On Tue, 23 Apr 2019 06:53:03 +0200 Salvatore Bonaccorso
wrote:
> CVE-2019-11454[0]:
> | Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
> | Monit before 5.25.3 allows a remote unauthenticated attacker to
> | introduce arbitrary JavaScript via manipulation of an unsanitized
Control: severity -1 wishlist
On Mon, Jun 03, 2019 at 06:39:39PM -0700, Mo Zhou wrote:
> I believe this is a kernel bug. Instead of submitting
> a grave RC for the 10.1 release, we'd better sort it out
> right now before the Buster release.
We already stated that we wont change it by marking
On Tue, Jun 4, 2019 at 4:12 AM Yves-Alexis Perez wrote:
> My gut feeling is that light-locker just uses codepaths not really used
> otherwise, like vt-switch at the same time as suspend/resume or screen off/on.
> Unfortunately debugging i915 is completely out of my league (and I already
> tried
Processing control commands:
> severity -1 wishlist
Bug #929557 [src:linux] linux: restore __kernel_fpu needed for zfs for
AES-NI/AVX support [mainline not in debian yet]
Severity set to 'wishlist' from 'grave'
--
929557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929557
Debian Bug
Processing control commands:
> severity -1 grave
Bug #929557 [src:linux] linux: restore __kernel_fpu needed for zfs for
AES-NI/AVX support [mainline not in debian yet]
Severity set to 'grave' from 'wishlist'
--
929557: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929557
Debian Bug
Your message dated Mon, 03 Jun 2019 23:49:09 +
with message-id
and subject line Bug#929916: fixed in libreswan 3.27-5
has caused the Debian Bug report #929916,
regarding libreswan: CVE-2019-12312
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
On 2019-06-02 23:39:22 [+0200], Kurt Roeckx wrote:
> > So, I added a small test for RSA_SSLV23_PADDING, as an extra commit,
> > since it will likely not cherry-pick in stable branches.
>
> It's about this change:
> -good &= constant_time_lt(threes_in_row, 8);
> +good &=
Your message dated Mon, 03 Jun 2019 22:18:46 +
with message-id
and subject line Bug#927775: fixed in monit 1:5.25.3-1
has caused the Debian Bug report #927775,
regarding monit: CVE-2019-11454 CVE-2019-11455
to be marked as done.
This means that you claim that the problem has been dealt with.
Le 03/06/2019 à 22:23, Xavier a écrit :
> Le 01/06/2019 à 12:14, Pirate Praveen a écrit :
>> ...
>> gulp build
>> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel
>> [15:37:17] Try running: npm install
>> [15:37:17] Using globally installed gulp
>> [15:37:17] Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
> Is this reproducile with gnutls-cli or is the respective server
> publically accessible?
It is reproducible.
1. Create a buster chroot for the server, or something
similar.
2. Install gnutls-bin 3.6.6-3 and ssl-cert.
3. Start something
On Sun, Jun 02, 2019 at 08:12:50AM +1000, Dmitry Smirnov wrote:
> On Friday, 31 May 2019 4:46:08 PM AEST Salvatore Bonaccorso wrote:
> > The following vulnerabilities were published for rkt.
> >
> > CVE-2019-10144[0]:
> > rkt: processes run with `rkt enter` are given all capabilities during stage
Processing commands for cont...@bugs.debian.org:
> severity 929753 grave
Bug #929753 [src:glib2.0] glib2.0: CVE-2019-12450
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
929753:
Processing commands for cont...@bugs.debian.org:
> severity 927775 grave
Bug #927775 [src:monit] monit: CVE-2019-11454 CVE-2019-11455
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
927775:
Le 01/06/2019 à 12:14, Pirate Praveen a écrit :
> ...
> gulp build
> [15:37:17] Local modules not found in ~/forge/debian/git/js-team/node-babel
> [15:37:17] Try running: npm install
> [15:37:17] Using globally installed gulp
> [15:37:17] Using gulpfile
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, 2019-06-03 at 12:59 -0700, Russ Allbery wrote:
> Ah, good call. I was also seeing other problems with the Intel driver in
> combination with light-locker where the monitor resolution would be set to
> some incorrect value after restore from
Yves-Alexis Perez writes:
> Actually it seems to me that the bug is a bad interaction with light-
> locker/lightdm locking system (which relies on vt switch) and the Intel
> driver. It only seems to happens on this driver, and I think it's also
> been reproduced just by doing vt-switches (but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, 2019-06-03 at 21:55 +0200, Yves-Alexis Perez wrote:
> I noted Andreas raised the severity, but I hope someone has an idea how to fix
> that because I don't.
Also, since it was posted on -devel, I guess there's a bit of exposure: if
some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 2019-05-31 at 18:32 -0700, Russ Allbery wrote:
> This appears to be a bug in light-locker specifically, which is the
> default screen lock program with XFCE with lightdm. See, for instance:
>
>
Processing commands for cont...@bugs.debian.org:
> #
> # bts-link upstream status pull for source package src:docker.io
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> # https://bts-link-team.pages.debian.net/bts-link/
> #
> user debian-bts-l...@lists.debian.org
Hi Daniel!
On Mon, Jun 03, 2019 at 12:24:08PM -0400, Daniel Kahn Gillmor wrote:
> On Mon 2019-06-03 06:26:28 +0200, Salvatore Bonaccorso wrote:
> > Source: libreswan
> > Version: 3.27-4
> > Severity: grave
> > Tags: patch security upstream fixed-upstream
> > Justification: user security hole
> >
There is no upstream fix still available.
I am planning to decrease the severity of
the ticket to normal and track it as a simple
security issue.
Anton
Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky :
>
> CVE-2019-12214 does not affect buster and stretch.
> Jessie should be double
Control: severity -1 serious
On 2019-06-03 Dominik George wrote:
> Package: libgnutls30
> Version: 3.6.7-3
> Severity: grave
> Justification: renders package unusable
> The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap
> client library) when connecting to a server with
Processing control commands:
> severity -1 serious
Bug #929907 [libgnutls30] libgnutls30: Connections to older GnUTLS servers break
Severity set to 'serious' from 'grave'
--
929907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929907
Debian Bug Tracking System
Contact ow...@bugs.debian.org
On Mon 2019-06-03 06:26:28 +0200, Salvatore Bonaccorso wrote:
> Source: libreswan
> Version: 3.27-4
> Severity: grave
> Tags: patch security upstream fixed-upstream
> Justification: user security hole
> Forwarded: https://github.com/libreswan/libreswan/issues/246
> Control: fixed -1 3.28-1
>
> The
control: close -1
I made a big mistake. It's the ***LTS KERNEL UPDATE***
that breaks ZFS 0.7.12-2. It's not a ZFS bug at all!
An LTS KERNEL UPDATE that breaks stuff is where the
grave RC lies.
Processing control commands:
> close -1
Bug #929929 [src:zfs-linux] Being unable to build with >= 4.19.38 is an RC
Marked Bug as done
--
929929: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929929
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
control: tags -1 +patch
On Wed, 29 May 2019 16:29:31 +0200 Lucas Nussbaum wrote:
> > dpkg-source -b .
> > dpkg-source: info: using source format '3.0 (quilt)'
> > dpkg-source: info: building python-acora using existing
> > ./python-acora_2.2.orig.tar.gz
> > dpkg-source: info: local changes
Processing control commands:
> tags -1 +patch
Bug #929714 [src:python-acora] python-acora: FTBFS: dpkg-buildpackage: error:
dpkg-source -b . subprocess returned exit status 2
Added tag(s) patch.
--
929714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929714
Debian Bug Tracking System
Is there any chance to keep the removed exported symbol? Could you guys
convince the kernel team? There’s no copyright issue since it’s released code,
it’s just keeping a symbol that has been in exported in the kernel for the past
7 years. On top of that, Greg is violating the kernel release
Source: zfs-linux
Version: 0.7.12-2
Severity: grave
Clarification: a foreseeable stable RC is grave enough.
Buster will be released with 4.19.37 kernel. That's fine
and it doesn't break ZFS. However, the changes introduced
in 4.19.38 and linux 5.0 break ZFS. That means the current
0.7.12-2 will
Processing control commands:
> severity -1 grave
Bug #929834 [lightdm-gtk-greeter] lightdm-gtk-greeter: After locking screen,
display is turned off and unlock prompt is not visible.
Severity set to 'grave' from 'important'
--
929834: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929834
Processing commands for cont...@bugs.debian.org:
> tags 897909 + patch
Bug #897909 [src:mypaint] mypaint: Unable to install MyPaint when Gimp 2.10 is
installed
Added tag(s) patch.
> tags 906144 + patch
Bug #906144 [libmypaint-common] libmypaint-common: drop Conflicts: mypaint-data
Added tag(s)
Your message dated Mon, 03 Jun 2019 10:02:18 +
with message-id
and subject line Bug#929067: fixed in qemu 1:2.8+dfsg-6+deb9u6
has caused the Debian Bug report #929067,
regarding Support for MDS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
Your message dated Mon, 03 Jun 2019 10:02:08 +
with message-id
and subject line Bug#925959: fixed in open-vm-tools 2:10.1.5-5055683-4+deb9u2
has caused the Debian Bug report #925959,
regarding open-vm-tools: insecure handling of /tmp/VMwareDnD
to be marked as done.
This means that you claim
Your message dated Mon, 03 Jun 2019 10:02:18 +
with message-id
and subject line Bug#901017: fixed in qemu 1:2.8+dfsg-6+deb9u6
has caused the Debian Bug report #901017,
regarding qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling
fragmented datagrams
to be marked as done.
35 matches
Mail list logo