:
I/O error : No such file or directory
I/O error : No such file or directory
This is no obconf bug but an lxde bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534804
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
Package: hylafax-server
Version: 2:6.0.3-5.1
Severity: normal
The documentation to the BINDTO parameter leads to a wrong usage, as it won't
bind to all
known IP addresses if you'll leave it commented.
/etc/default/hylafax
#
# If you need to bind hylafax to one address only, just uncomment
#
case this file does not carry
sensitive information and is probably also not used in many scenarios where
the DoS vector is of great relevance.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
it doesn't find ruby1.9. Why is that? It is in the
Depends and the binary is also in the ruby1.9 hppa packages.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp4El1lkXTXT.pgp
/bugs/show_bug.cgi?id=1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
http://security-tracker.debian.org/tracker/CVE-2009-3563
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
proposed debdiff please adapt the credit as this patch
wasn't from me but from Robert Buchholz.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFvH4ApC8d2.pgp
Description: PGP signature
by Robert Buchholz attached.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3894
http://security-tracker.debian.org/tracker/CVE-2009-3894
--
Nico Golde
Hi,
I intent to upload a 0day NMU to fix these two security issues.
The patch is available at
http://people.debian.org/~nion/nmu-diff/gimp-2.6.7-1_2.6.7-1.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
Hi,
I fixed this in my NMU as well as the upload was rejected by dak because of
the new lintian checks. I didn't really intend to fix that but yeah, I wanted
to get the security update through dak. diff URL is the same as for the
#555929.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
/secunia_research/2009-42/
http://security-tracker.debian.org/tracker/CVE-2009-1570
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpeOpd3j99XJ.pgp
Description: PGP signature
on 2.6.31-1-amd64 with the latest firmware package. Wireless is
currently not working at all with this kernel and firmwared combination -
Raising severity. Please adapt if you disagree.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject
added the security tag until it's clear what the impact is. Better save than
sorry.
Feel free to downgrade if you don't agree.
Tested with 7.8-3 on amd64 and i386.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
structures I guess, not?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpAzdjGVgmll.pgp
Description: PGP signature
] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371
http://security-tracker.debian.org/tracker/CVE-2009-3371
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* Dana Jansens dan...@orodu.net [2009-11-05 19:45]:
The window manager shown in the pictures documenting the bug is not
Openbox. Openbox does not use rounded titlebars at this time, I would
guess it is Metacity from the look of it.
I guess that comes from xfce...
Cheers
Nico
--
Nico
Hi,
ping? :)
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp4Gl4zTaDY5.pgp
Description: PGP signature
/httping
/usr/share/doc/httping/copyright
/usr/share/doc/httping/readme.txt
/usr/share/doc/httping/changelog.Debian.gz
/usr/bin
/usr/bin/httping
What part of that here is violating the FHS? Sorry I don't see it yet...
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
for 'strndup'
make[1]: *** [http.o] Error 1
The declaration and the function looks indeed broken regarding the parameter
types. But any idea why this isn't catched by surrounding ifndef?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons
Hi,
* Manoj Srivastava sriva...@debian.org [2009-10-29 22:38]:
On Thu, Oct 29 2009, Nico Golde wrote:
/usr
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/httping.1.gz
/usr/share/doc
/usr/share/doc/httping
/usr/share/doc/httping/copyright
/usr/share/doc/httping
the problem.
Sincerly,
Nico
--
Currently moving *.schottelius.org to http://www.nico.schottelius.org/ ...
PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C
signature.asc
Description: Digital signature
Package: libnss-ldap
Version: 261-2.1
Severity: critical
Hello!
As reported in bug 541188 and on the Debian users mailinglist
(ldap/libnss/ssh: (remote) login stops working after some time,
Thu, 3 Sep 2009 12:02:34 +0200), login stops to work via ssh and
partly locally after some weeks or days:
://ldaps02.ethz.ch
Oct 26 09:28:03 bach22 sshd[25236]: Accepted publickey for root from
129.132.130.3 port 52738 ssh2
Nico
--
Currently moving *.schottelius.org to http://www.nico.schottelius.org/ ...
PGP: BFE4 C736 ABE5
upstream.
In case there are changes that are not useful for upstream I would still
prefer to have a branch ubuntu-karmic or debian-unstable in the git
repo, to see what you're patching why.
Sincerly,
Nico
[0] http://lists.linux.it/listinfo/gpm
--
Currently moving *.schottelius.org to http
issues existing in it the
former should be fine.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpS1HVK1KjuK.pgp
Description: PGP signature
its x properties but it seems all
unexpected behaviour recently involves this tool. I see no wrong behaviour in
how openbox is handling ICCCM and EWMH compliance.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
couldn't reproduce it. Patch looks good, I'll include it in
the package. Dave, can you include the patch upstream as well?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp7G2AJLzh0w.pgp
not reproduce this. I cced upstream. Dave, are you aware of such
problems or do you have any idea what this is about?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgptoqu7ycMqW.pgp
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpg95yc01WDL.pgp
Description: PGP signature
)...
What is matchbox keyboard? Do you have this with other applications as well?
If the application is messed-up (in this case matchbox keyboard) openbox can
hardly do anything against that.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security
version soon and this fix
will be included as well of course.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYd6pqTq3Y7.pgp
Description: PGP signature
not sure I can run openbox in gdb to get a
backtrace but may try.
Are you able to build openbox with debugging symbols and
-O0? If not I can provide you a debug package. In this case
you could still use ulimit -c unlimited to get a stacktrace
(in case it really segfaults).
Cheers
Nico
.
I currently lack of time and interest to properly maintain the package but
I don't want to orphan it yet. Therefore I am searching for a new co-maintainer
for this package. The biggest todo would be to package the new upstream release.
Kind regards
Nico
--
To UNSUBSCRIBE, email
Hi,
* Gregory Colpart r...@evolix.fr [2009-09-23 00:58]:
On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote:
Now I'm testing package and preparing upload for sid.
Are you also working on etch? That would be nice, I think
this deserves a DSA.
Yes and I confirm
Hi,
* Gregory Colpart r...@evolix.fr [2009-09-20 20:09]:
Hello,
On Fri, Sep 18, 2009 at 05:18:14PM +0200, Nico Golde wrote:
the following CVE (Common Vulnerabilities Exposures) id was
published for horde3.
Work in progress. For stable-security, patches are pushed:
http
expected.
Not reproducible. What program is that? I smell and
application bug rather than an openbox issue here.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpdwFvl8geWI.pgp
Hi,
* Jussi Myllykoski jussi.myllyko...@gmail.com [2009-09-20 20:09]:
On Sun, Sep 20, 2009 at 1:52 PM, Nico Golde n...@debian.org wrote:
Not reproducible. What program is that? I smell and
application bug rather than an openbox issue here.
Oh, well that's odd. There's several cases I've
team has not replied yet, maybe it is still
possible to update the patch?
Please update this through -proposed-updates, we're
currently swamped with more severe issues.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236
http://security-tracker.debian.net/tracker/CVE-2009-3236
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad horde-3.2.4
;) It is a success, it's just the message that
says failed (meaning the return value).
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpDw4hICWPd8.pgp
Description: PGP signature
.
The message emmited by the start action is much more palatable.
I agree this is confusing. Will be fixed with the next
upload.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* Christoph Egger deb...@christoph-egger.org [2009-09-06 01:01]:
On Sat, Sep 05, 2009 at 05:21:43PM +0200, Nico Golde wrote:
* Christoph Egger deb...@christoph-egger.org [2009-09-05 16:51]:
On Fri, Sep 04, 2009 at 05:51:58PM +0200, Nico Golde wrote:
[...]
When running LXDE
Hi,
* Bhavani Shankar R bh...@ubuntu.com [2009-09-11 10:51]:
As I m a fan of CLI I use this program in ubuntu to build torrents from CLI
and I ll take this over
I think we can savely remove it given that mktorrent was
uploaded to debian which is far better than bouldtorrent.
Cheers
Nico
Hi,
* Christoph Egger deb...@christoph-egger.org [2009-09-05 16:51]:
On Fri, Sep 04, 2009 at 05:51:58PM +0200, Nico Golde wrote:
[...]
When running LXDE on unstable (doesn't matter if it's kfreebsd or
linux) and opening any window there are no decorators drawn and the window
wanders
not make any hashsum check (e.g. SHA512, which should
probably used) and fail installation if the hashes doesn't match.
That's why I've marked this bug as security critical.
This is not entirely correct, actually the packages checks
md5 hashes (yes, i know this is broken).
Cheers
Nico
--
Nico Golde
Package: request-tracker3.8
Severity: minor
Hi,
the TimeWorked value which can be set via a ticket when resolving it is
used as an integer which allows to set negative values which doesn't make
any sense. Should be probably an unsigned data type.
Cheers
Nico
--
To UNSUBSCRIBE, email
Hi,
* Peter Eisentraut pet...@debian.org [2009-09-04 12:09]:
On tor, 2009-09-03 at 17:45 +0200, Nico Golde wrote:
* Peter Eisentraut pet...@debian.org [2009-09-03 16:31]:
Package: openbox
Version: 3.4.7.2-5
Severity: normal
The openbox.desktop file declares not categories
unusable for everyone, you're the first one reporting
something like that.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpknzBUEYtPe.pgp
Description: PGP signature
look like in
this case?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpgr7rhplnQV.pgp
Description: PGP signature
it :/
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195
http://security-tracker.debian.net/tracker/CVE-2009-2195
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
a new new package containing the
patch.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpUC1qzqyUAe.pgp
Description: PGP signature
://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revrevision=13818
Further information:
http://www.squirrelmail.org/security/issue/2009-08-12
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi Daniel,
what's the current status of this bug?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpuDNuIBBZFS.pgp
Description: PGP signature
Hi,
I intent to upload a 0-day NMU to fix this bug.
debdiff available on:
http://people.debian.org/~nion/nmu-diff/curl-7.19.5-1_7.19.5-1.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
host in the configuration, an attacker can submit malicius
code to execute commands as
www-data user.
How can an attacker add a new host in the configuration?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
Hi,
* Cyril Brulebois k...@debian.org [2009-08-26 01:36]:
your package needs a little tweak to become buildable on GNU/kFreeBSD,
which you'll find attached.
Thanks for considering.
Thanks for the patch. I forwarded it upstream for now as we
plan a new release soon anyway.
Cheers
Nico
Hi,
* Nico Golde debian-security...@ngolde.de [2009-08-21 22:55]:
* Frank Loeffler kn...@cct.lsu.edu [2009-08-21 22:29]:
After a recent security update, pidgin cannot be updated on amd64
because it depends on libstartup-notification0 (= 0.10) [amd64] which
is not in lenny. For other
add the private flag to dissalow DHT and Peer Exchange.
Can add a web seed URLs. Hashing can be done multi threaded
and supports multiple CPUs.
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double
bug report.
This is a known issue, a binNMU for amd64 has been
scheduled.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp6HcyFbA5ro.pgp
Description: PGP signature
Hi,
CVE-2009-2855 was assigned to this issue, please make sure
to reference it in the changelog if you fix this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
I intent to upload a 0-day NMU to fix these vulnerabilities,
debdiff can be found on:
http://people.debian.org/~nion/nmu-diff/libxml2-2.7.3.dfsg-2_2.7.3.dfsg-2.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
: SHA1
Bug not present in Tomcat 6.
so why closing a bug that was assigned for tomcat 5?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpcuwGmceKBR.pgp
Description: PGP signature
that
message again and gets it complete.
The first message is useless, please throw it away.
Does this only happen with a large header or a large body?
Cause I didn't observe something like that myself so far
even with openoffice build log mails.
Cheers
Nico
--
Nico Golde - http
Hi,
* Marcus Better mar...@better.se [2009-08-14 18:23]:
Nico Golde wrote:
Bug not present in Tomcat 6.
so why closing a bug that was assigned for tomcat 5?
Oh, I didn't read closely enough and thought it had been reassigned to
tomcat6.
Anyway tomcat5 has been removed from
Hi,
a way better patch is available on:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
tags 541394 + confirmed
thanks
Hi,
* Frédéric Brière fbri...@fbriere.net [2009-08-13 23:02]:
The init script should depend on $syslog as Required-Start/Stop or
Should-Start/Stop, as it may currently be started/stopped before syslog
by insserv.
True. Thanks, fixed in svn.
Cheers
Nico
--
Nico
Package: libpam-runtime
Version: 1.0.1-5+lenny1
Severity: serious
After some time we get this message when trying to login to a debian node:
r...@debian-host: ssh_exchange_identification: Connection closed by remote host
We have some clusters with debian running and about 30 nodes have this
Yes, we're using ldap in nsswitch:
[15:46] ikn2:~% ssh r...@ikr03 cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# For ETH with LDAP
#
passwd: files ldap [UNAVAIL=return]
group: files ldap [UNAVAIL=return]
shadow: files
hosts: files dns
networks: files
Steve Langasek [Wed, Aug 12, 2009 at 09:14:51AM -0700]:
On Wed, Aug 12, 2009 at 12:15:03PM +0200, Nico Schottelius wrote:
It seems that pam has a bug that is triggered after some time, that
forgets about the users:
This is not a PAM bug, you appear to have a bug of some kind in your NSS
?
Maybe I'm missing some Debian magic, but for an installation there's
no requirement to start it.
Greetings from the airport,
Nico
--
Currently moving *.schottelius.org to http://www.nico.schottelius.org/ ...
PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C
signature.asc
Description
with issues in multiple releases with
the debian bts is non-obvious and a major pain. is the *right* way
to do this documented somewhere?
http://wiki.debian.org/BugsVersionTracking maybe helps you.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
Hi,
* Michael S. Gilbert michael.s.gilb...@gmail.com [2009-08-10 19:06]:
On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
maybe it's just me, but dealing with issues in multiple releases with
the debian bts is non-obvious and a major pain. is the *right* way
to do this documented
-2416
http://security-tracker.debian.net/tracker/CVE-2009-2416
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
http://security-tracker.debian.net/tracker/CVE-2009-2414
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
Hi,
patch attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
--- pdfroff.sh 2009-08-09 16:04:10.0 +0200
+++ pdfroff.sh.new 2009-08-09 16:10:53.0 +0200
@@ -137,7
Hi Luciano,
I also just stumbled over dpkt and it is really neat! I am
also interested in packaging that. I didn't look into the
source code yet so I have no idea if it makes sense but I
offer myself as a co-maintainer hereby :)
Cheers
Nico
P.S. Homepage moved to http://code.google.com/p/dpkt
was
accidently moved before this check, so there is no bug other
than those unnecessary log lines. Downgrading, will be fixed
in the next upload.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
* Debian Bug Tracking System ow...@bugs.debian.org [2009-08-09 00:45]:
[...]
Version: 3.0.STABLE16-2.1
This security issue was resolved in package version 3.0.STABLE16-2.1 for
sid/squeeze and 3.0.STABLE8-3+lenny1 for lenny.
Funny, actually I NMUed it myself :)
Cheers
Nico
--
Nico
should be revised.
Sorry where exactly is the bug?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpgHbtY2I4l4.pgp
Description: PGP signature
...
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpTPDeWCrVFh.pgp
Description: PGP signature
--
Why doesn't fetchmail default to deliver mail to localhost anymore?
I see no problem here. Can you show me your
/etc/default/fetchmail file?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
changelog entry.
For further information see:
[0] http://lists.debian.org/debian-security-announce/2009/msg00169.html
http://security-tracker.debian.net/tracker/CVE-2009-2415
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
specified. on
upgrade.
It has been closed by Nico Golde n...@debian.org.
Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Nico Golde
n
Hi,
* Vladimir Stavrinov v...@inist.ru [2009-08-07 17:35]:
On Fri, Aug 07, 2009 at 03:56:49PM +0200, Nico Golde wrote:
Sorry where exactly is the bug?
Do You read first message in this thread? There are described the bug,
that I confirm too. Or You can not reproduce it?
I saw Your next
Hi,
I intent to upload a 0-day NMU to fix this issue.
Patch on
http://people.debian.org/~nion/nmu-diff/squid3-3.0.STABLE16-2_3.0.STABLE16-2.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double
in the changelog and will upload this
now.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1DpoDHGNpz.pgp
Description: PGP signature
it be an option for
you to set the socket into non-blocking mode and use select
to workaround that? I am not sure if this should work in any
other way.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
* Olaf van der Spek olafvds...@gmail.com [2009-08-03 17:39]:
On Mon, Aug 3, 2009 at 5:07 PM, Nico Golden...@debian.org wrote:
Hi Folkert,
* Olaf van der Spek olafvds...@gmail.com [2009-08-01 22:56]:
Ctrl+C doesn't work when you invoke httping this way.
I tracked this down
me on debconf to answer that :)
As the webserver is bound to localhost in the default and
the user explicitly has to bind it to another hostname + it
isn't used in production environments I suggest going
through stable-proposed-updates with that.
Is that ok for you?
Cheers
Nico
--
Nico Golde
Hi,
did you try to reproduce this bug again? I see no bug here
and I agree with Gunnar that this seems to be a locales
problem on your side.
I will close this bug in 2 weeks if I don't hear anything
from you.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
and this will
warn people with apt-listbugs installed in the meantime. Please downgrade if
you think
this is not appropriate.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
to incorrect data validation Squid is vulnerable to a denial
| of service attack when processing specially crafted responses.
Unfortunately there is no CVE id for this yet.
For further information see:
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
this also links patches.
Cheers
Nico
P.S
://www.openwall.com/lists/oss-security/2009/07/25/3
this patch is incomplete, two other similar issues exist in
the code.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpMOLbtgvYPc.pgp
Hi,
intent to upload a 0-day NMU to fix this bug.
Patch available on:
http://people.debian.org/~nion/nmu-diff/mediawiki-1.15.0-1_1.15.0-1.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
* Luciano Bello luci...@debian.org [2009-07-25 19:20]:
You still need help for http://bugs.debian.org/474128 ?
Just uploaded it a few hours before, was on my todo list
since quite some time now :) Thanks for the offer anyway!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
* Nico Golde n...@debian.org [2009-07-16 21:26]:
* Ramakrishnan Muthukrishnan rkrish...@debian.org [2009-07-16 20:53]:
Package: openbox
Version: 3.4.7.2-4
Severity: normal
After switching the session to GNOME/openbox from the GDM session menu
and loggin it, the gdm restarts
Hi,
* Nicolas Évrard ni...@no-log.org [2008-10-07 13:07]:
* Nico Golde [2008-08-28 19:01 +0200]:
[...]
What is the advantage of that? I mean you get what you want if you press it
once...
Did you had some time to think about this bug ? Maybe I should report it
upstream ?
More
Hi,
I intent to upload a 0-day NMU for this bug.
Patch on
http://people.debian.org/~nion/nmu-diff/pulseaudio-0.9.15-4_0.9.15-4.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* Nico Golde n...@debian.org [2009-07-22 00:44]:
There is currently a build failure in the test suite on FTBFS that's why we
s/on FTBFS/on i386 for lenny/
Sent the build logs to Sebastian.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security
structures changed and
libacpi isn't up2date anymore. Maybe it should be removed
until someone finds the time to change this.
Reassigning this bug for now.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double
Hi,
* Mike Massonnet mmasson...@gmail.com [2009-07-21 17:26]:
Thank you Nico for having taken care of the security bugs. The issue
is really simple to solve in fact, tho I never noticed it (actually
this is not the default behavior of slim, I made that change by
following the suggestion from
on fixing this during the debconf.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFvXLjhTQcB.pgp
Description: PGP signature
501 - 600 of 2532 matches
Mail list logo