Can't reproduce. Is this still valid finding with current versions? Any more
information available?
--
Henri Salo
On Sun, Nov 15, 2020 at 10:19:08AM +0100, Andreas Ronnquist wrote:
> There is talk about a new upstream release, so I am holding packaging a
> new git snapshot a while, waiting for upstream.
Thank you :)
What is the upstream issue ID?
--
Henri Salo
Reported this separately to upstream https://sourceforge.net/p/jocr/bugs/38/
--
Henri Salo
Also consider adding following commit when fixing these.
https://github.com/cacalabs/libcaca/commit/813baea7a7bc28986e474541dd1080898fac14d7
--
Henri Salo
Attaching reproducer file from reporter.
881133-poc
Description: Binary data
Has this issue been reported to upstream?
--
Henri Salo
elog entry.
For further information see:
https://security-tracker.debian.org/tracker/CVE-2017-16933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933
https://github.com/Icinga/icinga2/issues/5793
Please adjust the affected versions in the BTS as needed.
--
Henri Salo
signature
in escalation of privileges.
Two problems:
- Cross-site scripting vulnerability with "writer" role
- Missing HttpOnly flag
--
Henri Salo
signature.asc
Description: PGP signature
an uncompress failure, which
allows remote attackers to cause a denial of service (NULL pointer dereference
and application crash) because of extractDefinitions in lib/readers/swf.c and
fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
--
Henri Salo
signature.asc
Description: PGP
/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
--
Henri Salo
and consider
providing the patches to upstream, thanks.
--
Henri Salo
This is fixed in 1.15 release.
I attached a patch made by Peter Selinger.
--
Henri Salo
diff -u -Naur potrace-1.14-orig/src/bitmap_io.c potrace-1.14/src/bitmap_io.c
--- potrace-1.14-orig/src/bitmap_io.c 2017-02-19 00:39:08.0 -0400
+++ potrace-1.14/src/bitmap_io.c 2017-08-02 14:59:50.703002306 -0300
@@ -689,11 +689,11
Upstream bug report: https://sourceforge.net/p/potrace/bugs/22/
--
Henri Salo
ough.
> Next point updates are quite some time afar, so let's wait a bit until
> those new ones have been investigated further.
Tcpdump is planning to publish new release soon, which fixes security issues.
--
Henri Salo
This has now been fixed in upstream.
--
Henri Salo
Shouldn't this be closed AFTER the fix is available? Especially since this is a
security issue.
--
Henri Salo
Package: libxml2
Version: 2.9.4+dfsg1-2.2
Severity: important
Tags: security, upstream
https://bugzilla.gnome.org/show_bug.cgi?id=778519
http://www.openwall.com/lists/oss-security/2016/11/05/3
--
Henri Salo
/anonymous/9fbe5ccbe8e18659bec11ac963fd07a3
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJYbP5hAAoJECet96ROqnV0rmIP/j0HpcNDEpNJTeR+JN75jC90
quuTqH98Neibb3WZEHHHksFVbKohmDm/KVQ1E7AWe6+zZ4FfEoPOsBkhoK2Swfv0
VTB7NVKFhlqmPwnVaB3l/6fc58mtyy6ljPcd/KIr1n3DCRbHgo13QmsgHBFSoqMs
just the affected versions in the BTS as needed.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJYK+6MAAoJECet96ROqnV0ArsP/3SLmKhsiPGu1gKBvr44t8Fn
65ZyBPjqqhTnxGUvwFO4Yb6XqXPy8iYdQ0WBknCx9E2B2ydnX/3MliCnNWvKe5rc
SXpK549ULqyS31GuYqzubi+h8tNrKwtZuaLSSp1
/show_bug.cgi?id=2544#c4
--
Henri Salo
fingerprint in the examples, thank you. Could you also
notify upstream if they are using the same example or alternatively ask me to do
it.
Additional details about the issue can be found from here:
http://security.stackexchange.com/questions/74009/what-is-an-openpgp-key-id-collision
- --
Henri
/76401e172ea3a55182be2b8e2aca4d07270f6da6
Related CVE request: http://www.openwall.com/lists/oss-security/2016/08/02/6
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJXo/eaAAoJECet96ROqnV0u9QQANLAzG9TZtzzJ5PLCtr4ZeGZ
4HgWCG/QyZ050w3ytvmffRprsZIW05WrsAq9bOHqWE5pZEC9jBWNWs4bIlQtnD5n
Package: pyew
Version: 2.0-3
Severity: normal
https://lintian.debian.org/maintainer/en...@debian.org.html#pyew
Please update homepage from http://code.google.com/p/pyew to
https://github.com/joxeankoret/pyew thank you.
--
Henri Salo
Please make sure this is fixed before packaging:
http://www.openwall.com/lists/oss-security/2016/07/11/1
aking changes to Debian source
package. Feel free to contact me or Debian security team in case you have any
questions.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJXgmFSAAoJECet96ROqnV0xIMP/12NuYUO3NSqPkAk3C/35go5
aTItQmBr5DqG0a/wS/R5vR0FwyLbJ8FGh36hjXHCC
make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
https://support.zabbix.com/browse/ZBX-10741
http://seclists.org/bugtraq/2016/May/11
Please adjust the affected versions in the BTS as needed.
--
Henri Salo
No replies from upstream. Can we get this patched in Debian packages? Not sure
what is the status of upstream at the moment.
--
Henri Salo
ions in the BTS as needed.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIbBAEBAgAGBQJWbSElAAoJECet96ROqnV0Qc8P9RRgUu3nA1U50qDiHkWBQu2d
t/AzoalX8bQe+6iNM6hJpwr4+0ipvhIzwVEBdtsImfzMGsEeoIh6xiswNjIovLKS
DUxTv2mnMDFbx5HAHXc8wKYsNRwaTeW1/kZHLZRczrydZJlPvW+J3WVh2Iri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: cacti
Version: 0.8.8f+ds1-2
Severity: important
Tags: security
The following vulnerability was published for Cacti. CVE identifier
CVE-2015-8369 was assigned for this isssue.
http://bugs.cacti.net/view.php?id=2646
- --
Henri Salo
://www.openwall.com/lists/oss-security/2015/10/25/3
Fix:
http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJWLn2SAAoJECet96ROqnV0Na0QAMltt4Ou89+Y1MygWLoME4or
TJTdvBlUmZhkZAKup6ZbnrdRsF/sUZZB62F
/10/21/4
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWKSTaAAoJECet96ROqnV0sVgQANaMEz84St56AgwKRyiEh2U1
v8B8yaoIyGJA5H0mAbQV6lfVk48ueh0TFNFx4sanBTuR+tD++ibZSREnyG3xfzSf
U0aqqFGzQONAMMVbsIEzrd0hz+rwZKwchZbjMmjsiPLyexVTK+FDddC+5BsZBhEI
This was fixed in 0.7.6-1 already, which was tested. Possibly even earlier.
--
Henri Salo
ot all maintainers follow/update security-tracker so I made assumption.
> I would appreciate more testing, of course. That is why I decided to
> ping this bug instead of closing it.
Great. I can help later this week. We can also communicate in IRC if you are in
OFTC IRC-network?
--
Henri Salo (fgeek)
SSL/TLS support is important then it should be clearly pointed out at least in
the man page.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWJ49lAAoJECet96ROqnV0nWQQAI5Jobp+aeKcm3IWt2j4PFMU
7vuz6saI0vzpFfWFeBPW2oF622wyeUf4uwpiKGEDZzMcSSCSLp3IoGDDv9Qte4W
/sigxcpu_zip.bin (unzip -p
- -P x sigsegv.zip).
Announcement: http://www.openwall.com/lists/oss-security/2015/09/07/4
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWIrSbAAoJECet96ROqnV06ZcQAMOlKFF2J7P5Zo9/Yi41Zbsp
beaW07xTB9xZehsuIbadGJBcRKfN5GLyeL
/sigxcpu_zip.bin
Announcement: http://www.openwall.com/lists/oss-security/2015/09/07/4
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWIrI3AAoJECet96ROqnV0zY8P/2VJEDLAnX60/vGlGBDW9o0D
PcwNE2DQrbq677AWejDeZJRpZ2xZmdK92YOFnkgNQsFWGDuJN/T8lKLurRb2vuJ0
f input so this seems to
be minor issue. Please correct me if I am wrong. I am submitting this bug so
that we can track the issue and make changes if needed.
1: http://seclists.org/bugtraq/2015/Oct/71
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12
/pipermail/secure-testing-team/
Could you submit a bug to issue tracker about one issue at the time without
aggressive tone?
--
Henri Salo
locking a post
from being edited, discovered by Mohamed A. Baset.
For more information please see:
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
http://openwall.com/lists/oss-security/2015/08/04/5
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version
CVE-2015-3935 is fixed in Dolibarr 3.7.1 release, which includes
f32215a9fc3abfa69c34d4cf65a044b60ff8e93a patch.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
if this is up-to-date:
https://people.debian.org/~mika/forensics/maintainer.html
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
as the development codebase has
been there for some time already:
UnDBX development source code may be cloned from its public Git repository at
https://code.google.com/p/undbx/issues/detail?id=11
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
On Thu, May 14, 2015 at 05:12:14AM +0200, Tristan Seligmann wrote:
Are you still working on packaging this, or should I take over this bug?
Please do takeover. I can help to test the package, close bugs and maintain it.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
have any questions or requests. I can start my
initial tests when the package hits unstable.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Mon, Apr 27, 2015 at 04:34:38PM +0200, Ricardo Mones wrote:
How is this ITP progressing? Have you found some showstopper for packaging?
Haven't progressed at all, but I'll start working on this next week. I have IRL
friend who is willing to help me with my ITP cases so I'll think there
detailed
analysis of the issue. If there is no security issue in PHP with the poc we can
close this bug.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
=f938112c495b0d26572435c0be73ac0bfe642ecd
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJVN11hAAoJECet96ROqnV0NFwP/1WyM6/jYhMkuyyjIDuGJLR6
5agci0HcM64R5It7Dvoy7HPtP431Qg5XvtJBn2P5YRq9Kgh1g0T7NeA4jbQIQEQs
lj/zO4zfBSnhCvkCbsqhLDYDASx1M2esXgfXy4EDejBPvVMSPtSr3GjVt9Ptufty
/GgA3FRf
to approve this change profoundly?
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJU/ybkAAoJECet96ROqnV0HHQP/3IhaFze9gfiK2fTKFlCF6Uu
H8S0/kTLTvVUs9TsCbbCrYFIjh1yvwedD10VPts6VSxvTgrUgtcvZoYV7hyA37hS
Cb6yP5pawPKymx3QHAOZ/XsH6bkHrhskOHS8HwIp0I4waG/9WrgQb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: mongodb
Version: 1:2.4.10-4
Severity: important
Tags: security, fixed-upstream, upstream
Please see for more details:
https://jira.mongodb.org/browse/SERVER-17264
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU
= constructXRef(NULL))) {
1317errCode = errDamaged;
1318 }
1319 break;
1320}
1321
--
Henri Salo
afl-poppler-sample-001.pdf
Description: Adobe PDF document
signature.asc
Description: Digital signature
v.push_back(string(tmpbuf));
123 return v;
124 }
125
--
Henri Salo
signature.asc
Description: Digital signature
02 02 - ?? don't know ?? constant
935
936 */
937
938 }
--
Henri Salo
signature.asc
Description: Digital signature
if ((num == 0) || (den == 0)) return *this;
41 unsigned long d = Euclid(num, den);
42 return tiffRATIONAL(num/d, den/d);
43 }
44
--
Henri Salo
signature.asc
Description: Digital signature
File attached.
--
Henri Salo
, 0x7fffea58}, data
= {prev = 0x0, cleanup = 0x0, canceltype = 5495952}}}
not_first_call = optimized out
#8 0x00403289 in _start ()
No symbol table info available.
--
Henri Salo
:JPEG_APP0 0xffe0 length 16, - (not dumped: use -A)
@0x013=19 :/JPEG_APP0
@0x014=20 :JPEG_APP12 0xffec length 67, FAILED to read
character at offset 24 (EOF)
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
==22115==
==22115== For counts of detected and suppressed errors, rerun with: -v
==22115== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
Segmentation fault
--
Henri Salo
sample03.dmg
Description: application/apple-diskimage
Signature: 0x6B6F6C79 (koly)
Version
blocks
==18211== Rerun with --leak-check=full to see details of leaked memory
==18211==
==18211== For counts of detected and suppressed errors, rerun with: -v
==18211== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
Segmentation fault
--
Henri Salo
sample01.dmg
Description
== For counts of detected and suppressed errors, rerun with: -v
==30730== Use --track-origins=yes to see where uninitialised values come from
==30730== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
--
Henri Salo
sample02.dmg
Description: application/apple-diskimage
Signature
0x0041414141414141 0x0041414141414141
0x4141424141414141 0x414141464141 zero
--
Henri Salo
denial-of-service.dmg
Description: application/apple-diskimage
not seem to be very
active.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
this independently.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227
CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3
If you need any help with this case feel free to contact me.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
This was closed because of https://bugs.debian.org/504804#13
It is about the inconsistence between
--file=some_file
and
--file some_file
THE EQUAL = sign.
This is a different bug than =~ case.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
when socat is in listening mode with fork
option and a couple of child processes terminate at the same time.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: grep
Version: 2.20-4
Severity: important
Tags: security, upstream, fixed-upstream
Bug report: http://bugs.gnu.org/19563
Upstream fix:
http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: qpid-cpp
Version: 0.16-9
Severity: important
Tags: security, upstream, fixed-upstream
Please see for details:
http://mail-archives.us.apache.org/mod_mbox/www-announce/201501.mbox/%3c54b4f4ac.8030...@apache.org%3E
- --
Henri Salo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE requested http://www.openwall.com/lists/oss-security/2015/01/03/17
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlSpCtYACgkQXf6hBi6kbk+PYACgiWtl5na2ZN0KOi0Zu9LPFhB8
Za8AmwS2rNce+xYRP/UDyWxDfMe0it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE request: http://www.openwall.com/lists/oss-security/2014/12/29/8
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlSiwaMACgkQXf6hBi6kbk+NNwCg2O6I+jT/yfTjzt3jyVGZkDzY
NNsAoKxK4bdiFpkBMzv8Rp8rN/vt2NmE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE request: http://www.openwall.com/lists/oss-security/2014/12/29/8
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlSiwZMACgkQXf6hBi6kbk+1EQCgrd15SCaYvASOX541J6iOVSry
JpQAoIXWw74HhZ6HWUiabOSo3+7GgYKe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: php5
Version: 5.6.4+dfsg-1
Severity: important
Tags: security, fixed-upstream
Please see https://bugs.php.net/bug.php?id=68676 for details.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlShnu0ACgkQXf6hBi6kbk8s6gCgs0UgWb7O8Aulun7iTA6bsLgk
UG4An045K2kMdC1xCo7cEGiHcblnTDYE
=W4We
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE request http://www.openwall.com/lists/oss-security/2014/12/03/10
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlR/hg4ACgkQXf6hBi6kbk99mQCdE4qUEU/biQ0RgS0ppGAKwava
kQEAmgK7paGY35s3MknRzvbxUnBRYMtO
=o0gi
-END PGP
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7
)
logkeys --export-keymap=keymap.txt
logkeys --start --keymap=keymap --output=output.txt
echo abcdefghijklmnopqrstuvwxyz
logkeys --kill
2)
logkeys --start --output=output.txt
echo abcdefghijklmnopqrstuvwxyz
logkeys --kill
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I can reproduce this issue without --keymap in the example.
logkeys --start --output=output.txt
typesomething
logkeys --kill
File output.txt contains gibberish.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is this still an issue in some version?
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlRaDCMACgkQXf6hBi6kbk9N7ACgm+RBk9LXabLNQifB0V6oD6ll
DKMAn3PUpMvN5ah5qlx6F+fWJluoXlQs
=CxYc
-END PGP SIGNATURE
.
With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.
Thanks to Tucos for finding that one!
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
in such a retrieval. The old behaviour
can be attained by passing the --retr-symlinks=no option to the Wget invokation
command.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlROLg0ACgkQXf6hBi6kbk//KgCfY1kB9+jp++XGb1GMlekuBirP
IbEAoMBHvnAupKh7npnyUcyxyzk9R6R6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok. Nice and thanks!
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlROOtkACgkQXf6hBi6kbk+dTwCfSMi51fRJ8AVXXL3tXG3OYKG+
FZgAmwQQna4Jd4nbP9HnjqFHQVQF7CE/
=bBRW
-END PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Where did you get this This request is also seconded by
upstream information? Web site http://codezen.org/canto-ng/ does not say
anything about it being abandoned status. New section in that page contains
new posts.
- ---
Henri Salo
-BEGIN PGP
“http.cors.allow-origin” to the value of the server that should be allowed
access, such as localhost or a server hosting Kibana. Disabling CORS entirely
with the former setting is more secure, but may not be suitable for all use
cases.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12
/rev/8d963c7db507
I'm happy to help in case you have any questions.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQuP5UACgkQXf6hBi6kbk95XQCglVqoArm+HD4kEHPCLMd8KaQU
IvMAn3Wn5Gr+zwz5n7M1lWd0X4qp5URb
=K3OU
-END PGP SIGNATURE
/720545
Can you verify that this new issue in BTS is duplicate? If it is I'd prefer that
you comment there and we close this (not merge, so that discussion is easier to
read/follow).
Thank you for your work regarding Debian security.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG
give reasoning, thank you.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQqS24ACgkQXf6hBi6kbk/cCQCdGwbC8Tk1kzx1Mjg5OHDAp7wI
KcwAn0NnXCiW/G9CuOQGMRk2xUODZAtm
=zrVO
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
regarding this issue.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQkJMMACgkQXf6hBi6kbk+bIQCgom59SVZDOvoc9gcNCJJCMgV+
noYAnizbzeHzLPFWkGt8QGm/XiMYwZ3/
=1ooE
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
vulnerabilities so that maintainers know about them. These are also added to
Debian security-tracker. In some packages maintainer is watching upstream
advisories closely, but this is not always the case.
I'll fix this for the next upload anyway.
Thank you.
- ---
Henri Salo
-BEGIN PGP SIGNATURE
) SECURITY: Enhance CSS filtering in SVG files. Filter style
* elements; normalize style elements and attributes before filtering; add checks
* for attributes that contain css; add unit tests for html5sec and reported
* bugs.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQhGTkACgkQXf6hBi6kbk/46gCfbwwiaD3Zdfbo5z57NihRYfvJ
J34An0KG/kIRMQlB9CYUgcwM9net67oc
=7klY
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject
tagged packets
* added PATCH HTTP method to default method list
* changed packet parsing to continue without a full header present
* added PPP link type support
* added custom ethernet header offset option (-S)
* changed read timeout to be non-zero
- ---
Henri Salo
-BEGIN PGP SIGNATURE
/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a
(v0.9.8)
RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3633
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQcOvYACgkQXf6hBi6kbk8AGwCgqs/OmHigrdQtI4GGTvjipEl7
also be other reasons to get this into Debian.
https://packages.debian.org/wheezy/fdupes
Your comments are welcome.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQcaTkACgkQXf6hBi6kbk+e5QCeMSutiUKDwK/Xhtg3np5ZeKBp
BhsAnAu0SseiT/MzhXyyUhH/c9jZcTPj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
At least pygccxml is now in Debian[1]. Is this software still wanted to Debian?
https://packages.debian.org/wheezy/python-pygccxml
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
It seems that site http://www.autoscan-network.com/ is down. Any other sources?
Sounds like an interesting software. I would be happy to test this and after
that possibly help with maintaining it if it is good enough.
- ---
Henri Salo
-BEGIN
/src'
make: *** [all-recursive] Error 1
I might be interested to maintain this in the future.
- - - ---
Henri Salo
- - -BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQcdJAACgkQXf6hBi6kbk9zlgCfUB/FZtKMpnfOuX3kj5tWnnD4
ssAAoK9JlCN+KmXmxLob01kNhk4W7Mge
=prQ9
this in the future.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQcdhYACgkQXf6hBi6kbk8mIQCfUkKZaJdDFZb8Ac/qj5ukuhp9
xaAAnAjNPUdkkPQ0eQzYWyOV016Did9p
=HJvp
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
URL does not work anymore.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQcdv8ACgkQXf6hBi6kbk8SJACfYI/d1S8OG2HYrc3rIFogmGvi
VxoAn2Qiudv2iy+ftV8OuIZldIy2KrwA
=yPST
-END PGP SIGNATURE
think this software is not widely
used. If someone else says they need it I can help packaging (after testing).
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQciSEACgkQXf6hBi6kbk9qcwCgnjm3b1LJZx2LJqfDbw4F7Hg5
wscAoLd3nFg2E5F+OGBUnaFBrMI2lTBE
=lppo
1 - 100 of 360 matches
Mail list logo