tags 740898 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 21 Mar 2015 12:05:27 +0100.
The fix will be in the next upload.
=
Ignore Suckit false positive
retitle -1 debian/copyright for smartmontools is too restrictive
severity -1 wishlist
Il 14/02/2015 06:57, Mark H Weaver ha scritto:
> Every package must be accompanied by a verbatim copy of its
> copyright information and distribution license in the file
> /usr/share/doc//copyright.
>
> N
tags 766178 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Tue, 21 Oct 2014 13:28:29 +0200.
The fix will be in the next upload.
=
Correct maintscript syntax
tags 754684 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 18 Oct 2014 16:53:15 +0200.
The fix will be in the next upload.
=
Fix FTBFS on kfreebsd
Package: chromium
Version: 37.0.2062.120-3
Severity: grave
Hi,
debian/chromium.postinst line 12
Really you cannot remove /etc/default/chromium file without asking or warning
user...
You have to move in /etc/chromium-browser/default
This is what happens when you push huge commits and nobody c
Package: chromium
Version: 37.0.2062.120-3
Severity: grave
Hi,
debian/chromium.postinst line 12
Really you cannot remove /etc/default/chromium file without asking...
You have to move it in /etc/chromium-browser/default
This is what happens when you push huge commits and nobody can double
che
tags 757758 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 4 Oct 2014 19:28:19 +0200.
The fix will be in the next upload.
=
Fixed "sed without op
tags 761728 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 4 Oct 2014 19:11:13 +0200.
The fix will be in the next upload.
=
Depends on kmod | kldutils
tags 745646 unreproducible
notfound 745646 34.0.1847.116-2
severity 745646 normal
thanks
Il 2014-04-30 20:30 Jonathan Nieder ha scritto:
However Vincent is right that the CRLSets[1] are a different mechanism
than OCSP revocation checking and that CRLSet checking is enabled by
default.
Yes, t
On 30/04/2014 19:49, Vincent Lefevre wrote:
> Bug 745646 is a different bug, specifically about the CRLSet system,
> which is very broken.
What you write is not a bug, if you want to do revocation check you must
enable it in settings.
chromium --temp-profile
Go to settings and enable revocation
Hi,
On 30/04/2014 02:28, Vincent Lefevre wrote:
> No, Chromium developers tell users not to enable it, and consider
> it as an obsolete option that will be removed. Indeed, in case of
> real MITM attack, the attacker can block the OCSP server, in which
> case Chromium will silently consider the ce
Hi Thomas,
On 17/03/2014 08:34, Thomas Goirand wrote:
> I've been waiting for comments on my security upload for 5 months now.
> The issue was supposed to be embargoed (in fact, just waiting on
> Debian...). Please review the fixed packages!!! If you don't have time
> to review it, just accept tha
Hi,
commit 64b895bf23943f8c72a49216d24e36b128213167
Author: Giuseppe Iuculano
Date: Mon Oct 21 13:05:14 2013 +0200
Move chrome_sandbox to chrome-sandbox, chromium reads that file
Your -2 uploads didn't contain my -1 changes. Michael, please, please,
update your local git copy *b
tags 717567 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Thu, 5 Sep 2013 13:34:36 +0200.
The fix will be in the next upload.
=
Fix FTBFS[kfreebsd]
Closes
tags 706909 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 2 Jun 2013 10:08:14 +0200.
The fix will be in the next upload.
=
Use /var/lib/smartmontools
On 04/03/2013 16:39, Moritz Muehlenhoff wrote:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
Fix: https://code.google.com/p/v8/source/detail?r=13161
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836
Fix: https://code.google.com/p/v8/source/detail?r=12543
Cheers,
Gi
Hi Roland,
On 07/02/2013 22:58, Roland Stigge wrote:
> I prepared a security upload for stable (attached debdiff). Should I
> upload it to stable-security(security-master)?
Thanks for contacting us.
please upload to security-master (please make sure to include the
.orig.tar.gz in the upload, -sa
Hi Dominic,
On 04/02/2013 21:28, Dominic Hargreaves wrote:
> I had no replies about this, so I think it's time to bite the bullet
> and decide whether we should target this fix at
>
> - stable-security
> - stable
> - neither of the above.
>
> I think I'm leaning towards stable on the basis that
On 02/01/2013 12:15, David Prévot wrote:
> I've prepared an NMU for chromium-browser (versioned as
> 22.0.1229.94~r161065+dfsg-0.1) and
> uploaded it to DELAYED/2.
No, you haven't uploaded it to DELAYED/2.
signature.asc
Description: OpenPGP digital signature
Hi,
On 17/12/2012 18:21, Jonathan Wiltshire wrote:
> Security team: is it too late to get a CVE through you now that a public
> bug has been filed? And should a DSA be prepared, as I have not looked
> but can be fairly sure this will affect stable.
yes, if it is public, we cannot assign a CVE. yo
tags 677393 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 16 Jul 2012 14:30:09 +0200.
The fix will be in the next upload.
=
Really fix FTBFS on kfreebsd
tags 677393 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 16 Jul 2012 12:00:06 +0200.
The fix will be in the next upload.
=
Fixed FTBFS in kfreebsd
Hi Norbert!
On 07/02/2012 04:53 AM, Norbert Preining wrote:
> In short, everything that
> starts with
> chromium://
Did you mean chrome:// ?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
tags 676142 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Wed, 13 Jun 2012 16:29:49 +0200.
The fix will be in the next upload.
=
Fixed FTBFS on kfreebsd
tags 676636 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Tue, 12 Jun 2012 11:06:24 +0200.
The fix will be in the next upload.
=
Improved sqlite patch.
Thanks
tags 676636 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 11 Jun 2012 16:16:37 +0200.
The fix will be in the next upload.
=
Applied sqlite patch and fixed
On 02/06/2012 08:15, shawn wrote:
> I noticed this while trying to get this package to build on armel.
Could you patch debian/control and try to build on armel again please?
--- a/debian/control
+++ b/debian/control
@@ -64,7 +64,7 @@ Build-Depends: cdbs,
libxt-dev,
libxtst-dev,
tags 674081 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 28 May 2012 10:41:13 +0200.
The fix will be in the next upload.
=
Support serial UPS connection
tags 671994 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 19 May 2012 10:22:05 +0200.
The fix will be in the next upload.
=
Use gcc 4.6 for the moment
Package: maradns
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks. Due to an error in the cache update policy, which
does not properly handle revoked domain names, a remote
Package: imagemagick
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.
Please see:
http://seclists.org/oss-sec/2012/q1/685
https://bugzilla.redhat.com/show_bug.cgi?id=
tags 660159 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 19 Feb 2012 20:18:27 +0100.
The fix will be in the next upload.
=
Remove ardcoded dependency on
On 16/01/2012 09:43, Giuseppe Iuculano wrote:
> This is not for libv8, CVE description is wrong, this affects webkit:
> http://trac.webkit.org/changeset/93495
Or better, the issue is in the V8 binding source in webkit. We use that
code only in chromium, I will check if stable is affected.
tag 654534 patch
thanks
CVE-2011-3892
http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
CVE-2011-3893
this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
http://src.chromium.org/viewvc/chrome?view=rev&revision=10662
Dear Sergiusz,
it seems my reply to your private email didn't convince you, so replying
again on behalf of the Security Team.
> Dear Security Team,
>
> CVE-2008-4392 has "Candidate" status and is being reviewed for almost
> three years now, and still must accepted by the CVE Editorial
> Board[
On 12/10/2011 02:27 PM, gregor herrmann wrote:
> Dear maintainer,
>
> I've prepared an NMU for smbind (versioned as 0.4.7-5.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
Gregor, thanks for your NMU. Please upload to DELAYED/0
Cheers,
Giuseppe.
s
Package: libxml2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest chrome updates:
CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a de
Hi,
On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled
> DigiNotar "
> In chromium, for example, if you browse a DigiNotar-signed website and check
> the certificate chain you will see the Explicitly Disabled cert there
tags 639733 moreinfo unreproducible
thanks
Hi,
On 08/29/2011 08:43 PM, Laurens Blankers wrote:
> Upgrading from 3.0.5+dfsg-1 to 3.2.1+dfsg-1 causes plugin files to be written
> to
>
> /usr/share/tinymce
>
> which is partily symlinked from
>
> /usr/share/wordpress/wp-includes/js/tinymce/
>
tags 639126 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Wed, 24 Aug 2011 14:25:06 +0200.
The fix will be in the next upload.
=
Fixed the dummy chromium
In my case, reinstalling didn't fix the issue (Derbian testing i386)
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: curl
Version: 7.21.6-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please see http://curl.haxx.se/docs/adv_20110623.html
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4F07cACgkQNxpp46476aqlfwCeP8tSF
Hi Antoine,
thanks for the bug report.
On 05/12/2011 06:14 AM, Antoine Beaupré wrote:
> But the version in stable is a much more serious issue. I do not think
> there is the possbility of maintaining that branch all by ourselves
> here, and I would recommend either dropping the package from stabl
tags 564853 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 20 Mar 2011 11:11:40 +0100.
The fix will be in the next upload.
=
Fix FTBFS with gcc 4.5 , patch
> # [$1000] [74675] High Invalid memory access in v8. Credit to Christian
> Holler.
> http://code.google.com/p/v8/issues/detail?id=1146
> Patch: http://code.google.com/p/v8/source/detail?r=6773
This is CVE-2011-1286
>
> # [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to
Package: libv8
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
chromium 10.0.648.127 fixed the following security issues in libv8:
# [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1146
Hey Timo,
On 02/09/2011 04:42 PM, Timo Juhani Lindfors wrote:
> chrome/common/metrics_helpers.cc:22:20: error: prtime.h: No such file or
> directory
Have you installed libnspr4-dev?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi Timo,
On 01/30/2011 01:57 PM, Timo Juhani Lindfors wrote:
> the contents of src/v8 seems match what is in libv8. Would it be
> possible to avoid compiling src/v8 if chromium-browser is anyway using
> external libv8?
yes, the version in squeeze already compiles against libv8.
The next version i
Package: libvpx
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libvpx.
CVE-2010-4489[0]:
| Google Chrome before 8.0.552.215 does not properly handle WebM video,
| which allows remote
Package: phpmyadmin
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for phpmyadmin.
CVE-2010-4480[0]:
| error.php in PhpMyAdmin 3.3.8.1, and other versions before
| 3.4.0-beta1, allows r
Package: eucalyptus
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for eucalyptus.
CVE-2010-3905[0]:
| The password reset feature in the administrator interface for
| Eucalyptus 2.0.0 and
Package: moon
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for moon.
CVE-2010-4254[0]:
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is
| used, does not properly valid
Package: tomcat6
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tomcat6.
CVE-2010-4312[0]:
| The default configuration of Apache Tomcat 6.x does not include the
| HTTPOnly flag in a Se
Package: pam
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomas Mraz pointed out that pam_namespace PAM module executes external
namespace.init script with an environment settings inherited form the program
or service that has pam_namespace configured.
Ple
Package: libxml2
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libxml2.
CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote attacke
tags 607240 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 17 Dec 2010 10:59:01 +0100.
The fix will be in the next upload.
=
Use GPL-compliant lyrics in
tags 602732 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 6 Dec 2010 16:51:02 +0100.
The fix will be in the next upload.
=
Remove flv_player.swf from
On 11/07/2010 10:27 AM, Giuseppe Iuculano wrote:
> Patch: https://review.webmproject.org/#change,928
Please also apply the following regression patch:
http://review.webmproject.org/#change,1098
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: libvpx
Version: 0.9.1-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Christoph Diehl discovered a memory corruption in libvpx.
(see the chromium blog post[0],
[$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.)
Patch
fixed 602609 2.7.8.dfsg-1
thanks
It was fixed in 2.7.8
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
Package: libxml2
Version: 2.7.7.dfsg-4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
it was discovered that libxml2 does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.
Patch:
http://git.gnome.org/browse/libxml2/commi
On 09/23/2010 06:18 PM, Jérémy Lal wrote:
> Thank you Giuseppe,
> i'll fix this tonight.
You are welcome. Feel free to ping me if you need a sponsor.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: libv8
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libv8.
CVE-2010-3412[0]:
| Race condition in the console implementation in Google Chrome before
| 6.0.472.59 has uns
ad to
+overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
+Security team (Closes: #590296)
+
+ -- Giuseppe Iuculano Sun, 05 Sep 2010 15:33:19 +0200
+
wget (1.12-2) unstable; urgency=low
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
diff -Nru wget-1.12/d
tags 591195 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Wed, 1 Sep 2010 23:43:44 +0200.
The fix will be in the next upload.
=
Remove swfupload.swf from the
Package: zabbix
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zabbix.
CVE-2010-2790[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery
| function in frontend
Package: uzbl
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uzbl.
CVE-2010-2809[0]:
| The default configuration of the binding in Uzbl before
| 2010.08.05 does not properly
Package: lynx-cur
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lynx-cur.
CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
| WWW/Library/Implementatio
On 08/19/2010 04:29 PM, Bastian Blank wrote:
> Sorry, this is not acceptable. The patch
> - differes in comments,
> - used path,
> - removes autoconf parts without reason, autoreconf is called anyway, and
> - is incomplete.
Well, FWIW this is instead acceptable from a NMUer point of view, anyway
t
On 08/19/2010 03:27 PM, Mehdi Dogguy wrote:
> I'm sure "dcut cancel $changes_files" works :)
oh, it worked, thanks! :-)
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
On 08/19/2010 02:11 PM, Mehdi Dogguy wrote:
> Why two NMUs for a single patch? Can't you drop the first one, fix it and
> re-upload?
Because dcut rm --searchdirs lvm2* didn't work, now I'm trying with rm
DELAYED/1-day/libvm2*
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signatu
11:56:57.0 +0200
+++ lvm2-2.02.66/debian/changelog 2010-08-19 13:48:52.0 +0200
@@ -1,3 +1,10 @@
+lvm2 (2.02.66-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2010-2526: Also check permission on restart.
+
+ -- Giuseppe Iuculano Thu, 19 Aug 2010
On 08/19/2010 01:29 PM, Giuseppe Iuculano wrote:
> It is the same patch without the configure and Makefile stuff (upstream
> added --with-default-run-dir configure argument, I instead hardcoded it
> to /var/run/clvmd.sock ). I removed that part to avoid autoreconf
I just noted
On 08/19/2010 12:54 PM, Bastian Blank wrote:
> Please describe the changes you made. It even differs in the comments.
> This only shows the annoncement, the patch is in
> https://bugzilla.redhat.com/attachment.cgi?id=434982
It is the same patch without the configure and Makefile stuff (upstream
On 08/19/2010 12:26 PM, Bastian Blank wrote:
> Where does this patch come from? It is not included into the upstream
> source this way. As long as this is not known: NACK.
It comes from upstream, I used the essential part of the patch.
Please see:
https://www.redhat.com/archives/linux-lvm/2010-Ju
ation between lvm2 and clvmd
+(Closes: #591204)
+
+ -- Giuseppe Iuculano Thu, 19 Aug 2010 11:56:07 +0200
+
lvm2 (2.02.66-2) unstable; urgency=medium
* Make libdevmapper1.02.1 depend on dmsetup. libdevmapper needs new enough
diff -Nru lvm2-2.02.66/debian/patches/CVE-2010-2526.patch
On 07/11/2010 12:55 PM, Iustin Pop wrote:
> Giuseppe, you didn't answer my other question. Can you confirm the
> package builds fine and the java parts work with gcj?
Yes I can.
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
On 07/11/2010 12:27 PM, Julien Cristau wrote:
> Because there's no requirement anywhere that says arch:all packages need
> to be buildable on all architectures.
"The binary target must be all that is necessary for the user to build
the binary package(s) produced from this source package."
So I th
On 07/11/2010 11:45 AM, Julien Cristau wrote:
> On Sun, Jul 11, 2010 at 09:05:49 +0200, Giuseppe Iuculano wrote:
>
>> If you put openjdk-6 in b-d-i, protobuf can't be built on those archs
>> that hasn't openjdk-6, and imho this can be considered an FTBFS even if
>&g
On 07/11/2010 01:51 AM, Iustin Pop wrote:
> I'm not sure I understand what you mean. The jdk is *not* used during
> the binary build, except for unittests (if present). The jdk *is* used
> during the indep build, for the java part. What do you see here as an
> abuse?
>
Sorry, let me rephrase a bi
Hi Iustin,
On 07/10/2010 08:39 PM, Iustin Pop wrote:
> I was planning to revert the move of the openjdk-6 from b-d-i to b-d, as
> an alternative to depend on default-jdk. The move was done simply to
> have 'jar' available during the build time for a few optional unittests
> which need it.
I think
/debian/changelog 2010-07-10 19:35:10.0 +0200
@@ -1,3 +1,11 @@
+protobuf (2.3.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Build-depends on on default-jdk and set JAVA_HOME to
+/usr/lib/jvm/default-java (Closes: #587732)
+
+ -- Giuseppe Iuculano Sat, 10 Jul 20
> Since openjdk-6-jdk was available before on those arches, I hoped it
> will come back. Do you think it won't?
It wasn't available, protobuf was built in those archs because you had
openjdk-6-jdk in Build-Depends-Indep instead of Build-Depends
Cheers,
Giuseppe.
signature.asc
Description: Open
> Well, since the problem is somewhere in Quesoglc, I built a version of glc
> with
> debug symbols, to see where exactly the error is. And surprise, that version
> worked. The locally rebuilt package without debug symbols also works. Not sure
> what exactly is the problem, maybe libglc0 was built
Package: lxr
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lxr.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows remote attac
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lxr-cvs.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows remo
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ciao Giacomo,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lxr-cvs.
CVE-2010-1448[0]:
| Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR
| Cross Ref
On 06/25/2010 06:50 PM, Timo Juhani Lindfors wrote:
> Giuseppe Iuculano writes:
>> Could you try version 5.0.375.86~r49890-1 when it will be available in
>> armel please?
>
> Sure but the blx instructions in libv8 will still be a problem, right?
>
Yes, please open a b
Hi Timo,
On 06/25/2010 05:41 PM, Timo Juhani Lindfors wrote:
> version 5.0.375.70~r48679-2 seems to start on openmoko!
>
> I can use the menus but trying to load any page results in a dialog
> that shows an error message that can not be copy&pasted. It says
> something about "The following page(s
block 581265 by 583826
thanks
On 05/18/2010 10:21 PM, Moritz Muehlenhoff wrote:
> The situation has changed a bit: Chromium might still be part of Squeeze.
> Guiseppe is currently checking with upstream on the feasibility of a
> upstream support lifetime suitable for the lifetime of Squeeze.
>
>
On 06/06/2010 06:16 PM, Olivier Berger wrote:
> Thanks for caring.
>
> I've tried and fix the most obvious problems reported by lintian and
> update the changelog, and have re-uploaded an updated package to
> mentors. If you can upload it for me, many thanks in advance.
>
> Best regards,
I've ad
tags 581280 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 4 Jun 2010 13:05:09 +0200.
The fix will be in the next upload.
=
Remove *.moc.cpp files on clean
On 06/04/2010 12:44 PM, Olivier Berger wrote:
> Here :
> http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware
Please add the "Closes" entries for the security bugs and add the source
format (W: phpgroupware source: missing-debian-source-format).
Cheers.
Giuseppe.
Hi Christian,
On 06/04/2010 11:24 AM, christian bac wrote:
> -the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on
> mentors.
>
do you need a sponsor ?
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
Package: phpgroupware
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for phpgroupware.
CVE-2010-0403[0]:
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw)
| before 0
Package: phpgroupware
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for phpgroupware.
CVE-2010-0404[0]:
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before
| 0.9.16.016
Package: ghostscript
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.
CVE-2010-1628[0]:
| Ghostscript 8.64, 8.70, and possibly other versions allows
| context-dependent attack
Package: gnustep-base
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnustep-base.
CVE-2010-1457[0]:
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
| users to re
Package: gnustep-base
Version: 1.19.3-3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnustep-base.
CVE-2010-1620[0]:
| Integer overflow in the load_iface function in Tools/gdomap.c i
Package: mysql-dfsg-5.0
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.0.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files o
1 - 100 of 388 matches
Mail list logo
