Bug#856592: Multiple security issues

On Fri, Mar 03, 2017 at 06:43:03AM +0100, Salvatore Bonaccorso wrote: > in the above list. aheam, what a list. Anyway, you (Moritz) opened this bug as RC, but is it fine to downgrade to important if I deem the issues not grave enough to be RC? They are all crashes, with maliciously crafted PDFs…

Bug#855906: golang-codegangsta-cli: FTBFS: FAIL: TestCommandYamlFileTestDefaultValueFileWins (0.00s) helpers_test.go:10: Expected 15 (type int) - Got 7 (type int)

❦ 23 février 2017 16:57 +0800, Chris Lamb  : > dh_auto_test: go test -v -p 1 github.com/codegangsta/cli > github.com/codegangsta/cli/altsrc returned exit code 1 > debian/rules:4: recipe for target 'build' failed > make: *** [build] Error 1 > dpkg-buildpackage: error:

Processed: tagging 855906

Processing commands for cont...@bugs.debian.org: > tags 855906 + confirmed Bug #855906 [src:golang-codegangsta-cli] golang-codegangsta-cli: FTBFS: FAIL: TestCommandYamlFileTestDefaultValueFileWins (0.00s) helpers_test.go:10: Expected 15 (type int) - Got 7 (type int) Added tag(s) confirmed. >

Processed: Re: empire-hub: maintainer address bounces

Processing control commands: > Severity -1 serious Bug #809625 [src:empire-hub] empire-hub: maintainer address bounces Severity set to 'serious' from 'important' -- 809625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809625 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Bug#855788: 855788 severity

On Thu, 2017-03-02 at 23:30 +0100, Yann Dirson wrote: > FWIW, no such problem here. Is that high severity really warranted ? The package is not working for me at all. I assumed that the reason no-one else reported the same issue was that no-one else was using the package and verifying that it

Bug#856592: Multiple security issues

Hello, On Thu, Mar 02, 2017 at 07:28:23PM +0100, Moritz Muehlenhoff wrote: > Source: libpodofo > Severity: grave > Tags: security > > New podofo issues (no CVEs yet): > > http://www.openwall.com/lists/oss-security/2017/03/02/10 > http://www.openwall.com/lists/oss-security/2017/03/02/9 >

Bug#856615: Second Look

After taking a closer look at the source code, I believe the included Apache-2.0 reference is a mistake. The source code that is licensed with Apache-2.0 is available here: https://neil.fraser.name/software/diff_match_patch/svn/trunk/ None of this source code is present in this source code:

Bug#856536: munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453

Hi On Fri, Mar 03, 2017 at 01:45:10AM +0100, Jonas Meurer wrote: > Hi Salvatore, hi Holger, > > On Thu, 02 Mar 2017 08:12:24 +0100 Salvatore Bonaccorso > wrote: > > Source: munin > > Version: 2.0.25-1+deb8u1 > > Severity: serious > > Tags: upstream > > > > Only after

Processed: Re: Can't be reproduced

Processing commands for cont...@bugs.debian.org: > notfound 856432 8.13.11+dfsg-4 Bug #856432 [gitlab] gitlab --configure looks for postgres 9.1, but 9.6 is installed No longer marked as found in versions gitlab/8.13.11+dfsg-4. > Thanks Stopping processing here. Please contact me if you need

Bug#856432: marked as done (gitlab --configure looks for postgres 9.1, but 9.6 is installed)

Your message dated Fri, 03 Mar 2017 10:16:03 +0530 with message-id and subject line Re: Can't be reproduced has caused the Debian Bug report #856432, regarding gitlab --configure looks for postgres 9.1, but 9.6 is installed to be marked as done.

Bug#846542: marked as done (etcd: FTBFS in testing (undefined: grpc.SupportPackageIsVersion3))

Your message dated Fri, 03 Mar 2017 04:33:59 + with message-id and subject line Bug#846542: fixed in etcd 3.1.1+dfsg-2 has caused the Debian Bug report #846542, regarding etcd: FTBFS in testing (undefined: grpc.SupportPackageIsVersion3) to be marked as

Bug#855876: marked as done (golang-etcd-server-dev: ships md5sums but no files: /usr/share/gocode/src/github.com/coreos/etcd/integration/*)

Your message dated Fri, 03 Mar 2017 04:33:59 + with message-id and subject line Bug#855876: fixed in etcd 3.1.1+dfsg-2 has caused the Debian Bug report #855876, regarding golang-etcd-server-dev: ships md5sums but no files:

Bug#841401: marked as done (chromium: doesn't update extensions)

Your message dated Fri, 03 Mar 2017 03:36:38 + with message-id and subject line Bug#841401: fixed in chromium-browser 56.0.2924.76-5 has caused the Debian Bug report #841401, regarding chromium: doesn't update extensions to be marked as done. This means

Bug#855434: marked as done (chromium: builds with experimental features enabled)

Your message dated Fri, 03 Mar 2017 03:36:38 + with message-id and subject line Bug#855434: fixed in chromium-browser 56.0.2924.76-5 has caused the Debian Bug report #855434, regarding chromium: builds with experimental features enabled to be marked as

Processed: reassign 856630 to clock-setup, forcibly merging 854924 856630

Processing commands for cont...@bugs.debian.org: > reassign 856630 clock-setup Bug #856630 [installation-reports] Creates empty /etc/default/rcS Bug reassigned from package 'installation-reports' to 'clock-setup'. Ignoring request to alter found versions of bug #856630 to the same values

Bug#856536: munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453

Hi Salvatore, hi Holger, On Thu, 02 Mar 2017 08:12:24 +0100 Salvatore Bonaccorso wrote: > Source: munin > Version: 2.0.25-1+deb8u1 > Severity: serious > Tags: upstream > > Only after releasing the DSA, I noticed that the update introduced > another regression, causing to spam

Bug#856624: 勿更新！

Debian experimental, unstable 勿更新 scim and gtk stuff！ 會摧毀您的 configuration. 導致 everything becomes small. http://bugs.debian.org/856624 I replaced scim with the old one. At least I got HANYU PINYIN back. Now I have to replace all the gtk stuff (?) to get the font size 18 back instead of the tiny

Bug#856624: pre-disaster set up

Pre-disaster: :: .scim/config :: /DefaultIMEngineFactory/en_US = fcff66b6-4d3e-4cf2-833c-01ef66ac6025 /DefaultIMEngineFactory/si_LK = IMEngine-M17N-si-wijesekera /DefaultIMEngineFactory/ta_IN = IMEngine-M17N-ta-tamil99 /DefaultIMEngineFactory/zh_CN =

Bug#856624: damaged gtk too

Also now even after reverting to the previous version, the fonts are now too small, and hitting the Sans 18 button just causes the menu to collapse.

Bug#856626: solr-tomcat: fails to start

Package: solr-tomcat Version: 3.6.2+dfsg-9 Severity: grave Justification: renders package unusable solr doesn't start with the following error message(s) in the log 03-Mar-2017 00:04:42.268 SEVERE [localhost-startStop-1] org.apache.tomcat.util.digester.Digester.startElement Begin event threw

Bug#856611: marked as done (python-dkim: The arcverify script added in 0.6.0 produces erroneous results)

Your message dated Fri, 03 Mar 2017 00:03:51 + with message-id and subject line Bug#856611: fixed in dkimpy 0.6.1-1 has caused the Debian Bug report #856611, regarding python-dkim: The arcverify script added in 0.6.0 produces erroneous results to be

Bug#856613: marked as done (python-dkim: The arcverify script added in 0.6.0 produces erroneous results)

Your message dated Fri, 03 Mar 2017 00:03:51 + with message-id and subject line Bug#856613: fixed in dkimpy 0.6.1-1 has caused the Debian Bug report #856613, regarding python-dkim: The arcverify script added in 0.6.0 produces erroneous results to be

Bug#856625: parsedatetime: FTBFS (AssertionError: 0.0666666666667 is not less than 0.05)

Package: src:parsedatetime Version: 2.1-2 Severity: serious Dear maintainer: I tried to build this package in stretch with "dpkg-buildpackage -A" but it failed: [...] debian/rules build-indep dh build-indep --with

Bug#856624: what happened to my conf file?

Why did you do this? diff -U0 /home/jidanni/.scim/config-old /home/jidanni/.scim/config --- /home/jidanni/.scim/config-old 2013-01-25 09:20:57.0 +0800 +++ /home/jidanni/.scim/config 2017-03-03 07:50:46.094513222 +0800 @@ -6,0 +7,2 @@ +/FrontEnd/ChangeFactoryGlobally = false

Bug#856615: Will Fix

I'll get this fixed and re-uploaded tonight. Thanks for catching this! I'll go through and re-check my other packages for accuracy as well.

Bug#856624: HANYU PINYIN DESTROYED

Package: scim Version: 1.4.17-1+b1 Severity: grave This update, has destroyed scim. I no longer can type hanyu pinyin. You also wiped out the user's configuration file.

Bug#852258: marked as done (rt-authen-externalauth: FTBFS: Your installed version of RT (4.4.1-2) is too new)

Your message dated Thu, 02 Mar 2017 23:48:52 + with message-id and subject line Bug#856604: Removed package(s) from unstable has caused the Debian Bug report #852258, regarding rt-authen-externalauth: FTBFS: Your installed version of RT (4.4.1-2) is too

Bug#851987: marked as done (rt-extension-spawnlinkedticketinqueue: Obsolete with RT 4.4)

Your message dated Thu, 02 Mar 2017 23:48:13 + with message-id and subject line Bug#856549: Removed package(s) from unstable has caused the Debian Bug report #851987, regarding rt-extension-spawnlinkedticketinqueue: Obsolete with RT 4.4 to be marked as

Bug#855673: rubocop: FTBFS: RuboCop::Cop::Lint::UselessAssignment when a variable is reassigned in loop body but won't be referenced either next iteration or loop condition registers an offense

On Tue, Feb 21, 2017 at 05:01:03PM +1300, Chris Lamb wrote: > Source: rubocop > Version: 0.47.1+dfsg-1 > Severity: serious > Justification: fails to build from source > User: reproducible-bui...@lists.alioth.debian.org > Usertags: ftbfs > X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org >

Bug#855788: 855788 severity

FWIW, no such problem here. Is that high severity really warranted ?

Bug#856615: golang-github-sergi-go-diff: Incomplete debian/copyright?

Source: golang-github-sergi-go-diff Version: 0.0~git20170118.0.24e2351-1 Severity: serious Justication: Policy 12.5 X-Debbugs-CC: Michael Lustfield Hi, I just ACCEPTed golang-github-sergi-go-diff from NEW but noticed it was missing attribution in debian/copyright for at

Processed: cloning 856611

Processing commands for cont...@bugs.debian.org: > clone 856611 -1 Bug #856611 [python-dkim] python-dkim: The arcverify script added in 0.6.0 produces erroneous results Bug 856611 cloned as bug 856613 > reassign -1 python3-dkim 0.6.0-1 Bug #856613 [python-dkim] python-dkim: The arcverify script

Processed: user debian...@lists.debian.org, usertagging 840930, affects 840930, usertagging 725362 ...

Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 840930 piuparts There were no usertags set. Usertags are now: piuparts. > affects 840930 + python-vmware-nsx Bug #840930 [src:vmware-nsx]

Bug#856611: python-dkim: The arcverify script added in 0.6.0 produces erroneous results

Package: python-dkim Version: 0.6.0-1 Severity: serious Tags: upstream An error in the arcverify script prevents it from producing correct verification results. Depending on how this script is used on an end user system, it may cause incorrect email rejections. This is fixed upstream in version

Bug#811806: Path for bug 811806

Hello, I've succeeded to build the package on current debian testing (stretch) with the patch below. The trick is to remove the "using namespace std" in some files to avoid mix between std::tuple and pam/tuple. I've also changed an implicit conversion from bool(false) to NULL that generated

Bug#856474: stap: include runtime_defines.h not found

FWIW, I attempted to kludge around the mangled include argument by running stap with "-B 'EXTRA_CFLAGS += -I/usr/share/systemtap/runtime'". This seems to work around the compilation failure of missing runtime_defines.h in include path, however compiliation then fails due to what appears to be API

Bug#856474: stap: include runtime_defines.h not found

On 03/02/2017 06:40 PM, Ritesh Raj Sarraf wrote: > I just pushed 3.1 to Experimental, the reason being 3.0 is going to be useless > for Debian Stretch. We need 3.1 to get it working proper with 4.9 kernel too. Did I get that right: you are planning to ship SystemTap 3.1 with Stretch? (If so:

Bug#837338: marked as done (libtorrent-rasterbar: CVE-2016-7164: segmentation fault caused by malformed GZIP encoded response)

Your message dated Thu, 2 Mar 2017 20:48:00 +0100 with message-id <20170302194800.vg64d2vpmwraf...@ramacher.at> and subject line Re: fixed 837338 in 1.1.1-1 has caused the Debian Bug report #837338, regarding libtorrent-rasterbar: CVE-2016-7164: segmentation fault caused by malformed GZIP encoded

Bug#856599: libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7

Package: libktpcommoninternals9 Version: 15.08.3-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed apt does not find a clean upgrade path from jessie to stretch in some cases with libktpcommoninternalsprivate7 is installed. I tried

Bug#856432: Can't be reproduced

Balalsankar, Thanks for testing. my install attempt has been on a long lived VM that was recently upgraded. postgres 9.1, 9.4 and the respective postgres clients were still installed. After purging those, and reinstalling postgreSQL 9.6, the reinstall still failed I removed everything

Processed: I can reproduce the problem with the stretch version

Processing commands for cont...@bugs.debian.org: > found 856457 31.0.3-1 Bug #856457 [src:sogo-connector] sogo-connector: FTBFS: python: can't open file '/usr/lib/icedove-devel/sdk/bin/typelib.py': [Errno 2] No such file or directory Marked as found in versions sogo-connector/31.0.3-1. > thanks

Processed: Bug is also in the version in stretch

Processing commands for cont...@bugs.debian.org: > found 856211 1.56 Bug #856211 [src:anna] anna: please implement SHA256 verification of .udeb files Marked as found in versions anna/1.56. > thanks Stopping processing here. Please contact me if you need assistance. -- 856211:

Bug#856592: Multiple security issues

Source: libpodofo Severity: grave Tags: security New podofo issues (no CVEs yet): http://www.openwall.com/lists/oss-security/2017/03/02/10 http://www.openwall.com/lists/oss-security/2017/03/02/9 http://www.openwall.com/lists/oss-security/2017/03/02/8

Bug#749272: marked as done (varnish doesn't source /etc/default/varnish when started but uses it when reloaded)

Your message dated Thu, 02 Mar 2017 18:20:44 + with message-id and subject line Bug#749272: fixed in varnish 5.0.0-7 has caused the Debian Bug report #749272, regarding varnish doesn't source /etc/default/varnish when started but uses it when reloaded to

Processed: Re: Bug#856474: stap: include runtime_defines.h not found

Processing control commands: > severity -1 grave Bug #856474 [systemtap] stap: include runtime_defines.h not found Severity set to 'grave' from 'normal' > tag -1 +help Bug #856474 [systemtap] stap: include runtime_defines.h not found Added tag(s) help. -- 856474:

Processed: Unarchive and make RC - should really also be fixed in older releases

Processing commands for cont...@bugs.debian.org: > unarchive 759481 Bug #759481 {Done: Christoph Ulrich Scholler } [tinyca] tinyca: No support for SHA2 as a signature algorithm. SHA1 gets deprecated in 2016. Unarchived Bug 759481 > severity 759481 serious Bug

Bug#856585: sugar-physics-activity: ships files in /usr/share/mime

Package: sugar-physics-activity Version: 7+dfsg-1.3 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package modifies/removes files that it shipped. >From the attached log (scroll to the bottom...): 0m57.5s ERROR: FAIL:

Processed: [bts-link] source package src:python-websockets

Processing commands for cont...@bugs.debian.org: > # > # bts-link upstream status pull for source package src:python-websockets > # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html > # > user bts-link-upstr...@lists.alioth.debian.org Setting user to

Bug#856147: marked as done (dash-el: Incomplete debian/copyright?)

Your message dated Thu, 02 Mar 2017 17:04:09 + with message-id and subject line Bug#856147: fixed in dash-el 2.13.0+dfsg-0.1 has caused the Debian Bug report #856147, regarding dash-el: Incomplete debian/copyright? to be marked as done. This means that

Bug#809669: unattended-upgrades: files got created under /var/ mountpoint

Hello, Le 21/02/2017 à 12:31, Scott Leggett a écrit : > Hi Louis, > > On Wed, 15 Feb 2017 14:34:58 +0100 Louis Bouchard > wrote: >> Hello, >> >> I may be wrong, but this clearly shows that the Unattended Upgrades Shutdown >> unit starts once the target Network is

Processed: user debian...@lists.debian.org, usertagging 851987, usertagging 852258, usertagging 842023 ...

Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 851987 piuparts Usertags were: piuparts. Usertags are now: piuparts. > usertags 852258 piuparts There were no usertags set. Usertags are

Bug#848230: reassign 848230 to python-neovim, closing 848230

reassign 848230 python-neovim 0.1.9-1 close 848230 0.1.13-1 thanks

Processed: reassign 848230 to python-neovim, closing 848230

Processing commands for cont...@bugs.debian.org: > reassign 848230 python-neovim 0.1.9-1 Bug #848230 [python3-neovim-gui] /usr/bin/pynvim: crashes on startup ("Cannot add child handler") Bug reassigned from package 'python3-neovim-gui' to 'python-neovim'. No longer marked as found in versions

Processed: Re: Bug#856560: ppc64el: "Cannot find any VM in Java Home" issue

Processing control commands: > severity -1 important Bug #856560 [jsvc] ppc64el: "Cannot find any VM in Java Home" issue Severity set to 'important' from 'serious' -- 856560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856560 Debian Bug Tracking System Contact ow...@bugs.debian.org with

Bug#856560: ppc64el: "Cannot find any VM in Java Home" issue

Control: severity -1 important Thank you for the report Breno. I'm lowering the severity, I don't think this is critical to the point the package should be removed from Stretch. Emmanuel Bourg

Bug#856560: ppc64el: "Cannot find any VM in Java Home" issue

Package: jsvc Version: 1.0.15-7 Severity: serious Tags: patch Hello, package jsvc does not work on ppc64el right now. On ppc64 and ppc64le archs jsvc looks for jvm.cfg and JVM shared objects in the wrong path. Be it used with IBM Java or OpenJDK (where the problem was first encountered), there

Bug#856525: marked as done (pkgconf: fails to install: Can't locate Dpkg/Arch.pm in @INC)

Your message dated Thu, 02 Mar 2017 12:34:19 + with message-id and subject line Bug#856525: fixed in pkgconf 0.9.12-5 has caused the Debian Bug report #856525, regarding pkgconf: fails to install: Can't locate Dpkg/Arch.pm in @INC to be marked as done.

Processed: Re: Processed: Re: [Packaging] Bug#856536: munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /

Processing commands for cont...@bugs.debian.org: > notfound 856536 2.999.6-1 Bug #856536 [src:munin] munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453

Processed: Re: [Packaging] Bug#856536: munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/c

Processing commands for cont...@bugs.debian.org: > notfound 856536 2.999-6 Bug #856536 [src:munin] munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453 The

Processed: bug 856536 is forwarded to https://github.com/munin-monitoring/munin/issues/804

Processing commands for cont...@bugs.debian.org: > forwarded 856536 https://github.com/munin-monitoring/munin/issues/804 Bug #856536 [src:munin] munin: regression from DSA-3794-2: spams munin logs with unitialized warnings: [PERL WARNING] Use of uninitialized value $size_x in string eq at

Bug#852623: sitesummary-client fails to submit data

[Petter Reinholdtsen] > Anyone planning a backport to Jessie? I prepared a update in git and asked the release managers for approval for the update, tracked as http://bugs.debian.org/856539 >. -- Happy hacking Petter Reinholdtsen