Bug#410236: CVE-2007-0844: libpam-ssh: pam_ssh auth_via_key() Function
Package: libpam-ssh Version: 1.91.0-9.1 Severity: important Tags: security The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0844 http://sourceforge.net/project/shownotes.php?release_id=484376 http://secunia.com/advisories/24061 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409703: CVE-2007-0667: sql-ledger: Arbitrary Code Execution
Package: sql-ledger Version: 2.6.22-1 Severity: important Tags: security Hi. Maybe sql-ledger is affected by CVE-2007-0667. Description: Separate from CVE-2006-5872, there is a possibility of causing arbitrary code execution during redirects. This requires a valid login to exploit and was discovered and brought to the attention of both the SQL-Ledger and LedgerSMB team in November. LedgerSMB 1.1.5 corred the problem, but it is still not corrected in SQL-Ledger. Reference: http://www.frsirt.com/english/advisories/2007/0407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0667 Note: Please mention the CVE id in the changelog. Thanks in advanced. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409709: CVE-2007-0650 tetex-bin: Buffer overflows in teTeX's makeindex
Package: tetex-bin Version: 3.0-29 Severity: important Tags: security Hi. Discovered one Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. Referente: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0650 Note: Please mention the CVE id in the changelog. Thanks in advanced. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409709: CVE-2007-0650 tetex-bin: Buffer overflows in teTeX's makeindex
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 close 409709 thanks Only affected if compiled w/o kpathsea support. Thanks Moritz Muehlenhoff. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxlafarbczl+z12gRAiaXAJwL2m5TWbXRyOCRjXeGovB20D4z4QCgp1X7 74abFIT4nu0IoNKceGz2fc8= =bg8W -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409256: SA24016: wireshark: Multiple Denial of Service Vulnerabilities
Package: wireshark Version: 0.99.4-4 Severity: important Tags: security Errors within the TCP, HTTP, IEEE 802.11, and LLT parsers can be exploited to cause a crash or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file. The vulnerabilities are reported in various versions prior to 0.99.5. Solution: Update to version 0.99.5. Reference: http://secunia.com/advisories/24016/ regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409257: CVE-2007-0640: zabbix: buffer overflow.
Package: zabbix Version: 1:1.1.4-7 Severity: important Tags: security Hi. The new version of Zabbix 1.1.5 solves the CVE-2007-0640. * fixed buffer overflow while processing SNMP IP addresses. Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to SNMP IP addresses. Reference: http://www.zabbix.com/rn1.1.5.php http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0640 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#255484: Debian assp packages.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jose Parella. Just pinging if you received my another email. How are going the Debian assp packages? What it is missing? Do you need some help? What do you think about me and you work together in assp? I made a preliminary versions of the package for my company and I really appreciate to help in ASSP. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvgCkarbczl+z12gRAsJUAJwJibcHmPRjD94qezGSEX0uPlEnvACdEeEt ndOr8gN5SBHaLnid2NW5ra4= =6aZx -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408982: CVE-2007-0455: libgd2: gdImageStringFTEx() Denial of Service
Package: libgd2
Version: 2.0.33-6
Severity: important
Tags: security
Maybe the libgd2 is affected with this vulnerability.
The vulnerability is caused due to an error within the
gdImageStringFTEx() function in gdft.c, which can be exploited to
increment the terminating NULL of a string, potentially resulting in a
buffer overflow.
Successful exploitation requires that a JIS-encoded font is used.
Solution:
Do not use JIS-encoded fonts with an application using GD Graphics
Library.
Patch:
Exist one patch in Red Hat to solve it.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607
patch attached in email.
Note:
Please mention the CVE id in the changelog.
regards,
--
.''`.
: :' :Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
diff -ur libgd2-2.0.33.orig/gdft.c libgd2-2.0.33/gdft.c
--- libgd2-2.0.33.orig/gdft.c 2007-01-29 14:42:08.0 -0300
+++ libgd2-2.0.33/gdft.c2007-01-29 14:42:41.0 -0300
@@ -1161,7 +1161,7 @@
{
ch = c 0xFF;/* don't extend sign */
}
- next++;
+ if (*next) next++;
}
break;
case gdFTEX_Big5:
Bug#255484: Bug#369903: Debian assp packages.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
José Parrella escreveu:
Alex de Oliveira Silva escribió:
How are going the Debian assp packages? What it is missing? Do
you need some help? What do you think about me and you work
together in assp?
Alex: Thanks. I received your ping but I didn't have time to work
in ASSP until now.
Currently the remaining problem in the ASSP packaging is changing
the paths inside assp.pl to comply with the Policy and FHS.
Upstream told me that this could be achieved with variables, and I
actually started to do that but it requires lot of debugging.
Does your package solve this problem in a sane way? I made a
previous ASSP package for my company, too, which is avaiable in [1]
Hi José.
Yes, my package solves the problem in Policy and FHS.
I changed in assp.pl to install and run in correct directory, and
added init.d and logrotate.
Look some changes:
if($logfile open(LOG,/var/log/assp/$logfile)) {my $oldfh =
select(LOG); $| = 1; select($oldfh);}
if($pidfile) {open(F,/var/run/assp/assp.$pidfile); print F $$;
close F;}
$base=/etc/assp
http://people.debian-ce.org/enerv/debian/unstable/assp/
regards,
- --
.''`.
: :' :Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFvjo1arbczl+z12gRAoUHAJ9N+b8i4hNa8t1Dz3lxo9D02bPlNwCfYzh3
eh0W1539LzhD+GH0XVSxGNY=
=0kfC
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408839: CVE-2007-0508: bbclone: BBC_LIB_PATH Parameter Handling Remote File Inclusion Vulnerability
Package: bbclone Version: 0.4.6-7 Severity: important Tags: security Hi, a vulnerability has been identified in BBClone, which could be exploited by attackers to execute arbitrary commands. This issue is due to an input validation error in the lib/selectlang.php script that does not validate the BBC_LIB_PATH parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server. Affected: BBClone version 0.4.9 and prior. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0508 http://www.frsirt.com/english/advisories/2007/0318 http://secunia.com/advisories/23874 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408889: CVE-2006-6899: bluez-utils: HID Insecure Device Connection Vulnerability
Package: bluez-utils Version: 2.15-1.1 Severity: important Tags: security Hi, Maybe the bluez-utils version 2.15-1.1 is vulnerable. Description: The vulnerability is caused due to the HID host accepting device connections without authentication. This can be exploited to insert a new device (e.g. keyboard, mouse) and take control of the affected system. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6899 http://www.securityfocus.com/archive/1/archive/1/455889/100/0/threaded Note: Please mention the CVE id in the changelog. Thanks in advanced. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408719: libnl - FTBFS: doxygen: Command not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe only adding in Build-Depends solves the problem. Bastian Blank escreveu: Package: libnl Version: 1.0~pre6-3 Severity: serious There was an error while trying to autobuild your package: Automatic build of libnl_1.0~pre6-3 on debian-31.osdl.marist.edu by sbuild/s390 98 [...] /usr/bin/make -C doc gendoc doxygen Doxyfile make[2]: doxygen: Command not found make[2]: *** [gendoc] Error 127 make[1]: *** [gendoc] Error 2 make[1]: Leaving directory `/build/buildd/libnl-1.0~pre6' make: *** [build/libnl-doc] Error 2 ** Build finished at 20070127-1249 FAILED [dpkg-buildpackage died] regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFu9Vtarbczl+z12gRAlBTAJ4uYcmkCBMPMTUnCPU0/A5bRgnotgCfdL+9 ghqwnjgg+mDmMtb88SBMNtA= =R9zi -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407997: joomla: SQL injection vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 close 407997 thanks Joomla 1.0.12-1 its not affected. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt2rXarbczl+z12gRAp6oAJ4vygQnZozs2lz7EAFXVSnNGNBCnQCfezYk PqAhFIV140Y0vQKPejwq190= =KaAN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407997: CVE-2007-0374: joomla: SQL injection vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Michlmayr escreveu: * Alex de Oliveira Silva [EMAIL PROTECTED] [2007-01-22 17:50]: Package: joomla Is this package actually in Debian? What does dpkg -p joomla | grep Maintainer say? Hi Martin. Joomla is a new package. I do not know if was correct to open this bug. Your package contains new components which requires manual editing of the override file. It is ok otherwise, so please be patient. New packages are usually added to the override file about once a week. You may have gotten the distribution wrong. You'll get warnings above if files already exist in other distributions. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtfjParbczl+z12gRAnkLAJ0SxiOqIw6QG49dcwSfAgEEJ6ArXQCfcIAx pDkZD3NrecBRo744n+a791w= =8l+F -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408090: CVE-2007-0406: gxine: Multiple buffer overflows.
Package: gxine Version: 0.5.8-2 Severity: important Tags: security Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information. Reference: http://www.frsirt.com/english/advisories/2007/0259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0406 Solution: Update to version gxine 0.5.10 http://xinehq.de/index.php/news?show_category_id=1 Note: Please mention the CVE id in the changelog. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408090: CVE-2007-0406: gxine: Multiple buffer overflows.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darren Salt escreveu: close 408090 0.5.8-2 thanks I demand that Alex de Oliveira Silva may or may not have written... Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information. This is already fixed in 0.5.8-2 (bug 405876); the only thing which isn't present is the CVE number. Solution: Update to version gxine 0.5.10 Not currently possible due to the freeze, hence 0.5.8-2... OK, thanks for the note. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtnVrarbczl+z12gRAl1DAJ0eLJBBAvC3cG6TxUka7IhkKxmFaACfWzWz +COoiDi/8ZIEWxS1Pn9tANQ= =BKJl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407997: CVE-2007-0374: joomla: SQL injection vulnerability
Package: joomla Version: 1.0.12-1 Severity: important Tags: security SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. I'am working in the new upstream update. regards -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407995: CVE-2007-0374: mambo: SQL injection vulnerability.
Package: mambo Version: 4.6.1-4 Severity: important Tags: security SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. I am in contact with core team of mambo to solve this security bug. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407289: CVE-2007-0262: wordpress: Full Path disclosure and disclosure of Table Prefix Weakness
Package: wordpress Version: 2.0.6-1 Severity: important Tags: security Affected system: WordPress =2.0.6 Discovered a weakness in WordPress, which can be exploited by malicious people to disclose SQL information and Wordpress Full Path. The problem is that SQL error messages are returned to the user. This can be exploited to disclose the configured table prefix via an invalid m parameter passed in index.php. Example: http://[host]/index.php?m[]= You will see return information like this: Warning: rawurlencode() expects parameter 1 to be string, array given in [path]\wp-includes\classes.php on line 227 WordPress #25968;#25454;#24211;#38169;#35823;: [Unknown column 'Arra' in 'where clause'] SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND YEAR (post_date)=Arra AND (post_type = 'post' AND (post_status = 'publish' OR post_status = 'private')) ORDER BY post_date DESC LIMIT 0, 10 Solution: Edit the source use is_array() function to Inspection Var $m Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0262 http://www.securityfocus.com/archive/1/archive/1/456731/100/0/threaded Note: Please mention the CVE id in the changelog. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407290: CVE-2007-0256: vlc: Media Player Unspecified Denial Of Service Vulnerability
Package: vlc Version: 0.8.6.a.debian-1 Severity: important Tags: security VLC Media Player is prone to a denial-of-service vulnerability because it fails to sufficiently handle user-supplied data. Exploiting this issue can allow an attacker to crash the application, effectively denying service to the user. Version 0.8.6a is vulnerable; other versions may also be affected. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0256 http://www.securityfocus.com/bid/22003 Note: Please mention the CVE id in the changelog. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407350: CVE-2007-0257: kernel-patch-grsecurity2: Kernel PaX Local Privilege Escalation Vulnerability
Package: kernel-patch-grsecurity2 Version: 2.1.5-1 Severity: important Tags: security A vulnerability has been reported in grsecurity, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error within the expand_stack() function, which may allow execution of arbitrary code with root privileges. Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0257 http://www.securityfocus.com/bid/22014 Note: Please mention the CVE id in the changelog. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407121: wrong ITP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm sorry. I did not see the ITP. :( regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFrqAnarbczl+z12gRAso1AKC9IFaItKmAtJDe7++l7/6tC2Y1GgCbBWhZ +xAT+wjmMrcSJJr5iwFngwk= =ApsS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407121: ITP: ossec-hids -- Open source host-based intrusion detection system.
Package: wnpp Severity: wishlist Owner: Alex de Oliveira Silva [EMAIL PROTECTED] * Package name: ossec-hids Version : 1.0 Upstream Author : Daniel B. Cid [EMAIL PROTECTED] * URL : http://www.ossec.net/ * License : GPL Programming Lang: C Description : Open source host-based intrusion detection system. Ossec is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407020: Help in libgtop
pgpsAb9Won1FX.pgp Description: PGP message
Bug#407202: CVE-2007-0248: squid: Denial of Service Vulnerabilities
Package: squid Version: 2.6.5-3 Severity: important Tags: security Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain FTP URL requests can be exploited to crash Squid by visiting a specially crafted FTP URL via the proxy. 2) An error in the external_acl queue can cause Squid to crash when it is under high load conditions. The vulnerabilities are reported in version 2.6. Other versions may also be affected. Solution: Update to version 2.6.STABLE7. Reference: http://secunia.com/advisories/23767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0248 Note: Please mention the CVE id in the changelog. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#407020: SA23736: libgtop2: glibtop_get_proc_map_s() Buffer Overflow
Package: libgtop2 Severity: important Vulnerability in libgtop2, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the glibtop_get_proc_map_s() function in sysdeps/linux/procmap.c. This can be exploited to cause a stack-based buffer overflow by running a with a specially crafted long path and tricking a victim into running an application using the library (e.g. gnome-system-monitor). Solution: Update to version 2.14.6. Reference: http://secunia.com/advisories/23736/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406859: milter-greylist: FTBFS: libspf2 not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tags 406859 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) Kurt Roeckx escreveu: Package: milter-greylist Version: 3.0-1 Severity: serious Hi, Your package failed to build with the following error: checking for SPF_server_new in -lspf2... no checking for SPF_server_new in -lspf2 -lintl... no libspf2 not found, check config.log for details Remove --with-libspf2 to build without SPF support make: *** [config.status] Error 1 Kurt - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqpSvarbczl+z12gRAt8eAJ9SOD20RPGaQ3uCgvycL1lsmcPsigCgqF1Q syJopkz0EbLetx+tYA+LaVQ= =ZA8J -END PGP SIGNATURE- diff -ur milter-greylist-3.0.old/debian/control milter-greylist-3.0/debian/control --- milter-greylist-3.0.old/debian/control 2007-01-14 17:35:32.0 -0300 +++ milter-greylist-3.0/debian/control 2007-01-14 17:36:00.0 -0300 @@ -2,7 +2,7 @@ Section: mail Priority: optional Maintainer: Cord Beermann [EMAIL PROTECTED] -Build-Depends: debhelper (= 5), autotools-dev, libmilter-dev, bison, flex +Build-Depends: debhelper (= 5), autotools-dev, libmilter-dev, bison, flex, libspf2-dev Standards-Version: 3.7.2 Package: milter-greylist
Bug#406727: FTBFS, missing b-d on python-dev
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't see this problem to build driconf using pbuilder. dpkg-deb: building package `driconf' in `../driconf_0.9.0-2_all.deb'. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqYqIarbczl+z12gRAtOMAJ9hY84Se7J7EH3G4+UJMkm4ZFQEOwCgleQJ jXFBrHkMCo99NILKPuXpxyY= =qHN9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406755: dynagen: FTBFS: make: dpatch: Command not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Version 0.8.3-1 ? Don't exist this version in Debian. Btw, if you trying to say dynagen 0.6.0-1 it is building correctly. dpkg-deb: building package `dynagen' in `../dynagen_0.6.0-1_i386.deb'. Please give more info. Kurt Roeckx escreveu: Package: dynagen Version: 0.8.3-1 Severity: serious Hi, Your package is failing to build with the following error: dpatch deapply-all make: dpatch: Command not found make: *** [deapply-dpatches] Error 127 Kurt regards - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqZO8arbczl+z12gRAgeXAJ9gvp11PI5ENbXLNMdwgu9etalvUACglpEA qynWf2+tlX+grVa1hUamRmo= =9/w5 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406755: dynagen: FTBFS: make: dpatch: Command not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tags 406755 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) Steve Langasek escreveu: On Sat, Jan 13, 2007 at 11:21:48PM -0300, Alex de Oliveira Silva wrote: Version 0.8.3-1 ? Don't exist this version in Debian. It exists in unstable. Kurt is a buildd admin, I think he knows what he's doing when he reports build failures. http://buildd.debian.org/pkg.cgi?pkg=dynagen regards - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqZvSarbczl+z12gRAgS+AKCIy3ITzET1C6WgnIxHrfZnDofBawCgiYXe E9D3LLHgNu3W+WQ95oWi4qo= =U5T9 -END PGP SIGNATURE- diff -ur dynagen-0.8.3.old/debian/control dynagen-0.8.3/debian/control --- dynagen-0.8.3.old/debian/control2007-01-13 23:53:01.0 -0300 +++ dynagen-0.8.3/debian/control2007-01-13 23:49:00.0 -0300 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Erik Wenzel [EMAIL PROTECTED] Uploaders: Erik Wenzel [EMAIL PROTECTED] -Build-Depends: python-all-dev, cdbs (= 0.4.43), debhelper (= 5.0.37.2), python-support (= 0.3) +Build-Depends: python-all-dev, cdbs (= 0.4.43), debhelper (= 5.0.37.2), python-support (= 0.3), dpatch Standards-Version: 3.7.2 Package: dynagen
Bug#406628: CVE-2007-0159: libgeoip1: GeoIP_update_database_general() Remote Directory Traversal Vulnerability
Package: libgeoip1 Severity: important A vulnerability has been identified in GeoIP, which could be exploited to conduct directory traversal attacks. This issue is due to an input validation error in the GeoIP_update_database_general() [GeoIPUpdate.c] function when handling the database filename, which could be exploited by malicious update servers to overwrite arbitrary files by sending specially crafted HTTP requests to the app/update_getfilename script. Affected Products GeoIP version 1.4.0 and prior Solution Apply patch : http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch References http://www.frsirt.com/english/advisories/2007/0117 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406486: Correct description
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry Thijs. The correct description is this. :) Multiple vulnerabilities have been identified in phpMyAdmin, which may be exploited by attackers to execute arbitrary scripting code. These issues are due to unspecified input validation errors when processing certain parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. Affected Products phpMyAdmin version 2.9.1.1 and prior Solution Upgrade to phpMyAdmin version 2.9.2-rc1 : http://www.phpmyadmin.net/home_page/downloads.php References http://www.frsirt.com/english/advisories/2007/0125 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFp5ZDarbczl+z12gRAm8+AJ9vvZduaUgL95oRN7IF/0FoySmpCgCgtWeI U2Wx1h289M766TX8Jvz1prU= =72Zq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406486: Reporting useless bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Schulze escreveu: You could probably start writing 15k bugs... Regards, Joey I only trying help. Sorry. In my next bugs, I go wait for more informations. regards, - -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFp8rbarbczl+z12gRAro/AJ4m6StTCqBTExoOS4Kp9XzMhrW1/QCeOHdg oT/gmMfCT/hn8n/XpmT87vM= =Vdgh -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406486: CVE-2007-0203: phpmyadmin: Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1
Package: phpmyadmin Severity: important Tags: security Some vulnerabilities have been reported in phpMyAdmin, some of which have unknown impacts, while some can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Some vulnerabilities exist, which are caused due to unspecified errors in phpMyAdmin. No further information is currently available. The vulnerabilities are reported in version 2.9.1.1. Other versions may also be affected. Reference: http://secunia.com/advisories/23702 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406318: SA23670: xorg: DBE and Renderer Extensions Vulnerabilities
Package: xorg Version: 1:7.1.0-10 Severity: important Tags: security Sean Larsson has reported some vulnerabilities in X.Org X11, which can be exploited by malicious, local users to gain escalated privileges. The vulnerabilities are caused due to input validation errors within the ProcRenderAddGlyphs() function of the Renderer extension and the ProcDbeGetVisualInfo() and ProcDbeSwapBuffers() functions of the DBE extension. This can be exploited to cause a memory corruption by sending specially crafted X requests to the X server. Successful exploitation may allow the execution of arbitrary code with the privileges of the X server, but requires that the Renderer or DBE extensions are loaded. The vulnerabilities are reported in version 7.1-1.1.0. Other versions may also be affected. Solution: Update to version 7.2 RC3. Reference: http://secunia.com/advisories/23670/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406332: SA23702: phpmyadmin: Cross-Site Scripting and Unspecified Vulnerabilities
Package: phpmyadmin Version: 4:2.9.1.1-1 Severity: important Tags: security Some vulnerabilities have been reported in phpMyAdmin, some of which have unknown impacts, while some can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Some vulnerabilities exist, which are caused due to unspecified errors in phpMyAdmin. No further information is currently available. The vulnerabilities are reported in version 2.9.1.1. Other versions may also be affected. Solution: Fixed in version 2.9.2-rc1. Reference: http://secunia.com/advisories/23702/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406238: SA23647: mediawiki: AJAX Unspecified Cross-Site Scripting
Package: mediawiki Version: 1:1.7 Severity: important Tags: security I don't know if mediawiki is vunerable with this bug. A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that $wgUseAjax is set to true, which is not its default setting. The vulnerability is reported in the 1.6.x branch before 1.6.9, the 1.7.x branch before 1.7.2, and the 1.8.x branch before 1.8.3. Solution: Update to version 1.6.9, 1.7.2 or 1.8.3. Thanks in advanced. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406244: SA23675: gforge: advanced_search.php Cross-Site Scripting Vulnerability
Package: gforge Version: 4.5.14-19 Severity: important Tags: security The vulnerability is reported in version 4.5.11. Maybe this versions may also be affected. Input passed to the words parameter in search/advanced_search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Solution: Edit the source code to ensure that input is properly sanitised. Reference: http://secunia.com/advisories/23675/ Thanks in advanced. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405441: ITP: smc -- A Jump and Run game like Super Mario World written in C++
Muammar Wadih El Khatib Rodriguez escreveu: On 1/4/07, MJ Ray [EMAIL PROTECTED] wrote: Muammar Wadih El Khatib Rodriguez [EMAIL PROTECTED] wrote: So, you mean it could be included in main using alternative graphics instead of the current ones. If it would not be possible to change the current images, I'd like to know: couldn't be smc included into debian? couldn't be smc included in another category instead of main? Since the end of non-US http://www.debian.org/mirror/list-non-US I don't think there is another category instead of main. main is debian and debian is main. The mirrors also have non-free (stuff that can be redistributed but does not follow the DFSG) and contrib (stuff that could go in main if it didn't depend on something not in main), but they are not part of debian. Also: - IF smc's graphics infringe Nintendo's copyright THEN we probably cannot legally distribute them at all, even in non-free. - Therefore, IF smc's graphics cannot be changed THEN we probably cannot distribute smc. Sorry about the conditionals. I don't know Nintendo's work well enough to have a strong opinion whether or not smc's graphics infringe Nintendo's copyright. Hope that explains, Of course that explained. Now I'm seriously thinking smc is not a good idea at least that the graphics are changed. Regards, Maybe is a good idea for you and for the project smc if you talk with upstream to change this graphics to another. In the future, maybe the project smc have problem with nitendo. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403339: hslogger: FTBFS: unknown package: FilePath
tags 403339 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- diff -ur hslogger-1.0.1.orig/debian/control hslogger-1.0.1/debian/control --- hslogger-1.0.1.orig/debian/control 2006-12-06 18:57:55.0 -0300 +++ hslogger-1.0.1/debian/control 2007-01-04 17:28:56.0 -0300 @@ -1,8 +1,8 @@ Source: hslogger Priority: optional Maintainer: John Goerzen [EMAIL PROTECTED] -Build-Depends: debhelper (= 4.0.0), ghc6 (= 6.6), ghc6 ( 6.6-999), haskell-devscripts (= 0.5.6), cpphs, libghc6-network-dev, libghc6-unix-dev, libghc6-mtl-dev, libghc6-hunit-dev -Build-Depends-Indep: debhelper (= 4.0.0), haddock, hugs (= 98.200503.08), haskell-devscripts (= 0.5.6), ghc6 (= 6.6), cpphs, libhugs-hunit +Build-Depends: debhelper (= 4.0.0), ghc6 (= 6.6), ghc6 ( 6.6-999), haskell-devscripts (= 0.5.6), cpphs, libghc6-network-dev, libghc6-mtl-dev, libghc6-filepath-dev +Build-Depends-Indep: debhelper (= 4.0.0), haddock, hugs (= 98.200503.08), haskell-devscripts (= 0.5.6), ghc6 (= 6.6), cpphs, libghc6-hunit-dev Standards-Version: 3.6.2 Section: devel
Bug#405412: SA23596: miredo: HMAC-MD5-64 Hash Spoofing Vulnerability
Package: miredo Version: 1.0.4-1 Severity: important Tags: Security A vulnerability has been reported in Miredo, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an unspecified error in the authentication process of a Teredo Bubble using HMAC-MD5-64 hashing and can be exploited to impersonate an arbitrary Teredo client. Successful exploitation requires knowledge of the primary IPv4 address of the victim's Teredo server and the victim's Teredo IPv6 address, which is made of the victim's public IPv4 address, the UDP port number, and cone NAT flag. The vulnerability is reported in versions 0.9.8 through 1.0.5. Solution: Update to version 1.0.6. http://secunia.com/advisories/23596/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404995: pnputils: ..conflict w pnpbios-tools on `/sbin/lspnp'...
I don't understand why pnputils conflict with pnpbios-tools. pnpbios-tools don't exist (I don't know if this name is a old name of pnputils) Please run dpkg -L pnpbios-tools. pnputils is (build from source - ok) and (installation - ok) in my computer. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405425: FrSIRT/ADV-2007-0026: vlc: cdio_log_handler() and vcd_log_handler() Format String Vulnerabilities
Package: vlc Version: 0.8.6-svn20061012.debian-1 Severity: critical Tags: security Justification: root security hole Description: Multiple vulnerabilities have been identified in VideoLAN VLC, which could be exploited by attackers to take complete control of an affected system. These issues are due to format string errors in the cdio_log_handler() and vcd_log_handler() functions that call msg_Dbg(), msg_Warn(), and msg_Err() in an insecure manner, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page or opening a malicious M3U playlist. Affected: VideoLAN VLC version 0.8.6 and prior Solution: A fix is available via SVN : http://trac.videolan.org/vlc/changeset/18481 References: http://www.frsirt.com/english/advisories/2007/0026 http://projects.info-pull.com/moab/MOAB-02-01-2007.html -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405441: ITP: smc -- A Jump and Run game like Super Mario World written in C++
I don't know if it is a good program because it have images from Mario (a trademark of Nintendo[1]). I'm sending one copy of this email to debian-legal. On the other hand, if somebody wants to package a SMC please look if it is possible, because it have copyright license. [1] - http://mario.nintendo.com/ Muammar Wadih El Khatib Rodriguez escreveu: Package: wnpp Severity: wishlist Owner: Muammar El Khatib [EMAIL PROTECTED] * Package name: smc Version : 0.99.4 Upstream Author : Florian Richter * URL: http://www.secretmaryo.org * License : GPL Description : A Jump and Run game like Super Mario World written in C++. Citing the homepage: snip Secret Maryo Chronicles is a 2D platform game Game built upon SDL. It is Open Source software so the source is included in the source download package. Features: * In-Game Level Editor * Many Levels * Multiple Maryo Stages * Multiple Overworlds * Great Sound and Music /snip For more information see the oficial web site. regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400906: SA23111: evince: get_next_text() Buffer Overflow Vulnerability
closes 400906 thanks DSA-1243-1[1,2] closes this bug. [1] - http://www.us.debian.org/security/2006/dsa-1243 [2] - http://secunia.com/advisories/23579/ regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404940: SA23465: tdiary: Unspecified Ruby Code Execution Vulnerability
Package: tdiary Version: 2.0.2+20060303-4.1 Severity: important Tags: security Takagi Hiroshi has reported a vulnerability in tDiary, which can be exploited by malicious people to compromise vulnerable systems. An unspecified error within the sanitation of input can be exploited to execute arbitrary Ruby code. Successful exploitation reportedly depends on the product's configuration. The vulnerability is reported in version 2.0.3. Other versions may also be affected. Solution: Update to version 2.0.4. http://secunia.com/advisories/23465/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404964: libvncauth-dev: No header file vncauth.h
tags 404964 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- diff -ur vnc-3.3.7.orig/debian/rules vnc-3.3.7/debian/rules --- vnc-3.3.7.orig/debian/rules 2006-12-29 15:12:22.0 -0300 +++ vnc-3.3.7/debian/rules 2006-12-29 15:11:48.0 -0300 @@ -141,6 +141,8 @@ # $(CURDIR)/debian/libvncauth-dev/usr/include install -o root -g root -m 644 rfb/libvncauth.a \ $(CURDIR)/debian/libvncauth-dev/usr/lib + install -o root -g root -m 644 rfb/vncauth.h \ + $(CURDIR)/debian/libvncauth-dev/usr/include/ # xvncviewer install -o root -g root -m 755 vncviewer/vncviewer \
Bug#400906: pinging...
The patch 10_CVE-2006-5864.patch in new version evince-0.4.0-3 solves the problem in this bug? Regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404818: SA23528: cacti: cmd.php Command Execution and SQL Injection
Package: cacti Version: 0.8.6i-2 Severity: important Tags: security rgod has discovered three vulnerabilities in Cacti, which can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. 1) The cmd.php script does not properly restrict access to command line usage and is installed in a web-accessible location. Successful exploitation requires that register_argc_argv is enabled. 2) Input passed in the URL to cmd.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that register_argc_argv is enabled. 3) The results from the SQL queries in 2) in cmd.php are not properly sanitised before being used as shell commands. This can be exploited to inject arbitrary shell commands. The vulnerabilities are confirmed in version 0.8.6i. Other versions may also be affected. Solution: Move the cmd.php script to a not web-accessible path, and update other scripts accordingly. Edit the source code to ensure that input is properly sanitised. http://secunia.com/advisories/23528/ Regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404817: Cannot build from source
tags 404817 + unreproducible thanks Using pbuilder: dpkg-deb: building package `sylpheed-claws-gtk2' in `../sylpheed-claws-gtk2_2.6.0-1_i386.deb'. dpkg-deb: building package `libsylpheed-claws-gtk2-dev' in `../libsylpheed-claws-gtk2-dev_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-plugins' in `../sylpheed-claws-gtk2-plugins_2.6.0-1_all.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-clamav' in `../sylpheed-claws-gtk2-clamav_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-dillo-viewer' in `../sylpheed-claws-gtk2-dillo-viewer_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-spamassassin' in `../sylpheed-claws-gtk2-spamassassin_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-trayicon' in `../sylpheed-claws-gtk2-trayicon_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-pgpmime' in `../sylpheed-claws-gtk2-pgpmime_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-pgpinline' in `../sylpheed-claws-gtk2-pgpinline_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-bogofilter' in `../sylpheed-claws-gtk2-bogofilter_2.6.0-1_i386.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-i18n' in `../sylpheed-claws-gtk2-i18n_2.6.0-1_all.deb'. dpkg-deb: building package `sylpheed-claws-gtk2-doc' in `../sylpheed-claws-gtk2-doc_2.6.0-1_all.deb'. I dont see the problem. Ricado could you reproduce this bug? Jindrich Makovicka escreveu: Package: sylpheed-claws-gtk2 Version: 2.6.0-1 Hi, trying to build the package from source obtained via apt-get, I encountered the following problems: manual/xml2pdf, and manual/dtd/manual.xsl were missing and I had to download them from the upstream build dependencies do not contain fop and saxon. when these are not installed, the build process fails when trying to install the documentation. gdk-pixbuf is contained in gtk-2.0. libgdk-pixbuf-dev is a gtk-1.2 library and it is not necessary. moreover, its installation pulls a lot of obsolete gtk-1.2 stuff. Regards, -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404564: SA23492: w3m: Certificate Handling Format String Vulnerability
Package: w3m Version: 0.5.1-5 Severity: important Tags: security Description: A vulnerability has been reported in w3m, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when handling SSL certificates and can be exploited via a specially crafted SSL certificate containing format specifiers in the CN field. Successful exploitation may allow execution of arbitrary code when e.g. visiting a malicious website, but requires that the application is running with either the -dump or -backend option. The vulnerability is reported in version 0.5.1. Other versions may also be affected. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403322: FTBFS: missing pciutils b-dep
Tags 403322 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) diff -ur flashrom-0.0+r2526.orig/debian/control flashrom-0.0+r2526/debian/control --- flashrom-0.0+r2526.orig/debian/control 2006-12-16 17:19:29.0 -0300 +++ flashrom-0.0+r2526/debian/control 2006-12-16 17:18:51.0 -0300 @@ -2,7 +2,7 @@ Section: electronics Priority: extra Maintainer: Uwe Hermann [EMAIL PROTECTED] -Build-Depends: cdbs, debhelper (= 5), pciutils-dev +Build-Depends: cdbs, debhelper (= 5), pciutils-dev, zlib1g-dev Standards-Version: 3.7.2 Package: flashrom
Bug#402921: SA23330: fai: Exposure of Password Hashes
Package: fai Version: 3.1.2 Severity: important Tags: security Justin R. Beckley has reported a security issue in fai-client, which can be exploited by malicious, local users to view administrator password hashes. The security issue is caused due to the application storing the root password hash in a log file with insecure permissions when using the verbose mode during installation. The security issue is reported in version 2.10 and 3.1.2. Other versions may also be affected. http://secunia.com/advisories/23330/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402921: wrong opened bug
close 402921 thanks Wrong opened bug See #402644 Sorry Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402802: SA23258: mantis: Custom Field Information Disclosure
Package: mantis Version: 1.0.6+dfsg-2 Severity: important Tags: security A security issue has been reported in Mantis, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to an unspecified error in the handling of custom fields, that are only visible for a project manager. This can be exploited to disclose the contents of custom fields via the history. The vulnerability is reported in versions prior to 1.1.0a2. http://secunia.com/advisories/23258/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#334028: Unable to locale [sic] crtbegin.o provided by gcc
found 334028 0.9.27 merge 334028 339859 374489 thanks strace /usr/bin/i386-uclibc-linux-gcc -o hello hello.c output cat output | grep crtbegin access(/usr/lib/gcc-lib/i486-linux-gnu/3.3.6/crtbegin.o, F_OK) = 0 I think you need to put in Depends: gcc-3.3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#374489: Problem in uClibc
I think I found the problem. The package uclibc-toolchain depends on gcc | c-compiler. But in the compilation of the package its only using gcc-3.3. strace /usr/bin/i386-uclibc-linux-gcc -o hello hello.c output cat output | grep crtbegin access(/usr/lib/gcc-lib/i486-linux-gnu/3.3.6/crtbegin.o, F_OK) = 0 When somebody uses another gcc which is different from gcc-3.3 an error occurs: hecking for C compiler default output file name... configure: error: C compiler cannot create executables See bug #339859 And #339859 ends up causing this error: install: cannot stat `/build/buildd/gibraltar-bootcd-0.55/debian/tmp-build/discover': No such file or directory See bug #374489 And it ended up causing problems in build of package gibraltar-bootcd. I'm giving merge in the 3 bugs. And we'll be waiting for the solution of the problem in package uclibc-toolchain. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402111: new upstream version available
tags 402111 + patch thanks Only for documentation http://madwifi.org/changeset/1842 (the patch is attached to this email) --- madwifi-0.9.2+r1809.20061115.orig/net80211/ieee80211_wireless.c 2006-12-08 08:29:46.0 -0300 +++ madwifi-0.9.2+r1809.20061115/net80211/ieee80211_wireless.c 2006-12-08 08:33:23.0 -0300 @@ -1565,6 +1565,8 @@ memcpy(p, leader, leader_len); bufsize -= leader_len; p += leader_len; + if (bufsize ielen) + return 0; for (i = 0; i ielen bufsize 2; i++) p += sprintf(p, %02x, ie[i]); return (i == ielen ? p - (u_int8_t *)buf : 0); @@ -1587,7 +1589,8 @@ char *end_buf = req-end_buf; char *last_ev; #if WIRELESS_EXT 14 - char buf[64 * 2 + 30]; +#define MAX_IE_LENGTH 64 * 2 + 30 + char buf[MAX_IE_LENGTH]; #ifndef IWEVGENIE static const char rsn_leader[] = rsn_ie=; static const char wpa_leader[] = wpa_ie=; @@ -1735,6 +1738,8 @@ last_ev = current_ev; #ifdef IWEVGENIE memset(iwe, 0, sizeof(iwe)); + if ((se-se_wpa_ie[1] + 2) MAX_IE_LENGTH) + return E2BIG; memcpy(buf, se-se_rsn_ie, se-se_rsn_ie[1] + 2); iwe.cmd = IWEVGENIE; iwe.u.data.length = se-se_rsn_ie[1] + 2;
Bug#402140: SA23283: phpbb2: privmsg.php Cross-Site Request Forgery and Cross-Site Scripting
Package: phpbb2 Version: 2.0.21-5 Severity: important Tags: security Some vulnerabilities have been discovered in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks and cross-site scripting attacks. 1) The application allows users to send messages via HTTP requests without performing any validity checks to verify the request. This can be exploited to send messages to arbitrary users by e.g. tricking a target user into visiting a malicious website. 2) Input passed to the form field Message body in privmsg.php is not properly sanitised before it is returned to the user when sending messages to a non-existent user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of the vulnerabilities requires that the target user is logged in. The vulnerabilities are confirmed in version 2.0.21. Other versions may also be affected. http://secunia.com/advisories/23283/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398376: scim-bridge: installation fails: /var/lib/dpkg/info/tamil-gtk2im.postinst: line 7: update-gtk-immodules: command not found
Tags 398376 + patch
thanks
Even though this a simple fix, I provide anyhow a patch for it.
(the patch is attached to this email)
--- scim-bridge-0.2.4.orig/debian/control 2006-12-08 13:47:37.0 -0300
+++ scim-bridge-0.2.4/debian/control2006-12-08 13:46:33.0 -0300
@@ -8,7 +8,7 @@
Package: scim-bridge
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, scim | skim
+Depends: ${shlibs:Depends}, ${misc:Depends}, scim | skim, libgtk2.0-dev
Description: Yet another gtk-immodule for SCIM
Scim-bridge is yet another gtk-immodule for SCIM.
It communicates with SCIM over sockets, and the DLL loaded by
Bug#398376: scim-bridge: installation fails: /var/lib/dpkg/info/tamil-gtk2im.postinst: line 7: update-gtk-immodules: command not found
Sorry!
The correct patch is this.
--- scim-bridge-0.2.4.orig/debian/control 2006-12-08 13:47:37.0 -0300
+++ scim-bridge-0.2.4/debian/control2006-12-08 13:46:33.0 -0300
@@ -8,7 +8,7 @@
Package: scim-bridge
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, scim | skim
+Depends: ${shlibs:Depends}, ${misc:Depends}, scim | skim, libgtk2.0-bin
Description: Yet another gtk-immodule for SCIM
Scim-bridge is yet another gtk-immodule for SCIM.
It communicates with SCIM over sockets, and the DLL loaded by
Bug#323742: FTBFS: Unable to find gcc-3.3
Tags 323742 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) --- ndiswrapper-modules-i386.orig/debian/control2006-12-08 14:03:36.0 -0300 +++ ndiswrapper-modules-i386-1.1/debian/control 2006-12-08 14:03:10.0 -0300 @@ -2,7 +2,7 @@ Section: net Priority: optional Maintainer: Andres Salomon [EMAIL PROTECTED] -Build-Depends: debhelper ( 4.1.0), cdbs, fakeroot, ndiswrapper-source (= 1.1-3), kernel-headers-2.6.8-2-386, kernel-headers-2.6.8-2-686, kernel-headers-2.6.8-2-686-smp, kernel-headers-2.6.8-2-k7, kernel-headers-2.6.8-2-k7-smp +Build-Depends: debhelper ( 4.1.0), cdbs, fakeroot, ndiswrapper-source (= 1.1-3), kernel-headers-2.6.8-2-386, kernel-headers-2.6.8-2-686, kernel-headers-2.6.8-2-686-smp, kernel-headers-2.6.8-2-k7, kernel-headers-2.6.8-2-k7-smp, gcc Standards-Version: 3.6.1 Package: ndiswrapper-modules-2.6.8-2-386
Bug#402172: python-gtk2-dev: fail to install, missing depends python-gtk2 (= 2.8.6-8)
Package: python-gtk2-dev Version: 2.8.6-7 Severity: important The package python-gtk2-dev depends python-gtk2 (= 2.8.6-8) but in Debian unstable python-gtk2 is version 2.8.6-7. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402194: libocc-x11: FTBFS: cp: missing destination file operand after `oo2crc.tmp'
Package: libocc-x11 Version: 20020123 Severity: important The libocc-x11 fails to build from source. rm -f ooconfig.cpl ooconfig.tmp echo fix-includes ooconfig.tmp echo remove-line \*:X11:*\ ooconfig.tmp echo remove-line PRAGMAS:LIB:HAVE_LIBX11 ooconfig.tmp echo define PRAGMAS:LIB:HAVE_LIBX11 yes ooconfig.tmp echo remove-line OPTIONS:LIB:X11_PREFIX ooconfig.tmp echo append-line OPTIONS:LIB:X11_PREFIX 'DEFINE LibX11Prefix := \\\ -lSM -lICE\\\;' ooconfig.tmp echo remove-line OPTIONS:LIB:X11_SUFFIX ooconfig.tmp echo append-line OPTIONS:LIB:X11_SUFFIX 'DEFINE LibX11Suffix := \\;' ooconfig.tmp echo prepend-line \PATHS:X11:SRC\ \GET *.Mod,*.c FROM src;\ ooconfig.tmp echo prepend-line \PATHS:X11:OBJ\ \GET *.h,*.c,*.d,*.o FROM obj;\ ooconfig.tmp echo prepend-line \PATHS:X11:SYM\ \GET *.Sym,*.Lib FROM sym;\ ooconfig.tmp mv ooconfig.tmp ooconfig.cpl cp oo2crc.tmp cp: missing destination file operand after `oo2crc.tmp' Tente `cp --help' para mais informação. make[1]: ** [oo2crc] Erro 1 make[1]: Saindo do diretório `/home/enerv/debian/libooc-x11-20020123' make: ** [build-stamp] Erro 2 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#393062: FTBFS: i-csstli.adb:55:01: (style) multiple blank lines
Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) But now I see this errors. gcc-4.1 -c -gnatfno -O3 -gnatg -g -I- -gnatA -gnatpg /home/enerv/debian/libadabindx-0.7.2/build/i-csstli.adb i-csstli.adb:52:04: warning: Elmt_Size is not modified, could be declared constant gnatmake: /home/enerv/debian/libadabindx-0.7.2/build/i-csstli.adb compilation error make: ** [build/libadabindx.a] Erro 4 Sorry, I dont solved all the problems. :( --- libadabindx-0.7.2.orig/lib/i-csstli.adb 2002-03-02 08:17:13.0 -0300 +++ libadabindx-0.7.2/lib/i-csstli.adb 2006-12-08 18:16:42.0 -0300 @@ -49,15 +49,7 @@ package String_List_Access is new System.Address_To_Access_Conversions (chars_ptr); - Elmt_Size : size_t := - (chars_ptr'Size - + System.Storage_Unit - 1) / System.Storage_Unit; - - - --- - -- Local Subprograms -- - --- - + Elmt_Size : size_t :=(chars_ptr'Size + System.Storage_Unit - 1) / System.Storage_Unit; function + (Left : chars_ptr_array_ptr; Right : size_t) @@ -92,7 +84,6 @@ Left := Left + chars_ptr_array_ptr (Elmt_Size); end Increment; - -- -- Free -- -- @@ -119,7 +110,6 @@ Item := Null_Array_Ptr; end Free; - procedure Free (Item : in out chars_ptr_array_ptr; Length : in size_t) is @@ -140,7 +130,6 @@ Item := Null_Array_Ptr; end Free; - function New_Chars_Ptr_Array (Ary : in chars_ptr_array; Append_Null : in Boolean := True) @@ -171,7 +160,6 @@ return Pointer; end New_Chars_Ptr_Array; - function Value (Item : in chars_ptr_array_ptr; Offset : in size_t) @@ -180,7 +168,6 @@ return String_List_Access.To_Pointer (To_Address (Item + Offset)).all; end Value; - procedure Update (Item : in out chars_ptr_array_ptr; Offset: in size_t; @@ -196,7 +183,6 @@ Ptr.all := New_Value; end Update; - function Length (Item : in chars_ptr_array_ptr) return size_t is Item_Index : size_t := 0; begin @@ -215,14 +201,11 @@ end loop; end Length; - function Value (Item : in chars_ptr_array_ptr) return chars_ptr_array is begin return Value (Item, Length (Item)); end Value; - - function Value (Item : in chars_ptr_array_ptr; Length : in size_t) @@ -238,7 +221,6 @@ return Ary; end Value; - function Duplicate (Item : in chars_ptr_array_ptr) return chars_ptr_array_ptr is @@ -250,7 +232,6 @@ end if; end Duplicate; - function Duplicate (Item : in chars_ptr_array_ptr; Length : in size_t) @@ -275,5 +256,4 @@ return Pointer; end Duplicate; - end Interfaces.C.Strings.String_Lists; --- libadabindx-0.7.2.orig/lib/i-csstli.ads 2002-03-02 08:17:13.0 -0300 +++ libadabindx-0.7.2/lib/i-csstli.ads 2006-12-08 18:16:42.0 -0300 @@ -74,8 +74,6 @@ Offset: in size_t; New_Value : in chars_ptr); - - -- handle null-terminated arrays (i.e. with a trailing Null_Ptr) -- procedure Free (Item : in out chars_ptr_array_ptr); @@ -90,8 +88,6 @@ (Item : in chars_ptr_array_ptr) return chars_ptr_array_ptr; - - -- handle unterminated arrays (i.e. without a trailing Null_Ptr) -- procedure Free @@ -110,7 +106,6 @@ Length : in size_t) return chars_ptr_array_ptr; - private type chars_ptr_array_ptr is new System.Storage_Elements.Integer_Address;
Bug#309501: fails to build
retitle 309501 FTBS: fails to build in s390 thanks I tested basilisk2 in i386 and it builds perfectly. I am retitle this bug to specify which is the real problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401759: ITP: ktranslator -- translate words from one language to another
Hi Eriberto :) The upstream version of ktranslator dates back to 2005/03/22. Maybe the upstream abandoned it. Did you sent him a e-mail? Joao Eriberto Mota Filho escreveu: Package: wnpp Severity: wishlist Owner: Joao Eriberto Mota Filho [EMAIL PROTECTED] * Package name: ktranslator Version : 0.4 Upstream Author : Raul Fernandes [EMAIL PROTECTED] * URL : http://ktranslator.sf.net * License : GPL Programming Lang: C Description : translate words from one language to another KTranslator is a program to translate words from one language to another. KTranslator should support any language (I hope that) and come with a plugin system, to ease the addition of new dictionaries. . The main idea behind KTranslator is to translate a word without disturb the application in use. So, when the user selects a word while pressing CTRL key, KTranslator will try to translate the word and show the result in a popup window. It behaves like Babylon for Windows. . URL: http://ktranslator.sf.net -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-k7 Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401061: SA23145: kronolith: view Local File Inclusion Vulnerability
I need sleep :~ Sorry Ola. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401061: SA23145: kronolith: view Local File Inclusion Vulnerability
Package: kronolith Version: 2.1.4-1 Severity: important Tags: security A vulnerability has been reported in Kronolith, which can be exploited by malicious users to disclose sensitive information. Input passed to the view parameter within the Kronolith_FreeBusy_View::factory function in lib/FBView.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. The vulnerability is reported in versions prior to 2.0.7 and 2.1.4. If kronolith dont vulnerable I will close this bug. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400904: FrSIRT/ADV-2006-4747: evince: DocumentMedia Handling Client-Side Buffer Overflow Vulnerability
Package: evince Version: 0.4.0-2+b2 Severity: important Tags: Security A vulnerability has been identified in GNOME Evince, which could be exploited by attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when handling a PostScript file containing an overly long DocumentMedia field, which could be exploited by attackers to crash a vulnerable application or compromise a vulnerable system by convincing a user to open a specially crafted file. Maybe the version evince 0.4.0-2+b3 and 0.4.0-2+b2 is vulnerable. If not I will close this bug. http://www.frsirt.com/english/advisories/2006/4747 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400906: SA23111: evince: get_next_text() Buffer Overflow Vulnerability
Package: evince Version: 0.4.0-2+b2 Severity: important Tags: security A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the get_next_text() function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file. The vulnerability is confirmed in version 0.6.1. Other versions may also be affected. Maybe evince 0.4.0-2+b2 and 0.4.0-2+b3 it vulnerable If not I will close this bug. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400557: wrong opened bug
close 400557 thanks Explanation: This bug is only for Solaris. Sorry, Thomas. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400553: CVE-2006-5116
Is true this bug is old. I looked at changelog and it really contains bug CVE-2006-5116 Sorry Thijs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400650: SA23092: tdiary Unspecified Cross-Site scripting vulnerability
Package: tdiary Version: 2.0.2+20060303-4 Severity: important Tags: security Vulnerability has been reported in tDiary, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 2.0.2. http://secunia.com/advisories/23092/ -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#382644: vpopmail-bin uninstallable
Hi coven. I have changed libmysql to libmysqlclient15-dev to see if this solves the problem. I only see one error missing this include freecdbmake.h. Well, I hope this helps you in the next package. chmod 755 libtool touch configure-stamp dh_testdir cd plugins /usr/bin/make make[1]: Entrando no diretório `/home/enerv/debian/vpopmail-5.4.4/plugins' gcc -g -shared -DSITE_SIZE=0 -fPIC -o mysql.so ../vmysql.c -I.. -I/usr/include/mysql -lmysqlclient gcc -g -shared -fPIC -o freecdb.so ../vcdb.c -I.. -I/usr/include/freecdb -lfreecdb -lfreecdbmake ../vcdb.c:38:25: error: freecdbmake.h: Arquivo ou diretório não encontrado ../vcdb.c: In function ‘make_vpasswd_cdb’: ../vcdb.c:73: error: storage size of ‘cdbm’ isn’t known ../vcdb.c:128: error: ‘CDBMAKE_HASHSTART’ undeclared (first use in this function) ../vcdb.c:128: error: (Each undeclared identifier is reported only once ../vcdb.c:128: error: for each function it appears in.) make[1]: ** [freecdb.so] Erro 1 make[1]: Saindo do diretório `/home/enerv/debian/vpopmail-5.4.4/plugins' make: ** [build-stamp] Erro 2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398371: xfingerd: installation fails: invoke-rc.d: unknown initscript, /etc/init.d/inetd not found.
tags 398371 + patch
thanks
Even though this a simple fix, I provide anyhow a patch for it.
(the patch is attached to this email)
diff -ur xfingerd-0.6.orig/debian/control xfingerd-0.6/debian/control
--- xfingerd-0.6.orig/debian/control2006-11-26 20:42:38.0 -0300
+++ xfingerd-0.6/debian/control 2006-11-26 20:45:24.0 -0300
@@ -7,7 +7,7 @@
Package: xfingerd
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, netbase
+Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, netkit-inetd
Conflicts: fingerd, cfingerd
Description: BSD-like finger daemon with qmail support
Yet another finger daemon. Mimics the output and behavior of the original
Bug#398400: egnome: postinst fails: Cannot find executable /usr/lib/smarteiffel/bin/selib2html
tags 398400 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) p.s - I'm sending it again because bug system didn't add tag into the patch. :) diff -ur egnome-0.cvs20020302.orig/debian/postinst egnome-0.cvs20020302/debian/postinst --- egnome-0.cvs20020302.orig/debian/postinst 2006-11-26 01:57:19.0 -0300 +++ egnome-0.cvs20020302/debian/postinst2006-11-26 01:46:21.0 -0300 @@ -2,7 +2,7 @@ if [ $1 = configure ] then # Build the HTML class documentation - if [ -x /usr/lib/smarteiffel/bin/selib2html ] + if [ -x /usr/bin/selib2html ] then echo Building egnome\'s HTML class documentation in the background /usr/lib/egnome/bin/build-htmldocs /dev/null 21
Bug#328362: pmk: postinst fails, missing depends?
tags 328362 + patch thanks Even though this is a simple fix to the missing depends gcc and failed to run pmksetup , I provide anyhow a patch for it. (the patch is attached to this email) diff -ur pmk-0.9.3s2.orig/debian/control pmk-0.9.3s2/debian/control --- pmk-0.9.3s2.orig/debian/control 2006-11-26 21:52:48.0 -0300 +++ pmk-0.9.3s2/debian/control 2006-11-26 22:14:03.0 -0300 @@ -2,7 +2,7 @@ Section: devel Priority: optional Maintainer: Marek Habersack [EMAIL PROTECTED] -Build-Depends: debhelper ( 4.0.0), debconf-utils, debconf (=0.2.26), po-debconf +Build-Depends: debhelper ( 4.0.0), debconf-utils, debconf (=0.2.26), po-debconf, gcc Standards-Version: 3.6.2.1 diff -ur pmk-0.9.3s2.orig/Makefile pmk-0.9.3s2/Makefile --- pmk-0.9.3s2.orig/Makefile 2006-11-26 22:10:40.0 -0300 +++ pmk-0.9.3s2/Makefile2006-11-26 22:11:28.0 -0300 @@ -38,7 +38,7 @@ PREFIX=/usr BINDIR=$(PREFIX)/bin SBINDIR= $(PREFIX)/sbin -DATADIR= $(PREFIX)/share/$(PREMAKE) +DATADIR= $(PREFIX)/share/pmk MANDIR=$(PREFIX)/man MAN1DIR= $(MANDIR)/man1 MAN5DIR= $(MANDIR)/man5
Bug#400553: CVE-2006-5116: Cross-Site Scripting vulnerability
Package: phpmyadmin Version: 4:2.9.0.3-1 Severity: important Tags: security Cross-Site-Scripting vulnerabilities have been found in phpmyadmin. Please see http://www.securityfocus.com/bid/20253 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400557: CVE-2006-5941: Unspecified Malformed TCP packet remote denial of service vulnerability
Package: snmpd Version: 5.2.3-3 Severity: important Tags: security Net-SNMP Unspecified Malformed TCP Packet Remote Denial Of Service Vulnerability. Please see http://www.securityfocus.com/bid/21256 -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398400: egnome: postinst fails: Cannot find executable /usr/lib/smarteiffel/bin/selib2html
tags 398400 + patch thanks Even though this a simple fix, I provide anyhow a patch for it. (the patch is attached to this email) diff -ur egnome-0.cvs20020302.orig/debian/postinst egnome-0.cvs20020302/debian/postinst --- egnome-0.cvs20020302.orig/debian/postinst 2006-11-26 01:57:19.0 -0300 +++ egnome-0.cvs20020302/debian/postinst2006-11-26 01:46:21.0 -0300 @@ -2,7 +2,7 @@ if [ $1 = configure ] then # Build the HTML class documentation - if [ -x /usr/lib/smarteiffel/bin/selib2html ] + if [ -x /usr/bin/selib2html ] then echo Building egnome\'s HTML class documentation in the background /usr/lib/egnome/bin/build-htmldocs /dev/null 21
Bug#394116: trivial patch to sendfile in src/pussy and fix bug #394116
tags 394116 + patch thanks This trivial patch solve the problem in src/pussy bad interpreter. Patch attached. --- sendfile-2.1b.orig/src/pussy +++ sendfile-2.1b/src/pussy @@ -1,4 +1,4 @@ -#!/client/bin/perl -w +#!/usr/bin/perl -w # PUSSY - Perl User SAFT Server Yin
Bug#326681: RFP: gShield
The package of upstream is too old, maybe it abandoned the package. Soo, who really want to package gshield, please contact upstream and looks if he still developing it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396431: bittorrent crash after start download
Jamuraa escreveu: On 11/1/06, Alex de Oliveira Silva [EMAIL PROTECTED] wrote: Jamuraa escreveu: On 10/31/06, Alex de Oliveira Silva [EMAIL PROTECTED] wrote: Package: bittorrent Version: 3.4.2-10 Severity: important After I started download using btdownloadcurses I receive this erro. Thanks in advanced. Traceback (most recent call last): File /usr/bin/btdownloadcurses, line 220, in ? run(mainerrlist, argv[1:]) File /usr/bin/btdownloadcurses, line 163, in run download(params, d.chooseFile, d.display, d.finished, d.error, mainkillflag, fieldw) File /var/lib/python-support/python2.4/BitTorrent/download.py, line 120, in download h = urlopen(config['url']) File /usr/lib/python2.4/urllib2.py, line 130, in urlopen return _opener.open(url, data) File /usr/lib/python2.4/urllib2.py, line 350, in open protocol = req.get_type() File /usr/lib/python2.4/urllib2.py, line 233, in get_type raise ValueError, unknown url type: %s % self.__original -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Versions of packages bittorrent depends on: ii python2.4.3-11 An interactive high-level object-o ii python-support0.5.4 automated rebuilding support for p Versions of packages bittorrent recommends: ii mime-support 3.37-1 MIME files 'mime.types' 'mailcap -- no debconf information Can you give me some more information: 1. What is the exact command line that you used to produce this error btdownloadcurses Desktop/fisl7_-_Admin_-_Rodrigo_Vivi_-_SELinux\:_Deixando_seu_sistema_mais_seguro_\(ou_Paranoico\)_\!.ogg.torrent 2. If possible, a URL to the .torrent which caused this problem. http://torrents.softwarelivre.org:6969/torrents/fisl7_-_Admin_-_Rodrigo_Vivi_-_SELinux%3A_Deixando_seu_sistema_mais_seguro_(ou_Paranoico)_!.ogg.torrent?info_hash=f669ea28e782b8cf01feff94dd997fcd6fc503aa Without this information, I can't really diagnose this bug. After some attempts, I was able to download it. I dont know how caused this. Btw, thanks for the help. Were you able to download it with the BitTorrent package tools or other tools? If you used the bittorrent package, did btdownloadcurses work? If that is the case, I would be willing to bet that it was either a server issue or some transient package problem - in either case it seems fixed now. I'm going to look into the exact error you received later today but if I don't find anything do you mind if I close this bug? No problem. :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396431: bittorrent crash after start download
Jamuraa escreveu: On 10/31/06, Alex de Oliveira Silva [EMAIL PROTECTED] wrote: Package: bittorrent Version: 3.4.2-10 Severity: important After I started download using btdownloadcurses I receive this erro. Thanks in advanced. Traceback (most recent call last): File /usr/bin/btdownloadcurses, line 220, in ? run(mainerrlist, argv[1:]) File /usr/bin/btdownloadcurses, line 163, in run download(params, d.chooseFile, d.display, d.finished, d.error, mainkillflag, fieldw) File /var/lib/python-support/python2.4/BitTorrent/download.py, line 120, in download h = urlopen(config['url']) File /usr/lib/python2.4/urllib2.py, line 130, in urlopen return _opener.open(url, data) File /usr/lib/python2.4/urllib2.py, line 350, in open protocol = req.get_type() File /usr/lib/python2.4/urllib2.py, line 233, in get_type raise ValueError, unknown url type: %s % self.__original -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Versions of packages bittorrent depends on: ii python2.4.3-11 An interactive high-level object-o ii python-support0.5.4 automated rebuilding support for p Versions of packages bittorrent recommends: ii mime-support 3.37-1 MIME files 'mime.types' 'mailcap -- no debconf information Can you give me some more information: 1. What is the exact command line that you used to produce this error btdownloadcurses Desktop/fisl7_-_Admin_-_Rodrigo_Vivi_-_SELinux\:_Deixando_seu_sistema_mais_seguro_\(ou_Paranoico\)_\!.ogg.torrent 2. If possible, a URL to the .torrent which caused this problem. http://torrents.softwarelivre.org:6969/torrents/fisl7_-_Admin_-_Rodrigo_Vivi_-_SELinux%3A_Deixando_seu_sistema_mais_seguro_(ou_Paranoico)_!.ogg.torrent?info_hash=f669ea28e782b8cf01feff94dd997fcd6fc503aa Without this information, I can't really diagnose this bug. After some attempts, I was able to download it. I dont know how caused this. Btw, thanks for the help. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396431: bittorrent crash after start download
Package: bittorrent Version: 3.4.2-10 Severity: important After I started download using btdownloadcurses I receive this erro. Thanks in advanced. Traceback (most recent call last): File /usr/bin/btdownloadcurses, line 220, in ? run(mainerrlist, argv[1:]) File /usr/bin/btdownloadcurses, line 163, in run download(params, d.chooseFile, d.display, d.finished, d.error, mainkillflag, fieldw) File /var/lib/python-support/python2.4/BitTorrent/download.py, line 120, in download h = urlopen(config['url']) File /usr/lib/python2.4/urllib2.py, line 130, in urlopen return _opener.open(url, data) File /usr/lib/python2.4/urllib2.py, line 350, in open protocol = req.get_type() File /usr/lib/python2.4/urllib2.py, line 233, in get_type raise ValueError, unknown url type: %s % self.__original -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Versions of packages bittorrent depends on: ii python2.4.3-11 An interactive high-level object-o ii python-support0.5.4 automated rebuilding support for p Versions of packages bittorrent recommends: ii mime-support 3.37-1 MIME files 'mime.types' 'mailcap -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#396244: fails to use linda
Package: linda Version: 0.3.24 Severity: normal After changed permissions in debian/rules of my packages and run linda. linda -i ../mambo_4.6.1-1_all.deb Traceback (most recent call last): File /usr/bin/linda, line 101, in ? main.run() File /usr/bin/linda, line 59, in run checker.check(file) File /var/lib/python-support/python2.4/linda/checker.py, line 28, in check self.go() File /var/lib/python-support/python2.4/linda/checker.py, line 46, in go self.run_checks(2) File /var/lib/python-support/python2.4/linda/checker.py, line 63, in run_checks self.unpacker.information, level) File /var/lib/python-support/python2.4/linda/libchecks.py, line 138, in apply print _(Check %s failed. Exception %s thrown (%s).) % \ Linda, version 0.3.24 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Versions of packages linda depends on: ii binutils 2.17-2 The GNU assembler, linker and bina ii dash 0.5.3-3The Debian Almquist Shell ii dpkg-dev 1.13.22package building tools for Debian ii file 4.17-4 Determines file type using magic ii man-db2.4.3-3The on-line manual pager ii python2.4.3-11 An interactive high-level object-o ii python-support0.5.2 automated rebuilding support for p Versions of packages linda recommends: ii debian-policy 3.7.2.1Debian Policy Manual and related d -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326398: ITP: joomla -- new content management system created by the former mambo team
I have interest in maintaining package joomla. My sponsor Daniel Ruoso [EMAIL PROTECTED] will upload the package as soon as everything is ok. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#364129: ITA: mambo -- web content management system
I have interest in maintaining package mambo. My sponsor Daniel Ruoso [EMAIL PROTECTED] will upload the package as soon as everything is ok. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
