pen for stfl. I'm CC'ing this so if a person is
interested in adopting it can consider adopting spl as well. I have no
intentions of doing another upload for this.
Cheers,
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpQ8tsD_OtP4.pgp
Description: PGP signature
In the current git version of fetchmail, sslv3 is not negotiated by default,
unless a user explicitly requests to do so. As such I'm not sure how useful
this patch is as well.
Matthias, do you mind weighing in on this?
Thanks
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpm4RkxJdrGf.pgp
Description: PGP signature
ii python-tk 2.7.7-2
>
> fetchmailconf recommends no packages.
>
> fetchmailconf suggests no packages.
>
> -- no debconf information
>
> ___
> pkg-fetchmail-maint mailing list
> pkg-fetchmail-ma...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-fetchmail-maint
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpyIubufqoBa.pgp
Description: PGP signature
gt; Pleas include the patch to fix your package. Otherwise we can't remove ruby
> 1.8 from the
> archive.
Will include in the next upload.
Thanks!
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
=CVE-2013-1064
http://security-tracker.debian.org/tracker/CVE-2013-1064
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
Description: fix possible privilege escalation via policykit UID lookup race.
Author: Marc Deslaur
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
http://security-tracker.debian.org/tracker/CVE-2013-5745
https://bugzilla.gnome.org/show_bug.cgi?id=641811
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpm
-bin/cvename.cgi?name=CVE-2013-2014
http://security-tracker.debian.org/tracker/CVE-2013-2014
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpHdX9ExAZ3O.pgp
Description: PGP signature
ere are no reverse dependencies.
>
> I therefore suggest removing the package from testing due to it's bad shape.
FWIF, I'm fine with that. The stuff is easy to address, but I lost interest in
doing so.
Cheers
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
Feel free, otherwise I'll probably fix it next week. Sorry I'm traveling right
now...
Cheers
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpp97JFsRRNu.pgp
Description: PGP signature
your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
http://security-tracker.debian.org/tracker/CVE-2013-1762
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
me=CVE-2013-1775
http://security-tracker.debian.org/tracker/CVE-2013-1775
Please adjust the affected versions in the BTS as needed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgppbYwtzHCYJ.pgp
Description: PGP signature
Hi,
* Eric Dorland [2013-01-05 14:02]:
> * Thijs Kinkhorst (th...@debian.org) wrote:
> > On Fri, January 4, 2013 11:39, Thijs Kinkhorst wrote:
> > > On Thu, January 3, 2013 04:19, Christoph Anton Mitterer wrote:
> > >> This is a follow up for #697108 and CVE-2012-6085.
> > >
> > > Eric,
> > >
> >
=CVE-2012-5881
http://security-tracker.debian.org/tracker/CVE-2012-5881
http://yuilibrary.com/support/20121030-vulnerability/
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpJzKrqok0MR.pgp
Description: PGP signature
Package: suckless-tools
Version: 38-2
Severity: grave
Justification: user security hole
Hey,
this package has not updated any of the tools included since two years.
Please package newer tools, especially but most important slock.
The current version of slock has no indication whatsoever that a s
Hi,
* Stefan Lippers-Hollmann [2012-10-08 23:37]:
> On Monday 08 October 2012, Nico Golde wrote:
> > Package: wpa
> > Severity: grave
> > Tags: security patch
> >
> > Hi,
> > the following vulnerability was published for hostapd.
> >
> > CVE
6.10-2_0.6.10-2+squeeze1.patch
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445
http://security-tracker.debian.org/tracker/CVE-2012-4445
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgp8zwwyLtbOP.pgp
Description:
for reference.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpRv4UnZrSnD.pgp
Description: PGP signature
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://security-tracker.debian.org/tracker/CVE-2012-4405
Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpFiQERp8JtJ.pgp
Description: PGP signature
Package: freeradius
Severity: grave
Tags: security
Hi,
the following vulnerability was published for freeradius.
CVE-2012-3547[0]:
| PRE-CERT Security Advisory
| ==
|
| * Advisory: PRE-SA-2012-06
| * Released on: 10 September 2012
| * Affected product: FreeRADIUS 2.1.10 -
request to change this. Without going into detail
why I think that security should have priority here, why is gtk3 support even
an issue? Can you explain this a little further?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpGUt8PKITnO.pgp
Description: PGP signature
a point update for Squeeze 6.0.6.
>
> I had prepared an upload to fix this issue in stable.
>
> Are you OK with an upload to stable then?
Please notify the release team before.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security re
Hi,
* Julian Taylor [2012-05-02 21:17]:
> the patch for the code execution probably contains a regression
> I can't judge how severe it is or provide a testcase:
>
> /usr/share/gajim/src/notify.py:323
> command = gajim.config.get_per('notifications', str(advanced_notif_num),
> 'command')
debdiff
> changelog |8 +++
> patches/CVE-2012-1099.patch | 46
>
> patches/series |1
> 3 files changed, 55 insertions(+)
>
> debdiff, dsc and debian.tar.gz attached
Looks good. Please go ahead and upload this to se
CVE-2012-2095 has been assigned to this issue. Please mention this id when
uploading a fix.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3V5ltXwqMT.pgp
Description: PGP signature
a.org/show_bug.cgi?id=8821
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpt1urDOvq8y.pgp
Description: PGP signature
Hi,
* Gerrit Pape [2012-02-27 15:48]:
> On Fri, Feb 24, 2012 at 03:54:34PM +0100, Nico Golde wrote:
> > Source: dropbear
> > Severity: grave
> > Tags: security patch
> >
> > Hey,
> > below is a forwarded report describing a vulnerability in dropbear.
>
forwarded message -
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpmyvB9rRsPk.pgp
Description: PGP signature
Hi,
* Moritz Muehlenhoff [2012-02-14 18:11]:
> This has been assigned CVE-2011-0790:
Just to make sure there is no confusion, this should've been CVE-2012-0790.
Cheers
Nico
pgpsedVHOKbzT.pgp
Description: PGP signature
CVE-2012-0878 has been assigned to this issue.
Cheers
Nico
pgptN7h60BSxc.pgp
Description: PGP signature
-pastescriptserve
Upstream patch:
[4] https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4
- End forwarded message -
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1198
http://security-tracker.debian.org/tracker/CVE-2012-1198
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mai
=CVE-2011-5081
http://security-tracker.debian.org/tracker/CVE-2011-5081
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFnY08su1Lj.pgp
Description: PGP signature
Hi,
* Timo Juhani Lindfors [2012-02-23 00:01]:
> Nico Golde writes:
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for systemtap.
>
> Thanks but this was already reported as #660886, merging.
Thanks, I didn't see the other bug bef
.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://security-tracker.debian.org/tracker/CVE-2012-0841
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpsXzXVwN5X1.pgp
Description: PGP signature
retitle 660621 multiple cross-site scripting issues in fup script
thanks
For the sake of being complete... other parameters such as from and to are
also affected (http://www.openwall.com/lists/oss-security/2012/02/20/1).
Cheers
Nico
pgp4amlS9OsYf.pgp
Description: PGP signature
Package: fex
Severity: grave
Tags: security
Hi,
there is a new upstream release of F*x fixing a cross-site scripting issue via
the id parameter of the fup script.
http://fex.rus.uni-stuttgart.de/fex.html
There is no CVE id for this issue yet.
Kind regards
Nico
pgp6OfKDBCm6v.pgp
Description: P
dates", there's an implied "by talking to the release team"
> attached. We're generally not involved in such discussions until after
> the security team have decided they don't want to issue a DSA for a
> particular issue and someone raises it with us.
We will n
Package: python-virtualenv
Version: 1.4.9-3
Severity: grave
Tags: patch
Hi,
it was discovered that python-virtualenv is handling /tmp files in an insecure
manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
A CVE id for this issue has been
point. Will be fixed soon.
Thanks!
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEqXrrFMLsy.pgp
Description: PGP signature
Hi,
* Michael Tokarev [2011-10-05 20:44]:
> I'm Cc'ing the relevant bug# so others may see this information.
> Hopefully you wont object -- the bug is public for a long time.
No, not at all.
> On 05.10.2011 16:04, Nico Golde wrote:
> > * Nico Golde [2011-10-05 11:21
are not,
> you're absolutely screwed.
Alright makes sense. Thanks for taking the time to explain this!
The user-tag imho is not correct though in this case, but doesn't really
matter either.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For
point.
>
> Marking this as critical, and root sec hole, as it can easily be just this, if
> one trusts that certain rules are brought up.
Sorry if I misunderstand, but what exactly is the security hole (not to say
root) here? (Disclaimer: I don't know this software)
Kind regards
.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
http://security-tracker.debian.org/tracker/CVE-2011-1959
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpbXneUQkmtR.pgp
Description: PGP signature
CVE-2011-0867 CVE-2011-0869 CVE-2011-0865
Some of the issues seem to be windows specific.
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in
port, so on those, the build would fail.
>
> Fixes Debian Bug #622054
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054
Thanks for the patch, will upload a new fetchmail package probably tomorrow.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
and others from an end-user perspective?
The code doesn't look like it was written with security in mind and I guess
it's only a matter of time for new issues to popup for this lib.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reaso
.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097
http://security-tracker.debian.org/tracker/CVE-2011-1097
--
Nico Golde -
Hi,
* Sven Joachim [2011-03-07 17:53]:
> On 2011-03-07 17:35 +0100, Nico Golde wrote:
>
> > * Craig Small [2011-03-07 10:49]:
> >> On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
> >> > I'm not sure if the problem is in
((win) \
? ((win)->_attrs = NCURSES_CAST(attr_t, at), \
OK) \
: ERR)
So QWORD PTR [rdi+0x10] should correspond to win->_attrs meaning that in this
case
win would be null.
How can this be? It is definitely no newsbeuter bug and I'm not sure if it
is an stfl bug to be h
to this problem. Upstream received a
similar bug report today. Just by a quick glance I'm unsure if this is an
ncurses problem or not.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypte
prepare a stable update and go through debian-release? Both
> of these affect non-default configurations in Debian, although
> debian-edu is using the LDAP plugin in some cases.
Given the relatively low impact of the issues I think this is fine to be
handled via a point update.
Kind regard
after -2 migrated to squeeze.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpn6MJXYxwvv.pgp
Description: PGP signature
The fix package has been
> reviewed by Gunnar Wolf, who has kindly agreed to upload it pending
> approval.
[...]
This issue doesn't warrant a DSA. Could you please upload this to
stable-proposed-updates[0]?
Cheers
Nico
[0] http://www.debian.org/doc/developers-reference/pkg
Hi,
* Paul Wise [2010-11-09 07:10]:
> # Automatically generated email from bts, devscripts version 2.10.35lenny7
> tags 598389 + security
> severity 598389 serious
Pierre, can you ask for an unblock of this version so this fix can make it
into squeeze?
Thanks
Nico
--
Nico Gol
r way would be but right now that
is the one making the most sense to me.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpXhIDTvTyCK.pgp
Description: PGP signature
Hi,
* Jonathan Nieder [2010-09-07 13:12]:
> Nico Golde wrote:
>
> > I'm wondering what this was. I'm building in a clean chroot and to be
> > honest I
> > have no idea what went wrong. The umask in this chroot is 022.
>
> Hmm, odd. Do you unpack f
ask in this chroot is 022.
> I scheduled a binNMU. A quick fix is to upgrade to the version in
> proposed-updates when it's available there latest tomorrow evening.
Thanks!
Sorry for the inconvenience...
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
e fetchmail start could improve security of
> delivering (for ie : to enable a good antispam starting).
I don't quite understand this, where would you expect this delay to be
implemented?
So far I don't see the bug therefore downgrading the severity.
Kind regards
Nico
--
Nico G
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpMyRhVuNdQM.pgp
Description: PGP signature
ike
>
> [ -x /usr/bin/dh_numpy ] && dh_numpy
>
> so we could backport without hassle.
>
> What do you think?
Sounds good, replaced the version in DELAYED with attached debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
Fo
Hi,
I uploaded an NMU to DELAYED/2 to fix this bug. Please let me know if I should
delay it any further. debdiff attached.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff
Hi,
this package was already uploaded to DELAYED/2 but it was closing the wrong
bug so I canceled it and reupped the NMU. debdiff attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
I uploaded an NMU to fix this bug to DELAYED/2. Please let me know if I should
delay this any further. debdiff attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u
Hi,
can you provide the configuration that is causing this as
well as details on how to reproduce?
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi,
this bug has been marked as pending quite a while ago. What is the current
status of the upload?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRLkQI3JvBF.pgp
Description
Hi,
* Giacomo Catenazzi [2010-07-31 17:52]:
> On 07/31/2010 04:38 PM, Nico Golde wrote:
> >Package: ftp.debian.org
> >Severity: normal
> >
> >I hereby request the removal of lxr from the archive, it should not be
> >included in squeeze as well.
> >
>
;t have
an impact on many users.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWFwKyV3YIr.pgp
Description: PGP signature
(CVE-2010-1738) with this patch since
I believe this to be a duplicate of CVE-2010-1448. I checked back with mitre
on this one.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
I uploaded the attached debdiff to DELAYED/2, please let me know if you want
me to delay this further.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u cernlib-2006
Hi,
* Jan Hauke Rahm [2010-07-30 12:00]:
> On Sun, Jul 25, 2010 at 07:27:27PM +0200, Nico Golde wrote:
> > Hi,
> > I intent to upload a 0day NMU to fix this bug.
> > The debdiff is available at:
> > http://people.debian.org/~nion/nmu-diff/syscp-1.4.2.1-2_1.4.2.1-2.1.pa
Hi,
I intent to NMU this package to fix this security issue. I uploaded a fix to
DELAYED/2. Let me know if you need to delay this longer.
debdiff available at:
http://people.debian.org/~nion/nmu-diff/xemacs21-21.4.22-3_21.4.22-3.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
I will upload a fix for this to DELAYED/2. The patch for the NMU is attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nru ntfs-config-1.0.1/debian/changelog ntfs
Hi,
I uploaded the attached debdiff to DELAYED/2 to fix this RC bug.
The regeneration of the po files was unfortunately a side-effect of the build
process.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is
Hi,
I intent to upload a 0-day NMU to fix this bug.
Attached is the debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u codeville-0.8.0/debian/changelog codeville-0.8.0
way to go and I have to
agree with that. So it seems we require a bit more work to fix this bug :/
[0] https://www.redhat.com/archives/fedora-devel-list/2009-January/msg02248.html
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, al
Hi,
since nothing has happened with this bug anymore I am
uploading a 0day NMU now to fix it.
Patch attached but is pretty much the one from Jens.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
2010-0825
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2PYcZqyuvs.pgp
Description: PGP signature
Hi,
I hereby request the removal of camserv from the archive.
It's upstream is not active anymore, it's using an old v4l
API and tools like camstream look like a good replacement.
Please remove camserv.
Kind regards
Nico
signature.asc
Description: Digital signature
Hi,
I intent to upload a 0day NMU to fix this bug.
The debdiff is available at:
http://people.debian.org/~nion/nmu-diff/syscp-1.4.2.1-2_1.4.2.1-2.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double
me.cgi?name=CVE-2010-2195
http://security-tracker.debian.org/tracker/CVE-2010-2195
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2320
http://security-tracker.debian.org/tracker/CVE-2010-2320
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For s
the function to an invalid
pointer.
Nice catch by Julius! Patch looks fine for me even though patching it should be
not
too urgent, I don't see much space for code execution.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all t
Hi,
CVE-2010-2476 has been assigned to this issue. Please reference this id in the
changelog when fixing this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpScU5c7QFAQ.pgp
security-tracker.debian.org/tracker/CVE-2010-2304
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpQPN1BonlKW.pgp
Description: PGP signature
Hi,
nothing happens with this bug for quite some time now and looking at the
source code of this package it is very likely to include further security
issues, the source code is a mess. I will request a removal of this package
now.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
attached is a patch for CVE-2010-2092.
Cheers
Nico
--- graph.php 2009-06-28 18:07:11.0 +0200
+++ graph.php.new 2010-06-10 17:41:07.0 +0200
@@ -33,7 +33,7 @@
include_once("./include/top_graph_header.php");
/* = input validation = */
-input_vali
CVE-2010-1459
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp6nEppTbejT.pgp
Description: PGP signature
Hi,
I intent do upload a 0-day NMU to fix this vulnerability.
debdiff is at:
http://people.debian.org/~nion/nmu-diff/prewikka-1.0.0-1_1.0.0-1.1.patch
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lis
Hi,
any news on this bug?
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
the patch is
attached.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1619
http://security-tracker.debian.org/tracker/CVE-2010-1619
--
Nico Golde -
ws user
> access, bypassing credentials.
I haven't looked at xtrlock but this sounds like you are starting your
xsession with startx rather than exec startx and not like a bug in xtrlock.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
Hey,
* Thorsten Schifferdecker [2010-03-27 16:16]:
> Hi fenio,
>
> i've snipped the man page out from my deb .pkg at
> http://mentors.debian.net/debian/pool/main/s/skipfish/
>
> Hope this help to close this bug.
Awesome! Looks good. Please also pass this back to upstream
Package: skipfish
Version: 1.19b-1
Severity: serious
Tags: sid
Justification: Policy 12.1
Hey,
your package doesn't provide a manual page. Sorry to nitpick about this one
but to be honest this was one of the reasons I didn't package this myself,
as I had really no motivation to write one. But yeah
Package: hydrogen
Severity: serious
Version: 0.9.4-3
Hi,
I just wanted to try out hydrogen and it instantly results
in a segfault before I see anything of the GUI.
I run this on:
Linux pagefault 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64
GNU/Linux
I built a package with debug
Hey,
* Teodor MICU [2010-03-21 19:23]:
> On Sun, Mar 21, 2010 at 6:43 PM, Nico Golde wrote:
> > From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
> > elaborate why you think it's using /tmp/?
>
> It doesn't apper to be using that directory. T
le temporary file.
>
> The first solution seem to be the best as it avoids the complexity of working
> with non-predictable temporary files (create, find, update, close).
From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
elaborate why you think it's using /tm
Hi Alberto,
what is the status of this bug?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWeqhlTqLrq.pgp
Description: PGP signature
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: Digital signature
the system e.g. via an own account.
> > I???d appreciate if we could have some input from the kernel maintainers.
>
> Someone with access to the console have several attack vectors
> available.
True, but this one is trivial to exploit and is also fairly easy to prevent so
why s
s file? If yes, what does it contain? Can you
strace the process to see?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgphpR9uGTDBo.pgp
Description: PGP signature
Hi Ari,
are you working on an update? I'd NMU this bug otherwise,
the issue sucks for a lot of users.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
1 - 100 of 953 matches
Mail list logo
