Hi,
In the mean time, it's probably a good idea to drop
"application/x-sh;application/x-shellscript" from the list of supported
mime type to limit the risk. (I assume that even with "text/plain" and a
.sh file extension or a shebang, kitty might still decide to execute the
script... so the issu
Hi!
> A while has passed, and have now proposed the same change for bullseye
> as well, cf. #1031527.
Great!
There is no CVE assigned, if you feel strong about it, can you try to
get one allocated by MITRE via the cveform? I think we won't go trough
the needed workflow to assign a Debian speci
Hi,
Thanks for the patch!
This has been fixed in Debian testing and sid. However, stable is still
affected. I believe it would make sense to port the patch to stable and
allocate a CVE for this.
Regards,
Gabriel
As a workaround, you should be able to disable this feature (and have
the fix persist after a package update) with something like:
mkdir -p /usr/local/share/applications
cp /usr/share/applications/mono-runtime-*.desktop
/usr/local/share/applications
sed -i 's/^Exec=.*/Exec=false/'
/usr/local/s
Hi,
Any help needed for this?
Regards,
Gabriel
Package: lilypond
Version: 2.18.2-12
Severity: grave
Tags: security
Justification: user security hole
Hi,
lilypond-invoke-editor as shipped in Debian is still vulnerable to
shell command injection in URIs (CVE-2017-17523).
This is easily demonstrated by running this shell command using an
update
Hi,
> Source: sensible-utils
> Source-Version: 0.0.11
>
> We believe that the bug you reported is fixed in the latest version of
> sensible-utils, which is due to be installed in the Debian FTP archive.
I can't find the source of the new version yet so I can't review it
yet.
I think we need to
Package: sensible-utils
Version: 0.0.10
Severity: grave
Tags: security
Justification: user security hole
When the BROWSER environment variable is set, an invalid URI can be
used to inject arguments in sensible-browser.
Description
===
When BROWSER is set, sensible-browser calls the actu
Hi,
> + warning_ck=`echo ${stdouterr} |grep "^W\:"` || [ "$verbose" != "yes" ]
> || echo "no 'apt-get update' warning"
> + if [ "${warning_ck}" != "" ]; then
> + echo "WARNING: $stdouterr"
> + stdouterr=""
> + fi
AFAIU, if there is any warning, we clean stdout
I bisected the issue and found it was fixed by this commit:
44ce9372a29319c01d4ac7f24287fb36315e0e34 is the first bad commit
commit 44ce9372a29319c01d4ac7f24287fb36315e0e34
Author: Guillaume Bour
Date: Thu Dec 11 14:07:21 2014 +0100
[fix] grok is not working anymore with PCRE >= 8.34 becau
Package: grok
Version: 1.20110708.1-4
Severity: grave
Justification: renders package unusable
Dear maintainer,
I tried to use the grok examples packaged with grok:
$ grok -f /usr/share/doc/grok/examples/number-predicate2.grok
Failure compiling pattern '%{NUMBER > 20}': group name must start wit
Hello,
Same problem here when trying to compile LLVM/clang:
> .eh_frame_hdr refers to overlapping FDEs.
It seems to be a bug in binutils[1].
I updated to binutils 2.24.51.20140918-1 today at 11:05:02:
before this the compilation was working correctly.
[1] https://bugs.launchpad.net/ubuntu/+sou
Hello,
Same problem here when trying to compile LLVM/clang:
> .eh_frame_hdr refers to overlapping FDEs.
It seems to be a bug in binutils[1].
I updated to binutils 2.24.51.20140918-1 today at 11:05:02:
before this the compilation was working correctly.
[1] https://bugs.launchpad.net/ubuntu/+sou
13 matches
Mail list logo
