Hi,
* Piotr Engelking inkerma...@gmail.com [2009-07-19 20:28]:
2009/7/16 Nico Golde n...@debian.org:
This is not really a bug but a feature, you can disable it
editing /etc/slim.conf. However I agree this is not really a
nice feature in a default configuration. I think a big fat
note
of the
many local root exploits is way more likely ;) Anyway, you
are right, it's a security issue.
Cheers
Nico
P.S. I am not the maintainer
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
for the report! Will include that in the next upload.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpMuD67VUShR.pgp
Description: PGP signature
:
[0] http://www.akitasecurity.nl/advisory.php?id=AK20090602
http://security-tracker.debian.net/tracker/CVE-2009-1894
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8qOYCChrIj.pgp
-tracker.debian.net/tracker/CVE-2009-2460
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpdD2nqVTzpP.pgp
Description: PGP signature
-2009-2459
http://security-tracker.debian.net/tracker/CVE-2009-2459
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRR9CmLM135.pgp
Description: PGP signature
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpG3jhKwJXee.pgp
Description: PGP signature
, or
| (3) input tags.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1382
http://security-tracker.debian.net/tracker/CVE-2009-1382
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
to README.Debian should be added to warn users of the
possible implications.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpjwR18Uv5jA.pgp
Description: PGP signature
a DSA. However it
would be nice if you could provide updated packages via
stable-proposed-updates.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp917GWfpxRv.pgp
Description: PGP
are running 3.4.7.2-4? Cause exactly
this bug was fixed in -4. See:
http://bugs.debian.org/533126
http://bugs.debian.org/531580
Or do I miss anything and this one is different?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
Package: kvm
Version: 85+dfsg-4
Hello packagers,
since upstream kvm is now at 88 and the current debian version is at 85.
Are there any plans to upgrade?
Thanks.
NicoP.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
the user for a password and then
locks the terminal until the same password is supplied again. When invoked
with
-s flag, tlock locks the terminal with the user's login password.
[...]
Why is that more useful or different than vlock?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Package: ftp.debian.org
Severity: normal
Hi,
phpicalendar doesn't seem to get the necessary attention by its maintainer, it
has security bugs (#513517) since quite a long time, an FTBFS (#534047) and
considering
that it only has 22 installations I ask for its deletetion.
Cheers
Nico
.
Erm, are you sure? According to Nico it was fixed in 0.1.1-9 which is
older than 0.1.1-10. I'm now pretty puzzled about the whole fuzz and the
issue at hand?
I checked the package of backports and the issue you are
reporting seems indeed to be fixed. Do you have any evidence
.
I urge you to please make a version bump to backports since this is a
security issue.
The best would be probably to ping the one who did the
initial backport. I CCed Alexander Wirt and Gerfried Fuchs
(from backports.org), maybe they can help you.
Cheers
Nico
--
Nico Golde - http
is with
Rails 2.3.x branch, AFAIK.
Please let me know if I'm wrong.
Yes that's correct. I verified the ruby version in unstable
and the vulnerable code is indeed not yet present.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
Hi,
attached is a patch for a 0-day NMU to fix this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal6-6.12/debian/changelog drupal6-6.12/debian/changelog
Hi,
attached is a patch for a 0-day NMU to fix this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal5-5.18/debian/changelog drupal5-5.18/debian/changelog
Hi,
* Gerrit Pape p...@smarden.org [2009-07-03 13:53]:
On Thu, Jul 02, 2009 at 08:22:04PM +0200, Nico Golde wrote:
Hi,
* Thijs Kinkhorst th...@debian.org [2009-07-02 20:08]:
On tiisdei 30 Juny 2009, Gerrit Pape wrote:
While we wait for who knows how long, I suggest we get the fix
understand why the confirmed fix for the reproducible bug
with security impact doesn't make it into stable. Can you tell me the
reason, or process the packages I prepared?
Just like the last time there are build failures on the buildd's which are
difficult to resolve. Nico is working on this DSA
Hi,
attached is a patch for a 0-day NMU that fixes the described
issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u gupnp-0.12.6/debian/changelog gupnp-0.12.6/debian
Hi,
as the incomplete fix got a new CVE id I closed this bug and
opened a new one for the incomplete fix.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgperkKgOKm79.pgp
if you fix this bug.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
* Steven M. Christey co...@linus.mitre.org [2009-07-01 13:43]:
On Mon, 22 Jun 2009, Nico Golde wrote:
I'm not sure if this should get a new CVE id but the versions in the CVE id
description should be adjusted and the upstream patch revised.
This looks like even though
and earlier allows user-assisted
attackers to cause a denial of service (crash) via a long declaration
in a .xbm file.
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpLsRbhEXW8w.pgp
Description: PGP
then gets this path by gdk_x11_get_xatom_by_name(_OB_CONFIG_FILE)
which ends up being /openbox/lxde-rc.xml.
So I am reassigning this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
, there is hardly any
functionality.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpwdhgpFDbiz.pgp
Description: PGP signature
be changed to toggle maximization instead of
maximizing unconditionally.
Not a bug, if you don't have the maximum button in the
titleLayout, well that's your fault. If you don't want it,
define a keybinding.
Closing
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
but the versions in the CVE id
description should be adjusted and the upstream patch revised.
Cheers
Nico
P.S. @Alan, this is also the reason I have to reject your packages in our
security queue again.
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security
Hi,
* Nico Golde oss-security...@ngolde.de [2009-06-22 15:45]:
[...]
Unfortunately this doesn't fix the issue and I wonder why people always think
changing signed types to unsigned will fix such errors.
If I pass 0x as the content-length according to type conversion rules
in C atoi
/init.d/checkfs.sh
initscripts: /etc/init.d/checkfs.sh
I still opened the bug for jfsutils, because this problem only
occurs with JFS, as all other filesystems have their journal
replay in the kernel (ext3,xfs,reiserfs f.i.), but may be reassigned,
as you think it fits best.
Sincerly,
Nico
, because / is still mounted read only
(and can only be mounted r/w if the fsck went through).
Therefore fsck.jfs must be run in any case, independent of
battery power or not.
Sincerly,
Nico
-- System Information:
Debian Release: squeeze/sid
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-rc7 (SMP
heavily overloaded please open a wnpp bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpSO56teDql8.pgp
Description: PGP signature
Hi,
attached is a patch for a 0-day NMU.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ctorrent-1.3.4-dnh3.2/debian/changelog ctorrent-1.3.4-dnh3.2/debian/changelog
Hi,
attached is a patch for a 0-day NMU I'm going to upload to
fix this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u strongswan-4.2.14/debian/changelog strongswan
Hi,
attached is a patch for a 0-day NMU I am going to upload to
fix this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u strongswan-4.2.14/debian/changelog strongswan
Hi,
* Nico Golde n...@debian.org [2009-06-12 15:07]:
Hi,
* Giuseppe Iuculano giuse...@iuculano.it [2009-05-23 17:03]:
[...]
CVE-2009-1759[0]:
| Stack-based buffer overflow in the btFiles::BuildFromMI function
| (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2
Hi,
I ported the patch to our ctorrent version. Could someone
please test it so updates don't break things?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad /tmp/ctorrent
to be the new maintainer, please see
http://www.debian.org/devel/wnpp/index.html#howto-o for detailed
instructions how to adopt a package properly.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
+ it is a patch for
dtorrent.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpx0bJVu7x1o.pgp
Description: PGP signature
and the attack scenario is
rather obscure. A fix would be nice nonetheless.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959
http://security-tracker.debian.net/tracker/CVE-2009-1959
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
Package: libncurses-ruby1.8
Version: 1.2.2-1
Severity: important
I see sup (sup-email) crash, when I press the l key. The crash error is
ruby: symbol lookup error: /usr/lib/ruby/1.8/x86_64-linux/ncurses_bin.so:
undefined symbol: funcall
It seems that this error is known in ncurses-ruby-1.2.2
?
see attached version please try
Looks good. Olaf, also on your side?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8fmR1pwVh5.pgp
Description: PGP signature
with a Speicherzugriffsfehler
(memory access fault)
Not reproducible here, can you please provide the urls file?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpKrzHYJ7hl4.pgp
Description: PGP
with a Speicherzugriffsfehler
(memory access fault)
Could you please fetch the source package, compile that with
debugging symbols and O0 and provide a backtrace?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
as the
urls file and a description of what you did.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpETs5Op9uRq.pgp
Description: PGP signature
Hi,
* Olaf van der Spek olafvds...@gmail.com [2009-06-07 14:30]:
Package: httping
Version: 1.2.6-1
Severity: normal
This is minor.
When a connect() times out, the FD is leaked.
Volkert, since you didn't release 1.3.1 so far, can you
include a fix in 1.3.1 as well?
Cheers
Nico
--
Nico
httping memory dumps in it
by sending SIGHUP to the httping process.
true
Well I overlooked that this is not possible like this as an
attacker doesn't have the rights to send signals to the
victims process.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
the attacker
has write privileges to he can place a symlink log.log pointing to
an arbitrary file of the victim and write httping memory dumps in it
by sending SIGHUP to the httping process.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all
if it breaks existing installations.
Feel free to reassign if you see a sane way on how to fix
this in openbox.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpSIFcmu8nmv.pgp
to understand what this bug is exactly about. Isn't that
rather a configuration that should be done in xorg?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpTzJlr04djw.pgp
Description: PGP
Hi,
* Sébastien Dailly sebast...@chimrod.com [2009-05-31 14:36]:
Here is a solution for the problem :
[...]
This problem is already fixed in upstream git, it will be
fixed in the next upload.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
Hi,
I intent to upload a 0-day NMU to fix this bug.
Daniel, are you taking care of graphicsmagick?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u imagemagick-6.5.1.0/debian
it
should be at most denial of service. Untag if you think it's not
securitywise important.
Denial of service but not much else.
I even removed the security tag. libsndfile is no service so
speaking of denial of service here is a bit too much. This
is just a regular application bug.
Cheers
Nico
Hi,
I intent to upload a 0-day NMU to fix this bug.
Patch attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal5-5.17/debian/changelog drupal5-5.17/debian/changelog
Hi,
I intent to upload a 0-day NMU as nothing happens with this
bug but it's a security issue. Patch attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal6-6.11
, calling
that from cron and let the script properly evaluate the
return value. I also see no problem with returning 0 in this
case though but I might miss any setups in which this would
be a problem. Matthias, what is your opinion on this?
Cheeres
Nico
--
Nico Golde - http://www.ngolde.de - n
' for 'bool r'. Fixed now.
Thanks very much, the patch looks good! While you're at it,
mind to fix the insecure random hexstring generation as
well?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double
Package: kvm
Version: 85+dfsg-3
Hello packagers,
I've upgraded from kvm 84 to 85. After this upgrade all my guests (debian
2.6.26-2-686, windows 2003) jump to 100% cpu usage. So the machine gets
unresponsiveness.
Could you consider to package the latest kvm release (86)?
Thanks.
NicoP.
Hi,
http://drupal.org/files/sa-core-2009-006/SA-CORE-2009-006-6.11.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgplhPdRO60Ll.pgp
Description: PGP signature
Hi,
given the long history of NMUs for this package...
... attached is a patch for a 0-day NMU fixing this
vulnerability.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ipsec
to have fun
with the victims
X session. The same problem exists in switchuser.cpp.
The easy fix would be to read this from stdin, xauth supports this. As small
remark...
I think using the time as a source for random data is also suboptimal in this
case.
Cheers
Nico
--
To UNSUBSCRIBE, email
Package: libvirt-bin
Version:0.6.3-2
Hello libvirt-Maintainer,
please consider to package the following patch for next libvirt release.
Without this patch kvm = 85 won't work with the latest (possible older
releases too) release, as it reports:
error: Failed to start domain ***
error:
with this, no other version included
the vulnerable code.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpDCKFpJVAYY.pgp
Description: PGP signature
Hi,
* Olaf van der Spek olafvds...@gmail.com [2009-05-16 17:58]:
Would it be possible to make both the -g and the http:// bits optional, such
that for example httping google.com would work?
Why not setting an alias?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
Hi,
* Olaf van der Spek olafvds...@gmail.com [2009-05-16 18:55]:
More work, less flexible.
Hmm an alias is exactly there to prevent more work ;)
On Sat, May 16, 2009 at 6:16 PM, Nico Golde n...@debian.org wrote:
Hi,
* Olaf van der Spek olafvds...@gmail.com [2009-05-16 17:58]:
Would
that before.
I am going to upload a 0-day NMU now to fix this.
debdiff available on:
http://people.debian.org/~nion/nmu-diff/eggdrop-1.6.19-1.1_1.6.19-1.2.patch
(includes the wrong bug number to close as I tried to reopen it fist but it
failed because it was already archived).
Cheers
Nico
certificate expiration vulnerability
does it make sense to close this bug since etch/lenny are still
vulnerable? from my perspective, it is better to keep the bug open so
that it stays on the maintainer's radar.
You are aware of the fact that our BTS knows about versions?
Cheers
Nico
--
Nico
Hi,
* Michael S. Gilbert michael.s.gilb...@gmail.com [2009-05-15 19:45]:
On Fri, 15 May 2009 14:18:26 +0200, Nico Golde wrote:
[...]
turns out my patch has a bug in it which opens this up for a
buffer overflow again in case strlen(ctcpbuf) returns 0:
http://www.gossamer-threads.com/lists
Hi,
* Alessio Treglia quadris...@ubuntu.com [2009-05-15 00:58]:
Package: stfl
Severity: wishlist
Tags: patch
stfl needs some changes in order to build properly with Python 2.6.
Attaching Ubuntu debdiff.
Thanks, makes very good sense. I'll include it in the next
upload.
Cheers
Nico
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148
http://security-tracker.debian.net/tracker/CVE-2009-0148
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpwoa3zWsR8B.pgp
Description: PGP
Hi,
I intent to upload a 0-day NMU to fix this. Attached is a
patch for a debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ipsec-tools-0.7.1/debian/changelog ipsec
upstream as per:-
http://vnc-tight.sourceforge.net/release-1.3.10.html
Please correct me if I've missed anything!
With thanks,
How did you verify this? From what I know this issue only
affects the windows version.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de
no motivation
to write a patch.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpG8J93uR4e4.pgp
Description: PGP signature
very soon.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpE76iz26zrq.pgp
Description: PGP signature
id in your changelog entry.
Patch:
http://launchpadlibrarian.net/19037678/system-tools-backends_2.6.0-1ubuntu1.1.diff
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6792
http://security-tracker.debian.net/tracker/CVE-2008-6792
--
Nico Golde - http
in libpng?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpQrEQYHeBv9.pgp
Description: PGP signature
, there are already complaints on debian-user
about aptitude, synaptic and other programs removed during
dist-upgrades in testing.
Sorry for the inconvenience, apt from unstable is now forced
into testing.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpECVMie5rCp.pgp
Description: PGP signature
Hi,
any news on this one?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpvuqjAt2JgK.pgp
Description: PGP signature
-1438
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpsv1VsYdknF.pgp
Description: PGP signature
=CVE-2009-1438
http://security-tracker.debian.net/tracker/CVE-2009-1438
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpiuGEnw2zuh.pgp
Description: PGP signature
installed thunar,
directories get created with 0755 here.
Can you provide any further information on how to reproduce
this?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* Yves-Alexis Perez cor...@debian.org [2009-05-05 18:23]:
On mar, 2009-05-05 at 16:51 +0200, Nico Golde wrote:
A new directory, created from Thunar, will have permission 777,
bypassing umask value.
I can not reproduce this with a freshly installed thunar,
directories get created
on this but zsh
should handle this.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpUieSaUL0Gk.pgp
Description: PGP signature
Hi,
* Clint Adams sch...@debian.org [2009-05-06 04:12]:
On Wed, May 06, 2009 at 02:35:05AM +0200, Nico Golde wrote:
export BLA=$(perl -e print 'A' x 1;)
results in zsh segfaulting:
[335969.515454] zsh[29005]: segfault at 7fff1b357858 ip 7fb5184a5855 sp
7fff1b357860 error 6
Hi,
CVE-2009-1440 has been assigned to this.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpN28EsnTogl.pgp
Description: PGP signature
Hi,
* Michael S. Gilbert michael.s.gilb...@gmail.com [2009-04-27 15:27]:
On Tue, 21 Apr 2009 23:54:36 +0200 Nico Golde wrote:
turns out CVE-2008-6679 also is fixed since 8.64.
The only unfixed issue in this report is CVE-2009-0196.
Michael, please better check the code next time
Hi,
stfl 0.20 which I will shorty upload supports this now. So
after the next newsbeuter upload this will be fixed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpQSDWVvuAoG.pgp
it -- see
http://www.debian.org/devel/wnpp/index.html#howto-o for detailed
instructions how to adopt a package properly.
Given that we have dmenu in the dwm-tools which does exactly
the same, can we just remove this package?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de
Hi,
attached is a patch for an NMU to fix the above issues.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u freetype-2.3.9/debian/changelog freetype-2.3.9/debian/changelog
a patch list.
.
You should either remove the quilt build dependency or add a series
file.
This is a bit misleading in case the series file exists but is empty
this will also be triggered. So this needs some adaption.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
Hi,
I am currently triaging the ghostscript bugs for unstable...
After checking every upstream version after this bug was
filed it turned out that CVE-2007-6725 was silently fixed in
8.63 so this is a non-issue for unstable/testing.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
turns out CVE-2008-6679 also is fixed since 8.64.
The only unfixed issue in this report is CVE-2009-0196.
Michael, please better check the code next time, this would
have save me a lot of time this evening.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
is not race free, an attacker still has the chance (though unlikely)
to get the credentials after the file was closed but before the system call.
Instead set a proper umask before opening the file.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
Hi,
attached is a patch that fixes the described issues which I
am going to upload as a 0-day NMU as there was no reaction
on these bugs yet.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/ghostscript-8.64~dfsg-1_8.64~dfsg-1.1.patch
Kind regards
Nico
--
Nico Golde
Hi,
attached is patch to fix this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mahara-1.1.2/debian/changelog mahara-1.1.2/debian/changelog
--- mahara-1.1.2/debian
the
CVE id in your changelog entry.
Patch attached.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
http://security-tracker.debian.net/tracker/CVE-2009-0792
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpvsFa0wJFTi.pgp
Description: PGP signature
601 - 700 of 2532 matches
Mail list logo
