and 4.0.37
and earlier (or before 4.0.38).
--
Tomas Hoger / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hey!
Fedora / Red Hat amanda packages maintainer pointed out that amfree is
a macro that does:
amfree(ptr) -- if allocated, release space and set ptr to NULL.
http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/trunk/common-src/amanda.h?revision=3457view=markup#l461
which should make
Hi Mike!
What Witold reports is actually post-CVE-2010-3900 behavior. Does any
webkitgtk-based epiphany version offer any more protection than after
connect / fetch warning?
th.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Hi!
Upstream changelog and announcement also mentions message.php:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1r2=1.699.2.301.2.4ty=h
So probably this one too:
http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56r2=2.560.4.56.4.1
HTH
--
Tomas Hoger
Hi!
That one is Red Hat-specific, as was publicly stated here:
http://www.openwall.com/lists/oss-security/2008/12/04/2
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
packages:
https://bugzilla.redhat.com/show_bug.cgi?id=470241
https://bugzilla.redhat.com/show_bug.cgi?id=475478
--
Tomas Hoger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi Joop!
You probably wanted to use:
TMPFILE=`mktemp -t`
instead of
TMPFILE = 'mktemp -t'
in your patch for #496383, right?
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
patch is used in all Fedora / Red Hat mgetty
packages for quite some time now:
http://cvs.fedoraproject.org/viewvc/rpms/mgetty/devel/mgetty-1.1.30-mktemp.patch?view=markup
(it can possibly benefit from few more Xes in file name template too ;)
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email
Hi Thijs!
Just out of curiosity, why bother with temp file and not use:
eval `ssh-agent -s` /dev/null
? (I haven't checked the actual script, just the patch, so apologies
if I'm missing some important bits.)
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
/_hashopenssl.c?view=log
(last rev 64048)
http://svn.python.org/view/python/branches/release25-maint/Modules/_hashopenssl.c?view=log
(last rev 51333)
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
use in
Smarty_Compiler.class.php. Is the original report bogus or does HYIP
use some old or customized Smarty version? (Well, I guess you don't
know the real answer to this, just like me ;).
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
to
already existing tables using this flaw?
Thanks!
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: clamav-daemon
Version: 0.93~dfsg-volatile1
Severity: normal
Tags: patch
After installing clamav-daemon-0.93~dfsg-volatile1 running
/etc/init.d/clamav-daemon start fails to finish as clamd is now started in
the foreground.
Further investigations shows that initscript in 0.93 changed the
(and many clients did not do that
properly), so the check was now moved directly to speex library.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi!
This is a duplicate of CVE-2008-1381. See references for CVE-2008-1381
for details.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi!
Should be fixed in 0.8.6f, for patch see:
http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff;h=94baded6eff88e39c98b6e3572826f16f21ceec3
http://bugs.gentoo.org/show_bug.cgi?id=214277#c2
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
Hi!
Upstream patch:
svn diff -r14431:14461
https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c
http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL
match_limit_recursion during pcre_exec call may be a
better start, with some ( ( 'ulimit -s' - stack_used_by_konqueror ) /
500) - some_constant ) guesswork.
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
is a simple pcre-only reproducer. Should SEGV with arguments
~4100.
Default recursion limit assumed by pcre seems to be set way too high.
Rebuilding pcre with --with-match-limit-recursion set to lower value
avoids SEGVs.
--
Tomas Hoger
deb476419.sh
Description: application/shellscript
/giftopnm.c?revision=1view=markup#l_1052
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
=markup
which should address this problem.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tag 456770 + security
thanks
Hi!
New upstream version seems to address one security issue too:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Hi!
This has been brought to our attention:
http://sourceforge.net/tracker/index.php?func=detailaid=1849333group_id=15494atid=115494
Upstream author is looking into the issue and expects to release update
soon.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
does not seem to be run.
buttonpressed.sh in Debian package contains examples, which, when
uncommented by system administrator, can introduce this problem.
HTH
--
Tomas Hoger
in Fedora cpio packages.
Also note that cpio 2.9 seems to assume --absolute-filenames by default.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
:
https://bugzilla.redhat.com/show_bug.cgi?id=327781#c5
Note: [EMAIL PROTECTED] was notified on 2007-10-23.
Updated DSA 1388-3 released on 2007-10-29.
--
Tomas Hoger
Red Hat Security Response Team
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Hi!
CVE name CVE-2007-4558 was rejected on 2007-08-30 as duplicate of
previously assigned name CVE-2007-4134.
Please consider using name CVE-2007-4134 to avoid confusion.
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
merge 386334
thanks
Hi Ana!
On Fri, Jan 12, 2007 at 02:02:30PM +0100, Ana Guerrero wrote:
You filed the bug
#206843 ktalkd does not work correctly when run under user nobody
some time ago, you can read the bug report at:
http://bugs.debian.org/206843
I have not been using ktalkd for
Package: qmail
Version: 1.03-38
Severity: minor
Tags: patch
Hi Jon!
Due to incorrect communication of postinst script with debconf, it does not
matter what answer is provided for qmail/start debconf question, qmail is
not started anyway.
I attach patch with update of qmail.templates file and
Package: qmail-src
Version: 1.03-38
Severity: wishlist
Tags: patch
Hi Jon!
Please consider adding mfcheck (or similar) patch to debian-qmail. It's
short patch, which adds capability to check validity of envelope sender's
domain (DNS lookup). It's behavior is controlled by control file and
On Tue, May 17, 2005 at 10:30:38PM -0400, Joey Hess wrote:
Denis Barbier wrote:
See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
If different character sets are used by the locale categories, the
results achieved by an application utilising these categories are
tags 253153 patch
thanks
Package: alsaplayer-gtk
Version: 0.99.76-0.3
Severity: wishlist
Tags: patch
Hi!
I wanted to report this bug separatly for alsaplayer-gtk, but than I
noticed same report for alsaplayer-text, so adding more info to this bug
and not creating duplicate...
Request is
Package: openoffice.org-debian-files
Version: 1.1.3-8+1
Severity: minor
Hi!
Mailcap file /usr/lib/mime/packages/openoffice.org-debian-files contains
incorrect nametemplates for native (open|star)office file formats.
Templates are %.ext instead of %s.ext. Nametemplates for MS Office and
Hi Denis!
Thanks for further information!
See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
If different character sets are used by the locale categories, the
results achieved by an application utilising these categories are
undefined.
Ok, it seems I'm entring
Hi Denis!
Thanks for your reply!
On Sun, May 15, 2005 at 06:42:21PM +0200, Denis Barbier wrote:
[...]
I cannot reproduce this behavior, I guess that you also set LANGUAGE to
sk_SK. You can perform similar checks with 'cp --help', and normally
you should see no differences between debconf
Package: debconf
Version: 1.4.30.13
Severity: minor
Hi!
I have following locale settings on my system:
LANG=sk_SK
LC_CTYPE=sk_SK
LC_NUMERIC=sk_SK
LC_TIME=C
LC_COLLATE=C
LC_MONETARY=sk_SK
LC_MESSAGES=C
LC_PAPER=sk_SK
LC_NAME=sk_SK
LC_ADDRESS=sk_SK
LC_TELEPHONE=sk_SK
LC_MEASUREMENT=sk_SK
Hi!
I think it is an FTBFS bug. The following should generally work:
apt-get source qmail
cd qmail-*
dpkg-buildpackage
For qmail, this does not work because of the missing Build-Depends on
groff-base and because of the missing users/groups.
Those are needed to create 'qmail-src'. It
Hi Andreas!
I'm not sure if this really is FTBFS bug. There is no official qmail binary
package in Debian, there's only qmail source package, from which qmail-src
package is built. build-qmail script from qmail-src package should be used
to build qmail binary package. Also note, that qmail-src
Hi Juergen!
Can you please take another look at this bug report once again? Your last
posting is nearly 10 months old and it states new version is ready, there's
only problem with PGP keys. Can you try to upload new version now, so
it'll have chance to get into Sarge?
If it helps, I can send
Package: bash3
Version: 3.0-12
Severity: minor
Hi!
I noticed following minor issue with bash3 run in vi-mode with colored PS1
prompt. When I type Esc-/ (for search in history), cursor jumps few
characters back and starts to overwrite prompt. Sometimes also part of
previous command is printed.
reopen 289006 !
thanks
Hi Java-Package maintainers!
Bug #289006 is not resolved in 0.19 version. I've tested on system with
devfs and I got following error:
Checking free diskspace:/usr/bin/make-jpkg: line 34: [: 56%: integer
expression expected
/usr/bin/make-jpkg: line 37: [: 56%: integer
41 matches
Mail list logo