severity 399656 serious
thank you
this bug is a serious policy violation because the term firefox
itself is now non-free.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
i think these error messages are indicating that the line at 24 is
within a DO block, whereas the GOTO at 18 is external to the DO.
similar with the line at 25. gfortran may be more strict about these
conditions than g77. you probably need to rewrite the algoritm so it
doesn't rely on unsafe
The one thing I would note is that, in the rare case that there are no
system-level daemons running on your system that use PAM, the message will
not be shown. Michael, before the screensaver locked up on you, did you see
the debconf warning that Christian quotes above?
I do not recall
tag 418462 moreinfo help
thank you
should this really be a release-critical issue for lenny? it's rather
late in the game to fix an upgrade failure for sarge - etch.
however, if it still exists for etch - lenny, then it should be
fixed. otherwise, i believe that this report should be closed.
found 502976 0.98.3-4
found 502976 0.98.1-1+lenny3
thank you
i just tested the version in testing-proposed-updates. the problem
does exist there as well.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
the paragraph for the technical committee seems like a very good
start. however, i request the following rewrite of the fourth
sentance:
The submitter sees the getweb script's dependencies on external
data/files as potentially dangerous. Once the package enters stable,
upstream changes
if a sufficiently detailed note about this (and a recommendation to
disable the screensaver) is added to the release notes, then i believe
that this bug can be closed. btw, where can i review the release
notes at?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
the previous suggestion also seems like it would work pretty well.
some python-like pseudo code:
while $ xscreensaver-command -exit fails (indicating screensaver active):
present dialog indicating that an active xscreensaver was detected
wait for user to unlock screen and respond to
or even better:
while $ xscreensaver-command -exit fails (indicating screensaver active):
sleep 5 seconds
perform pam and xscreensaver installation
restart xscreensaver daemon
which eliminates any need for user intervention.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
i can also confirm that this problem is fixed in the
testing-proposed-updates version (0.98.1-1+lenny3). i had mistakenly
only changed python-matplotlib (not python-matplotlib-data) to the
testing-proposed-updates version. i realized this today and changed
both packages to this version.
the backend : GTKAgg solution does indeed work for the stable version.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
i'll go ahead and start the discussion since no one else is running
with it. this matter is rather urgent since the problem is now being
considered release-critical for lenny. i see three possible courses
of action:
1. ignore the problem: mark the bug wontfix
rationalle: the firmware
for the bug severity
command and control authority [5] on my part). Where do we go from
here to make sure the issue gets the appropriate level of thought and
consideration that it deserves (after lenny gets released of course)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release
)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release/2008/11/msg00106.html
[2] http://bugs.debian.org/449497
[3] http://bugs.debian.org/503813
[4] http://bugs.debian.org/503814
[5] http://lists.debian.org/debian-ctte/2008/10/msg6.html
P.S. Please CC me on any responses since
Package: libgnutls26
Version: 2.4.2-2
Severity: grave
Tags: security
Justification: user security hole
redhat has just released an update that fixes a security flaw in gnutls [1].
the CVE page [2] indicates that the issue is currently reserved, but redhat
describes the problem as:
Martin von
No, we can only remove source + all related binary packages from testing
and won't do it otherwise as it would be a mess with security updates or
rebuilds...
looks like you're going to have to change the rules script so that the
epiphany-webkit binary package does not get built.
--
To
Package: yelp
Version: 2.22.1-6
Severity: grave
Tags: security
Justification: user security hole
yelp is vulnerable to attacks via badly formatted strings for certain error
messages. ubuntu recently released a fix for this problem [1]. the issue
is described as:
Aaron Grattafiori discovered
tag 496851 etch
found 496851 2.14.3-2
fixed 496851 2.22.1-4
thank you
after doing a little more research, i've confirmed that this is indeed
CVE-2008-3533, which is already being tracked in debian and has been
fixed in testing and unstable [1]. other useful info may be found in
[2],[3]. i think
notfound 496851 2.22-1-6
thank you
what about a getting a fix for this issue into stable?
yelp (2.22.1-4) unstable; urgency=high
* SECURITY: New patch, 60_format-string, fixes format string vulnerability;
bump urgency to high; CVE-2008-3533; GNOME #546364; from SVN r3173;
LP:
reopen 463184
thanks
I've verified it in the source code:
The correct patch was used to address CVE-2006-4168, only the wrong
bug number was added to the DSA. Instead of #424775 this should've
read #430012.
ok. so, was the security issue described in bug #424775 actually ever
fixed?
did that upload of libexif actually address both CVE-2006-4168 and
CVE-2007-2645? if so, then the DSA should be updated to indicate that
this is the case. if not, then
http://idssi.enyo.de/tracker/status/release/unstable needs to be
updated to indicate that the CVE-2007-2645 vulnerability
i believe that this is actually an issue with webkit itself, not the
libqt4-webkit package (which uses webkit as a library). CVE-2008-1025
seems to indicate that the issue is wholely within webkit (there is no
mention of qt).
submitter, do you have further details that would confirm that the
On 5/6/08, Michael Gilbert wrote:
i believe that this is actually an issue with webkit itself, not the
libqt4-webkit package (which uses webkit as a library). CVE-2008-1025
seems to indicate that the issue is wholely within webkit (there is no
mention of qt).
i am mistaken, it looks like qt4
looks like ubuntu has released updated versions of the packages
affected by this vulnerability [1]. any chance the fixes for etch
will be released soon?
[1] http://www.ubuntu.com/usn/usn-611-1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Package: libwebkit-1.0-1
Version: 1.0.1-1
Severity: grave
Tags: security
Justification: user security hole
the webkit packages in fedora were recently updated to fix a
memory corruption issue in the javascript handler [1].
i'm not sure if this affects sid since the webkit package no longer
Package: midori
Severity: grave
Justification: renders package unusable
midori is currently uninstallable because it has a dependency on
libwebkitgtk1d. note that the webkit library package was recently renamed
to libwebkit-1.0-1. please update the midori dependencies to use
libwebkit-1.0-1
Package: ffmpeg-debian
Version: 0.svn20080206-12
Severity: grave
Tags: security
Justification: user security hole
according to the debian security tracker [1], ffmpeg is known to be
vulnerable to a denial-of-service attack [2]. the description of the
CVE is
The ffmpeg lavf demuxer allows
Package: libxml2
Version: 2.6.32.dfsg-3
Severity: grave
Tags: security
Justification: user security hole
ubuntu just released a fix for a problem in libxml2 [1]. the issue appears
to currently be reserved [2], but since ubuntu has released a fix, other
distributions need to follow suit soon to
Yes, please upload a targeted fix to testing-proposed-updates.
Thanks already.
thanks for fixing this so quickly. awesome turnaround time.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On 10/7/06, Arian Sigari wrote:
Hello,
is there any solution for the Windows Vista in qemu Bug?
arian sigari
hi Arian,
i am the original bug reporter. i myself have not figured out a
solution, nor have i found anything on google. and it appears that
the debian qemu maintainers have not even
disregard my previous email. it was intended for bug 389668.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
will an nvidia-kernel-2.6.17-2-686 package be uploaded or is the new
nvidia driver only being built for the 2.6.18 kernels?
mike
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ok, thanks for the info.
On 10/13/06, Randall Donald [EMAIL PROTECTED] wrote:
On Thu, 2006-10-12 at 22:52 -0400, Michael Gilbert wrote:
will an nvidia-kernel-2.6.17-2-686 package be uploaded or is the new
nvidia driver only being built for the 2.6.18 kernels?
Only 2.6.18 kernels
Tuomo,
just set up a mailer auto-reply that says i do not support out of
date ion3 development snapshots and will not respond to mails unless
the first line contains the output of 'ion3 --version' and shows a
date that is newer than one month old. then it doesn't matter what
distributions
Package: nvidia-glx-legacy-96xx
Severity: serious
Justification: 2
nvidia-kernel-legacy-96xx-1.0.9631 is currently not available in the
archive, and since nvidia-glx-legacy-96xx depends on it, the package is
not installable.
thanks for the hard work.
mike
-- System Information:
Debian Release:
reopen 428782
thanks
-- Forwarded message --
From: Filipus Klutiero [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 14 Jun 2007 07:22:37 -0400
Subject: Invalid
nvidia-kernel-legacy-96xx-1.0.9631 is a virtual package. It should be possible
to build an nvidia LKM package
reopen 428728
thanks
From: Filipus Klutiero
To: [EMAIL PROTECTED]
Date: Thu, 14 Jun 2007 20:09:33 -0400
Subject: Close
why not include pre-built binary packages for the legacy nvidia kernel
driver as is done with the standard nvidia kernel driver?
If you're implying that Debian decided not to
reopen 428782
thanks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
reopen 428782
thanks
From: Filipus Klutiero
To: [EMAIL PROTECTED]
Date: Sun, 17 Jun 2007 22:29:57 -0400
Subject: Close
The fact that there are no prebuilt nvidia 96xx LKM packages does not mean
that Debian decided not to distribute some...as shown by Randall's message.
that is not the
Package: deluge-torrent
Version: 0.5.1.1-1
Severity: grave
Justification: renders package unusable
the current version of deluge-torrent in unstable no longer starts.
here is what happens:
$ deluge
no existing Deluge session
Starting new Deluge session...
deluge_core; using libtorrent 0.13.0.0.
reopen 428782
thanks
From: Filipus Klutiero
To: [EMAIL PROTECTED]
Date: Sat, 23 Jun 2007 09:56:29 -0400
Subject: Invalid
You don't understand. The reason I'm closing this report is not that the
prebuilt nvidia 96xx packages are available in sid, but that your report is
invalid. There is no
Package: foo2zjs
Version: 20070718dfsg-6
Severity: serious
Justification: Policy 2.2.1
foo2zjs relies heavily upon non-free firmware that is hosted at the
upstream site. this behavior, i believe, does not adhere to the spirit of
the debian policy for software in main (packages should not
Package: apt
Version: 0.7.9
Severity: serious
Tags: patch
Justification: no longer builds from source
the apt-transport-https deb currently does not build because
libapt-pkg-libc6.7-6.so.4.6 is not in the right location when dh_shlibs
is run.
as a temporary fix for the problem, i modified
merge 452862 458396
thank you
i should have done a better job searching the previous reports before
sending this. i see that there is already a pending fix for this in
bug #452862
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: python-apt
Version: 0.7.4
Severity: grave
Justification: renders package unusable
python-apt is currently uninstallable on sid. this is because there is
a dependency on the /usr/lib/libapt-inst-libc6.6-1.so.1.1 and
/usr/lib/libapt-pkg-libc6.6-6.so.4.6 files. however, as of apt 0.7.10,
Package: mousepad
Version: 0.2.13-1
Severity: grave
Justification: renders package unusable
mousepad always segfaults when started. gdb indicates that there is a an
issue with mousepad's use of libc.so.6:
$ gdb mousepad
run
..
..
..
Program received signal SIGSEGV, Segmentation fault.
Package: security.debian.org
Severity: grave
according to the bug report log [1], the 0.6.13-etch1 upload of
libexif12 fixed the security vulnerability described by CVE-2007-2645.
however, the associated DSA [2] says that the updload of 0.6.13-etch1
fixed the vulnerability described by
package: xulrunner
version: 1.9.1.3-3
severity: serious
tags: security
mozilla has just issued new versions of firefox, seamonkey, etc [0],[1].
these fix multiple CVEs. please update to these versions.
as you know, lenny is also affected, so please issue a DSA with the new
xulrunner there.
package: auth2db
version: 0.2.5-2+dfsg-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js 1.5.1 and
earlier) [0], CVE-2008-7220 (affecting prototype.js 1.6.0.2 and
earlier) [1], or
package: asterisk
version: 1:1.4.21.2~dfsg-3
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js 1.5.1 and
earlier) [0], CVE-2008-7220 (affecting prototype.js 1.6.0.2 and
earlier) [1],
package: libaws
version: 2.2dfsg-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: libjson-ruby
version: 1.1.2-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: lucene2
version: 2.3.1+ds1-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: knowledgeroot
version: 0.9.7.3-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: mediatomb
version: 0.11.0-3
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: glpi
version: 0.68.2-1etch0.2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: op-panel
version: 0.27.dfsg-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: mt-daapd
version: 0.2.4+r1376-1.1+etch2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or
package: ebug-http
version: 0.31-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: qwik
version: 0.8.4.4
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package
package: python-poker-network
version: 1.0.30-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
package: webhelpers
version: 0.6-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: wordpress
version: 2.5.1-11
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: symfony
version: 1.0.17-4
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: hobix
version: 0.5~svn20070319-3
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: pixelpost
version: 1.7.1-5
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: exaile
version: 0.2.11.1+debian-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
package: jscropperui
version: 1.2.0-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: rt-extension-emailcompletion
version: 0.06-3
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or
package: scriptaculous
version: 1.8.1-5
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: mantis
version: 1.1.6+dfsg-2
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: activeldap
version: 1.0.1-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: otrs2
version: 2.3.4-5
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package
package: plone3
version: 3.1.3-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your package
package: wesnoth
version: 1:1.6.5-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
Your
package: webcalendar
version: 1.2.0+dfsg-4
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
[0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
On Sun, 8 Nov 2009 22:19:13 -0800 Ryan Niebur wrote:
On Sun, Nov 08, 2009 at 07:22:57PM -0500, Michael Gilbert wrote:
package: libjson-ruby
version: 1.1.2-1
severity: serious
tags: security
Hi,
Your package contains an embedded version of prototype.js that is
vulnerable
On Mon, 9 Nov 2009 20:18:47 -0800 Ryan Niebur wrote:
On Mon, Nov 09, 2009 at 10:58:52PM -0500, Michael Gilbert wrote:
On Sun, 8 Nov 2009 22:19:13 -0800 Ryan Niebur wrote:
On Sun, Nov 08, 2009 at 07:22:57PM -0500, Michael Gilbert wrote:
package: libjson-ruby
version: 1.1.2-1
hi, this problem has been disclosed for quite a while now. do you
need help packaging the new upstream version? if so, i can prepare an
nmu. do you need help preparing backports for the stable releases?
if so, i can spend some time on that this weekend.
mike
--
To UNSUBSCRIBE, email to
On Wed, 11 Nov 2009 23:02:23 +0100 Julien BLACHE wrote:
Adam D. Barratt wrote:
Hi,
How big is the diff from prototype 1.4.0 (as used in the current
package) to 1.6.1? The bug report mentions that patches fixing the two
Don't know, I haven't even looked. There were other issues before
Package: xulrunner
Version: 1.9.0.13-0
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for xulrunner.
CVE-2007-1970[0]:
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS
| page when the HTTP elements are
forwarded 556268 https://bugzilla.mozilla.org/show_bug.cgi?id=528772
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: kazehakase
Version: 0.5.8-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass
forwarded 556268 https://bugzilla.mozilla.org/post_bug.cgi
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
forwarded 556267 https://bugzilla.mozilla.org/show_bug.cgi?id=527733
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: epiphany-browser
Version: 2.29.1-2
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to
Package: galeon
Version: 2.0.7-1.1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
On Sun, 15 Nov 2009 10:51:56 +0200 Yavor Doganov wrote:
found 556271 0.4.2-1etch1
found 556271 0.5.4-2.2
found 556271 0.5.6-2
thanks
Michael Gilbert wrote:
Package: kazehakase
Version: 0.5.8-1
Severity: serious
Tags: security
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
On Sun, 15 Nov 2009 10:51:56 +0200 Yavor Doganov wrote:
Do I understand correctly that the proper fix for this vulnerability
is to disallow adding data:/javascript: URIs with Bookmarks - Add to
bookmarks menu, preferrably informing the user with a dialog?
yes, that appears to be what the
On Sun, 15 Nov 2009 11:28:47 +0200 Yavor Doganov wrote:
Michael Gilbert wrote:
On Sun, 15 Nov 2009 10:51:56 +0200 Yavor Doganov wrote:
Do I understand correctly that the proper fix for this
vulnerability is to disallow adding data:/javascript: URIs with
Bookmarks - Add to bookmarks
On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote:
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
What’s a bookmarklet? I don’t even know whether epiphany supports this.
It's javascript code you
On Mon, 16 Nov 2009 17:34:39 +0100, Mike Hommey wrote:
On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote:
On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote:
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100
package: ffmpeg
version: 0.svn20080206-18
severity: serious
tags: security
hi, i have just tested the latest ffmpeg update against the original
proof of concepts [0] reported in bug #550442 [1]. many of them are
still effective. there is some good news though; i've found that
upstream has
severity 571036 important
thanks
On Mon, 22 Feb 2010 18:03:55 -0500 Don Pellegrino wrote:
The 10.2 release of the ATI Catalyst drivers (fglrx) are incompatible
with compositing in KDE 4.3 as discussed on Phoronix at
[http://www.phoronix.com/forums/showthread.php?t=22057#post112989].
It has
version: 1.1.21-1
i've checked all of these issues, and they are all fixed in the latest
version in unstable. thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Tue, 23 Feb 2010 11:30:57 -0300, Gustavo Noronha Silva wrote:
On Mon, 2010-02-22 at 22:40 -0500, Michael Gilbert wrote:
version: 1.1.21-1
i've checked all of these issues, and they are all fixed in the latest
version in unstable. thanks.
Awesome! Did you take notes of what commits
On Wed, 24 Feb 2010 08:00:45 -0500, Zachary Uram wrote:
This sucks. Stupid closed source drivers cause such problems. Any
workaround I can do?
I need to build the fglrx driver for debian squeeze (ati radeon hd
4550 card), but I just saw this bug
saying the packages have been removed from
--- vboxgtk-0.5.0/debian/changelog
+++ vboxgtk-0.5.0/debian/changelog
@@ -1,3 +1,9 @@
+vboxgtk (0.5.0-1.1) unstable; urgency=low
+
+ * Fix startup crash (closes: #560381).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Sat, 27 Feb 2010 13:21:28 -0500
+
vboxgtk (0.5.0-1) unstable; urgency=low
fixed 535793 1.1.21-1
thanks
hi, all of these issues have been triaged in the debian security
tracker [0] and found to be fixed on or before the latest webkit in
unstable.
many of these; however are still open in stable (the open issues at
[0]). a DSA needs to be issued for those.
thanks,
mike
On Tue, 2 Mar 2010 23:14:50 +0100, Stefano Zacchiroli wrote:
On Mon, Dec 07, 2009 at 12:05:22AM -0500, Michael Gilbert wrote:
The following CVE (Common Vulnerabilities Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool
1 - 100 of 1088 matches
Mail list logo