4
Too bad. I have an RFA open for stfl. I'm CC'ing this so if a person is
interested in adopting it can consider adopting spl as well. I have no
intentions of doing another upload for this.
Cheers,
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpQ8tsD_OtP4.pgp
Description: PGP signature
by default,
unless a user explicitly requests to do so. As such I'm not sure how useful
this patch is as well.
Matthias, do you mind weighing in on this?
Thanks
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpm4RkxJdrGf.pgp
Description: PGP signature
-fetchmail-ma...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-fetchmail-maint
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpyIubufqoBa.pgp
Description: PGP signature
include the patch to fix your package. Otherwise we can't remove ruby
1.8 from the
archive.
Will include in the next upload.
Thanks!
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe
-2013-1064
http://security-tracker.debian.org/tracker/CVE-2013-1064
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
Description: fix possible privilege escalation via policykit UID lookup race.
Author: Marc Deslauriers
-bin/cvename.cgi?name=CVE-2013-5745
http://security-tracker.debian.org/tracker/CVE-2013-5745
https://bugzilla.gnome.org/show_bug.cgi?id=641811
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpmDlABSWY0j.pgp
/cvename.cgi?name=CVE-2013-2014
http://security-tracker.debian.org/tracker/CVE-2013-2014
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpHdX9ExAZ3O.pgp
Description: PGP signature
and there are no reverse dependencies.
I therefore suggest removing the package from testing due to it's bad shape.
FWIF, I'm fine with that. The stuff is easy to address, but I lost interest in
doing so.
Cheers
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgprEBSyMOkfA.pgp
I'll probably fix it next week. Sorry I'm traveling right
now...
Cheers
Nico
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
pgpp97JFsRRNu.pgp
Description: PGP signature
changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762
http://security-tracker.debian.org/tracker/CVE-2013-1762
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: n...@jabber.ccc.de - GPG: 0xA0A0
the affected versions in the BTS as needed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgppbYwtzHCYJ.pgp
Description: PGP signature
Hi,
* Eric Dorland e...@debian.org [2013-01-05 14:02]:
* Thijs Kinkhorst (th...@debian.org) wrote:
On Fri, January 4, 2013 11:39, Thijs Kinkhorst wrote:
On Thu, January 3, 2013 04:19, Christoph Anton Mitterer wrote:
This is a follow up for #697108 and CVE-2012-6085.
Eric,
-2012-5881
http://security-tracker.debian.org/tracker/CVE-2012-5881
http://yuilibrary.com/support/20121030-vulnerability/
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpJzKrqok0MR.pgp
Description: PGP signature
Package: suckless-tools
Version: 38-2
Severity: grave
Justification: user security hole
Hey,
this package has not updated any of the tools included since two years.
Please package newer tools, especially but most important slock.
The current version of slock has no indication whatsoever that a
Hi,
* Stefan Lippers-Hollmann s@gmx.de [2012-10-08 23:37]:
On Monday 08 October 2012, Nico Golde wrote:
Package: wpa
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for hostapd.
CVE-2012-4445[0]:
| Timo Warns discovered that the internal
-2_0.6.10-2+squeeze1.patch
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445
http://security-tracker.debian.org/tracker/CVE-2012-4445
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgp8zwwyLtbOP.pgp
Description: PGP
for reference.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpRv4UnZrSnD.pgp
Description: PGP signature
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://security-tracker.debian.org/tracker/CVE-2012-4405
Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
pgpFiQERp8JtJ.pgp
Description: PGP signature
Package: freeradius
Severity: grave
Tags: security
Hi,
the following vulnerability was published for freeradius.
CVE-2012-3547[0]:
| PRE-CERT Security Advisory
| ==
|
| * Advisory: PRE-SA-2012-06
| * Released on: 10 September 2012
| * Affected product: FreeRADIUS 2.1.10
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpGUt8PKITnO.pgp
Description: PGP signature
6.0.6.
I had prepared an upload to fix this issue in stable.
Are you OK with an upload to stable then?
Please notify the release team before.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
* Julian Taylor jtaylor.deb...@googlemail.com [2012-05-02 21:17]:
the patch for the code execution probably contains a regression
I can't judge how severe it is or provide a testcase:
/usr/share/gajim/src/notify.py:323
command = gajim.config.get_per('notifications',
patches/series |1
3 files changed, 55 insertions(+)
debdiff, dsc and debian.tar.gz attached
Looks good. Please go ahead and upload this to security-master.
Thank you!
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3V5ltXwqMT.pgp
Description: PGP signature
/show_bug.cgi?id=8821
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpt1urDOvq8y.pgp
Description: PGP signature
Hi,
* Gerrit Pape p...@smarden.org [2012-02-27 15:48]:
On Fri, Feb 24, 2012 at 03:54:34PM +0100, Nico Golde wrote:
Source: dropbear
Severity: grave
Tags: security patch
Hey,
below is a forwarded report describing a vulnerability in dropbear.
Accoring to upstream's changelog
Hi,
* Moritz Muehlenhoff j...@debian.org [2012-02-14 18:11]:
This has been assigned CVE-2011-0790:
Just to make sure there is no confusion, this should've been CVE-2012-0790.
Cheers
Nico
pgpsedVHOKbzT.pgp
Description: PGP signature
to Matt.
- End forwarded message -
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpmyvB9rRsPk.pgp
Description: PGP signature
-2011-5081
http://security-tracker.debian.org/tracker/CVE-2011-5081
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFnY08su1Lj.pgp
Description: PGP signature
changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1198
http://security-tracker.debian.org/tracker/CVE-2012-1198
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
-group-permissions-for-pastescriptserve
Upstream patch:
[4] https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4
- End forwarded message -
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
CVE-2012-0878 has been assigned to this issue.
Cheers
Nico
pgptN7h60BSxc.pgp
Description: PGP signature
/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://security-tracker.debian.org/tracker/CVE-2012-0841
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpsXzXVwN5X1.pgp
Description: PGP signature
Hi,
* Timo Juhani Lindfors timo.lindf...@iki.fi [2012-02-23 00:01]:
Nico Golde n...@debian.org writes:
the following CVE (Common Vulnerabilities Exposures) id was
published for systemtap.
Thanks but this was already reported as #660886, merging.
Thanks, I didn't see the other bug before
Package: fex
Severity: grave
Tags: security
Hi,
there is a new upstream release of F*x fixing a cross-site scripting issue via
the id parameter of the fup script.
http://fex.rus.uni-stuttgart.de/fex.html
There is no CVE id for this issue yet.
Kind regards
Nico
pgp6OfKDBCm6v.pgp
Description:
retitle 660621 multiple cross-site scripting issues in fup script
thanks
For the sake of being complete... other parameters such as from and to are
also affected (http://www.openwall.com/lists/oss-security/2012/02/20/1).
Cheers
Nico
pgp4amlS9OsYf.pgp
Description: PGP signature
generally not involved in such discussions until after
the security team have decided they don't want to issue a DSA for a
particular issue and someone raises it with us.
We will not issue a DSA for this vulnerability. Please go ahead and fix this
through spu.
Kind regards
Nico
--
Nico Golde
Package: python-virtualenv
Version: 1.4.9-3
Severity: grave
Tags: patch
Hi,
it was discovered that python-virtualenv is handling /tmp files in an insecure
manner.
The following patch fixed this problem:
https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5
A CVE id for this issue has
. Will be fixed soon.
Thanks!
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEqXrrFMLsy.pgp
Description: PGP signature
Hi,
* Michael Tokarev m...@tls.msk.ru [2011-10-05 20:44]:
I'm Cc'ing the relevant bug# so others may see this information.
Hopefully you wont object -- the bug is public for a long time.
No, not at all.
On 05.10.2011 16:04, Nico Golde wrote:
* Nico Golde n...@ngolde.de [2011-10-05 11:21
screwed.
Alright makes sense. Thanks for taking the time to explain this!
The user-tag imho is not correct though in this case, but doesn't really
matter either.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
/cgi-bin/cvename.cgi?name=CVE-2011-1959
http://security-tracker.debian.org/tracker/CVE-2011-1959
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpbXneUQkmtR.pgp
Description: PGP signature
CVE-2011-0867 CVE-2011-0869 CVE-2011-0865
Some of the issues seem to be windows specific.
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
, the build would fail.
Fixes Debian Bug #622054
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054
Thanks for the patch, will upload a new fetchmail package probably tomorrow.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security
and others from an end-user perspective?
The code doesn't look like it was written with security in mind and I guess
it's only a matter of time for new issues to popup for this lib.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097
http://security-tracker.debian.org/tracker/CVE-2011-1097
--
Nico Golde - http
, at), \
OK) \
: ERR)
So QWORD PTR [rdi+0x10] should correspond to win-_attrs meaning that in this
case
win would be null.
How can this be? It is definitely no newsbeuter bug and I'm not sure if it
is an stfl bug to be honest.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
* Sven Joachim svenj...@gmx.de [2011-03-07 17:53]:
On 2011-03-07 17:35 +0100, Nico Golde wrote:
* Craig Small csm...@debian.org [2011-03-07 10:49]:
On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
I'm not sure if the problem is in newsbeuter (e.g. using the lib
received a
similar bug report today. Just by a quick glance I'm unsure if this is an
ncurses problem or not.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpuwTbKEugNF.pgp
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpEtMwBVIWqs.pgp
Description: PGP signature
will be removed after -2 migrated to squeeze.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpn6MJXYxwvv.pgp
Description: PGP signature
Wolf, who has kindly agreed to upload it pending
approval.
[...]
This issue doesn't warrant a DSA. Could you please upload this to
stable-proposed-updates[0]?
Cheers
Nico
[0] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
--
Nico Golde - http://www.ngolde.de - n
Hi,
* Paul Wise p...@debian.org [2010-11-09 07:10]:
# Automatically generated email from bts, devscripts version 2.10.35lenny7
tags 598389 + security
severity 598389 serious
Pierre, can you ask for an unblock of this version so this fix can make it
into squeeze?
Thanks
Nico
--
Nico Golde
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpXhIDTvTyCK.pgp
Description: PGP signature
scheduled a binNMU. A quick fix is to upgrade to the version in
proposed-updates when it's available there latest tomorrow evening.
Thanks!
Sorry for the inconvenience...
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
Hi,
* Jonathan Nieder jrnie...@gmail.com [2010-09-07 13:12]:
Nico Golde wrote:
I'm wondering what this was. I'm building in a clean chroot and to be
honest I
have no idea what went wrong. The umask in this chroot is 022.
Hmm, odd. Do you unpack from within the chroot
(for ie : to enable a good antispam starting).
I don't quite understand this, where would you expect this delay to be
implemented?
So far I don't see the bug therefore downgrading the severity.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
Hi,
this package was already uploaded to DELAYED/2 but it was closing the wrong
bug so I canceled it and reupped the NMU. debdiff attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
Hi,
I uploaded an NMU to DELAYED/2 to fix this bug. Please let me know if I should
delay it any further. debdiff attached.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff
/usr/bin/dh_numpy ] dh_numpy
so we could backport without hassle.
What do you think?
Sounds good, replaced the version in DELAYED with attached debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
worked.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpMyRhVuNdQM.pgp
Description: PGP signature
Hi,
I uploaded an NMU to fix this bug to DELAYED/2. Please let me know if I should
delay this any further. debdiff attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u
Hi,
can you provide the configuration that is causing this as
well as details on how to reproduce?
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
this bug has been marked as pending quite a while ago. What is the current
status of the upload?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRLkQI3JvBF.pgp
Description
(CVE-2010-1738) with this patch since
I believe this to be a duplicate of CVE-2010-1448. I checked back with mitre
on this one.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
an impact on many users.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWFwKyV3YIr.pgp
Description: PGP signature
Hi,
* Giacomo Catenazzi c...@debian.org [2010-07-31 17:52]:
On 07/31/2010 04:38 PM, Nico Golde wrote:
Package: ftp.debian.org
Severity: normal
I hereby request the removal of lxr from the archive, it should not be
included in squeeze as well.
The version that our package is currently
Hi,
* Jan Hauke Rahm j...@debian.org [2010-07-30 12:00]:
On Sun, Jul 25, 2010 at 07:27:27PM +0200, Nico Golde wrote:
Hi,
I intent to upload a 0day NMU to fix this bug.
The debdiff is available at:
http://people.debian.org/~nion/nmu-diff/syscp-1.4.2.1-2_1.4.2.1-2.1.patch
if you consider
Hi,
I uploaded the attached debdiff to DELAYED/2, please let me know if you want
me to delay this further.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u cernlib-2006
Hi,
I will upload a fix for this to DELAYED/2. The patch for the NMU is attached.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nru ntfs-config-1.0.1/debian/changelog ntfs
Hi,
I intent to NMU this package to fix this security issue. I uploaded a fix to
DELAYED/2. Let me know if you need to delay this longer.
debdiff available at:
http://people.debian.org/~nion/nmu-diff/xemacs21-21.4.22-3_21.4.22-3.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
I uploaded the attached debdiff to DELAYED/2 to fix this RC bug.
The regeneration of the po files was unfortunately a side-effect of the build
process.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
it seems we require a bit more work to fix this bug :/
[0] https://www.redhat.com/archives/fedora-devel-list/2009-January/msg02248.html
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
I intent to upload a 0-day NMU to fix this bug.
Attached is the debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u codeville-0.8.0/debian/changelog codeville-0.8.0
/CVE-2010-2195
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2320
http://security-tracker.debian.org/tracker/CVE-2010-2320
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
I intent to upload a 0day NMU to fix this bug.
The debdiff is available at:
http://people.debian.org/~nion/nmu-diff/syscp-1.4.2.1-2_1.4.2.1-2.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double
Hi,
I hereby request the removal of camserv from the archive.
It's upstream is not active anymore, it's using an old v4l
API and tools like camstream look like a good replacement.
Please remove camserv.
Kind regards
Nico
signature.asc
Description: Digital signature
-0825
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2PYcZqyuvs.pgp
Description: PGP signature
Hi,
since nothing has happened with this bug anymore I am
uploading a 0day NMU now to fix it.
Patch attached but is pretty much the one from Jens.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13
to an invalid
pointer.
Nice catch by Julius! Patch looks fine for me even though patching it should be
not
too urgent, I don't see much space for code execution.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail
Hi,
CVE-2010-2476 has been assigned to this issue. Please reference this id in the
changelog when fixing this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpScU5c7QFAQ.pgp
Hi,
nothing happens with this bug for quite some time now and looking at the
source code of this package it is very likely to include further security
issues, the source code is a mess. I will request a removal of this package
now.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
-tracker.debian.org/tracker/CVE-2010-2304
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpQPN1BonlKW.pgp
Description: PGP signature
Hi,
any news on this bug?
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
of the patch is
attached.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1619
http://security-tracker.debian.org/tracker/CVE-2010-1619
--
Nico Golde - http
Hi,
I intent do upload a 0-day NMU to fix this vulnerability.
debdiff is at:
http://people.debian.org/~nion/nmu-diff/prewikka-1.0.0-1_1.0.0-1.1.patch
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
be used without real
modifications.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
http://security-tracker.debian.org/tracker/CVE-2010-1459
--
Nico
Hi,
attached is a patch for CVE-2010-2092.
Cheers
Nico
--- graph.php 2009-06-28 18:07:11.0 +0200
+++ graph.php.new 2010-06-10 17:41:07.0 +0200
@@ -33,7 +33,7 @@
include_once(./include/top_graph_header.php);
/* = input validation = */
at xtrlock but this sounds like you are starting your
xsession with startx rather than exec startx and not like a bug in xtrlock.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted
Package: skipfish
Version: 1.19b-1
Severity: serious
Tags: sid
Justification: Policy 12.1
Hey,
your package doesn't provide a manual page. Sorry to nitpick about this one
but to be honest this was one of the reasons I didn't package this myself,
as I had really no motivation to write one. But
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpw57Tw7b5IL.pgp
Description: PGP signature
Package: hydrogen
Severity: serious
Version: 0.9.4-3
Hi,
I just wanted to try out hydrogen and it instantly results
in a segfault before I see anything of the GUI.
I run this on:
Linux pagefault 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64
GNU/Linux
I built a package with
temporary file.
The first solution seem to be the best as it avoids the complexity of working
with non-predictable temporary files (create, find, update, close).
From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
elaborate why you think it's using /tmp/?
Cheers
Nico
--
Nico
Hey,
* Teodor MICU mteo...@gmail.com [2010-03-21 19:23]:
On Sun, Mar 21, 2010 at 6:43 PM, Nico Golde n...@debian.org wrote:
From what I see it is using /var/cache/ddclient/ddclient.cache. Can you
elaborate why you think it's using /tmp/?
It doesn't apper to be using that directory
Hi Alberto,
what is the status of this bug?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWeqhlTqLrq.pgp
Description: PGP signature
.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: Digital signature
some input from the kernel maintainers.
Someone with access to the console have several attack vectors
available.
True, but this one is trivial to exploit and is also fairly easy to prevent so
why stick with it?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
you
strace the process to see?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgphpR9uGTDBo.pgp
Description: PGP signature
perspective this
needs to be solved. Cced the rest of the team to get some more input.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgphQc8NLdiIV.pgp
Description: PGP signature
:
I/O error : No such file or directory
I/O error : No such file or directory
This is no obconf bug but an lxde bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534804
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text
1 - 100 of 942 matches
Mail list logo
