Looks like this is caused by texlive-base (2018.20190122-1), reverting to
texlive-base (2018.20181214-1) fixes the FTBFS.
Package: libcaca
Version: 0.99.beta19-2
Severity: serious
Justification: fails to build from source (but built successfully in the past)
See:
http://debomatic-amd64.debian.net/distribution#unstable/libcaca/0.99.beta19-2/buildlog
We're hitting the same issue in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1675698
"follow symlinks = no" is required to reproduce it.
Package: tar
Version: 1.28-2
Followup-For: Bug #803012
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu xenial ubuntu-patch
*** /tmp/tmp70_1Po/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/use-sort-in-t-dir-tests.diff: upstream patch
Package: openslp-dfsg
Version: 1.2.1-10
Followup-For: Bug #795429
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu wily ubuntu-patch
*** /tmp/tmpHzlE84/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via double free
Package: hplip
Version: 3.13.11-1
Followup-For: Bug #731480
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
-- Package-specific info:
*** /tmp/tmp2P2w3P/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* debian/non-shipped-files.t
Package: libcommons-fileupload-java
Version: 1.3-2
Followup-For: Bug #726601
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
*** /tmp/tmpA8shKI/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: arbitrary file overw
Thank you Emmanuel!
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On 13-11-07 04:05 PM, Emmanuel Bourg wrote:
> The tests are ignored in maven-javadoc-plugin (maven.test.skip is set to
> true in debian/maven.properties), so adding this dependency will make no
> difference. Do you have a log of the build failure?
>
Here is the build log we were getting:
https:/
Package: maven-javadoc-plugin
Version: 2.9.1-1
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
*** /tmp/tmpvJaNhd/bug_body
In Ubuntu, the attached patch w
Here's what I did...not sure if it's the best way to fix it though:
--- libxcb-1.8.1.orig/tests/Makefile.am
+++ libxcb-1.8.1/tests/Makefile.am
@@ -12,9 +12,6 @@
check_PROGRAMS = check_all
check_all_SOURCES = check_all.c check_suites.h check_public.c
-all-local::
- $(RM) CheckLog*.xml
-
Michael,
On 12-11-29 10:12 AM, Michael Sweet wrote:
>> So, your alternate fix doesn't actually solve the problem as I can still
>> do something like:
>>
>> PageLog /var/log/cups/../../../etc/shadow
>
> Adding a check for "../" in the path will catch that, easy fix...
>
>> Also, there are a lot o
On 12-11-29 05:30 AM, Didier 'OdyX' Raboud wrote:
> B) Disable any remote configuration by lpadmin users
>
> This has been attempted by Marc on [1]. For now, it is incomplete as it still
> allows lpadmin users to HTTP PUT updates to the configuration files.
>
> Pros: + Addresses the problem in a
On 12-11-27 11:38 PM, Michael Sweet wrote:
> After looking at this patch in detail, it doesn't actually prevent users in
> the lpadmin group from modifying cupsd.conf and performing the specified
> privilege escalation.
>
> An alternate fix for cups-1.5 and earlier that specifically addresses th
On 12-11-27 03:51 PM, Didier 'OdyX' Raboud wrote:
> Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit :
>> FYI, as a security fix for our stable releases in Ubuntu, we plan on
>> disabling cupsd.conf modification in the web interface entirely.
>> Attache
FYI, as a security fix for our stable releases in Ubuntu, we plan on
disabling cupsd.conf modification in the web interface entirely.
Attached is the patch we plan on using.
Marc.
Description: fix privilege escalation by disabling config file editing via
the web interface
Author: Marc
Package: tiff
Version: 4.0.2-4
Followup-For: Bug #692345
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu raring ubuntu-patch
*** /tmp/tmpm0_BMg/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service and possible code exec
On Sat, 2012-07-21 at 20:57 -0400, Jay Berkenbilt wrote:
> Marc Deslauriers wrote:
>
> > *** /tmp/tmpgGHwFf/bug_body
> > In Ubuntu, the attached patch was applied to achieve the following:
> >
> > * SECURITY UPDATE: possible arbitrary code execution via hea
Package: net-snmp
Version: 5.4.3~dfsg-2.4
Followup-For: Bug #672492
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
*** /tmp/tmp7KXNLG/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via SNMP GE
Package: libzip
Version: 0.10-1
Followup-For: Bug #664990
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
*** /tmp/tmpvDE7OS/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: arbitrary code execution or information
Package: libmodplug
Version: 1:0.8.8.2-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmpNcrGvL
In Ubuntu, the attached patch was applied to fix the security issue:
* SECURITY UPDATE: multiple security issues in ABC loa
Package: gupnp-ui
Version: 0.1.1-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmp8b36Ny
In Ubuntu, the attached patch was applied to fix the FTBFS:
* configure, configure.ac: add libgupnp libraries to LIBS in
ord
Package: ghostscript
Version: 8.63.dfsg.1-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
*** /tmp/tmpQ4x52y
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: arbitrary code execution via u
Package: samba
Version: 2:3.4.0-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpUnTGqJ
In Ubuntu, we've applied the attached patch in our current releases:
* SECURITY UPDATE: privilege escalation via mount.cifs race
On Sat, 2009-10-31 at 09:12 +0100, Reinhard Tartler wrote:
> One problem, it breaks build. Therefore, I had to backport svn r18016
> aka 'MOV-Support-stz2-Compact-Sample-Size-Box' to fix FTBFS. without
> this patch, libavformat/mov.c won't compile, as field_size is introduced
> with this commit. Wh
On Thu, 2009-10-15 at 13:03 +0200, Reinhard Tartler wrote:
> of chromium patches and managed to locate most patches in ffmpeg trunk
>
> Patches that I couldn't find upstream include:
>
> 09_mov_stsz_int_oflow.patch
> 32_mov_stream_index.patch
> 35_mov_bad_timings.patch
> 40_ogg_missing_header.
Package: mimetex
Version: 1.50-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
*** /tmp/tmpXGbr7m
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: arbitrary code execution via long picture,
Included is a patch that moves the previous fix to a location before the
settings get applied.
Marc.
diff -Naur backuppc-3.1.0.ori/lib/BackupPC/CGI/EditConfig.pm backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm
--- backuppc-3.1.0.ori/lib/BackupPC/CGI/EditConfig.pm 2009-10-05 08:04:01.0 -040
The patch included in 3.1.0-7 doesn't actually fix the problem. Normal
users can still set the ClientNameAlias by adding something like
"&override_ClientNameAlias=1&v_zZ_ClientNameAlias=" to their POST.
Marc.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subje
The SUSE update simply contains the patch from:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205#17
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Here are the patches Ubuntu used:
http://patches.ubuntu.com/by-release/extracted/intrepid-security/p/poppler/0.8.7-1ubuntu0.2/64_security_jbig2.patch
http://patches.ubuntu.com/by-release/extracted/hardy-security/p/poppler/0.6.4-1ubuntu3.2/104_security_jbig2.patch
http://patches.ubuntu.com/by-relea
Here is the upstream commit:
http://git.gnome.org/cgit/pango/commit/?id=4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
The CVE-2008-6123 security issue was introduced in the following commit:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=16654
So, the issue was introduced in 5.2.5, 5.3.2 and 5.4.2.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "
33 matches
Mail list logo
