Package: php4
Version: 4:4.3.10-16
Followup-For: Bug #336645
http://www.hardened-php.net/index.76.html
This page explains why the so-called 'globals overwrite' bug matters,
even regardless of the register_globals setting. To put it briefly, the
$GLOBALS array can be accessed directly by other
Package: php4
Version: 4:4.3.10-16
Followup-For: Bug #336645
here is a patch that applies cleanly on sarge:
http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.2r2=1.543.2.51.2.3ty=h
I append a modified patch that will apply cleanly on the sarge tree. I
hope this
On Thu Nov 17, 2005 at 11:15:05PM -0800, Steve Langasek wrote:
On Thu, Nov 17, 2005 at 07:38:18PM -0500, Antoine Beaupre wrote:
Package: php4
Version: 4:4.3.10-16
Followup-For: Bug #336645
http://www.hardened-php.net/index.76.html
This page explains why the so-called 'globals
Package: redmine
Version: 1.0.1-1
Severity: wishlist
Tags: patch
Hi,
I have been using this debian package since 0.9.1 in production. Since we are
in a LDAP environment, we started using the LDAP configuration. However, the
default configuration requires you to set a superuser password to bind
Package: redmine
Version: 1.0.1-1
Severity: normal
I have configured redmine to use a specific instance, separate of the default
one. It is named koumbit and has configuration in /etc/redmine/koumbit
During the upgrade, it seems that the session configuration is not updated
properly. I was
Package: redmine
Version: 1.0.1-1
Severity: wishlist
We're running redmine in a multi-user environment, where multiple web
applications are deployed, so running it as www-data is not acceptable.
The way we're doing this is by fixing the permission on the config.rb file:
chown redmine
Comparing with backups, it seems the data we had in session.yml was like
this:
production:
session_key: _redmine_koumbit
value: [...]
While the new generated value is:
production:
key: _redmine_koumbit
value: [...]
Could this be the issue?
A.
--
Antoine Beaupré
Réseau Koumbit
On Mon, Dec 13, 2010 at 05:50:27PM +0100, Jérémy Lal wrote:
It could, and shouldn't.
From which version where you upgrading ?
0.9 - 1.0.1 ?
0.9.1 - 1.0.1
--
Antoine Beaupré
Réseau Koumbit Networks
+1.514.387.6262
signature.asc
Description: Digital signature
Package: zabbix-frontend-php
Version: 1:1.8.2-1~bpo50+1
Severity: normal
I have mistakenly submitted this issue upstream first while it may affect only
Debian:
https://support.zabbix.com/browse/ZBX-3297
Basically, importing certain templates yields PHP errors that are easily fixed,
first
Package: request-tracker3.8
Version: 3.8.1-1~experimental1~bpo40+1
Severity: important
It seems that this package has trouble configuring the database server through
the dbconfig interface. During the dbc_go() step, we get an access denied:
DBI
Package: request-tracker3.8
Version: 3.8.1-1~experimental1~bpo40+1
Severity: important
So another issue we ran into was this:
The following parameter was passed in the call to
HTML::Mason::CGIHandler-new() but was not listed in the validation options:
named_component_subs
Compilation failed in
Package: rrdtool
Severity: wishlist
I see 1.4~rc2 is in experimental but since then, 1.4 was formally
released (in october) and two other point releases were published
upstream (1.4.1 and 1.4.2).
It would be nice to have this in Debian... I volunteer for a backport to
lenny as the performance
Package: emacs
Version: 23.1+1-5
Severity: normal
User: debian-...@lists.debian.org
Usertags: kfreebsd
Emacs fails to start in Debian. Being a major tool in my toolchain, it's a
rather major issue for me. It seems to be looping on this:
17556 emacs23-x CALL poll(0xbfbfd944,0x1,0x)
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: minor
This seems like a very minor problem, but it asked me to report itself here, so
I'll do
it for the sake of coherence. :)
I get this after choosing sqlite3 in the debconf prompt when installing
redmine for
the first time:
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: normal
This package could automatically configure apache if the sample configuration
would be
sane. ;)
I get the following error if I symlink the config in place like this:
ln -s /usr/share/doc/redmine/examples/apache2-host.conf
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: wishlist
To have OpenID working in Debian's Redmine, we need to install the
libopenid-ruby
package.
It would be nice if this would be explicit in the dependencies... :)
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: minor
Hi again,
[Sorry for the multiple bug reports without patches... I may find the time to
actually
fix those things in the future, but right now I prefer to file so they are not
forgotten. :)]
When configuring a remote SQL server, I
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: minor
Hi again,
I am having trouble installing redmine with a remote mysql server. This is a
common
problem with dbconfig-common enabled applications, although I think this
problem is
specific to redmine.
First, i can't fill in the
Package: redmine
Version: 0.9.1-1~bpo50+1
Severity: wishlist
Tags: patch
*** Please type your report below this line *** Hi... again,
For a change, I have something to give here. :) I have successfully made
redmine run with passenger. The full crazy instructions I followed are here:
Package: rancid-core
Version: 2.3.2~a8-4
Severity: wishlist
Here is a simple crontab for the rancid-core package. This can simply be
packaged as debian/rancid-core.cron.d:
# m h dom mon dow user command
# run config differ hourly
1 * * * * rancid /usr/bin/rancid-run
# clean out config differ
Package: mysql-server
Version: 5.0.51a-24+lenny1
Severity: wishlist
Hi,
In trying to diagnose temporary table creation problems, the following patch
from Percona Labs is very useful, as described here:
Package: xterm
Severity: normal
It only affects xterm. I'm reporting this in rxvt, which doesn't suffer
from that problem.
I don't know how I could have possibly written that. I'm *not* reporting
this in rxvt. But it's true that rxvt doesn't suffer from this problem,
it's xterm specific.
The
Package: xterm
Version: 258-1
Severity: important
User: debian-...@lists.debian.org
Usertags: kfreebsd
This problem is fairly weird and hard to describe so bear with me.
It only affects xterm. I'm reporting this in rxvt, which doesn't suffer
from that problem.
The problem is this: the display
Package: libnetgraph4
Version: 8.0-4
Severity: grave
Justification: renders package unusable
I can't get netgraph to work under Debian/kFreeBSD. I was able to get
ngctl to compile using a simple hack to work around #522773 and #522774
(#define __unused) but it's completely refusing to start:
Package: wnpp
Severity: wishlist
Owner: antoine beaupre anar...@koumbit.org
Owner: antoine beaupre anar...@koumbit.org
* Package name: freebsd-ppp
Version : 8.0
Upstream Author : Brian Somers br...@awfulhak.org
* URL : http://www.freebsd.org/doc/handbook/userppp.html
Package: kfreebsd-image-8.0-1-686
Version: 8.0-4
Severity: normal
Basically, the problem here is that color changes on the console stick
somehow. I assume there's an escape sequence to go back to the regular
gray color that doesn't work somewhere.
-- System Information:
Debian Release:
Package: xserver-xorg-input-mouse
Version: 1:1.5.0-1
Severity: normal
Okay, so I tested with my old 7.x kernel here, and the mouse is still
non-functionning. So I believe the bug is not with the kernel, but with
X itself.
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
Package: xserver-xorg-input-mouse
Version: 1:1.5.0-1
Severity: normal
This recent upgrade did not fix the issue.
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
/var/lib/x11/X.md5sum does not exist.
X server symlink status:
lrwxr-xr-x 1 root root 13 Oct 16 15:48 /etc/X11/X -
Package: os-prober
Version: 1.39
Severity: normal
So this is still happening in 1.39, which is fairly disappointing. It
seems that os-prober relies on a linux-specific sysfs in line 29:
if [ -d /sys/block ]; then
partitions () {
# Exclude partitions that have whole_disk sysfs
Package: solr-tomcat5.5
Version: 1.2.0+ds1-3
Severity: important
The solr package creates a broken link in the tomcat policy.d directory before
postinst:
solr:/etc/solr# ls -l /etc/tomcat5.5/policy.d/05solr.policy
lrwxrwxrwx 1 tomcat55 adm 24 Apr 7 14:52 /etc/tomcat5.5/policy.d/05solr.policy
Hi,
I have finally time to work on this. I'm almost done with the 3.0-1 and
I'll quickly followup with 3.1.
A.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: kfreebsd-image-7.2-1-486
Version: 7.2-9
Severity: important
Tags: kfreebsd
The attached program fails when running over NFS:
$ ./a.out
lock failed, errno: 45
errno 45 is:
[EOPNOTSUPP] The argument fd refers to an object that does
not support file locking.
The server
Package: alpine
Version: 1.10+dfsg-3
Followup-For: Bug #510934
I just wish to note that this is still a problem in my version of the package.
I also wish to mention that the binary attempts to read
/etc/pinerc.fixed, according to strace.
Note that the README.Debian also mentions the wrong path
Package: prosody
Version: 0.7.0-1~rc1
Severity: wishlist
http://blog.prosody.im/prosody-0-8-0-released/
Hurray! :)
-- System Information:
Debian Release: 5.0.8
APT prefers oldstable
APT policy: (500, 'oldstable'), (2, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-6-xen-amd64
Here are some good tips for the update:
http://prosody.im/doc/packagers
A.
signature.asc
Description: Digital signature
Package: request-tracker3.8
Version: 3.8.8-7+squeeze1~bpo50+1
Severity: normal
Under very specific circumstances, RT can start eating up all memory on the
server. Load would shoot up as mason processes (in fcgid mode) would eat all
available memory and CPU.
PID USER PR NI VIRT RES
Package: openntpd
Version: 3.9p1+debian-8~bpo60+1
Severity: normal
This software inexplicably shifts the clock by 3000 seconds (around 10 minutes)
every 4 days when running in a
Xen domU in Debian Squeeze. Example logs:
May 18 19:35:56 athena ntpd[1411]: skew change -11.931 exceeds limit
May
Package: php-apc
Version: 3.1.3p1-2
Severity: wishlist
The version of APC in Squeeze is marked as beta upstream:
http://pecl.php.net/package/APC
I think squeeze desserves better. If this can't be part of a stable update, it
should at least be a backport. Unstable and testing have 3.1.9, they
Control: tag -1 moreinfo
It seems I had partition alignment issues on this drive. I am finishing
the restore of the partitions, but in the meantime, maybe this should be
ignored...
A.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
Package: scdaemon
Version: 2.1.18-3
Severity: grave
In Bug#854005, I have described a distinct issue I have experience
with my Yubikey since the upgrade of the GnuPG suite from 2.1.17 to
2.1.18, and in the case of pcscd, from 1.8.19-1 to 1.8.20-1.
I am not sure what exactly is going on here.
Package: debian-installer
Severity: wishlist
After reflecting for a few days about password generation and writing
an [article][1] about it, I was told the debian-installer may be a good
place to encourage people to set strong passwords. In the d-i, we set
one or three critically important
On Fri, Feb 03, 2017 at 09:40:35AM +0900, NIIBE Yutaka wrote:
> Hello,
>
> Thanks to dkg to explicitly CC me.
>
> On Thu 2017-02-02 17:54:26 -0500, Wouter Verhelst wrote:
> > Since a recent upgrade, gnupg-agent no longer finds the authentication
> > (SSH) key on my OpenPGP smartcard:
> >
> >
Control: retitle -1 jessie backport out of date
Control: found -1 2.55.0+dfsg-1~bpo8+1
Small update: I actually went ahead with the backport, just to scratch
an itch. Now of course new versions came in and a new backport is
probably necessary, if only to fix what seems to be a security issue
Package: calibre
Version: 2.71.0+dfsg-1
Severity: critical
File: /usr/bin/ebook-viewer
Tags: security
Hi,
Someone pointed me to this note in the 2.75.1 changelog:
E-book viewer: Prevent javascript in the book from accessing files
on the computer using XMLHttpRequest.
The ticket link
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package atheme-services
There is a security issue that was fixed in the upstream 7.2.8 package
(#855588), which introduced a new security issue, which was fixed in
the 7.2.9
Package: atheme-services
Version: 7.2.7
Severity: grave
Tags: security
Upstream changelog says:
This is a security release closing a memory leak that could be
exploited by attackers to potentially cause a denial of
service. Release 7.2.7 is affected; older releases are
On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote:
> Kurt Roeckx writes:
>
> > From what I understand, it is (or was) possible to configure
> > things in such a way that it uses s_client to set up SSL, even
> > when it's configured to use gnutls. You should never
tags -1 -unreproducible
I can reproduce issues with certification verification in Emacs 24.5+1-8
in Debian Stretch. As documented here:
https://glyph.twistedmatrix.com/2015/11/editor-malware.html
The following script will yield an error:
(let ((bad-hosts
(cl-loop for bad
in
Package: pcscd
Version: 1.8.20-1
Severity: grave
Since I upgraded from 1.8.19-1 to 1.8.20-1 (or maybe it is because of
scdaemon 2.1.18, unclear), I cannot reliably use pcscd for multiple
days.
After a while, the pcscd daemon just disappears, and then scdaemon
cannot talk to it anymore:
fév 09
Package: wnpp
Severity: wishlist
* Package name: siegfried
Version : 1.6.7
Upstream Author : Richard Lehane
* URL : http://www.itforarchivists.com/siegfried
* License : apache 2.0
Programming Lang: Go
Description :
Package: gpgv
Version: 2.1.17-2
Severity: important
For some reason, gpgv fails to verify a file that verifies properly
with gpg -v:
$ dget https://mentors.debian.net/debian/pool/main/d/dnsdiag/dnsdiag_1.4.0-1.dsc
dget: retrieving
On Sun, Feb 08, 2015 at 06:01:14PM +, Damyan Ivanov wrote:
> -=| Joey Hess, 27.01.2015 18:00:11 -0400 |=-
> > Source: kgb-bot
> > Version: 1.33-2
> > Severity: important
> > Tags: security
> >
> > 2015.01.19 18:08:39: Listening on http://0.0.0.0:?session=KGB
> > 2015.01.19 18:08:43:
Package: installation-reports
Severity: wishlist
No problems with this install, just a "everything is good" report,
thanks!
-- Package-specific info:
Boot method: USB
Image version: debian-stretch-DI-alpha8-amd64-netinst.iso downloaded
from cdimage.debian.org mirrors SHA256:
Package: parcimonie
Version: 0.10.2-4
Followup-For: Bug #836266
I suffered from this same problem here on a fresh stretch install:
parcimonie rewrote my dirmngr.conf to add use-tor and broke all
network operations *outside* of parcimonie.
This is a change of behavior and a significant regression
On Mon, Mar 27, 2017 at 10:39:17AM -0400, Antoine Beaupre wrote:
> On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote:
> > Thanks for the report, Chris.
>
> Any timeline for this deployment? Do you need help with patching this
> in?
Actually, I'm not sure I under
Package: www.debian.org
Severity: normal
According to carnil in a discussion on the debian-lts@ mailing list,
DLAs and DSAs are manually imported in the website:
https://lists.debian.org/debian-lts/2017/03/msg00200.html
The process looks something like:
cd webwml/english/security
Package: www.debian.org
Severity: normal
Hi!
First, thanks for doing the work of importing DLAs and DSAs in the
website, it is greatly appreciated.
However, during a discussion on the debian-lts@ mailing list, we have
noticed that DLAs since squeeze LTS support was terminated have not
been
Package: python-pysaml2
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: normal
Tags: security
Hi,
the following vulnerability was published for python-pysaml2.
CVE-2016-10127[0]:
| PySAML2 allows remote attackers to conduct XML external entity (XXE)
Package: guacamole-client
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: normal
Tags: security
Version: 0.9.9+dfsg-1
Hi,
the following vulnerability was published for guacamole.
CVE-2016-1566[0]:
| Cross-site scripting (XSS) vulnerability in the
Control: found -1 2.7.103-4
Control: notfound -1 2.9.0-3
Here's some more information about that security issue that I could
gleam from testing and other sources.
To reproduce this in wheezy, you first need to install apparmor:
apt-get install apparmor apparmor-profiles
sed -i -e
On Tue, Jan 03, 2017 at 01:16:45PM -0600, Michael Shuler wrote:
> On 01/01/2017 12:40 PM, Thomas Lange wrote:
> > There's still no fix. Do you need help for a fix?
>
> If you have a patch idea, that would be great! Apologies for the delay
> in getting something together to reproduce and test a
On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote:
> Thanks for the report, Chris.
Any timeline for this deployment? Do you need help with patching this
in?
A.
signature.asc
Description: PGP signature
Hi all,
As those monitoring this bug report may have noticed, I have closed the
WNPP bug for the packaging of the "Breakin" tool into Debian.
In its place, I have uploaded the "Stressant" package which is a "simple
stress testing and burn-in tool". To quote the package description
further:
Package: stress-ng
Version: 0.07.24-1
Severity: normal
I am using stress-ng to build a larger automated stress-testing
tool. Therefore, I don't need the "info" prefixes in the generated
logfile, so I tried using --log-brief to remove those.
By defualt, the logfile works fine:
$ stress-ng
Package: docker.io
Version: 1.11.2~ds1-6
Severity: grave
I tried to install docker.io in Debian stretch (I know, it's banned,
but I figured I'd try my luck) and it completely hangs apt-get
install:
$ LANG=C sudo dpkg --configure -a
Setting up docker.io (1.11.2~ds1-6) ...
addgroup: The group
On Sat, Apr 06, 2013 at 09:29:25AM +0200, Joost van Baal-Ilić wrote:
> Hi,
>
> I agree with Andreas Beckmann it would be useful if a remark could be
> added to the release notes. I can apply a patch soon. Below snippets
> from previous discussion summarize the relevant parts I believe.
>
Control: tags -1 +moreinfo
On Sat, May 04, 2013 at 02:24:01PM -0700, Jonathan Nieder wrote:
> Guillem Jover wrote:
>
> > Ah, much better indeed, thanks Jonathan.
>
> Thanks for the quick review. Here's the same change in patch form,
> with two tweaks:
>
> - s/machine
Control: tag -1 +patch
On Mon, Apr 17, 2017 at 09:19:07AM -0400, Antoine Beaupre wrote:
> On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote:
> > Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit :
> > > /etc/inittab is a sysvinit specific config file, w
On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote:
> Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit :
> > /etc/inittab is a sysvinit specific config file, which systemd won't
> > read. This is not going to change.
> >
> > If you have custom changes to /etc/inittab, those
Package: redshift-gtk
Version: 1.11-1
Severity: wishlist
If the systemd service is enabled (and works, see #827098) then a user
wanting GUI visbility on whatever redshift is doing might naturally
start the graphical application he/she sees in the menus.
In this case, both applications get into a
Package: redshift-gtk
Version: 1.9.1-4
Severity: normal
I have recommended this tool to a friend that has this problem of
using the computer too late at night (bad boy, go to sleep! ;).
When we did the first setup, my friend naturally clicked on the
Redshift icon in the application menus, and
On Sun, Nov 27, 2016 at 12:36:05PM -0500, Antoine Beaupré wrote:
> On 2016-11-27 11:16:11, Holger Levsen wrote:
> > On Sun, Nov 27, 2016 at 10:39:16AM -0500, Antoine Beaupré wrote:
> >> > … you've been attacked.
> >> I beg to disagree. I doubt that M. Kshevetskiy has been, in this case,
> >>
Package: debian-goodies
Version: 0.69
Severity: wishlist
Tags: patch
Hi!
We have been working hard on restoring the manpages.debian.org service
in the last months. It's now reliable and complete, yet you need a web
browser to use it.
The neat thing is: manpages.debian.org also ships actual
On Thu, Mar 23, 2017 at 02:55:51PM +, Ian Jackson wrote:
> Michael Stapelberg writes ("Re: Bug#851885: Please add pseudopackage
> `manpages.debian.org'"):
> > Oh, I m not planning to create any bugs. I m working with GitHub. iwj@
> > wanted
> > this pseudo-package to be created, and I agreed
On Thu, Mar 23, 2017 at 09:43:00AM -0500, Don Armstrong wrote:
> On Thu, 23 Mar 2017, Michael Stapelberg wrote:
> > Sorry for the late reply.
> >
> > The description looks good to me.
>
> Cool.
>
> > I don’t have a set of bugs to re-assign. I’m not sure whether the BTS was
> > ever used for
Note that fedorahosted.org closed down on march 1st.
The tool is now called "MediaWriter", but is still quite
Fedora-specific:
https://github.com/MartinBriza/MediaWriter/
See also their usage instructions here:
https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB
A.
--
Never
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupre <anar...@debian.org>
* Package name: grammalecte
Version : 0.5.15
Upstream Author : Olivier R. (olivier /at/ grammalecte /dot/ net)
* URL : https://www.dicollecte.org/grammalecte/
* License :
Package: emacs25
Version: 25.1+1-3+b1
Severity: normal
I'm getting this when running emacs -q after adding adding the
Marmalade repo (https://marmalade-repo.org/packages/):
https://paste.anarc.at/snaps/snap-2017.04.24-12.53.11.png
This is after running package-list-packages with the Marmalade
Package: unattended-upgrades
Version: 0.93.1+nmu1
Severity: normal
Tags: patch
Hi,
In the past week, my filesystem finally filled up due to 6GB of
archives in /var/cache/apt/archives. I identified unattended-upgrades
as the cause of this problem, as it didn't purge old packages (hello
texlive!)
Package: sbuild
Version: 0.73.0-4
Severity: wishlist
Tags: patch
It would be nice if sbuild automatically updated the configured
schroots. As things stand now, a configured schroot will slowly rot
down to a point where new builds will have to download a bunch of base
packages at each run, if
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I am working on a new release of Monkeysign, which I'd like to upload
in Debian. If it would be just me, I would tag the current HEAD with
2.2.4, considering the changes are
On Fri, May 19, 2017 at 10:46:35AM -0500, Michael Shuler wrote:
> On 05/19/2017 10:07 AM, Chris Lamb wrote:
> > I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5:
> >
> > ca-certificates (20161130+nmu1) unstable; urgency=medium
> >
> > * Non-maintainer upload.
> > * Add
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
The ca-certificates package in jessie is still vulnerable to #858539,
that is it still ships the WoSign and StartCom certificates which have
been marked as blacklisted after october
Package: cups
Version: 2.2.1-8
Severity: normal
Hi!
When trying to share my printers with my roommates through the CUPS
web interface, I quickly found the "Share printers connected to this
system" button and clicked it. And lo and behold, other Linux (and
probably Mac, haven't tried) computers
Hi!
First, thank you very much for the detailed bug report, very useful!
Responses inline.
On Tue, Mar 21, 2017 at 11:56:40AM -0500, Brian Kroth wrote:
> Package: apache2.2-common
> Version: 2.2.22-13+deb7u8
> Severity: normal
> Tags: security
>
> Dear Maintainer,
>
> We have some websites
Hi,
(Sorry for the large CC list, but I am hoping to get a broad approval of
the next changes for this in order to avoid previous mistakes. ;) In
particular, I'd be very grateful for some input by Stefan considering
his knowledge of the Apache codebase and how ... exotic this problems
is.)
As I
For what it's worth, I can reproduce this in stretch by rebuilding with
ASAN (-lasan -fsanitize=address -fno-omit-frame-pointer).
I can also reproduce this in wheezy by running it in valgrind:
$ valgrind /usr/sbin/tcpdump -ntr poc
==26648== Memcheck, a memory error detector
==26648== Copyright
Package: tracker.debian.org
Followup-For: Bug #812609
Same issue here. I always end up going to the packages.debian.org site
to find the .dsc link...
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture:
On Tue, Jul 18, 2017 at 01:53:09PM -0400, Noah Meyerhans wrote:
> Control: tags -1 + pending patch
>
> On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote:
> >
> > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
> >
>
> I believe that the attached
Package: apparmor
Version: 2.11.0-3
Severity: grave
Right now, in debian stretch, any apparmor command will yield:
$ sudo aa-disable usr.bin.irssi
ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found
... if apparmor-profiles is installed.
This, obviously, is an error in
Package: cryptsetup
Version: 2:1.7.3-4
Severity: wishlist
I have multiple crypto partitions I need to unlock when the machine
starts up. I use the dropbear-initramfs hack to unlock those
remotely. Unfortunately, the current implementation in
"cryptroot-unlock" doesn't seem to handle multiple
Package: apparmor-profiles-extra
Version: 1.11
Severity: normal
The apparmor profile for irssi is way too restrictive. A first
failure, in my use case, is restricting logs to be in ~/irclogs. While
this *is* the upstream default, it seems rather unusual to enforce
this in apparmor. A more common
On Sat, Jun 24, 2017 at 02:10:26AM +0200, Aurelien Jacobs wrote:
> Package: gdm3
> Version: 3.22.3-3
> Followup-For: Bug #805414
>
> The workaround from https://wiki.debian.org/BluetoothUser/a2dp used to
> work, but starting with gdm3 3.22.3-2, it is not enough anymore.
> I found out that I now
Package: pulseaudio
Version: 10.0-1
Followup-For: Bug #845938
This is still an issue in Debian stretch: the gdm3 package runs
pulseaudio, which takes over the bluetooth device and makes it
impossible for regular users to connect to their bluetooth device
using the hifi A2DP sink. See #805414 for
On Mon, Jun 05, 2017 at 06:32:11AM +0200, Salvatore Bonaccorso wrote:
> Hi!
>
> On Sun, Jun 04, 2017 at 08:35:05PM +0200, Salvatore Bonaccorso wrote:
> > Hi Bdale
> >
> > Since time is pressing a bit for the release of stretch, any problem
> > in if I would prepare a NMU for both stretch
Package: poppler
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security patch upstream
Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=100774
Hi,
the following vulnerability was published for poppler.
CVE-2017-9865[0]:
| The
affects 85225 xbmc
package xbmc
found 85225 2:11.0~git20120510.82388d5-1
thanks
I can confirm this affects both jessie-backports and wheezy. I've been
able to access random files on my Kodi install using:
Package: ftp.debian.org
Severity: normal
I am one of the last maintainers of the kedpm package, and I am not
using it anymore. Recently, a security issue was found in the package
(#860817), and I feel there may be more - I haven't deeply audited the
source code myself. Or if I did, it was a long
Package: release-notes
Severity: wishlist
I filed a removal request for kedpm (#861277) and that should be
mentioned in the release notes, along with the fpm2 removal:
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages
A possible
Package: wnpp
Severity: wishlist
* Package name: elpa-markdown-toc
Version : 0.1.2
Upstream Author : Antoine R. Dumont
* URL : https://github.com/ardumont/markdown-toc/
* License : GPL-3+
Programming Lang: Elisp
Description : Generate a TOC in markdown
1 - 100 of 542 matches
Mail list logo