Bug#536051: CVE-2009-2265, CVE-2009-2324: input sanitization errors

[Giuseppe Iuculano]

Package: fckeditor
Version: 1:2.6.2-1
Severity: grave
Tags: security lenny

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for fckeditor.

CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor before
| 2.6.4.1 allow remote attackers to create executable files in arbitrary
| directories via directory traversal sequences in the input to
| unspecified connector modules, as exploited in the wild for remote
| code execution in July 2009, related to the file browser and the
| editor/filemanager/connectors/ directory.

CVE-2009-2324[1]:
| Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor
| before 2.6.4.1 allow remote attackers to inject arbitrary web script
| or HTML via components in the samples (aka _samples) directory.


These are already fixed in debian unstable.
Please coordinate with the security team (t...@security.debian.org) to
prepare packages for the stable releases.


If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265
http://security-tracker.debian.net/tracker/CVE-2009-2265
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2324
http://security-tracker.debian.net/tracker/CVE-2009-2324

Cheers,
Giuseppe.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpS7BoACgkQNxpp46476aqLkgCfbfTGN8TqPG10C+EBvYMm82zJ
9ngAnRpSHHzwAfY1Usb0My2SzkvwunSF
=tCPb
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#534973: stable updates

[Michael S. Gilbert]

On Mon, 6 Jul 2009 21:44:44 +0200 Thijs Kinkhorst wrote:
> > version 1:1.5.2-5 that I released to unstable is suitable for stable
> > aswell. Prior to this bugfix unstable and stable both contained
> > version 1:1.5.2-4. Attached is a patch with the fix. Do you want me to
> > build it for stable aswell?
> 
> Thank you for getting in touch with us. Judging from the context in which 
> this 
> bug manifests itself, I think releasing a DSA for it is overkill. It happens 
> when creating a new X-Face header, which is something you would do rarely,
> mostly not with any random image you didn't check out before, always as an 
> unprivileged user and what can happen is a crash of the conversion which is 
> harly harmful. The security implications of this are very minor. Normally 
> there's a process to fix minor security issues through a stable point update 
> but I think this one is even too minor for that. It's great that testing and 
> unstable are fixed for the future, but I propose that we just leave it at 
> that and consider this case closed.

i would agree.  the implications (a user-initiated application crash on
invalid input) are so minor that this probably should not have been
tagged as a security concern nor given a CVE in the first place.
although, has the possibility of code injection been fully ruled out?

mike



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#533122: ruby1.8-dev: FTBFS with newer ruby ?

[akira yamada]

Hi,

> Now, however, using what is in unstable, ie 
> 
> Get:33 http://ftp.us.debian.org unstable/main libruby1.8 1.8.7.173-1 [1679kB]
> Get:34 http://ftp.us.debian.org unstable/main ruby1.8 1.8.7.173-1 [290kB]
> Get:35 http://ftp.us.debian.org unstable/main ruby 4.2 [20.6kB]
> Get:36 http://ftp.us.debian.org unstable/main ruby1.8-dev 1.8.7.173-1 [835kB]
> 
> I end up with
> 
> 
> (cd Ruby && ruby setup.rb test)
> creating Makefile
> make[1]: Entering directory `/tmp/buildd/quantlib-swig-0.9.7/Ruby'
> make[1]: *** No rule to make target `Makefile', needed by `QuantLibc.so'.  
> Stop.
> make[1]: Leaving directory `/tmp/buildd/quantlib-swig-0.9.7/Ruby'
> /tmp/buildd/quantlib-swig-0.9.7/Ruby/QuantLib.rb:18:in `require': no such 
> file to load -- QuantLibc (LoadError)
>   from /tmp/buildd/quantlib-swig-0.9.7/Ruby/QuantLib.rb:18
>   from ./dates.rb:18:in `require'
>   from ./dates.rb:18
>   from ./QuantLibTestSuite.rb:23:in `require'
>   from ./QuantLibTestSuite.rb:23
>   from setup.rb:134:in `load'
>   from setup.rb:134
>   from setup.rb:70:in `call'
>   from setup.rb:70:in `execute'
>   from setup.rb:173
> Testing QuantLib-Ruby 0.9.7...
> make: *** [test-stamp] Error 1
> 
> Same for the install target.
> 
> Or is this something that requires upstream changes in setup.rb ?

"ruby setup.rb build" executes the following process:

 1. test -f Makefile && mv Makefile Makefile.old
 2. create Makefile for QuantLibc.so
(It is similar to "ruby -rmkmf -e 'create_makefile("QuantLibc")".)
 3. mv Makefile extension.mak
 4. test -f Makefile.old && mv Makefile.old Makefile

The "setup.rb" assumed that
the "Makefile" in step1 is generated by the configure script.

The "extension.mak" depends on the "Makefile", but
debian/rules doesn't execute the configure script.
It is the problem, I think.

BTW, I try to build QuantLibc.so as the following step
(with ruby1.8_1.8.7.174-1):

 1. apt-get source quantlib-swig
 2. cd quantlib-swig-0.9.7/Ruby
 3. touch Makefile
 4. ruby setup.rb build
 5. ruby setup.rb test

In step4, I got the QuantLibc.so.
In step5, I got the following output:

$ ruby setup.rb test
creating Makefile
make: Nothing to be done for `all'.
Testing QuantLib-Ruby 0.9.7...
Loaded suite QuantLib test suite
Started
Testing date ranges: .
Testing observability of stocks: .
Testing observability of market elements: .
Testing observability of market element handles: .
Testing segment integral: .
Testing 1-D solvers: .
Testing observability of forward-spreaded term structure: .
Testing observability of implied term structure: .
Testing observability of zero-spreaded term structure: .

Finished in 0.672149 seconds.

9 tests, 0 assertions, 0 failures, 0 errors

-- 
ay



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#527796: migemo-perl: FTBFS: Nonexistent build-dependency: textutils

[Elías A . M .]

tags 527796 + patch
thanks

Add dependency coreutils instead of textuils in debian/control.

Elías

Bug#535952: xprint: Xprt can't find symbol PrinterFontRegisterFpeFunctions and fails to start

[Aaron M. Ucko]

Julien Cristau  writes:

> xprint support was removed from libXfont.  We should add a Breaks:
> xprint to the libxfont1 package, as it doesn't look like xprint will be
> coming back.

Strictly speaking, shouldn't that have called for an soname bump?

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?...@monk.mit.edu



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#530271: marked as done (CVE-2009-1732, CVE-2009-1733)

[Debian Bug Tracking System]

Your message dated Tue, 07 Jul 2009 01:54:57 +
with message-id 
and subject line Bug#530271: fixed in ipplan 4.86a-7+lenny1
has caused the Debian Bug report #530271,
regarding CVE-2009-1732, CVE-2009-1733
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
530271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipplan
Severity: serious
Tags: security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ipplan.

CVE-2009-1732[0]:
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan
| 4.91a allows remote attackers to inject arbitrary web script or HTML
| via the grp parameter.

CVE-2009-1733[1]:
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows
| remote attackers to hijack the authentication of administrators for
| requests that (1) change the password, (2) add users, or (3) delete
| users via unknown vectors.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1732
http://security-tracker.debian.net/tracker/CVE-2009-1732
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1733
http://security-tracker.debian.net/tracker/CVE-2009-1733

http://holisticinfosec.org/content/view/113/45/


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoYFsYACgkQNxpp46476apd+gCgnDQjebQhF8gaVx/CkQG4Uh1j
uN0An1q5D7MPVsn5wkC4pxidK5uVTuG7
=AFso
-END PGP SIGNATURE-


--- End Message ---
--- Begin Message ---
Source: ipplan
Source-Version: 4.86a-7+lenny1

We believe that the bug you reported is fixed in the latest version of
ipplan, which is due to be installed in the Debian FTP archive:

ipplan_4.86a-7+lenny1.diff.gz
  to pool/main/i/ipplan/ipplan_4.86a-7+lenny1.diff.gz
ipplan_4.86a-7+lenny1.dsc
  to pool/main/i/ipplan/ipplan_4.86a-7+lenny1.dsc
ipplan_4.86a-7+lenny1_all.deb
  to pool/main/i/ipplan/ipplan_4.86a-7+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris  (supplier of updated ipplan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 09:40:57 +
Source: ipplan
Binary: ipplan
Architecture: source all
Version: 4.86a-7+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Jan Wagner 
Changed-By: Steffen Joeris 
Description: 
 ipplan - web-based IP address manager and tracker
Closes: 530271
Changes: 
 ipplan (4.86a-7+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix cross-site scripting vulnerability, which can be exploited via
 the userid, userdescrip, grp and grpdescrip parameters
 (Closes: #530271)
 Fixes: CVE-2009-1732
Checksums-Sha1: 
 4c8e55c5b87899fa07642a208adad5252ba33d66 1142 ipplan_4.86a-7+lenny1.dsc
 596a79a794fcd4d1570293b3dbb51652a22438dc 1463553 ipplan_4.86a.orig.tar.gz
 319801f9a8b1a1a687430a3cc861c4c55c11f943 24624 ipplan_4.86a-7+lenny1.diff.gz
 97f9fe5c7bf6886b20945708f0e4dfb70d987e23 755870 ipplan_4.86a-7+lenny1_all.deb
Checksums-Sha256: 
 968f38da6f2c6751b08848b7187b5d94a5e94dfa15334ddf4162cd0618653447 1142 
ipplan_4.86a-7+lenny1.dsc
 3b32edf016290ef319e1e9b5dc43def0c0f1224fe54ef427211d8b9944821bee 1463553 
ipplan_4.86a.orig.tar.gz
 3af9f5506cac4201f4e8c59ee6dc5d5c94bd7b368053a7358cbfa355e878 24624 
ipplan_4.86a-7+lenny1.diff.gz
 ecb64fe8d05feb264aefce758abc51ee021c7a8dd2c78af6da0f45152fcee3e8 755870 
ipplan_4.86a-7+lenny1_all.deb
Files: 
 37202f9941e647237b80853e536e11ef 1142 web optional ipplan_4.86a-7+lenny1.dsc
 04a5da8b7e08fcf5bfe0afc31bb7f711 1463553 web optional ipplan_4.86a.orig.tar.gz
 1337c00d254c8e9fe8ca1d7b0764c7d2 24624 web optional 
ipplan_4.86a-7+lenny1.diff.gz
 2a38517b8ad7b3e1371025a4e834effd 755870 web optional 
ipplan_4.86a-7+lenny1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpRyKYACgkQ62zWxYk/rQfxlwCeOcNy+vztrUEB5G5pZ6zpmUSJ
TdkAoLFD0nPYDX1Pnlzibk

Bug#527734: kinput2: FTBFS: make: xmkmf: Command not found

[Elías A . M .]

tags 527734 + patch
thanks

Add dependency xutils-dev in debian/control

--
Elías

Bug#534770: marked as done (libghc6-x11-xft-dev: dependency on libghc6-utf8-string-dev << 0.3.4+)

[Debian Bug Tracking System]

Your message dated Tue, 07 Jul 2009 03:46:22 +0200
with message-id <1246931182.4670.40.ca...@localhost>
and subject line Fixed by binNMUs
has caused the Debian Bug report #534770,
regarding libghc6-x11-xft-dev: dependency on libghc6-utf8-string-dev << 0.3.4+
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
534770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534770
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libghc6-x11-xft-dev
Version: 0.3-3+b1
Severity: grave
Justification: renders package unusable


Todays update of libghc6-utf8-string-dev to 0.3.5-1 broke 
libghc6-x11-xft-dev, making it unusable (ie. libghc6-xmonad-contrib-dev 
is broken now).

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (700, 'testing'), (650, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libghc6-x11-xft-dev depends on:
ii  ghc6 [libghc6-utf8-stri 6.10.3-2 GHC - the Glasgow Haskell Compilat
ii  libc6   2.9-12   GNU C Library: Shared libraries
ii  libffi5 3.0.7-1  Foreign Function Interface library
ii  libghc6-utf8-string-dev 0.3.5-1  GHC 6 libraries for the Haskell UT
ii  libghc6-x11-dev 1.4.5-4  Haskell X11 binding for GHC
ii  libgmp3c2   2:4.2.4+dfsg-8.1 Multiprecision arithmetic library
ii  libx11-62:1.2.1-1X11 client-side library
ii  libxext62:1.0.4-1X11 miscellaneous extension librar
ii  libxft-dev  2.1.13-3 FreeType-based font drawing librar
ii  libxft2 2.1.13-3 FreeType-based font drawing librar
ii  libxinerama12:1.0.3-2X11 Xinerama extension library

libghc6-x11-xft-dev recommends no packages.

libghc6-x11-xft-dev suggests no packages.


--- End Message ---
--- Begin Message ---
This has been taken care of.
-- 
Joachim "nomeata" Breitner
Debian Developer
  nome...@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
--- End Message ---

Processed: (no subject)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 532119
Bug#532119: [hardware-monitor] Does not load
Bug reopened, originator not changed.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536034: dpkg-dev: dpkg-gensymbols produces broken symbols files

[Michael Biebl]

Package: dpkg-dev
Version: 1.15.3
Severity: serious
Justification: broken dependencies

Since the latest update of dpkg from 1.15.2 to 1.15.3, dpkg-gensymbols
produces broken symbols files. As an example I attached the
libc6.symbols file for -19, which whas generated using 1.15.3.

Severity serious, as this results in broken package depdencies.

Michael


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (300, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.1
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dpkg-dev depends on:
ii  binutils  2.19.51.20090704-1 The GNU assembler, linker and bina
ii  bzip2 1.0.5-3high-quality block-sorting file co
ii  dpkg  1.15.3 Debian package management system
ii  libtimedate-perl  1.1600-9   Time and date functions for Perl
ii  lzma  4.43-14Compression method of 7z format in
ii  make  3.81-6 An utility for Directing compilati
ii  patch 2.5.9-5Apply a diff file to an original
ii  perl [perl5]  5.10.0-23  Larry Wall's Practical Extraction 
ii  perl-modules  5.10.0-23  Core Perl modules

Versions of packages dpkg-dev recommends:
ii  build-essential   11.4   Informational list of build-essent
ii  gcc [c-compiler]  4:4.3.3-9  The GNU C compiler
ii  gcc-4.3 [c-compiler]  4.3.3-13   The GNU C compiler
ii  gnupg 1.4.9-4GNU privacy guard - a free PGP rep
ii  gpgv  1.4.9-4GNU privacy guard - signature veri

Versions of packages dpkg-dev suggests:
ii  debian-keyring2009.05.28 GnuPG (and obsolete PGP) keys of D
ii  debian-maintainers1.62   GPG keys of Debian maintainers

-- no debconf information
ld-linux.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
 __tls_get_a...@glibc_2.3 2.3.6-6~
libBrokenLocale.so.1 libc6 #MINVER#
libSegFault.so libc6 #MINVER#
 __invoke_dynamic_linke...@base 2.3.6
libanl.so.1 libc6 #MINVER#
libc.so.6 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libcidn.so.1 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libcrypt.so.1 libc6 #MINVER#
libdl.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libm.so.6 libc6 #MINVER#
libmemusage.so libc6 #MINVER#
 __invoke_dynamic_linke...@base 2.3.6
 cal...@base 2.3.6
 f...@base 2.3.6
 mal...@base 2.3.6
 mma...@base 2.3.6
 m...@base 2.3.6
 mre...@base 2.3.6
 mun...@base 2.3.6
 real...@base 2.3.6
libnsl.so.1 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_compat.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_dns.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_files.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_hesiod.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_nis.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libnss_nisplus.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libpcprofile.so libc6 #MINVER#
 __cyg_profile_func_en...@base 2.3.6
 __cyg_profile_func_e...@base 2.3.6
 __invoke_dynamic_linke...@base 2.3.6
libpthread.so.0 libc6 (>= 2.3.6-6~), libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
libresolv.so.2 libc6 #MINVER#
| libc6 (>> 2.9), libc6 (<< 2.10)
librt.so.1 libc6 #MINVER#
libthread_db.so.1 libc6 #MINVER#
libutil.so.1 libc6 #MINVER#

Bug#518446: doxia-sitetools: FTBFS: java.lang.reflect.InvocationTargetException

[Ludovic Claude]

Torsten,

plexus-build-api is used only on modello 1.0+, so it looks like you
where using the wrong version of the sources. There was a
 uscan --upstream-version 0
in debian/rules which always download the latest version of the sources,
regardless of the version given in the changelog, so that may be what
happened to you.

I always use
 uscan --download-version $(DEB_UPSTREAM_VERSION) --force-download --rename
as it's more reliable.

Ludovic



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535660: heirloom-mailx: FTBFS on mips* due to reuse of weak symbol optopt

[Hilko Bengen]

Luk Claes  writes:

> Package: heirloom-mailx
> Version: 12.4-1
> Severity: serious
> Tags: patch
>
> Dear maintainer,
>
> I've prepared an NMU for heirloom-mailx (versioned as 12.4-1.1), but
> have not uploaded it yet. Please free to tell me if I should upload or
> let you take care of it.

You may proceed. :-)

But I am not sure I understand the nature of this bug. Where can I read
more about those "weak symbols" and why does the linker on mips and
mipsel behave differently than on all other architectures?

Cheers,
-Hilko



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#521699: 185.18.14-1, possible gdm problem..

[Jaak Pruulmann-Vengerfeldt]

Hi!

After upgrading to 185.18.14-1 starting X using gdm failed -- quite like
in message #20 (everything starts, logo flickers and then X dies). I was
able to start X using almost every way but gdm (startx, plain X server
etc) and gdm was the one to blame. 

There is 10 second timeout before it assumes server failure
(/usr/share/gdm/defaults.conf, GdmXserverTimeout). After setting timeout
to 20 seconds, everything works again. You can override defaults
in /etc/gdm/gdm.conf, add GdmXserverTimeout=20 to [daemon] section.

jaak.







-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability fixed in 1.26

[Dominic Hargreaves]

On Mon, Jul 06, 2009 at 10:36:15AM +0100, Dominic Hargreaves wrote:

> 1.26 (just uploaded to unstable) fixes what looks like a fairly serious
> security issue:
> 
> v1.26 2009.07.03
> - SECURITY BUGFIX! 
>   fix Bug in verify_hostname_of_cert where it matched only the prefix for 
>   the hostname when no wildcard was given, e.g. www.example.org matched
>   against a certificate with name www.exam in it
>   Thanks to MLEHMANN for reporting
> 
> >From inspecting the source this appears to apply to at least 1.24-1
> (testing) and 1.16-1 (stable).

Hi security team.

I'd be grateful if you could review this and let us know whether you
believe a security update is necessary. A package with the fix backported
has been prepared in

http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/

although it has not yet been fully tested.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536017: libio-socket-ssl-perl: FTBFS in lenny

[Dominic Hargreaves]

On Mon, Jul 06, 2009 at 11:37:47PM +0300, Niko Tyni wrote:
> I think the problem is this:
> 
> % openssl x509 -text -in certs/server-wildcard.pem|grep -A2 Validity
> Validity
> Not Before: Feb 22 08:06:33 2008 GMT
> Not After : Feb 21 08:06:33 2009 GMT
> 
> Looking at the changelog, the test certificates were renewed upstream
> in 1.23 and 1.24.  That doesn't help us much, cherry-picking those will
> only lead to another timebomb in the future.
> 
> I suggest disabling (most of?) the tests for the lenny security upload.

Hmm, difficult one. I think I marginally prefer leaving the tests enabled
- disabling them is almost inviting missing a real test failure :) But
it's also inviting a repeat of this and wasting people's time in future.

> As for sid/squeeze, I think the best thing to do would be to work
> with upstream to make the test suite automatically generate the test
> certificates during the build.

On the other hand, the new certs expire in 2019, so perhaps this is
long enough that the timebomb will never be reached again (famous
last words).

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536017: setting package to libio-socket-ssl-perl, tagging 536017

[Dominic Hargreaves]

# Automatically generated email from bts, devscripts version 2.10.35lenny3
# via tagpending 
#
# libio-socket-ssl-perl (1.16-1+lenny1) UNRELEASED; urgency=low
#
#  * Disable tests which rely on expired test cert to fix FTBFS
#(closes: #536017)
#

package libio-socket-ssl-perl
tags 536017 + pending




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: setting package to libio-socket-ssl-perl, tagging 536017

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Automatically generated email from bts, devscripts version 2.10.35lenny3
> # via tagpending
> #
> # libio-socket-ssl-perl (1.16-1+lenny1) UNRELEASED; urgency=low
> #
> #  * Disable tests which rely on expired test cert to fix FTBFS
> #(closes: #536017)
> #
> package libio-socket-ssl-perl
Ignoring bugs not assigned to: libio-socket-ssl-perl

> tags 536017 + pending
Bug#536017: libio-socket-ssl-perl: FTBFS in lenny
Tags were: pending
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Bug in fixed in revision 39430

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 536017 + pending
Bug#536017: libio-socket-ssl-perl: FTBFS in lenny
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536017: Bug in fixed in revision 39430

[pkg-perl-maintainers]

tag 536017 + pending
thanks

Some bugs are closed in revision 39430
by Dominic Hargreaves (dom)

Commit message:

  * Disable tests which rely on expired test cert to fix FTBFS
(closes: #536017)




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 535946

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Automatically generated email from bts, devscripts version 2.10.35lenny3
> tags 535946 + pending
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Tags were: pending security
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535946: Bug in fixed in revision 39428

[pkg-perl-maintainers]

tag 535946 + pending
thanks

Some bugs are closed in revision 39428
by Dominic Hargreaves (dom)

Commit message:

  * Fix partial hostname matching security vulnerability (closes: #535946)
  * Add myself to Uploaders




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Bug in fixed in revision 39428

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 535946 + pending
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Tags were: security
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536025: java-gcj-compat: FTBFS with new dpkg-dev

[Cyril Brulebois]

Package: java-gcj-compat
Version: 1.0.80-5
Severity: serious
Tags: patch
Justification: FTBFS

Hi,

dpkg-dev now expects proper folding in (Build-|)Depends, so your package
now FTBFS:
| dpkg-checkbuilddeps: warning: can't parse dependency gcj-4.3 (>= 4.3.3) 
[!hppa]
|  ecj (>= 3.3.0)
| dpkg-checkbuilddeps: error: error occurred while parsing 
Build-Depends/Build-Depends-Indep)
| dpkg-buildpackage: warning: Build dependencies/conflicts unsatisfied; 
aborting.

The trivial fix is attached. Fixing this bug ASAP would help
kfreebsd-i386 get some java support (unfortunately, this package wasn't
built when dpkg-dev was less strict because of a missing build
dependency).

Mraw,
KiBi.
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@
 Maintainer: Debian GCC Maintainers 
 Uploaders: Michael Koch , Matthias Klose 
 Build-Depends: debhelper (>= 5.0.37.2),
- gcj-4.3 (>= 4.3.3) [!hppa]
+ gcj-4.3 (>= 4.3.3) [!hppa],
  ecj (>= 3.3.0), fastjar, gjdoc, python-dev (>= 2.3.5-11), python-central (>= 
0.5), lsb-release, openssl, ca-certificates
 XS-Python-Version: current
 Standards-Version: 3.8.1

Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability fixed in 1.26

[Dominic Hargreaves]

On Mon, Jul 06, 2009 at 09:20:59PM +0200, Salvatore Bonaccorso wrote:

> I "backported" the changes from 1.25 to 1.26 from unstable to the 1.16
> in Lenny:

Thanks, I'm preparing an update in the pkg-perl svn repository.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535890: marked as done (phpmyadmin: remote code injection via xss vulnerability)

[Debian Bug Tracking System]

Your message dated Mon, 6 Jul 2009 23:02:46 +0200
with message-id <200907062302.47824.th...@debian.org>
and subject line Re: Bug#535890: phpmyadmin: remote code injection via xss 
vulnerability
has caused the Debian Bug report #535890,
regarding phpmyadmin: remote code injection via xss vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535890
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: phpmyadmin
Version: 4:2.9.1.1-10
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for phpmyadmin.

CVE-2009-2284[0]:
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
| allows remote attackers to inject arbitrary web script or HTML via a
| crafted SQL bookmark.

This is fixed in unstable.  Please coordinate with the security team to
prepare updates for the stable releases.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2284
http://security-tracker.debian.net/tracker/CVE-2009-2284


--- End Message ---
--- Begin Message ---
On snein 5 July 2009, Michael S. Gilbert wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for phpmyadmin.
>
> CVE-2009-2284[0]:
> | Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
> | allows remote attackers to inject arbitrary web script or HTML via a
> | crafted SQL bookmark.
>
> This is fixed in unstable.  Please coordinate with the security team to
> prepare updates for the stable releases.

Thanks. Code review and testing turns out that this bug was in code that was 
introduced in the 3.x series, so oldstable and stable are not affected by 
this. This bug can hence be closed.


cheers,
Thijs


signature.asc
Description: This is a digitally signed message part.
--- End Message ---

Bug#520775: marked as done (libdoxia-sitetools-java: Invalid Conflicts with libdoxia-java)

[Debian Bug Tracking System]

Your message dated Mon, 6 Jul 2009 22:57:59 +0200
with message-id 
and subject line Re: Bug#520775: libdoxia-sitetools-java: Invalid Conflicts 
with  libdoxia-java
has caused the Debian Bug report #520775,
regarding libdoxia-sitetools-java: Invalid Conflicts with libdoxia-java
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
520775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520775
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libdoxia-sitetools-java
Version: 1.0-alpha-11-3
Severity: normal

Hi,

libdoxia-sitetools-java is uninstallable in a sid chroot :

The following packages have unmet dependencies:
  libdoxia-sitetools-java: Conflicts: libdoxia-java (<= 1.0-alpha-7-1) but 1.0-
alpha-7-1 is to be installed
E: Broken packages

It seems release 1.0-alpha-11-2 from experimental should be uploaded to 
unstable.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-rc8-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Hi,

On Sun, Mar 22, 2009 at 7:19 PM, Damien Raude-Morvan wrote:
> It seems release 1.0-alpha-11-2 from experimental should be uploaded to
> unstable.

done.

Cheers,
Torsten

--- End Message ---

Processed: tagging 518446

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 518446 + help
Bug#518446: doxia-sitetools: FTBFS: java.lang.reflect.InvocationTargetException
There were no tags set.
Tags added: help

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#518446: doxia-sitetools: FTBFS: java.lang.reflect.InvocationTargetException

[Torsten Werner]

Hi,


On Sun, Mar 22, 2009 at 8:58 PM, Damien Raude-Morvan wrote:
> I've successfuly built doxia-sitetools 1.0-alpha-11-3 in a sid chroot using
> two packages from experimental :
>
>  * libmodello-java 1.0-alpha-21-1
>  * libdoxia-java 1.0-alpha-11-2
>
> I think those packages should be uploaded to unstable since Lenny is now
> released.

those packages are in unstable now but the build fails with

Buildfile: debian/build.xml

generate-sources:
  [modello] Running the 'xpp3-writer' Modello plugin using model file
./doxia-decoration-model/src/main/mdo/decoration.mdo for version 1.0.0
  [modello] Cannot find file /usr/share/java/plexus-build-api.jar

I have currently no idea what is wrong. It did certainly work in the past.


Sorry,
Torsten



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536021: Ekiga is not installable because it depends on libopal3.6.1

[Eugen Dedu]

Rafael Almeida wrote:

Package: ekiga
Version: 3.2.1~git20090515.9d0263-1
Severity: serious
Tags: sid

Ekiga is depending on libopal3.6.1, but the package is not currently
available on sid. However, there is a libopal3.6.3 which ekiga may
work with.


I am uploading ekiga with new ptlib/opal dependencies, please wait a bit...

--
Eugen Dedu



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: retitle

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 535709 "Missing dependency on package sharutils"
Bug#535709: console-setup: Missing dependency on uudecode
Changed Bug title to `"Missing dependency on package sharutils"' from 
`console-setup: Missing dependency on uudecode'.
(By the way, that Bug is currently marked as done.)

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536021: Ekiga is not installable because it depends on libopal3.6.1

[Rafael Almeida]

Package: ekiga
Version: 3.2.1~git20090515.9d0263-1
Severity: serious
Tags: sid

Ekiga is depending on libopal3.6.1, but the package is not currently
available on sid. However, there is a libopal3.6.3 which ekiga may
work with.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: closing 532362

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> close 532362
Bug#532362: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache 
Tomcat 6 Multiple Vulnerabilities
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Giuseppe Iuculano 


>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536017: libio-socket-ssl-perl: FTBFS in lenny

[Niko Tyni]

On Mon, Jul 06, 2009 at 09:49:30PM +0200, Salvatore Bonaccorso wrote:
> Package: libio-socket-ssl-perl
> Version: 1.16-1
> Severity: serious
> Justification: FTBFS
> 
> During trying to backport the bugfixes for the security bug #535946 I
> noticed that libio-socket-ssl-perl FTBFS on lenny.
> 
> Attached is my buildlog in a up lenny cowbuilder environment.

I think the problem is this:

% openssl x509 -text -in certs/server-wildcard.pem|grep -A2 Validity
Validity
Not Before: Feb 22 08:06:33 2008 GMT
Not After : Feb 21 08:06:33 2009 GMT

Looking at the changelog, the test certificates were renewed upstream
in 1.23 and 1.24.  That doesn't help us much, cherry-picking those will
only lead to another timebomb in the future.

I suggest disabling (most of?) the tests for the lenny security upload.

As for sid/squeeze, I think the best thing to do would be to work
with upstream to make the test suite automatically generate the test
certificates during the build.

Cheers,
-- 
Niko Tyni   nt...@debian.org



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#533361: marked as done (xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 19:54:46 +
with message-id 
and subject line Bug#533361: fixed in xcftools 1.0.4-1+lenny1
has caused the Debian Bug report #533361,
regarding xcftools: 'xcf2pnm -C ... layer' crashes on some valid XCF files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
533361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533361
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xcftools
Version: 1.0.4-1
Severity: important


I really like the xcftools package, because it lets me author things
in Gimp and then automate operations on them (e.g. let a Makefile
generate jpeg images from a sandwhich of layers). However, this bug is
a problem for me currently:

I try to extract individual layers, clipped to the canvas size. It
seems that at least sometimes, for at least some layers which extends
past the edges of the canvas, xcf2pnm fails.  On this amd64 system, it
passes an unreasonable size to malloc().  On my PPC Debian 4.0 system
and xcftools (1.0.4-1) it dies with SIGILL instead. Possibly, almost
anything can happen.

xcf2png fails in the same way.

Some might suspect that this as a security issue. I have chosen not to
file it as such, but feel free to raise the severity if you think it's
important.

I have attached two minimal example files (gzipped).  The -bigcanvas
variant was created in Gimp with "Fit canvas to layers". And here is a
terminal session which shows the problem:

salix:/tmp/xcfbug% ls -l 
total 84
-rw-r--r-- 1 grahn grahn 46351 Jun 16 21:50 djuras_white_bigcanvas.xcf
-rw-r--r-- 1 grahn grahn 32939 Jun 16 21:49 djuras_white.xcf

salix:/tmp/xcfbug% md5sum *xcf
a1b5381579a94af0822a09d3f37b3e4b  djuras_white_bigcanvas.xcf
7812863507ddd7e486bfabdb468f6d78  djuras_white.xcf

salix:/tmp/xcfbug% xcfinfo djuras_white.xcf 
Version 0, 1600x1600 RGB color, 2 layers, compressed RLE
- 1670x1653-38-27 RGB-alpha Normal eniro
+ 1600x1600+0+0 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcfinfo djuras_white_bigcanvas.xcf 
Version 0, 1670x1653 RGB color, 2 layers, compressed RLE
- 1670x1653+0+0 RGB-alpha Normal eniro
+ 1600x1600+38+27 RGB-alpha Normal ekon

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf ekon |md5sum
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf ekon |md5sum 
141f57dbe4df3f07eb00b58297112e91  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white_bigcanvas.xcf eniro |md5sum
95a6ef319b81ae9f552b6f0ef3c164d9  -

salix:/tmp/xcfbug% xcf2pnm -b black -C djuras_white.xcf eniro |md5sum 
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done   md5sum

salix:/tmp/xcfbug% valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro 
|md5sum
==2403== Warning: silly arg (-1794832372) to malloc()
xcf2pnm: Out of memory
d41d8cd98f00b204e9800998ecf8427e  -
zsh: exit 127   valgrind -q xcf2pnm -b black -C djuras_white.xcf eniro | 
zsh: done   md5sum
salix:/tmp/xcfbug% 

I'd really appreciate a fix. I could try debugging it myself, but I have a
feeling someone else (e.g. the upstream author) who knows XXF better can
succeed in an hour or so.

regards,
Jörgen

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26.7 (PREEMPT)
Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xcftools depends on:
ii  libc62.7-18  GNU C Library: Shared libraries
ii  libpng12-0   1.2.27-2+lenny2 PNG library - runtime

Versions of packages xcftools recommends:
pn  feh | gimageview | gqview | i  (no description available)
ii  mime-support  3.44-1 MIME files 'mime.types' & 'mailcap
ii  x11-common1:7.3+18   X Window System (X.Org) infrastruc

Versions of packages xcftools suggests:
ii  gimp  2.4.7-1The GNU Image Manipulation Program

-- no debconf information


djuras_white.xcf.gz
Description: GNU Zip compressed data


djuras_white_bigcanvas.xcf.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
Source: xcftools
Source-Version: 1.0.4-1+lenny1

We believe that the bug you reported is fixed in the latest version of
xcftools, which is due to be installed in the Debian FTP archive:

xcftools_1.0.4-1+lenny1.diff.gz
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.diff.gz
xcftools_1.0.4-1+lenny1.dsc
  to pool/main/x/xcftools/xcftools_1.0.4-1+lenny1.dsc
x

Bug#527349: similar behaviour

[Ólafur Jens Sigurðsson]

I also have the 865G driver and am having problems with it.

But disabling DRI with Option  "DRI"  "False" in my xorg.conf lets me
run X without big problems (it is slow, but it runs at least, have you
guys tried this?).

Some people over at the #intel-gfx suggested that this was not a problem of
the intel driver but a problem with the mesa and should be fixed in
the 7.5 or 7.6 version (havn't tested it though).

One thing about the DRI option, if I ommit disabling the DRI then I
can run X by using IceWM and can watch videos with mplayer (havn't
tried any other player) but if I try to run anything else like
iceweasel then the X freezes. If the DRI is set to False then I can
not watch videos with mplayer so I am switching between the two at the
moment from time to time.

Cheers

Oli



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: r2937 - in trunk/samba/debian: . patches

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 534595 pending
Bug#534595: samba-common-bin: Uninstallable on experimental
Tags were: pending patch
Tags added: pending

> tags 299433 pending
Bug#299433: smbd and nmbd should clean out their PID files when killed 
gracefully
Tags were: fixed-upstream confirmed upstream
Tags added: pending

> tags 454112 pending
Bug#454112: winbind does not remove its pidfile on exit
Tags were: fixed-upstream
Tags added: pending

> tags 524661 pending
Bug#524661: Conflicts: samba (<< 2:3.3.0~rc2-5), samba-common (<< 
2:3.3.0~rc2-5) are outdated because squeeze has 3.3.2 and sid 3.3.3
There were no tags set.
Warning: Unknown package 'samba4-common'
Tags added: pending

> tags 428618 pending
Bug#428618: samba: can fail with "bind interfaces only" and >128 IP addresses
Tags were: fixed-upstream upstream confirmed
Tags added: pending

> tags 526229 pending
Bug#526229: samba: Bug prevents Win2kSP4 clients to join domain
Tags were: fixed-upstream sid squeeze lenny
Tags added: pending

> tags 529350 pending
Bug#529350: samba: [INTL:it] Italian debconf templates translation
Tags were: l10n patch
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#536012: marked as done (drupal6: SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities)

[Debian Bug Tracking System]

Your message dated Mon, 6 Jul 2009 21:47:56 +0200
with message-id <20090706194756.gb14...@ngolde.de>
and subject line Re: [Secure-testing-team] Bug#536012: drupal6: 
SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
has caused the Debian Bug report #536012,
regarding drupal6: SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
536012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: drupal6
Version: 6.12-1
Severity: critical
Tags: security

SA-CORE-2009-007 was reported on July 1, 2009; it is fixed in the new
upstream version 6.13.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531386

Please note that the Drupal version in Lenny (6.6) is also vulnerable.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


--- End Message ---
--- Begin Message ---
Version: 6.12-1.1

Hi,
* Gunnar Wolf  [2009-07-06 21:38]:
> Package: drupal6
> Version: 6.12-1
> Severity: critical
> Tags: security
> 
> SA-CORE-2009-007 was reported on July 1, 2009; it is fixed in the new
> upstream version 6.13.
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531386
> 
> Please note that the Drupal version in Lenny (6.6) is also vulnerable.

This is a duplicate of #535435 which I just NMUed.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.


pgpnmBzd8sMPF.pgp
Description: PGP signature
--- End Message ---

Bug#536017: libio-socket-ssl-perl: FTBFS in lenny

[Salvatore Bonaccorso]

Package: libio-socket-ssl-perl
Version: 1.16-1
Severity: serious
Justification: FTBFS

During trying to backport the bugfixes for the security bug #535946 I
noticed that libio-socket-ssl-perl FTBFS on lenny.

Attached is my buildlog in a up lenny cowbuilder environment.

Salvatore

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
dpkg-buildpackage: set CFLAGS to default value: -g -O2
dpkg-buildpackage: set CPPFLAGS to default value: 
dpkg-buildpackage: set LDFLAGS to default value: 
dpkg-buildpackage: set FFLAGS to default value: -g -O2
dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: source package libio-socket-ssl-perl
dpkg-buildpackage: source version 1.16-1
dpkg-buildpackage: source changed by Ansgar Burchardt 
 fakeroot debian/rules clean
dh clean
   dh_testdir
   dh_auto_clean
   dh_clean
 dpkg-source -b libio-socket-ssl-perl-1.16
dpkg-source: info: using source format `1.0'
dpkg-source: info: building libio-socket-ssl-perl using existing libio-socket-ssl-perl_1.16.orig.tar.gz
dpkg-source: info: building libio-socket-ssl-perl in libio-socket-ssl-perl_1.16-1.diff.gz
dpkg-source: info: building libio-socket-ssl-perl in libio-socket-ssl-perl_1.16-1.dsc
 dpkg-genchanges -S >../libio-socket-ssl-perl_1.16-1_source.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: source only upload (original source is included)
 -> Copying COW directory
  forking: rm -rf /home/pbuilder/build//cow.22161 
  forking: cp -al /home/pbuilder/lenny-i386.base.cow /home/pbuilder/build//cow.22161 
I: removed stale ilistfile /home/pbuilder/build//cow.22161/.ilist
  forking: chroot /home/pbuilder/build//cow.22161 cowdancer-ilistcreate /.ilist find . -xdev -path ./home -prune -o \( \( -type l -o -type f \) -a -links +1 -print0 \) | xargs -0 stat --format '%d %i ' 
 -> Invoking pbuilder
  forking: pbuilder build --debbuildopts  --buildplace /home/pbuilder/build//cow.22161 --buildresult /tmp/bla/buildresult --no-targz --internal-chrootexec chroot /home/pbuilder/build//cow.22161 cow-shell /tmp/bla/libio-socket-ssl-perl_1.16-1.dsc 
W: Build-result Directory /tmp/bla/buildresult does not exist
I: Running in no-targz mode
I: using fakeroot in build.
I: Current time: Mon Jul  6 21:43:09 CEST 2009
I: pbuilder-time-stamp: 1246909389
I: copying local configuration
I: mounting /proc filesystem
I: mounting /dev/pts filesystem
I: policy-rc.d already exists
I: created buildresult dir: /tmp/bla/buildresult
I: Obtaining the cached apt archive contents
I: Installing the build-deps
 -> Attempting to satisfy build-dependencies
 -> Creating pbuilder-satisfydepends-dummy package
Package: pbuilder-satisfydepends-dummy
Version: 0.invalid.0
Architecture: i386
Maintainer: Debian Pbuilder Team 
Description: Dummy package to satisfy dependencies with aptitude - created by pbuilder
 This package was created automatically by pbuilder and should
Depends: debhelper (>= 7), perl (>= 5.8.0-7), libnet-ssleay-perl (>= 1.35), netbase, libnet-libidn-perl
dpkg-deb: building package `pbuilder-satisfydepends-dummy' in `/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
Reading package lists...
Building dependency tree...
Reading state information...
aptitude is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Selecting previously deselected package pbuilder-satisfydepends-dummy.
(Reading database ... 9897 files and directories currently installed.)
Unpacking pbuilder-satisfydepends-dummy (from .../pbuilder-satisfydepends-dummy.deb) ...
dpkg: dependency problems prevent configuration of pbuilder-satisfydepends-dummy:
 pbuilder-satisfydepends-dummy depends on debhelper (>= 7); however:
  Package debhelper is not installed.
 pbuilder-satisfydepends-dummy depends on libnet-ssleay-perl (>= 1.35); however:
  Package libnet-ssleay-perl is not installed.
 pbuilder-satisfydepends-dummy depends on netbase; however:
  Package netbase is not installed.
 pbuilder-satisfydepends-dummy depends on libnet-libidn-perl; however:
  Package libnet-libidn-perl is not installed.
dpkg: error processing pbuilder-satisfydepends-dummy (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 pbuilder-satisfydepends-dummy
Reading package lists...
Building dependency tree...
Reading state information...
Initializing package states...
Writing extended state information...
The following NEW packages will be installed:
  bsdmainutils{a} debhelper{a} file{a} gettext{a} gettext-base{a} 
  groff-base{a} html2text{a} intltool-debian{a} libidn11{a} libmagic1{a} 
  libnet-libidn-perl{a} libnet-ssleay-perl{a} man-db{a} netbase{a} 
  po-debconf{a} 
The following partially installed packages will be configured:
  pbuilder-satisfydepends-dummy 
0 pa

Bug#536015: python-imaging-tk: python crashes on PIL.ImageTk.PhotoImage call

[David Soulayrol]

Package: python-imaging-tk
Version: 1.1.6-3
Severity: grave
Justification: renders package unusable

On a fresh new installed debian (using netinst with testing/unstable repos
from the start), I get a crash when running the Duo card game
(http://launchpad.net/duo).

The crash seems to occur only on a call from python-imaging-tk (1.1.6-3), but I 
did
not try too much python-imaging functions.

Here is a reproducer. Change 'image' with whatever image you have.

import Tkinter as tk
import PIL.Image
import PIL.ImageTk

canvas = tk.Canvas(None, bg = 'dark green', width = 600, height = 400)
img = PIL.Image.open('image')
img = img.rotate(90)
cache = PIL.ImageTk.PhotoImage(img)

Here is the backtrace I get.

Program terminated with signal 11, Segmentation fault.
#0  0xb67f437d in Tk_GetImageMasterData () from /usr/lib/libtk8.4.so.0
(gdb) bt
#0  0xb67f437d in Tk_GetImageMasterData () from /usr/lib/libtk8.4.so.0
#1  0xb68008ab in Tk_FindPhoto () from /usr/lib/libtk8.4.so.0
#2  0xb802fa92 in ?? () from /usr/lib/python2.5/site-packages/PIL/_imagingtk.so
#3  0x0902d208 in ?? ()
#4  0x0914b440 in ?? ()
#5  0xbfb25188 in ?? ()
#6  0xb79748b5 in Tcl_Alloc () from /usr/lib/libtcl8.5.so.0
#7  0xb6872dfe in TclInvokeStringCommand () from /usr/lib/libtcl8.4.so.0
#8  0xb796e881 in ?? () from /usr/lib/libtcl8.5.so.0
#9  0x091f31e8 in ?? ()
#10 0x0902d208 in ?? ()
#11 0x0003 in ?? ()
#12 0xbfb25368 in ?? ()
#13 0x0001 in ?? ()
#14 0xb6e82ed4 in ?? ()
#15 0x0008 in ?? ()
#16 0xb7cc2158 in ?? () from /usr/lib/python2.5/lib-dynload/_tkinter.so
#17 0xb7a281a9 in ?? () from /usr/lib/libtcl8.5.so.0
#18 0xb7a42da8 in ?? () from /usr/lib/libtcl8.5.so.0
#19 0xbfb252c8 in ?? ()
#20 0x in ?? ()
(gdb) 



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-imaging-tk depends on:
ii  libc6 2.9-19 GNU C Library: Shared libraries
ii  python2.5.4-2An interactive high-level object-o
ii  python-central0.6.11 register and build utility for Pyt
ii  python-imaging1.1.6-3Python Imaging Library
ii  python-tk 2.5.2-1.1  Tkinter - Writing Tk applications 
ii  tcl8.48.4.19-3   Tcl (the Tool Command Language) v8
ii  tk8.4 8.4.19-3   Tk toolkit for Tcl and X11, v8.4 -

python-imaging-tk recommends no packages.

Versions of packages python-imaging-tk suggests:
pn  python-imaging-doc (no description available)
pn  python-imaging-tk-dbg  (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#534973: stable updates

[Thijs Kinkhorst]

Hi Håkan,

> version 1:1.5.2-5 that I released to unstable is suitable for stable
> aswell. Prior to this bugfix unstable and stable both contained
> version 1:1.5.2-4. Attached is a patch with the fix. Do you want me to
> build it for stable aswell?

Thank you for getting in touch with us. Judging from the context in which this 
bug manifests itself, I think releasing a DSA for it is overkill. It happens 
when creating a new X-Face header, which is something you would do rarely,
mostly not with any random image you didn't check out before, always as an 
unprivileged user and what can happen is a crash of the conversion which is 
harly harmful. The security implications of this are very minor. Normally 
there's a process to fix minor security issues through a stable point update 
but I think this one is even too minor for that. It's great that testing and 
unstable are fixed for the future, but I propose that we just leave it at 
that and consider this case closed.

Thank you for getting sid/squeeze fixed quickly.


cheers,
Thijs


signature.asc
Description: This is a digitally signed message part.

Processed: remove tag until really tested

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # remove tag until patch ist really tested
> # not done yet
> tag 535946 - patch
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Tags were: patch security
Tags removed: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535855: [Python-modules-team] Bug#535855: ImportError: No module named _path

[Sandro Tosi]

severity 535855 normal
thanks

On Mon, Jul 6, 2009 at 00:23, Fabrice Silva wrote:
> Le dimanche 05 juillet 2009 à 13:33 -0400, Kumar Appaiah a écrit :
>> Works for me, though.
> It also works for me on two others computers. I don't understand why
> this machine raise this error...

So, as you just said, this is clearly a problem on that single
machine, nothing that grants a severity grave, therefore downgrading,

>> I don't see you missing any files, so it's quite strange. I'll let
>> Sandro comment, but still wonder if merely reinstalling the package
>> helps.
>
> I already purged the python-matplotlib package and reinstalled it

Sadly I don't see nothing at first sight to dependencies and other
stuff; you could try removing completely (rm -rf) these dirs:

/usr/lib/python*/site-packages/matplotlib
/usr/lib/pymodules/python*/matplotlib/

and then reinstall the package.

Let me know the outcome of this.

Cheers,
-- 
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: [Python-modules-team] Bug#535855: ImportError: No module named _path

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 535855 normal
Bug#535855: ImportError: No module named _path
Severity set to `normal' from `grave'

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Bug happens also in stable

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 536012 6.6-3lenny2
Bug#536012: drupal6: SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
Bug marked as found in version 6.6-3lenny2.

> --
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: unblock 477751 with 88010, forcibly merging 477751 88010

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unblock 477751 with 88010
Bug#88010: please consider catalog design change
Bug#477751: dh_installcatalogs: Don't readd catalog on every upgrade to the 
catalog
Was blocked by: 88010
Blocking bugs of 477751 removed: 88010

> forcemerge 477751 88010
Bug#477751: dh_installcatalogs: Don't readd catalog on every upgrade to the 
catalog
Bug#88010: please consider catalog design change
Forcibly Merged 88010 477751.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability fixed in 1.26

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 535946 + patch
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Tags were: security
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability fixed in 1.26

[Salvatore Bonaccorso]

tag 535946 + patch
thanks

Hi

On Mon, Jul 06, 2009 at 10:36:15AM +0100, Dominic Hargreaves wrote:
> Package: libio-socket-ssl-perl
> Version: 1.24-1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 1.26 (just uploaded to unstable) fixes what looks like a fairly serious
> security issue:
> 
> v1.26 2009.07.03
> - SECURITY BUGFIX! 
>   fix Bug in verify_hostname_of_cert where it matched only the prefix for 
>   the hostname when no wildcard was given, e.g. www.example.org matched
>   against a certificate with name www.exam in it
>   Thanks to MLEHMANN for reporting

I "backported" the changes from 1.25 to 1.26 from unstable to the 1.16
in Lenny:

---(snip)---
diff -urN libio-socket-ssl-perl-1.16.orig/SSL.pm 
libio-socket-ssl-perl-1.16/SSL.pm
--- libio-socket-ssl-perl-1.16.orig/SSL.pm  2009-07-06 21:10:48.0 
+0200
+++ libio-socket-ssl-perl-1.16/SSL.pm   2009-07-06 21:12:56.0 +0200
@@ -1036,7 +1036,7 @@
$ip4 = inet_aton( $identity ) or croak "'$identity' is 
not IPv4, but neither IPv6 nor hostname";
} else {
# assume hostname
-   if ( $identity !~m{^[a-zA-Z0-9-_\.]+$} ) {
+   if ( $identity !~m{^[\w\-\.]+$} ) {
$identity = idn_to_ascii($identity) or
croak "Warning: Given name '$identity' 
could not be converted to IDNA!";
}
@@ -1058,7 +1058,7 @@
} elsif ( $wtyp eq 'leftmost' and $name =~m{^\*(\..+)$} 
) {
$pattern = qr{^[\w\-]*\Q$1\E$}i;
} else {
-   $pattern = qr{^\Q$name}i;
+   $pattern = qr{^\Q$name\E$}i;
}
return $identity =~ $pattern;
};
diff -urN libio-socket-ssl-perl-1.16.orig/t/verify_hostname.t 
libio-socket-ssl-perl-1.16/t/verify_hostname.t
--- libio-socket-ssl-perl-1.16.orig/t/verify_hostname.t 2009-07-06 
21:10:48.0 +0200
+++ libio-socket-ssl-perl-1.16/t/verify_hostname.t  2009-07-06 
21:11:09.0 +0200
@@ -88,6 +88,7 @@
'www-13.lala.other.local' => [],
'smtp.mydomain.local' => [qw(smtp ldap www)],
'xn--lwe-sna.idntest.local' => [qw(smtp ldap www)],
+   'smtp.mydomain.localizing.useless.local' => [],
);
if ( $can_idn ) {
# check IDN handling
---(snap)---

This are the changes done by 1.25 to 1.26.

Kind regards
Salvatore


signature.asc
Description: Digital signature

Bug#536012: drupal6: SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

[Gunnar Wolf]

Package: drupal6
Version: 6.12-1
Severity: critical
Tags: security

SA-CORE-2009-007 was reported on July 1, 2009; it is fixed in the new
upstream version 6.13.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531386

Please note that the Drupal version in Lenny (6.6) is also vulnerable.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535435: marked as done ([drupal6] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 18:47:06 +
with message-id 
and subject line Bug#535435: fixed in drupal6 6.12-1.1
has caused the Debian Bug report #535435,
regarding [drupal6] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: drupal6
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---

Please upgrade Drupal6 because of the latest Drupal Core SA. Drupal5
seems to be affected as well.

- http://drupal.org/drupal-6.13
- http://drupal.org/node/507572

Thanks!
Ingo

--- System information. ---
Architecture: i386
Kernel:   Linux 2.6.30-1-686

Debian Release: squeeze/sid
  500 unstablewww.debian-multimedia.org
  500 unstableftp2.de.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Ciao...//  Fon: 0381-2744150
  Ingo   \X/   http://blog.windfluechter.net

gpg pubkey: http://www.juergensmann.de/ij_public_key.asc


--- End Message ---
--- Begin Message ---
Source: drupal6
Source-Version: 6.12-1.1

We believe that the bug you reported is fixed in the latest version of
drupal6, which is due to be installed in the Debian FTP archive:

drupal6_6.12-1.1.diff.gz
  to pool/main/d/drupal6/drupal6_6.12-1.1.diff.gz
drupal6_6.12-1.1.dsc
  to pool/main/d/drupal6/drupal6_6.12-1.1.dsc
drupal6_6.12-1.1_all.deb
  to pool/main/d/drupal6/drupal6_6.12-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde  (supplier of updated drupal6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 20:27:45 +0200
Source: drupal6
Binary: drupal6
Architecture: source all
Version: 6.12-1.1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano 
Changed-By: Nico Golde 
Description: 
 drupal6- a fully-featured content management framework
Closes: 535435
Changes: 
 drupal6 (6.12-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to fix:
 - XSS in the forum module
 - Input format access bypass via signatures
 - Password leakage via URLs
 (no CVE id yet; SA-CORE-2009-007; Closes: #535435).
Checksums-Sha1: 
 17d15b7f2a75323699eb0c3e5b2f65c12c6603a1 1123 drupal6_6.12-1.1.dsc
 4fb635dce0d43abf59f7f38321375193ea1cce71 19216 drupal6_6.12-1.1.diff.gz
 bcf7223c6361e0cda7e4f99b43489119779f6805 1109796 drupal6_6.12-1.1_all.deb
Checksums-Sha256: 
 474e83e44300133542decc2e48598d4c94f9bdf4c2bee74fa998df76ddaa3ccc 1123 
drupal6_6.12-1.1.dsc
 52ca2f19b31ed154c723bff1553fee4d74904f771e058c4d552839c76fe45e12 19216 
drupal6_6.12-1.1.diff.gz
 073254585f4220f3347c480b647d11e9b2310627e86398aa8abe06aca6beab90 1109796 
drupal6_6.12-1.1_all.deb
Files: 
 27a8b421fcb523bc51465bc2df6ce41a 1123 web extra drupal6_6.12-1.1.dsc
 70b27cfb05d2e909943c000e1a65faf5 19216 web extra drupal6_6.12-1.1.diff.gz
 b9b2e97d71348fc179dfc854f69b80d2 1109796 web extra drupal6_6.12-1.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSQzIACgkQHYflSXNkfP/hogCePjcmm4PldzxhCQgFOfA/pBqS
0mgAnijprXvXtzTLHcCc8FKNcZ6Gf4Nf
=krwT
-END PGP SIGNATURE-


--- End Message ---

Bug#535476: marked as done ([drupal5] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 18:47:04 +
with message-id 
and subject line Bug#535476: fixed in drupal5 5.18-1.1
has caused the Debian Bug report #535476,
regarding [drupal5] SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535476
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: drupal6
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org

--- Please enter the report below this line. ---

Please upgrade Drupal6 because of the latest Drupal Core SA. Drupal5
seems to be affected as well.

- http://drupal.org/drupal-6.13
- http://drupal.org/node/507572

Thanks!
Ingo

--- System information. ---
Architecture: i386
Kernel:   Linux 2.6.30-1-686

Debian Release: squeeze/sid
  500 unstablewww.debian-multimedia.org
  500 unstableftp2.de.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Ciao...//  Fon: 0381-2744150
  Ingo   \X/   http://blog.windfluechter.net

gpg pubkey: http://www.juergensmann.de/ij_public_key.asc


--- End Message ---
--- Begin Message ---
Source: drupal5
Source-Version: 5.18-1.1

We believe that the bug you reported is fixed in the latest version of
drupal5, which is due to be installed in the Debian FTP archive:

drupal5_5.18-1.1.diff.gz
  to pool/main/d/drupal5/drupal5_5.18-1.1.diff.gz
drupal5_5.18-1.1.dsc
  to pool/main/d/drupal5/drupal5_5.18-1.1.dsc
drupal5_5.18-1.1_all.deb
  to pool/main/d/drupal5/drupal5_5.18-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde  (supplier of updated drupal5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 20:24:02 +0200
Source: drupal5
Binary: drupal5
Architecture: source all
Version: 5.18-1.1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano 
Changed-By: Nico Golde 
Description: 
 drupal5- a fully-featured content management framework
Closes: 535476
Changes: 
 drupal5 (5.18-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to fix possible password leakage
 via URLs (no CVE id yet; SA-CORE-2009-007; Closes: #535476).
Checksums-Sha1: 
 56620ecf728edbe1a88610305fb1ec7056a840af 1125 drupal5_5.18-1.1.dsc
 6f580d50457ec9c52cc316b6362c8af8c7b21030 26917 drupal5_5.18-1.1.diff.gz
 177873d6fdfda280dc6ccf073f45a0a35325ada3 789086 drupal5_5.18-1.1_all.deb
Checksums-Sha256: 
 ad8d763410dd4e42b720ffb0a8af6add3d779cb734e17f5bd5340b55257d355b 1125 
drupal5_5.18-1.1.dsc
 74b4cead8fe7ac672130042d7dcfebc5165246061df2a4693f7809a5b5e8fe62 26917 
drupal5_5.18-1.1.diff.gz
 02c823cc2d176411f38ea9777e7d9a0ec79bed3dacceaf000f8a895e4f644694 789086 
drupal5_5.18-1.1_all.deb
Files: 
 2cd17da3887e05d42631656c807b1a80 1125 web extra drupal5_5.18-1.1.dsc
 1e60993bb37823a5d09933d6ca0196b9 26917 web extra drupal5_5.18-1.1.diff.gz
 812c3cd2855000bc22fc9d19c6b46fc0 789086 web extra drupal5_5.18-1.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSQzYACgkQHYflSXNkfP9/fgCgmoAUCYC76uFJkkSCfoOJbrRj
IB8An3hHzOlUpnVZY5nLQV57elbdSzTV
=lg87
-END PGP SIGNATURE-


--- End Message ---

Bug#535476: intent to NMU

[Nico Golde]

Hi,
attached is a patch for a 0-day NMU to fix this issue.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal5-5.18/debian/changelog drupal5-5.18/debian/changelog
--- drupal5-5.18/debian/changelog
+++ drupal5-5.18/debian/changelog
@@ -1,3 +1,11 @@
+drupal5 (5.18-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Apply upstream patch to fix possible password leakage
+via URLs (no CVE id yet; SA-CORE-2009-007; Closes: #535476).
+
+ -- Nico Golde   Mon, 06 Jul 2009 20:24:02 +0200
+
 drupal5 (5.18-1) unstable; urgency=low
 
   [ Luigi Gangitano ]
diff -u drupal5-5.18/debian/patches/00list drupal5-5.18/debian/patches/00list
--- drupal5-5.18/debian/patches/00list
+++ drupal5-5.18/debian/patches/00list
@@ -1,0 +2 @@
+20_SA-CORE-2009-007
only in patch2:
unchanged:
--- drupal5-5.18.orig/debian/patches/20_SA-CORE-2009-007.dpatch
+++ drupal5-5.18/debian/patches/20_SA-CORE-2009-007.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20_SA-CORE-2009-007.dpatch by Nico Golde 
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix password leakage in URL
+
+...@dpatch@
+diff -urNad drupal5-5.18~/includes/pager.inc drupal5-5.18/includes/pager.inc
+--- drupal5-5.18~/includes/pager.inc	2006-10-15 21:57:05.0 +0200
 drupal5-5.18/includes/pager.inc	2009-07-06 20:21:30.0 +0200
+@@ -85,7 +85,7 @@
+ function pager_get_querystring() {
+   static $string = NULL;
+   if (!isset($string)) {
+-$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
++$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
+   }
+   return $string;
+ }
+diff -urNad drupal5-5.18~/includes/tablesort.inc drupal5-5.18/includes/tablesort.inc
+--- drupal5-5.18~/includes/tablesort.inc	2007-06-17 00:29:25.0 +0200
 drupal5-5.18/includes/tablesort.inc	2009-07-06 20:21:30.0 +0200
+@@ -131,7 +131,7 @@
+  *   except for those pertaining to table sorting.
+  */
+ function tablesort_get_querystring() {
+-  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
++  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
+ }
+ 
+ /**
+diff -urNad drupal5-5.18~/modules/forum/forum.module drupal5-5.18/modules/forum/forum.module
+--- drupal5-5.18~/modules/forum/forum.module	2009-04-29 20:53:38.0 +0200
 drupal5-5.18/modules/forum/forum.module	2009-07-06 20:21:30.0 +0200
+@@ -833,6 +833,11 @@
+  * Menu callback; prints a forum listing.
+  */
+ function forum_page($tid = 0) {
++  if (!is_numeric($tid)) {
++return MENU_NOT_FOUND;
++  }
++  $tid = (int)$tid;
++
+   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
+   $forum_per_page = variable_get('forum_per_page', 25);
+   $sortby = variable_get('forum_order', 1);


pgpPL1xLxaAN4.pgp
Description: PGP signature

Bug#535435: intent to NMU

[Nico Golde]

Hi,
attached is a patch for a 0-day NMU to fix this issue.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u drupal6-6.12/debian/changelog drupal6-6.12/debian/changelog
--- drupal6-6.12/debian/changelog
+++ drupal6-6.12/debian/changelog
@@ -1,3 +1,14 @@
+drupal6 (6.12-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Apply upstream patch to fix:
+- XSS in the forum module
+- Input format access bypass via signatures
+- Password leakage via URLs
+(no CVE id yet; SA-CORE-2009-007; Closes: #535435).
+
+ -- Nico Golde   Mon, 06 Jul 2009 20:27:45 +0200
+
 drupal6 (6.12-1) unstable; urgency=low
 
   [ Luigi Gangitano ]
diff -u drupal6-6.12/debian/patches/00list drupal6-6.12/debian/patches/00list
--- drupal6-6.12/debian/patches/00list
+++ drupal6-6.12/debian/patches/00list
@@ -1,0 +2 @@
+20_SA-CORE-2009-007
only in patch2:
unchanged:
--- drupal6-6.12.orig/debian/patches/20_SA-CORE-2009-007.dpatch
+++ drupal6-6.12/debian/patches/20_SA-CORE-2009-007.dpatch
@@ -0,0 +1,202 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20_SA-CORE-2009-007.dpatch by Nico Golde 
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: SA-CORE-2009-007 various security issues
+
+...@dpatch@
+diff -urNad drupal6-6.12~/includes/pager.inc drupal6-6.12/includes/pager.inc
+--- drupal6-6.12~/includes/pager.inc	2007-12-06 10:58:30.0 +0100
 drupal6-6.12/includes/pager.inc	2009-07-06 20:26:04.0 +0200
+@@ -85,7 +85,7 @@
+ function pager_get_querystring() {
+   static $string = NULL;
+   if (!isset($string)) {
+-$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
++$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
+   }
+   return $string;
+ }
+diff -urNad drupal6-6.12~/includes/tablesort.inc drupal6-6.12/includes/tablesort.inc
+--- drupal6-6.12~/includes/tablesort.inc	2008-01-04 10:31:48.0 +0100
 drupal6-6.12/includes/tablesort.inc	2009-07-06 20:26:04.0 +0200
+@@ -136,7 +136,7 @@
+  *   except for those pertaining to table sorting.
+  */
+ function tablesort_get_querystring() {
+-  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
++  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
+ }
+ 
+ /**
+diff -urNad drupal6-6.12~/modules/comment/comment.module drupal6-6.12/modules/comment/comment.module
+--- drupal6-6.12~/modules/comment/comment.module	2009-05-13 19:15:10.0 +0200
 drupal6-6.12/modules/comment/comment.module	2009-07-06 20:26:04.0 +0200
+@@ -936,7 +936,7 @@
+ 
+ if ($cid && is_numeric($cid)) {
+   // Single comment view.
+-  $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d';
++  $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d';
+   $query_args = array($cid);
+   if (!user_access('administer comments')) {
+ $query .= ' AND c.status = %d';
+@@ -957,7 +957,7 @@
+ else {
+   // Multiple comment view
+   $query_count = 'SELECT COUNT(*) FROM {comments} c WHERE c.nid = %d';
+-  $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d';
++  $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d';
+ 
+   $query_args = array($nid);
+   if (!user_access('administer comments')) {
+@@ -1468,7 +1468,7 @@
+   $output = '';
+ 
+   if ($edit['pid']) {
+-$comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
++$comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status 

Processed: Re: initscripts: System doesn't boot when serial console and bootlogd enabled

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 522211 + help
Bug#522211: initscripts: System doesn't boot when serial console and bootlogd 
enabled
There were no tags set.
Tags added: help

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#522211: initscripts: System doesn't boot when serial console and bootlogd enabled

[Petter Reinholdtsen]

tag 522211 + help
thanks

I need help from someone with knowledge about the bootlogd feature to
solve this issue.  Please submit patches or information on how to
solve it.

Happy hacking,
-- 
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: fixed 529773 in 0.8.1-4

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 529773 0.8.1-4
Bug#529773: libghc6-xmonad-dev can't be upgraded due to unsatisfiable 
dependencies
Bug marked as fixed in version 0.8.1-4.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535818: xdialog segfaults

[Stephan Fuhrmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alexander Reichle-Schmehl schrieb:

Hi,

> I talked to the GNOME maintainers, and they think the problem might be
> missing xfonts-100dpi or xfonts-75dpi packages. Can you confirm this?  Has
> the working computer these packages installed while the other one has not?

On both machines both packages are "install ok installed". They are also
in the font path.

Any more ideas?

Stephan
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpSLC0ACgkQlcbUKWZjlxpHbACeK2RZRE4mD46AdVWkpuAz4zIE
It0An3fDNI4rgSEGJycryfJysc6mZpqn
=w3pK
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535981: (pas de sujet)

[Rafik Chaabouni]

Apparently I managed to obtain more detail:

The bug comes from NFS and not iceweasel directly. I have a nis/nfs
account installed in the machine, a local user account and the root. I
checked with the local user account and iceweasel works.
I'll continue looking in to this but you might want to change the
gravity of the bug...

Cheers,
Rafik



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535835: marked as done (libdevel-nytprof-perl: FTBFS: libtest-simple-perl is a virtual package)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 16:17:08 +
with message-id 
and subject line Bug#535835: fixed in libdevel-nytprof-perl 2.10-2
has caused the Debian Bug report #535835,
regarding libdevel-nytprof-perl: FTBFS: libtest-simple-perl is a virtual package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535835
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libdevel-nytprof-perl
Version: 2.10-1
Severity: serious

Hi,

There was an error while trying to autobuild your package:

> Automatic build of libdevel-nytprof-perl_2.10-1 on excelsior by sbuild/amd64 
> 98
> Build started at 20090705-1305

[...]

> Build-Depends: debhelper (>= 7), perl (>= 5.6.10-12), libtest-pod-perl, 
> quilt, zlib1g-dev, libtest-simple-perl (>= 0.82)

[...]

> dpkg-checkbuilddeps: Unmet build dependencies: libtest-simple-perl (>= 0.82)

The problem is that libtest-simple-perl is both a real package,
and a virtual package provided by perl-modules.  You can't have
a versioned depedency on virtual package.

Maybe perl-modules shouldn't provide libtest-simple-perl?


Kurt



--- End Message ---
--- Begin Message ---
Source: libdevel-nytprof-perl
Source-Version: 2.10-2

We believe that the bug you reported is fixed in the latest version of
libdevel-nytprof-perl, which is due to be installed in the Debian FTP archive:

libdevel-nytprof-perl_2.10-2.diff.gz
  to pool/main/libd/libdevel-nytprof-perl/libdevel-nytprof-perl_2.10-2.diff.gz
libdevel-nytprof-perl_2.10-2.dsc
  to pool/main/libd/libdevel-nytprof-perl/libdevel-nytprof-perl_2.10-2.dsc
libdevel-nytprof-perl_2.10-2_i386.deb
  to pool/main/libd/libdevel-nytprof-perl/libdevel-nytprof-perl_2.10-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann  (supplier of updated libdevel-nytprof-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 18:06:58 +0200
Source: libdevel-nytprof-perl
Binary: libdevel-nytprof-perl
Architecture: source i386
Version: 2.10-2
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group 
Changed-By: gregor herrmann 
Description: 
 libdevel-nytprof-perl - Perl statement and subroutine code profiler
Closes: 535835
Changes: 
 libdevel-nytprof-perl (2.10-2) unstable; urgency=low
 .
   * Add patch test_more.patch by Niko Tyni: allows to build with older
 versions of Test::More; remove build dependency on libtest-simple-perl
 >= 0.82; thanks to Kurt Roeckx for the bug report (closes: #535835).
Checksums-Sha1: 
 7f084a6113b4c05b19f3df08855d78005a4679b4 1458 libdevel-nytprof-perl_2.10-2.dsc
 64918ce1e3f36eaf19083d420b441cb9fa051369 4299 
libdevel-nytprof-perl_2.10-2.diff.gz
 2436ef0d9ab2984c134abe5c6fd139a31b270cef 194880 
libdevel-nytprof-perl_2.10-2_i386.deb
Checksums-Sha256: 
 c8ac17316c4b1f751e69fc549582b5c2e43b9c1e808373bbff112e344053e885 1458 
libdevel-nytprof-perl_2.10-2.dsc
 ecb19dbc1945e96e89cbf94e67c3210e9b54caca2cac421e43df5d4f6bee7f78 4299 
libdevel-nytprof-perl_2.10-2.diff.gz
 adc83d3b107a87f3d6c4f26340e1df17b57f317ffa8fa544098c63b99ff46bf6 194880 
libdevel-nytprof-perl_2.10-2_i386.deb
Files: 
 52828ce9353f958bcab4471cc98260ab 1458 perl optional 
libdevel-nytprof-perl_2.10-2.dsc
 ca7ba9711ef67f266fe9963fccf33836 4299 perl optional 
libdevel-nytprof-perl_2.10-2.diff.gz
 338e53b9acc0f796c64efe49c16c2796 194880 perl optional 
libdevel-nytprof-perl_2.10-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpSIgwACgkQOzKYnQDzz+Rb4QCbBVNsj/XduIRMmkj2j7e9jU3r
EXwAn1T3CnKFeAoo98o28DNvlXbV1FgR
=jm3F
-END PGP SIGNATURE-


--- End Message ---

Bug#535835: Bug in libdevel-nytprof-perl fixed in revision 39414

[pkg-perl-maintainers]

tag 535835 + pending
thanks

Some bugs are closed in revision 39414
by Gregor Herrmann (gregoa)

Commit message:

Add patch test_more.patch by Niko Tyni: allows to build with older
versions of Test::More; remove build dependency on libtest-simple-perl 
>= 0.82; thanks to Kurt Roeckx for the bug report (closes: #535835).



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Bug in libdevel-nytprof-perl fixed in revision 39414

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 535835 + pending
Bug#535835: libdevel-nytprof-perl: FTBFS: libtest-simple-perl is a virtual 
package
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535835: libdevel-nytprof-perl: FTBFS: libtest-simple-perl is a virtual package

[gregor herrmann]

On Mon, 06 Jul 2009 10:41:08 +0300, Niko Tyni wrote:

> > > Please note that this sbuild bug was discussed and finally fixed in
> > > July 2008: #395271
> > So I guess you'll have to wait until all arches switch to the new
> > sbuild it that case.  It's only in use on some arches.
> Agreed.

Let's hope this happens in the not-so-distant future ...
 
> Here's a patch that makes it build with an older Test::More in the
> meantime, fixing

Cool, thanks!
 
Applied & uploaded.

Cheers,
gregor 
-- 
 .''`.   http://info.comodo.priv.at/ -- GPG Key IDs: 0x00F3CFE4, 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
   `-NP: JBO: Schlumpfozid im Stadtgebiet


signature.asc
Description: Digital signature

Processed: Re: dak: should this package be removed?

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> clone 449429 -1
Bug#449429: dak: should this package be removed?
Bug 449429 cloned as bug 535986.

> reassign -1 ftp.debian.org
Bug#535986: dak: should this package be removed?
Bug reassigned from package `dak' to `ftp.debian.org'.

> retitle -1 RM: dak -- RoQA; old, unmaintained, 6 NMUs, unusable as-is
Bug#535986: dak: should this package be removed?
Changed Bug title to `RM: dak -- RoQA; old, unmaintained, 6 NMUs, unusable 
as-is' from `dak: should this package be removed?'.

> severity -1 normal
Bug#535986: RM: dak -- RoQA; old, unmaintained, 6 NMUs, unusable as-is
Severity set to `normal' from `serious'

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#449429: dak: should this package be removed?

[Raphael Geissert]

clone 449429 -1
reassign -1 ftp.debian.org
retitle -1 RM: dak -- RoQA; old, unmaintained, 6 NMUs, unusable as-is
severity -1 normal
thanks

Given the current state of the package, and to save everybody's time (people 
sending emails, people reading them, people ignoring them, etc) it would be 
easier to remove dak from the archive.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


signature.asc
Description: This is a digitally signed message part.

Bug#515292: marked as done (Depends on GTK 1.2 and GLIB 1.2)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 16:37:15 +0100
with message-id <4a521a2b.2080...@p10link.net>
and subject line re: Depends on GTK 1.2 and GLIB 1.2
has caused the Debian Bug report #515292,
regarding Depends on GTK 1.2 and GLIB 1.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
515292: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gpsim-led
Severity: serious

gpsim-led build-depends on libgtk1.2-dev and libglib1.2-dev, which will be
removed for Squeeze.

Please port it to GTK 2 or request it's removal.

Cheers,
Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages gpsim-led depends on:
pn  gpsim  (no description available)
ii  libc6 2.7-18 GNU C Library: Shared libraries
ii  libgcc1   1:4.3.3-1  GCC support library
ii  libglib1.2ldbl1.2.10-19  The GLib library of C routines
pn  libgtk1.2  (no description available)
ii  libstdc++64.3.3-1The GNU Standard C++ Library v3
ii  libx11-6  2:1.1.5-2  X11 client-side library
ii  libxext6  2:1.0.4-1  X11 miscellaneous extension librar
ii  libxi62:1.1.4-1  X11 Input extension library

gpsim-led recommends no packages.

gpsim-led suggests no packages.


--- End Message ---
--- Begin Message ---

Source: gpsim-led
Source-Version: 0.22.0~rc3-2.1


This bug was closed correctly (by it's submitter), incorrectly closed a 
second time by a bugnumber typo and then reopened by someone trying to 
correct that typo.


Reclosing with the correct version info.

--- End Message ---

Bug#535981: iceweasel launches only in root mode

[Rafik]

Package: iceweasel
Version: 3.0.6-1
Severity: grave
Justification: renders package unusable

I am installing several new machines (such as processor intel core 2 quad 
x86_64).
I did the standard netinst with a "Debian 5.0.2 amd" netinst CD.
When done I try to launch Iceweasel (3.0.6) from a normal user login and 
nothing happens. I tried to run it as root and it works.
I have the same error on 3 different machines (all new installations). I 
checked write permissions for .mozilla and they are 700.
I tried to set it to 777 but didn't change anything...

and here is the output of iceweasel -g
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(gdb) set pagination off
(gdb) run
Starting program: /usr/lib/iceweasel/firefox-bin -a iceweasel
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
Error while reading shared library symbols:
Cannot find new threads: generic error
Cannot find new threads: generic error
(gdb) bt full
#0  0xb7f366e1 in _dl_debug_state () from /lib/ld-linux.so.2
No symbol table info available.
#1  0xb7f39c12 in ?? () from /lib/ld-linux.so.2
No symbol table info available.
#2  0x in ?? ()
No symbol table info available.



-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages iceweasel depends on:
ii  debianutils 2.30 Miscellaneous utilities specific t
ii  fontconfig  2.6.0-3  generic font configuration library
ii  libc6   2.7-18   GNU C Library: Shared libraries
ii  libglib2.0-02.16.6-2 The GLib library of C routines
ii  libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface 
ii  libnspr4-0d 4.7.1-4  NetScape Portable Runtime Library
ii  libstdc++6  4.3.2-1.1The GNU Standard C++ Library v3
ii  procps  1:3.2.7-11   /proc file system utilities
ii  psmisc  22.6-1   Utilities that use the proc filesy
ii  xulrunner-1.9   1.9.0.11-0lenny1 XUL + XPCOM application runner

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  latex-xft-fonts(no description available)
ii  libkrb531.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
pn  mozplugger (no description available)
pn  ttf-mathematica(no description available)
pn  xfonts-mathml  (no description available)
pn  xprint (no description available)
ii  xulrunner-1.9-g 1.9.0.11-0lenny1 Support for GNOME in xulrunner app

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535968: asterisk: Recording speed too fast with BRI cards

[Fotos Georgiadis]

On Jul 6, 2009, at 17:43 , Tzafrir Cohen wrote:

I attach the patch from the bug report. It applies to our Lenny  
package.

I have not checked any further.


I can confirm that the patch applies cleanly in Lenny and that the patch
indeed solves the problem (as reported and in the upstream issue  
report).


IMHO this is a serious bug that results in unusable recordings when  
using BRI ISDN cards (common setup).


-fotos



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535968: asterisk: Recording speed too fast with BRI cards

[Tzafrir Cohen]

On Mon, Jul 06, 2009 at 03:44:02PM +0300, Fotos Georgiadis wrote:
> 
> Recorded calls using MixMonitor() result in data loss,
> since the recordings are (recorded and) played back at high speed.
> 
> You won't know of this data loss unless you try to recover
> one of the recordings (and then it's too late).
> 
> Fixed upstream (https://issues.asterisk.org/view.php?id=13005)

This issue appears at first glance (from looking at the bug report) to
be specific to 1.4. That is: to the version in Lenny, and thus not to
apply to the version in Squeeze.

I attach the patch from the bug report. It applies to our Lenny package.
I have not checked any further.

-- 
   Tzafrir Cohen
icq#16849755  jabber:tzafrir.co...@xorcom.com
+972-50-7952406   mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com  iax:gu...@local.xorcom.com/tzafrir
commit 4f7500247c2eab9642b08afbb1fd609b52224fbf
Author: mmichelson 
Date:   Tue Oct 14 23:00:01 2008 +

Add a tolerance period for sync-triggered audiohooks
so that if packetization of audio is close (but not equal)
we don't end up flushing the audiohooks over small
inconsistencies in synchronization.

Related to issue #13005, and solves the issue
for most people who were experiencing the problem.
However, a small number of people are still experiencing
the problem on long calls, so I am not closing
the issue yet



git-svn-id: http://svn.digium.com/svn/asterisk/branches/1...@149204 f38db490-d61c-443f-a65b-d21fe96a405b

diff --git a/include/asterisk/audiohook.h b/include/asterisk/audiohook.h
index 5f79d83..3375906 100644
--- a/include/asterisk/audiohook.h
+++ b/include/asterisk/audiohook.h
@@ -56,6 +56,8 @@ enum ast_audiohook_flags {
 	AST_AUDIOHOOK_TRIGGER_SYNC = (1 << 2),  /*!< Audiohook wants to be triggered when both sides have combined audio available */
 };
 
+#define AST_AUDIOHOOK_SYNC_TOLERANCE 100 /*< Tolerance in milliseconds for audiohooks synchronization */
+
 struct ast_audiohook;
 
 /*! \brief Callback function for manipulate audiohook type
diff --git a/main/audiohook.c b/main/audiohook.c
index 809c176..f15395b 100644
--- a/main/audiohook.c
+++ b/main/audiohook.c
@@ -130,12 +130,19 @@ int ast_audiohook_write_frame(struct ast_audiohook *audiohook, enum ast_audiohoo
 	struct ast_slinfactory *factory = (direction == AST_AUDIOHOOK_DIRECTION_READ ? &audiohook->read_factory : &audiohook->write_factory);
 	struct ast_slinfactory *other_factory = (direction == AST_AUDIOHOOK_DIRECTION_READ ? &audiohook->write_factory : &audiohook->read_factory);
 	struct timeval *time = (direction == AST_AUDIOHOOK_DIRECTION_READ ? &audiohook->read_time : &audiohook->write_time), previous_time = *time;
+	int our_factory_ms;
+	int other_factory_samples;
+	int other_factory_ms;
 
 	/* Update last feeding time to be current */
 	*time = ast_tvnow();
 
+	our_factory_ms = ast_tvdiff_ms(*time, previous_time) + (ast_slinfactory_available(factory) / 8);
+	other_factory_samples = ast_slinfactory_available(other_factory);
+	other_factory_ms = other_factory_samples / 8;
+
 	/* If we are using a sync trigger and this factory suddenly got audio fed in after a lapse, then flush both factories to ensure they remain in sync */
-	if (ast_test_flag(audiohook, AST_AUDIOHOOK_TRIGGER_SYNC) && ast_slinfactory_available(other_factory) && (ast_tvdiff_ms(*time, previous_time) > (ast_slinfactory_available(other_factory) / 8))) {
+	if (ast_test_flag(audiohook, AST_AUDIOHOOK_TRIGGER_SYNC) && other_factory_samples && (our_factory_ms - other_factory_ms > AST_AUDIOHOOK_SYNC_TOLERANCE)) {
 		if (option_debug)
 			ast_log(LOG_DEBUG, "Flushing audiohook %p so it remains in sync\n", audiohook);
 		ast_slinfactory_flush(factory);

Bug#535818: xdialog segfaults

[Alexander Reichle-Schmehl]

Hi!

Alexander Reichle-Schmehl schrieb:

>> I can start Xdialog on a different Lenny machine and it works nicely. Do
>> you have any suggestions?
> Do you know any differences between the working machine and the non working
> one? Especially regarding bug-buddy?

I talked to the GNOME maintainers, and they think the problem might be
missing xfonts-100dpi or xfonts-75dpi packages. Can you confirm this?  Has
the working computer these packages installed while the other one has not?


Best regards,
  Alexander



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535952: xprint: Xprt can't find symbol PrinterFontRegisterFpeFunctions and fails to start

[Phil Endecott]

Hi Julien,

Julien Cristau wrote:

xprint support was removed from libXfont.


I see.  I guess I should work out why; there have obviously been some 
developments that I have not been following carefully enough.  (This 
machine has been in "not broken don't fix it" mode for a long time, and 
now whenever I do need to change something small it seems to ripple 
out, breaking other stuff like this.)



We should add a Breaks:
xprint to the libxfont1 package, as it doesn't look like xprint will be
coming back.


Right.  For the recond, "apt-get install libXfont1/stable" seems to 
have cured the problem without any immediately-obvious side effects.



Thanks,  Phil.






--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535818: xdialog segfaults

[Alexander Reichle-Schmehl]

Hi Stephan!

Stephan Fuhrmann schrieb:

>> I'm sorry, but I fail to reproduce your problem here.  Xdialog works in
>> my local etch chroot without any problems with out without having
> Etch? I'm running Lenny!

Sorry, my fault: Used the right version but wrote the wrong one.


>> ldd $(which Xdialog)
> ~$ ldd $(which Xdialog)
>   linux-gate.so.1 =>  (0xb7f08000)
>   libgtk-1.2.so.0 => /usr/lib/libgtk-1.2.so.0 (0xb7da1000)
>   libgdk-1.2.so.0 => /usr/lib/libgdk-1.2.so.0 (0xb7d69000)
>   libgmodule-1.2.so.0 => /usr/lib/libgmodule-1.2.so.0 (0xb7d66000)
>   libglib-1.2.so.0 => /usr/lib/libglib-1.2.so.0 (0xb7d4)
>   libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7d3c000)
>   libXi.so.6 => /usr/lib/libXi.so.6 (0xb7d34000)
>   libXext.so.6 => /usr/lib/libXext.so.6 (0xb7d25000)
>   libX11.so.6 => /usr/lib/libX11.so.6 (0xb7c36000)
>   libm.so.6 => /lib/i686/cmov/libm.so.6 (0xb7c1)
>   libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7ab5000)
>   /lib/ld-linux.so.2 (0xb7f09000)
>   libXau.so.6 => /usr/lib/libXau.so.6 (0xb7ab2000)
>   libxcb-xlib.so.0 => /usr/lib/libxcb-xlib.so.0 (0xb7aaf000)
>   libxcb.so.1 => /usr/lib/libxcb.so.1 (0xb7a97000)
>   libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0xb7a92000)

Yes, that looks pretty much as it should. Good... Or bad, since I don't
know, what's the problem causing.


> I can start Xdialog on a different Lenny machine and it works nicely. Do
> you have any suggestions?

Do you know any differences between the working machine and the non working
one? Especially regarding bug-buddy?

Best regards,
  Alexander



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: reopening 480899, found 480899 in 0.143, severity of 480899 is serious, tagging 480899

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 480899
Bug#480899: incomplete split prevents installation of cdebconf-gtk
Bug is already open, cannot reopen.

> found 480899 0.143
Bug#480899: incomplete split prevents installation of cdebconf-gtk
Bug marked as found in version 0.143.

> severity 480899 serious
Bug#480899: incomplete split prevents installation of cdebconf-gtk
Severity set to `serious' from `wishlist'

> tags 480899 + patch
Bug#480899: incomplete split prevents installation of cdebconf-gtk
There were no tags set.
Tags added: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535968: asterisk: Recording speed too fast with BRI cards

[Fotos Georgiadis]

Package: asterisk
Version: 1:1.4.21.2~dfsg-3
Severity: grave
Tags: fixed-upstream
Justification: causes non-serious data loss

Recorded calls using MixMonitor() result in data loss,
since the recordings are (recorded and) played back at high speed.

You won't know of this data loss unless you try to recover
one of the recordings (and then it's too late).

Fixed upstream (https://issues.asterisk.org/view.php?id=13005)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#519165: [Fwd: Bug#519165: bash 4 regression]

[martin f krafft]

also sprach Chet Ramey  [2009.07.03.1952 +0200]:
> There is, in fact a de facto standard, but the bash4 behavior is
> what the Bourne and Korn shells have always done.  In fact, the only
> way Martin's statement is true is if "all other shells" means "dash",
> since that's the only other shell I found that doesn't apply set -u to
> $@ and $*.
> 
> A partial list of shells that honor set -u when expanding $@ and $*:
> 
> bash4
> all versions of the bourne shell from v7 to svr4.2
> all versions of the korn shell
> pdksh and variants like mksh and posh
> ash and its descendents except dash

zsh.

> > We can debate this issue ad mortem infinitumque (but let's not).
> > Fact is that this is a regression, which upstream camouflaged as
> > a bug fix, when instead there should have been a deprecation
> > period. Expecting everyone to change their scripts to work
> > around bash's eclectic interpretation of $@/$* is not the way
> > forward.
> 
> Beautiful language, but incorrect.  The current bash4 behavior is
> not an "eclectic interpretation," but consistent with how shells
> have historically behaved.

Fine, if the standards group comes up with a standard on this, by
all means. But there really ought to be a deprecation period.

-- 
 .''`.   martin f. krafft   Related projects:
: :'  :  proud Debian developer   http://debiansystem.info
`. `'`   http://people.debian.org/~madduckhttp://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems


digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Bug#530271: marked as done (CVE-2009-1732, CVE-2009-1733)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 10:02:10 +
with message-id 
and subject line Bug#530271: fixed in ipplan 4.91a-1.1
has caused the Debian Bug report #530271,
regarding CVE-2009-1732, CVE-2009-1733
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
530271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipplan
Severity: serious
Tags: security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ipplan.

CVE-2009-1732[0]:
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan
| 4.91a allows remote attackers to inject arbitrary web script or HTML
| via the grp parameter.

CVE-2009-1733[1]:
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows
| remote attackers to hijack the authentication of administrators for
| requests that (1) change the password, (2) add users, or (3) delete
| users via unknown vectors.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1732
http://security-tracker.debian.net/tracker/CVE-2009-1732
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1733
http://security-tracker.debian.net/tracker/CVE-2009-1733

http://holisticinfosec.org/content/view/113/45/


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoYFsYACgkQNxpp46476apd+gCgnDQjebQhF8gaVx/CkQG4Uh1j
uN0An1q5D7MPVsn5wkC4pxidK5uVTuG7
=AFso
-END PGP SIGNATURE-


--- End Message ---
--- Begin Message ---
Source: ipplan
Source-Version: 4.91a-1.1

We believe that the bug you reported is fixed in the latest version of
ipplan, which is due to be installed in the Debian FTP archive:

ipplan_4.91a-1.1.diff.gz
  to pool/main/i/ipplan/ipplan_4.91a-1.1.diff.gz
ipplan_4.91a-1.1.dsc
  to pool/main/i/ipplan/ipplan_4.91a-1.1.dsc
ipplan_4.91a-1.1_all.deb
  to pool/main/i/ipplan/ipplan_4.91a-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 530...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris  (supplier of updated ipplan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 08:09:24 +
Source: ipplan
Binary: ipplan
Architecture: source all
Version: 4.91a-1.1
Distribution: unstable
Urgency: high
Maintainer: Jan Wagner 
Changed-By: Steffen Joeris 
Description: 
 ipplan - web-based IP address manager and tracker
Closes: 530271
Changes: 
 ipplan (4.91a-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix cross-site scripting vulnerability, which can be exploited via
 the userid, userdescrip, useremail, grp and grpdescrip parameters
 (Closes: #530271)
 Fixes: CVE-2009-1732
Checksums-Sha1: 
 9b832a957c1354caaa9d79da4bd89563aff383a9 1124 ipplan_4.91a-1.1.dsc
 aa5360438d891bd69184f42902521f750c2583d8 23627 ipplan_4.91a-1.1.diff.gz
 c694b176145fa792db2e35f202fcbeef8b7e0322 788768 ipplan_4.91a-1.1_all.deb
Checksums-Sha256: 
 5441985020f57b802941298db27f672dc6ef12b677014874eb4ff04636953316 1124 
ipplan_4.91a-1.1.dsc
 cb0fef9b18360ce5999b13014ccf13a9b832325891ef4897477d96d1c2516186 23627 
ipplan_4.91a-1.1.diff.gz
 486d0aebdfaa3d6e11c008d5fe897036a8041db307d2446f4189364f0ce24731 788768 
ipplan_4.91a-1.1_all.deb
Files: 
 854b9e23d8ecb9016020e5ad45fbddc7 1124 web optional ipplan_4.91a-1.1.dsc
 836743adf47d7d76c3ef475f252bbfe0 23627 web optional ipplan_4.91a-1.1.diff.gz
 ad2f14853f183c6276a07c5c955d6da9 788768 web optional ipplan_4.91a-1.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpRyWgACgkQ62zWxYk/rQccTwCeJW5tSznr81a1nuJdNBRUyOR8
kokAoLUNCOEjfXJcAK+FsazbugwBGR2z
=jf+U
-END PGP SIGNATURE-


--- End Message ---

Bug#525722: marked as done (spout: Segfaults shortly after starting to play)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 10:17:06 +
with message-id 
and subject line Bug#525722: fixed in spout 1.3-2
has caused the Debian Bug report #525722,
regarding spout: Segfaults shortly after starting to play
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
525722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525722
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: spout
Version: 1.3-1
Severity: normal

spout segfaults after starting to play and moving up about half a
screen.

I grabbed the source, built it, and ran it under gdb, and found that the
segfault occurred on one of the many lines referencing sintable[mR],
with mR having grown well past the size of sintable.

- Josh Triplett

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages spout depends on:
ii  libc62.9-7   GNU C Library: Shared libraries
ii  libsdl1.2debian  1.2.13-4+b1 Simple DirectMedia Layer

spout recommends no packages.

spout suggests no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: spout
Source-Version: 1.3-2

We believe that the bug you reported is fixed in the latest version of
spout, which is due to be installed in the Debian FTP archive:

spout_1.3-2.diff.gz
  to pool/main/s/spout/spout_1.3-2.diff.gz
spout_1.3-2.dsc
  to pool/main/s/spout/spout_1.3-2.dsc
spout_1.3-2_amd64.deb
  to pool/main/s/spout/spout_1.3-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 525...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gürkan Sengün  (supplier of updated spout package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 09:36:48 +0200
Source: spout
Binary: spout
Architecture: source amd64
Version: 1.3-2
Distribution: unstable
Urgency: low
Maintainer: Gürkan Sengün 
Changed-By: Gürkan Sengün 
Description: 
 spout  - Tiny abstract black and white 2D cave-shooter
Closes: 525722 525723
Changes: 
 spout (1.3-2) unstable; urgency=low
 .
   * Fix segfault on 64 bit builds. (Closes: #525722)
 Many thanks to Josh Tripplet and Steve Cotton.
 (sed -i "s,unsigned long,uint32_t,g" spout.c)
   * Bump standards version.
   * Update debian/copyright.
   * Document command line options in manpage. (Closes: #525723)
   * debian/rules: drop dh_desktop call.
Checksums-Sha1: 
 a63a67a4fb6cebecd43bff85e943d87a8c815cfc 1063 spout_1.3-2.dsc
 62d8be6b99ed3be5016e89e285087cda5ceefa71 4020 spout_1.3-2.diff.gz
 2550aec634bb8a5c11ca807f55eea65a3e5a69d1 16240 spout_1.3-2_amd64.deb
Checksums-Sha256: 
 9d94c24a86e567abb09bd722f4386870f13ab15f616e1be5a7dae84615d47f69 1063 
spout_1.3-2.dsc
 74067c919b38f30a50083a1256d4c201c8b7a9d11feeb0f05bedb2c69cb9815b 4020 
spout_1.3-2.diff.gz
 ee674f0cfea553faa1f520aac2c57a294a6a32b3354fa4ebb9e28424797709f8 16240 
spout_1.3-2_amd64.deb
Files: 
 9fd62b1e77faff93ba54ac3821e2bd60 1063 games optional spout_1.3-2.dsc
 649b9c8aa1052adaa9a9d9db4aa723a8 4020 games optional spout_1.3-2.diff.gz
 2d68ef7dc07579cb41925516e5fc8e3e 16240 games optional spout_1.3-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iJwEAQECAAYFAkpRzDcACgkQ0sfeulffv7vw/gQAtd/pF4JO/FbpaWYeQ3eGJ9qD
MDnsFpwoLO8ZMmU3hW/BdvH/LKmhB2G7DfTwUIWtv21BXDBIF4lIOReCBLAMoA7t
mdfrQoFbdmlHQAMFMRWT6Lr724AU0HJfHX0dRYFigSbrX1Wdc4vwAgisuV5+MCX3
KeROfckZvacUgVPSjbE=
=6pPj
-END PGP SIGNATURE-


--- End Message ---

Bug#530271: NMU patch

[Steffen Joeris]

Hi

Please find the NMU patch attached.

Cheers
Steffen
diff -u ipplan-4.91a/debian/changelog ipplan-4.91a/debian/changelog
--- ipplan-4.91a/debian/changelog
+++ ipplan-4.91a/debian/changelog
@@ -1,3 +1,13 @@
+ipplan (4.91a-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix cross-site scripting vulnerability, which can be exploited via
+the userid, userdescrip, useremail, grp and grpdescrip parameters
+(Closes: #530271)
+Fixes: CVE-2009-1732
+
+ -- Steffen Joeris   Mon, 06 Jul 2009 08:09:24 +
+
 ipplan (4.91a-1) unstable; urgency=low
 
   * new upstream release
diff -u ipplan-4.91a/debian/patches/00list ipplan-4.91a/debian/patches/00list
--- ipplan-4.91a/debian/patches/00list
+++ ipplan-4.91a/debian/patches/00list
@@ -1,0 +2 @@
+CVE-2009-1732-xss.dpatch
only in patch2:
unchanged:
--- ipplan-4.91a.orig/debian/patches/CVE-2009-1732-xss.dpatch
+++ ipplan-4.91a/debian/patches/CVE-2009-1732-xss.dpatch
@@ -0,0 +1,36 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+...@dpatch@
+--- admin/usermanager.php	2009-03-19 07:44:03.0 +1100
 ipplan-4.91a/admin/usermanager.php	2009-05-30 16:34:08.0 +1000
+@@ -301,9 +301,13 @@
+ // First off we insert the user information and delete button.
+ insert($w, $t=table(array("cols"=>"2","border"=>"0","cellspacing"=>"2","width"=>"100%")));
+ insert($t, $c=cell());
+-insert($c ,block("".my_("Editing User: $userid").""));
+-insert($c, block("".my_("Real Name: ").$row["userdescrip"].""));
+-insert($c, block(my_("e-mail: ").$row["useremail"]));
++insert($c ,block(""));
++insert($c ,text(my_("Editing User: $userid")));
++insert($c ,block(""));
++insert($c, block(""));
++insert($c, text(my_("Real Name: ").$row["userdescrip"]));
++insert($c, block(""));
++insert($c, text(my_("e-mail: ").$row["useremail"]));
+ insert($t, $c=cell(array("align"=>"right")));
+ insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"])));
+ insert($f,hidden(array("name"=>"action","value"=>"deleteuser")));
+@@ -407,8 +411,11 @@
+ $resaddr   =$row["resaddr"];
+ insert($w, $t=table(array("width"=>"100%","cols"=>"2","border"=>"0","cellspacing"=>"0","valign"=>"middle")));
+ insert($t, $c = cell());
+-insert($c, block("".my_("Editing Group:")." $grp"));
+-insert($c, block("".my_(" Description: ")."".$grpdescrip));
++insert($c, block(""));
++insert($c, text(my_("Editing Group:")." $grp"));
++insert($c, block(""));
++insert($c, block("".my_(" Description: ").""));
++insert($c, text($grpdescrip));
+ insert($w,generic("br"));  
+ insert($t,$c = cell (array("align"=>"right")));
+ insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"])));


signature.asc
Description: This is a digitally signed message part.

Bug#535940: marked as done (geoclue pull glib 1.2 as build-dep)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 09:33:37 +
with message-id 
and subject line Bug#535940: fixed in geoclue 0.11.1-5
has caused the Debian Bug report #535940,
regarding geoclue pull glib 1.2 as build-dep
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535940
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: geoclue
Severity: serious
Version: 0.11.1-4

Hi

geoclue pulls glib 1.2 as build dep.

libglib-dev should be replaced by libglib2.0-dev

Regards

Laurent Bigonville


--- End Message ---
--- Begin Message ---
Source: geoclue
Source-Version: 0.11.1-5

We believe that the bug you reported is fixed in the latest version of
geoclue, which is due to be installed in the Debian FTP archive:

geoclue-examples_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-examples_0.11.1-5_amd64.deb
geoclue-geonames_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-geonames_0.11.1-5_amd64.deb
geoclue-gpsd_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-gpsd_0.11.1-5_amd64.deb
geoclue-gsmloc_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-gsmloc_0.11.1-5_amd64.deb
geoclue-hostip_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-hostip_0.11.1-5_amd64.deb
geoclue-localnet_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-localnet_0.11.1-5_amd64.deb
geoclue-manual_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-manual_0.11.1-5_amd64.deb
geoclue-plazes_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-plazes_0.11.1-5_amd64.deb
geoclue-yahoo_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue-yahoo_0.11.1-5_amd64.deb
geoclue_0.11.1-5.diff.gz
  to pool/main/g/geoclue/geoclue_0.11.1-5.diff.gz
geoclue_0.11.1-5.dsc
  to pool/main/g/geoclue/geoclue_0.11.1-5.dsc
geoclue_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/geoclue_0.11.1-5_amd64.deb
libgeoclue-dev_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/libgeoclue-dev_0.11.1-5_amd64.deb
libgeoclue0_0.11.1-5_amd64.deb
  to pool/main/g/geoclue/libgeoclue0_0.11.1-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernd Zeimetz  (supplier of updated geoclue package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 10:39:21 +0200
Source: geoclue
Binary: geoclue libgeoclue0 libgeoclue-dev geoclue-manual geoclue-hostip 
geoclue-plazes geoclue-gpsd geoclue-geonames geoclue-gsmloc geoclue-localnet 
geoclue-yahoo geoclue-examples
Architecture: source amd64
Version: 0.11.1-5
Distribution: unstable
Urgency: low
Maintainer: Craig Andrews 
Changed-By: Bernd Zeimetz 
Description: 
 geoclue- Geographic information framework
 geoclue-examples - GeoClue example clients
 geoclue-geonames - Geocoder provider for GeoClue (geonames)
 geoclue-gpsd - Position server for GeoClue (GPS)
 geoclue-gsmloc - Position server for GeoClue (GSM)
 geoclue-hostip - Position server for GeoClue (hostip)
 geoclue-localnet - Position server for GeoClue (GPS)
 geoclue-manual - Position server for GeoClue (manual)
 geoclue-plazes - Position server for GeoClue (Plazes)
 geoclue-yahoo - Map and geocode server for GeoClue (Yahoo)
 libgeoclue-dev - C API for GeoClue (development files)
 libgeoclue0 - C API for GeoClue
Closes: 535940
Changes: 
 geoclue (0.11.1-5) unstable; urgency=low
 .
   * [ff19d3bf] Fixing section override disparities.
   * [23ddf112] Use libglib2.0-dev instead of libglib-dev. (Closes:
 #535940) - thanks to Laurent Bigonville
Checksums-Sha1: 
 87d7fa09034195fda4004c4b758bebcfe375a2f2 1576 geoclue_0.11.1-5.dsc
 6f88c6c96643d4227eaaef3120b46cdf421bad0d 5251 geoclue_0.11.1-5.diff.gz
 e1d3295b19d6d74fbf4a5f0501116095159c9605 20242 geoclue_0.11.1-5_amd64.deb
 18de36e11a14412370f6c13396f2eaf3f90d44df 26648 libgeoclue0_0.11.1-5_amd64.deb
 def5404f543892c1c3768436e7fa6cfddb76 86520 
libgeoclue-dev_0.11.1-5_amd64.deb
 9646520d00ac2d9fbc9da354c220ddcba4d13b49 8974 geoclue-manual_0.11.1-5_amd64.deb
 2bc5b9977a898b8d9b8b2c81756fb33dc999a197 8348 geoclue-hostip_0.11.1-5_amd64.deb
 b4cf16cece271495bd7f6f42a8385f6bc0ba82e4 8656 geoclue-plazes_0.11.1-5_amd64.deb
 6575f0255130e02eb1316447295cccd0a7e5a1fa 9250 geocl

Bug#535676: marked as done (loop-aes-utils: FTBFS: ncurses not found)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 09:36:15 +
with message-id 
and subject line Bug#535676: fixed in loop-aes-utils 2.15.1~rc1-2
has caused the Debian Bug report #535676,
regarding loop-aes-utils: FTBFS: ncurses not found
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535676: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: loop-aes-utils
Version: 2.15.1~rc1-1
Severity: serious

Hi,

There was an error while trying to autobuild your package:

> Start Time: 20090703-2152

[...]

> Build-Depends: debhelper (>= 7), dpatch (>= 2.0.0), gettext, libblkid-dev, 
> uuid-dev, libselinux1-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386]

[...]

> Toolchain package versions: libc6-dev_2.9-18 linux-libc-dev_2.6.30-1 
> g++-4.3_4.3.3-13 gcc-4.3_4.3.3-13 binutils_2.19.1-1 libstdc++6_4.4.0-10 
> libstdc++6-4.3-dev_4.3.3-13
> 

[...]

> checking whether NLS is requested... yes
> checking for GNU gettext in libc... yes
> checking whether to use NLS... yes
> checking where the gettext function comes from... libc
> checking ncurses.h usability... no
> checking ncurses.h presence... no
> checking for ncurses.h... no
> checking ncurses/ncurses.h usability... no
> checking ncurses/ncurses.h presence... no
> checking for ncurses/ncurses.h... no
> configure: error: ncurses or ncursesw selected, but library not found 
> (--without-ncurses to disable)
> make: *** [debian/build-deb/config.status] Error 1
> dpkg-buildpackage: error: debian/rules build gave error exit status 2

A full build log can be found at:
http://buildd.debian.org/build.php?arch=i386&pkg=loop-aes-utils&ver=2.15.1~rc1-1


Kurt



--- End Message ---
--- Begin Message ---
Source: loop-aes-utils
Source-Version: 2.15.1~rc1-2

We believe that the bug you reported is fixed in the latest version of
loop-aes-utils, which is due to be installed in the Debian FTP archive:

loop-aes-utils_2.15.1~rc1-2.diff.gz
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.15.1~rc1-2.diff.gz
loop-aes-utils_2.15.1~rc1-2.dsc
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.15.1~rc1-2.dsc
loop-aes-utils_2.15.1~rc1-2_amd64.deb
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.15.1~rc1-2_amd64.deb
mount-aes-udeb_2.15.1~rc1-2_amd64.udeb
  to pool/main/l/loop-aes-utils/mount-aes-udeb_2.15.1~rc1-2_amd64.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Max Vozeler  (supplier of updated loop-aes-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 06 Jul 2009 02:08:18 +0200
Source: loop-aes-utils
Binary: loop-aes-utils mount-aes-udeb
Architecture: source amd64
Version: 2.15.1~rc1-2
Distribution: unstable
Urgency: low
Maintainer: Debian Loop-AES Team 
Changed-By: Max Vozeler 
Description: 
 loop-aes-utils - Tools for mounting and manipulating filesystems
 mount-aes-udeb - Mount utils for loop-AES (udeb)
Closes: 535676
Changes: 
 loop-aes-utils (2.15.1~rc1-2) unstable; urgency=low
 .
   * Disable ncurses (--without-ncurses), not used in
 mount/. Fixes FTBFS (closes: #535676).
Checksums-Sha1: 
 f480966f2d5923a26409ae5acc4fc41701a08963 1360 loop-aes-utils_2.15.1~rc1-2.dsc
 18a6223645c57409c1d621125d2787acb99f7279 104382 
loop-aes-utils_2.15.1~rc1-2.diff.gz
 90bb5f4d01e1f8da5103df49703b660d1c048204 159868 
loop-aes-utils_2.15.1~rc1-2_amd64.deb
 ae103e42002bf97bf6f84213f6806d1f6fd758e5 90772 
mount-aes-udeb_2.15.1~rc1-2_amd64.udeb
Checksums-Sha256: 
 589b7e77534155fa954178453d588081c9c9dae049ae757d114e3cbdd4775123 1360 
loop-aes-utils_2.15.1~rc1-2.dsc
 9840338b0e6681fad17d6205a00dd6b4a9d37b7fc5c67bd1b6462eecd2d0eb3c 104382 
loop-aes-utils_2.15.1~rc1-2.diff.gz
 639daff79428241ce28cea93ab140b275c898a5c783141a3fa11321216b65b52 159868 
loop-aes-utils_2.15.1~rc1-2_amd64.deb
 966051661255aaa7b745bdf085a7903e06ce48b4549568e4de54031a7d709db3 90772 
mount-aes-udeb_2.15.1~rc1-2_amd64.udeb
Files: 
 6fa0afa969c9b682404d7818508937f8 1360 admin optional 
loop-aes-utils_2.15.1~rc1-2.dsc
 67cd027c099faabcb52e8e730c3c1c12 104382 admin optional 
loop-aes-utils_2.15.1~rc1-2.diff.gz
 fabff5fa3c43da34082738ee6194c8bc 159868 admin optional 
loop

Processed: versions

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 535946 1.24-1
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Bug marked as found in version 1.24-1.

> found 535946 1.16-1
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Bug marked as found in version 1.16-1.

> fixed 535946 1.26-1
Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability 
fixed in 1.26
Bug marked as fixed in version 1.26-1.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535946: libio-socket-ssl-perl: Partial hostname matching vulnerability fixed in 1.26

[Dominic Hargreaves]

Package: libio-socket-ssl-perl
Version: 1.24-1
Severity: grave
Tags: security
Justification: user security hole

1.26 (just uploaded to unstable) fixes what looks like a fairly serious
security issue:

v1.26 2009.07.03
- SECURITY BUGFIX! 
  fix Bug in verify_hostname_of_cert where it matched only the prefix for 
  the hostname when no wildcard was given, e.g. www.example.org matched
  against a certificate with name www.exam in it
  Thanks to MLEHMANN for reporting

>From inspecting the source this appears to apply to at least 1.24-1
(testing) and 1.16-1 (stable).



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535896: rails: potential password bypass

[Nico Golde]

Hi,
* Adam Majer  [2009-07-06 05:49]:
> Michael S. Gilbert wrote:
> > package: rails
> > version: 1.1.6-3
> > severity: serious
> > tags: security
> > 
> > hello,
> > 
> > it has been found that rails is vulnerable to a password bypass [1].  this 
> > will be 
> > fixed in upstream version 2.3.3.
> > 
> > [1] 
> > http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
> 
> Rails 2.2.2 doesn't have digest HTTP authentication. I've looked at the
> function in rails and I don't see the problem.
> 
> Certainly this is not a problem with version 1.1.6. The issue is with
> Rails 2.3.x branch, AFAIK.
> 
> Please let me know if I'm wrong.

Yes that's correct. I verified the ruby version in unstable 
and the vulnerable code is indeed not yet present.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.


pgprGbJIqweDF.pgp
Description: PGP signature

Processed: Bug#535940 marked as pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 535940 pending
Bug#535940: geoclue pull glib 1.2 as build-dep
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535940: marked as pending

[Bernd Zeimetz]

tag 535940 pending
thanks

Hello,

Bug #535940 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=collab-maint/geoclue.git;a=commitdiff;h=dc6c0ba

---
commit dc6c0ba9d203734a0aaf8954729a08dd2f209a9e
Author: Bernd Zeimetz 
Date:   Mon Jul 6 10:39:49 2009 +0200

Updating changelog.

diff --git a/debian/changelog b/debian/changelog
index 5102a91..1f83ad4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+geoclue (0.11.1-5) unstable; urgency=low
+
+  * [ff19d3bf] Fixing section override disparities.
+  * [23ddf112] Use libglib2.0-dev instead of libglib-dev. (Closes:
+#535940) - thanks to Laurent Bigonville
+
+ -- Bernd Zeimetz   Mon, 06 Jul 2009 10:39:21 +0200
+
 geoclue (0.11.1-4) unstable; urgency=low
 
   * [dcb98403] Move geoclue-test-gui into geoclue-examples. (Closes:



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: severity of 535941 is important

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 535941 important
Bug#535941: linux-image-2.6.26-2-xen-686: domU crashes daily
Severity set to `important' from `grave'

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: upload pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 535676 + pending
Bug#535676: loop-aes-utils: FTBFS: ncurses not found
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535909: camlimages: CVE-2009-2295 several integer overflows

[Stefano Zacchiroli]

On Mon, Jul 06, 2009 at 09:40:48AM +0200, Sylvain Le Gall wrote:
> Patch has already been applied for sid version (3.0.1-2), migration to
> lenny is blocked by current OCaml 3.11.1 transition. 
  ^

Errata corrige. Migration to *squeeze* (i.e., testing) is currently
blocked by the transition. Updates to *lenny* (i.e., stable) will
happen by hand via security fixes.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...| ..: | Je dis tu à tous ceux que j'aime


signature.asc
Description: Digital signature

Bug#535941: linux-image-2.6.26-2-xen-686: domU crashes daily

[Maximilian Mill]

Package: linux-image-2.6.26-2-xen-686
Version: 2.6.26-17
Severity: grave
Justification: renders package unusable

domU crashes randomly... 

I have annother Lenny Xen-Hostsystem with 2.6.18-6-xen-686 dom0-kernel
(from etch) and everything works perfect. Both systems won't work with 
2.6.26-2-xen-686.


xm dmesg:
(XEN) domain_crash_sync called from entry.S (ff188600)
(XEN) Domain 6 (vcpu#2) crashed on cpu#2:
(XEN) [ Xen-3.2-1  x86_32p  debug=n  Not tainted ]
(XEN) CPU:2
(XEN) EIP:0061:[]
(XEN) EFLAGS: 0246   CONTEXT: guest
(XEN) eax:    ebx: 0001   ecx:    edx: ed447f90
(XEN) esi: 0002   edi: 0002   ebp:    esp: ed447f84
(XEN) cr0: 8005003b   cr4: 26f0   cr3: 001b4ca0   cr2: b7ee59e0
(XEN) ds: 007b   es: 007b   fs: 00d8   gs:    ss: 0069   cs: 0061
(XEN) Guest stack trace from esp=ed447f84:
(XEN)c0105f52  0002 c0848f4e 8225   
(XEN)c01028ab c0102810      
(XEN)      00d8 
(XEN)      
(XEN) mm.c:645:d13 Non-privileged (13) attempt to map I/O space 0025b0a8
(XEN) mm.c:3493:d13 ptwr_emulate: fixing up invalid PAE PTE 00025b0a8025
(XEN) mm.c:645:d14 Non-privileged (14) attempt to map I/O space 002734a8
(XEN) mm.c:3493:d14 ptwr_emulate: fixing up invalid PAE PTE 0002734a8025

xend.log:
[2009-07-04 01:30:03 2981] WARNING (XendDomainInfo:1258) Domain has crashed: 
name=XXX id=6.
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1914) 
XendDomainInfo.destroyDomain(6)
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1529) Destroying device model
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1536) Releasing devices
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1542) Removing vif/0
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:590) XendDomainInfo.destroyDevi
ce: deviceClass = vif, device = vif/0
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1542) Removing vbd/2049
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:590) 
XendDomainInfo.destroyDevice: deviceClass = vbd, device = vbd/2049
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1542) Removing vbd/2050
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:590) 
XendDomainInfo.destroyDevice: deviceClass = vbd, device = vbd/2050
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1542) Removing console/0
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:590) 
XendDomainInfo.destroyDevice: deviceClass = console, device = console/0
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1534) No device model
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:1536) Releasing devices
[2009-07-04 01:30:03 2981] DEBUG (XendDomainInfo:106) 
XendDomainInfo.create_from_dict({'vcpus_params': {'cap': 0, 'weight': 256}, 
'PV_args': 'root=/dev/sda2 ro ', 'features': '', 'cpus': [], 'paused': 0, 
'actions_after_reboot': 'restart', 'shutdown': 0, 'VCPUs_live': 1, 
'PV_bootloader': '', 'actions_after_crash': 'restart', 'vbd_refs': 
['76379e03-6ad8-1014-3bf4-efa0ab0b9d7d', 
'd75b2a27-dcc5-59ae-18b8-79cd54d46c08'], 'PV_ramdisk': 
'/boot/initrd.img-2.6.26-2-xen-686', 'is_control_domain': False, 'name_label': 
'trsggrea', 'VCPUs_at_startup': 1, 'HVM_boot_params': {}, 'platform': {}, 
'PV_kernel': '/boot/vmlinuz-2.6.26-2-xen-686', 'console_refs': 
['58eeeb1d-01b3-8872-2488-97f50c60b17e'], 'online_vcpus': 4, 'blocked': 0, 
'on_xend_stop': 'ignore', 'memory_static_min': 0, 'HVM_boot_policy': '', 
'shutdown_reason': 3, 'VCPUs_max': 4, 'start_time': 1246543544.3383191, 
'memory_static_max': 4294967296L, 'actions_after_shutdown': 'destroy', 
'on_xend_start': 'ignore', 'crashed': 1, 'memory_
 dynamic_max': 4294967296L, 'actions_after_suspend': '', 'is_a_template': 
False, 'PV_bootloader_args': '', 'memory_dynamic_min': 4294967296L, 'uuid': 
'e5592f0e-aed4-cee7-4bf9-dc752db243ad', 'cpu_time': 3108.4089437950001, 
'shadow_memory': 0, 'dying': 1, 'vcpu_avail': 15, 'notes': {'HV_START_LOW': 
4118806528L, 'FEATURES': 
'writable_page_tables|writable_descriptor_tables|auto_translated_physmap|pae_pgdir_above_4gb|supervisor_mode_kernel',
 'VIRT_BASE': 3221225472L, 'GUEST_VERSION': '2.6', 'PADDR_OFFSET': 0, 
'GUEST_OS': 'linux', 'HYPERCALL_PAGE': 378144L, 'LOADER': 'generic', 
'SUSPEND_CANCEL': 1, 'PAE_MODE': 'yes', 'ENTRY': 374048L, 'XEN_VERSION': 
'xen-3.0'}, 'other_config': {}, 'running': 0, 'domid': 6, 'vif_refs': 
['4897dbc5-7436-84c8-7af5-ede96161f91e'], 'vtpm_refs': [], 'devices': 
{'d75b2a27-dcc5-59ae-18b8-79cd54d46c08': ('vbd', {'uuid': 
'd75b2a27-dcc5-59ae-18b8-79cd54d46c08', 'bootable': 0, 'devid': 2050, 'driver': 
'paravirtualised', 'dev': 'sda2', 'uname': 'phy:/dev
 /vg0/web01-disk', 'mode': 'w'}), '4897dbc5-7436-84c8-7af5-ede96161f91e': 
('vif', {'ip': '188.40.58.178', 'mac': '00:16:3e:7c:45:a9', 'devid': 0, 'uuid': 
'4897dbc5-7436-84c8-7af5-ede96161f91e'}), 
'76379e03-6ad8-1014-3bf4-efa0ab0b9d

Bug#535276: marked as done (FTBFS with new dpkg-dev)

[Debian Bug Tracking System]

Your message dated Mon, 06 Jul 2009 07:48:13 +
with message-id 
and subject line Bug#535276: fixed in petsc 3.0.0.dfsg-5.1
has caused the Debian Bug report #535276,
regarding FTBFS with new dpkg-dev
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
535276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535276
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: petc
Version: 3.0.0.dfsg-5
Severity: serious

https://buildd.debian.org/fetch.cgi?pkg=petsc;ver=3.0.0.dfsg-5;arch=hppa;stamp=1246379358:

[...]
dpkg-source: extracting petsc in petsc-3.0.0.dfsg
dpkg-source: info: unpacking petsc_3.0.0.dfsg.orig.tar.gz
dpkg-source: info: applying petsc_3.0.0.dfsg-5.diff.gz
dpkg-buildpackage: set CFLAGS to default value: -g -O2
dpkg-buildpackage: set CPPFLAGS to default value: 
dpkg-buildpackage: set LDFLAGS to default value: 
dpkg-buildpackage: set FFLAGS to default value: -g -O2
dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: source package petsc
dpkg-buildpackage: source version 3.0.0.dfsg-5
dpkg-buildpackage: host architecture hppa
dpkg-checkbuilddeps: warning: can't parse dependency \
 libx11-dev
dpkg-checkbuilddeps: error: error occurred while parsing 
Build-Depends/Build-Depends-Indep)
dpkg-buildpackage: warning: Build dependencies/conflicts unsatisfied; aborting.
dpkg-buildpackage: warning: (Use -d flag to override.)
**
Build finished at 20090630-1628
FAILED [dpkg-buildpackage died]
[...]

This is on hppa, but it should fail the same way on all archs when tried
with a new(er) dpkg-dev.

Same reasoning, same solution as e.g. 535230 for mpi. Get rid of \ and
use proper folding with leading space.

Regards,

Rene


--- End Message ---
--- Begin Message ---
Source: petsc
Source-Version: 3.0.0.dfsg-5.1

We believe that the bug you reported is fixed in the latest version of
petsc, which is due to be installed in the Debian FTP archive:

libpetsc3.0.0-dbg_3.0.0.dfsg-5.1_powerpc.deb
  to pool/main/p/petsc/libpetsc3.0.0-dbg_3.0.0.dfsg-5.1_powerpc.deb
libpetsc3.0.0-dev_3.0.0.dfsg-5.1_powerpc.deb
  to pool/main/p/petsc/libpetsc3.0.0-dev_3.0.0.dfsg-5.1_powerpc.deb
libpetsc3.0.0_3.0.0.dfsg-5.1_powerpc.deb
  to pool/main/p/petsc/libpetsc3.0.0_3.0.0.dfsg-5.1_powerpc.deb
petsc-dev_3.0.0.dfsg-5.1_all.deb
  to pool/main/p/petsc/petsc-dev_3.0.0.dfsg-5.1_all.deb
petsc3.0.0-doc_3.0.0.dfsg-5.1_all.deb
  to pool/main/p/petsc/petsc3.0.0-doc_3.0.0.dfsg-5.1_all.deb
petsc_3.0.0.dfsg-5.1.diff.gz
  to pool/main/p/petsc/petsc_3.0.0.dfsg-5.1.diff.gz
petsc_3.0.0.dfsg-5.1.dsc
  to pool/main/p/petsc/petsc_3.0.0.dfsg-5.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard  (supplier of updated petsc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Fri, 03 Jul 2009 10:31:34 +0200
Source: petsc
Binary: libpetsc3.0.0-dev petsc-dev libpetsc3.0.0 libpetsc3.0.0-dbg 
petsc3.0.0-doc
Architecture: source all powerpc
Version: 3.0.0.dfsg-5.1
Distribution: unstable
Urgency: low
Maintainer: Debian Scientific Computing Team 

Changed-By: Rene Engelhard 
Description: 
 libpetsc3.0.0 - Shared libraries for version 3.0.0 of PETSc
 libpetsc3.0.0-dbg - Static debugging libraries for PETSc
 libpetsc3.0.0-dev - Static libraries, shared links, header files for PETSc
 petsc-dev  - Empty package depending on latest PETSc development package
 petsc3.0.0-doc - Documentation and examples for PETSc
Closes: 535276
Changes: 
 petsc (3.0.0.dfsg-5.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * fix Build-Depends for new dpkg-dev (closes: #535276)
Checksums-Sha1: 
 7c17b54ed1e1f0f20645b27f76f5ea96153edf7c 1488 petsc_3.0.0.dfsg-5.1.dsc
 4b556f8b1922e2f826855f4702377443875501ab 2664412 petsc_3.0.0.dfsg-5.1.diff.gz
 1881770c3259f74648aaa4c025e1c1a0dcd34e53 12770 petsc-dev_3.0.0.dfsg-5.1_all.deb
 f4ec6a24cb397bb26916a4eaf4685de51a3171cf 4794402 
petsc3.0.0-doc_3.0.0.dfsg-5.1_all.deb
 ef6768243cd619dbe45450500ae73f43986e9ae8 2712392 
libpetsc3.0.0-dev_3.0.0.dfsg-5.1_powerpc.deb
 355fbc29538137b067be9189278cffcaba8569c8 1667074 
libpetsc3.0.0_

Bug#535909: camlimages: CVE-2009-2295 several integer overflows

[Sylvain Le Gall]

Hello,

On Sun, Jul 05, 2009 at 07:38:51PM -0400, Michael S. Gilbert wrote:
> package: camlimages
> version: 2.20-8
> severity: serious
> tags: security
> 
> hello,
> 
> camlimages is vulnerable to several integer overflows [1].  this has
> not yet been fixed upstream, but has been addressed by redhat [2].
> 
> [1] http://www.ocert.org/advisories/ocert-2009-009.html
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=509531
> 

Patch has already been applied for sid version (3.0.1-2), migration to
lenny is blocked by current OCaml 3.11.1 transition. 

We need to patch lenny (2.2.0-4), but you seems to use etch (2.20-8).

Regards
Sylvain Le Gall




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535835: libdevel-nytprof-perl: FTBFS: libtest-simple-perl is a virtual package

[Niko Tyni]

On Sun, Jul 05, 2009 at 08:57:13PM +0200, Kurt Roeckx wrote:
> On Sun, Jul 05, 2009 at 07:21:05PM +0200, gregor herrmann wrote:
> > On Sun, 05 Jul 2009 17:33:05 +0200, Kurt Roeckx wrote:
> > 
> > > > So if I see it corrctly, perl-modules should not stop "providing" 
> > > > libtest-simple-perl. Thus my question, could the problem be related to
> > > > how sbuild resolves the dependencies (since, cowbuilder/pbuilder seem
> > > > to do it right?)
> > > You could argue that sbuild does the wrong thing, 
> > 
> > Please note that this sbuild bug was discussed and finally fixed in
> > July 2008: #395271
> > (The discussion revolves around perl packages too, the patch is in
> > fact from one of the perl maintainers.)
> 
> So I guess you'll have to wait until all arches switch to the new
> sbuild it that case.  It's only in use on some arches.

Agreed.

Here's a patch that makes it build with an older Test::More in the
meantime, fixing

 t/test01...1/97 Undefined subroutine &NYTProfTest::note called at 
t/lib/NYTProfTest.pm line 143.
 t/test51-enable1/129 Undefined subroutine &NYTProfTest::note called at 
t/lib/NYTProfTest.pm line 143.

Cheers,
-- 
Niko Tyni   nt...@debian.org
--- t/lib/NYTProfTest.pm	2009/07/06 07:32:56	1.1
+++ t/lib/NYTProfTest.pm	2009/07/06 07:33:39
@@ -140,7 +140,7 @@
 }
 
 if ($extra_test_code) {
-note("running $extra_test_count extra tests...");
+note("running $extra_test_count extra tests...") if $Test::More::VERSION >= 0.81_01;
 my $profile = eval { Devel::NYTProf::Data->new({filename => $profile_datafile}) };
 if ($@) {
 diag($@);

Processed: petsc: diff for NMU version 3.0.0.dfsg-5.1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 535276 + patch
Bug#535276: FTBFS with new dpkg-dev
Tags were: patch
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535276: petsc: diff for NMU version 3.0.0.dfsg-5.1

[Rene Engelhard]

tags 535276 + patch
thanks

Hi,

Attached is the diff for my petsc 3.0.0.dfsg-5.1 NMU.
diff -u petsc-3.0.0.dfsg/debian/control petsc-3.0.0.dfsg/debian/control
--- petsc-3.0.0.dfsg/debian/control
+++ petsc-3.0.0.dfsg/debian/control
@@ -5,10 +5,10 @@
 Uploaders: "Adam C. Powell, IV" 
 XS-DM-Upload-Allowed: yes
 Standards-Version: 3.8.1
-Build-Depends: debhelper (>= 3.0), quilt, python (>= 2.2), gfortran, \
- libx11-dev, mpi-default-dev, mpi-default-bin, \
- libblas-dev | libblas-3gf.so, liblapack-dev | liblapack-3gf.so, \
- libsuitesparse-dev (>= 3.1.0-2), libsuperlu3-dev (>= 3.0+20070106), \
+Build-Depends: debhelper (>= 3.0), quilt, python (>= 2.2), gfortran,
+ libx11-dev, mpi-default-dev, mpi-default-bin,
+ libblas-dev | libblas-3gf.so, liblapack-dev | liblapack-3gf.so,
+ libsuitesparse-dev (>= 3.1.0-2), libsuperlu3-dev (>= 3.0+20070106),
  libspooles-dev (>= 2.2-6), libhypre-dev (>= 2.4.0), libscotch-dev
 Homepage: http://www.mcs.anl.gov/petsc
 
diff -u petsc-3.0.0.dfsg/debian/changelog petsc-3.0.0.dfsg/debian/changelog
--- petsc-3.0.0.dfsg/debian/changelog
+++ petsc-3.0.0.dfsg/debian/changelog
@@ -1,3 +1,10 @@
+petsc (3.0.0.dfsg-5.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * fix Build-Depends for new dpkg-dev (closes: #535276) 
+
+ -- Rene Engelhard   Fri, 03 Jul 2009 10:31:34 +0200
+
 petsc (3.0.0.dfsg-5) unstable; urgency=medium
 
   * Removed babel-1.2.0 and libsidl-dev from Build-Depends (closes: #529485).

Bug#535940: geoclue pull glib 1.2 as build-dep

[Laurent Bigonville]

Package: geoclue
Severity: serious
Version: 0.11.1-4

Hi

geoclue pulls glib 1.2 as build dep.

libglib-dev should be replaced by libglib2.0-dev

Regards

Laurent Bigonville



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#535909: camlimages: CVE-2009-2295 several integer overflows

[Stefano Zacchiroli]

On Sun, Jul 05, 2009 at 07:38:51PM -0400, Michael S. Gilbert wrote:
> package: camlimages
> version: 2.20-8
> severity: serious
> tags: security
> 
> hello,
> 
> camlimages is vulnerable to several integer overflows [1].  this has
> not yet been fixed upstream, but has been addressed by redhat [2].

Thanks, we're aware of that. The patch has already been applied in the
unstable version and the security team has already been notified
too. Stay tuned for a fix in stable.

Cheers.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...| ..: | Je dis tu à tous ceux que j'aime


signature.asc
Description: Digital signature

Processed: tagging 533983

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Automatically generated email from bts, devscripts version 2.9.26etch2
> tags 533983 - patch
Bug#533983: gnome-swallow: FTBFS: gnome-swallow.c:23:36: error: 
libgnomeui/gnome-about.h: No such file or directory
Tags were: squeeze sid patch
Tags removed: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#534731: stardict broadcasts clipboard context over network

[Andrew Lee]

Hi Pavel,

I am not sure what's the best way to solve this issue.

I guess we can make a GConf schema registration scripts for the
package. But it seems to me that only stardict-gnome can be benefit by
the script and stardict-gtk doesn't.

Does anyone has better soultion than completely disable the netdict
plugin in build?

-Andrew




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org