Bug#956400: Processed: retitle 956400 to qpdf: FTBFS on multiple 32-bit architectures, needs libatomic

Oops, I fixed this, but I made a cut and paste error and "Closed" the wrong bug number in the changelog. I wlll clean it up tomorrow by removing the fixed version from the wrong bug and adding it to the right one. On Fri, Apr 10, 2020, at 1:39 PM, Debian Bug Tracking System wrote: > Processing c

Bug#804706: qpdf 5.2.0 breaks ABI

Package: qpdf Version: 5.2.0-1 Severity: grave Tags: upstream Justification: causes non-serious data loss qpdf 5.2.0 breaks ABI compatibility. I am releasing qpdf 6.0.0 and am uploading a new version of 5.2.0 that reverts the ABI change.

Bug#776719: Bug#776264: icu security upload

l go through. Thanks for taking care of it. I can do a quick review if desired, but I would only be reviewing mechanics, not correctness of the patches, as I haven't and won't have time to look into the details of the problems or their solutions. -- Jay Berkenbilt -- To UNSUBSC

Bug#741451: Bugfix

f it. Your good efforts made my job trivial. Thanks! I have also submitted an unblock request to the release team. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#741451: Bugfix

Jay Berkenbilt wrote: > Mathieu Malaterre wrote: > >> On Tue, Oct 28, 2014 at 7:13 PM, Tomasz Buchert >> wrote: >>> Hi, >>> I've worked on that bug today's evening and I found >>> a fairly simple fix. >> >> Thanks Toma

Bug#741451: Bugfix

ve done is to create an upstream bug report with this. If it's excepted, then I will mark this patch to include in my first post-Jessie upload. There's a chance upstream will issue a new version before then anyway, and we will want this fix to go in. Here's the upstream bug report: ht

Bug#759247: icu bug fixed...

The ICU bug that contributed to this was fixed in the most recent upload. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#758442: new upstream addresses non-free files

d a chance to do that yet. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#758442: [nip2] Non distibutable file: lena

aining a non-distributable file. I'll take care of this part after I have a replacement. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#758468: [nip2] Non free icc profile

ther he could get confirmation that it would be free to distribute. If the above looks okay from a copyright standpoint, it could be a replacement. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#735994: Bug#736035: Bug#735994: upgrading to serious: libtiff4-dev is being removed

l fix it all up shortly Yup, just replacing the build dependency with libtiff-dev was the original suggestion and what almost everyone did with their packages. We all have bad dreams sometimes. :-) -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#735994: Bug#736035: Bug#735994: upgrading to serious: libtiff4-dev is being removed

ant to keep a transitional package around, and removing it has always been part of the plan. I'm sorry that this is causing a hassle for you. I tried to organize this to minimize hassle and to provide loads of time for developers to make the switch. Let me know if I can be of any assista

Bug#735994: upgrading to serious: libtiff4-dev is being removed

the remaining 24 open bugs and see if others are like that as well. Thanks. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#746860: not really gcc 4.9-related...

Just for the record, I think the problem fixed here actually doesn't have anything to do with gcc 4.9. ICU was probably FTBFS for all versions. There was a time-based test that started failing between the last time we built and when the gcc 4.9 build was attempted. I didn't verify that the problem

Bug#746860: uploading fix momentarily

The version of ICU I'm about to upload builds and tests fine for me locally with the latest gcc-4.9 package from sid. Hopefully this solves the problem. There was a failing test case, and I found a fix for it from upstream. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#746860: acknowledging gcc-4.9 ftbfs

I'm acknowledging this bug and indicating my intention to work on it. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#743862: keep tiff3 out of testing

Package: tiff3 Severity: critical This is to keep tiff3 from getting back into testing -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#733070: NMU to fix xerces-c issue

15 18:01:12.0 -0500 +++ ./debian/changelog 2014-02-15 18:02:10.991563131 -0500 @@ -1,3 +1,10 @@ +anon-proxy (00.05.38+20081230-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Update xerces build dependency to libxerces-c-dev. (Closes: #733070) + + -- Jay Berkenbilt Sat, 15 Feb

Bug#733071: NMU coming

port Xerces C 3 (Closes: #733071) + + -- Jay Berkenbilt Sat, 15 Feb 2014 17:27:09 -0500 + clam (1.4.0-5.1) unstable; urgency=low * Non maintainer upload diff -Nru clam-1.4.0/debian/control clam-1.4.0/debian/control --- clam-1.4.0/debian/control 2011-05-16 19:58:16.0 -0400 +++ cl

Bug#714984: permission to do a vips upload to proposed-updates (bug 714984)

Resent previous message to correct address for debian-release -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#714984: permission to do a vips upload to proposed-updates (bug 714984)

rrent vips in jessie and sid are not affected by this problem, nor is the version in squeeze. This problem only affects the version in wheezy. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Bug#714984: It works :)

stable upload ? > > thanks much Yes, I'll prepare a stable upload. Thanks for taking this one all the way across the finish line. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#714984:

table is important -- clearly it is. I just have very limited time to work on this. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#726477: icu: CVE-2013-2924

time this weekend to catch up on my debian work including packaging ICU 52 and requesting a transition. I will make sure the fix is incorporated into ICU 52 or, if not, carry the patch forward. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a

Bug#725032: src:vips: FTBFS on armhf: internal compiler error

ou can remove your NMU from the delayed queue when you see my upload go through in a few minutes. I really appreciate your help on this. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#721590: closing in experimental

or the ftp team, the release team, or anyone else who disagrees with my arguments to reopen the bug. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#721590: [ftpmas...@ftp-master.debian.org: Comments regarding icu_4.8.1.1-13_amd64.changes]

Forwarding additional comments not included in bug report: -- Debian copyright needs update. IBM copyrights extend to 2011. This is not sufficient: > Additional Copyrights > = > > Some files are copyright

Bug#721590: icu: Package can't be rebuilt without resort to non-free source

or your work and for helping to keep Debian free. I will admit that this issue had completely escaped my notice in the past as well, apparently, as that of ICU's past maintainers. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#720827: dxpc: FTBFS: configure: error: lzo library required: you may need to use the --with-lzo-lib

ge failed to build on > amd64. I am not able to reproduce this. Are you sure this wasn't a transient problem on the autobuilder? -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#712840: CVE-2013-1961 in tiff3 - fix for stable?

Arne Wichmann wrote: > Hi! > > Is there any fix in stable for tiff3 planned? The tiff3 package does not include tiff2pdf, so the issue does not apply to tiff3. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubsc

Bug#715448: cups-filters: pdftopdf segfaults

Jay Berkenbilt wrote: >> I have been able to reproduce the problem locally. It doesn't look like >> the result of an ABI change. I have yet to determine for sure whether >> the problem is in libqpdf or whether it's in pdftopdf, but I'm assuming >> l

Bug#715448: cups-filters: pdftopdf segfaults

Jay Berkenbilt wrote: >>> That might be, but if that's the case, that's of the responsibility of >>> the libqpdf maintainer; if the ABI changed, it's a transition and >>> binNMUs should have been requested. >>> >>> Cheers, >>

Bug#715448: cups-filters: pdftopdf segfaults

Jay Berkenbilt wrote: > "Didier 'OdyX' Raboud" wrote: > >> Le mercredi, 10 juillet 2013 10.03:23, Till Kamppeter a écrit : >>> Could perhaps a no-change rebuild of cups-filters help? >> >> That might be, but if that's the case, that

Bug#715448: cups-filters: pdftopdf segfaults

ook into it as soon as possible and release a new version right away if I accidentally introduced an ABI change. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#712840: tiff3: multiple security issues

Jay Berkenbilt wrote: > Jay Berkenbilt wrote: > >> So basically, as far as I can tell, the only remaining actions to get us >> caught up are to apply CVE-2013-1961 to tiff in squeeze. I can prepare >> a security upload for that. > > Oops, I meant to say to apply

Bug#712840: tiff3: multiple security issues

Jay Berkenbilt wrote: > So basically, as far as I can tell, the only remaining actions to get us > caught up are to apply CVE-2013-1961 to tiff in squeeze. I can prepare > a security upload for that. Oops, I meant to say to apply the patch from tiff in squeeze to tiff3 in sid.

Bug#712840: tiff3: multiple security issues

t. None of the versions in Ubuntu are believed to be vulnerable, so I think we should be fine here. So basically, as far as I can tell, the only remaining actions to get us caught up are to apply CVE-2013-1961 to tiff in squeeze. I can prepare a security upload for that. -- Jay Berkenbilt

Bug#712840: tiff3: multiple security issues

of Red Hat or Ubuntu security teams' backporting of patches. What we really need to do is to get tiff3 out of the archive entirely, but I'm blocked by higher priority transitions. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#700067: proposed NMU to fix mtpfs bug

have to reboot (or do something less drastic I haven't figured out yet), though I don't think this has to do with mtpfs since mtp-detect also fails after one mount/umount cycle. -- Jay Berkenbilt diff -Nru mtpfs-1.1/debian/changelog mtpfs-1.1/debian/changelog --- mtpfs-1.1/debian/chang

Bug#702346: CVE-2013-0900 (ICU race condition)

I think I can grab Red Hat's fix to this from here. I will try to do this as soon as possible. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0900 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debia

Bug#702346: icu: CVE-2013-0900

Jay Berkenbilt wrote: >> They also send me links to the upstream fixes: >> http://bugs.icu-project.org/trac/changeset/32865 >> http://bugs.icu-project.org/trac/changeset/32908 > > I can prepare a new upload with these fixes and call it CVE-2013-0900. > There'

Bug#702346: icu: CVE-2013-0900

ack) which I will probably include in the same upload. Ordinarily I would not fix two issues in the same upload, particularly during a freeze, but the extreme simplicity of the second one makes me think this will be okay in this case. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs

Bug#699305: nip2: sRGB.icm is non-free

Jay Berkenbilt wrote: > Stuart Prescott wrote: > >> Package: nip2 >> Version: 7.28.4-1 >> Severity: serious >> Justification: DFSG3: must allow derived works >> >> Dear Maintainer, >> >> The file share/nip2/data/sRGB.icm is not licensed und

Bug#699305: nip2: sRGB.icm is non-free

t planning on taking any immediate action. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698745: dpkg breaks other packages during installation of a package

first took over this package, so I'm sure I'll be able to sort it out. I'll double check all the assumptions I made above in case I'm doing something different from what I think I'm doing. (I should probably run fsck on my brain just to be safe.) -- Jay Ber

Bug#694693: tiff: CVE-2012-5581

reassign 694693 libtiff4 3.9.6-9 thanks Moritz Muehlenhoff wrote: > On Thu, Nov 29, 2012 at 09:46:41AM -0500, Jay Berkenbilt wrote: >> Moritz Muehlenhoff wrote: >> >> > >> > Hi Jay, >> > another security issue was discovered by Red Hat's Huzaif

Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'

dded pkgconfig files, but this wouldn't impact anything using icu-config, and also the .pc files don't suffer from the problem mentioned in the original bug report. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "uns

Bug#694693: tiff: CVE-2012-5581

ps://bugzilla.redhat.com/show_bug.cgi?id=867235#c6 I'll look at it a little before blindly taking the diff. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#692345: tiff with CVE-2012-4564 fix ready for stable-security

I have an upload of tiff 3.9.4-5+squeeze7 build against squeeze ready to upload to stable-security. This includes a fix for CVE-2012-4564. I've attached the debdiff. Please let me know if I should proceed with the upload. Thanks. -- Jay Berkenbilt diff -Nru tiff-3.9.4/debian/changelog

Bug#692345: tiff: CVE-2012-4564 debdiff patch

Jay Berkenbilt wrote: > Adrian La Duca wrote: > >> Attaching debdiff patches for both squeeze and wheezy/experimental >> packages. > > I uploaded a fixed version to unstable and opened an unblock request > after verifying proper functionality. Although the pat

Bug#692345: tiff: CVE-2012-4564 debdiff patch

eing an NMU. (It's so hard to keep up with this stuff with two toddlers running around.) -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#692345: tiff: CVE-2012-4564 debdiff patch

Thanks all. I will definitely get these uploaded this weekend. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#692345: tiff: CVE-2012-4564

Adrian La Duca wrote: > Created quilt patch from the Red Hat Bugzilla patch (accepted) > submitted by Huzaifa S. Sidhpurwala > Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4564 Thank you for doing this. I will try to find time to do the upload this weekend. -- To UNSUBSCRIBE, em

Bug#688944: CVE-2012-4447

.0.2-4) have been uploaded to unstable with urgency high and unblocked by the release team, so those versions should appear in wheezy soon. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688944: tiff: CVE-2012-4447

Jay Berkenbilt wrote: > Jay Berkenbilt wrote: > >> Moritz Muehlenhoff wrote: >> >>> Package: tiff >>> Severity: grave >>> Tags: security >>> Justification: user security hole >>> >>> Another buffer overflow, please see

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Please disregard my email in response to this thread on CVE-2012-4777, which is the wrong number. I have fixed it to be 2012-4447 and have discussed it in an appropriate thread with the right subject, audience, and bug number. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org

Bug#688944: tiff: CVE-2012-4447

Jay Berkenbilt wrote: > Moritz Muehlenhoff wrote: > >> Package: tiff >> Severity: grave >> Tags: security >> Justification: user security hole >> >> Another buffer overflow, please see here for details: >> https://bugzilla.redhat.com/show_bug.

Bug#688944: tiff: CVE-2012-4447

.4-5+squeeze6) stable-security; urgency=high + + * Add fix for CVE-2012-4777, a buffer overrun. (Closes: #688944) + * CVE-2012-2088 was actually included in previous version but not listed +in the change log. + + -- Jay Berkenbilt Fri, 05 Oct 2012 16:54:07 -0400 + tiff (3.9.4-5+squeeze5) sta

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Jay Berkenbilt wrote: > Jay Berkenbilt wrote: > >> Lee Garrett wrote: >> >>> Hi Jay, >>> >>> thanks for going through the effort of checking up on all CVEs and >>> packaging it up. >>> >>> CVE-2012-2088 still affects 3.9.

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Jay Berkenbilt wrote: > Lee Garrett wrote: > >> Hi Jay, >> >> thanks for going through the effort of checking up on all CVEs and >> packaging it up. >> >> CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other >> vulnerability left is

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

I'll double check CVE-2012-2088 and see what I messed up on with that. I'll also take care of 2012-4447 for unstable and stable and will upload to unstable with urgency high and no other changes so it can go to testing. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

other aspect of the packages. I literally just replaced the patch files and the series file and updated the changelog. Please let me know whether I should do the upload or whether you will prepare a package for stable-security based on the attached patch. Thanks! -- Jay Berkenbilt diff -urN

Bug#682708: acknowledging psutils RC bug

I am acknowledging having seen this bug. I will get to it as soon as I can, but it might be a couple of weeks. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#682115: tiff: CVE-2012-3401 heap overflow in tiff2pdf

I'll still apply the patch to avoid confusion. I'll certainly apply the patch to the tiff package. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

n do it. I have a very full weekend coming up, but I am at least now aware of the issue. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#676012: xerces-c: FTBFS: src/CreateDOMDocument/CreateDOMDocument.o: could not read symbols: Bad value

ate chroot. Every > failed build was retried once to eliminate random failures. It's conceivable that this is because of icu-config. I don't have time to look at it this minute, but I'll try rebuilding with libicu-dev_4.8.1.1-8 and see if the problem goes away. -- Jay Berke

Bug#676046: dwdiff: FTBFS: Could not compile with Unicode support. Try configuring with --without-unicode.

I'm preparing a new upload of ICU now. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'

I'm preparing a new upload of ICU now. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#676046: dwdiff: FTBFS: Could not compile with Unicode support. Try configuring with --without-unicode.

ead? >> > Yes. Everything besides -licui18n -licuuc -licudata in there looks > wrong. This came in when I switched hardening from hardening-wrapper to dpkg-buildoptions and is probably related to odd things with icu's build system. I'll switch back to hardening-wrapper, w

Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'

t that icu-config passes all those build flags doesn't sound quite > right > though and may cause other packages to FTBFS. Jay, what do you think? Yes, this is a bug in ICU. I'll switch it back to using hardening-wrapper. This came in when I changed from that to dpkg-buildoptions. T

Bug#668087: libtiff4: libtiff crashes with corrupted images

Moritz Mühlenhoff wrote: > On Mon, Apr 09, 2012 at 08:18:35PM -0400, Jay Berkenbilt wrote: >> Mikulas Patocka wrote: >> >> > libtiff crashes on corrupted images when using electric fence memory >> > debugger. >> > >> > . . . >> >>

Bug#668087: libtiff4: libtiff crashes with corrupted images

E-2012-1173 to transition to testing. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654883: CVE-2011-4599

.1-3+lenny2/debian/changelog ./debian/changelog --- ../icu-3.8.1-3+lenny2/debian/changelog 2012-01-21 19:52:51.0 -0500 +++ ./debian/changelog 2012-01-21 19:56:44.763574027 -0500 @@ -1,3 +1,9 @@ +icu (3.8.1-3+lenny3) oldstable-security; urgency=high + + * Apply patch CVE-2011-4599 to address

Bug#642746: vips: FTBFS: E: dh_python2:145: extension for python2.7 is missing.

Thank you very much for your patch to this long-standing vips build bug. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653457: icu: ICU fails to build on armhf

a fix, I will of course incorporate it and prepare a new upload. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#630014: Replace dependencies on libmagick-dev and libmagick9-dev by libmagickcore-dev and/or libmagickwand-dev

magick transition. I'm uploading a fix this morning with urgency=high. Thanks for pointing out the problem. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#624287: CVE-2009-5022

00 -0400 +++ ./debian/changelog 2011-05-07 10:21:28.280277273 -0400 @@ -1,3 +1,9 @@ +tiff (3.9.4-5+squeeze2) stable-security; urgency=high + + * CVE-2009-5022: Buffer overflow in OJPEG support. (Closes: #624287) + + -- Jay Berkenbilt Sat, 07 May 2011 10:21:28 -0400 + tiff (3.9.4-5+squeeze1) stab

Bug#624287: CVE-2009-5022

Moritz Muehlenhoff wrote: > http://bugzilla.maptools.org/show_bug.cgi?id=1999 has been assigned > CVE-2009-5022. Actually, it doesn't apply to oldstable either. That code didn't exist before 3.9. So I'll prepare packages for stable-security only. -- To UNSUBSCRIBE, email to debian-bugs-rc-

Bug#624287: CVE-2009-5022

Moritz Muehlenhoff wrote: > http://bugzilla.maptools.org/show_bug.cgi?id=1999 has been assigned > CVE-2009-5022. This bug was already fixed in 3.9.5, so it only affects stable and oldstable. I'll update the found/fixed versions and prepare packages for stable and oldstable. -- Jay

Bug#619614: CVE-2011-1167

Moritz Muehlenhoff wrote: > Package: tiff > Severity: grave > Tags: security > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167 > for details. Sorry for the delay...working this issue now, and preparing packages for oldstable and stable as well. -- To UNSUBSCRIBE, email

Bug#600188: tiff: CVE-2010-3087

Disregard my previous response. Red Hat and SUSE have both taken the patch from the bugzilla issue that upstream rejected, so I will do so as well. Uploading momentarily. Jay Berkenbilt wrote: > Moritz Muehlenhoff wrote: > >> Package: tiff >> Severity: grave

Bug#600188: tiff: CVE-2010-3087

could just blindly accept the patch, but then I'm permanently deviating from upstream. Should I discuss with upstream? I could grab Red Hat's latest SRPM and see how long they've been using this patch, or I could dig through upstream's CVS repository and see what the status is ther

Bug#598296: upstream has acknowledged bug

Upstream has acknowledged and committed a fix to this problem and will be releasing a new version that includes the fix. Since this version of vips/nip2 is already not in squeeze, I'll wait until the new version comes out and re-upload. I can backport to squeeze if/when appropriate since that ve

Bug#598296: libvips-tools: CVE-2010-3364: insecure library loading

ey don't have a bug tracking system, and I didn't mail it to the list -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#590393: acknowledging ICU doc bug

Looking into it, it was the new doxygen. I used your patch as submitted and just changed my dependency on doxygen to be >= 1.7.1. Thanks for creating the patch and taking the trouble create the DEP-3 headers so I could just plop it in. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to deb

Bug#590393: acknowledging ICU doc bug

more deeply and will prepare a new upload. Worst case, I'll trade an RC FTBFS for a more minor bug of some files being omitted from the docs. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#589076: thanks for the ICU patch

Thanks for the quick investigation and patch. I'll re-upload ASAPsometime within the next 24 hours. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#581174: icu: FTBFS on kfreebsd-amd64: Bus error

I finally had a chance to finish looking at this problem. It's a buffer overflow in pkgdata. The pkgdata program is fast and loose with C strings. It copies stuff all over the place into buffers without checking lengths. Coincidentally, someone else just also found this and reported it upstrea

Bug#581174: icu: FTBFS on kfreebsd-amd64: Bus error

Cyril Brulebois wrote: > Jay Berkenbilt (17/05/2010): >> The logs seem to show that it is failing in the same place while >> running pkgdata. Where are you seeing that it breaks on a different >> file every time? > > As I said, when I reproduced it on asdfasdf. Oh

Bug#581174: icu: FTBFS on kfreebsd-amd64: Bus error

case, pkgdata is part of ICU itself, so I should be able to track this down. It won't be the first time a bug in pkgdata has caused build failures on some platform. I've verified that I can log into asdfasdf.debian.net, so I'll look at it when I get a chance, hopefully very so

Bug#569242: libtiff4-dev: please depend on libjpeg-dev, not libjpeg62-dev

Ignore my previous messagemy pbuilder update had failed and I still had the old libjpeg62-dev and libjpeg8-dev. I'll rebuild with an updated chroot that has your recently changed jpeg packages. Then I'll upload. Jay Berkenbilt wrote: > Bill Allombert wrote: > >> l

Bug#569242: libtiff4-dev: please depend on libjpeg-dev, not libjpeg62-dev

Bill Allombert wrote: > libtiff4-dev depends on libjpeg62-dev. Please change it to depends on > libjpeg-dev instead. Please also change the Build-Dependency to be on > libjpeg-dev and not libjpeg62-dev. I've done this, but doing so makes the package uninstallable at the moment without having to

Bug#568538: iceweasel 3.5.6-2 says "/usr/bin/firefox-bin: not found"

Mike Hommey wrote: > Can you run "sh -x iceweasel" and send the output here ? I'll debug this and get back to you. It's obvious what the script is trying to do, and I'm not sure why I'm seeing this: + readlink -f /usr/bin/iceweasel not found + dirname /usr/bin/iceweasel not found My /bin/sh i

Bug#568538: iceweasel 3.5.6-2 says "/usr/bin/firefox-bin: not found"

Package: iceweasel Version: 3.5.6-1 Justification: renders package unusable Severity: grave X-Debbugs-CC: q...@debian.org *** Please type your report below this line *** With 3.5.6-1, iceweasel works as expected. When I install iceweasel 3.5.6-2 and run iceweasel, I get the following: exec: 194

Bug#559877: preparing qpdf update

tags 559877 +pending thanks I'm preparing a new qpdf release that builds properly with gcc 4.4. I'll upload this evening if possible. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#549774: gtksheet patches

t this. Thanks for letting me know. As it happens, upstream has a test release out now, which I'm packaging for experimental. If all goes well, he should be doing a final release within a week or so, and this problem will go away. So I'll just wait for that. -- Jay Berkenbilt --

Bug#549774: update in a few weeks...

Upstream says that extracting a patch from their version control system would be very difficult as the changes are quite invasive. They anticipate a new release in two to three weeks. I will continue to monitor. --Jay -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#549774: update on status

Upstream has a solution to the problem in this RC bug. If upstream has not produced a new release by this weekend, I'll try to extract a patch from their version control. --Jay -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Conta

Bug#549774: nip2: FTBFS: gtkitementry.c:696: error: 'GtkEntry' has no member named 'n_bytes'

forwarded 549774 vip...@jiscmail.ac.uk thanks Jay Berkenbilt wrote: > Lucas Nussbaum wrote: > >> Source: nip2 >> Version: 7.18.2-1 >> Severity: serious >> User: debian...@lists.debian.org >> Usertags: qa-ftbfs-20091005 qa-ftbfs >> Justification: FTBFS

Bug#549774: nip2: FTBFS: gtkitementry.c:696: error: 'GtkEntry' has no member named 'n_bytes'

issue. This package's upstream is very responsive. He usually has a fix within a day. I'm not specifically familiar with gtk, but if he doesn't provide a solution within a few days, I'll dig into it myself and submit a patch. -- Jay Berkenbilt -- To UNSUBSCRIBE, email to deb

  1   2   >