Bug#603580: geneweb: armel: stripped binaries are broken
Am 14.01.2011 um 06:55 schrieb Christian PERRIER: I would be very interested if you can formally confirm that the latest uploaded version of geneweb (-8) does fix that problem on armel. That version does indeed work as desired. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609255: KDE upgrading
On Thu, Jan 13, 2011 at 08:37:53PM +0100, Julien Cristau wrote: (Non-exhaustive) testing shows that this allows the upgrade to proceed and get an acceptable (or even good) result, even when kwin styles are installed. These style packages are left installed after the upgrade, but that shouldn't hurt anything since they're basically cruft which can be cleaned up afterwards. Uhm I don't know if the following is expected. Shouldn't kwin dist-upgrade directly at this point? frankie@klecker:~$ LANG=C sudo apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages have been kept back: bitlbee kwin 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. frankie@klecker:~$ LANG=C sudo apt-get install kwin Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: kwin : Depends: kde-window-manager but it is not going to be installed E: Broken packages frankie@klecker:~$ LANG=C sudo apt-get install kde-window-manager Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libkdecorations4 libkwineffects1a The following packages will be REMOVED: kwin The following NEW packages will be installed: kde-window-manager libkdecorations4 libkwineffects1a 0 upgraded, 3 newly installed, 1 to remove and 1 not upgraded. Need to get 2615 kB of archives. After this operation, 3777 kB of additional disk space will be used. Do you want to continue [Y/n]? -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609255: KDE upgrading
On Sun, Jan 16, 2011 at 09:38:35 +0100, Francesco P. Lovergine wrote: On Thu, Jan 13, 2011 at 08:37:53PM +0100, Julien Cristau wrote: (Non-exhaustive) testing shows that this allows the upgrade to proceed and get an acceptable (or even good) result, even when kwin styles are installed. These style packages are left installed after the upgrade, but that shouldn't hurt anything since they're basically cruft which can be cleaned up afterwards. Uhm I don't know if the following is expected. Shouldn't kwin dist-upgrade directly at this point? You don't seem to have the new kde-window-manager yet. Cheers, Julien signature.asc Description: Digital signature
Bug#609955: python-ldns missing mandatory file ldns.py
Package: python-ldns Version: 1.6.6-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As reported by Bedrich Kosata bedrich.kos...@nic.cz: import ldns ldns module 'ldns' from '/usr/lib/pymodules/python2.6/ldns/__init__.pyc' resolver = ldns.ldns_resolver.new_frm_file(/etc/resolv.conf) Traceback (most recent call last): File stdin, line 1, in module AttributeError: 'module' object has no attribute 'ldns_resolver' Package python-ldns misses ldns.py file which has to be installed for python-ldns bindings to be usable. Ondrej - -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-backports'), (500, 'natty') Architecture: i386 (i686) Kernel: Linux 2.6.37-12-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-ldns depends on: ii libc6 2.12.1-0ubuntu12 Embedded GNU C Library: Shared lib ii libldns11.6.6-1build1ldns library for DNS programming ii libpython2.62.6.6-6ubuntu5 Shared Python runtime library (ver ii libpython2.72.7.1-3 Shared Python runtime library (ver ii python 2.7.1-0ubuntu5 interactive high-level object-orie ii python-support 1.0.10ubuntu3automated rebuilding support for P python-ldns recommends no packages. python-ldns suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0wHikACgkQ9OZqfMIN8nNzfACgpuL/uJQ/3Vz03rEDBy5+7OMR owYAniN5MWw8AUvyu3xh/IZlOyOrIO5W =KKIg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608990: marked as done (CVE-2010-4538: ENTTEC dissector)
Your message dated Fri, 14 Jan 2011 10:02:58 + with message-id e1pdguk-0003at...@franck.debian.org and subject line Bug#608990: fixed in wireshark 1.2.11-6 has caused the Debian Bug report #608990, regarding CVE-2010-4538: ENTTEC dissector to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 608990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: wireshark Severity: grave Tags: security This has been assigned CVE-2010-4538: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539 Fix: http://anonsvn.wireshark.org/viewvc?view=revrevision=35318 Please upload a fix for sid and request an unblock and check the Lenny status. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: wireshark Source-Version: 1.2.11-6 We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive: tshark_1.2.11-6_i386.deb to main/w/wireshark/tshark_1.2.11-6_i386.deb wireshark-common_1.2.11-6_i386.deb to main/w/wireshark/wireshark-common_1.2.11-6_i386.deb wireshark-dbg_1.2.11-6_i386.deb to main/w/wireshark/wireshark-dbg_1.2.11-6_i386.deb wireshark-dev_1.2.11-6_i386.deb to main/w/wireshark/wireshark-dev_1.2.11-6_i386.deb wireshark_1.2.11-6.debian.tar.gz to main/w/wireshark/wireshark_1.2.11-6.debian.tar.gz wireshark_1.2.11-6.dsc to main/w/wireshark/wireshark_1.2.11-6.dsc wireshark_1.2.11-6_i386.deb to main/w/wireshark/wireshark_1.2.11-6_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 608...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey bal...@balintreczey.hu (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 13 Jan 2011 01:58:46 +0100 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg Architecture: source i386 Version: 1.2.11-6 Distribution: unstable Urgency: high Maintainer: Balint Reczey bal...@balintreczey.hu Changed-By: Balint Reczey bal...@balintreczey.hu Description: tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools Closes: 608990 Changes: wireshark (1.2.11-6) unstable; urgency=high . * security fixes from Wireshark 1.2.14: - FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (No assigned CVE number.) - FRAsse discovered that the ENTTEC dissector could overflow a buffer. (CVE-2010-4538) (Closes: #608990) Checksums-Sha1: dc04efcb786e53a21563da2bdc4ec63014ef9c2a 1703 wireshark_1.2.11-6.dsc 27697acaa14302ea2491b25745e94923384b417f 62626 wireshark_1.2.11-6.debian.tar.gz ff6ca55166f75746740ee38c512d715b7f17ea18 11708334 wireshark-common_1.2.11-6_i386.deb f4e4e1c7fe6dc7166da73190dbe7e57159b4e37d 737262 wireshark_1.2.11-6_i386.deb 2604810410f3b7d332619d7eb043e42e9ce9b6d6 127792 tshark_1.2.11-6_i386.deb bef90e7209fa121fad01765fbfed497c544be5b9 774318 wireshark-dev_1.2.11-6_i386.deb 6b8d4bf22e47fe4de47a8c69c4108a829cadc211 14684254 wireshark-dbg_1.2.11-6_i386.deb Checksums-Sha256: 4a23a446ba883e4f2e952e17318c317c24149e14285319011d49a3a0692bf9d6 1703 wireshark_1.2.11-6.dsc 2e3a8a1307b80f3adf383f9a277ea1d8fdfba82f0ff424baf18fb908f6bc63b5 62626 wireshark_1.2.11-6.debian.tar.gz cd18de6d6a5cef66b202b80a8d1b4b3348584abc101241513588c4169d1f5b98 11708334 wireshark-common_1.2.11-6_i386.deb 61e447632727c3c7e2b44a38820f31230d5b74fd3614062969bf1127d9f97cb9 737262 wireshark_1.2.11-6_i386.deb c42f33bdb8e7d2cdf698b287bcffedcc5d937ab039c1434f78a20fa706d56b67 127792 tshark_1.2.11-6_i386.deb ee99a282457feab565ae362f608f9db1c39029f2856cc9c88b4dce987aca4105 774318 wireshark-dev_1.2.11-6_i386.deb 93e1d361ad027dae7705d26283d8b432b9a1bc78c8a117c26f0d34e990ef10fe 14684254 wireshark-dbg_1.2.11-6_i386.deb Files: 555012cbaed929f5c93ae9856cd33317 1703 net optional wireshark_1.2.11-6.dsc 2cdd0019c3387fade93f254df39f18ec 62626 net optional
Bug#609581: Incompatible licences
On Tue, Jan 11, 2011 at 21:17:33 +, Jonathan Riddell wrote: The question is if the plugin is a derived work of both the GPL 2 only libpoppler and the GPL 3 only application. Since it can't exist without either then it almost certainly is. And since the licences are incompatible that makes it illegal to distribute. It doesn't sound like this has been addressed? Cheers, Julien signature.asc Description: Digital signature
Bug#608990: marked as done (CVE-2010-4538: ENTTEC dissector)
Your message dated Fri, 14 Jan 2011 10:18:15 + with message-id e1pdgjx-0004zw...@franck.debian.org and subject line Bug#608990: fixed in wireshark 1.4.3-1 has caused the Debian Bug report #608990, regarding CVE-2010-4538: ENTTEC dissector to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 608990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: wireshark Severity: grave Tags: security This has been assigned CVE-2010-4538: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539 Fix: http://anonsvn.wireshark.org/viewvc?view=revrevision=35318 Please upload a fix for sid and request an unblock and check the Lenny status. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: wireshark Source-Version: 1.4.3-1 We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive: libwireshark-data_1.4.3-1_all.deb to main/w/wireshark/libwireshark-data_1.4.3-1_all.deb libwireshark-dev_1.4.3-1_i386.deb to main/w/wireshark/libwireshark-dev_1.4.3-1_i386.deb libwireshark0_1.4.3-1_i386.deb to main/w/wireshark/libwireshark0_1.4.3-1_i386.deb libwiretap-dev_1.4.3-1_i386.deb to main/w/wireshark/libwiretap-dev_1.4.3-1_i386.deb libwiretap0_1.4.3-1_i386.deb to main/w/wireshark/libwiretap0_1.4.3-1_i386.deb libwsutil-dev_1.4.3-1_i386.deb to main/w/wireshark/libwsutil-dev_1.4.3-1_i386.deb libwsutil0_1.4.3-1_i386.deb to main/w/wireshark/libwsutil0_1.4.3-1_i386.deb tshark_1.4.3-1_i386.deb to main/w/wireshark/tshark_1.4.3-1_i386.deb wireshark-common_1.4.3-1_i386.deb to main/w/wireshark/wireshark-common_1.4.3-1_i386.deb wireshark-dbg_1.4.3-1_i386.deb to main/w/wireshark/wireshark-dbg_1.4.3-1_i386.deb wireshark-dev_1.4.3-1_i386.deb to main/w/wireshark/wireshark-dev_1.4.3-1_i386.deb wireshark-doc_1.4.3-1_all.deb to main/w/wireshark/wireshark-doc_1.4.3-1_all.deb wireshark_1.4.3-1.debian.tar.gz to main/w/wireshark/wireshark_1.4.3-1.debian.tar.gz wireshark_1.4.3-1.dsc to main/w/wireshark/wireshark_1.4.3-1.dsc wireshark_1.4.3-1_i386.deb to main/w/wireshark/wireshark_1.4.3-1_i386.deb wireshark_1.4.3.orig.tar.bz2 to main/w/wireshark/wireshark_1.4.3.orig.tar.bz2 A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 608...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey bal...@balintreczey.hu (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 12 Jan 2011 15:31:35 +0100 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark0 libwsutil0 libwsutil-dev libwireshark-data libwireshark-dev libwiretap0 libwiretap-dev Architecture: source i386 all Version: 1.4.3-1 Distribution: experimental Urgency: high Maintainer: Balint Reczey bal...@balintreczey.hu Changed-By: Balint Reczey bal...@balintreczey.hu Description: libwireshark-data - a network packet dissection library -- data files libwireshark-dev - a network packet dissection library -- development files libwireshark0 - a network packet dissection library -- shared library libwiretap-dev - a network packet capture library -- development files libwiretap0 - a network packet capture library -- shared library libwsutil-dev - network packet dissection utilities library -- shared library libwsutil0 - network packet dissection utilities library -- shared library tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools wireshark-doc - network traffic analyzer - documentation Closes: 608990 Changes: wireshark (1.4.3-1) experimental; urgency=high . * New upstream release 1.4.3 - release notes: http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html - security fixes - FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (No assigned CVE number.) - FRAsse discovered that
Bug#609955: marked as done (python-ldns missing mandatory file ldns.py)
Your message dated Fri, 14 Jan 2011 11:02:10 + with message-id e1pdhq2-00081c...@franck.debian.org and subject line Bug#609955: fixed in ldns 1.6.6-2 has caused the Debian Bug report #609955, regarding python-ldns missing mandatory file ldns.py to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 609955: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609955 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: python-ldns Version: 1.6.6-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As reported by Bedrich Kosata bedrich.kos...@nic.cz: import ldns ldns module 'ldns' from '/usr/lib/pymodules/python2.6/ldns/__init__.pyc' resolver = ldns.ldns_resolver.new_frm_file(/etc/resolv.conf) Traceback (most recent call last): File stdin, line 1, in module AttributeError: 'module' object has no attribute 'ldns_resolver' Package python-ldns misses ldns.py file which has to be installed for python-ldns bindings to be usable. Ondrej - -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-backports'), (500, 'natty') Architecture: i386 (i686) Kernel: Linux 2.6.37-12-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-ldns depends on: ii libc6 2.12.1-0ubuntu12 Embedded GNU C Library: Shared lib ii libldns11.6.6-1build1ldns library for DNS programming ii libpython2.62.6.6-6ubuntu5 Shared Python runtime library (ver ii libpython2.72.7.1-3 Shared Python runtime library (ver ii python 2.7.1-0ubuntu5 interactive high-level object-orie ii python-support 1.0.10ubuntu3automated rebuilding support for P python-ldns recommends no packages. python-ldns suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0wHikACgkQ9OZqfMIN8nNzfACgpuL/uJQ/3Vz03rEDBy5+7OMR owYAniN5MWw8AUvyu3xh/IZlOyOrIO5W =KKIg -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Source: ldns Source-Version: 1.6.6-2 We believe that the bug you reported is fixed in the latest version of ldns, which is due to be installed in the Debian FTP archive: ldns_1.6.6-2.debian.tar.gz to main/l/ldns/ldns_1.6.6-2.debian.tar.gz ldns_1.6.6-2.dsc to main/l/ldns/ldns_1.6.6-2.dsc ldnsutils_1.6.6-2_amd64.deb to main/l/ldns/ldnsutils_1.6.6-2_amd64.deb libldns-dev_1.6.6-2_amd64.deb to main/l/ldns/libldns-dev_1.6.6-2_amd64.deb libldns1_1.6.6-2_amd64.deb to main/l/ldns/libldns1_1.6.6-2_amd64.deb python-ldns_1.6.6-2_amd64.deb to main/l/ldns/python-ldns_1.6.6-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 609...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý ond...@debian.org (supplier of updated ldns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Jan 2011 10:53:30 +0100 Source: ldns Binary: libldns1 libldns-dev ldnsutils python-ldns Architecture: source amd64 Version: 1.6.6-2 Distribution: unstable Urgency: high Maintainer: Ondřej Surý ond...@debian.org Changed-By: Ondřej Surý ond...@debian.org Description: ldnsutils - ldns library for DNS programming libldns-dev - ldns library for DNS programming libldns1 - ldns library for DNS programming python-ldns - Python bindings for the ldns library for DNS programming Closes: 609955 Changes: ldns (1.6.6-2) unstable; urgency=high . * Install ldns.py into python-ldns package (Closes: #609955) Checksums-Sha1: 5651b70ca5db103cf61a5f93a1ac05d41ec09889 1181 ldns_1.6.6-2.dsc c1798f9a9a2ab4405196072ec28cedc2a52b45a0 11710 ldns_1.6.6-2.debian.tar.gz e5c2d6ed09d1a7983ed0c491436cd6c3ae4856a8 146002 libldns1_1.6.6-2_amd64.deb dedd9662deb8b04680cbff5adfc2a188dcb20c31 556158 libldns-dev_1.6.6-2_amd64.deb c43774e51411c95ad3d14b5e4732eb8c713368b2 153768 ldnsutils_1.6.6-2_amd64.deb e1fe7bfd9bffd0cc2ca3803ca7dd70d0f6ecd0a6 379244 python-ldns_1.6.6-2_amd64.deb Checksums-Sha256:
Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
On Thu, Jan 13, 2011 at 10:35:00PM +, Adam D. Barratt wrote: On Thu, 2011-01-13 at 22:55 +0100, gregor herrmann wrote: I've now uploaded - 3.38-2lenny2 I've flagged the lenny package to be accepted at the next dinstall; While preparing the perl lenny upload I had a look at this. I see Gregor used my proposed patch from 27 Dec [1]; however I later noticed at least the doc addition in CGI.pm is wrong [2]. Upstream is going to change the documentation back rather than change the behaviour [3], so I don't think we should be including this change. While at it, I'm pretty sure the //s change in the previous hunk is a no-op (because the earlier change makes sure there are no newlines in @other) and I'm not including it with the perl uploads. Eyeballs welcome of course. So I'd like permission to upload libcgi-pm-perl 3.38-2lenny3 as seen in the attachments - the first one is the debdiff against 3.38-2lenny2 in proposed-updates, the second one is against 3.38-2lenny1 in stable. Gregor, I hope you're OK with this? I'm sorry I failed to communicate this better; the bug log is getting rather long and I can certainly see the potential for things to get lost. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606370#44 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606370#86 [3] http://rt.cpan.org/Public/Bug/Display.html?id=64554 Cheers, -- Niko Tyni nt...@debian.org diff -u libcgi-pm-perl-3.38/debian/changelog libcgi-pm-perl-3.38/debian/changelog --- libcgi-pm-perl-3.38/debian/changelog +++ libcgi-pm-perl-3.38/debian/changelog @@ -1,3 +1,11 @@ +libcgi-pm-perl (3.38-2lenny3) stable; urgency=low + + * Slightly amend the previous patch: ++ drop an incorrect documentation change ++ drop an unnecessary regexp modifier change + + -- Niko Tyni nt...@debian.org Fri, 14 Jan 2011 13:27:36 +0200 + libcgi-pm-perl (3.38-2lenny2) stable; urgency=low * [SECURITY] Add a patch with the backported fixes for CVE-2010-2761, diff -u libcgi-pm-perl-3.38/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch libcgi-pm-perl-3.38/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch --- libcgi-pm-perl-3.38/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch +++ libcgi-pm-perl-3.38/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch @@ -46,34 +46,6 @@ $nph ||= $NPH; $type ||= 'text/html' unless defined($type); -@@ -1482,7 +1506,7 @@ - # need to fix it up a little. - foreach (@other) { - # Don't use \s because of perl bug 21951 --next unless my($header,$value) = /([^ \r\n\t=]+)=\?(.+?)\?$/; -+next unless my($header,$value) = /([^ \r\n\t=]+)=\?(.+?)\?$/s; - ($_ = $header) =~ s/^(\w)(.*)/\u$1\L$2 . ': '.$self-unescapeHTML($value)/e; - } - -@@ -5101,6 +5125,18 @@ - - P3P: policyref=/w3c/p3p.xml cp=CAO DSP LAW CURa - -+Note that if a header value contains a carriage return, a leading space will be -+added to each new line that doesn't already have one as specified by RFC2616 -+section 4.2. For example: -+ -+print header( -ingredients = ham\neggs\nbacon ); -+ -+will generate -+ -+Ingredients: ham -+ eggs -+ bacon -+ - =head2 GENERATING A REDIRECTION HEADER - -print redirect('http://somewhere.else/in/movie/land'); --- /dev/null +++ b/t/headers.t @@ -0,0 +1,47 @@ diff -u libcgi-pm-perl-3.38/debian/changelog libcgi-pm-perl-3.38/debian/changelog --- libcgi-pm-perl-3.38/debian/changelog +++ libcgi-pm-perl-3.38/debian/changelog @@ -1,3 +1,19 @@ +libcgi-pm-perl (3.38-2lenny3) stable; urgency=low + + * Slightly amend the previous patch: ++ drop an incorrect documentation change ++ drop an unnecessary regexp modifier change + + -- Niko Tyni nt...@debian.org Fri, 14 Jan 2011 13:27:36 +0200 + +libcgi-pm-perl (3.38-2lenny2) stable; urgency=low + + * [SECURITY] Add a patch with the backported fixes for CVE-2010-2761, +CVE-2010-4410, and CVE-2010-4411; thanks to Niko Tyni for preparing the +patch (closes: #606370). + + -- gregor herrmann gre...@debian.org Thu, 13 Jan 2011 22:49:36 +0100 + libcgi-pm-perl (3.38-2lenny1) stable; urgency=low * Fix unwanted ISO-8859-1 - UTF-8 conversion in CGI::Util::escape(). diff -u libcgi-pm-perl-3.38/debian/patches/series libcgi-pm-perl-3.38/debian/patches/series --- libcgi-pm-perl-3.38/debian/patches/series +++ libcgi-pm-perl-3.38/debian/patches/series @@ -2,0 +3 @@ +CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch only in patch2: unchanged: --- libcgi-pm-perl-3.38.orig/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch +++ libcgi-pm-perl-3.38/debian/patches/CVE-2010-2761_CVE-2010-4410_CVE-2010-4411.patch @@ -0,0 +1,121 @@ +Description: backport fixes for CVE-2010-2761, CVE-2010-4410, CVE-2010-4411 from 3.50 and 3.51 +Bug: http://bugs.debian.org/606370 +Author: Niko Tyni nt...@debian.org +Reviewed-by: gregor herrmann gre...@debian.org +Last-Update: 2011-01-13 + +--- a/CGI.pm b/CGI.pm +@@ -1382,7
Bug#592768: clisp install failure is a powerpc64 only problem?
Hi; It seems like the install problems for clisp might only be happening on powerpc64. There are several reports of installation success on powerpc, and I verified myself on qemu-system-powerpc. Debian does not have any powerpc64 porterbox, so this is difficult for me to test. I'm not sure what this means from the point of view of Squeeze release. It does seem a bit odd to pull clisp from the release based on bugs which we cannot duplicate on Debian machines. On the other hand, officially there is no separate powerpc64 architecture, and having only 32 bit supported is hardly desirable. Of course, if someone can duplicate the bug running a 32-bit kernel that changes things. I still think we probably need a powerpc64 porterbox if powerpc is going to continue as a release architecture post squeeze. David pgpis9VZiCvvG.pgp Description: PGP signature
Bug#609916: ledcontrol broke my laptop keyboard
Ian Jackson ijack...@chiark.greenend.org.uk (13/01/2011): Package: ledcontrol Version: 0.5.2-11+b1 Severity: serious From a quick look at the changelog, I suspect the same happens with the version currently in squeeze? KiBi. signature.asc Description: Digital signature
Bug#609535: psiconv: magick/semaphore.c:526: LockSemaphoreInfo: Assertion `semaphore_info-signature == 0xabacadabUL' failed.
In the worst case we can change build-dependencies so that psiconv is linked with ImageMagick (rather than GraphicsMagick). This seem to work, but the resulting binary package has some ugly extra dependencies: Depends: libbz2-1.0, libc6 (= 2.3.6-6~), {+libfontconfig1 (= 2.8.0),+} libfreetype6 (= 2.2.1), {+libglib2.0-0 (= 2.12.0),+} libgomp1 (= 4.2.1), [-libgraphicsmagick3 (= 1.3.5),-] libice6 (= 1:1.0.0), [-libjasper1-] {+libjpeg62+} (= [-1.900.1), libjpeg62,-] {+6b1),+} liblcms1 (= 1.15-1), [-libpng12-0-] {+liblqr-1-0 (= 0.1.0), libltdl7+} (= [-1.2.13-4),-] {+2.2.6b), libmagickcore3 (= 8:6.6.0.4),+} libpsiconv6, libsm6, libtiff4, [-libwmf0.2-7 (= 0.2.8.4),-] libx11-6, libxext6, [-libxml2 (= 2.6.27),-] {+libxt6,+} zlib1g (= 1:1.1.4) -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609605: gpdftext: incompatible licenses: GPL-3+/GPL-2
Neil Williams codeh...@debian.org (10/01/2011): All the code in gpdftext itself is my own and I can relicence to GPL-2only but it will mean a new upstream release to clarify each source code file and replacing COPYING. Great. (I guess you could relicense it to GPL-2+ instead, you'd keep the '+' you've got currently with GPL-3+.) I can sort this out over the weekend, if the RT agree to a new upstream release (with only the licence changes). I believe a pointer in debian/{changelog,copyright} “overriding” the information in COPYING + the sources would be sufficient. No need for a whole new upstream release to fix this bug. (I can think of ftpmasters' being happy with an upstream's mail excerpt in debian/copyright, clarifying the license, or changing it to make it DFSG-compliant; which was sufficient so that we don't have to wait for a new upstream release to package stuff.) I'm not a lawyer, a ftpmaster, or a releaser though. KiBi. signature.asc Description: Digital signature
Processed: (cfengine3) raising severity on 602404 and 605044 to grave
Processing commands for cont...@bugs.debian.org: severity 602404 grave Bug #602404 {Done: Antonio Radici anto...@debian.org} [cfengine3] cfengine3 package uses wrongly names variables in /etc/default/cfengine Severity set to 'grave' from 'normal' severity 605044 grave Bug #605044 {Done: Antonio Radici anto...@debian.org} [cfengine3] /etc/init.d/cfengine3: unquoted variables Severity set to 'grave' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 605044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605044 602404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602404 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: notfound 609886 in 1.2.30, found 609886 in 1:1.2.30-1
Processing commands for cont...@bugs.debian.org: notfound 609886 1.2.30 Bug #609886 [libapache2-mod-jk] libapache2-mod-jk: After upgrade from 1.2.26 to 1.2.30 mod_jk no longer connects to tomcats There is no source info for the package 'libapache2-mod-jk' at version '1.2.30' with architecture '' Unable to make a source version for version '1.2.30' Bug No longer marked as found in versions 1.2.30. found 609886 1:1.2.30-1 Bug #609886 [libapache2-mod-jk] libapache2-mod-jk: After upgrade from 1.2.26 to 1.2.30 mod_jk no longer connects to tomcats Bug Marked as found in versions libapache-mod-jk/1:1.2.30-1. thanks Stopping processing here. Please contact me if you need assistance. -- 609886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#592768: clisp install failure is a powerpc64 only problem?
David, am Fri, Jan 14, 2011 at 07:55:40AM -0400 hast du folgendes geschrieben: Of course, if someone can duplicate the bug running a 32-bit kernel that changes things. I still think we probably need a powerpc64 porterbox if powerpc is going to continue as a release architecture post squeeze. I lobbied hard to get ppc64 buildds at all. Now we have three: porpora, poulenc and praetorius. As porpora and poulenc are identical Apple XServe G5, and given that we still have the slow voltaire as a ppc32 around, it might make sense to get one of the two to be a ppc porterbox with 64bit kernel. I don't know if porterboxes are possible at that location, however. Thus Cc'ing d-admin and the local admin. Kind regards Philipp Kern signature.asc Description: Digital signature
Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
On Fri, January 14, 2011 11:40, Niko Tyni wrote: While preparing the perl lenny upload I had a look at this. I see Gregor used my proposed patch from 27 Dec [1]; however I later noticed at least the doc addition in CGI.pm is wrong [2]. Upstream is going to change the documentation back rather than change the behaviour [3], so I don't think we should be including this change. While at it, I'm pretty sure the //s change in the previous hunk is a no-op (because the earlier change makes sure there are no newlines in @other) and I'm not including it with the perl uploads. Eyeballs welcome of course. So I'd like permission to upload libcgi-pm-perl 3.38-2lenny3 as seen in the attachments - the first one is the debdiff against 3.38-2lenny2 in proposed-updates, the second one is against 3.38-2lenny1 in stable. Yes, that would be okay; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#592768: clisp install failure is a powerpc64 only problem?
On Fri, 14, Jan, 2011 at 02:05:29PM +0100, Philipp Kern spoke thus.. David, am Fri, Jan 14, 2011 at 07:55:40AM -0400 hast du folgendes geschrieben: Of course, if someone can duplicate the bug running a 32-bit kernel that changes things. I still think we probably need a powerpc64 porterbox if powerpc is going to continue as a release architecture post squeeze. I lobbied hard to get ppc64 buildds at all. Now we have three: porpora, poulenc and praetorius. As porpora and poulenc are identical Apple XServe G5, and given that we still have the slow voltaire as a ppc32 around, it might make sense to get one of the two to be a ppc porterbox with 64bit kernel. I don't know if porterboxes are possible at that location, however. Thus Cc'ing d-admin and the local admin. Unlikely we can make that a publically accessible porterbox I'm afraid. I'd have to talk to networks at the University but I'm not sure they'd be happy with it. I'll ask though. Mark -- Mark Hymers mhy at debian dot org But Yossarian *still* didn't understand either how Milo could buy eggs in Malta for seven cents apiece and sell them at a profit in Pianosa for five cents. Catch 22, Joseph Heller -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602404: (cfengine3) raising severity on 602404 and 605044 to grave
On Fri, Jan 14, 2011 at 13:02:46 +, Antonio Radici wrote: severity 602404 grave severity 605044 grave thanks Hi, I'm raising the severity of those two bugs to grave because, despite being fixed in experimental, they should also be fixed in squeeze, the rationale is that /etc/default/cfengine3 is unusable so the user cannot specify any option to start the daemons. Those are the bugs: 602404 cfengine3 package uses wrongly names variables in /etc/default/cfengine 605044 /etc/init.d/cfengine3: unquoted variables The result of #602404 is that if the user specify what startup opts wants, those will never be used because /etc/init.d/cfengine3 is using other variable names. The result of #605044 is that, once #602404 is fixed, the user still won't be able to add full options because the variables in /etc/init.d/cfengine3 are unquoted so spaces cannot be used. I'm CC'ing debian-release@l.d.o because since I will submit an unblock request for the new package (3.0.5+dfsg-2), they will have some background on the issue. That doesn't sound grave to me. Just because you have to modify /etc/init.d/cfengine3 instead of /etc/default/cfengine3 doesn't make the package unusable, does it? Cheers, Julien signature.asc Description: Digital signature
Bug#609559: usertag: can-defer → Re: Bug#609559: psimedia: uninstallable on kfreebsd-i386
tag 609559 patch pending thanks Hi, Axel Beckert a...@debian.org (10/01/2011): psmedia is currently uninstallable on kfreebsd-i386 as there is no gstreamer0.10-alsa on that architecture. could you please check the attached patch looks sane? It seems to do the job here. I'm going to NMU if you confirm. In any case, only affecting kfreebsd-*, so there's no need to block squeeze with that bug. Release team, please consider usertagging it can-defer. KiBi. diff -Nru psimedia-1.0.3/debian/changelog psimedia-1.0.3/debian/changelog --- psimedia-1.0.3/debian/changelog 2010-04-29 18:26:13.0 +0200 +++ psimedia-1.0.3/debian/changelog 2011-01-14 14:34:16.0 +0100 @@ -1,3 +1,13 @@ +psimedia (1.0.3-4.1) unstable; urgency=high + + * Non-maintainer upload. + * Make the gstreamer0.10-alsa dependency linux-only to get this package +installable on kfreebsd-* again. According to Axel Beckert it is +functional as is (Closes: #609559). + * Set urgency to “high” for RC bugfix. + + -- Cyril Brulebois k...@debian.org Fri, 14 Jan 2011 14:32:23 +0100 + psimedia (1.0.3-4) unstable; urgency=low * Bump Standards-Version to 3.8.4 diff -Nru psimedia-1.0.3/debian/control psimedia-1.0.3/debian/control --- psimedia-1.0.3/debian/control 2010-04-28 10:53:02.0 +0200 +++ psimedia-1.0.3/debian/control 2011-01-14 14:31:30.0 +0100 @@ -9,7 +9,7 @@ Package: psimedia Architecture: any Depends: psi-plus | psi(= 0.13), ${shlibs:Depends}, ${misc:Depends}, - gstreamer0.10-plugins-good, gstreamer0.10-alsa + gstreamer0.10-plugins-good, gstreamer0.10-alsa [linux-any] Description: Plugin for Psi/Psi+ for audio and video calls PsiMedia is a thick abstraction layer for providing audio and video RTP services to Psi-like IM clients. signature.asc Description: Digital signature
Processed: usertag: can-defer → Re: Bug#609559: psimedia: uninstallable on kfreebsd-i386
Processing commands for cont...@bugs.debian.org: tag 609559 patch pending Bug #609559 [psimedia] psimedia: uninstallable on kfreebsd-i386 Added tag(s) pending and patch. thanks Stopping processing here. Please contact me if you need assistance. -- 609559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609515: upgrade-report: Conflict between radiusclient1 and libradiusclient-ng-dev during upgrade from Lenny to Squeeze
Julien Cristau jcris...@debian.org (10/01/2011): Thanks. libradiusclient-ng-dev is missing 'Conflicts: radiusclient1', as far as I can tell. Looks about right. Maintainers, shall I NMU with that added conflict? I'm probably going to use DELAYED/2 or so later today. KiBi. signature.asc Description: Digital signature
Bug#609535: psiconv: Patch for GraphicsMagick API change causing crash on startup
* Reuben Thomas r...@sc3d.org, 2011-01-10, 12:48: --- psiconv-0.9.8/configure.in 2005-11-15 15:43:19.0 + +++ psiconv-0.9.8-rrt/configure.in 2011-01-10 12:35:58.0 + @@ -112,6 +112,7 @@ #include time.h #include magick/api.h int main(void) { ExceptionInfo exception; + InitializeMagick(NULL); GetExceptionInfo(exception); OpenModules(exception); return (NULL == GetMagickInfo(NULL,exception)); }], For those who try to reproduce this bug: if this hunk of the patch is *not* applied and the package is rebuilt with recent enough GraphicsMagick[0], the package won't be linked with GraphicsMagick and won't be able to handle any images at all: $ psiconv examples/Sketch Unknown output type: `TIFF' ...which still renders psiconv unusable. [0] E.g. psiconv 0.9.8-4.1+b1. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609581: Incompatible licences
Hello Adam, Adam D. Barratt [2011-01-13 22:46 +]: Does this change apply retrospectively, or just to the new upstream release? Formally only to the new upstream release, so I'll try my luck first with asking for a freeze exception. Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609559: usertag: can-defer → Re: Bug#609559: psimedia: uninstallable on kfreebsd-i386
user release.debian@packages.debian.org usertag 609559 squeeze-can-defer tag 609559 squeeze-ignore kthxbye On Fri, Jan 14, 2011 at 14:41:20 +0100, Cyril Brulebois wrote: In any case, only affecting kfreebsd-*, so there's no need to block squeeze with that bug. Release team, please consider usertagging it can-defer. . signature.asc Description: Digital signature
Processed: Re: Bug#609559: usertag: can-defer → Re: Bug#609559: psimedia: uninstallable on kfreebsd-i386
Processing commands for cont...@bugs.debian.org: user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was jcris...@debian.org). usertag 609559 squeeze-can-defer Bug#609559: psimedia: uninstallable on kfreebsd-i386 There were no usertags set. Usertags are now: squeeze-can-defer. tag 609559 squeeze-ignore Bug #609559 [psimedia] psimedia: uninstallable on kfreebsd-i386 Added tag(s) squeeze-ignore. kthxbye Stopping processing here. Please contact me if you need assistance. -- 609559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 609705 is important
Processing commands for cont...@bugs.debian.org: severity 609705 important Bug #609705 [calibre] Trying to edit metadata cause calibre to freeze Severity set to 'important' from 'grave' thanks Stopping processing here. Please contact me if you need assistance. -- 609705: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602404: (cfengine3) raising severity on 602404 and 605044 to grave
On Fri, Jan 14, 2011 at 02:35:04PM +0100, Julien Cristau wrote: That doesn't sound grave to me. Just because you have to modify /etc/init.d/cfengine3 instead of /etc/default/cfengine3 doesn't make the package unusable, does it? Hi Julien, thanks for your quick answer; I thought this could be a problem because we are shipping /etc/default/cfengine3 and since you have that file, as a user, you expect that once you modify it, then it will work exactly as the other files in /etc/default; basically we are not doing what we are promising to do. As you said, it doesn't make the package unusable but it is a problem for the user; I'm happy to set the severity of this bug back to important if you want and we will leave things as they are on squeeze; the upload is just a 6 lines change though (3 in cfengine3.default and 3 in cfengine3.init) and it is already ready. Let me know your preference and I'll proceed accordingly. Cheers Antonio -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609581: Incompatible licences
Julien Cristau [2011-01-14 11:05 +0100]: It doesn't sound like this has been addressed? How do you mean in particular? The PDF reflow plugin now is GPL 2 or later, so it should be compatible with poppler again? It hasn't been addressed in testing yet. While I have you here, what do you think about a freeze exception for the current version? This will also fix the recent two security issues (#608822) and make calibre actually work fully (not just build) on kFreeBSD (#609557). The alternative is to backport the two security fixes (already identified the patches, so that's not too difficult) and don't ship the PDF reflow plugin for squeeze; this essentially means to make any PDF import/usage on e-book readers unusable, as without proper reflowing they are unreadable on their small screens. It's also a leaf package, so there is no potential for affecting the release as a whole. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) signature.asc Description: Digital signature
Bug#602404: (cfengine3) raising severity on 602404 and 605044 to grave
On Fri, Jan 14, 2011 at 13:59:03 +, Antonio Radici wrote: On Fri, Jan 14, 2011 at 02:35:04PM +0100, Julien Cristau wrote: That doesn't sound grave to me. Just because you have to modify /etc/init.d/cfengine3 instead of /etc/default/cfengine3 doesn't make the package unusable, does it? Hi Julien, thanks for your quick answer; I thought this could be a problem because we are shipping /etc/default/cfengine3 and since you have that file, as a user, you expect that once you modify it, then it will work exactly as the other files in /etc/default; basically we are not doing what we are promising to do. I'm not saying it's not a problem. I'm saying it pretty closely matches the bug which has a major effect on the usability of a package, without rendering it completely unusable to everyone description. As you said, it doesn't make the package unusable but it is a problem for the user; I'm happy to set the severity of this bug back to important if you want and we will leave things as they are on squeeze; the upload is just a 6 lines change though (3 in cfengine3.default and 3 in cfengine3.init) and it is already ready. Let me know your preference and I'll proceed accordingly. Then set it back to important, and fix it in 6.0.1 if you like. Cheers, Julien signature.asc Description: Digital signature
Bug#605044: Bug#602404: (cfengine3) 602404 and 605044 to be fixed in 6.0.1
severity 602404 important severity 605044 important reopen 605044 reopen 602404 thanks On Fri, Jan 14, 2011 at 03:20:36PM +0100, Julien Cristau wrote: [snip] Then set it back to important, and fix it in 6.0.1 if you like. OK! Cheers Antonio -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#602404: (cfengine3) 602404 and 605044 to be fixed in 6.0.1
Processing commands for cont...@bugs.debian.org: severity 602404 important Bug #602404 {Done: Antonio Radici anto...@debian.org} [cfengine3] cfengine3 package uses wrongly names variables in /etc/default/cfengine Severity set to 'important' from 'grave' severity 605044 important Bug #605044 {Done: Antonio Radici anto...@debian.org} [cfengine3] /etc/init.d/cfengine3: unquoted variables Severity set to 'important' from 'grave' reopen 605044 Bug #605044 {Done: Antonio Radici anto...@debian.org} [cfengine3] /etc/init.d/cfengine3: unquoted variables 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. reopen 602404 Bug #602404 {Done: Antonio Radici anto...@debian.org} [cfengine3] cfengine3 package uses wrongly names variables in /etc/default/cfengine 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. thanks Stopping processing here. Please contact me if you need assistance. -- 602404: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602404 605044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605044 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609762: amavisd-milter: Init script changes owner of current directory to 'amavis'
Hi Harald, I looked at your patch and I think those multiple checks in chain are prone to mistakes in some conditions. I've reported the same problem with clamav-milter [1] some time ago and I believe that is a cleaner and better implementation for checking SOCKET, SOCKET_TYPE and SOCKET_PATH. I'm writing this to you to check the current script from /etc/init.d/clamav-milter and include something similar for amavisd-milter. Thanks [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=55 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#595471: marked as done (mutt: wrong charset in saved html attachmant)
Your message dated Fri, 14 Jan 2011 15:32:11 + with message-id e1pdldl-0003qq...@franck.debian.org and subject line Bug#537061: fixed in mutt 1.5.20-9+squeeze1 has caused the Debian Bug report #537061, regarding mutt: wrong charset in saved html attachmant to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 537061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mutt Version: 1.5.20-9 Severity: normal When saving html attachment to a file it always converted to $charset that often differ from charset indicated in meta tag of html head. This cause browser display html page not properly. Please, don't convert html attachments at all. -- Package-specific info: Mutt 1.5.20 (2009-06-14) Copyright (C) 1996-2009 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 2.6.32-5-686 (i686) ncurses: ncurses 5.7.20100313 (compiled with 5.7) libidn: 1.18 (compiled with 1.18) hcache backend: tokyocabinet 1.4.37 Compile options: -DOMAIN +DEBUG -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK +USE_POP +USE_IMAP +USE_SMTP -USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO +HAVE_REGCOMP -USE_GNU_REGEX +HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET +HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE -ISPELL SENDMAIL=/usr/sbin/sendmail MAILPATH=/var/mail PKGDATADIR=/usr/share/mutt SYSCONFDIR=/etc EXECSHELL=/bin/sh MIXMASTER=mixmaster To contact the developers, please mail to mutt-...@mutt.org. To report a bug, please visit http://bugs.mutt.org/. misc/am-maintainer-mode misc/hg.pmdef.debugtime debian-specific/build_doc_adjustments.diff features/ifdef features/xtitles features/trash-folder features/purge-message features/sensible_browser_position features-old/patch-1.5.4.vk.pgp_verbose_mime features/compressed-folders features/compressed-folders.debian debian-specific/Muttrc debian-specific/Md.etc_mailname_gethostbyname.diff debian-specific/use_usr_bin_editor.diff debian-specific/correct_docdir_in_man_page.diff debian-specific/dont_document_not_present_features.diff debian-specific/document_debian_defaults debian-specific/assumed_charset-compat debian-specific/467432-write_bcc.patch misc/define-pgp_getkeys_command.diff misc/gpg.rc-paths misc/smime.rc upstream/533209-mutt_perror.patch upstream/533459-unmailboxes.patch upstream/533439-mbox-time.patch upstream/531430-imapuser.patch upstream/534543-imap-port.patch upstream/538128-mh-folder-access.patch upstream/537818-emptycharset.patch upstream/535096-pop-port.patch upstream/542910-search-segfault.patch upstream/533370-pgp-inline.patch upstream/533520-signature-highlight.patch upstream/393926-internal-viewer.patch upstream/543467-thread-segfault.patch upstream/544180-italian-yesorno.patch upstream/542817-smimekeys-tmpdir.patch upstream/544794-smtp-batch.patch upstream/537694-segv-imap-headers.patch upstream/548577-gpgme-1.2.patch upstream/548494-swedish-intl.patch upstream/553321-ansi-escape-segfault.patch upstream/553238-german-intl.patch upstream/557395-muttrc-crypto.patch upstream/545316-header-color.patch upstream/568295-references.patch upstream/547980-smime_keys-chaining.patch upstream/528233-readonly-open.patch upstream/228671-pipe-mime.patch upstream/383769-score-match.patch upstream/547739-manual-typos.patch upstream/311296-rand-mktemp.patch upstream/573823-imap_internal_date upstream/542344-dont_fold_From_ upstream/path_max misc/hyphen-as-minus.patch misc/smime_keys-manpage.patch mutt.org -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mutt depends on: ii libc6 2.11.2-4 Embedded GNU C Library: Shared lib ii libcomerr21.41.12-2 common error description library ii libgnutls26 2.8.6-1the GNU TLS library -
Bug#537061: marked as done (/usr/bin/mutt: saved attachements modified by mutt because of recoding)
Your message dated Fri, 14 Jan 2011 15:32:11 + with message-id e1pdldl-0003qq...@franck.debian.org and subject line Bug#537061: fixed in mutt 1.5.20-9+squeeze1 has caused the Debian Bug report #537061, regarding /usr/bin/mutt: saved attachements modified by mutt because of recoding to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 537061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mutt-patched Version: 1.5.20-1 Severity: normal File: /usr/bin/mutt Mutt now recodes the charset of attachements before saving them, while we can expect to get a one to one copy of the file. The only workaround I've found is to pipe the attachement to vim or some other tool. In that specific case, no charset conversion is done. This has been reported to Mutt trac under reference: http://dev.mutt.org/trac/ticket/3293 It seems to be a side effect introduced in 1.5.19 caused by: http://dev.mutt.org/trac/ticket/3234 http://dev.mutt.org/trac/changeset/392e945dfba7 -- Simon Paillard -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mutt-patched depends on: ii libc62.9-18 GNU C Library: Shared libraries ii libcomerr2 1.41.6-1common error description library ii libgdbm3 1.8.3-4 GNU dbm database routines (runtime ii libgnutls26 2.6.6-1 the GNU TLS library - runtime libr ii libgpg-error01.6-1 library for common error values an ii libgpgme11 1.1.8-2 GPGME - GnuPG Made Easy ii libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k ii libidn11 1.15-1 GNU Libidn library, implementation ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C ii libkrb5-31.7dfsg~beta3-1 MIT Kerberos runtime libraries ii libncursesw5 5.7+20090523-1 shared libraries for terminal hand ii libsasl2-2 2.1.23.dfsg1-1 Cyrus SASL - authentication abstra ii mutt 1.5.20-1text-based mailreader supporting M mutt-patched recommends no packages. mutt-patched suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: mutt Source-Version: 1.5.20-9+squeeze1 We believe that the bug you reported is fixed in the latest version of mutt, which is due to be installed in the Debian FTP archive: mutt-dbg_1.5.20-9+squeeze1_i386.deb to main/m/mutt/mutt-dbg_1.5.20-9+squeeze1_i386.deb mutt-patched_1.5.20-9+squeeze1_i386.deb to main/m/mutt/mutt-patched_1.5.20-9+squeeze1_i386.deb mutt_1.5.20-9+squeeze1.diff.gz to main/m/mutt/mutt_1.5.20-9+squeeze1.diff.gz mutt_1.5.20-9+squeeze1.dsc to main/m/mutt/mutt_1.5.20-9+squeeze1.dsc mutt_1.5.20-9+squeeze1_i386.deb to main/m/mutt/mutt_1.5.20-9+squeeze1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 537...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Radici anto...@dyne.org (supplier of updated mutt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Jan 2011 14:19:26 + Source: mutt Binary: mutt mutt-patched mutt-dbg Architecture: source i386 Version: 1.5.20-9+squeeze1 Distribution: unstable Urgency: low Maintainer: Antonio Radici anto...@dyne.org Changed-By: Antonio Radici anto...@dyne.org Description: mutt - text-based mailreader supporting MIME, GPG, PGP and threading mutt-dbg - debugging symbols for mutt mutt-patched - the Mutt Mail User Agent with extra patches Closes: 537061 Changes: mutt (1.5.20-9+squeeze1) unstable; urgency=low . * upstream/537061-dont-recode-saved-attachments.patch: as the patch says, see the patch for more info (Closes: 537061) Checksums-Sha1: eb4d4cfc4e6aa616679c4e23bcbf30ea53173fb8 1457 mutt_1.5.20-9+squeeze1.dsc
Bug#536015: Colector de fondos necesarios!
Shougang Grupo 106, Huang, Jingmin Guangzhou, Guangdong 529000 China. Página web: www.shougang.com.cn Esta es una solicitud oficial de un agente de cobro en nombre del Grupo Shougang. Estamos de hierro y la compañía de acero con actividad principal en la fabricación de acero y el comercio. Estamos buscando a un colector de fondos en EE.UU., Canadá, México, Europa y el Reino Unido. El salario es un 12% de cada pago que recibimos de nuestros clientes. Todos los cargos, como cargos de impuestos y la transferencia se descontará del saldo del 88%. Los detalles de su cuenta no es necesario en esta transacción. Nota: Si usted tiene un trabajo actual, todavía puede ser parte de nuestro negocio como servicio para nosotros no molestar con sus horas de trabajo en absoluto. Si usted está interesado, llene la información abajo y envíe de nuevo a mí a través de mi correo electrónico; shougang-gr...@english.tw (1) Su nombre completo: (2) Su dirección completa: a. Ciudad: b. Estado: c. Código postal: d. País: (3) Tele / número de células: (4) Ocupación: (5) Género: (6) Edad: (7) Correo electrónico: En nombre del Grupo Shougang, ruego acepte mi más sincero agradecimiento de antemano por su interés en ser nuestro agente recolector de fondos, mientras esperamos su pronta respuesta a nuestra solicitud. Respetuosamente, El Sr. Zhu Jimin (secretario) Shougang Group -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 606995 in 5.12.0~rc3-1
Processing commands for cont...@bugs.debian.org: # still present in experimental found 606995 5.12.0~rc3-1 Bug #606995 {Done: Niko Tyni nt...@debian.org} [perl-modules] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 Bug Marked as found in versions perl/5.12.0~rc3-1 and reopened. thanks Stopping processing here. Please contact me if you need assistance. -- 606995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606995 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608968: zutils: fails to upgrade from 0.3-1: trying to overwrite '/bin/zfgrep', which is also in package gzip 1.3.12-9
reopen 608968 thanks I've been encountering similar errors when attempting to upgrade from 0.9~rc2-2 to 0.9~rc2-3 or (now) 0.9-1, and would suggest adjusting zutils's preinst script to establish the diversions whenever they're absent, even when upgrading from an older version. Here's the sequence of events, AFAICT: - ftpmaster approves zutils, with the side effect of letting in zutils_0.3-1_all.deb in addition to zutils_0.9~rc2-2_i386.deb. - I see an interesting new package called zutils and proceed to install it, but wind up with 0.3-1 because 0.9~rc2-2 isn't yet available on my architecture (amd64). - I upgrade to 0.9~rc2-2; the preinst doesn't establish any diversions because I was technically upgrading, and I see no file conflicts because zutils still installs into /usr/bin. - I attempt to upgrade further and run into conflicts. I acknowledge that I can work around this bug easily enough by temporarily uninstalling zutils, but would still recommend making its preinst script more robust; could you please do so? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: zutils: fails to upgrade from 0.3-1: trying to overwrite '/bin/zfgrep', which is also in package gzip 1.3.12-9
Processing commands for cont...@bugs.debian.org: reopen 608968 Bug #608968 {Done: Daniel Baumann dan...@debian.org} [zutils] zutils: fails to upgrade from 0.3-1: trying to overwrite '/bin/zfgrep', which is also in package gzip 1.3.12-9 thanks Stopping processing here. Please contact me if you need assistance. -- 608968: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608968 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: installation-reports: USB Memory Stick Booting wrote Bootsector on USB Stick
Processing commands for cont...@bugs.debian.org: reassign 609722 grub-installer 1.58 Bug #609722 [installation-reports] installation-reports: USB Memory Stick Booting wrote Bootsector on USB Stick Bug reassigned from package 'installation-reports' to 'grub-installer'. Bug #609722 [grub-installer] installation-reports: USB Memory Stick Booting wrote Bootsector on USB Stick Bug Marked as found in versions grub-installer/1.58. severity 609722 serious Bug #609722 [grub-installer] installation-reports: USB Memory Stick Booting wrote Bootsector on USB Stick Severity set to 'serious' from 'normal' merge 568529 609722 Bug#568529: overwrites MBR of installation medium Bug#609722: installation-reports: USB Memory Stick Booting wrote Bootsector on USB Stick Bug#579519: grub-installer - Overwrites bootloaders on different device Bug#589823: debian-installer (squeeze alpha): Writes grub on usb-stic with installer Bug#603942: installation-report: Grub installed to wrong disk Bug#604992: Installs GRUB on USB stick during a USB install Bug#605562: installation-report: Installation from usb stick lead to unbootable system (und unbootable usb stick) Merged 568529 579519 589823 603942 604992 605562 609722. thanks Stopping processing here. Please contact me if you need assistance. -- 605562: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605562 589823: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589823 568529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568529 604992: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604992 579519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579519 609722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609722 603942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603942 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609998: Should not be shipped with Squeeze?
Package: lua40 Severity: grave At the Debian Security Team meeting we noticed that Squeeze still includes Lua 4.0, which hasn't been updated since 2004. We should remove it. Cheers, Moritz -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609999: bzr-gtk: breaks partial upgrades at python 2.6 installation step
Package: bzr-gtk Version: 0.99.1+bzr699-1 Severity: serious Not sure if the bug is in bzr-gtk, python or python-support/python-central. Setting up python (2.6.6-3+squeeze4) ... Linking and byte-compiling packages for runtime python2.6... Traceback (most recent call last): File /usr/bin/pycompile, line 314, in module main() File /usr/bin/pycompile, line 300, in main options.force, options.optimize, e_patterns) File /usr/bin/pycompile, line 196, in compile ftime = os.stat(fn).st_mtime OSError: [Errno 2] No such file or directory: '/usr/lib/python2.6/dist-packages/bzrlib/plugins/gtk/tests/test_tortoise_bzr.py' $ ls -l /usr/lib/python2.6/dist-packages/bzrlib/plugins/gtk/tests/test_tortoise_bzr.py lrwxrwxrwx 1 root root 65 nov 6 09:28 /usr/lib/python2.6/dist-packages/bzrlib/plugins/gtk/tests/test_tortoise_bzr.py - /usr/share/pyshared/bzrlib/plugins/gtk/tests/test_tortoise_bzr.py $ ls -l /usr/share/pyshared/bzrlib/plugins/gtk/tests/ total 88 -rw-r--r-- 1 root root 1171 mai 30 2010 __init__.py -rw-r--r-- 1 root root 1433 mai 7 2009 test_annotate_config.py -rw-r--r-- 1 root root 52213 déc 2 2009 test_commit.py -rw-r--r-- 1 root root 11897 oct 22 2008 test_diff.py -rw-r--r-- 1 root root 1762 mar 9 2007 test_history.py -rw-r--r-- 1 root root 1362 jun 9 2009 test_linegraph.py -rw-r--r-- 1 root root 3528 jun 10 2009 test_revisionview.py -- System Information: Debian Release: squeeze/sid APT prefers stable APT policy: (500, 'stable'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages bzr-gtk depends on: ii bzr2.3.0~beta2-1 easy to use distributed version co pn python none(no description available) ii python-central 0.6.16+nmu1 register and build utility for Pyt ii python-glade2 2.17.0-4 GTK+ bindings: Glade support ii python-gtk22.17.0-4 Python bindings for the GTK+ widge ii python-notify 0.1.1-2+b2Python bindings for libnotify Versions of packages bzr-gtk recommends: ii bzr-dbus 0.1~bzr39-2 D-Bus announcements plugin for Baz ii python-cairo 1.8.8-1+b1 Python bindings for the Cairo vect pn python-gnome2-desktopnone (no description available) ii python-gnomekeyring 2.30.0-3Python bindings for the GNOME keyr ii python-gtksourceview22.10.1-1Python bindings for the GtkSourceV pn seahorse none (no description available) Versions of packages bzr-gtk suggests: pn bzr-avahi none (no description available) pn bzr-loom none (no description available) pn bzr-searchnone (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607988: marked as done (python: OSError: [Errno 2] byte-compiling packages on upgrade (dangling symlinks))
Your message dated Fri, 14 Jan 2011 18:52:09 + with message-id e1pdokr-0004sx...@franck.debian.org and subject line Bug#607988: fixed in python-defaults 2.6.6-3+squeeze5 has caused the Debian Bug report #607988, regarding python: OSError: [Errno 2] byte-compiling packages on upgrade (dangling symlinks) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 607988: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607988 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: python2.6 Version: 2.6.6-6 Severity: critical The latest update is totally broken and can't byte compile *modules* (squeeze). -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36.2 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python2.6 depends on: ii libbz2-1.01.0.5-6high-quality block-sorting file co ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libexpat1 2.0.1-7XML parsing C library - runtime li ii libncursesw5 5.7+20100313-4 shared libraries for terminal hand ii libreadline6 6.1-3 GNU readline and history libraries ii libsqlite3-0 3.7.3-1SQLite 3 shared library ii mime-support 3.48-1 MIME files 'mime.types' 'mailcap ii python2.6-minimal 2.6.6-6A minimal subset of the Python lan python2.6 recommends no packages. Versions of packages python2.6 suggests: ii binutils 2.20.1-15 The GNU assembler, linker and bina pn python2.6-doc none (no description available) pn python2.6-profilernone (no description available) -- no debconf information ---End Message--- ---BeginMessage--- Source: python-defaults Source-Version: 2.6.6-3+squeeze5 We believe that the bug you reported is fixed in the latest version of python-defaults, which is due to be installed in the Debian FTP archive: idle_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/idle_2.6.6-3+squeeze5_all.deb python-all-dbg_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-all-dbg_2.6.6-3+squeeze5_all.deb python-all-dev_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-all-dev_2.6.6-3+squeeze5_all.deb python-all_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-all_2.6.6-3+squeeze5_all.deb python-dbg_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-dbg_2.6.6-3+squeeze5_all.deb python-defaults_2.6.6-3+squeeze5.dsc to main/p/python-defaults/python-defaults_2.6.6-3+squeeze5.dsc python-defaults_2.6.6-3+squeeze5.tar.gz to main/p/python-defaults/python-defaults_2.6.6-3+squeeze5.tar.gz python-dev_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-dev_2.6.6-3+squeeze5_all.deb python-doc_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-doc_2.6.6-3+squeeze5_all.deb python-examples_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-examples_2.6.6-3+squeeze5_all.deb python-minimal_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python-minimal_2.6.6-3+squeeze5_all.deb python_2.6.6-3+squeeze5_all.deb to main/p/python-defaults/python_2.6.6-3+squeeze5_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 607...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Piotr Ożarowski pi...@debian.org (supplier of updated python-defaults package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 11 Jan 2011 22:14:56 +0100 Source: python-defaults Binary: python python-minimal python-examples python-dev idle python-doc python-dbg python-all python-all-dev python-all-dbg Architecture: source all Version: 2.6.6-3+squeeze5 Distribution: unstable Urgency: low Maintainer: Matthias Klose d...@debian.org Changed-By: Piotr Ożarowski pi...@debian.org Description: idle - IDE for Python using Tkinter (default version) python - interactive high-level
Bug#606379: Bug in fixed in revision 67389
tag 606379 + pending thanks Some bugs are closed in revision 67389 by Niko Tyni (ntyni) Commit message: [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: backport MIME boundary and multiline header vulnerabilities fixes. (Closes: #606379) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Bug in fixed in revision 67389
Processing commands for cont...@bugs.debian.org: tag 606379 + pending Bug #606379 [libcgi-simple-perl] CVE-2010-2761 CVE-2010-4410 Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609189: marked as done (python-gtkmozembed missing xulrunner binary dependency since 2.25.3-5)
Your message dated Fri, 14 Jan 2011 19:48:42 + with message-id e1pdpda-0004j1...@franck.debian.org and subject line Bug#609189: fixed in gnome-python-extras 2.25.3-7 has caused the Debian Bug report #609189, regarding python-gtkmozembed missing xulrunner binary dependency since 2.25.3-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 609189: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: python-gtkmozembed Version: 2.25.3-5ubuntu2 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch python-gtkmozembed lost the xulrunner binary dependency after the d/rules cleanup in 2.25.3-5, this patch adds it back -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-backports'), (500, 'maverick'), (300, 'maverick-proposed') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-24-generic (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-gtkmozembed depends on: ii libatk1.0-0 1.32.0-0ubuntu1 The ATK accessibility toolkit ii libc6 2.12.1-0ubuntu10 Embedded GNU C Library: Shared lib ii libcairo2 1.10.0-1ubuntu3 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2ubuntu1 generic font configuration library ii libfreetype62.4.2-2ubuntu0.1 FreeType 2 font engine, shared lib ii libgcc1 1:4.5.1-7ubuntu2 GCC support library ii libglib2.0-02.26.0-0ubuntu1 The GLib library of C routines ii libgtk2.0-0 2.22.0-0ubuntu1 The GTK+ graphical user interface ii libpango1.0-0 1.28.1-1ubuntu3 Layout and rendering of internatio ii libstdc++6 4.5.1-7ubuntu2 The GNU Standard C++ Library v3 ii python 2.6.6-2ubuntu2 interactive high-level object-orie ii python-gtk2 2.21.0-0ubuntu1 Python bindings for the GTK+ widge ii python-support 1.0.9ubuntu1 automated rebuilding support for P python-gtkmozembed recommends no packages. python-gtkmozembed suggests no packages. -- no debconf information diff -Nru gnome-python-extras-2.25.3/debian/rules gnome-python-extras-2.25.3/debian/rules --- gnome-python-extras-2.25.3/debian/rules 2010-11-25 09:09:32.0 -0600 +++ gnome-python-extras-2.25.3/debian/rules 2011-01-07 01:03:13.0 -0600 @@ -18,3 +18,6 @@ DEB_CONFIGURE_EXTRA_FLAGS +=\ --with-gtkmozembed=mozilla-embedding \ --enable-docs + +binary-predeb/python-gtkmozembed:: + dh_xulrunner -ppython-gtkmozembed ---End Message--- ---BeginMessage--- Source: gnome-python-extras Source-Version: 2.25.3-7 We believe that the bug you reported is fixed in the latest version of gnome-python-extras, which is due to be installed in the Debian FTP archive: gnome-python-extras_2.25.3-7.debian.tar.gz to main/g/gnome-python-extras/gnome-python-extras_2.25.3-7.debian.tar.gz gnome-python-extras_2.25.3-7.dsc to main/g/gnome-python-extras/gnome-python-extras_2.25.3-7.dsc python-eggtrayicon_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-eggtrayicon_2.25.3-7_amd64.deb python-gda_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-gda_2.25.3-7_amd64.deb python-gdl_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-gdl_2.25.3-7_amd64.deb python-gksu2_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-gksu2_2.25.3-7_amd64.deb python-gnome2-extras-dev_2.25.3-7_all.deb to main/g/gnome-python-extras/python-gnome2-extras-dev_2.25.3-7_all.deb python-gtkmozembed_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-gtkmozembed_2.25.3-7_amd64.deb python-gtkspell_2.25.3-7_amd64.deb to main/g/gnome-python-extras/python-gtkspell_2.25.3-7_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 609...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette j...@debian.org (supplier of updated gnome-python-extras package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED
Bug#566072: util-linux: fsck goes into maintenance shell on every boot
Dear all, the patch introduced in #68 causes the postinst script to fail when upgrading from lenny to squeeze while the fstab contains a noauto entry with non-zero pass number. By adding -ex to the postinst script I got: + db_input critical util-linux/noauto-with-nonzero-passnum + _db_cmd 'INPUT critical' util-linux/noauto-with-nonzero-passnum + IFS=' ' + printf '%s\n' 'INPUT critical util-linux/noauto-with-nonzero-passnum' + IFS=' + read -r _db_internal_line + RET='10 util-linux/noauto-with-nonzero-passnum doesn'\''t exist' + case ${_db_internal_line%%[ ]*} in + return 10 dpkg: error processing util-linux (--install): subprocess installed post-installation script returned error exit status 10 As a result, the postinst script fails with error code 10. Fixing the fstab worked for me, but getting that information was non-trivial. Best regards, -- Carsten Otto o...@informatik.rwth-aachen.de LuFG Informatik 2 http://verify.rwth-aachen.de/otto/ RWTH Aachenphone: +49 241 80-21211 signature.asc Description: Digital signature
Bug#608790: zoneminder failed to query crop /dev/video0:,Invalid, argument
tags 608790 patch tags 608790 pending thanks On Thu, Jan 13, 2011 at 11:10:53PM +0300, Laurent Lemoine wrote: It's better with your new amd64 deb - Now I get images from my two cameras. good to hear, i'll prepare an upload today or tomorrow. i touched up the patch a little, as the previous one i posted had some whitespace inconsistancies: Index: zoneminder/src/zm_local_camera.cpp === --- zoneminder.orig/src/zm_local_camera.cpp 2011-01-14 11:49:44.0 -0800 +++ zoneminder/src/zm_local_camera.cpp 2011-01-14 11:54:14.0 -0800 @@ -908,7 +908,8 @@ struct v4l2_crop crop; memset( crop, 0, sizeof(crop) ); crop.type = V4L2_BUF_TYPE_VIDEO_CAPTURE; -if ( vidioctl( vid_fd, VIDIOC_G_CROP, crop ) 0 ) +int crop_rc = vidioctl( vid_fd, VIDIOC_G_CROP, crop ); +if ((crop_rc 0 ) (errno != EINVAL)) { Error( Failed to query crop: %s, strerror(errno) ); if ( verbose ) @@ -917,8 +918,14 @@ sprintf( output, error%d\n, errno ); return( false ); } -if ( verbose ) -sprintf( output+strlen(output), Current: %d x %d\n, crop.c.width, crop.c.height ); +if ( verbose ) { +if (crop_rc = 0) { + sprintf( output+strlen(output), Current: %d x %d\n, crop.c.width, crop.c.height ); +} +else { +sprintf( output+strlen(output), Current: Cropping is not supported\n); +} +} struct v4l2_input input; int inputIndex = 0; But I still can't get informations with zmu -d /dev/video0 -q -v -U *** -P (failed to switch or failed to querry) since that's not absolutely needed for zoneminder to function, we'll have to address that later. And I still can't probe for cameras (like Piratebab) in the webgui. i think that's an upstream issue that will need more work, also later. Thanks for your work, and thanks for the working deb! :) thanks for testing. live well, vagrant -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#608790: zoneminder failed to query crop /dev/video0:,Invalid, argument
Processing commands for cont...@bugs.debian.org: tags 608790 patch Bug #608790 [zoneminder] zoneminder failed to query crop /dev/video0: Invalid argument Ignoring request to alter tags of bug #608790 to the same tags previously set tags 608790 pending Bug #608790 [zoneminder] zoneminder failed to query crop /dev/video0: Invalid argument Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 608790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608790 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606379: Bug in fixed in revision 67396
tag 606379 + pending thanks Some bugs are closed in revision 67396 by Niko Tyni (ntyni) Commit message: [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: backport fixes for MIME boundary and multiline header vulnerabilities (Closes: #606379) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Bug in fixed in revision 67396
Processing commands for cont...@bugs.debian.org: tag 606379 + pending Bug #606379 [libcgi-simple-perl] CVE-2010-2761 CVE-2010-4410 Ignoring request to alter tags of bug #606379 to the same tags previously set thanks Stopping processing here. Please contact me if you need assistance. -- 606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#566072: util-linux: fsck goes into maintenance shell on every boot
Processing commands for cont...@bugs.debian.org: reopen 566072 Bug #566072 {Done: LaMont Jones lam...@debian.org} [util-linux] fsck now failing hard for unavailable filesystems 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. thanks Stopping processing here. Please contact me if you need assistance. -- 566072: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566072 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#566072: util-linux: fsck goes into maintenance shell on every boot
reopen 566072 thanks On Fri, 2011-01-14 at 21:13 +0100, Carsten Otto wrote: the patch introduced in #68 causes the postinst script to fail when upgrading from lenny to squeeze while the fstab contains a noauto entry with non-zero pass number. By adding -ex to the postinst script I got: [...] + RET='10 util-linux/noauto-with-nonzero-passnum doesn'\''t exist' + case ${_db_internal_line%%[ ]*} in + return 10 dpkg: error processing util-linux (--install): subprocess installed post-installation script returned error exit status 10 This appears to be due to the fact that the package build only invokes dh_installdebconf in the binary-indep target. As a result the templates file intended to warn you about the contents of your fstab is only added to the package if a full build (i.e. arch:all and architecture-dependent packages) is being performed. The maintainer's i386 upload therefore includes the template, but the buildd-generated packages do not (nor does the amd64 package which the maintainer uploaded together with the i386 packages, so presumably the initial build was performed on i386 and an arch-dep build on amd64). I've verified that adding dh_installdebconf to the binary-arch target as well ensures that the templates are added both for a full and an arch-dep-binary-only build. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606379: marked as done (CVE-2010-2761 CVE-2010-4410)
Your message dated Fri, 14 Jan 2011 20:54:37 + with message-id e1pdqfn-0002cz...@franck.debian.org and subject line Bug#606379: fixed in libcgi-simple-perl 1.111-2 has caused the Debian Bug report #606379, regarding CVE-2010-2761 CVE-2010-4410 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libcgi-pm-perl Version: 3.49-1 Severity: grave Tags: security Three security issues have been reported in libcgi-pm-perl: http://security-tracker.debian.org/tracker/CVE-2010-2761 http://security-tracker.debian.org/tracker/CVE-2010-4410 http://security-tracker.debian.org/tracker/CVE-2010-4411 The first two issues are fixed in 3.50 (already in sid), but the second is still pending a final fix (see the referenced link). Please get in touch with the release team to check, whether migrating 3.50 plus the fix for CVE-2010-4411 or uploading a tpu fix with 3.49 plus the security fixes is the best way to resolve this. Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- Source: libcgi-simple-perl Source-Version: 1.111-2 We believe that the bug you reported is fixed in the latest version of libcgi-simple-perl, which is due to be installed in the Debian FTP archive: libcgi-simple-perl_1.111-2.diff.gz to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2.diff.gz libcgi-simple-perl_1.111-2.dsc to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2.dsc libcgi-simple-perl_1.111-2_all.deb to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 606...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni nt...@debian.org (supplier of updated libcgi-simple-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 14 Jan 2011 21:47:20 +0200 Source: libcgi-simple-perl Binary: libcgi-simple-perl Architecture: source all Version: 1.111-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: Niko Tyni nt...@debian.org Description: libcgi-simple-perl - simple totally OO CGI interface that is CGI.pm compliant Closes: 606379 Changes: libcgi-simple-perl (1.111-2) unstable; urgency=medium . * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: backport fixes for MIME boundary and multiline header vulnerabilities (Closes: #606379) * Add myself to Uploaders. Checksums-Sha1: a4fb3dffb81dfb4fe667a7d2d1f3b9f52bc4c70a 1540 libcgi-simple-perl_1.111-2.dsc 47e1f811fcf08fe41a8530bc99ee2227aa9b505a 4964 libcgi-simple-perl_1.111-2.diff.gz fa37d1984c44fc8e6f7bff523105a62103c0bf87 106284 libcgi-simple-perl_1.111-2_all.deb Checksums-Sha256: 678049eef20c6c0a50206abd8f3733bfdd465dbea137e18bc9698324e074ee4f 1540 libcgi-simple-perl_1.111-2.dsc 29029bd052b00ac9ee740f661cef8d82645c2b47b9670d8a5509d6ad597f7b7f 4964 libcgi-simple-perl_1.111-2.diff.gz f92969f13a5a38fa4e2784a6a5780ed39f5eb062f930277bf304f04695fd3e7c 106284 libcgi-simple-perl_1.111-2_all.deb Files: b4e69b7e828e4d5e026c1ef989db0a13 1540 perl optional libcgi-simple-perl_1.111-2.dsc 0b1ddef6ce27eab0462db9918af16a87 4964 perl optional libcgi-simple-perl_1.111-2.diff.gz 2d9bea827c98d26df16c8846f58ae12e 106284 perl optional libcgi-simple-perl_1.111-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0wqTgACgkQiyizGWoHLTkXoACgzr9nJTNeZkyjVQsvqmTGtQxb LLoAoLYZcKDM5S8/gTvATa/FhIiCBe/C =EkRb -END PGP SIGNATURE- ---End Message---
Processed (with 2 errors): merge with 607988
Processing commands for cont...@bugs.debian.org: reassign 609510 python-defaults 2.6.6-3+squeeze3 Bug #609510 [python2.6] Error on upgrade: OSError: [Errno 2] No such file or directory: '/usr/lib/python2.6/dist-packages/bzrlib/plugins/bzrtools/baz_import.py' Bug reassigned from package 'python2.6' to 'python-defaults'. Bug No longer marked as found in versions python2.6/2.6.6-8. Bug #609510 [python-defaults] Error on upgrade: OSError: [Errno 2] No such file or directory: '/usr/lib/python2.6/dist-packages/bzrlib/plugins/bzrtools/baz_import.py' There is no source info for the package 'python-defaults' at version '2.6.6-3+squeeze3' with architecture '' Unable to make a source version for version '2.6.6-3+squeeze3' Bug Marked as found in versions 2.6.6-3+squeeze3. reassign 60 python-defaults 2.6.6-3+squeeze3 Bug #60 [bzr-gtk] bzr-gtk: breaks partial upgrades at python 2.6 installation step Bug reassigned from package 'bzr-gtk' to 'python-defaults'. Bug No longer marked as found in versions bzr-gtk/0.99.1+bzr699-1. Bug #60 [python-defaults] bzr-gtk: breaks partial upgrades at python 2.6 installation step There is no source info for the package 'python-defaults' at version '2.6.6-3+squeeze3' with architecture '' Unable to make a source version for version '2.6.6-3+squeeze3' Bug Marked as found in versions 2.6.6-3+squeeze3. forcemerge 609510 607988 Bug#609510: Error on upgrade: OSError: [Errno 2] No such file or directory: '/usr/lib/python2.6/dist-packages/bzrlib/plugins/bzrtools/baz_import.py' Bug#607988: python: OSError: [Errno 2] byte-compiling packages on upgrade (dangling symlinks) Mismatch - only Bugs in the same package can be forcibly merged: Bug 607988 is not in the same package as 609510 forcemerge 60 607988 Bug#60: bzr-gtk: breaks partial upgrades at python 2.6 installation step Bug#607988: python: OSError: [Errno 2] byte-compiling packages on upgrade (dangling symlinks) Mismatch - only Bugs in the same package can be forcibly merged: Bug 607988 is not in the same package as 60 thanks Stopping processing here. Please contact me if you need assistance. -- 607988: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607988 609510: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609510 60: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=60 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610015: zabbix-frontend-php: Renaming screens removes all graphs within
Package: zabbix-frontend-php Version: 1.8.2 Severity: grave Tags: squeeze Justification: causes non-serious data loss The current 1.8.2 package to be shipped with Squeeze is suffering from this issue: https://support.zabbix.com/browse/ZBX-2329 Renaming a screen causes all graphs defined in that screen to get broken. Upstream has provided a patch for the issue and I will try to patch the 1.8.2 package. Officially the issue has been fixed with 1.8.3 which the release team rather did not want to distribute. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610016: spip: critical security issue fixed in 2.1.8
Package: spip Version: 2.1.1-2 Severity: grave A security release of SPIP has just been announced: http://www.spip-contrib.net/SPIP-2-1-8-corrige-une-importante-faille-de-securite (french) Not much information is available about the exact issue and the changelog is not helpful either. I have not time at the moment to prepare a fixed package. Any contributor is warmly welcome to NMU the package with no delay. In the mean time, users can download and install a security fix called security screen from there: http://zone.spip.org/trac/spip-zone/browser/_core_/securite/ecran_securite.php?format=txt and documented there: http://www.spip.net/en_article4200.html Romain -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages spip depends on: pn apache2 | httpd none (no description available) ii debconf [debconf-2.0] 1.5.37 Debian configuration management sy ii libjs-jquery 1.4.2-2JavaScript library for dynamic web ii php-html-safe 0.10.0-1 strip down all potentially dangero ii php5 5.3.3-7server-side, HTML-embedded scripti ii php5-mysql5.3.3-7MySQL module for php5 Versions of packages spip recommends: ii imagemagick 8:6.6.0.4-3image manipulation programs ii mysql-server 5.1.49-3 MySQL database server (metapackage ii mysql-server-5.1 [mysql-s 5.1.49-3 MySQL database server binaries and ii netpbm2:10.0-12.2+b1 Graphics conversion tools between spip suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 608981 is grave
Processing commands for cont...@bugs.debian.org: severity 608981 grave Bug #608981 [zhcon] Crash with long GGI_DISPLAY environment variable Severity set to 'grave' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 608981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#601754: How to revert to readline
Since this change will no doubt frustrate serious users of psql such as myself, it should be known that you can revert psql to readline functionality like so: LD_PRELOAD=/usr/lib/libreadline.so.2 psql -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#608968: ..I filed Bug#608959: zutils: ..tries to hijack gzip's /bin/zegrep
Package: zutils Severity: normal ...same problem in zutils_0.9-1_amd64.deb. ...for zutils_0.9-2_amd64.deb, I suggest actually trying to recreate with the relevant conflicting package. -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages zutils depends on: ii libc6 2.11.2-8 Embedded GNU C Library: Shared lib ii libgcc1 1:4.6-20110105-1 GCC support library ii libstdc++6 4.6-20110105-1 The GNU Standard C++ Library v3 Versions of packages zutils recommends: ii bzip2 1.0.5-6high-quality block-sorting file co ii lzip 1.11-3 data compressor based on the LZMA ii xz-utils 5.0.0-2XZ-format compression utilities zutils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
On Fri, 14 Jan 2011 13:40:15 +0200, Niko Tyni wrote: - 3.38-2lenny2 I've flagged the lenny package to be accepted at the next dinstall; While preparing the perl lenny upload I had a look at this. I see Gregor used my proposed patch from 27 Dec [1]; however I later noticed at least the doc addition in CGI.pm is wrong [2]. Oops ... Gregor, I hope you're OK with this? Sure! And sorry for causing extra work ... Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of Free Software Foundation Europe `-NP: Schmetterlinge: Geschichte vom Arbeiter Willi K signature.asc Description: Digital signature
Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
On Fri, 14 Jan 2011 13:08:37 -, Adam D. Barratt wrote: So I'd like permission to upload libcgi-pm-perl 3.38-2lenny3 as seen in the attachments - the first one is the debdiff against 3.38-2lenny2 in proposed-updates, the second one is against 3.38-2lenny1 in stable. Yes, that would be okay; thanks. I've uploaded 3.38-2lenny3 with this debdiff now. Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of Free Software Foundation Europe `-NP: Jimi Hendrix: Hear My Train A Comin' signature.asc Description: Digital signature
Bug#608793: Upgrade deletes symlinks /usr/share/zoneminder/events and ../images, replacing with hard dirs.
On Fri, Jan 07, 2011 at 09:49:49AM +1100, Peter Howard wrote: On Tue, 2011-01-04 at 14:44 -0800, Vagrant Cascadian wrote: zoneminder could detect non-default/unknown symlink locations in the preinst script, and fail to upgrade in those cases; not pretty, but maybe better than loosing the database data. In the short term, I don't think there's a neater solution than that. I think we should go with the bail out update with warning approach. here's a preinst which i think should accomplish this safely: #!/bin/sh set -e abort=false if [ -L /usr/share/zoneminder/events ]; then l=$(readlink /usr/share/zoneminder/events) if [ $l != /var/cache/zoneminder/events ]; then abort=true fi fi if [ -L /usr/share/zoneminder/images ]; then l=$(readlink /usr/share/zoneminder/images ) if [ $l != /var/cache/zoneminder/images ]; then abort=true fi fi if [ $abort = true ]; then cat 2 EOF Aborting installation of zoneminder due to non-default symlinks in /usr/share/zoneminder for the images and/or events directory, which could result in loss of data. Please move your data in each of these directories to /var/cache/zoneminder before installing zoneminder from the package. EOF exit 1 fi #DEBHELPER# exit 0 though the warning could use some improvement. looking at the fast approaching squeeze release, and the possibility of data-loss for people switching from manual/source installs to the package, i think it might be worth including this now. long-term, something more sophisticated and intelligent will definitely be needed. live well, vagrant -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Crash with long GGI_DISPLAY environment variable
Processing commands for cont...@bugs.debian.org: reassign 608981 libggi2 Bug #608981 [zhcon] Crash with long GGI_DISPLAY environment variable Bug reassigned from package 'zhcon' to 'libggi2'. Bug No longer marked as found in versions zhcon/1:0.2.6-5.2. thanks Stopping processing here. Please contact me if you need assistance. -- 608981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610025: latest version ppp-2.4.5 crashes at connection
# If there is a bug here, it's certainly not in *all* versions found 610025 2.4.5-4 severity 610025 important thanks On Fri, 2011-01-14 at 23:36 +0100, Hans-J. Ullrich wrote: Package: ppp Severity: grave Tags: squeeze sid Justification: renders package unusable [...] I have a problem with ppp and cannot find out, if it is a real bug or a misconfiguration. Please let me describe. I want to connect a 3g-connection with a inbuild modem (Huawei 160). This connectioin is just using ppp like any other modems. Everything was running fine after my last upgrade. I am running Debian/testing and I graded up from version ppp-2.4.4rel-10.1 (which is running fine!) to version ppp-2.4.5-4 (which is NOT working). ppp 2.4.5 has been in the archive since July last year, and 2.4.5-4 since August and there haven't been any previous reports of fundamental issues, so the package is apparently not completely broken for most people, which it would have to be to justify the severity you used. I'm downgrading the bug to important and will let the maintainer decide what to do from there. umtsmon version 0.9 . This software appears not to be in Debian, and hasn't been updated in nearly two years; maybe it's just not compatible with the new version of ppp? Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#610025: latest version ppp-2.4.5 crashes at connection
Processing commands for cont...@bugs.debian.org: # If there is a bug here, it's certainly not in *all* versions found 610025 2.4.5-4 Bug #610025 [ppp] latest version ppp-2.4.5 crashes at connection Bug Marked as found in versions ppp/2.4.5-4. severity 610025 important Bug #610025 [ppp] latest version ppp-2.4.5 crashes at connection Severity set to 'important' from 'grave' thanks Stopping processing here. Please contact me if you need assistance. -- 610025: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610025 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610030: gnome-shell doesn't start (missing depedency?)
Package: gnome-shell Version: 2.91.5-1 Severity: grave Tags: experimental Justification: renders package unusable Hello. Today I've upgraded gnome-shell from 2.91.3-2 to 2.91.5-1. And as the 2.91.3-2 version (kinda) worked the 2.91.5-1 version doesn't. ike@macbook:~$ gnome-shell -r mutter: error while loading shared libraries: libgtk-x11-3.0.so.0: cannot open shared object file: No such file or directory My little investigation shows that according to this: http://packages.debian.org/search?searchon=contentskeywords=libgtk-x11-3.0.so.0mode=filenamesuite=experimentalarch=any library is in libgtk3.0-0 package and I have this package installed: macbook:~# apt-cache policy libgtk3.0-0 libgtk3.0-0: Installed: 2.99.2-1 Candidate: 2.99.2-1 however file list for amd64 doesn't show this file: http://packages.debian.org/experimental/amd64/libgtk3.0-0/filelist How can I help to make gnome-shell usable again? Kind regards, -- System Information: Debian Release: 6.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-shell depends on: ii gconf2 2.32.1-2 GNOME configuration database syste ii gir1.2-atk-1.0 1.32.0-2 The ATK accessibility toolkit (GOb ii gir1.2-clutter-1.0 1.5.10-1 GObject introspection data for the ii gir1.2-freedesktop 0.9.12-5 Introspection data for some FreeDe ii gir1.2-gconf-2.0 2.32.1-2 GNOME configuration database syste ii gir1.2-gdkpixbuf-2.0 2.22.1-4 GDK Pixbuf library - GObject-Intro ii gir1.2-glib-2.00.9.12-5 Introspection data for GLib, GObje ii gir1.2-gtk-3.0 2.91.6-1 The GTK+ graphical user interface ii gir1.2-json-glib-1.0 0.12.0-2 GLib JSON manipulation library (do ii gir1.2-mutter-2.91 2.91.3-3 GObject introspection data for Mut ii gir1.2-pango-1.0 1.28.3-3 Layout and rendering of internatio ii gjs0.7.6-2 Mozilla-based javascript bindings ii gnome-settings-daemon 2.91.5.1-2+b1 daemon handling the GNOME session ii libatk1.0-01.32.0-2 The ATK accessibility toolkit ii libc6 2.11.2-8 Embedded GNU C Library: Shared lib ii libcairo-gobject2 1.10.0-1 The Cairo 2D vector graphics libra ii libcairo2 1.10.0-1 The Cairo 2D vector graphics libra ii libcanberra0 0.24-1a simple abstract interface for pl ii libclutter-1.0-0 1.5.12-1 Open GL based interactive canvas l ii libcroco3 0.6.2-1 a generic Cascading Style Sheet (C ii libdbus-1-31.2.24-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst ii libdconf0 0.5.1-1 Simple key-based configuration sys ii libdrm22.4.21-1~squeeze3 Userspace interface to kernel DRM ii libffi53.0.9-3 Foreign Function Interface library ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib ii libgconf2-42.32.1-2 GNOME configuration database syste ii libgdk-pixbuf2.0-0 2.22.0-1 GDK Pixbuf library ii libgirepository-1.0-1 0.9.12-2 Library for handling GObject intro ii libgjs0b 0.7.6-2 Mozilla-based javascript bindings ii libgl1-mesa-glx [libgl 7.7.1-4 A free implementation of the OpenG ii libglib2.0-0 2.27.91-1 The GLib library of C routines ii libgnome-desktop-3-0 2.91.6-1 Utility library for loading .deskt ii libgnome-menu2 2.30.3-1 an implementation of the freedeskt ii libgstreamer0.10-0 0.10.31-2 Core GStreamer libraries and eleme ii libgtk3.0-02.99.2-1 The GTK+ graphical user interface ii libjson-glib-1.0-0 0.10.2-2 GLib JSON manipulation library ii libmozjs2d 1.9.1.16-4The Mozilla SpiderMonkey JavaScrip ii libnspr4-0d4.8.6-1 NetScape Portable Runtime Library ii libpango1.0-0 1.28.3-3 Layout and rendering of internatio ii libpulse-mainloop-glib 0.9.22-1 PulseAudio client libraries (glib ii libpulse0 0.9.22-1 PulseAudio client libraries ii libstartup-notificatio 0.10-1library for program launch feedbac ii libx11-6 2:1.3.3-4 X11 client-side library ii libxcomposite1 1:0.4.3-1 X11 Composite extension library ii libxdamage11:1.1.3-1 X11 damaged region extension libra ii
Bug#610032: CVE-2010-4341
Package: sssd Severity: grave Tags: security Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4341 for description and patch. Cheers, Moritz -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 520584
Processing commands for cont...@bugs.debian.org: # cannot be reproduced with python-logilab-common from lenny tags 520584 + squeeze sid Bug #520584 {Done: Sandro Tosi mo...@debian.org} [python-logilab-astng] python-logilab-astng: Missing __init__.py for namespace logilab Added tag(s) sid and squeeze. thanks Stopping processing here. Please contact me if you need assistance. -- 520584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 591503
Processing commands for cont...@bugs.debian.org: # cannot be reproduced with python-pysnmp2 from lenny tags 591503 + sid squeeze Bug #591503 {Done: Jakub Wilk jw...@debian.org} [python-pysnmp4] python-pysnmp{2,4}: broken when installed together Added tag(s) squeeze and sid. thanks Stopping processing here. Please contact me if you need assistance. -- 591503: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591503 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610034: CVE-2011-0002: libuser creates LDAP users with a default password
Package: libuser Severity: grave Tags: security Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0002 for a description and patch. I'm not really sure if Debian is affected? Cheers, Moritz -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 546068, fixed 546068 in 3.6.2-1
Processing commands for cont...@bugs.debian.org: # paraview is installable in lenny tags 546068 + sid squeeze Bug #546068 {Done: Christophe Prud'homme prudh...@debian.org} [paraview] paraview: Package not installable -- unmet dependencies Added tag(s) squeeze and sid. # changelog for 3.4.0-5 has been lost somewhere, but following versions were OK too fixed 546068 3.6.2-1 Bug #546068 {Done: Christophe Prud'homme prudh...@debian.org} [paraview] paraview: Package not installable -- unmet dependencies Bug Marked as fixed in versions paraview/3.6.2-1. thanks Stopping processing here. Please contact me if you need assistance. -- 546068: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
On Fri, 2011-01-14 at 23:29 +0100, gregor herrmann wrote: On Fri, 14 Jan 2011 13:08:37 -, Adam D. Barratt wrote: So I'd like permission to upload libcgi-pm-perl 3.38-2lenny3 as seen in the attachments - the first one is the debdiff against 3.38-2lenny2 in proposed-updates, the second one is against 3.38-2lenny1 in stable. Yes, that would be okay; thanks. I've uploaded 3.38-2lenny3 with this debdiff now. Accepted, pending dinstall; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610040: ounit: FTBFS: sh: camlp4: not found
Source: ounit Version: 1.1.0-1 Severity: serious Justification: FTBFS Hi, your package FTBFS: | ocamlfind ocamlc -c -g -ppopt -DBACKTRACE -package unix -I src -o src/oUnit.cmi src/oUnit.mli | ocamlfind ocamldep -package unix -package camlp4.macro -syntax camlp4o -modules src/oUnit.ml src/oUnit.ml.depends | + ocamlfind ocamldep -package unix -package camlp4.macro -syntax camlp4o -modules src/oUnit.ml src/oUnit.ml.depends | sh: camlp4: not found | Preprocessing error on file src/oUnit.ml | Command exited with code 2. Full build logs: https://buildd.debian.org/status/package.php?p=ounitsuite=experimental KiBi. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606379: marked as done (CVE-2010-2761 CVE-2010-4410)
Your message dated Sat, 15 Jan 2011 01:54:35 + with message-id e1pdvlf-0004tr...@franck.debian.org and subject line Bug#606379: fixed in libcgi-simple-perl 1.105-1lenny1 has caused the Debian Bug report #606379, regarding CVE-2010-2761 CVE-2010-4410 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libcgi-pm-perl Version: 3.49-1 Severity: grave Tags: security Three security issues have been reported in libcgi-pm-perl: http://security-tracker.debian.org/tracker/CVE-2010-2761 http://security-tracker.debian.org/tracker/CVE-2010-4410 http://security-tracker.debian.org/tracker/CVE-2010-4411 The first two issues are fixed in 3.50 (already in sid), but the second is still pending a final fix (see the referenced link). Please get in touch with the release team to check, whether migrating 3.50 plus the fix for CVE-2010-4411 or uploading a tpu fix with 3.49 plus the security fixes is the best way to resolve this. Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- Source: libcgi-simple-perl Source-Version: 1.105-1lenny1 We believe that the bug you reported is fixed in the latest version of libcgi-simple-perl, which is due to be installed in the Debian FTP archive: libcgi-simple-perl_1.105-1lenny1.diff.gz to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1.diff.gz libcgi-simple-perl_1.105-1lenny1.dsc to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1.dsc libcgi-simple-perl_1.105-1lenny1_all.deb to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 606...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni nt...@debian.org (supplier of updated libcgi-simple-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 14 Jan 2011 22:29:56 +0200 Source: libcgi-simple-perl Binary: libcgi-simple-perl Architecture: source all Version: 1.105-1lenny1 Distribution: stable Urgency: low Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: Niko Tyni nt...@debian.org Description: libcgi-simple-perl - A Simple totally OO CGI interface that is CGI.pm compliant Closes: 606379 Changes: libcgi-simple-perl (1.105-1lenny1) stable; urgency=low . * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: backport fixes for MIME boundary and multiline header vulnerabilities (Closes: #606379) Checksums-Sha1: 5c2fb1fb5c694768915a6b2a265565e7afa0a357 2102 libcgi-simple-perl_1.105-1lenny1.dsc 7656de28ff184aba82905ea8d20e7e1d4c32fe4b 4405 libcgi-simple-perl_1.105-1lenny1.diff.gz e7174b8c847d5c3033e913a56892d523b3902396 106606 libcgi-simple-perl_1.105-1lenny1_all.deb Checksums-Sha256: 9b98c1c101b393b82e842b347e4e1acdd9ad551663ee4582b4aefa360854b403 2102 libcgi-simple-perl_1.105-1lenny1.dsc 7b98f65e299a50914131d53f1272c321065e618c9335dac1b4ebb21176afa7f4 4405 libcgi-simple-perl_1.105-1lenny1.diff.gz 7302c4e9029b0b6c334c30d014bf888498a74df856fd38731d5471ec88b39c5a 106606 libcgi-simple-perl_1.105-1lenny1_all.deb Files: c635b3a147e7dcbab40234ba74366029 2102 perl optional libcgi-simple-perl_1.105-1lenny1.dsc 1bb3d652c935c944597cb715330f0597 4405 perl optional libcgi-simple-perl_1.105-1lenny1.diff.gz a9aff93424adaa9b000facb41b8cb022 106606 perl optional libcgi-simple-perl_1.105-1lenny1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJNMNKOAAoJELs6aAGGSaoGP0MP/1rRf9KqaX8s5CeOjy/SZf1s MEhAVLseilNeIa0ZtqblOfM9Hnl6Fxuu3krNNtFDt+zJAYu3vHW4f0//rrd3GA+G 0Qw7P67OQ746lqHD7FeqOdtqkh9j/N0aSVgd2jKNa39NRgGase9wETJAbgBDMUwB 2imZSMBEMV6MHQQH6CefX9crfhq1BJEtmknUcmz+2eZeIyiNsRzi7bfOv8My6vpF 48O0mZ8An7Hwn1x2vAVGuX93w/LQbyD5dceW8VF4IhyjusPJF1F+cPKFeeAZPTYe
Bug#607248: marked as done (gitweb: XSS vulnerability (CVE 2010-3906))
Your message dated Sat, 15 Jan 2011 01:54:20 + with message-id e1pdvlq-0004qf...@franck.debian.org and subject line Bug#607248: fixed in git-core 1:1.5.6.5-3+lenny3.3 has caused the Debian Bug report #607248, regarding gitweb: XSS vulnerability (CVE 2010-3906) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 607248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607248 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gitweb Version: 1:1.5.0~rc3-1 Severity: serious Tags: security patch upstream fixed-upstream Hi, As the release notes for git 1.7.2.5 explain: * gitweb can sometimes be tricked into parrotting a filename argument given in a request without properly quoting. Fixed by v1.6.4.5~1 (gitweb: Introduce esc_attr to escape attributes of HTML elements, 2010-12-15). Backport to 1.5.6.5 follows. -- 8 -- From: Jakub Narebski jna...@gmail.com Date: Wed, 15 Dec 2010 00:34:01 +0100 Subject: gitweb: Introduce esc_attr to escape attributes of HTML elements It is needed only to escape attributes of handcrafted HTML elements, and not those generated using CGI.pm subroutines / methods for HTML generation. While at it, add esc_url and esc_html where needed, and prefer to use CGI.pm HTML generating methods than handcrafted HTML code. Most of those are probably unnecessary (could be exploited only by person with write access to gitweb config, or at least access to the repository). This fixes CVE-2010-3906 Reported-by: Emanuele Gentili e.gent...@tigersecurity.it Helped-by: John 'Warthog9' Hawley warth...@kernel.org Helped-by: Jonathan Nieder jrnie...@gmail.com Signed-off-by: Jakub Narebski jna...@gmail.com Signed-off-by: Junio C Hamano gits...@pobox.com (cherry picked from commit 3017ed62f47ce14a959e2d315c434d4980cf4243) Signed-off-by: Jonathan Nieder jrnie...@gmail.com --- gitweb/gitweb.perl | 35 +-- 1 files changed, 21 insertions(+), 14 deletions(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index f88ce35..6dc9a6a 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -730,6 +730,13 @@ sub esc_url { return $str; } +# quote unsafe characters in HTML attributes +sub esc_attr { + + # for XHTML conformance escaping '' to 'quot;' is not enough + return esc_html(@_); +} + # replace invalid utf8 character with SUBSTITUTION sequence sub esc_html ($;%) { my $str = shift; @@ -1106,7 +1113,7 @@ sub format_ref_marker { $name = $ref; } - $markers .= span class=\$type\ title=\$ref\ . + $markers .= span class=\.esc_attr($type).\ title=\.esc_attr($ref).\ . esc_html($name) . /span; } } @@ -2517,11 +2524,11 @@ EOF # print out each stylesheet that exist if (defined $stylesheet) { #provides backwards capability for those people who define style sheet in a config file - print 'link rel=stylesheet type=text/css href='.$stylesheet.'/'.\n; + print 'link rel=stylesheet type=text/css href='.esc_url($stylesheet).'/'.\n; } else { foreach my $stylesheet (@stylesheets) { next unless $stylesheet; - print 'link rel=stylesheet type=text/css href='.$stylesheet.'/'.\n; + print 'link rel=stylesheet type=text/css href='.esc_url($stylesheet).'/'.\n; } } if (defined $project) { @@ -2534,7 +2541,7 @@ EOF my $type = lc($format); my %link_attr = ( '-rel' = 'alternate', - '-title' = $project - $href_params{'-title'} - $format feed, + '-title' = esc_attr($project - $href_params{'-title'} - $format feed), '-type' = application/$type+xml ); @@ -2561,13 +2568,13 @@ EOF } else { printf('link rel=alternate title=%s projects list '. 'href=%s type=text/plain; charset=utf-8 /'.\n, - $site_name, href(project=undef, action=project_index)); + esc_attr($site_name), href(project=undef, action=project_index)); printf('link rel=alternate title=%s projects feeds '. 'href=%s type=text/x-opml /'.\n, - $site_name, href(project=undef, action=opml)); +
Processed: Re: Bug#609886: libapache2-mod-jk: After upgrade from 1.2.26 to 1.2.30 mod_jk no longer connects to tomcats
Processing commands for cont...@bugs.debian.org: tags 609886 + moreinfo Bug #609886 [libapache2-mod-jk] libapache2-mod-jk: After upgrade from 1.2.26 to 1.2.30 mod_jk no longer connects to tomcats Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 609886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#609886: libapache2-mod-jk: After upgrade from 1.2.26 to 1.2.30 mod_jk no longer connects to tomcats
tags 609886 + moreinfo thanks On Thu, Jan 13, 2011 at 03:49:12PM +0100, eyck wrote: Package: libapache2-mod-jk Version: 1.2.30 Severity: grave Justification: renders package unusable From mod_jk.log: [Thu Jan 13 15:05:34 2011] [441:140327941527312] [error] jk_open_socket::jk_connect.c (444): socket() failed (errno=22) [Thu Jan 13 15:05:34 2011] [441:140327941527312] [info] ajp_connect_to_endpoint::jk_ajp_common.c (959): Failed opening socket to (172.17.231.57:8009) (errno=22) [Thu Jan 13 15:05:34 2011] [441:140327941527312] [error] ajp_send_request::jk_ajp_common.c (1585): (ajp13) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=22) [Thu Jan 13 15:05:34 2011] [441:140327941527312] [info] ajp_service::jk_ajp_common.c (2540): (ajp13) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [Thu Jan 13 15:05:34 2011] [441:140327941527312] [error] ajp_service::jk_ajp_common.c (2559): (ajp13) connecting to tomcat failed. although logs suggest that port 8009 is unreachable, one can connect to it using telnet, or by replacing libapache2_mod_jk with version 1.2.26 I tried to reproduce this error and I couldn't. In a clean lenny chroot I installed apache2, tomcat5.5, tomcat5.5-webapps, and libapache2-mod-jk. After that I setup a trivial test website. I upgraded libapache2-mod-jk to 1.2.30-1 and the website keeps working. There were not errors at mod_jk.log. In another clean lenny chroot configured in the same way and after doing a dist-upgrade to squeeze (and also upgrading libapache2-mod-jk to 1.2.30-1), the website keeps working. There were not errors at mod_jk.log. Note: my workstation is an amd64. Cheers, -- Miguel Landaeta, miguel at miguel.cc secure email with PGP 0x7D8967E9 available at http://keyserver.pgp.com/ Faith means not wanting to know what is true. -- Nietzsche -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org