Processed: Re: Bug#868483: cross-config: cross-config files missing for multiple architectures
Processing control commands: > severity -1 serious Bug #868483 [src:dpkg-cross] cross-config: cross-config files missing for multiple architectures Severity set to 'serious' from 'important' -- 868483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#926182: Patch: Use alternatives system for guile-2.2-dev binaries
Rob Browning writes: > I'm not certain, but I'm planning to work on guile over the next week. > If so, I should be able to take a look. Just as an update, I obviously didn't get to it earlier this week, but I'm looking in to it now. After I poke around a bit, I suspect the next step will be to contact the release managers to see what they think about any proposed changes because of course if they're not in favor, then the changes may have to wait. I expect I'll be able to report back in a couple of days. Thanks -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
Bug#929229: marked as done (systemd, udev -- keyboard freezes after exiting X in version 241-4)
Your message dated Fri, 24 May 2019 22:52:08 + with message-id and subject line Bug#929229: fixed in systemd 241-5 has caused the Debian Bug report #929229, regarding systemd, udev -- keyboard freezes after exiting X in version 241-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929229 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: systemd, udev Version: 241-4 Kernel: seen in 5.1.3 and 4.19.44 dpkg -l | egrep "^ii" | egrep "241-4" ii libnss-systemd:amd64 241-4 amd64nss module providing dynamic user and group name resolution ii libpam-systemd:amd64 241-4 amd64system and service manager - PAM module ii libsystemd0:amd64 241-4 amd64systemd utility library ii libudev1:amd64241-4 amd64libudev shared library ii systemd 241-4 amd64system and service manager ii systemd-sysv 241-4 amd64system and service manager - SysV links ii udev 241-4 amd64/dev/ and hotplug management daemon I am unsure whether the problem is with systemd or udev, but while operational with versions 241-3, upon upgrading to 241-4, the keyboard stops working after exiting X. I am using startx and fvwm. -- sRw --- End Message --- --- Begin Message --- Source: systemd Source-Version: 241-5 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 May 2019 22:58:59 +0200 Source: systemd Architecture: source Version: 241-5 Distribution: unstable Urgency: medium Maintainer: Debian systemd Maintainers Changed-By: Michael Biebl Closes: 929229 Changes: systemd (241-5) unstable; urgency=medium . * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This change left the keyboard in an unusable state when exiting an X session. (Closes: #929229) Checksums-Sha1: 679c83977f122876aaa183d27cc4366cb56fa178 4914 systemd_241-5.dsc 80c4d448ad152066d28779b13510ec8037864431 155360 systemd_241-5.debian.tar.xz c8e415743dde6a06c10eaedc972c7ed293629b08 9043 systemd_241-5_source.buildinfo Checksums-Sha256: 68824a8e006a1aee628139ea4b34552e841be7f387efb3de6fbf52c408f5a42e 4914 systemd_241-5.dsc 36774d3bd53ab41c5b24ce6c42036d11df6513948e8953d3e88e68301f6bd342 155360 systemd_241-5.debian.tar.xz f9111c96a7775f490c1cebe19695633abfbb5d206be85b2760a9dd7b26ae3a13 9043 systemd_241-5_source.buildinfo Files: a563e6a26f3cd3f6f99f41974995ba2a 4914 admin optional systemd_241-5.dsc 700b74177aa96b17748a97d6400e8ba3 155360 admin optional systemd_241-5.debian.tar.xz 166efcf48ba33afd35edbce0cacf0daf 9043 admin optional systemd_241-5_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlzoW2cACgkQauHfDWCP Itx4OxAAlPs59oZwwuafvjBGEFEbv/qiscpPq6c5eV7aQD5LS8cW+sYVdEgfNHoJ mUDO1D0Kn3m5Bp1tDkx4yyW2/k6gL4LkMy0I9fnD26QbUycYNDmnbZvk7iwUTcEx yIDwcL6iC+aeV+UqZoI9XCJEoN4Lp1xIEQLxizVXwDaWRbKYeulpiF7DtAMcSuLM VKi/b8L2jdE9Ep10590Vqkpeu3eeWRhgB0S74aXuURwawfUlbVeqJtTRhNMiYcAc 2yIn8BLLHbBKXHFt+fkLlfSoufG0F+JsigTP84P5fEtUrnhzRaU4VxpsT+EpZPLM 9EdnnfuJFVHgNeO9shOeph6ocgUU0YzK9yixvbdPkolq/LyENfdYYVqzClTSpvQx TcOZUR1cO97KQGNlEhOEmtG3Xf9EkNK/7Brb/iJr54F6+Syh3ybNfhC+YATbAtRB JHKH4ywB6r7/y5o9QeEnI11gdPF78y9UhFVldnijFMqVYJRfVcsYzZlApmM/ggll t2uFjvsdoiO9JzfR38pWHAUp0NF9h4xveVd1tFllVg5DLXJ0KmfBmzTItM9l2hqv BN57wPV74C1hN6cTv2XG44tK2oUkunffoWOO6yoKryhiMUeSsaFbJYnGJbxNIyAH lR3HZ9P7kOUi6N/x1feTK1yeFRvXZGlL9j3W6p0sgZd68WTixsU= =Z/55 -END PGP SIGNATURE End Message ---
Bug#929229: marked as pending in systemd
Control: tag -1 pending Hello, Bug #929229 in systemd reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/systemd-team/systemd/commit/cc6c6e04a891f007e50a466ac3f80fb9984c839d Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This change left the keyboard in an unusable state when exiting an X session. This reverts commit 5a564c6ef3906c0f3885a3a2aafce772393f760a. Closes: #929229 (this message was generated automatically) -- Greetings https://bugs.debian.org/929229
Processed: Bug#929229 marked as pending in systemd
Processing control commands: > tag -1 pending Bug #929229 [systemd] systemd, udev -- keyboard freezes after exiting X in version 241-4 Bug #929250 [systemd] systemd: Unusable TTY after terminating X11 Added tag(s) pending. Added tag(s) pending. -- 929229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929229 929250: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929250 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929483: marked as done (robocode: Class not found program wont start)
Your message dated Fri, 24 May 2019 18:49:04 + with message-id and subject line Bug#929483: fixed in robocode 1.9.3.3-3 has caused the Debian Bug report #929483, regarding robocode: Class not found program wont start to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: robocode Version: 1.9.3.3-2 Severity: important Dear Maintainer, * What led up to the situation? The start of the program. * What exactly did you do (or not do) that was effective (or ineffective)? I try to start robocode from the command line. * What was the outcome of this action? java.lang.ClassNotFoundException: net.sf.robocode.core.RobocodeMainBase at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) at net.sf.robocode.security.HiddenAccess.init(HiddenAccess.java:86) at net.sf.robocode.security.HiddenAccess.robocodeMain(HiddenAccess.java:279) at robocode.Robocode.main(Robocode.java:27) Can't find robocode.core-1.x.jar module near to robocode.jar Class path: /usr/share/java/robocode.jar * What outcome did you expect instead? The program start -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages robocode depends on: ii default-jre [java7-runtime] 2:1.11-71 ii libcodesize-java1.2-1 ii libpicocontainer-java 2.15+repack-1 ii openjdk-11-jre [java7-runtime] 11.0.3+1-1 ii openjdk-8-jre [java7-runtime] 8u212-b01-1~deb9u1 Versions of packages robocode recommends: ii default-jdk 2:1.11-71 ii default-jdk-doc 2:1.11-71 Versions of packages robocode suggests: pn eclipse ii netbeans 10.0-3 -- no debconf information --- End Message --- --- Begin Message --- Source: robocode Source-Version: 1.9.3.3-3 We believe that the bug you reported is fixed in the latest version of robocode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany (supplier of updated robocode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 24 May 2019 20:12:30 +0200 Source: robocode Architecture: source Version: 1.9.3.3-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Closes: 929483 Changes: robocode (1.9.3.3-3) unstable; urgency=medium . * Use javahelper and add missing library classes to the classpath to fix startup error with Java 11. Thanks to Bardot Jerome for the report. (Closes: #929483) Checksums-Sha1: abc400118e654660f3463b3447d95ca5444f0bc3 2346 robocode_1.9.3.3-3.dsc 706c60eda16e83a83419059c3a99a131738a1723 14820 robocode_1.9.3.3-3.debian.tar.xz 80161ea1bbfc3617b5eb500e16df138ad033d49d 16267 robocode_1.9.3.3-3_amd64.buildinfo Checksums-Sha256: 01b163095b6ea5591a6d229bea891a0ac47f9d63e7d75f32a31db6652ea05ff9 2346 robocode_1.9.3.3-3.dsc 6fabfd0e0b17fb375952b38a8b2e4eb67796f9ca934d39544adfbcb11bf3838f 14820 robocode_1.9.3.3-3.debian.tar.xz f290e29ca2920d2cf6612e0b9919d7fcd13807e744dac8abedf89b3f833c0141 16267 robocode_1.9.3.3-3_amd64.buildinfo Files: f1bad5812656d765e63a7d015b1503bc 2346 games optional robocode_1.9.3.3-3.dsc 94dd470d4b4abddeaff67fadae52103b 14820 games optional robocode_1.9.3.3-3.debian.tar.xz 3a5f0e8078c8cee7b485a86a430c3b6d 16267 games optional robocode_1.9.3.3-3_amd64.buildinfo -BEGIN PGP SIGNATURE-
Bug#929483: marked as pending in robocode
Control: tag -1 pending Hello, Bug #929483 in robocode reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/java-team/robocode/commit/f8279e0af99e864e957613f7ef278d744cfc6cd8 Use javahelper and missing library classes to the classpath to fix startup error with Java 11. Thanks: Bardot Jerome for the report. Closes: #929483 (this message was generated automatically) -- Greetings https://bugs.debian.org/929483
Processed: Bug#929483 marked as pending in robocode
Processing control commands: > tag -1 pending Bug #929483 [robocode] robocode: Class not found program wont start Added tag(s) pending. -- 929483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 927667 in 3.30.2-3
Processing commands for cont...@bugs.debian.org: > found 927667 3.30.2-3 Bug #927667 [gdm3] gnome: please confirm or revert choice of Wayland for default desktop Marked as found in versions gdm3/3.30.2-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 927667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927667 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929459: marked as done (sl: apt install sl - install only manpages not the binary. #Have tried in virtual with fresh install, same results.)
Your message dated Fri, 24 May 2019 19:48:37 +0200 with message-id <1e0911e7-5254-fa62-7ef4-638167f2b...@debian.org> and subject line Re: Bug#929459: sl works for me has caused the Debian Bug report #929459, regarding sl: apt install sl - install only manpages not the binary. #Have tried in virtual with fresh install, same results. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929459 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sl Version: 3.03-17+b2 Severity: grave Justification: renders package unusable -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sl depends on: ii libc62.24-11+deb9u4 ii libncurses5 6.0+20161126-1+deb9u2 ii libtinfo56.0+20161126-1+deb9u2 sl recommends no packages. sl suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- On Fri, 24 May 2019 14:06:51 +0300 Hendrikus van Woerden wrote: > Hello. > > Mark as solved. > > Root user dosen't load paths /usr/local/games:/usr/games. > > Works with other than user id 0. OK. Andreas--- End Message ---
Processed: affects 928226
Processing commands for cont...@bugs.debian.org: > affects 928226 + icedove-dev icedove-l10n-bn-bd icedove-l10n-pa-in > icedove-l10n-ta-lk iceowl-l10n-bn-bd iceowl-l10n-pa-in iceowl-l10n-ta-lk > iceweasel-dev Bug #928226 {Done: Andreas Beckmann } [firefox-esr-dev,thunderbird-dev,lightning-l10n-bn-bd,lightning-l10n-pa-in,lightning-l10n-ta-lk,thunderbird-l10n-bn-bd,thunderbird-l10n-pa-in,thunderbird-l10n-ta-lk,linux-headers-4.9.0-8-amd64,linux-headers-4.9.0-8-rt-amd64,iceweasel-l10n-ak,iceweasel-l10n-csb,iceweasel-l10n-ku,iceweasel-l10n-lg,iceweasel-l10n-nso,iceweasel-l10n-ta-lk,iceweasel-l10n-zu,iceweasel-l10n-be] uninstallable cruft package Warning: Unknown package 'linux-headers-4.9.0-8-amd64' Warning: Unknown package 'linux-headers-4.9.0-8-rt-amd64' Warning: Unknown package 'iceweasel-l10n-ak' Warning: Unknown package 'iceweasel-l10n-csb' Warning: Unknown package 'iceweasel-l10n-ku' Warning: Unknown package 'iceweasel-l10n-lg' Warning: Unknown package 'iceweasel-l10n-nso' Warning: Unknown package 'iceweasel-l10n-ta-lk' Warning: Unknown package 'iceweasel-l10n-zu' Added indication that 928226 affects icedove-dev, icedove-l10n-bn-bd, icedove-l10n-pa-in, icedove-l10n-ta-lk, iceowl-l10n-bn-bd, iceowl-l10n-pa-in, iceowl-l10n-ta-lk, and iceweasel-dev Warning: Unknown package 'linux-headers-4.9.0-8-amd64' Warning: Unknown package 'linux-headers-4.9.0-8-rt-amd64' Warning: Unknown package 'iceweasel-l10n-ak' Warning: Unknown package 'iceweasel-l10n-csb' Warning: Unknown package 'iceweasel-l10n-ku' Warning: Unknown package 'iceweasel-l10n-lg' Warning: Unknown package 'iceweasel-l10n-nso' Warning: Unknown package 'iceweasel-l10n-ta-lk' Warning: Unknown package 'iceweasel-l10n-zu' > thanks Stopping processing here. Please contact me if you need assistance. -- 928226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928226 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929483: robocode: Class not found program wont start
Le 24/05/2019 à 17:00, Markus Koschany a écrit : > Control: severity -1 grave > > On Fri, 24 May 2019 13:45:04 +0200 Bardot Jerome > wrote: > [...] >> Can't find robocode.core-1.x.jar module near to robocode.jar >> Class path: /usr/share/java/robocode.jar > Thanks for reporting. This is another Java 11 issue. It seems we have to > explicitly add some jar files to the classpath now. This is also known > upstream as > > https://sourceforge.net/p/robocode/bugs/407/ > > I will prepare an update for Buster soon. > > Regards, > > Markus > Nice thx a lot for your efforts 0x053A41EF03878A98.asc Description: application/pgp-keys
Processed: Re: robocode: Class not found program wont start
Processing control commands: > severity -1 grave Bug #929483 [robocode] robocode: Class not found program wont start Severity set to 'grave' from 'important' -- 929483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929483 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 929466 is important
Processing commands for cont...@bugs.debian.org: > severity 929466 important Bug #929466 [src:freeradius] freeradius: CVE-2019-10143: privilege escalation due to insecure logration Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 929466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929466: freeradius: CVE-2019-10143: privilege escalation due to insecure logration
Maybe attached patch fixes the issue. Regards, diff -Nru freeradius-3.0.17+dfsg/debian/changelog freeradius-3.0.17+dfsg/debian/changelog --- freeradius-3.0.17+dfsg/debian/changelog 2019-04-23 06:23:36.0 +0900 +++ freeradius-3.0.17+dfsg/debian/changelog 2019-05-24 22:15:19.0 +0900 @@ -1,3 +1,11 @@ +freeradius (3.0.17+dfsg-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-Pick upstream commits to fix CVE-2019-10143 (Mitigate +privilege escalation due to insecure lotation settings) (Closes: #929466) + + -- Kentaro Hayashi Fri, 24 May 2019 13:15:19 + + freeradius (3.0.17+dfsg-1.1) unstable; urgency=high * Non-maintainer upload. diff -Nru freeradius-3.0.17+dfsg/debian/freeradius.logrotate freeradius-3.0.17+dfsg/debian/freeradius.logrotate --- freeradius-3.0.17+dfsg/debian/freeradius.logrotate 2019-04-23 06:23:36.0 +0900 +++ freeradius-3.0.17+dfsg/debian/freeradius.logrotate 2019-05-24 22:15:19.0 +0900 @@ -9,6 +9,7 @@ notifempty copytruncate + su freerad freerad } # (in order) @@ -28,6 +29,7 @@ notifempty nocreate + su freerad freerad } # There are different detail-rotating strategies you can use. One is @@ -47,4 +49,5 @@ notifempty nocreate + su freerad freerad } diff -Nru freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch --- freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch 1970-01-01 09:00:00.0 +0900 +++ freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch 2019-05-24 22:15:19.0 +0900 @@ -0,0 +1,40 @@ +su to radiusd user/group when rotating logs + +The su directive to logrotate ensures that log rotation happens under the +owner of the logs. Otherwise, logrotate runs as root:root, potentially +enabling privilege escalation if a RCE is discovered against the +FreeRADIUS daemon. +--- a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate +@@ -9,6 +9,7 @@ + missingok + compress + delaycompress ++su radiusd radiusd + + # + # The main server log +--- a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius +@@ -17,6 +17,7 @@ + notifempty + + copytruncate ++ su radiusd radiusd + } + + # (in order) +@@ -34,6 +35,7 @@ + notifempty + + nocreate ++ su radiusd radiusd + } + + # There are different detail-rotating strategies you can use. One is +@@ -53,4 +55,5 @@ + notifempty + + nocreate ++ su radiusd radiusd + } diff -Nru freeradius-3.0.17+dfsg/debian/patches/series freeradius-3.0.17+dfsg/debian/patches/series --- freeradius-3.0.17+dfsg/debian/patches/series 2019-04-23 06:23:36.0 +0900 +++ freeradius-3.0.17+dfsg/debian/patches/series 2019-05-24 22:15:19.0 +0900 @@ -10,3 +10,4 @@ snakeoil-certs.diff CVE-2019-11234-1.patch CVE-2019-11234-2.patch +CVE-2019-10143.patch
Processed: Re: libzorpll-dev: add Breaks
Processing commands for cont...@bugs.debian.org: > tags 928883 + pending patch Bug #928883 [libzorpll-dev] libzorpll-dev: add Breaks Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 928883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928883 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928883: libzorpll-dev: add Breaks
tags 928883 + pending patch thanks I've uploaded libzorpll 7.0.1.0~alpha1-1.1 to DELAYED/5: libzorpll (7.0.1.0~alpha1-1.1) unstable; urgency=medium * Non-maintainer upload. * Apply patch from Andreas Beckmann to add "Breaks" on libzorpll-6.0-10-dev and libssl1.0-dev for smoother upgrades from stretch. This resulted from the switch from libssl1.0-dev to libssl-dev. (Closes: #928883) The full debdiff is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diffstat for libzorpll-7.0.1.0~alpha1 libzorpll-7.0.1.0~alpha1 changelog |9 + control |2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff -Nru libzorpll-7.0.1.0~alpha1/debian/changelog libzorpll-7.0.1.0~alpha1/debian/changelog --- libzorpll-7.0.1.0~alpha1/debian/changelog 2018-10-10 21:21:22.0 +0100 +++ libzorpll-7.0.1.0~alpha1/debian/changelog 2019-05-24 14:06:05.0 +0100 @@ -1,3 +1,12 @@ +libzorpll (7.0.1.0~alpha1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch from Andreas Beckmann to add "Breaks" on libzorpll-6.0-10-dev +and libssl1.0-dev for smoother upgrades from stretch. This resulted from +the switch from libssl1.0-dev to libssl-dev. (Closes: #928883) + + -- Chris Lamb Fri, 24 May 2019 14:06:05 +0100 + libzorpll (7.0.1.0~alpha1-1) unstable; urgency=medium * New upstream version (Closes: #859055) diff -Nru libzorpll-7.0.1.0~alpha1/debian/control libzorpll-7.0.1.0~alpha1/debian/control --- libzorpll-7.0.1.0~alpha1/debian/control 2018-10-10 21:21:22.0 +0100 +++ libzorpll-7.0.1.0~alpha1/debian/control 2019-05-24 14:06:05.0 +0100 @@ -34,7 +34,7 @@ Package: libzorpll-7.0-1-dev Section: libdevel Replaces: libzorpll-dev ( << 6.0.8.0-1) -Breaks: libzorpll-dev ( << 6.0.8.0-1) +Breaks: libzorpll-dev ( << 6.0.8.0-1), libzorpll-6.0-10-dev, libssl1.0-dev Conflicts: libzorpll-6.0-8-dev Architecture: any Depends: libzorpll-7.0-1 (= ${binary:Version}), ${misc:Depends}, libglib2.0-dev, libcap-dev [linux-any], libssl-dev
Bug#929459: sl works for me
Hello. Mark as solved. Root user dosen't load paths /usr/local/games:/usr/games. Works with other than user id 0. Kind Regards Hendrikus van Woerden Juhani Numminen kirjoitti 24.5.2019 klo 7.07: Package: sl Followup-For: Bug #929459 Control: tags -1 moreinfo Hello, On my system 'apt install sl' does provide the sl binary. Here are the package contents for reference. One can see there's /usr/games/sl. I think /usr/games is in the default $PATH. $ dpkg -l sl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Architecture Description +++-===--- ii sl 3.03-17+b2 amd64Correct you if you type `sl' by mistake $ dpkg -L sl /. /usr /usr/games /usr/games/sl /usr/games/sl-h /usr/share /usr/share/doc /usr/share/doc/sl /usr/share/doc/sl/README /usr/share/doc/sl/README.Debian /usr/share/doc/sl/README.jp /usr/share/doc/sl/README.sl-h.jp /usr/share/doc/sl/changelog.Debian.amd64.gz /usr/share/doc/sl/changelog.Debian.gz /usr/share/doc/sl/copyright /usr/share/man /usr/share/man/de /usr/share/man/de/man6 /usr/share/man/de/man6/LS.6.gz /usr/share/man/de/man6/sl-h.6.gz /usr/share/man/de/man6/sl.6.gz /usr/share/man/de.UTF-8 /usr/share/man/de.UTF-8/man6 /usr/share/man/de.UTF-8/man6/LS.6.gz /usr/share/man/de.UTF-8/man6/sl-h.6.gz /usr/share/man/de.UTF-8/man6/sl.6.gz /usr/share/man/ja /usr/share/man/ja/man6 /usr/share/man/ja/man6/LS.6.gz /usr/share/man/ja/man6/sl-h.6.gz /usr/share/man/ja/man6/sl.6.gz /usr/share/man/ja.UTF-8 /usr/share/man/ja.UTF-8/man6 /usr/share/man/ja.UTF-8/man6/LS.6.gz /usr/share/man/ja.UTF-8/man6/sl-h.6.gz /usr/share/man/ja.UTF-8/man6/sl.6.gz /usr/share/man/man6 /usr/share/man/man6/LS.6.gz /usr/share/man/man6/sl-h.6.gz /usr/share/man/man6/sl.6.gz /usr/games/LS -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-0.bpo.4-amd64 (SMP w/4 CPU cores) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sl depends on: ii libc62.24-11+deb9u4 ii libncurses5 6.0+20161126-1+deb9u2 ii libtinfo56.0+20161126-1+deb9u2 sl recommends no packages. sl suggests no packages. -- no debconf information
Processed: Re: Bug#927667: gnome: please confirm or revert choice of Wayland for default desktop
Processing commands for cont...@bugs.debian.org: > reassign 927667 gdm3 Bug #927667 [gnome] gnome: please confirm or revert choice of Wayland for default desktop Bug reassigned from package 'gnome' to 'gdm3'. No longer marked as found in versions meta-gnome3/1:3.30+1. Ignoring request to alter fixed versions of bug #927667 to the same values previously set > tags 927667 +patch Bug #927667 [gdm3] gnome: please confirm or revert choice of Wayland for default desktop Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 927667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927667 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#927667: gnome: please confirm or revert choice of Wayland for default desktop
reassign 927667 gdm3 tags 927667 +patch thanks On Fri, May 10, 2019 at 10:26:07AM +0100, Jonathan Dowland wrote: Two ways of resolving this are: Either the default GNOME3 session in Debian switched back to Xorg, or the default desktop session is switched away from GNOME; but I would much prefer the former. The attached debdiff (bringing back the similar change from 2016) seems to work for me (tested in a VM) but I would appreciate any additional testing that folks could spare. The debdiff is an NMU but I currently have no plans to upload it as such. Also available at: https://salsa.debian.org/gnome-team/gdm/merge_requests/8 -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄ commit 049dc7f4142850ae34ea530b5447175dd8a3834e Author: Jonathan Dowland Date: Thu May 23 16:43:14 2019 +0100 postpone switch to Wayland as default, again This is a repeat of 569d7f50fe3a06908886cefc5168126197fec570 from 2016, postponing the switch to Wayland for the default Debian desktop. See #927667 for discussion. diff --git a/debian/changelog b/debian/changelog index fc06f058..d2e936f7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +gdm3 (3.30.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Re-introduce debian/patches/09_default_session.patch, switching the +default session back to "default", postponing a move to Wayland by +default for Buster. Closes: #927667. + + -- Jonathan Dowland Fri, 24 May 2019 10:52:17 +0100 + gdm3 (3.30.2-3) unstable; urgency=medium * Team upload diff --git a/debian/patches/09_default_session.patch b/debian/patches/09_default_session.patch new file mode 100644 index ..d41fc744 --- /dev/null +++ b/debian/patches/09_default_session.patch @@ -0,0 +1,19 @@ +Description: Prefer (Xorg-based) desktop session + Default to "default.desktop" session, postponing a switch to + Wayland for the default Debian desktop. + +Origin: commit:569d7f50fe3a06908886cefc5168126197fec570 +Bug-Debian: https://bugs.debian.org/927667 + +index ca06608c..3276b902 100644 +--- a/daemon/gdm-session.c b/daemon/gdm-session.c +@@ -560,7 +560,7 @@ get_fallback_session_name (GdmSession *self) + } + } + +-name = g_strdup ("gnome"); ++name = g_strdup ("default"); + if (get_session_command_for_name (self, name, NULL)) { + g_free (self->priv->fallback_session_name); + self->priv->fallback_session_name = name; diff --git a/debian/patches/series b/debian/patches/series index 69745241..87fece76 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,6 +2,7 @@ manager-don-t-kill-timed-login-session-immediately-after-.patch manager-session-Add-some-debugging-around-starting-reauth.patch session-Don-t-allow-greeter-operations-on-an-running-sess.patch GdmManager-Don-t-perform-timed-login-if-session-gets-star.patch +09_default_session.patch 16_xserver_path.patch 90_config_comments.patch 91_dconf_database_path.patch
Bug#903635: docker.io: use of iptables-legacy is incompatible with nftables-based iptables
Hi Arnaud - sorry I missed your messages until now. On Fri, May 10, 2019 at 09:03:41AM +0700, Arnaud Rebillout wrote: As I mentioned above, there's a discussion with a work in progress to fix that upstream: https://github.com/docker/libnetwork/pull/2339 I don't think it will be ready in time for buster though. So I see two solutions going forward: - 1 Jonathan lower the severity of the bug so that it's not RC. I'd rather not do that, because I think RC is the right classification; *but* I don't feel necessarily (given the circumstances) that docker.io should be removed from Buster, so can I instead suggest we request that this bug is ignored for Buster? I think we need to ask the release team to do that (and tag accordingly) but I'll double-check the procedure. - 2 I import the patch from github, even though it's work in progress. I will follow up and update the patch as soon as upstream release a proper fix, and it will be included in a point release of buster. If I don't get any feedback from you Jonathan in the following days, I'll go for solution number 2 then. I bow to your judgement as maintainer as to whether the partial fix is worth applying on its own. Will the patch in #2339 address the specific issue of what happens on package install? -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄
Bug#929283: zookeeper: CVE-2019-0201: information disclosure vulnerability
tags 929283 + patch thanks Hi Moritz, > > > zookeeper: CVE-2019-0201: information disclosure vulnerability > > > > Happy to prepare an update for stretch; I plan to do one for jessie > > LTS (which, helpfully, has the same version...) > > Sounds good, we should fix that in Stretch. I've just added the reference > to the upstream commit in the 3.4 branch to the Security Tracker. Thanks. Here is my diff: diff --git a/debian/changelog b/debian/changelog index ea8c13e..6e92313 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +zookeeper (3.4.9-3+deb9u2) stretch-security; urgency=high + + * CVE-2019-0201: Prevent an information disclosure vulnerability where users +who were not authorised to read data were able to view the access control +list. (Closes: #929283) + + -- Chris Lamb Fri, 24 May 2019 08:57:53 +0100 + zookeeper (3.4.9-3+deb9u1) stretch-security; urgency=high * Team upload. diff --git a/debian/patches/CVE-2019-11579.patch b/debian/patches/CVE-2019-11579.patch new file mode 100644 index 000..e4c314c --- /dev/null +++ b/debian/patches/CVE-2019-11579.patch @@ -0,0 +1,57 @@ +--- zookeeper-3.4.9.orig/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java zookeeper-3.4.9/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java +@@ -20,6 +20,7 @@ package org.apache.zookeeper.server; + + import java.io.IOException; + import java.nio.ByteBuffer; ++import java.util.ArrayList; + import java.util.List; + + import org.apache.jute.Record; +@@ -32,6 +33,7 @@ import org.apache.zookeeper.KeeperExcept + import org.apache.zookeeper.KeeperException.SessionMovedException; + import org.apache.zookeeper.ZooDefs.OpCode; + import org.apache.zookeeper.data.ACL; ++import org.apache.zookeeper.data.Id; + import org.apache.zookeeper.data.Stat; + import org.apache.zookeeper.proto.CreateResponse; + import org.apache.zookeeper.proto.ExistsRequest; +@@ -308,10 +310,35 @@ public class FinalRequestProcessor imple + GetACLRequest getACLRequest = new GetACLRequest(); + ByteBufferInputStream.byteBuffer2Record(request.request, + getACLRequest); ++DataNode n = zks.getZKDatabase().getNode(getACLRequest.getPath()); ++if (n == null) { ++throw new KeeperException.NoNodeException(); ++} ++PrepRequestProcessor.checkACL(zks, zks.getZKDatabase().aclForNode(n), ++ZooDefs.Perms.READ | ZooDefs.Perms.ADMIN, ++request.authInfo); ++ + Stat stat = new Stat(); +-List acl = +-zks.getZKDatabase().getACL(getACLRequest.getPath(), stat); +-rsp = new GetACLResponse(acl, stat); ++List acl = ++zks.getZKDatabase().getACL(getACLRequest.getPath(), stat); ++try { ++PrepRequestProcessor.checkACL(zks, zks.getZKDatabase().aclForNode(n), ++ZooDefs.Perms.ADMIN, ++request.authInfo); ++rsp = new GetACLResponse(acl, stat); ++} catch (KeeperException.NoAuthException e) { ++List acl1 = new ArrayList(acl.size()); ++for (ACL a : acl) { ++if ("digest".equals(a.getId().getScheme())) { ++Id id = a.getId(); ++Id id1 = new Id(id.getScheme(), id.getId().replaceAll(":.*", ":x")); ++acl1.add(new ACL(a.getPerms(), id1)); ++} else { ++acl1.add(a); ++} ++} ++rsp = new GetACLResponse(acl1, stat); ++} + break; + } + case OpCode.getChildren: { diff --git a/debian/patches/series b/debian/patches/series index 9dd03d0..c0b9747 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,3 +9,4 @@ 09-spell-check.patch 10-CVE-2017-5637.patch CVE-2018-8012.patch +CVE-2019-11579.patch Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org chris-lamb.co.uk `-
Processed: Re: zookeeper: CVE-2019-0201: information disclosure vulnerability
Processing commands for cont...@bugs.debian.org: > tags 929283 + patch Bug #929283 [src:zookeeper] zookeeper: CVE-2019-0201: information disclosure vulnerability Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 929283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929283 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: bug 929469 is forwarded to https://github.com/systemd/systemd/issues/12656
Processing commands for cont...@bugs.debian.org: > forwarded 929469 https://github.com/systemd/systemd/issues/12656 Bug #929469 [systemd] systemd-networkd: fails with "could not set address: Permission denied" Set Bug forwarded-to-address to 'https://github.com/systemd/systemd/issues/12656'. > thanks Stopping processing here. Please contact me if you need assistance. -- 929469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929469 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 929469 to systemd-networkd: fails with "could not set address: Permission denied"
Processing commands for cont...@bugs.debian.org: > retitle 929469 systemd-networkd: fails with "could not set address: > Permission denied" Bug #929469 [systemd] systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied" Changed Bug title to 'systemd-networkd: fails with "could not set address: Permission denied"' from 'systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"'. > thanks Stopping processing here. Please contact me if you need assistance. -- 929469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929469 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"
Package: systemd Version: 241-3 Severity: serious File: systemd-networkd User: de...@kali.org Usertags: origin-kali I upgraded an (OVH) dedicated server to Debian buster with systemd 241-3 and while it rebooted correctly, the network did not came back. Looking into the logs I saw the following messages: May 20 12:37:10 euterpe systemd-networkd[756]: eno3: Could not bring up interface: Invalid argument May 20 12:37:14 euterpe systemd-networkd[756]: eno3: Gained carrier May 20 12:37:14 euterpe systemd-networkd[756]: eno3: could not set address: Permission denied The configuration in use is the following: $ cat /etc/systemd/network/50-default.network # This file sets the IP configuration of the primary (public) network device. # You can also see this as "OSI Layer 3" config. # It was created by the OVH installer, please be careful with modifications. # Documentation: man systemd.network or https://www.freedesktop.org/software/systemd/man/systemd.network.html [Match] MACAddress=ac:1f:6b:67:cd:e8 [Network] Description=network interface on public network, with default route DHCP=no Address=54.39.104.6/24 Gateway=54.39.104.254 #IPv6AcceptRA=false NTP=ntp.ovh.net DNS=127.0.0.1 DNS=213.186.33.99 DNS=2001:41d0:3:163::1 Gateway=2607:5300:0203:39ff:ff:ff:ff:ff [Address] Address=2607:5300:0203:3906::/64 [Route] Destination=2607:5300:0203:39ff:ff:ff:ff:ff Scope=link $ cat /etc/systemd/network/50-public-interface.link # This file configures the relation between network device and device name. # You can also see this as "OSI Layer 2" config. # It was created by the OVH installer, please be careful with modifications. # Documentation: man systemd.link or https://www.freedesktop.org/software/systemd/man/systemd.link.html [Match] MACAddress=ac:1f:6b:67:cd:e8 [Link] Description=network interface on public network, with default route MACAddressPolicy=persistent NamePolicy=kernel database onboard slot path mac #Name=eth0 # name under which this interface is known under OVH rescue system #Name=eno3 # name under which this interface is probably known by systemd The ethernet card is the following: $ lspci -v [...] 03:00.0 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 10GBASE-T Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 10GBASE-T Flags: bus master, fast devsel, latency 0, IRQ 11 Memory at 383fffc0 (64-bit, prefetchable) Memory at 383fffe04000 (64-bit, prefetchable) Expansion ROM at fb18 [disabled] Capabilities: [40] Power Management version 3 Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+ Capabilities: [70] MSI-X: Enable+ Count=64 Masked- Capabilities: [a0] Express Endpoint, MSI 00 03:00.1 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 10GBASE-T Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 10GBASE-T Flags: bus master, fast devsel, latency 0, IRQ 10 Memory at 383fffa0 (64-bit, prefetchable) Memory at 383fffe0 (64-bit, prefetchable) Expansion ROM at fb10 [disabled] Capabilities: [40] Power Management version 3 Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+ Capabilities: [70] MSI-X: Enable+ Count=64 Masked- Capabilities: [a0] Express Endpoint, MSI 00 [...] It is handled by the "ixgbe" kernel driver: $ grep ixgbe /var/log/kern.log: May 23 21:19:38 euterpe kernel: [1.896199] ixgbe: Intel(R) 10 Gigabit PCI Express Network Driver - version 5.1.0-k May 23 21:19:38 euterpe kernel: [1.908671] ixgbe: Copyright (c) 1999-2016 Intel Corporation. May 23 21:19:38 euterpe kernel: [3.471556] ixgbe :03:00.0: Multiqueue Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0 May 23 21:19:38 euterpe kernel: [3.619415] ixgbe :03:00.0: MAC: 5, PHY: 7, PBA No: 023A00-000 May 23 21:19:38 euterpe kernel: [3.628980] ixgbe :03:00.0: ac:1f:6b:67:cd:e8 May 23 21:19:38 euterpe kernel: [3.689232] ixgbe :03:00.0: Intel(R) 10 Gigabit Network Connection May 23 21:19:38 euterpe kernel: [5.487530] ixgbe :03:00.1: Multiqueue Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0 May 23 21:19:38 euterpe kernel: [5.627263] ixgbe :03:00.1: MAC: 5, PHY: 7, PBA No: 023A00-000 May 23 21:19:38 euterpe kernel: [5.634459] ixgbe :03:00.1: ac:1f:6b:67:cd:e9 May 23 21:19:38 euterpe kernel: [5.696963] ixgbe :03:00.1: Intel(R) 10 Gigabit Network Connection May 23 21:19:38 euterpe kernel: [5.707134] ixgbe :03:00.1 eno4: renamed from eth1 May 23 21:19:38 euterpe kernel: [5.733678] ixgbe :03:00.0 eno3: renamed from eth0 May 23 21:19:39 euterpe kernel: [ 22.934955] ixgbe :03:00.0: registered PHC device on eno3 May 23 21:19:43 euterpe kernel: [ 27.453172] ixgbe :03:00.0 eno3: NIC Link is Up 1 Gbps, Flow Control: None Trying to narrow
Bug#929468: wolfssl: CVE-2019-11873
Source: wolfssl Version: 3.15.3+dfsg-2 Severity: grave Tags: security upstream Hi, The following vulnerability was published for wolfssl. CVE-2019-11873[0]: | wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when | a current identity size is greater than a client identity size. An | attacker sends a crafted hello client packet over the network to a | TLSv1.3 wolfSSL server. The length fields of the packet: record | length, client hello length, total extensions length, PSK extension | length, total identity length, and identity length contain their | maximum value which is 2^16. The identity data field of the PSK | extension of the packet contains the attack data, to be stored in the | undefined memory (RAM) of the server. The size of the data is about 65 | kB. Possibly the attacker can perform a remote code execution attack. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11873 Please adjust the affected versions in the BTS as needed, could you double check 3.15.3 is affected. Regards, Salvatore
Bug#923930: FTBFS: FAIL test_chain
Jeffrey Altman writes: > The following commit has been merged to heimdal-7-1-branch. > > ... > > commit 8ed97b8583e000288b40a14efb901cbaf4c5d5c7 (origin/heimdal-7-1-branch) > Author: Quanah Gibson-Mount > Date: Thu May 23 15:06:33 2019 + > > Regenerate certs so that they expire before the 2038 armageddon so the > test suite will pass on 32-bit operating systems until the underlying > issues can be resolved. > Thanks for this. -- Brian May
Bug#929466: freeradius: CVE-2019-10143: privilege escalation due to insecure logration
Source: freeradius Version: 3.0.17+dfsg-1.1 Severity: grave Tags: security upstream Forwarded: https://github.com/FreeRADIUS/freeradius-server/pull/2666 Hi, The following vulnerability was published for freeradius. CVE-2019-10143[0]: privilege escalation due to insecure logration If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143 [1] https://github.com/FreeRADIUS/freeradius-server/pull/2666 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Processed: Re: Bug#929462: systemd-journal-remote: systemd-journal-upload user missing
Processing control commands: > tags -1 = moreinfo unreproducible Bug #929462 [systemd-journal-remote] systemd-journal-remote: systemd-journal-upload user missing Added tag(s) unreproducible and moreinfo; removed tag(s) newcomer. > severity -1 normal Bug #929462 [systemd-journal-remote] systemd-journal-remote: systemd-journal-upload user missing Severity set to 'normal' from 'grave' -- 929462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929462 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#929462: systemd-journal-remote: systemd-journal-upload user missing
Control: tags -1 = moreinfo unreproducible Control: severity -1 normal Am 24.05.19 um 02:24 schrieb Paul Emmerich: > Package: systemd-journal-remote > Version: 241-3 > Severity: grave > Justification: renders package unusable > Tags: newcomer > > Dear Maintainer, > > we are maintaining a Debian live image that uses systemd-journal-remote to > send log files to a log collector. The systemd-journal-upload unit fails > to start on buster: > > May 22 07:23:34 ceph06 systemd[1]: Starting Journal Remote Upload Service... > May 22 07:23:34 ceph06 systemd[40869]: systemd-journal-upload.service: Failed > to determine user credentials: No such process > May 22 07:23:34 ceph06 systemd[40869]: systemd-journal-upload.service: Failed > at step USER spawning /usr/local/bin/update-journal-configuration.sh: No such > process > > It tries to run as user systemd-journal-upload which seems to be missing. I can't reproduce the problem in a buster VM. systemd-journal-upload.service uses DynamicUser, so it is not necessary to allocate a static system user. Do you have libnss-systemd installed? If not, does it help if you install it? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature