Processing commands for cont...@bugs.debian.org:
> notfound 862970 2014.65-1+deb8u2
Bug #862970 {Done: Guilhem Moulin } [dropbear] dropbear:
Double-free in server TCP listener cleanup (CVE-2017-9078); information
disclosure with ~/.ssh/authorized_keys symlink (CVE-2017-9079)
No longer marked as
Processing control commands:
> retitle -1 imagemagick: CVE-2017-9098: use of uninitialized memory in RLE
> decoder
Bug #862967 [src:imagemagick] imagemagick: use of uninitialized memory in RLE
decoder
Changed Bug title to 'imagemagick: CVE-2017-9098: use of uninitialized memory
in RLE decoder'
Processing commands for cont...@bugs.debian.org:
> found 862967 8:6.8.9.9-1
Bug #862967 [src:imagemagick] imagemagick: CVE-2017-9098: use of uninitialized
memory in RLE decoder
Marked as found in versions imagemagick/8:6.8.9.9-1.
> thanks
Stopping processing here.
Please contact me if you need a
Control: retitle -1 imagemagick: CVE-2017-9098: use of uninitialized memory in
RLE decoder
Hi
CVE-2017-9098 has been assigned for this issue.
Regards,
Salvatore
Hi Markus,
> Chris, could you cancel the NMU? I do the upload today after I have done
> some more tests and credit you in the changelog. Thanks for the patch!
It was uploaded to DELAYED/5 so you have a while to override mine :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'`
On May 20 2017, Markus Koschany wrote:
> On Fri, 19 May 2017 16:26:03 -0700 Nikolaus Rath wrote:
>> On May 20 2017, Markus Koschany wrote:
>> > Am 19.05.2017 um 23:23 schrieb Chris Lamb:
>> >> tags 862593 + patch
>> >> thanks
>> >>
>> >> The archive gets overwritten as the test to see whether i
On Fri, 19 May 2017 16:26:03 -0700 Nikolaus Rath wrote:
> On May 20 2017, Markus Koschany wrote:
> > Am 19.05.2017 um 23:23 schrieb Chris Lamb:
> >> tags 862593 + patch
> >> thanks
> >>
> >> The archive gets overwritten as the test to see whether it already exists
> >> (to determine whether to c
On May 20 2017, Markus Koschany wrote:
> Am 19.05.2017 um 23:23 schrieb Chris Lamb:
>> tags 862593 + patch
>> thanks
>>
>> The archive gets overwritten as the test to see whether it already exists
>> (to determine whether to create a new one or simply add a new file) uses
>> an escaped path.
>>
Your message dated Fri, 19 May 2017 23:18:16 +
with message-id
and subject line Bug#862902: Removed package(s) from unstable
has caused the Debian Bug report #862892,
regarding linux-signed FTBFS in stretch: Build-depends on linux packages no
longer in stretch
to be marked as done.
This mean
Your message dated Fri, 19 May 2017 23:19:10 +
with message-id
and subject line Bug#862987: Removed package(s) from unstable
has caused the Debian Bug report #862987,
regarding RM: browser-history -- RoM; no longer useful with modern browsers
to be marked as done.
This means that you claim th
On Thu, 18 May 2017 18:56:39 +0300 Adrian Bunk wrote:
> Control: reassign -1 src:sip4 4.18.1+dfsg-1
> Control: retitle -1 python{,3}-sip shouldn't provide more than one sip api
> Control: affects -1 python-sip python3-sip
>
> On Thu, Feb 16, 2017 at 02:36:19PM +0100, di dit wrote:
> > Rebuilding
Your message dated Fri, 19 May 2017 22:18:45 +
with message-id
and subject line Bug#862970: fixed in dropbear 2016.74-5
has caused the Debian Bug report #862970,
regarding dropbear: Double-free in server TCP listener cleanup (CVE-2017-9078);
information disclosure with ~/.ssh/authorized_keys
Am 19.05.2017 um 23:23 schrieb Chris Lamb:
> tags 862593 + patch
> thanks
>
> The archive gets overwritten as the test to see whether it already exists
> (to determine whether to create a new one or simply add a new file) uses
> an escaped path.
>
> Patch attached.
I came to a similar conclusio
Processing commands for cont...@bugs.debian.org:
> tags 862593 + pending patch
Bug #862593 [xarchiver] xarchiver: Adding files to .tar.xz deletes existing
content
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862593: http://bugs.debian.org
tags 862593 + pending patch
thanks
I've uploaded xarchiver 0.5.4-6.1 to DELAYED/5:
xarchiver (1:0.5.4-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix data-loss issue where adding files to a tar-based archive removed all
existing content when the target filename i
tags 862593 + patch
thanks
The archive gets overwritten as the test to see whether it already exists
(to determine whether to create a new one or simply add a new file) uses
an escaped path.
Patch attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org
Processing commands for cont...@bugs.debian.org:
> tags 862593 + patch
Bug #862593 [xarchiver] xarchiver: Adding files to .tar.xz deletes existing
content
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862593: http://bugs.debian.org/cgi-bin/b
[Adrian Bunk]
> I am not a release manager, but the sid tag that I am setting with
> this email should do what you want.
Thank you very much.
--
Happy hacking
Petter Reinholdtsen
On Fri, May 19, 2017 at 10:04:20PM +0200, Petter Reinholdtsen wrote:
>
> [Georges Racinet]
> > I don't really have insight on the best place to put a sample ogg file ;
> > in the meanwhile, that one is now in python-pygame-doc, and the attached
> > patch fixes the FTBFS for me. Hoping this short-t
Package: totem
Version: 3.14.0-2
Severity: grave
Tags: newcomer
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Nothing, an utilisation "standard" of Debian, watch films on HDD, or
videos on youtube, for example.
* What exactly did you do (or
Control: tags -1 sid
On Fri, May 19, 2017 at 10:04:20PM +0200, Petter Reinholdtsen wrote:
>...
> The bug version information here is problematic, as the problem is with
> the version currently in testing and unstable, but the problem only
> exist in unstable. And as long as the bug is flagged as
Processing control commands:
> tags -1 sid
Bug #861298 [src:oggvideotools] oggvideotools: FTBFS: can not open file
for reading
Added tag(s) sid.
--
861298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861298
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
tag 848060 + pending
thanks
Some bugs in the libx11-protocol-other-perl package are closed in
revision 87510aa1c0b37c61f7ed2b395a0f5ebed75a6ca1 in branch '
jessie' by gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libx11-protocol-other-perl.git/com
Processing commands for cont...@bugs.debian.org:
> tag 848060 + pending
Bug #848060 {Done: gregor herrmann }
[src:libx11-protocol-other-perl] libx11-protocol-other-perl: FTBFS randomly
(failing tests)
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assista
[Georges Racinet]
> I don't really have insight on the best place to put a sample ogg file ;
> in the meanwhile, that one is now in python-pygame-doc, and the attached
> patch fixes the FTBFS for me. Hoping this short-term fix can be
> useful.
Thank you for investigating. The patch look good, bu
Processing commands for cont...@bugs.debian.org:
> tags 834961 + sid stretch
Bug #834961 {Done: Niko Tyni } [src:libvitacilina-perl]
libvitacilina-perl: FTBFS too much often (configure fails)
Added tag(s) stretch and sid.
> thanks
Stopping processing here.
Please contact me if you need assistanc
Your message dated Fri, 19 May 2017 19:48:41 +
with message-id
and subject line Bug#862689: fixed in flightgear 1:2016.4.4+dfsg-3
has caused the Debian Bug report #862689,
regarding flightgear: CVE-2017-8921
to be marked as done.
This means that you claim that the problem has been dealt with.
Processing control commands:
> reassign -1 ftp.debian.org
Bug #862987 [browser-history] browser-history: Is the package still working and
useful?
Bug reassigned from package 'browser-history' to 'ftp.debian.org'.
No longer marked as found in versions browser-history/2.8-21.
Ignoring request to al
Control: reassign -1 ftp.debian.org
Control: affects -1 browser-history
Control: retitle -1 RM: browser-history -- RoM; no longer useful with modern
browsers
On Fri, May 19, 2017 at 07:31:35PM +0300, Adrian Bunk wrote:
> As observed by Salvo Tomaselli, the description says:
> It works with: Nets
Package: browser-history
Version: 2.8-21
Severity: serious
As observed by Salvo Tomaselli, the description says:
It works with: Netscape Navigator, Arena, and Amaya. Support for
`browser-history' can easily be added to other browsers, provided you can
program and have the browser sources.
This
tag 808454 + pending
thanks
Some bugs in the libdata-faker-perl package are closed in revision
1a8cf729f766d595328a38a59ed15d5de6795848 in branch ' jessie' by
gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libdata-faker-perl.git/commit/?id=1a8cf72
Processing commands for cont...@bugs.debian.org:
> tag 808454 + pending
Bug #808454 {Done: gregor herrmann }
[src:libdata-faker-perl] libdata-faker-perl: FTBFS under some locales (eg.
fr_CH.UTF-8)
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Processing control commands:
> retitle -1 dropbear: Double-free in server TCP listener cleanup
> (CVE-2017-9078); information disclosure with ~/.ssh/authorized_keys symlink
> (CVE-2017-9079)
Bug #862970 [dropbear] dropbear-bin: Double-free in server TCP listener
cleanup; information disclosure
Control: retitle -1 dropbear: Double-free in server TCP listener cleanup
(CVE-2017-9078); information disclosure with ~/.ssh/authorized_keys symlink
(CVE-2017-9079)
Two CVEs were assigned for the two issues, retitling the bug
accordingly.
Regards,
Salvatore
tag 824843 + pending
tag 824936 + pending
tag 826136 + pending
thanks
Some bugs in the libsys-syscall-perl package are closed in revision
154cbe339a1ff967c2c825df4dbf7407c6c91030 in branch ' jessie' by
gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages
Processing commands for cont...@bugs.debian.org:
> tag 824843 + pending
Bug #824843 {Done: Niko Tyni } [libsys-syscall-perl]
libsys-syscall-perl: FTBFS on arm64: test suite failures
Added tag(s) pending.
> tag 824936 + pending
Bug #824936 {Done: Niko Tyni } [libsys-syscall-perl]
libsys-syscall-p
On 05/19/2017 10:07 AM, Chris Lamb wrote:
> I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5:
>
> ca-certificates (20161130+nmu1) unstable; urgency=medium
>
> * Non-maintainer upload.
> * Add StartCom and WoSign certificates to mozilla/blacklist.txt as they
> are
> no
Processing commands for cont...@bugs.debian.org:
> tags 858539 + pending patch
Bug #858539 [ca-certificates] ca-certificates: Contains untrusted StartCom and
WoSign certificates
Added tag(s) patch and pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
85853
tags 858539 + pending patch
thanks
I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5:
ca-certificates (20161130+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Add StartCom and WoSign certificates to mozilla/blacklist.txt as they are
now untrusted by the majo
Processing commands for cont...@bugs.debian.org:
> tag 788350 + pending
Bug #788350 {Done: gregor herrmann } [libhttp-proxy-perl]
libhttp-proxy-perl: FTBFS - proxy tests
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
788350: http://bugs.deb
tag 788350 + pending
thanks
Some bugs in the libhttp-proxy-perl package are closed in revision
60f02b77031754872d0823543302255350d0754b in branch ' jessie' by
gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libhttp-proxy-perl.git/commit/?id=60f02b7
On Fri, May 19, 2017 at 12:15:32PM +0200, Jérémy Lal wrote:
> 2017-05-19 12:07 GMT+02:00 Riku Voipio :
>
> > Jérémy Lal:
> > > To others, preoccupied that npm won't be available in debian:
> > > - please help with npm maintenance
> > > - hopefully we'll make an updated version installable through
Processing commands for cont...@bugs.debian.org:
> tags 862970 + upstream fixed-upstream
Bug #862970 [dropbear] dropbear-bin: Double-free in server TCP listener
cleanup; information disclosure with ~/.ssh/authorized_keys symlink
Added tag(s) upstream and fixed-upstream.
> thanks
Stopping processi
Processing commands for cont...@bugs.debian.org:
> retitle 788350 libhttp-proxy-perl: FTBFS - proxy tests
Bug #788350 {Done: gregor herrmann } [libhttp-proxy-perl]
FTBFS - proxy tests
Changed Bug title to 'libhttp-proxy-perl: FTBFS - proxy tests' from 'FTBFS -
proxy tests'.
> thanks
Stopping pro
Processing commands for cont...@bugs.debian.org:
> found 862970 2013.60-1
Bug #862970 [dropbear] dropbear-bin: Double-free in server TCP listener
cleanup; information disclosure with ~/.ssh/authorized_keys symlink
Marked as found in versions dropbear/2013.60-1.
> thanks
Stopping processing here.
Processing commands for cont...@bugs.debian.org:
> retitle 858250 Fails to build for unstable, build-depends not strict enough
Bug #858250 [runc] Fails to build for stretch, build-depends not strict enough
Bug #861966 [runc] Fails to build for sid, build-depends not strict enough
Changed Bug title
Processing control commands:
> tag 858250 -pending
Bug #858250 [runc] Fails to build for stretch, build-depends not strict enough
Bug #861966 [runc] Fails to build for sid, build-depends not strict enough
Removed tag(s) pending.
Removed tag(s) pending.
> affects 858250 -stretch +sid
Bug #858250 [r
control: tag 858250 -pending
control: affects 858250 -stretch +sid
control: notfound 858250 0.1.1+dfsg1-2
On Thu, 18 May 2017 12:48:11 +0100
Jonathan Wiltshire wrote:
> Control: tag -1 wontfix moreinfo
>
> Hi,
>
> On 2017-05-08 00:40, Roger Shimizu wrote:
> > Since you say it should fix unstab
Package: dropbear
Version: 2014.65-1+deb8u2
Severity: grave
Tags: security
Justification: user security hole
dropbear 2017.75 was released [0] on May 18 and fixes the following two
security vulnerabilities, for which no CVE was assigned yet AFAIK [1].
- Security: Fix double-free in server TCP
Hi,
On Fri, May 19, 2017 at 11:44:56AM +0200, Wolfgang Schweer wrote:
> On Fri, May 19, 2017 at 09:47:51AM +0200, John Paul Adrian Glaubitz wrote:
> > On 05/17/2017 10:57 PM, Andreas Henriksson wrote:
> > >> It's disabling Avahi support (I don't have such daemon)
>
> IMO a daemon isn't needed, th
Source: imagemagick
Version: 8:6.9.7.4+dfsg-8
Severity: grave
Tags: security upstream patch
Hi
See
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
for details, which has been addressed via
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0
On Mon, 15 May 2017 13:56:24 +0200 Arturo Borrero Gonzalez
wrote:
> (please keep me in CC)
>
> On Sat, 13 May 2017 06:16:44 +0200 franckr wrote:
> > Hi Arturo,
> >
> > I cannot help for kernel, however, and you probably already know it:
> > Several bios updates became available since 10/04/2007 v
Processing commands for cont...@bugs.debian.org:
> tag 783656 + pending
Bug #783656 {Done: Jonas Smedegaard }
[libhtml-microformats-perl] libhtml-microformats-perl: missing dependency on
libmodule-pluggable-perl
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you n
tag 783656 + pending
thanks
Some bugs in the libhtml-microformats-perl package are closed in
revision b07796c9f117f24155da70193c0cd818ede253f3 in branch '
jessie' by gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libhtml-microformats-perl.git/commi
Hello Adrian,
Thanks for looking at this again. More comments below.
On Fri, May 19, 2017 at 09:47:51AM +0200, John Paul Adrian Glaubitz wrote:
> But wouldn't that only address the symptoms instead of the actual cause
> of the problem? If I understood Laurent correctly, the NULL value of
> avahi_
Am 19.05.2017 um 02:24 schrieb Steve Cotton:
> On Fri, May 12, 2017 at 11:03:24PM +0200, Markus Koschany wrote:
>> What we need to check is: Does the game comply with the DFSG and does it
>> infringe the copyright of another programmer/artist. In my opinion that
>> is not the case here because the
Processing commands for cont...@bugs.debian.org:
> tag 788008 + pending
Bug #788008 {Done: Niko Tyni }
[libcgi-application-plugin-anytemplate-perl]
libcgi-application-plugin-anytemplate-perl: missing dependency on libclone-perl
Added tag(s) pending.
> thanks
Stopping processing here.
Please con
tag 788008 + pending
thanks
Some bugs in the libcgi-application-plugin-anytemplate-perl package
are closed in revision 902139f110bdfdf3b22083a009fa06147072b8a7 in
branch ' jessie' by gregor herrmann
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-perl/packages/libcgi-application
2017-05-19 12:07 GMT+02:00 Riku Voipio :
> Jérémy Lal:
> > To others, preoccupied that npm won't be available in debian:
> > - please help with npm maintenance
> > - hopefully we'll make an updated version installable through debian
> backports
>
> Are there any complications to building npm as pa
Jérémy Lal:
> To others, preoccupied that npm won't be available in debian:
> - please help with npm maintenance
> - hopefully we'll make an updated version installable through debian backports
Are there any complications to building npm as part of nodejs package?
Riku
Hi Santiago,
could you test the new version 0.90.3-1 in unstable, please?
No hurry, because of the freeze the package will not migrate
to testing soon anyway.
TIA & Cheers!
On Fri, May 19, 2017 at 09:47:51AM +0200, John Paul Adrian Glaubitz wrote:
> On 05/17/2017 10:57 PM, Andreas Henriksson wrote:
> >> It's disabling Avahi support (I don't have such daemon)
IMO a daemon isn't needed, that might be a misleading debug message. On
my system (up-to-date stretch, GNOME)
Processing control commands:
> tag 862001 pending
Bug #862001 {Done: Julian Andres Klode } [libapt-pkg5.0]
libapt-pkg5.0: Failed to try-restart apt-daily-upgrade.timer: Unit
apt-daily-upgrade.timer not found.
Added tag(s) pending.
--
862001: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862
Control: tag 862001 pending
Hello,
Bug #862001 in apt reported by you has been fixed in the Git repository. You can
see the commit message below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/apt/apt.git/diff/?id=8d42a4e
(this message was generated automatically
Hi,
One could probably just advise people to execute this in their terminal:
sed -i 's/[0-9]*<\/LAF>/0<\/LAF>/' ~/.pdfsam/config.xml
Best,
Philip
signature.asc
Description: OpenPGP digital signature
On 05/17/2017 10:57 PM, Andreas Henriksson wrote:
>> It's disabling Avahi support (I don't have such daemon) but still later
>> calling avahi_threaded_poll_lock() with NULL avahi_thread.
> [...]
>
> Yes, definitely seems so. Could you please test the attached patch
> which hopefully takes care of
66 matches
Mail list logo
