On Thu, Feb 15, 2007 at 10:48:25PM -0800, Jiggly Puff wrote:
I'm sorry if I'm stepping on anybody's toes, but this reeks of
unnoticed loose end. This bug is still identified as grave, and is
counted as release critical in etch.
It isn't counted as release-critical in etch because it's tagged
Le jeudi 15 février 2007 21:17, Stephen Gran a écrit :
This one time, at band camp, Philippe Cloutier said:
Steve Langasek a écrit :
On Wed, Feb 14, 2007 at 03:55:53PM -0500, Filipus Klutiero wrote:
GOVERNMENT USE: If you are acquiring this software on behalf of the
U.S. government, the
Le jeudi 15 février 2007 21:41, Steve Langasek a écrit :
On Thu, Feb 15, 2007 at 09:07:25PM -0500, Philippe Cloutier wrote:
GOVERNMENT USE: If you are acquiring this software on behalf of the
U.S. government, the Government shall have only Restricted Rights in
the software and related
Package: ogre
Version: 1.0.6-1.4
Severity: serious
Hello,
There was a problem while autobuilding your package:
Automatic build of ogre_1.0.6-1.4 on nasya by sbuild/sparc 0.52
Build started at 20070216-0723
* Frank Küster:
Since all that debsecan-create-cron does is to choose a random time, set
the suite and decide whether the file should exist at all, it shouldn't
be hard to do that in a policy-conformant way:
The main reason why I did this way is that it's difficult to
reschedule the actual
Package: clamav
Version: 0.84-2.sarge.13
Severity: serious
All versions prior to 0.90 are suspected to be vulnerable to a resource
consumption vulnerability in Clam AntiVirus' ClamAV allows remote attackers to
degrade the service of the clamd scanner. E.g., legitimate email can be refused
because
Package: clamav
Version: 0.84-2.sarge.13
Severity: serious
Hello,
All versions prior to the 0.90 stable release are suspected to be vulnerable to
a directory traversal vulnerability that allows remote attackers to overwrite
files owned by the clamd scanner, such as the virus database file. This
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.9.27
# DoS is important, not serious
severity 48 important
Bug#48: clamav: CVE-2007-0897 - CAB File Denial of Service Vulnerability
Severity set to `important' from `serious'
End
Hello,
Duncan Findlay wrote (15 Feb 2007 05:47:03 GMT) :
Source: spamassassin
Source-Version: 3.1.7-2
We believe that the bug you reported is fixed in the latest version of
spamassassin, which is due to be installed in the Debian FTP archive:
Are there plans to prepare sarge packages
Your message dated Fri, 16 Feb 2007 12:02:03 +
with message-id [EMAIL PROTECTED]
and subject line Bug#408249: fixed in alsa-driver 1.0.13-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is
found 47 0.84-2.sarge.13
found 47 0.88.7-1
found 47 0.90~rc3-1
notfound 47 0.84-2.sarge.14
notfound 47 0.88.7-2
notfound 47 0.90-1
close 47 0.90-1
close 47 0.88.7-2
close 47 0.84-2.sarge.14
found 48 0.84-2.sarge.13
found 48 0.88.7-1
found 48
Processing commands for [EMAIL PROTECTED]:
found 47 0.84-2.sarge.13
Bug#47: clamav: CVE-2007-0898 - MIME Header Directory Traversal
Bug marked as found in version 0.84-2.sarge.13.
found 47 0.88.7-1
Bug#47: clamav: CVE-2007-0898 - MIME Header Directory Traversal
Bug marked as
Florian Weimer [EMAIL PROTECTED] wrote:
- the suite can be changed by a simple sed -i command
This is also wrong because this is a crontab entry, not a
configuration file. You cannot assume anything about its syntax
(beyond the part which is interpreted by cron).
That's a point.
sed -i
Hi,
There are more web applications in Debian accessing to /etc. For example
PhpMyAdmin:
~$ ls -l /usr/share/phpldapadmin/config/config.php
config.php - /etc/phpldapadmin/config.php
Thanks for using my package as an example, but this way of referencing
the config is not insecure.
On Sat, Feb 10, 2007 at 11:13:11AM +0100, Jeroen van Wolffelaar wrote:
An option, therefore, is to have a pdns uploaded without the bind
backend, and a NEWS.Debian stating that sorry, no bind backend
available, because it's not of release quality or something.
Since other than our brief
Your message dated Fri, 16 Feb 2007 13:02:02 +
with message-id [EMAIL PROTECTED]
and subject line Bug#289739: fixed in inform 6.30-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now
On Friday 16 February 2007 13:57, Jeroen van Wolffelaar wrote:
On Sat, Feb 10, 2007 at 11:13:11AM +0100, Jeroen van Wolffelaar wrote:
An option, therefore, is to have a pdns uploaded without the bind
backend, and a NEWS.Debian stating that sorry, no bind backend
available, because it's not
I've fixed this locally in two ways:
a) use cronolog and alter init.d (see attached diff)
Pro: simple
Con: end up with two logs
b) using log4j
Pro: catalina.log file has predictable name for log analysis
Con: more complicated
for b) you need to delete the -outfile and -errfile line from the
Your message dated Fri, 16 Feb 2007 14:47:02 +
with message-id [EMAIL PROTECTED]
and subject line Bug#410047: fixed in gajim 0.10.1-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
I've spent more time researching this by reading kernel code, checking the
boot process of other distros and trolling through mailing list archives
and I think I have a pretty good picture of the problem now.
Description:
Basically udevsettle will return once all modules have been loaded and
Update: upstream says it's not a serious security issue in his opinion.
He intends to release a fix this weekend anyway.
Christoph
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Why don't we simply drop a script into /etc/cron.hourly which sleeps
for up to 60 minutes and then calls debsecan, using
/etc/default/debsecan to determine the suite?
That would solve the problems, no?
--
.''`. martin f. krafft [EMAIL PROTECTED]
: :' : proud Debian developer, author,
* Frank Küster:
sed -i is also not available on sarge IIRC, but it's esay to work
around that.
Yes, is debsecan on backports.org?
I don't think so. The sid version should run on sarge without a
recompile.
PAGE_SIZE patch for Debian verilog 0.8-4.1, fixing bug#411063.
If for some reason the sysconf() call fails, I think 0 is
the best possible result: it is obviously incorrect.
Steve, the same change should also be applied to 0.9.
- Larry
--- /home/ldoolitt/deb-src/verilog-0.8/vvp/main.cc
Your message dated Fri, 16 Feb 2007 17:32:04 +
with message-id [EMAIL PROTECTED]
and subject line Bug#410850: fixed in amarok 1.4.4-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
Frank Küster [EMAIL PROTECTED] wrote:
The problems with ucf are:
The most important reason, IMHO, was the one I forgot: You either loose
a main assets of debconf, or you ask twice.
Consider that in a new version of the package, a default answer to the
debconf question changes, and people who
Package: kernel
Severity: critical
Multiple attempts to install Etch fail. The syslog file is filled with
failure messages along these lines:
Feb 16 01:09:27 debootstrap: Unpacking replacement base-files ...
Feb 16 01:09:57 kernel: ata1: command 0xca timeout, stat 0x50 host_stat 0x24
Feb 16
Package: gnome-user-share
Version: 0.10-3
Severity: grave
Justification: renders package unusable
As the mime module is not loaded, the TypesConfig directive cannot be used.
Adding the following LoadModule directive fixes the problem :
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
Package: dmraid
Version: 1.0.0.rc13-2
Severity: grave
Justification: renders package unusable
I am trying to use dmraid with a NVIDIA NForce software RAID.
I can see the raid metadata correctly, but when I try to activate (dmraid -ay)
I get this error:
ERROR: device-mapper target type
Jeroen (and Bas I assume),
Can you provide me with a copy of your problematic a-eskwadraat zone?
Thanks
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.9.27
reassign 411170 linux-2.6
Bug#411170: SATA failures with amd64 version of Etch
Bug reassigned from package `kernel' to `linux-2.6'.
End of message, stopping processing here.
Please
On Fri, Feb 16, 2007 at 02:29:36PM -0500, Bob Kline wrote:
I have saved as much of syslog as was flushed right before giving up (at
the rate it was going it would have taken days to finish -- if ever --
what completed successfully in under a half hour using the i386 version)
on the last
On Fri, Feb 16, 2007, Paul Logasa Bogen II wrote:
I am trying to use dmraid with a NVIDIA NForce software RAID.
I can see the raid metadata correctly, but when I try to activate (dmraid -ay)
Do you know with which kernel version it worked for you in the past?
--
Loïc Minier [EMAIL PROTECTED]
Hello,
I got access to an ARM box, and was unable to reproduce this problem.
Linux debian 2.6.18-4-iop32x #1 Sat Feb 3 12:15:12 UTC 2007 armv5tel GNU/Linux
The machine was running couple months old sid, and it was upgraded to
this day, but in either case, everything works just fine.
The only
You're right. It is tagged as sarge. I hadn't noticed that. For some
reason, though, that tag had not propogated to the list of release
critical bugs: http://bugs.debian.org/release-critical/all.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
dann frazier wrote:
hey Bob,
Its very likely that the success of the i386 install wasn't due to
the architecture, but rather to a newer kernel used (kernel has changed
significantly between 20061110 and 20070215). Please try the 20070215
amd64 installer.
Thanks, Dann. I'll give it a try.
I've sent a ping to the development list.
--
Loïc Minier [EMAIL PROTECTED]
---BeginMessage---
Hi,
It seems the ascii_type[] table maps some RAID usage to the raid45
device mapper target, but I think the raid[45] modules were dropped in
2.6.18 in favor of raid456.
This was reported
On Fri, Feb 16, 2007 at 03:33:58PM -0500, Bob Kline wrote:
dann frazier wrote:
hey Bob,
Its very likely that the success of the i386 install wasn't due to
the architecture, but rather to a newer kernel used (kernel has changed
significantly between 20061110 and 20070215). Please try the
Your message dated Fri, 16 Feb 2007 13:43:43 -0700
with message-id [EMAIL PROTECTED]
and subject line Bug#411170: SATA failures with amd64 version of Etch
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the
[cc shortened]
Romain Beauxis [EMAIL PROTECTED] wrote:
Le jeudi 8 février 2007 22:17, Steve Langasek a écrit :
I think the bug #388616 should be granted this etc-ignore. The
configuration file is never shiped with the package nor generated by the
software. It is generated in config/
Loïc Minier wrote:
On Fri, Feb 16, 2007, Paul Logasa Bogen II wrote:
I am trying to use dmraid with a NVIDIA NForce software RAID.
I can see the raid metadata correctly, but when I try to activate (dmraid -ay)
Do you know with which kernel version it worked for you in the past?
Processing commands for [EMAIL PROTECTED]:
severity 411172 important
Bug#411172: dmraid is looking for the raid45 kernel module and not the raid456
modules.
Severity set to `important' from `grave'
stop
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
severity 411172 important
stop
On Fri, Feb 16, 2007, Paul Logasa Bogen II wrote:
Do you know with which kernel version it worked for you in the past?
never tried it before
Ok, then I'm downgrading the bug to important as it is not a
regression.
--
Loïc Minier [EMAIL PROTECTED]
Hi,
the vulnerabilities on secunia.com have been fixed long time ago (see
their recommendation to upgrade).
The patch you supplied is actually not enough to prohibit users from
entering script code. I fixed following additional cases:
- Enter a user name, full name or email address
On Fri, Feb 16, 2007 at 10:26:15PM +0200, Jaakko Niemi wrote:
I got access to an ARM box, and was unable to reproduce this problem.
Linux debian 2.6.18-4-iop32x #1 Sat Feb 3 12:15:12 UTC 2007 armv5tel GNU/Linux
The machine was running couple months old sid, and it was upgraded to
this day,
* Steve Langasek [EMAIL PROTECTED] [2007-02-16 14:37]:
I guess the other differences are the iop32x kernel vs. the ixp4xx
kernel, and the corresponding difference in hardware.
The iop32x board is much faster which might make a difference if this
is in any way related to #406552. Unfortunately,
Package: iceweasel
Version: 2.0.0.1+dfsg-2
Severity: grave
Tags: security, fixed-upstream, patch
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says:
Mozilla based browsers allows remote attackers to bypass the same
origin policy, steal cookies, and conduct other attacks by writing
Processing commands for [EMAIL PROTECTED]:
reassign 410695 apt
Bug#410695: zope2.7 causqe upgrade failure
Bug reassigned from package `upgrade-reports' to `apt'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
reassign 410695 apt
thanks
On Wed, Feb 14, 2007 at 12:06:09AM +0100, Bill Allombert wrote:
On Mon, Feb 12, 2007 at 05:42:31PM -0800, Steve Langasek wrote:
On Mon, Feb 12, 2007 at 06:53:53PM +0100, Bill Allombert wrote:
Package: upgrade-reports
Severity: serious
The piuparts run
Package: gquilt
Version: 0.17-2
Severity: serious
Justification: renders package unusable
Hello,
I have recently updated python 2.4 and from this time, gquilt refused
working with an error message immediately after I run it:
RuntimeError: Bad magic number in .pyc file
Probably there is some
Hi Sami,
I'm told that dmcrypt+XFS has never worked in the upstream kernel or in
Debian, so this is essentially an unsupported configuration. But you've
filed this bug as critical with the justification that it causes serious
data loss. Did you lose data as a result of this bug? Could you
I would say if the server binary has ever worked on any arm machine, then
keep it.
I did manage to start investigating this. I recompiled the package with some
extra trace (very slowly, using qemu)
and got some additional information. Unfortunately, I haven't had time to
continue and follow
Bob Kline wrote:
Thanks, Dann. I'll give it a try.
I'll report back the results with the newer kernel.
Works perfectly. Sorry for the confusion about the kernel versions.
Guess I was confused about what frozen meant. (Good thing it didn't
mean what I thought it meant, or I'd have been
tag 410731 patch
thanks
Given that
python-twisted-runner depends: python-twisted-core (= 2.4)
python twisted-core depends: python-twisted-bin (= 2.4.0-3)
python-twisted-bin depends: python (= 2.4)
It appears that python-twisted-runner won't actually work on python
2.3. Thus, providing
Processing commands for [EMAIL PROTECTED]:
tag 410731 patch
Bug#410731: python-twisted-runner: file conflict with python2.3-twisted-bin
There were no tags set.
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.9.26
tags 380825 patch
Bug#380825: Python transition (#2): you are building a private python module !
There were no tags set.
Tags added: patch
End of message, stopping processing here.
tag 391937 patch
tag 391941 patch
tag 391942 patch
tag 391947 patch
tag 391950 patch
thanks
I've manually tested building these packages after installing in a
chroot the proposed NMU by Adam Cécile available in #380825
with excelent results. Thus, making that upload would also take care
of these
Processing commands for [EMAIL PROTECTED]:
tag 391937 patch
Bug#391937: FTBFS: You need GNUe-Common 0.5.2 or newer installed to install
GNUe-AppServer
There were no tags set.
Tags added: patch
tag 391941 patch
Bug#391941: FTBFS: You need GNUe-Common 0.5.2 or newer installed to install
Jiří Paleček wrote:
Package: gquilt
Version: 0.17-2
Severity: serious
Justification: renders package unusable
Hello,
I have recently updated python 2.4 and from this time, gquilt refused
working with an error message immediately after I run it:
RuntimeError: Bad magic number in .pyc file
On Sat, Feb 17, 2007 at 01:42:07PM +1000, Peter Williams wrote:
Jiří Paleček wrote:
Package: gquilt
Version: 0.17-2
Severity: serious
Justification: renders package unusable
Hello,
I have recently updated python 2.4 and from this time, gquilt refused
working with an error message
On Thu, Feb 15, 2007 at 03:19:42PM -0500, Filipus Klutiero wrote:
utils/base64/base64.tcl's copyright notice contains
# See the file license.terms for information on usage and
# redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
This license.terms file is not included
On Fri, Feb 16, 2007 at 04:05:17AM -0500, Filipus Klutiero wrote:
But in any case, the following sentence is what matters:
Notwithstanding the foregoing, the authors grant the U.S. Government and
others acting in its behalf permission to use and distribute the software
in
Steve Langasek a écrit :
On Thu, Feb 15, 2007 at 03:19:42PM -0500, Filipus Klutiero wrote:
utils/base64/base64.tcl's copyright notice contains
# See the file license.terms for information on usage and
# redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
63 matches
Mail list logo
