Source: undertow
Severity: grave
Tags: security
There's no other reference that what Red Hat published here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666
Upstream needs to be contacted or the patch pulled from their
update.
Cheers,
Moritz
Hello,
على الأربعاء 7 حزيران 2017 08:40، كتب Andreas Tille:
> Hi Adrian,
>
> On Wed, Jun 07, 2017 at 03:26:49PM +0300, Adrian Bunk wrote:
>>
>>> NMUs are in any case OK for any Debian Med package. I would have
>>> uploaded as well if I would know the best solution. So please apply
>>> what yo
Hi,
On Wed, Jun 07, 2017 at 11:54:26PM +0200, Moritz Mühlenhoff wrote:
> Please go ahead (needs -sa since orig tarball is new)
Ah, right. Almost forgot, thanks.
Done.
Regards,
Rene
* Julien Cristau (jcris...@debian.org) wrote:
> It's now through NEW. The next step would be an upload to sid, with
> urgency=high, and an unblock request to the release.debian.org
> pseudopackage.
Thanks and done as you have seen. I'm guessing it's not worth it, but
should we promote libp11 0.4.
On Wed, Jun 07, 2017 at 11:07:02PM +0200, Rene Engelhard wrote:
> Hi,
>
> On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> > Source: libmwaw
> > Severity: grave
> > Tags: security
> >
> > Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
>
> sid (and th
severity 863802 wishlist
thanks
As discussed, I don't this is a bug.
Processing commands for cont...@bugs.debian.org:
> severity 863802 wishlist
Bug #863802 [ferm] systemd unit breaks ferm in some setups in jessie->stretch
upgrade
Severity set to 'wishlist' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
863802: http:
On Wed, Jun 07, 2017 at 11:07:02PM +0200, Rene Engelhard wrote:
> Hi,
>
> On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> > Source: libmwaw
> > Severity: grave
> > Tags: security
> >
> > Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
>
> sid (and th
Your message dated Wed, 07 Jun 2017 21:04:12 +
with message-id
and subject line Bug#864366: fixed in libmwaw 0.3.9-2
has caused the Debian Bug report #864366,
regarding CVE-2017-9433
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case
Hi,
On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> Source: libmwaw
> Severity: grave
> Tags: security
>
> Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
sid (and thus hopefully stretch assuming will be unblocked, see # -
otherwise we'd need stretch
Your message dated Wed, 07 Jun 2017 21:04:19 +
with message-id
and subject line Bug#864366: fixed in libmwaw 0.3.11-2
has caused the Debian Bug report #864366,
regarding CVE-2017-9433
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case
Processing commands for cont...@bugs.debian.org:
> found 864319 3.3.9-1
Bug #864319 [otrs] CVE-2017-9324
Marked as found in versions otrs2/3.3.9-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319
Debi
Processing commands for cont...@bugs.debian.org:
> tag 864366 pending
Bug #864366 [src:libmwaw] CVE-2017-9433
Ignoring request to alter tags of bug #864366 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864366: http://bugs.debian.o
tag 864366 pending
thanks
Hello,
Bug #864366 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-openoffice/libmwaw.git/commit/?id=58d91e5
---
commit 58d91e5a5c303a66a9b5653
Processing commands for cont...@bugs.debian.org:
> tag 864366 pending
Bug #864366 [src:libmwaw] CVE-2017-9433
Ignoring request to alter tags of bug #864366 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864366: http://bugs.debian.o
Processing commands for cont...@bugs.debian.org:
> tags 864366 + pending
Bug #864366 [src:libmwaw] CVE-2017-9433
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864366
Debian Bug Tracki
tag 864366 pending
thanks
Hello,
Bug #864366 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-openoffice/libmwaw.git/commit/?id=47a8c95
---
commit 47a8c958189654693d0436cd7ee
Hello YOSHINO Yoshihito,
Unfortunately after test the new unar binary is failing to extract
some kind of files, may be is related to the upstream changes. Please
test to extract these files with unstable version:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=859346;filename=rar-files.ta
Processing commands for cont...@bugs.debian.org:
> tags 864366 + upstream fixed-upstream
Bug #864366 [src:libmwaw] CVE-2017-9433
Added tag(s) upstream and fixed-upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864366: http://bugs.debian.org/cgi-bin/bugrep
Hi Michael,
On Wed, Jun 07, 2017 at 08:30:31AM +0200, Michael Stapelberg wrote:
> Thanks for your reply. I don’t have a way to test the vulnerability either.
> I’d trust Pavel’s assessment and call this done.
I have updated the security-tracker accordingly. So all should be
settled now.
Thanks f
Processing commands for cont...@bugs.debian.org:
> severity 864363 important
Bug #864363 {Done: Christoph Berg } [cl-plus-ssl]
Undefined alien: "SSLv3_client_method"
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864363:
Package: docker.io
Version: 1.13.1~ds1-2
Severity: grave
Justification: renders package unusable
Dear Maintainer,
During a system upgrade, I got the following:
Setting up docker.io (1.13.1~ds1-2) ...
[] Starting Docker: dockerinvoke-rc.d: initscript docker, action "start"
failed.
dpkg: error
Processing commands for cont...@bugs.debian.org:
> affects 864363 pgloader
Bug #864363 {Done: Christoph Berg } [cl-plus-ssl]
Undefined alien: "SSLv3_client_method"
Added indication that 864363 affects pgloader
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
86436
Processing commands for cont...@bugs.debian.org:
> found 864366 0.3.1-2
Bug #864366 [src:libmwaw] CVE-2017-9433
Marked as found in versions libmwaw/0.3.1-2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
864366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=86
Hi,
If this bug is to be fixed in stretch, it will require a t-p-u upload.
The pending minor release blocking it in sid is not really suitable at
this late stage.
If you wish to fix it through t-p-u, please prepare a proposed diff and
open an unblock bug in the normal way.
Thanks,
--
Jonathan
Followup-For: Bug #864309
Control: tag -1 patch
For completeness, the diff of my NMU.
Andreas
diff -Nru pgloader-3.3.2+dfsg/debian/changelog pgloader-3.3.2+dfsg/debian/changelog
--- pgloader-3.3.2+dfsg/debian/changelog 2016-12-03 17:36:56.0 +0100
+++ pgloader-3.3.2+dfsg/debian/changelog
Processing control commands:
> tag -1 patch
Bug #864309 {Done: Andreas Beckmann } [pgloader] pgloader:
crashes on startup if libssl1.0.2 is not installed
Added tag(s) patch.
--
864309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864309
Debian Bug Tracking System
Contact ow...@bugs.debian.o
Processing control commands:
> tags -1 patch
Bug #864340 [src:mariadb-10.1] mariadb-10.1 FTBFS on mips64el on Loongson:
Installing system database killed with signal TERM after 150 minutes of
inactivity
Added tag(s) patch.
--
864340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864340
Debi
Control: tags -1 patch
Hi,
On 07/06/17 12:14, James Cowgill wrote:
> Control: block -1 by 843926
>
> On 07/06/17 09:29, Adrian Bunk wrote:
>> Source: mariadb-10.1
>> Version: 10.1.22-3
>> Severity: serious
>>
>> https://buildd.debian.org/status/logs.php?pkg=mariadb-10.1&arch=mips64el
>>
>> ...
>
Your message dated Wed, 07 Jun 2017 16:19:12 +
with message-id
and subject line Bug#864363: fixed in cl-plus-ssl 20160421-2
has caused the Debian Bug report #864363,
regarding Undefined alien: "SSLv3_client_method"
to be marked as done.
This means that you claim that the problem has been deal
Source: libmwaw
Severity: grave
Tags: security
Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
Cheers,
Moritz
Package: cl-plus-ssl
Version: 20160421-1
Severity: grave
Tags: pending
$ pgloader mssql://sa:pass@foobar.server.local/db
postgresql://postgres:pass@localhost:5432/db
2017-06-07T15:06:17.139000Z LOG Main logs in '/tmp/pgloader/pgloader.log'
2017-06-07T15:06:17.145000Z LOG Data errors in '/tmp/pglo
Hi,
On Wed, Jun 07, 2017 at 12:47:11PM +0200, Dimitri Fontaine wrote:
> Andreas Beckmann writes:
> > Preparing such an upload now, trying to make this (one of) the last
> > upload(s) still reaching stretch r0.
>
> Thanks a lot for taking care of that one!
Yeah, from me too!
Michael
Processing commands for cont...@bugs.debian.org:
> tags 843926 fixed-upstream
Bug #843926 [libjemalloc1] jemalloc uses a hard coded page size detected during
build
Added tag(s) fixed-upstream.
> forwarded 843926 https://github.com/jemalloc/jemalloc/issues/467
Bug #843926 [libjemalloc1] jemalloc u
Thanks Bert.
Adrian, all,
Please treat me as a newbie with respect to Debian package support, but I'd
like to help with this if I can. I don't currently have a Debian
development system (I only have Ubuntu 15.04 on a laptop for the moment),
and my time will be very limited for the next couple of
tags 843926 fixed-upstream
forwarded 843926 https://github.com/jemalloc/jemalloc/issues/467
tags 832931 - fixed-upstream
forwarded 832931 https://jira.mariadb.org/browse/MDEV-11877
thanks
Sorry, sent to the wrong bug number.
On 07/06/17 15:15, James Cowgill wrote:
> Control: forwarded -1 https://
Processing control commands:
> tag -1 patch
Bug #864161 {Done: Andreas Beckmann } [ceph-mon] ceph-mon:
missing Breaks+Replaces: ceph-common (<< 10)
Added tag(s) patch.
--
864161: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864161
Debian Bug Tracking System
Contact ow...@bugs.debian.org wit
Followup-For: Bug #864161
Control: tag -1 patch
Uploaded diff attached.
Andreas
diff -Nru ceph-10.2.5/debian/changelog ceph-10.2.5/debian/changelog
--- ceph-10.2.5/debian/changelog 2017-05-12 12:12:00.0 +0200
+++ ceph-10.2.5/debian/changelog 2017-06-06 09:08:30.0 +0200
@@ -1,3 +1
Processing control commands:
> forwarded -1 https://github.com/jemalloc/jemalloc/issues/467
Bug #832931 [src:mariadb-10.0] mariadb-10.0: FTBFS on powerpc
Changed Bug forwarded-to-address to
'https://github.com/jemalloc/jemalloc/issues/467' from
'https://jira.mariadb.org/browse/MDEV-11877'.
> tag
Control: forwarded -1 https://github.com/jemalloc/jemalloc/issues/467
Control: tags -1 fixed-upstream
On 10/11/16 18:37, Thadeu Lima de Souza Cascardo wrote:
> clone -1 -2
> reassign -2 libjemalloc1
> retitle -2 jemalloc uses a hard coded page size detected during build
> bye
>
>
> So, I traced
Your message dated Wed, 07 Jun 2017 14:00:15 +
with message-id
and subject line Bug#846548: fixed in libp11 0.4.4-2
has caused the Debian Bug report #846548,
regarding libengine-pkcs11-openssl: Can't load pkcs11 engine into openssl
to be marked as done.
This means that you claim that the prob
Hi Adrian,
On Wed, Jun 07, 2017 at 03:26:49PM +0300, Adrian Bunk wrote:
>
> > NMUs are in any case OK for any Debian Med package. I would have
> > uploaded as well if I would know the best solution. So please apply
> > what you consider best and upload as soon as possible. Alternatively
> > se
Your message dated Wed, 07 Jun 2017 12:33:37 +
with message-id
and subject line Bug#863929: fixed in falcon 1.8.6-1.1
has caused the Debian Bug report #863929,
regarding falcon: FTBFS: Test failures ("Task Node(0-rawreads/job_0001) failed
with exit-code=256")
to be marked as done.
This means
It's now through NEW. The next step would be an upload to sid, with
urgency=high, and an unblock request to the release.debian.org
pseudopackage.
Thanks,
Julien
On 06/06/2017 02:26 AM, Eric Dorland wrote:
> OK, apologies for the delay (and I know we're getting down to the
> wire). I just uploade
On Wed, Jun 07, 2017 at 01:02:02PM +0200, Andreas Tille wrote:
> Hi,
Hi Andreas,
> NMUs are in any case OK for any Debian Med package. I would have
> uploaded as well if I would know the best solution. So please apply
> what you consider best and upload as soon as possible. Alternatively
> sen
Hi all,
We are currently investiging a more general fix to these problems
with an update to the perl package. If this is successful, it will
probably be preferable to changing all of these packages (with potential
remaining unknown runtime issues and/or issues in user-supplied code,
even if this i
Control: tags -1 stretch
Due to #864340 this is also a problem on stretch release architectures.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Processing control commands:
> tags -1 stretch
Bug #843926 [libjemalloc1] jemalloc uses a hard coded page size detected during
build
Added tag(s) stretch.
--
843926: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843926
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing control commands:
> block -1 by 843926
Bug #864340 [src:mariadb-10.1] mariadb-10.1 FTBFS on mips64el on Loongson:
Installing system database killed with signal TERM after 150 minutes of
inactivity
864340 was not blocked by any bugs.
864340 was not blocking any bugs.
Added blocking bug
Control: block -1 by 843926
On 07/06/17 09:29, Adrian Bunk wrote:
> Source: mariadb-10.1
> Version: 10.1.22-3
> Severity: serious
>
> https://buildd.debian.org/status/logs.php?pkg=mariadb-10.1&arch=mips64el
>
> ...
> # Run testsuite
> cd builddir/mysql-test && ./mtr --force --testcase-timeout=30
Hi,
NMUs are in any case OK for any Debian Med package. I would have
uploaded as well if I would know the best solution. So please apply
what you consider best and upload as soon as possible. Alternatively
send a patch and I'll hurry up.
Thanks a lot
Andreas.
On Wed, Jun 07, 2017 at 11:
Andreas Beckmann writes:
> Preparing such an upload now, trying to make this (one of) the last
> upload(s) still reaching stretch r0.
Thanks a lot for taking care of that one!
--
dim
Your message dated Wed, 07 Jun 2017 10:49:24 +
with message-id
and subject line Bug#864309: fixed in pgloader 3.3.2+dfsg-1.1
has caused the Debian Bug report #864309,
regarding pgloader: crashes on startup if libssl1.0.2 is not installed
to be marked as done.
This means that you claim that th
Processing commands for cont...@bugs.debian.org:
> user selinux-de...@lists.alioth.debian.org
Setting user to selinux-de...@lists.alioth.debian.org (was bi...@debian.org).
> usertags 864221 + selinux
There were no usertags set.
Usertags are now: selinux.
> severity 864221 important
Bug #864221 [gn
On Tue, 6 Jun 2017 19:54:41 +0200 Michael Banck wrote:
> Maybe a band-aid for stretch would be to manually add the libssl1.0.2
> Depends?
Preparing such an upload now, trying to make this (one of) the last
upload(s) still reaching stretch r0.
dinstall deadline is in 2:55 hours ... :-)
Andreas
On Wed, 7 Jun 2017 12:28:41 +0300 Adrian Bunk wrote:
> > What about explicitly stating all 64bit architectures?
>
> Is it OK if I do an NMU to get this into stretch?
I would say: do it, don't ask. Time is running out. Just take care of
the fallout, and the ANAIS RM bug.
(I'm in no way involved
Your message dated Wed, 07 Jun 2017 09:49:10 +
with message-id
and subject line Bug#852962: fixed in ycmd 0+20161219+git486b809-2.1
has caused the Debian Bug report #852962,
regarding ycmd FTBFS on mipsel: test failures
to be marked as done.
This means that you claim that the problem has been
On Tue, Jun 06, 2017 at 08:28:42PM +0200, Michael Banck wrote:
> On Tue, Jun 06, 2017 at 07:54:41PM +0200, Michael Banck wrote:
> > If I install libssl1.0.2, it no longer crashes.
> [...]
> > Maybe a band-aid for stretch would be to manually add the libssl1.0.2
> > Depends?
>
> Probably still th
Your message dated Wed, 07 Jun 2017 09:34:10 +
with message-id
and subject line Bug#862576: fixed in squeak-vm 1:4.10.2.2614-4.1
has caused the Debian Bug report #862576,
regarding etoys: Doesn't get beyond Squeak security key generation
to be marked as done.
This means that you claim that th
On Tue, Jun 06, 2017 at 09:54:38AM +0200, Andreas Tille wrote:
> Hi Afif,
>
> On Tue, Jun 06, 2017 at 03:10:46AM -0400, Afif Elghraoui wrote:
> >
> > It actually does not even make sense to have this package available for
> > a 32-bit architecture since, for any actual use (de novo genome
> > ass
Source: mariadb-10.1
Version: 10.1.22-3
Severity: serious
https://buildd.debian.org/status/logs.php?pkg=mariadb-10.1&arch=mips64el
...
# Run testsuite
cd builddir/mysql-test && ./mtr --force --testcase-timeout=30
--suite-timeout=540 --retry=3 --parallel=4 --skip-test-list=unstable-tests ||
exi
Source: python-blessed
Version: 1.14.1-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
python-blessed's testsuite appears to use method timing/b
Hi Patrick,
On Wed, Jun 07, 2017 at 09:01:17AM +0200, Patrick Matthäi wrote:
> Am 06.06.2017 um 22:37 schrieb Moritz Muehlenhoff:
> > Package: otrs
> > Severity: grave
> > Tags: security
> >
> > Hi,
> > details are sparse on this one, could you get in touch with upstream to
> > isolate this to the
Processing commands for cont...@bugs.debian.org:
> found 864269 1:2.15-2
Bug #864269 [radvd] radvd: FTFBS in sid (but not in stretch)
Marked as found in versions radvd/1:2.15-2.
> retitle 864269 radvd FTBFS with linux-libc-dev 4.9.30-1
Bug #864269 [radvd] radvd: FTFBS in sid (but not in stretch)
C
Am 06.06.2017 um 22:37 schrieb Moritz Muehlenhoff:
> Package: otrs
> Severity: grave
> Tags: security
>
> Hi,
> details are sparse on this one, could you get in touch with upstream to
> isolate this to the change in question?
> https://www.otrs.com/security-advisory-2017-03-security-update-otrs-ver
65 matches
Mail list logo
