Source: odoo
Version: 18.0.0+dfsg-2
Severity: serious
Tags: security
Odoo S.A. does not share detailed information about existing security
issues, in particular targeted patches and exploit information, to
reduce the likelihood of 0-days in the wild.
This prevents the Security Team from performin
Package: mlbstreamer
Version: 0.0.11.dev0+git20190330-1
Severity: grave
Tags: upstream
With a valid account, the stack-trace produced looks like:
[play:32 ] [ ERROR] Uncaught exception
Traceback (most recent call last):
File "/bin/mlbplay", line 11, in
load_entry_poi
Package: odoo-14
Version: 14.0.0+dfsg.4-1
Severity: grave
odoo 14.x is not compatible with pypdf2 2.x, and the server cannot be
started:
ModuleNotFoundError: No module named 'PyPDF2.utils'
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'st
Package: zstd
Version: 1.4.8+dfsg-1
Severity: grave
Tags: security
X-Debbugs-Cc: t...@security.debian.org
The recently applied patch still creates the file with the default
umask[0], before chmod'ing down to 0600, so an attacker could still open
it in the meantime.
Cheers,
--
Seb
[0] https://g
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/507f68c68b45d0655c9cabe8ba0c
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/fe182af851b260ef1e531c344124
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/2282a8a62426d0b73b34e400eaaf
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/e572196491474d98f2f096a87133
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/3ee184426a42438f4ef0eef1bf52
Control: tag -1 pending
Hello,
Bug #977063 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/-/commit/e630761490ad060575779d8a62a2
Source: odoo
Version: 14.0.0+dfsg-1
Severity: serious
Here's the corresponding lintian excerpt:
W: odoo: privacy-breach-generic
usr/lib/python3/dist-packages/odoo/addons/digest/data/digest_data.xml [https://www.odoo.com/digest/static/src/img/google_play.png"; />]
(https://www.odoo.com/digest/st
close 950068 0.3.0.dev15-1
thanks
Package: mlbstreamer
Version: 0.0.10-3
Severity: grave
Tags: upstream pending
mlb.tv changed their authentication method for the 2019 season, and
0.0.10 can't handle it, resulting in a crash upon starting up.
Version 0.0.11.dev0, available on github, fixes this problem.
-- System Information:
De
Control: tag -1 pending
Hello,
Bug #912106 in elastalert reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
https://salsa.debian.org/debian/elastalert/commit/ac70b544cbf8e1231101a053b64b2
Package: mlbviewer
Version: 2017.05.11.1-2
Severity: grave
mlbviewer no longer works, starting in 2018[0]. A new implementation is
in the works[1], with corresponding instructions[2]. It will be packaged
later, but in the meantime I've filed #894422 to remove mlbviewer from
unstable.
[0] http://s
tag 593884 + patch
thanks
Direct link to the patch fixing this issue:
http://customer.march-hare.com/webtools/bugzilla/ttshow_bug.cgi?id=5871&tt=1
Cheers,
--Seb
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas.
Source: krb5
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for krb5.
CVE-2010-1321[0]:
| Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
| to crash due to a null pointer dereference in the GSS-API library.
|
| This
Source: texlive-bin
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for texlive-bin:
CVE-2010-0829[0]:
| Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
| teTeX, allow remote attackers to cause a denial of service
| (ap
The aforementioned exploit does not yield a shell when run against
0.8.0, but it does crash the daemon:
~ # gdb -q
(gdb) att 17168
Attaching to process 17168
Reading symbols from /usr/bin/opendchub...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libperl.so.5.10...(no
On Mar/29, Thomas Koch wrote:
> Sorry for reopening this bug, but I needed some minutes to find out, why
> jruby
> is in non-free. So I suggest this bug should remain open as a reference for
> others.
>
> I need jruby as a runtime dependency for hbase and it'd be a pitty if I'd
> need
> to mo
tag 557143 + confirmed
reassign 557143 fuse
retitle 557143 fuse should use a symbols file
severity 557143 serious
thanks
Hi,
fuse using 'dh_makeshlibs -s -V "libfuse2 (>= 2.6)"' in tis debian/rules
files, and not having a symbols file, is causing problems for packages
depending on it: for instanc
reassign 527977 jruby1.2
thanks
On Oct/12, Martin Michlmayr wrote:
> jruby1.1 has been removed now. Can this bug be closed now or does it
> also apply to jruby1.3 (and should be reassigned)?
it unfortunately also applies to the both jruby1.2 and jruby (1.3, for
which I moved away from the "one s
retitle 549027 Cannot install with emacs-snapshot in lenny
tag 549027 wontfix
severity 549027 normal
thanks
Hi,
emacs-snapshot is not an official debian package, so there is not much I
can do about that: unless you disagree, I will simply close this bug.
Cheers,
--Seb
On Sep/30, Abrahán Fernán
Hi,
I just submitted a bug against destar on berlios.de. Here's the summary:
Summary:
Security problems (CVE-2008-6538 and CVE-2008-6539)
Original Submission:
destar 0.2.2 is vulnerable to both CVE-2008-6538 and CVE-2008-6538:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-653
fixing
> > it, so my vote is to request its removal.
> > Thanks for all of your work on the Debian side of things--it's been a
> > pleasure.
> I agree with Waseem and vote for it's removal.
> Thanks for your efforts.
>
> Stas
>
> > Thanks,
>
On Aug/10, Ben Finney wrote:
> The documentation for ‘org-mode’ is distributed under a non-free
> license [0], according to ‘debian/copyright’:
>
>org-mode's documentation:
>=
>Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation
>
>org-mode'
On Jul/15, Lucas Nussbaum wrote:
> >* Proper build-depend on "openjdk-6-jdk, java6-sdk" (Closes: #534071).
>
> I haven't looked at the source you uploaded, but what you need is:
> openjdk-6-jdk | java-6-jdk
ok, now I'm getting confused: in your previous email you said sbuild
didn't support OR
found 527872 3.3.1-1
thanks
I'm still seeing this problem on sid, using 3.3.1-1: /etc/init.d/dbus
restart kills awesome.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
tag 527977 confirmed
thanks
On May/09, Peter Collingbourne wrote:
> Package: jruby1.1
> Version: 1.1.6-2
> Severity: serious
> Justification: Policy 2.2.1
>
>
> This package includes the following files:
>
> /usr/lib/jruby1.1/lib/bsf.jar
> /usr/lib/jruby1.1/lib/jruby.jar
> /usr/lib/jruby1.1/lib
angelog ./debian/changelog
--- ../convirt-0.8.2.bak/debian/changelog 2008-09-10 15:45:35.0
-0700
+++ ./debian/changelog 2008-09-10 16:16:35.00000 -0700
@@ -1,3 +1,11 @@
+convirt (0.8.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Put all the required temporary file
cdrw-taper depends on the obsoleted mkisofs and cdrecrod, and that
constitutes a lintian error, preventing my from NMUing it.
I changed it to use genisoimage and wodim instead.
Cheers,
--Seb
On Wed, Sep 10, 2008 at 09:10:27AM -0700, Sebastien Delafond wrote:
> On Wed, Sep 10, 2008 at 10
+ * Use File:Temp to generate a temporary file (Closes: #496380).
+ * Use either . or /usr/share/cdrw-taper to find taperlib.pm
+(Closes: #497743).
+
+ -- Sebastien Delafond <[EMAIL PROTECTED]> Wed, 03 Sep 2008 16:32:21 -0700
+
cdrw-taper (0.4-2) unstable; urgency=low
* QA upload.
+cdrw-taper (0.4-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Use File:Temp to generate a temporary file (Closes: #496380).
+ * Use either . or /usr/share/cdrw-taper to find taperlib.pm
+(Closes: #497743).
+
+ -- Sebastien Delafond <[EMAIL PROTECTED]> Wed, 03 Sep 2008 16
tag 496380 + patch
tag 497743 + patch
thanks
The attached debdiff fixes both #497743 and #496380. I will NMU it on
Friday 9/5 unless someone sees a problem with that patch.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL P
Missed one instance of hardcode tempfile.
Cheers,
--Seb
--- ../audiolink-0.05.bak/code/audiolink 2008-09-03 14:53:29.0 -0700
+++ code/audiolink 2008-09-03 15:18:10.0 -0700
@@ -28,6 +28,7 @@
use DBI;
use Getopt::Long;
use Pod::Usage;
+use File::Temp qw/ tempfile /;
# Options
bug 496433 + patch
thanks
Attached patch should take care of it; I will be uploading a 0.05-1.1
based on it to DELAYED/7 at the end of the week, if Amit hasn't done
it by then.
Cheers,
--Seb
--- ../audiolink-0.05.bak/code/audiolink 2008-09-03 14:53:29.0 -0700
+++ code/audiolink 2008-09-0
tag 494140 - moreinfo
thanks
didn't mean to set moreinfo on this one at all...
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
y JDK), and remove azureus-gcj altogether (Closes: #495514).
+ * Add a lintian override to signify that java and ant are indeed needed
+as Build-Depends-Indep even though we do not build any arch-dependent
+binary packages.
+ * In /usr/bin/azureus, enforce use of the JRE specifi
) unstable; urgency=low
+
+ * Tentative NMU.
+ * Depends: on the JRE associated to the JDK used for building, and not
+on the JDK itself, which is silly.
+
+ -- Sebastien Delafond <[EMAIL PROTECTED]> Mon, 18 Aug 2008 17:53:35 -0700
+
+azureus (3.1.1.0-3.0) unstable; urgency=low
+
+ * Tent
Build-Depends-Indep even though we do not build any arch-dependent
+binary packages.
+
+ -- Sebastien Delafond <[EMAIL PROTECTED]> Mon, 18 Aug 2008 16:45:49 -0700
+
azureus (3.1.1.0-3) unstable; urgency=medium
* Remove the four non-latin characters in DateParserRegex.java.
only
severity 472300 normal
tag 472300 pending
retitle 472300 zonecheck-supplied locale.rb shadowed by liblocale-ruby1.8's
thanks
The problem is actually the presence of liblocale-ruby1.8: it provides
a 'locale' ruby module that shadows zonecheck's one.
I'll write a quick patch to work around that.
C
severity 459948 normal
tag 459948 + moreinfo unreproducible
thanks
I can't reproduce this here. I was able to mount both a gmailfs that
I've used before, and a brand new one (by passing a new fsname).
Could you investigate some more, maybe by trying to send/receive at
least one mail using your ne
On Fri, Nov 16, 2007 at 09:02:55AM +0100, Cyril Brulebois wrote:
> > Justification: FTBFS
>
> Care to elaborate?
>
> > Need to build-depend on libtool.
>
> Builds fine without.
Well I guess it doesn't, in the end:
Closes: 451450
Changes:
libnfnetlink (0.0.30-2) unstable; urgency=low
Package: libnfnetlink
Version: 0.0.25-1
Severity: serious
Justification: FTBFS
Need to build-depend on libtool.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-686 (SMP w
) from articles
> (files). This is documented in the man page. See:
>
> [EMAIL PROTECTED]:~$ mount.wikipediafs wfs/
> [EMAIL PROTECTED]:~$ cat wfs/mblondel.org/Test.mw
> [...]
>
> Cheers,
> Mathieu
>
> Sebastien Delafond wrote:
>> tag 442925 + confirmed
>> sev
Best regards.
>
>
>
> 2007/9/16, Debian Bug Tracking System <[EMAIL PROTECTED]>:
> > This is an automatic notification regarding your Bug report
> > which was filed against the lanmap package:
> >
> > #438733: lanmap: /usr/share/lanmap//tmp.lanmap on Re
tag 438733 - confirmed
thanks
Removing "confirmed" tag, and closing bug: lanmap is designed to
run as root, since it needs raw access to the network interface, as
illustrated below:
~ # sudo chmod 777 /usr/share/lanmap
~ # lanmap -vvv -o /tmp
verbosity level 3
using interfaces...
report
tag 438733 + confirmed
thanks
Will look into that when I get a moment: just got back from vacation
:)
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tag 426923 + pending upstream
thanks
New gmailfs version from upstream, comptaible with the newer
python-fuse, to be available soon.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tag 428983 + upstream
severity 428983 normal
thanks
not a "depends" anymore, setting severity back to normal.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
severity normal
tag + upstream
thanks
Setting severity to normal, as this most definitely doesn't render the
package unusable.
Cheers,
--Seb
On Tue, Jan 02, 2007 at 02:33:45PM +0100, Alexandre Passant wrote:
> Package: python-libgmail
> Version: 0.1.5.1-1
> Severity: grave
> Justification: rend
tag 383052 + confirmed upstream
thanks
Hi dear libgmail maintainers,
I can reproduce this one too, have you heard about it at all ? :)
Sorry for the very short mail, I'm on vacation with only dialup access
right now...
Cheers,
--Seb
On Mon, Aug 14, 2006 at 08:45:34PM +0200, Jakub Wilk wrote:
reassign 375126 python-libgmail
thanks
On Fri, Jun 23, 2006 at 10:28:59AM -0500, Tim Kelley wrote:
> Package: gmailfs
> Version: 0.4-1
> Severity: grave
> Justification: renders package unusable
>
>
> gmail and fuse and friends install just finei; fuse modules loads with
> no complaint. However,
tag 361047 + unreproducible moreinfo
severity 361047 normal
thanks
Works fine here:
~ # python /usr/share/doc/python-libgmail/examples/sendmsg.py [EMAIL
PROTECTED] [EMAIL PROTECTED] foo bar
Please wait, logging in...
Log in successful.
Message sent `foo` successfully.
Done.
Looking
reassign 361057 graphviz
merge 361057 359622
thanks
See Bug #359622 for graphviz.
--Seb
On Thu, Apr 06, 2006 at 07:06:21PM +1000, Glenn wrote:
> Package: lanmap
> Version: 0.1+svn20060227-3
> Severity: grave
> Justification: renders package unusable
>
> as stated in heading, also on installing
tag 359622 + unreproducible moreinfo
severity 359622 normal
thanks
lanmap works fine here (same version), so how about you run it with -v
or -vv maybe ? In the meantime, I'll ask the upstream author if this
rings any bell for him...
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Please install and python-fuse 2.5-1.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sun, Feb 05, 2006 at 01:46:38AM +0100, Nicolas Chauvat wrote:
> Package: python-fuse
> Version: 2.4-1
> Severity: grave
> Justification: renders package unusable
>
>
> Importing fuse used to work but broke with my last upgrade. I suspect
> recompiling the package
> would be enough as I think
Package: gmailfs
Version: 0.6-2
Severity: grave
Justification: renders package unusable
When trying to mount a gmailfs volume, I get:
12/05/05 15:00:54 ERROR OpenSSLProxy is missing. Can't use HTTPS proxy!
12/05/05 15:00:54 INFO Starting gmailfs in child process (PID 7646)
12/05
tag 340971 + moreinfo unreproducible
severity 340971 normal
thanks
On Sun, Nov 27, 2005 at 03:10:21PM +0100, Sam Hocevar (Debian packages) wrote:
>/usr/bin/zonecheck uses /usr/bin/ruby but I have /usr/bin/ruby2, so
> it either misses a dependency or needs to update its #! line.
>
> -- System
The problem described in bug #309259 actually stems from 2 things:
1) Gmail changed their message encoding. Quoting upstream, "The
fixQuotedPrintable() function fixed this problem".
2) Quoting Richard again "whenever and old file was changed the
old file which was now in the trash was being
; Distribution: unstable
> > Urgency: high
> > Maintainer: Sebastien Delafond <[EMAIL PROTECTED]>
> > Changed-By: Sebastien Delafond <[EMAIL PROTECTED]>
> > Description:
> > python-libgmail - Python bindings to access Gmail accounts
> > Clos
Here is the confirmation that 0.4 only fixes this RC bug...
--Seb
On Mon, May 16, 2005 at 02:29:53PM +1000, Richard Jones wrote:
> > With gmailfs 0.4, everything works fine, so I'm in the process of
> > backporting all your changes to 0.3-9 in Debian. Can you tell me if
> > you fixed *anything* e
Here is what gmailfs upstream author, Richard Jones, has to say about
fixes in 0.4:
On Mon, May 16, 2005 at 05:43:52AM +1000, Richard Jones wrote:
> For me, GmailFS appeared to work with just the MI_* fix, but then
> when you unmounted and remounted it had trouble retrieving the files
> previously
Package: gmailfs
Version: 0.3-9
Severity: grave
Justification: renders package unusable
As of May 2005, no new files can be created on gmailfs mounts. Any
attempt to save a file results in the following error:
Traceback (most recent call last):
File "/usr/share/gmailfs/gmailfs.py", line 31
Package: python-libgmail
Version: 0.0.8+cvs20050208-1
Severity: grave
Tags: upstream patch
Justification: renders package unusable
The following patch is needed as of May 2005 (increment the constants
from MI_AUTHOREMAIL to MI_PHISHWARNING incremented by 1. So MI_SUBJECT
should become 15 and MI_A
Hrm, of course the patch should be:
--- old/httplink.py 2004-05-31 11:52:43.0 -0700
+++ new/httplink.py 2005-01-18 17:52:24.0 -0800
@@ -60,11 +60,7 @@
(username, passwd, realhost, port) = parse_host(host)
-h = httplib.HTTP()
-if port:
- h.connect(realhost,
tag 286017 + patch
thx
I tested with both python2.2 and python2.3, and I believe the
following patch fixes this problem:
--- old/httplink.py 2004-05-31 11:52:43.0 -0700
+++ new/httplink.py 2005-01-18 17:52:24.0 -0800
@@ -60,11 +60,7 @@
(username, passwd, realhost, p
68 matches
Mail list logo
