>> I called rdiff-backup-fs with sudo, same crash.
>> I did a try with two differents backups, same crash.
>
> Ok, thanks. Will try to reproduce it.
>
>> I don't see this
On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote:
> > This looks like a problem in perl itself possibly causing random crashes
> > elsewhere, too.
> Does this problem also show up with 5.24.1-1 in testing and/or
> 5.24.1-2 in unstable?
Looking at the upstream ticket at
https://rt.cpan.or
Control: retitle -1 Perl 5.24 makes nama FTBFS due to segfault
# or "Perl 5, version 24, ..."
On Tue, 21 Mar 2017 13:14:53 +0100, Balint Reczey wrote:
> Control: reassign -1 perl 5.24.0~rc3-1
> Control: affects -1 nama
> Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault
> This l
Processing control commands:
> retitle -1 Perl 5.24 makes nama FTBFS due to segfault
Bug #839218 [perl] perl: Perl 24 makes nama FTBFS due to segfault
Changed Bug title to 'Perl 5.24 makes nama FTBFS due to segfault' from 'perl:
Perl 24 makes nama FTBFS due to segfault'.
--
839218: http://bugs.
Processing control commands:
> reassign -1 perl 5.24.0~rc3-1
Bug #839218 [src:nama] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests
failed.Bad plan. You planned 126 tests but ran 57.
Bug reassigned from package 'src:nama' to 'perl'.
No longer marked as found in versions nama/1.208-1.
Ignorin
Control: reassign -1 perl 5.24.0~rc3-1
Control: affects -1 nama
Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault
Dear Perl Maintainers,
On Fri, 30 Sep 2016 10:09:01 +0100 Chris Lamb wrote:
> Source: nama
> Version: 1.208-1
> Severity: serious
> Justification: fails to build fro
Your message dated Tue, 21 Mar 2017 10:25:13 +
with message-id
and subject line Re: Bug#858095: atlc FTBFS on mips: Build killed with signal
TERM after 360 minutes of inactivity
has caused the Debian Bug report #858095,
regarding atlc FTBFS on mips: Build killed with signal TERM after 360 min
Hi Holger,
On Mo 20 Mär 2017 22:48:23 CET, Holger Levsen wrote:
On Mon, Mar 20, 2017 at 06:21:38PM +, Mike Gabriel wrote:
I am not sure, did we reach a conclusion on the smarty3 upload?.
uhm, yes:
[11:15] < sunweaver> I'll do the upload to unstable now, or do we
want to ping the RT f
Hi Christian!
On 03/21/2017 08:37 AM, Christian Marillat wrote:
> I called rdiff-backup-fs with sudo, same crash.
> I did a try with two differents backups, same crash.
Ok, thanks. Will try to reproduce it.
> I don't see this bug on an amd64 machine (kernel 4.1.39)
Interesting. So it occurs on
On 21 mars 2017 08:20, John Paul Adrian Glaubitz
wrote:
> Control: tags -1 moreinfo
>
> Hi Christian!
>
>> rdiff-backup-fs crash
>> Here is the gdb bt and rdiff-backup-fs output
>> (...)
>
> Could you provide a little more information on what exactly you did to provoke
> the crash? Does rdiff-ba
Control: tags -1 moreinfo
Hi Christian!
> rdiff-backup-fs crash
> Here is the gdb bt and rdiff-backup-fs output
> (...)
Could you provide a little more information on what exactly you did to provoke
the crash? Does rdiff-backup-fs always segfault or just under certain
circumstances?
Adrian
--
Processing control commands:
> tags -1 moreinfo
Bug #858316 [rdiff-backup-fs] rdiff-backup-fs: segmentation fault
Added tag(s) moreinfo.
--
858316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
50 matches
Mail list logo
