Hi,
I have made a quick and dirty POC for this issue.
This results in a remote code execution in the JVM that exposes a
ServerSocketReceiver.
Unfortunately, logback 1:1.1.9-2 is still vulnerable, not 1.2.x.
The POC is available on demand.
Regards,
Fabrice Dagorn
Hi,
Am Fr. Mär. 31 00:24:41 2017 GMT+0200 schrieb Samuel Thibault:
> Hello Holger,
>
> Cyril Brulebois, on ven. 31 mars 2017 00:09:34 +0200, wrote:
> > Maybe to ease hands-on debugging, dblatex is called with the -d flag,
> > which tells it to leave temporary files behind. This ends up filling
>
Processing commands for cont...@bugs.debian.org:
> close 859159 2.12.0-1
Bug #859159 [pidgin] pidgin: CVE-2017-2640
Marked as fixed in versions pidgin/2.12.0-1.
Bug #859159 [pidgin] pidgin: CVE-2017-2640
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistanc
close 859159 2.12.0-1
thanks
Package: pidgin
Version: 2.10.11-1
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Control: fixed -1 2.11.0-0+deb8u2
Hi,
the following vulnerability was published for pidgin.
Filling this with RC severity, since it's although fixe
Processing control commands:
> fixed -1 2.11.0-0+deb8u2
Bug #859159 [pidgin] pidgin: CVE-2017-2640
Marked as fixed in versions pidgin/2.11.0-0+deb8u2.
--
859159: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859159
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Your message dated Fri, 31 Mar 2017 01:03:54 +
with message-id
and subject line Bug#797613: fixed in libosl 0.8.0-1.1
has caused the Debian Bug report #797613,
regarding libosl: transition needed for g++-5 ABIs
to be marked as done.
This means that you claim that the problem has been dealt wi
Control: tag -1 patch
Control: tag -1 pending
Dear maintainer,
I've prepared an NMU for libosl (versioned as 0.8.0-1.1). The diff
is attached to this message.
I've directly uploaded it, it's going through NEW (and I intend to ask
for fast-tracking, so the only rdep gets rebuilt right away, given
Processing control commands:
> tag -1 patch
Bug #797613 [src:libosl] libosl: transition needed for g++-5 ABIs
Ignoring request to alter tags of bug #797613 to the same tags previously set
> tag -1 pending
Bug #797613 [src:libosl] libosl: transition needed for g++-5 ABIs
Added tag(s) pending.
--
Your message dated Fri, 31 Mar 2017 02:27:20 +0200
with message-id <20170331002717.vxn6h6rgkgmkv...@mapreri.org>
and subject line Re: Bug#840166: libosl builds with -march=native
has caused the Debian Bug report #840166,
regarding libosl builds with -march=native
to be marked as done.
This means t
On Thu, 2017-03-30 at 22:36 +0200, Mathieu Parent wrote:
> Can you try this patch:
> https://git.samba.org/?p=samba.git;a=commitdiff;h=38beef2ff63664d7d5805f1032bb9f69d0b965d7
Thanks! This patch fixes the issue, my $work would appreciate it if you
could fold this into the next update to Debian je
Processing control commands:
> tags 848345 + patch
Bug #848345 [gpsshogi] hard codes dependency on library package libosl1
Bug #795237 [gpsshogi] hard codes dependency on library package libosl1
Added tag(s) patch.
Added tag(s) patch.
> tags 848345 + pending
Bug #848345 [gpsshogi] hard codes depen
Control: tags 848345 + patch
Control: tags 848345 + pending
Dear maintainer,
I've prepared an NMU for gpsshogi (versioned as 0.7.0-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Also, all of this is cause by you not incorporating the previous NMU.
And
Samuel Thibault (2017-03-31):
> Hello Holger,
>
> Cyril Brulebois, on ven. 31 mars 2017 00:09:34 +0200, wrote:
> > Maybe to ease hands-on debugging, dblatex is called with the -d flag,
> > which tells it to leave temporary files behind. This ends up filling
> > up dillon's /tmp (in addition to be
Processing commands for cont...@bugs.debian.org:
> # @maintainer : thank you for the mess all caused by not paying minimal
> # attention and not merging back a previous NMU. And not caring about
> # your package enough to not notice it's not even installable...
> unarchive 807204
Bug #807204 {Don
Followup-For: Bug #856720
Control: found -1 0.6.3.0+debian4
Hi,
and there we go again ...
[...]
Precompiling assets...
W, [2017-03-30T07:12:27.702004 #19736] WARN -- : You are setting a key that
conflicts with a built-in method OmniAuth::AuthHash::InfoHash#name defined at
/usr/share/diasp
Processing control commands:
> found -1 0.6.3.0+debian4
Bug #856720 {Done: Pirate Praveen } [diaspora-installer]
diaspora{, -installer}: fails to install: Errno::EEXIST: File exists @
dir_s_mkdir - /usr/share/diaspora/tmp
Marked as found in versions diaspora-installer/0.6.3.0+debian4 and reopene
Hello all,
I've prepared samba packages fixing vfs_shadowcopy2 and "follow symlink = no".
Can you test and report? (I've tested simple cases with those two options only).
Those are, signed with my key, at: https://people.debian.org/~sathieu/samba/
Regards
--
Mathieu Parent
Hello Holger,
Cyril Brulebois, on ven. 31 mars 2017 00:09:34 +0200, wrote:
> Maybe to ease hands-on debugging, dblatex is called with the -d flag,
> which tells it to leave temporary files behind. This ends up filling
> up dillon's /tmp (in addition to being rather bad style in the first
> place…)
tag 858564 pending
thanks
Hello,
Bug #858564 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=a88130d
---
commit a88130d25e6fddd56259044af3fb01057a3
Processing commands for cont...@bugs.debian.org:
> tag 858564 pending
Bug #858564 [samba] Cannot access anything under a subdirectory if symlinks are
disallowed
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
858564: http://bugs.debian.org/c
Source: installation-guide
Severity: serious
Tags: patch
Justification: Fills up /tmp on dillon.debian.org
Hi,
Maybe to ease hands-on debugging, dblatex is called with the -d flag,
which tells it to leave temporary files behind. This ends up filling
up dillon's /tmp (in addition to being rather b
Processing control commands:
> severity -1 serious
Bug #859143 [kup] kup: please update to v0.3.6 due changes on k.o
Severity set to 'serious' from 'wishlist'
--
859143: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859143
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing commands for cont...@bugs.debian.org:
> user pkg-openssl-de...@lists.alioth.debian.org
Setting user to pkg-openssl-de...@lists.alioth.debian.org (was
sebast...@breakpoint.cc).
> # linux-ftpd-ssl
> unarchive 828424
Bug #828424 {Done: Mats Erik Andersson }
[src:linux-ftpd-ssl] linux-ftp
Processing commands for cont...@bugs.debian.org:
> reopen 859055
Bug #859055 {Done: SZALAY Attila } [src:libzorpll] libzorpll
must (build)depend on libssl1.0-dev
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add
Your message dated Thu, 30 Mar 2017 20:48:47 +
with message-id
and subject line Bug#855929: fixed in mclibs 20061220+dfsg3-3.1
has caused the Debian Bug report #855929,
regarding mclibs: FTBFS: LOCB/LOCF: address 0x7f68e28cd740 exceeds the 32 bit
address space or is not in the data segments
t
Hi,
2017-03-30 13:12 GMT+02:00 Paul Wise :
> Control: fixed -1 2:4.5.6+dfsg-1
>
> On Thu, 2017-03-30 at 18:30 +0800, Paul Wise wrote:
>
>> I've confirmed that the freeze does not happen on samba 4.1 using
>> snapshot.d.o. The issue still occurs with 2:4.2.14+dfsg-0+deb8u4.
>
> I've confirmed this
tag 856626 + pending
thanks
Some bugs in the lucene-solr package are closed in revision
02a1b0e68a97c67864d7747e045233c2b33a1560 in branch 'master' by Markus
Koschany
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/lucene-solr.git/commit/?id=02a1b0e
Commit message:
Rem
Processing commands for cont...@bugs.debian.org:
> tag 856626 + pending
Bug #856626 {Done: Markus Koschany } [solr-tomcat]
solr-tomcat: fails to start
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
856626: http://bugs.debian.org/cgi-bin/bug
Your message dated Thu, 30 Mar 2017 19:47:08 +
with message-id
and subject line Bug#858872: fixed in eject 2.1.5+deb1+cvs20081104-13.1+deb8u1
has caused the Debian Bug report #858872,
regarding eject: CVE-2017-6964: dmcrypt-get-device does not check the return
values of setuid() or setgid()
t
Your message dated Thu, 30 Mar 2017 19:03:59 +
with message-id
and subject line Bug#856626: fixed in lucene-solr 3.6.2+dfsg-10
has caused the Debian Bug report #856626,
regarding solr-tomcat: fails to start
to be marked as done.
This means that you claim that the problem has been dealt with.
Processing commands for cont...@bugs.debian.org:
> reassign 858553 fp-utils-3.0.0
Bug #858553 [lazarus-doc-1.6] [lazarus-doc-1.6] Package lazarus-doc-1.6 is
empty and does not ship documentation files
Bug reassigned from package 'lazarus-doc-1.6' to 'fp-utils-3.0.0'.
No longer marked as found in
Your message dated Thu, 30 Mar 2017 18:23:42 +
with message-id
and subject line Bug#856117: fixed in tnef 1.4.12-1.1
has caused the Debian Bug report #856117,
regarding tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310
to be marked as done.
This means that you claim that the probl
Hi Antonio,
On 03/30/17 14:40, Antonio Terceiro wrote:
> Are you also going to request the unblock, or do you want me to do it?
I'll do that now (after checking it isn't there yet).
Paul
signature.asc
Description: OpenPGP digital signature
Package: libthrift-perl
Version: 0.9.3-2
Severity: serious
Justification: broken
libthrift-perl installs Thrift.pm into /usr/lib/perl5/ but perl's @INC
paths do not include that directory, so the module cannot be imported
by default. This means the package is broken by default.
pabs@chianamo ~ $
Processing control commands:
> found -1 2.6.1+ds-1
Bug #859111 [src:ariba] ariba: FTBFS: FAIL: Test run_bowtie2 unsorted
Marked as found in versions ariba/2.6.1+ds-1.
> retitle -1 ariba FTBFS with bowtie2 2.3.1-1
Bug #859111 [src:ariba] ariba: FTBFS: FAIL: Test run_bowtie2 unsorted
Changed Bug tit
Control: found -1 2.6.1+ds-1
Control: retitle -1 ariba FTBFS with bowtie2 2.3.1-1
Control: tags -1 sid
On Thu, Mar 30, 2017 at 01:46:26PM +0100, Chris Lamb wrote:
> Source: ariba
> Version: 2.7.1+ds-1
>...
> ==
> FAIL: Test ru
Your message dated Thu, 30 Mar 2017 15:05:25 +
with message-id
and subject line Bug#858920: fixed in neurodebian 0.37.6
has caused the Debian Bug report #858920,
regarding neurodebian-desktop: Trigger cycle via interest(-await) on
/usr/share/icons/gnome while depending (in)directly on gnome-i
Since the BrowserLauncher is just a fallback, we can just remove it.
This is done in the attached patch.
Cheers
Ole
diff -Nru jmodeltest-2.1.10+dfsg/debian/changelog jmodeltest-2.1.10+dfsg/debian/changelog
--- jmodeltest-2.1.10+dfsg/debian/changelog 2016-08-17 15:43:53.0 +0200
+++ jmodelt
Hi Otto,
On Fri, Mar 10, 2017 at 05:09:42PM +0200, Otto Kekäläinen wrote:
> I wonder if this really is how update-alternatives should be used and
> is really adding conflicts between all packages that use it the smart
> way to utilize the flexibility the update-alternatives scheme should
> provide
Le 30/03/2017 à 14:21, Ole Streicher a écrit :
> IMO that makes the BrowserLauncher package *really* obsolete here.
I agree, BrowserLauncher was interesting before Java 6, but the Desktop
API is good enough for most usages now.
Emmanuel Bourg
Source: ariba
Version: 2.7.1+ds-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
ariba fails to build from source in unstable/amd64:
[…]
==
On Wed, Mar 29, 2017 at 10:08:11PM +0200, Paul Gevers wrote:
> Control: tags 834686 + patch
>
> Dear maintainer,
>
> I've prepared an NMU for ruby-httpclient (versioned as 2.7.1-1.1). The
> diff is below (sorry for in-line, nmudiff failed to work properly for me).
>
> Due to the nature of the bu
Am 30.03.2017 um 14:14 schrieb Emmanuel Bourg:
> Le 30/03/2017 à 13:47, Ole Streicher a écrit :
>
>> Since there is only one dependency (jmodeltest), I recommend to remove
>> the package from Stretch and to patch out the dependency with a minimal
>> implementation of browserlauncher that uses xdg-
Le 30/03/2017 à 13:47, Ole Streicher a écrit :
> Since there is only one dependency (jmodeltest), I recommend to remove
> the package from Stretch and to patch out the dependency with a minimal
> implementation of browserlauncher that uses xdg-open (see attachment).
What about using the JDK API f
Processing control commands:
> tags -1 patch
Bug #859107 [jmodeltest] libbrowserlauncher-java dependency is going to be
removed from Stretch
Added tag(s) patch.
--
859107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with probl
Package: jmodeltest
Version: 2.1.10+dfsg-3
Severity: serious
Control: tags -1 patch
As pointed out in
https://bugs.debian.org/859001
https://bugs.debian.org/859004
https://bugs.debian.org/859005
I recommend to remove libbrowserlauncher from Stretch because it is not
working at all.
To prevent j
Your message dated Thu, 30 Mar 2017 11:48:49 +
with message-id
and subject line Bug#859091: fixed in mapdamage 2.0.6+dfsg-2
has caused the Debian Bug report #859091,
regarding mapdamage: Missing dependencies prevent proper functionality
to be marked as done.
This means that you claim that the
Your message dated Thu, 30 Mar 2017 11:48:49 +
with message-id
and subject line Bug#859090: fixed in mapdamage 2.0.6+dfsg-2
has caused the Debian Bug report #859090,
regarding mapdamage has incomplete patch to not always find seqtk
to be marked as done.
This means that you claim that the prob
Tags: affects -1 jmodeltest
I submitted fixes for all three bugs to the git repository. However,
even after applying them libbrowserlauncher does not work:
$ java -classpath /usr/share/java/BrowserLauncher2.jar \
edu.stanford.ejalbert.BrowserLauncher https://www.debian.org
should display a
Your message dated Thu, 30 Mar 2017 11:34:34 +
with message-id
and subject line Bug#858252: fixed in openssh 1:7.4p1-10
has caused the Debian Bug report #858252,
regarding unix domain socket forwarding broken for root user
to be marked as done.
This means that you claim that the problem has b
Processing control commands:
> fixed -1 2:4.5.6+dfsg-1
Bug #859101 [samba-common-bin] regression: net: security update makes `net ads
join` freeze when run a second time
Marked as fixed in versions samba/2:4.5.6+dfsg-1.
--
859101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859101
Debian B
Control: fixed -1 2:4.5.6+dfsg-1
On Thu, 2017-03-30 at 18:30 +0800, Paul Wise wrote:
> I've confirmed that the freeze does not happen on samba 4.1 using
> snapshot.d.o. The issue still occurs with 2:4.2.14+dfsg-0+deb8u4.
I've confirmed this issue does not happen with stretch 2:4.5.6+dfsg-1
--
Package: samba-common-bin
Version: 2:4.2.10+dfsg-0+deb8u1
Severity: serious
File: /usr/bin/net
Control: found -1 2:4.2.14+dfsg-0+deb8u4
X-Debbugs-CC: secur...@debian.org
The jessie security upgrade from samba 2:4.1.17+dfsg-2+deb8u2 to
2:4.2.10+dfsg-0+deb8u1 causes the `net ads join` command to fre
Processing control commands:
> found -1 2:4.2.14+dfsg-0+deb8u4
Bug #859101 [samba-common-bin] regression: net: security update makes `net ads
join` freeze when run a second time
Marked as found in versions samba/2:4.2.14+dfsg-0+deb8u4.
--
859101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug
The tests have been fixed upstream, and a new version released (see
#859096).
Attached is an updated patch against 2016.7-0.2 taken from upstream.
Description: Fix tests for 2017a tz abbreviation changes
Bug: https://bugs.launchpad.net/pytz/+bug/1677177
Bug-Debian: https://bugs.debian.org/858133
Your message dated Thu, 30 Mar 2017 09:34:33 +
with message-id
and subject line Bug#858502: fixed in openmama 2.2.2.1-11.1
has caused the Debian Bug report #858502,
regarding libmama-dev: missing Depends: libwombatcommoncpp0, libmamaavis0,
libmamacpp0
to be marked as done.
This means that yo
Processing control commands:
> retitle -1 gammaray FTBFS on arm64, armel, mips* and s390x: QFatal in
> quickinspectortest
Bug #845786 [src:gammaray] gammaray FTBFS on armhf: QFatal in quickinspectortest
Changed Bug title to 'gammaray FTBFS on arm64, armel, mips* and s390x: QFatal
in quickinspect
Control: retitle -1 gammaray FTBFS on arm64, armel, mips* and s390x: QFatal in
quickinspectortest
Hi,
gammaray 2.7.0 has now failed for the above reason on arm64, armel,
mips*, s390x and various ports architectures. Example from mips64el:
> Detaching from program: /«PKGBUILDDIR»/obj-qt5/bin/qui
Package: mapdamage
Severity: grave
Tags: patch
Justification: renders package unusable
Hi,
when Nadiya Sitdykova tried to create an autopkgtest it turned out
that several dependencies were missing. The missing dependencies
to run documented mapdamage tests successfully are:
python-pysam
Package: mapdamage
Severity: grave
Tags: patch
Justification: renders package unusable
Hi,
when Nadiya Sitdykova tried to create an autopkgtest for mapdamage it
turned out that the patch to find Debian packaged seqtk is incomplete.
A working patch can be found in packaging Git and will be upload
Your message dated Thu, 30 Mar 2017 07:49:03 +
with message-id
and subject line Bug#858951: fixed in sassphp 0.5.10-2
has caused the Debian Bug report #858951,
regarding php7.0-sassphp: fails to install: php7.0-sassphp.postinst: phpenmod:
not found
to be marked as done.
This means that you c
With runc 1.0.0~rc2+git20161109.131.5137186-2, things indeed work again.
Thanks!
On Thu, Mar 30, 2017 at 5:26 AM, Potter, Tim wrote:
> On 30 Mar 2017, at 3:54 AM, Michael Stapelberg
> wrote:
> >
> > Hi Tim,
> >
> > "Potter, Tim" writes:
> >> Hi Ricardo. Thanks for the bug report. I messed up
Source: android-platform-frameworks-base
Version: 1:7.0.0+r1-3
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
android-platform-frameworks-base fa
Source: spyder-memory-profiler
Version: 0.1.0-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
spyder-memory-profiler fails to build from source
65 matches
Mail list logo
