Bug#611661: Bundled plugins using Xinha allow malicious file uploads

On 13-May-12 21:25, Moritz Mühlenhoff wrote: > On Sun, May 13, 2012 at 06:04:03PM +0100, Steve McIntyre wrote: >> On Tue, Mar 08, 2011 at 10:37:13PM +0100, Moritz Muehlenhoff wrote: >> Looking at other bugs and security tracker issues in serendipity, I'd >> be tempted to remove it from Debian anywa

Bug#595594: (no subject)

tags 595594 +pending thanks Ok, our own database functions now exit even more gracefully on failure. The previous fix (586759) seemed to address a similar issue but only when dbconfig itself was failing, not the DB behind. Greets, JM For reference, here's the link to the full discussion about

Bug#564556: [pkg-lighttpd] Bug#564556: Bug#564556: lighttpd still unusable by default

On 30-Aug-10 18:51, Olaf van der Spek wrote: > If you want, that your new build gets uploaded to Debian by a sponsor, you >> have to build and check your package+changes+diff and after that upload the >> whole to any space with the .dsc etc. > A sponsor should not be necessary, as Lighttpd has thr

Bug#586759: fails to install

Technically, the failure is trigged by the "set -e" of the maintainer script, since dbc_go fails. This is by no means a failure of the phpbb3 package, only a consequence of the failure of dbconfig-common. As far as debconf is concerned, people use "db_go || true" -- I have seen no such call for d

Bug#542695: cannot use crypto loop aes

Package: loop-aes-modules-2.6.26-2-686 Version: 2.6.26+3.2c-6+lenny1 Severity: grave Justification: renders package unusable # aptitude install loop-aes-modules-2.6.26-2-686 # modprobe loop-aes # lsmod | grep loop loop 55372 0 # dmesg | tail -3 [ 4457.015307] loop: module loade

Bug#541294: specter: Vanilla install segfaults

Package: specter Version: 1.4-2+b1 Severity: grave Justification: renders package unusable strace start-stop-daemon --start --quiet --exec /usr/sbin/specter -- -d --uid specter --gid specter open("/etc/specter.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=3119, ...}) = 0 mm

Bug#479621: (no subject)

The following change, courtesy of the Ubuntu cacti-0.8.6i package, fixes the problem: /usr/share/cacti/include/config.php, line 86: change: if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER ["SCRIPT_FILENAME"], $_SERVER["PHP_SELF"] { to: if (!((is_file($_SERVER["S