Bug#336645: php4: not only dependent on register_globals

Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 http://www.hardened-php.net/index.76.html This page explains why the so-called 'globals overwrite' bug matters, even regardless of the register_globals setting. To put it briefly, the $GLOBALS array can be accessed directly by other

Bug#336645: php4: here is the patch

Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 here is a patch that applies cleanly on sarge: http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.2r2=1.543.2.51.2.3ty=h I append a modified patch that will apply cleanly on the sarge tree. I hope this

Bug#336645: php4: not only dependent on register_globals

On Thu Nov 17, 2005 at 11:15:05PM -0800, Steve Langasek wrote: On Thu, Nov 17, 2005 at 07:38:18PM -0500, Antoine Beaupre wrote: Package: php4 Version: 4:4.3.10-16 Followup-For: Bug #336645 http://www.hardened-php.net/index.76.html This page explains why the so-called 'globals

Bug#606979: redmine: more secure LDAP authentication

Package: redmine Version: 1.0.1-1 Severity: wishlist Tags: patch Hi, I have been using this debian package since 0.9.1 in production. Since we are in a LDAP environment, we started using the LDAP configuration. However, the default configuration requires you to set a superuser password to bind

Bug#606982: redmine: fails to upgrade all instances

Package: redmine Version: 1.0.1-1 Severity: normal I have configured redmine to use a specific instance, separate of the default one. It is named koumbit and has configuration in /etc/redmine/koumbit During the upgrade, it seems that the session configuration is not updated properly. I was

Bug#606983: run redmine as the redmine user

Package: redmine Version: 1.0.1-1 Severity: wishlist We're running redmine in a multi-user environment, where multiple web applications are deployed, so running it as www-data is not acceptable. The way we're doing this is by fixing the permission on the config.rb file: chown redmine

Bug#606982: problem is with the key

Comparing with backups, it seems the data we had in session.yml was like this: production: session_key: _redmine_koumbit value: [...] While the new generated value is: production: key: _redmine_koumbit value: [...] Could this be the issue? A. -- Antoine Beaupré Réseau Koumbit

Bug#606982: problem is with the key

On Mon, Dec 13, 2010 at 05:50:27PM +0100, Jérémy Lal wrote: It could, and shouldn't. From which version where you upgrading ? 0.9 - 1.0.1 ? 0.9.1 - 1.0.1 -- Antoine Beaupré Réseau Koumbit Networks +1.514.387.6262 signature.asc Description: Digital signature

Bug#607211: zabbix-frontend-php: importing template fails with PHP error

Package: zabbix-frontend-php Version: 1:1.8.2-1~bpo50+1 Severity: normal I have mistakenly submitted this issue upstream first while it may affect only Debian: https://support.zabbix.com/browse/ZBX-3297 Basically, importing certain templates yields PHP errors that are easily fixed, first

Bug#506487: request-tracker3.8: cannot configure remote mysql server

Package: request-tracker3.8 Version: 3.8.1-1~experimental1~bpo40+1 Severity: important It seems that this package has trouble configuring the database server through the dbconfig interface. During the dbc_go() step, we get an access denied: DBI

Bug#506488: request-tracker3.8: fails to compile in Mason

Package: request-tracker3.8 Version: 3.8.1-1~experimental1~bpo40+1 Severity: important So another issue we ran into was this: The following parameter was passed in the call to HTML::Mason::CGIHandler-new() but was not listed in the validation options: named_component_subs Compilation failed in

Bug#559370: rrdtool: new upstream release available (1.4.2)

Package: rrdtool Severity: wishlist I see 1.4~rc2 is in experimental but since then, 1.4 was formally released (in october) and two other point releases were published upstream (1.4.1 and 1.4.2). It would be nice to have this in Debian... I volunteer for a backport to lenny as the performance

Bug#559392: emacs: loops on start in gnu/kfreebsd

Package: emacs Version: 23.1+1-5 Severity: normal User: debian-...@lists.debian.org Usertags: kfreebsd Emacs fails to start in Debian. Being a major tool in my toolchain, it's a rather major issue for me. It seems to be looping on this: 17556 emacs23-x CALL poll(0xbfbfd944,0x1,0x)

Bug#570051: redmine: ucf complains about missing --debconf-ok

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: minor This seems like a very minor problem, but it asked me to report itself here, so I'll do it for the sake of coherence. :) I get this after choosing sqlite3 in the debconf prompt when installing redmine for the first time:

Bug#570052: redmine: default apache configuration parse error

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: normal This package could automatically configure apache if the sample configuration would be sane. ;) I get the following error if I symlink the config in place like this: ln -s /usr/share/doc/redmine/examples/apache2-host.conf

Bug#570177: redmine: should suggest libopenid-ruby

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: wishlist To have OpenID working in Debian's Redmine, we need to install the libopenid-ruby package. It would be nice if this would be explicit in the dependencies... :) -- System Information: Debian Release: 5.0.4 APT prefers stable APT

Bug#570178: redmine: broken host prompt in debconf

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: minor Hi again, [Sorry for the multiple bug reports without patches... I may find the time to actually fix those things in the future, but right now I prefer to file so they are not forgotten. :)] When configuring a remote SQL server, I

Bug#570179: redmine: fails to install with remote MySQL server

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: minor Hi again, I am having trouble installing redmine with a remote mysql server. This is a common problem with dbconfig-common enabled applications, although I think this problem is specific to redmine. First, i can't fill in the

Bug#570184: redmine: passenger support

Package: redmine Version: 0.9.1-1~bpo50+1 Severity: wishlist Tags: patch *** Please type your report below this line *** Hi... again, For a change, I have something to give here. :) I have successfully made redmine run with passenger. The full crazy instructions I followed are here:

Bug#505472: crontab for rancid-core

Package: rancid-core Version: 2.3.2~a8-4 Severity: wishlist Here is a simple crontab for the rancid-core package. This can simply be packaged as debian/rancid-core.cron.d: # m h dom mon dow user command # run config differ hourly 1 * * * * rancid /usr/bin/rancid-run # clean out config differ

Bug#542279: mysql-server: please include microslow patch from percona

Package: mysql-server Version: 5.0.51a-24+lenny1 Severity: wishlist Hi, In trying to diagnose temporary table creation problems, the following patch from Percona Labs is very useful, as described here:

Bug#580946: xterm: how to reproduce?

Package: xterm Severity: normal It only affects xterm. I'm reporting this in rxvt, which doesn't suffer from that problem. I don't know how I could have possibly written that. I'm *not* reporting this in rxvt. But it's true that rxvt doesn't suffer from this problem, it's xterm specific. The

Bug#580946: xterm: latest upgrade broke scrolling on kFreeBSD

Package: xterm Version: 258-1 Severity: important User: debian-...@lists.debian.org Usertags: kfreebsd This problem is fairly weird and hard to describe so bear with me. It only affects xterm. I'm reporting this in rxvt, which doesn't suffer from that problem. The problem is this: the display

Bug#580949: libnetgraph4: netgraph completely broken

Package: libnetgraph4 Version: 8.0-4 Severity: grave Justification: renders package unusable I can't get netgraph to work under Debian/kFreeBSD. I was able to get ngctl to compile using a simple hack to work around #522773 and #522774 (#define __unused) but it's completely refusing to start:

Bug#574789: ITP: freebsd-ppp -- FreeBSD Point-to-Point Protocol (PPP) userland daemon

Package: wnpp Severity: wishlist Owner: antoine beaupre anar...@koumbit.org Owner: antoine beaupre anar...@koumbit.org * Package name: freebsd-ppp Version : 8.0 Upstream Author : Brian Somers br...@awfulhak.org * URL : http://www.freebsd.org/doc/handbook/userppp.html

Bug#559364: kfreebsd-image-8.0-1-686: more details

Package: kfreebsd-image-8.0-1-686 Version: 8.0-4 Severity: normal Basically, the problem here is that color changes on the console stick somehow. I assume there's an escape sequence to go back to the regular gray color that doesn't work somewhere. -- System Information: Debian Release:

Bug#567251: xserver-xorg-input-mouse: not a kernel regression

Package: xserver-xorg-input-mouse Version: 1:1.5.0-1 Severity: normal Okay, so I tested with my old 7.x kernel here, and the mouse is still non-functionning. So I believe the bug is not with the kernel, but with X itself. -- Package-specific info: /var/lib/x11/X.roster does not exist.

Bug#567251: xserver-xorg-input-mouse: still a regression

Package: xserver-xorg-input-mouse Version: 1:1.5.0-1 Severity: normal This recent upgrade did not fix the issue. -- Package-specific info: /var/lib/x11/X.roster does not exist. /var/lib/x11/X.md5sum does not exist. X server symlink status: lrwxr-xr-x 1 root root 13 Oct 16 15:48 /etc/X11/X -

Bug#555394: os-prober: still failing

Package: os-prober Version: 1.39 Severity: normal So this is still happening in 1.39, which is fairly disappointing. It seems that os-prober relies on a linux-specific sysfs in line 29: if [ -d /sys/block ]; then partitions () { # Exclude partitions that have whole_disk sysfs

Bug#522992: solr-tomcat5.5: breaks tomcat5.5 install

Package: solr-tomcat5.5 Version: 1.2.0+ds1-3 Severity: important The solr package creates a broken link in the tomcat policy.d directory before postinst: solr:/etc/solr# ls -l /etc/tomcat5.5/policy.d/05solr.policy lrwxrwxrwx 1 tomcat55 adm 24 Apr 7 14:52 /etc/tomcat5.5/policy.d/05solr.policy

Bug#575880: work started, upload soon

Hi, I have finally time to work on this. I'm almost done with the 3.0-1 and I'll quickly followup with 3.1. A. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#551702: kfreebsd-image-7.2-1-486: nfs locking not functional

Package: kfreebsd-image-7.2-1-486 Version: 7.2-9 Severity: important Tags: kfreebsd The attached program fails when running over NFS: $ ./a.out lock failed, errno: 45 errno 45 is: [EOPNOTSUPP] The argument fd refers to an object that does not support file locking. The server

Bug#510934: alpine: problem confirmed here, precisions

Package: alpine Version: 1.10+dfsg-3 Followup-For: Bug #510934 I just wish to note that this is still a problem in my version of the package. I also wish to mention that the binary attempts to read /etc/pinerc.fixed, according to strace. Note that the README.Debian also mentions the wrong path

Bug#622638: prosody: new upstream version available: 0.8

Package: prosody Version: 0.7.0-1~rc1 Severity: wishlist http://blog.prosody.im/prosody-0-8-0-released/ Hurray! :) -- System Information: Debian Release: 5.0.8 APT prefers oldstable APT policy: (500, 'oldstable'), (2, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-6-xen-amd64

Bug#622638: more information

Here are some good tips for the update: http://prosody.im/doc/packagers A. signature.asc Description: Digital signature

Bug#623553: duplicate email addresses lead to major memory leaks

Package: request-tracker3.8 Version: 3.8.8-7+squeeze1~bpo50+1 Severity: normal Under very specific circumstances, RT can start eating up all memory on the server. Load would shoot up as mason processes (in fcgid mode) would eat all available memory and CPU. PID USER PR NI VIRT RES

Bug#674907: shifts the clock by 50 minutes unexplicably under a Xen dom0

Package: openntpd Version: 3.9p1+debian-8~bpo60+1 Severity: normal This software inexplicably shifts the clock by 3000 seconds (around 10 minutes) every 4 days when running in a Xen domU in Debian Squeeze. Example logs: May 18 19:35:56 athena ntpd[1411]: skew change -11.931 exceeds limit May

Bug#665492: php-apc: please backport 3.1.9 to squeeze

Package: php-apc Version: 3.1.3p1-2 Severity: wishlist The version of APC in Squeeze is marked as beta upstream: http://pecl.php.net/package/APC I think squeeze desserves better. If this can't be part of a stable update, it should at least be a backport. Unstable and testing have 3.1.9, they

Bug#705000: cryptsetup now says: evms_activate is not available

Control: tag -1 moreinfo It seems I had partition alignment issues on this drive. I am finishing the restore of the partitions, but in the meantime, maybe this should be ignored... A. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe.

Bug#854616: scdaemon cannot access yubikey using ccid driver without pcscd

Package: scdaemon Version: 2.1.18-3 Severity: grave In Bug#854005, I have described a distinct issue I have experience with my Yubikey since the upgrade of the GnuPG suite from 2.1.17 to 2.1.18, and in the case of pcscd, from 1.8.19-1 to 1.8.20-1. I am not sure what exactly is going on here.

Bug#854653: encourage users to generate strong passwords

Package: debian-installer Severity: wishlist After reflecting for a few days about password generation and writing an [article][1] about it, I was told the debian-installer may be a good place to encourage people to set strong passwords. In the d-i, we set one or three critically important

Bug#854005: [pkg-gnupg-maint] Bug#854005: ssh-agent no longer works

On Fri, Feb 03, 2017 at 09:40:35AM +0900, NIIBE Yutaka wrote: > Hello, > > Thanks to dkg to explicitly CC me. > > On Thu 2017-02-02 17:54:26 -0500, Wouter Verhelst wrote: > > Since a recent upgrade, gnupg-agent no longer finds the authentication > > (SSH) key on my OpenPGP smartcard: > > > >

Bug#818309: please backport to jessie

Control: retitle -1 jessie backport out of date Control: found -1 2.55.0+dfsg-1~bpo8+1 Small update: I actually went ahead with the backport, just to scratch an itch. Now of course new versions came in and a new backport is probably necessary, if only to fix what seems to be a security issue

Bug#853004: security: javascript in the book can access files on the computer using XMLHttpRequest?

Package: calibre Version: 2.71.0+dfsg-1 Severity: critical File: /usr/bin/ebook-viewer Tags: security Hi, Someone pointed me to this note in the 2.75.1 changelog: E-book viewer: Prevent javascript in the book from accessing files on the computer using XMLHttpRequest. The ticket link

Bug#855595: unblock: atheme-services/7.2.9

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package atheme-services There is a security issue that was fixed in the upstream 7.2.8 package (#855588), which introduced a new security issue, which was fixed in the 7.2.9

Bug#855588: memory leak could lead to Denial Of Service

Package: atheme-services Version: 7.2.7 Severity: grave Tags: security Upstream changelog says: This is a security release closing a memory leak that could be exploited by attackers to potentially cause a denial of service. Release 7.2.7 is affected; older releases are

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never

Bug#816063: emacs24: TLS certificate validation is silently broken

tags -1 -unreproducible I can reproduce issues with certification verification in Emacs 24.5+1-8 in Debian Stretch. As documented here: https://glyph.twistedmatrix.com/2015/11/editor-malware.html The following script will yield an error: (let ((bad-hosts (cl-loop for bad in

Bug#854703: disappears and never returns?

Package: pcscd Version: 1.8.20-1 Severity: grave Since I upgraded from 1.8.19-1 to 1.8.20-1 (or maybe it is because of scdaemon 2.1.18, unclear), I cannot reliably use pcscd for multiple days. After a while, the pcscd daemon just disappears, and then scdaemon cannot talk to it anymore: fév 09

Bug#851706: RFP: siegfried -- signature-based file format identification tool

Package: wnpp Severity: wishlist * Package name: siegfried Version : 1.6.7 Upstream Author : Richard Lehane * URL : http://www.itforarchivists.com/siegfried * License : apache 2.0 Programming Lang: Go Description :

Bug#852019: gpgv: unknown type of key resource 'trustedkeys.kbx'

Package: gpgv Version: 2.1.17-2 Severity: important For some reason, gpgv fails to verify a file that verifies properly with gpg -v: $ dget https://mentors.debian.net/debian/pool/main/d/dnsdiag/dnsdiag_1.4.0-1.dsc dget: retrieving

Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic

On Sun, Feb 08, 2015 at 06:01:14PM +, Damyan Ivanov wrote: > -=| Joey Hess, 27.01.2015 18:00:11 -0400 |=- > > Source: kgb-bot > > Version: 1.33-2 > > Severity: important > > Tags: security > > > > 2015.01.19 18:08:39: Listening on http://0.0.0.0:?session=KGB > > 2015.01.19 18:08:43:

Bug#850957: succesful installation on Intel NUC6i3SYB

Package: installation-reports Severity: wishlist No problems with this install, just a "everything is good" report, thanks! -- Package-specific info: Boot method: USB Image version: debian-stretch-DI-alpha8-amd64-netinst.iso downloaded from cdimage.debian.org mirrors SHA256:

Bug#836266: [Pkg-privacy-maintainers] Bug#836266: Bug#836266: dirmngr: Please disable "use-tor" by default.

Package: parcimonie Version: 0.10.2-4 Followup-For: Bug #836266 I suffered from this same problem here on a fresh stretch install: parcimonie rewrote my dirmngr.conf to add use-tor and broke all network operations *outside* of parcimonie. This is a change of behavior and a significant regression

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Mon, Mar 27, 2017 at 10:39:17AM -0400, Antoine Beaupre wrote: > On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote: > > Thanks for the report, Chris. > > Any timeline for this deployment? Do you need help with patching this > in? Actually, I'm not sure I under

Bug#859123: automate import of DLAs and DSAs in www.debian.org

Package: www.debian.org Severity: normal According to carnil in a discussion on the debian-lts@ mailing list, DLAs and DSAs are manually imported in the website: https://lists.debian.org/debian-lts/2017/03/msg00200.html The process looks something like: cd webwml/english/security

Bug#859122: about 500 DLAs missing from the website

Package: www.debian.org Severity: normal Hi! First, thanks for doing the work of importing DLAs and DSAs in the website, it is greatly appreciated. However, during a discussion on the debian-lts@ mailing list, we have noticed that DLAs since squeeze LTS support was terminated have not been

Bug#859135: CVE-2016-10127: XXE attack via crafted SAML XML request or response

Package: python-pysaml2 X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: normal Tags: security Hi, the following vulnerability was published for python-pysaml2. CVE-2016-10127[0]: | PySAML2 allows remote attackers to conduct XML external entity (XXE)

Bug#859136: CVE-2016-1566: XSS vulnerability in file browser

Package: guacamole-client X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: normal Tags: security Version: 0.9.9+dfsg-1 Hi, the following vulnerability was published for guacamole. CVE-2016-1566[0]: | Cross-site scripting (XSS) vulnerability in the

Bug#858768: apparmor: CVE-2017-6507

Control: found -1 2.7.103-4 Control: notfound -1 2.9.0-3 Here's some more information about that security issue that I could gleam from testing and other sources. To reproduce this in wheezy, you first need to install apparmor: apt-get install apparmor apparmor-profiles sed -i -e

Bug#843722: (no subject)

On Tue, Jan 03, 2017 at 01:16:45PM -0600, Michael Shuler wrote: > On 01/01/2017 12:40 PM, Thomas Lange wrote: > > There's still no fix. Do you need help for a fix? > > If you have a patch idea, that would be great! Apologies for the delay > in getting something together to reproduce and test a

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote: > Thanks for the report, Chris. Any timeline for this deployment? Do you need help with patching this in? A. signature.asc Description: PGP signature

Bug#707178: update on the stressant and breakin packages

Hi all, As those monitoring this bug report may have noticed, I have closed the WNPP bug for the packaging of the "Breakin" tool into Debian. In its place, I have uploaded the "Stressant" package which is a "simple stress testing and burn-in tool". To quote the package description further:

Bug#857942: --log-brief breaks --log-file output

Package: stress-ng Version: 0.07.24-1 Severity: normal I am using stress-ng to build a larger automated stress-testing tool. Therefore, I don't need the "info" prefixes in the generated logfile, so I tried using --log-brief to remove those. By defualt, the logfile works fine: $ stress-ng

Bug#858402: hangs on install when trying to start

Package: docker.io Version: 1.11.2~ds1-6 Severity: grave I tried to install docker.io in Debian stretch (I know, it's banned, but I figured I'd try my luck) and it completely hangs apt-get install: $ LANG=C sudo dpkg --configure -a Setting up docker.io (1.11.2~ds1-6) ... addgroup: The group

Bug#699744: nagios3-cgi: prompting due to modified conffiles which were not modified by the user: /etc/nagios3/stylesheets/outages.css

On Sat, Apr 06, 2013 at 09:29:25AM +0200, Joost van Baal-Ilić wrote: > Hi, > > I agree with Andreas Beckmann it would be useful if a remark could be > added to the release notes. I can apply a patch soon. Below snippets > from previous discussion summarize the relevant parts I believe. >

Bug#706772: dpkg --set-selections ignores available packages never installed or removed by dpkg

Control: tags -1 +moreinfo On Sat, May 04, 2013 at 02:24:01PM -0700, Jonathan Nieder wrote: > Guillem Jover wrote: > > > Ah, much better indeed, thanks Jonathan. > > Thanks for the quick review. Here's the same change in patch form, > with two tweaks: > > - s/machine

Bug#760947: systemd: Does not start consoles configured in /etc/inittab

Control: tag -1 +patch On Mon, Apr 17, 2017 at 09:19:07AM -0400, Antoine Beaupre wrote: > On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote: > > Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit : > > > /etc/inittab is a sysvinit specific config file, w

Bug#760947: systemd: Does not start consoles configured in /etc/inittab

On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote: > Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit : > > /etc/inittab is a sysvinit specific config file, which systemd won't > > read. This is not going to change. > > > > If you have custom changes to /etc/inittab, those

Bug#860841: gtk-redshift should hook into existing running process

Package: redshift-gtk Version: 1.11-1 Severity: wishlist If the systemd service is enabled (and works, see #827098) then a user wanting GUI visbility on whatever redshift is doing might naturally start the graphical application he/she sees in the menus. In this case, both applications get into a

Bug#860842: silently exits on first run

Package: redshift-gtk Version: 1.9.1-4 Severity: normal I have recommended this tool to a friend that has this problem of using the computer too late at night (bad boy, go to sleep! ;). When we did the first setup, my friend naturally clicked on the Redshift icon in the application menus, and

Bug#845989: [Pkg-privacy-maintainers] Bug#845989: marked as done (browser can't be downloaded because of invalid SSL certificate)

On Sun, Nov 27, 2016 at 12:36:05PM -0500, Antoine Beaupré wrote: > On 2016-11-27 11:16:11, Holger Levsen wrote: > > On Sun, Nov 27, 2016 at 10:39:16AM -0500, Antoine Beaupré wrote: > >> > … you've been attacked. > >> I beg to disagree. I doubt that M. Kshevetskiy has been, in this case, > >>

Bug#860920: manpages.debian.org support (dman)

Package: debian-goodies Version: 0.69 Severity: wishlist Tags: patch Hi! We have been working hard on restoring the manpages.debian.org service in the last months. It's now reliable and complete, yet you need a web browser to use it. The neat thing is: manpages.debian.org also ships actual

Bug#851885: Please add pseudopackage `manpages.debian.org'

On Thu, Mar 23, 2017 at 02:55:51PM +, Ian Jackson wrote: > Michael Stapelberg writes ("Re: Bug#851885: Please add pseudopackage > `manpages.debian.org'"): > > Oh, I m not planning to create any bugs. I m working with GitHub. iwj@ > > wanted > > this pseudo-package to be created, and I agreed

Bug#851885: Please add pseudopackage `manpages.debian.org'

On Thu, Mar 23, 2017 at 09:43:00AM -0500, Don Armstrong wrote: > On Thu, 23 Mar 2017, Michael Stapelberg wrote: > > Sorry for the late reply. > > > > The description looks good to me. > > Cool. > > > I don’t have a set of bugs to re-assign. I’m not sure whether the BTS was > > ever used for

Bug#718301: RFP: fedora-liveusb-creator, Cross-platform tool for installing live operating systems on to USB flash drives.

Note that fedorahosted.org closed down on march 1st. The tool is now called "MediaWriter", but is still quite Fedora-specific: https://github.com/MartinBriza/MediaWriter/ See also their usage instructions here: https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB A. -- Never

Bug#860579: ITP: grammalecte -- grammatical corrector for libreoffice and firefox

Package: wnpp Severity: wishlist Owner: Antoine Beaupre <anar...@debian.org> * Package name: grammalecte Version : 0.5.15 Upstream Author : Olivier R. (olivier /at/ grammalecte /dot/ net) * URL : https://www.dicollecte.org/grammalecte/ * License :

Bug#861106: emacs25 uses SHA-1 to pin untrusted X509 certificates

Package: emacs25 Version: 25.1+1-3+b1 Severity: normal I'm getting this when running emacs -q after adding adding the Marmalade repo (https://marmalade-repo.org/packages/): https://paste.anarc.at/snaps/snap-2017.04.24-12.53.11.png This is after running package-list-packages with the Marmalade

Bug#869987: document (and enable?) the automatic purge of downloaded packages (APT::Periodic::AutocleanInterval)

Package: unattended-upgrades Version: 0.93.1+nmu1 Severity: normal Tags: patch Hi, In the past week, my filesystem finally filled up due to 6GB of archives in /var/cache/apt/archives. I identified unattended-upgrades as the cause of this problem, as it didn't purge old packages (hello texlive!)

Bug#870102: automatically update schroots

Package: sbuild Version: 0.73.0-4 Severity: wishlist Tags: patch It would be nice if sbuild automatically updated the configured schroots. As things stand now, a configured schroot will slowly rot down to a point where new builds will have to download a bunch of base packages at each run, if

Bug#871937: stretch-pu: package monkeysign/2.2.3

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, I am working on a new release of Monkeysign, which I'd like to upload in Debian. If it would be just me, I would tag the current HEAD with 2.2.4, considering the changes are

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Fri, May 19, 2017 at 10:46:35AM -0500, Michael Shuler wrote: > On 05/19/2017 10:07 AM, Chris Lamb wrote: > > I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5: > > > > ca-certificates (20161130+nmu1) unstable; urgency=medium > > > > * Non-maintainer upload. > > * Add

Bug#867461: jessie-pu: package ca-certificates/20141019+deb8u3

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu The ca-certificates package in jessie is still vulnerable to #858539, that is it still ships the WoSign and StartCom certificates which have been marked as blacklisted after october

Bug#868728: cups requires do lpadmin configuration to share printers

Package: cups Version: 2.2.1-8 Severity: normal Hi! When trying to share my printers with my roommates through the CUPS web interface, I quickly found the "Share printers connected to this system" button and clicked it. And lo and behold, other Linux (and probably Mac, haven't tried) computers

Bug#858373: apache2: segfaults upon recieving bad request when using worker/event mpm and cgid errordoc

Hi! First, thank you very much for the detailed bug report, very useful! Responses inline. On Tue, Mar 21, 2017 at 11:56:40AM -0500, Brian Kroth wrote: > Package: apache2.2-common > Version: 2.2.22-13+deb7u8 > Severity: normal > Tags: security > > Dear Maintainer, > > We have some websites

Bug#858373: help needed to complete regression fix for apache2 Bug#858373

Hi, (Sorry for the large CC list, but I am hoping to get a broad approval of the next changes for this in order to avoid previous mistakes. ;) In particular, I'd be very grateful for some input by Stefan considering his knowledge of the Apache codebase and how ... exotic this problems is.) As I

Bug#867718: CVE-2017-11108

For what it's worth, I can reproduce this in stretch by rebuilding with ASAN (-lasan -fsanitize=address -fno-omit-frame-pointer). I can also reproduce this in wheezy by running it in valgrind: $ valgrind /usr/sbin/tcpdump -ntr poc ==26648== Memcheck, a memory error detector ==26648== Copyright

Bug#812609: tracker.debian.org: wrong versioned links for security versions

Package: tracker.debian.org Followup-For: Bug #812609 Same issue here. I always end up going to the packages.debian.org site to find the .dsc link... -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture:

Bug#867986: [Pkg-ipsec-tools-devel] Bug#867986: CVE-2016-10396

On Tue, Jul 18, 2017 at 01:53:09PM -0400, Noah Meyerhans wrote: > Control: tags -1 + pending patch > > On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote: > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396 > > > > I believe that the attached

Bug#866790: postfix rules yield error and fail

Package: apparmor Version: 2.11.0-3 Severity: grave Right now, in debian stretch, any apparmor command will yield: $ sudo aa-disable usr.bin.irssi ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found ... if apparmor-profiles is installed. This, obviously, is an error in

Bug#866786: unlock all crypto devices in cryptroot-unlock (remote SSH-based unlocking)

Package: cryptsetup Version: 2:1.7.3-4 Severity: wishlist I have multiple crypto partitions I need to unlock when the machine starts up. I use the dropbear-initramfs hack to unlock those remotely. Unfortunately, the current implementation in "cryptroot-unlock" doesn't seem to handle multiple

Bug#866792: irssi profile should be in complain mode

Package: apparmor-profiles-extra Version: 1.11 Severity: normal The apparmor profile for irssi is way too restrictive. A first failure, in my use case, is restricting logs to be in ~/irclogs. While this *is* the upstream default, it seems rather unusual to enforce this in apparmor. A more common

Bug#805414: gdm3: disable pulseaudio to prevent capturing A2DP sink on session start

On Sat, Jun 24, 2017 at 02:10:26AM +0200, Aurelien Jacobs wrote: > Package: gdm3 > Version: 3.22.3-3 > Followup-For: Bug #805414 > > The workaround from https://wiki.debian.org/BluetoothUser/a2dp used to > work, but starting with gdm3 3.22.3-2, it is not enough anymore. > I found out that I now

Bug#845938: pulseaudio: bt headset: a2dp sink is not selectable - only hsp/hfp works

Package: pulseaudio Version: 10.0-1 Followup-For: Bug #845938 This is still an issue in Debian stretch: the gdm3 package runs pulseaudio, which takes over the bluetooth device and makes it impossible for regular users to connect to their bluetooth device using the hifi A2DP sink. See #805414 for

Bug#863897: sudo: Further issue in parsing /proc/[pid]/stat when process name contains newline

On Mon, Jun 05, 2017 at 06:32:11AM +0200, Salvatore Bonaccorso wrote: > Hi! > > On Sun, Jun 04, 2017 at 08:35:05PM +0200, Salvatore Bonaccorso wrote: > > Hi Bdale > > > > Since time is pressing a bit for the release of stretch, any problem > > in if I would prepare a NMU for both stretch

Bug#867477: poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service

Package: poppler X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security patch upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=100774 Hi, the following vulnerability was published for poppler. CVE-2017-9865[0]: | The

Bug#855225: kodi: CVE-2017-5982: Unrestricted file download

affects 85225 xbmc package xbmc found 85225 2:11.0~git20120510.82388d5-1 thanks I can confirm this affects both jessie-backports and wheezy. I've been able to access random files on my Kodi install using:

Bug#861277: RM: kedpm -- ROM; inactive upstream, unmaintained, security issues

Package: ftp.debian.org Severity: normal I am one of the last maintainers of the kedpm package, and I am not using it anymore. Recently, a security issue was found in the package (#860817), and I feel there may be more - I haven't deeply audited the source code myself. Or if I did, it was a long

Bug#861278: release-notes: mention kedpm is dead

Package: release-notes Severity: wishlist I filed a removal request for kedpm (#861277) and that should be mentioned in the release notes, along with the fpm2 removal: https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages A possible

Bug#861128: RFP: elpa-markdown-toc -- Generate a TOC in markdown file with Emacs

Package: wnpp Severity: wishlist * Package name: elpa-markdown-toc Version : 0.1.2 Upstream Author : Antoine R. Dumont * URL : https://github.com/ardumont/markdown-toc/ * License : GPL-3+ Programming Lang: Elisp Description : Generate a TOC in markdown

  1   2   3   4   5   6   >