On Tue, May 16, 2017 at 6:46 AM, Steve Langasek wrote:
> On Mon, May 15, 2017 at 03:17:03PM -0700, Steve Langasek wrote:
> > On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote:
> > > >> Package: golang-github-gosexy-gettext-dev
>
> > > > vorlon, can we file for removal of this pac
Processing commands for cont...@bugs.debian.org:
> reopen 860608
Bug #860608 {Done: Steve Langasek } [src:golang] golang:
FTBFS: Go version is "go1.6.1", ignoring -next /<>/api/next.txt
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, an
Package: node-brace-expansion
Version: 1.1.6-1
Severity: serious
Tags: security
There is a regular expression denial of service issue in
node-brace-expansion <= 1.1.6. More details available here:
https://nodesecurity.io/advisories/338
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.
Your message dated Tue, 16 May 2017 05:05:58 +
with message-id
and subject line Bug#860608: fixed in golang-github-gosexy-gettext
0~git20130221-2
has caused the Debian Bug report #860608,
regarding golang: FTBFS: Go version is "go1.6.1", ignoring -next
/<>/api/next.txt
to be marked as done.
On Mon, May 15, 2017 at 03:17:03PM -0700, Steve Langasek wrote:
> On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote:
> > >> Package: golang-github-gosexy-gettext-dev
> > > vorlon, can we file for removal of this package? It wasn’t touched since
> > > 2013 and has no rdepends.
> >
>> That means, the "build your whole application with clang-3.8"
>> advise is temporary and specific to CUDA 8.0. Before uploading
>> CUDA 9.0 to unstable/experimental, we can change the default
>> compiler back to GCC. And backporting CUDA 9.0 to stretch
>> will eliminate the compiler trouble.
>
>
OK, so talking to pabs@ on debian-mentors, seems like a good approach
to take here is to do NMU uploads to unstable and stable. I'm happy to
do the work there (short of uploading, since I can't).
Second part: Marcos, do you use this package on stable, testing or
unstable? Also note that dirty.js h
Your message dated Tue, 16 May 2017 00:33:53 +
with message-id
and subject line Bug#862611: fixed in deluge 1.3.13+git20161130.48cedf63-3
has caused the Debian Bug report #862611,
regarding deluge-webui: directory traversal attack vulnerability
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> tag 862611 pending
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862611: http://bugs.debian.org/cgi-bin/bu
tag 862611 pending
thanks
Date: Mon May 15 20:09:36 2017 -0400
Author: Andrew Starr-Bochicchio
Commit ID: 3d1b3b4500f155a25bc2e5e92ae56437fa728041
Commit URL:
https://anonscm.debian.org/cgit/collab-maint/deluge.git;a=commitdiff;h=3d1b3b4500f155a25bc2e5e92ae56437fa728041
Patch URL:
https://anons
Your message dated Mon, 15 May 2017 22:35:17 +
with message-id
and subject line Bug#861771: fixed in nodm 0.13-1.3
has caused the Debian Bug report #861771,
regarding Fails to install: postinst script returned error exit status 1
to be marked as done.
This means that you claim that the proble
On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote:
> >> Package: golang-github-gosexy-gettext-dev
> > vorlon, can we file for removal of this package? It wasn’t touched since
> > 2013 and has no rdepends.
> Done: https://bugs.debian.org/862612
Thanks for filing, 100% agreed.
--
Your message dated Mon, 15 May 2017 22:04:37 +
with message-id
and subject line Bug#862690: fixed in imagemagick 8:6.9.7.4+dfsg-8
has caused the Debian Bug report #862690,
regarding imagemagick: Built-Using field with binary version
to be marked as done.
This means that you claim that the pro
Hi. I said:
> This failure is the same I reported in Bug #850282, and it should be
> fixed in version 1.1.1+dfsg1-4.
>
> Let's hope that britney takes this closing-with-version message
> as an indication that version 1.1.1+dfsg1-4 should propagate to testing.
>
> If this does not happen automati
Your message dated Mon, 15 May 2017 21:52:57 +
with message-id
and subject line Bug#862568: fixed in python-ncclient 0.5.3-2
has caused the Debian Bug report #862568,
regarding python-ncclient: Incomplete debian/copyright?
to be marked as done.
This means that you claim that the problem has b
On Sun, May 14, 2017 at 06:13:28PM (+0100), Chris Lamb wrote:
> Hi,
>
> I just ACCEPTed python-ncclient from NEW but noticed it was missing
> attribution in debian/copyright for at least
>
> examples/csr1000v_example.py
> ncclient/transport/ssh.py
> setup.py
>
> (This is not exhaustive so
Thanks for pointing that out!
But it hasn't been git-tagged, it failed the build on Travis, and it's only
a couple of commits from 1.0.0 so it might make more sense to just go with
1.0.0.
On Mon, May 15, 2017 at 11:34 AM, Marcos Marado
wrote:
> Hi,
>
> The latest upstream version is 1.1.0, whic
Your message dated Mon, 15 May 2017 21:08:29 +
with message-id
and subject line Bug#852750: fixed in readline 7.0-3
has caused the Debian Bug report #852750,
regarding libreadline7: readline() interferes with blocked SIGALRM
to be marked as done.
This means that you claim that the problem has
Your message dated Mon, 15 May 2017 21:08:08 +
with message-id
and subject line Bug#859805: fixed in postfix 3.1.4-5
has caused the Debian Bug report #859805,
regarding postfix-ldap: unsupported dictionary type: ldap after upgrade
to be marked as done.
This means that you claim that the probl
Your message dated Mon, 15 May 2017 21:08:08 +
with message-id
and subject line Bug#861593: fixed in postfix 3.1.4-5
has caused the Debian Bug report #861593,
regarding postfix-cdb: Broken after upgrade from jessie
to be marked as done.
This means that you claim that the problem has been deal
Processing control commands:
> reopen -1
Bug #855324 {Done: Markus Koschany } [pdfsam] pdfsam fails to
start
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in vers
Control: reopen -1
Hi,
just updated a machine from jessie -> stretch and stuck with the problem that
pdfsam fails to start. The problem is that existing ~/.pdfsam/config.xml need to
be changed too.
I'd propose to write a NEWS entry to inform people and tell them what to do.
Best,
Philip
sign
Processing commands for cont...@bugs.debian.org:
> tags 862611 + upstream fixed-upstream
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) fixed-upstream and upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
86
Package: src:imagemagick
Version: 8:6.9.7.4+dfsg-7
Severity: serious
The latest imagemagick upload has been built by the arch:all build
daemon, but has later been rejected by dak:
On 2017-05-15 15:48, Debian FTP Masters wrote:
> imagemagick-6-doc_6.9.7.4+dfsg-7_all.deb: Built-Using refers to non-
Processing control commands:
> found -1 3.0.0-5
Bug #862689 [src:flightgear] flightgear: CVE-2017-8921
Marked as found in versions flightgear/3.0.0-5.
--
862689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5
Hi,
the following vulnerability was published for flightgear.
CVE-2017-8921[0]:
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user ha
Processing commands for cont...@bugs.debian.org:
> submitter 852998 !
Bug #852998 {Done: "Adam D. Barratt" }
[release.debian.org] jessie-pu: package dropbear/2014.65-1
Changed Bug submitter to 'guil...@debian.org' from 'Guilhem Moulin
'.
> submitter 856844 !
Bug #856844 [apt-listbugs] apt-listbu
Control: tags -1 confirmed
Am 15.05.2017 um 00:01 schrieb Nikolaus Rath:
> Package: xarchiver
> Version: 1:0.5.4-1+deb8u1
> Severity: critical
> Justification: causes serious data loss
>
> As far as I can tell, using xarchiver to add additional files to a
> .tar.xz file will destroy the existing
Processing control commands:
> tags -1 confirmed
Bug #862593 [xarchiver] xarchiver: Adding files to .tar.xz deletes existing
content
Added tag(s) confirmed.
--
862593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
CVE requested via https://cveform.mitre.org/
Regards,
Salvatore
Processing commands for cont...@bugs.debian.org:
> forcemerge 849357 848066
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Bug #856322 [kernel-package] kernel-package: 4.10 kernel - kernel_headers
package not building. File
Processing commands for cont...@bugs.debian.org:
> forcemerge 849357 856322
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Bug #856322 [kernel-package] kernel-package: 4.10 kernel - kernel_headers
package not building. File
Processing commands for cont...@bugs.debian.org:
> severity 849357 serious
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Severity set to 'serious' from 'normal'
> tags 849357 + patch
Bug #849357 [kernel-package] kernel-packa
Hi,
The latest upstream version is 1.1.0, which is a bug fix release.
Check here:
https://github.com/felixge/node-dirty/commit/6285fce15d3bc76bc288259ed2a095cd2936e218
On Mon, May 15, 2017 at 7:03 PM Val Markovic wrote:
> I have packaged up latest upstream version (1.0.0) here:
> https://githu
I have packaged up latest upstream version (1.0.0) here:
https://github.com/Valloric/dirty.js
I've tested it out locally (using upstream's tutorial) on latest
stretch RC with nodejs v4.8.2 and it's working fine. I'll look for a
sponsor on debian-mentors to do a NMU.
Hi,
> deluge-webui: directory traversal attack vulnerability
I think this is fixed in:
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.c
Your message dated Mon, 15 May 2017 16:48:44 +
with message-id
and subject line Bug#862652: fixed in debian-edu-config 1.927
has caused the Debian Bug report #862652,
regarding debian-edu-config: wrong exim4 configuration breaks SMTP server
security
to be marked as done.
This means that you
On 15.05.2017 02:06, Lumin wrote:
> @doko GCC-5 may be removed from unstable when CUDA 9.0
> is uploaded. See below.
[I'd like to reach gcc-5 5.5 reach snapshot.debian.org, which will be around
June/July. Then we can remove it].
> (Maybe doko is already in some of these lists.)
>
>> The problem
Processing control commands:
> retitle -1 pcmanfm: CVE-2017-8934: single instance socket may be blocked by
> another user
Bug #862571 {Done: Andriy Grytsenko } [pcmanfm] pcmanfm:
single instance socket may be blocked by another user.
Changed Bug title to 'pcmanfm: CVE-2017-8934: single instance
Control: retitle -1 menu-cache: CVE-2017-8933: socket may be blocked by another
user
Hi
This issue has been assigned CVE-2017-8933.
Regards,
Salvatore
Control: retitle -1 pcmanfm: CVE-2017-8934: single instance socket may be
blocked by another user
This issue has been assigned CVE-2017-8934.
Regards,
Salvatore
Processing control commands:
> retitle -1 menu-cache: CVE-2017-8933: socket may be blocked by another user
Bug #862570 {Done: Andriy Grytsenko } [libmenu-cache3]
libmenu-cache: menu-cached socket may be blocked by another user.
Changed Bug title to 'menu-cache: CVE-2017-8933: socket may be blocke
Processing commands for cont...@bugs.debian.org:
> forcemerge 861074 862656
Bug #861074 {Done: Jonas Meurer } [cryptsetup] cryptsetup:
cryptroot-hook doesn't honor initramfs-tools' (>= 0.129) logic for resume
devices
Bug #862656 [cryptsetup] cryptsetup: WARNING: failed to detect canonical device
Your message dated Mon, 15 May 2017 15:23:02 +0100
with message-id <1494858182.29474.29.ca...@decadent.org.uk>
and subject line Re: Bug#862605: Missing ondemand CPU governor.
has caused the Debian Bug report #862605,
regarding Missing ondemand CPU governor.
to be marked as done.
This means that yo
Processing commands for cont...@bugs.debian.org:
> notfound 862605 3.16.39-1+deb8u2
Bug #862605 [linux-image-3.16.0-4-amd64] Missing ondemand CPU governor.
No longer marked as found in versions linux/3.16.39-1+deb8u2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Processing commands for cont...@bugs.debian.org:
> tags 861593 + pending
Bug #861593 [postfix-cdb] postfix-cdb: Broken after upgrade from jessie
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
861593: http://bugs.debian.org/cgi-bin/bugreport.
Your message dated Mon, 15 May 2017 12:04:53 +
with message-id
and subject line Bug#860169: fixed in glue 0.13-1
has caused the Debian Bug report #860169,
regarding glue-sprite: Inconsistent dependencies
to be marked as done.
This means that you claim that the problem has been dealt with.
If
(please keep me in CC)
On Sat, 13 May 2017 06:16:44 +0200 franckr wrote:
> Hi Arturo,
>
> I cannot help for kernel, however, and you probably already know it:
> Several bios updates became available since 10/04/2007 version.
> Did you consider them ? (ie checking release logs)
> Will you try ?
>
Your message dated Mon, 15 May 2017 11:48:37 +
with message-id
and subject line Bug#861987: fixed in flightcrew 0.7.2+dfsg-9
has caused the Debian Bug report #861987,
regarding flightcrew: insecure use of /tmp
to be marked as done.
This means that you claim that the problem has been dealt wit
control: tags -1 + pending
# a fix is in git already, though improvements have been discussed on irc
# ;tl;dr: we're on it.
--
cheers,
Holger
signature.asc
Description: Digital signature
Processing control commands:
> tags -1 + pending
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Added tag(s) pending.
--
862652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862652
Debian Bug Tracking System
Contact ow...@bugs.debian
Your message dated Mon, 15 May 2017 10:19:28 +
with message-id
and subject line Bug#845102: fixed in ogamesim 20130107-3
has caused the Debian Bug report #845102,
regarding ogamesim: FTBFS when built with dpkg-buildpackage -A
(dpkg-genbuildinfo error)
to be marked as done.
This means that yo
control: found -1 1.926
control: found -1 1.818+deb8u2
control: Severity -1 serious
thanks
--
cheers,
Holger
signature.asc
Description: Digital signature
Processing control commands:
> found -1 1.926
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Marked as found in versions debian-edu-config/1.926.
> found -1 1.818+deb8u2
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 config
Processing commands for cont...@bugs.debian.org:
> severity 862652 serious
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Processing control commands:
> forwarded -1 https://bitbucket.org/wooster/biplist/issues/8
Bug #860656 [src:python-biplist] python-biplist: FTBFS on i386: dh_auto_test:
pybuild --test --test-nose -i python{version} -p 2.7 returned exit code 13
Set Bug forwarded-to-address to
'https://bitbucket.o
Control: forwarded -1 https://bitbucket.org/wooster/biplist/issues/8
Since the plist format stores the length of the integer, storing a long
should always return a long:
0001 # of bytes is 2^, big-endian bytes
https://en.wikipedia.org/wiki/Property_list#Mac_OS_X
On python3 this does n
Hi
I requested a CVE for this issue via cveform.mitre.org
Regards,
Salvatore
Hi
I requested a CVE via cveform.mitre.org for this issue.
Regards,
Salvatore
Your message dated Mon, 15 May 2017 09:04:17 +
with message-id
and subject line Bug#861755: fixed in libpll 0.3.0-1
has caused the Debian Bug report #861755,
regarding libpll: FTBFS on x86: AVX target specific option mismatch
to be marked as done.
This means that you claim that the problem ha
@doko GCC-5 may be removed from unstable when CUDA 9.0
is uploaded. See below.
(Maybe doko is already in some of these lists.)
> The problem is the move of some parts of the toolchain to pie by
> default, without updating the whole toolchain. Whenever not using only
> gcc for building object files
Your message dated Mon, 15 May 2017 09:05:01 +
with message-id
and subject line Bug#861483: fixed in ycmd 0+20161219+git486b809-2
has caused the Debian Bug report #861483,
regarding ycmd: FTBFS against libclang with versioned symbols
to be marked as done.
This means that you claim that the pr
Your message dated Mon, 15 May 2017 09:04:26 +
with message-id
and subject line Bug#861836: fixed in ntirpc 1.4.4-1
has caused the Debian Bug report #861836,
regarding ntirpc: CVE-2017-8779
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not th
Lumin, on sam. 13 mai 2017 05:59:24 +, wrote:
> > This was documented in NEWS.Debian.gz. Having to use "--compiler-options
> > -fPIC" was however not documented in NEW.Debian.gz, at least that should
> > be done.
>
> Well, what do you think we can to to deal with this bug?
I Cc-ed gcc, llvm a
On May 15, 2017 06:06, "Val Markovic" wrote:
[Sending you a copy of my response on the bug since I forgot to cc you.]
-- Forwarded message --
From: Val Markovic
Date: Sun, May 14, 2017 at 9:57 PM
Subject: Re: Package broken
To: 771...@bugs.debian.org
I'm interested in fixing th
tags 858178 + patch
thanks
This is correctly diagnosing a buffer which is to small.
The length of data written to the buffer is always constant,
(20 bytes more than the length of the buffer), and not under
user control, so there is probably not a security problem here.
A patch, to increase the le
Processing commands for cont...@bugs.debian.org:
> # http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
> tags 862611 + security
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) security.
> severity 862611 serious
Bug #862611 [deluge-webui] deluge
On Sat, May 6, 2017 at 2:20 PM, Michael Stapelberg
wrote:
>
>
> On Tue, May 2, 2017 at 10:23 AM, Michael Hudson-Doyle <
> michael.hud...@canonical.com> wrote:
>
>> On 2 May 2017 at 19:23, Michael Stapelberg wrote:
>>
>>> Sorry for the late reply, I’ve been swamped.
>>>
>>> On Fri, Apr 21, 2017 a
68 matches
Mail list logo
