[Bug 1923264] Re: request-tracker4 is incompatible with mysql-server-8.0
** Bug watch added: Debian Bug tracker #986707 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986707 ** Also affects: request-tracker4 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986707 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1923264 Title: request-tracker4 is incompatible with mysql-server-8.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker4/+bug/1923264/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1774717] Re: Saying goodbye to search.cpan.org
Here is a relevant thread on debian-perl: https://lists.debian.org /debian-perl/2018/05/msg00046.html In short: yes, but there is no urgency. I don't think a bug on perl in ubuntu is needed to track this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774717 Title: Saying goodbye to search.cpan.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1774717/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1519495] Re: rename (prename) ignores -n parameter in Xenial Daily
** Bug watch added: Debian Bug tracker #885103 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885103 ** Also affects: rename (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885103 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1519495 Title: rename (prename) ignores -n parameter in Xenial Daily To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rename/+bug/1519495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1519495] Re: rename (prename) ignores -n parameter in Xenial Daily
The version of rename from perl is being removed from the perl package - it was added by the Debian package and was unmaintained. rename/prename is now provided by the separate rename package, as you indicated. The intention is that they are compatible with easy other, so I'm definitely interested if that isn't the case. The problem you're describing (which is not specific to the newer version of rename - it appears with the old rename from the perl package too at least in my testing on Debian) is that -n is being ignored when supplied as the last argument. Both manpages specify that options must come before the expression and file list. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1519495 Title: rename (prename) ignores -n parameter in Xenial Daily To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rename/+bug/1519495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1683179] Re: Variables set inside files executed with do not visible to script
Hello, I'm one of the perl maintainers in Debian. In Debian we're still finalising the release notes for this issue for our next release; I suspect noone thought about communicating this change for Ubuntu :( A couple of observations that might be helpful to you and others: 1) you can revert this change (if you need to) by commenting out the relevant line in /etc/perl/sitecustomize.pl 2) I recommend that you in any case check for 'do' returning false, so that you at least don't get a silent failure. 3) This change is being made in the upcoming 5.26.0 release but for release timing reasons we have made it early. ** Summary changed: - Variables set inside files executed with do not visible to script + silent failure in 'do' due to '.' being removed from @INC ** Summary changed: - silent failure in 'do' due to '.' being removed from @INC + 'do' no longer loading files from '.' due to '.' being removed from @INC -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1683179 Title: 'do' no longer loading files from '.' due to '.' being removed from @INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1683179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Bug watch added: Debian Bug tracker #793660 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793660 ** Also affects: sudo (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793660 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1368697] [NEW] request-tracker4: data corruption with DBD::Pg
Public bug reported: See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757879 I'm going to upload a new version of request-tracker4 this weekend to Debian which should fix this. I strongly recommend that you update this (and dependency libdbix-searchbuilder-perl. already in sid) in your upcoming release. ** Affects: request-tracker4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1368697 Title: request-tracker4: data corruption with DBD::Pg To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker4/+bug/1368697/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1004834] Re: Multiple security vulnerabilities in request-tracker3.8
On Tue, Nov 13, 2012 at 03:01:33PM -, Marc Deslauriers wrote: I have prepared some untested updates in the security team proposed PPA here: https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages If someone could give them a whirl, I'll get them pocket-copied into -proposed for more wider testing. I've asked on rt-users[1] for testing. [1] http://lists.bestpractical.com/pipermail/rt- users/2012-November/078449.html -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004834 Title: Multiple security vulnerabilities in request-tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/1004834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1004834] Re: Multiple security vulnerabilities in request-tracker3.8
Hello Jamie, I don't see any reference to DEP3 in your wiki page and even if it were there it doesn't seem like a good reason to reject changes (after all in Debian DEP3 is not a requirement, nor is it (AFAICR) mentioned in Policy at all yet). As for the source of the commits, the updates are based on rolled up commits from upstream. Note that I'm acting as the Debian maintainer of these packages, not an Ubuntu developer, so I was hoping that an Ubuntu developer would be able to make any fine tweaks to my submissions before uploading them to Ubuntu. There's only so much energy I have when it comes to rolling updates for Ubuntu, especially when it's not clear that they will ever get released (#750339) . As for your question about the September regression: yes that should be applied, although it is a fairly minor regression compared to the other two, which as you have noticed were included. As for the delay on this bug report - perhaps the bug system could be improved so that the security team are told about issues tagged as security issues? There has been another round of updates from Best Practical (http://blog.bestpractical.com/2012/10/security-vulnerabilities-in- rt.html); they are available in Debian squeeze and the patch round-ups are at http://download.bestpractical.com/pub/rt/release/security-2012-10-25.tar.gz . Please help me decide whether it's a good use of my time to submit updates for the latest issues based on the work I've already done in Debian. Lastly, I notice that this bug was assigned to me, and then assigned to Marc instead. Please let me know the implications of this; is there work ongoing already? I don't want to duplicate work unnecessarily. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004834 Title: Multiple security vulnerabilities in request-tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/1004834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1004834] Re: Multiple security vulnerabilities in request-tracker3.8
Typically, I see the DEP3 stuff jump out of the wiki page immediately after submitting the previous comment, so scratch that part of the comment. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004834 Title: Multiple security vulnerabilities in request-tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/1004834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1069034] Re: [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator
Clarification: when I said 5.14.3-14 above, I meant 5.14.2-14. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1069034 Title: [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1069034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1069034] [NEW] [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator
*** This bug is a security vulnerability *** Public security bug reported: The following commit appeared in 5.14.3 and Debian 5.14.3-14: commit 5ee2604e72cdd836101f279f8f9e89243c7f0097 Author: Andy Dougherty dough...@lafayette.edu Date: Thu Sep 27 09:52:18 2012 -0400 avoid calling memset with a negative count Poorly written perl code that allows an attacker to specify the count to perl's 'x' string repeat operator can already cause a memory exhaustion denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate that into a heap buffer overrun; coupled with versions of glibc before 2.16, it possibly allows the execution of arbitrary code. The flaw addressed to this commit has been assigned identifier CVE-2012-5195. http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg194057.html http://patch-tracker.debian.org/patch/series/view/perl/5.14.2-14/fixes/string_repeat_overrun.diff ** Affects: perl (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5195 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1069034 Title: [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/1069034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1004834] Re: Multiple security vulnerabilities in request-tracker3.8
Patches ready for testing attached. See also svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/lucid svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/natty [oneric is the same as natty, so only version numbers to be updated there] svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/precise Note that I don't run RT on Ubuntu systems so can't help with testing. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) ** Patch added: rt3.8-secfix-lucid.patch https://bugs.launchpad.net/bugs/1004834/+attachment/3183236/+files/rt3.8-secfix-lucid.patch ** Patch added: rt3.8-secfix-natty.patch https://bugs.launchpad.net/bugs/1004834/+attachment/3183237/+files/rt3.8-secfix-natty.patch ** Patch added: rt3.8-secfix-precise.patch https://bugs.launchpad.net/bugs/1004834/+attachment/3183238/+files/rt3.8-secfix-precise.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004834 Title: Multiple security vulnerabilities in request-tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/1004834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1004835]
On Fri, Jun 01, 2012 at 10:19:12PM -, Tyler Hicks wrote: Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures Patches ready for testing attached. See also http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git;a=shortlog;h=refs/heads/precise http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git;a=shortlog;h=refs/heads/oneiric Note that I don't run RT on Ubuntu systems so can't help with testing. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) ** Patch added: rt4-secfix-oneiric.patch https://bugs.launchpad.net/bugs/1004835/+attachment/3174878/+files/rt4-secfix-oneiric.patch ** Patch added: rt4-secfix-precise.patch https://bugs.launchpad.net/bugs/1004835/+attachment/3174879/+files/rt4-secfix-precise.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004835 Title: Multiple security vulnerabilities in request-tracker4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker4/+bug/1004835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1004834] [NEW] Multiple security vulnerabilities in request-tracker3.8
*** This bug is a security vulnerability *** Public security bug reported: Upstream reported multiple vulnerabilities in request-tracker3.8. Patches are described in: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000206.html ** Affects: request-tracker3.8 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004834 Title: Multiple security vulnerabilities in request-tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/1004834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1004835] [NEW] Multiple security vulnerabilities in request-tracker4
*** This bug is a security vulnerability *** Public security bug reported: Upstream reported multiple vulnerabilities in request-tracker4. Patches are described in: http://lists.bestpractical.com/pipermail/rt- announce/2012-May/000202.html ** Affects: request-tracker4 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Description changed: Upstream reported multiple vulnerabilities in request-tracker4. Patches are described in: - http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html - http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000206.html + http://lists.bestpractical.com/pipermail/rt- + announce/2012-May/000202.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004835 Title: Multiple security vulnerabilities in request-tracker4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker4/+bug/1004835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 990516] Re: Should probably not be in precise
On Sun, Apr 29, 2012 at 02:36:07AM -, Micah Gersten wrote: Sorry, I caught this a bit too late as well. The main archive is now frozen since we're post release, so barring a very extreme situation, packages cannot be removed at this point. At some point in the lifetime of 12.04, 3.8 will run out of upstream support. It makes more sense to me to consider removing it now and pointing people at request-tracker4, which has a longer expected lifetime, than to leave request-tracker3.8. I speak as the only person who has, as far as I know, contributed security fixes to RT in Ubuntu. I'd rather not have the headache of feeling (however unjustly) that I am responsible for maintaining 3.8 in 12.04 with no upstream support, for the next five years. On a separate note - I am really quite surprised that there is no process in Ubuntu for checking the Debian RC bug list at freeze time. Such a review would have made it quite obvious that request-tracker3.8 shouldn't have been released in 12.04. Perhaps this should be considered in future? I'll convert this into a removal from quantal though. We actually can't remove this until the addons that depend on it are updated for 4.0 or removed from Debian. You seem to be suggesting that you can decide to remove request-tracker3.8 but not other leaf packages which depend on it? I don't follow the logic here. rt-extension-emailcompletion and rtfm also have RC bugs in Debian and will be removed from Debian before long. They should be removed from Ubuntu at the same time as RT3.8. rt-extension-assettracker has been updated to not produce any binary packages depending on RT3.8. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/990516 Title: Should probably not be in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/990516/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 990516] [NEW] Should probably not be in precise
Public bug reported: This package will not be in wheezy and is almost certainly not suitable for precise either, as an LTS release. See the related Debian bug #647126. I recommend that it be removed from precise, if such a process exists. Apologies for not catching this at a more opportune moment. Dominic. ** Affects: request-tracker3.8 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/990516 Title: Should probably not be in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/990516/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 769765] Re: Missing dependency for libapache-dbi-perl
On Fri, Dec 02, 2011 at 06:49:12PM -, Alex Vandiver wrote: I just took a quick look at this, and replicated it. However, libapache-dbi-perl _is_ in the dependencies of rt3.8-apache2, but because of the way the dependencies have been phrased, apt decides to install speedy-cgi-perl is a fine stand-in for libapache-dbi-perl, and installs that instead. I don't know enough about phrasing .dep dependencies to know how fixable this is, though. This change in request-tracker4 should make this sort of thing less likely: http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git;a=commit;h=5dfeee1cd70e83efc5c2176c80a7e0d94faa7533 I imagine something similar could be done in request-tracker3.8, although I'm not keen to change this now (this package is firmly in maintenance mode (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647126), and it's not a new problem). Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) ** Bug watch added: Debian Bug tracker #647126 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647126 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/769765 Title: Missing dependency for libapache-dbi-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/769765/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Re: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72)
I am no longer able to verify the fix as I've since upgraded the netbook to 11.10 (since the notification that 10.04 was no longer supported on netbooks). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
I can confirm that the fix looks correct and that it was a mistake in my previous fix. Attached is the fix incorporated as a debdiff against 3.8.7-1ubuntu2.1 ** Patch added: rt3.8-lucid-ubuntu2.2.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2607099/+files/rt3.8-lucid-ubuntu2.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Re: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72)
Workaround confirmed, thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] BootDmesg.txt
apport information ** Attachment added: BootDmesg.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554964/+files/BootDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Re: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72)
apport information ** Tags added: apport-collected ** Description changed: No sound at all is audible on this Dell Mini 9 running linux- image-2.6.32-34-generic. Reverting to linux-image-2.6.32-33-generic fixes the problem. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: alsa-base 1.0.22.1+dfsg-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-34.77-generic 2.6.32.44+drm33.19 Uname: Linux 2.6.32-34-generic i686 NonfreeKernelModules: wl AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21. AplayDevices: List of PLAYBACK Hardware Devices card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 Architecture: i386 ArecordDevices: List of CAPTURE Hardware Devices card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: dom1565 F pulseaudio Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xf054 irq 22' Mixer name : 'Realtek ALC268' Components : 'HDA:10ec0268,102802b0,00100101' Controls : 13 Simple ctrls : 8 Date: Sat Oct 15 21:36:13 2011 EcryptfsInUse: Yes InstallationMedia: Ubuntu-Netbook 10.04 Lucid Lynx - Release i386 (20100429.4) PackageArchitecture: all ProcEnviron: PATH=(custom, user) LANG=en_GB.utf8 SHELL=/bin/bash SelectedCard: 0 Intel HDA-Intel - HDA Intel SourcePackage: alsa-driver Symptom: audio Title: [Realtek ALC268] ALSA test tone not correctly played back dmi.bios.date: 08/05/2008 dmi.bios.vendor: Dell Inc. dmi.bios.version: A00 dmi.board.name: CN0J14 dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 8 dmi.chassis.vendor: Dell Inc. dmi.chassis.version: A00 dmi.modalias: dmi:bvnDellInc.:bvrA00:bd08/05/2008:svnDellInc.:pnInspiron910:pvrA00:rvnDellInc.:rnCN0J14:rvrA00:cvnDellInc.:ct8:cvrA00: dmi.product.name: Inspiron 910 dmi.product.version: A00 dmi.sys.vendor: Dell Inc. + --- + AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21. + AplayDevices: + List of PLAYBACK Hardware Devices + card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] +Subdevices: 1/1 +Subdevice #0: subdevice #0 + Architecture: i386 + ArecordDevices: + List of CAPTURE Hardware Devices + card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] +Subdevices: 1/1 +Subdevice #0: subdevice #0 + AudioDevicesInUse: + USERPID ACCESS COMMAND + /dev/snd/controlC0: dom1565 F pulseaudio + CRDA: Error: [Errno 2] No such file or directory + Card0.Amixer.info: + Card hw:0 'Intel'/'HDA Intel at 0xf054 irq 22' +Mixer name : 'Realtek ALC268' +Components : 'HDA:10ec0268,102802b0,00100101' +Controls : 13 +Simple ctrls : 8 + DistroRelease: Ubuntu 10.04 + EcryptfsInUse: Yes + InstallationMedia: Ubuntu-Netbook 10.04 Lucid Lynx - Release i386 (20100429.4) + MachineType: Dell Inc. Inspiron 910 + NonfreeKernelModules: wl + Package: linux (not installed) + ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-34-generic root=UUID=22cd9775-b2b5-426d-9873-b7fd791ad33e ro quiet splash + ProcEnviron: + PATH=(custom, user) + LANG=en_GB.utf8 + SHELL=/bin/bash + ProcVersionSignature: Ubuntu 2.6.32-34.77-generic 2.6.32.44+drm33.19 + Regression: Yes + RelatedPackageVersions: linux-firmware 1.34.7 + Reproducible: Yes + Tags: lucid ubuntu-une audio regression-update needs-upstream-testing + Uname: Linux 2.6.32-34-generic i686 + UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare + dmi.bios.date: 08/05/2008 + dmi.bios.vendor: Dell Inc. + dmi.bios.version: A00 + dmi.board.name: CN0J14 + dmi.board.vendor: Dell Inc. + dmi.board.version: A00 + dmi.chassis.type: 8 + dmi.chassis.vendor: Dell Inc. + dmi.chassis.version: A00 + dmi.modalias: dmi:bvnDellInc.:bvrA00:bd08/05/2008:svnDellInc.:pnInspiron910:pvrA00:rvnDellInc.:rnCN0J14:rvrA00:cvnDellInc.:ct8:cvrA00: + dmi.product.name: Inspiron 910 + dmi.product.version: A00 + dmi.sys.vendor: Dell Inc. ** Attachment added: AlsaDevices.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554963/+files/AlsaDevices.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Card0.Amixer.values.txt
apport information ** Attachment added: Card0.Amixer.values.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554965/+files/Card0.Amixer.values.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Card0.Codecs.codec.0.txt
apport information ** Attachment added: Card0.Codecs.codec.0.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554966/+files/Card0.Codecs.codec.0.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] CurrentDmesg.txt
apport information ** Attachment added: CurrentDmesg.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554967/+files/CurrentDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] IwConfig.txt
apport information ** Attachment added: IwConfig.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554968/+files/IwConfig.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Lspci.txt
apport information ** Attachment added: Lspci.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554969/+files/Lspci.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Lsusb.txt
apport information ** Attachment added: Lsusb.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554970/+files/Lsusb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] PciMultimedia.txt
apport information ** Attachment added: PciMultimedia.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554971/+files/PciMultimedia.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] ProcCpuinfo.txt
apport information ** Attachment added: ProcCpuinfo.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554972/+files/ProcCpuinfo.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] ProcModules.txt
apport information ** Attachment added: ProcModules.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554974/+files/ProcModules.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] ProcInterrupts.txt
apport information ** Attachment added: ProcInterrupts.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554973/+files/ProcInterrupts.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] UdevDb.txt
apport information ** Attachment added: UdevDb.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554976/+files/UdevDb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] WifiSyslog.txt
apport information ** Attachment added: WifiSyslog.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554978/+files/WifiSyslog.txt ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] UdevLog.txt
apport information ** Attachment added: UdevLog.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554977/+files/UdevLog.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] RfKill.txt
apport information ** Attachment added: RfKill.txt https://bugs.edge.launchpad.net/bugs/875300/+attachment/2554975/+files/RfKill.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] [NEW] [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72)
Public bug reported: No sound at all is audible on this Dell Mini 9 running linux- image-2.6.32-34-generic. Reverting to linux-image-2.6.32-33-generic fixes the problem. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: alsa-base 1.0.22.1+dfsg-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-34.77-generic 2.6.32.44+drm33.19 Uname: Linux 2.6.32-34-generic i686 NonfreeKernelModules: wl AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21. AplayDevices: List of PLAYBACK Hardware Devices card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 Architecture: i386 ArecordDevices: List of CAPTURE Hardware Devices card 0: Intel [HDA Intel], device 0: ALC268 Analog [ALC268 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: dom1565 F pulseaudio Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xf054 irq 22' Mixer name : 'Realtek ALC268' Components : 'HDA:10ec0268,102802b0,00100101' Controls : 13 Simple ctrls : 8 Date: Sat Oct 15 21:36:13 2011 EcryptfsInUse: Yes InstallationMedia: Ubuntu-Netbook 10.04 Lucid Lynx - Release i386 (20100429.4) PackageArchitecture: all ProcEnviron: PATH=(custom, user) LANG=en_GB.utf8 SHELL=/bin/bash SelectedCard: 0 Intel HDA-Intel - HDA Intel SourcePackage: alsa-driver Symptom: audio Title: [Realtek ALC268] ALSA test tone not correctly played back dmi.bios.date: 08/05/2008 dmi.bios.vendor: Dell Inc. dmi.bios.version: A00 dmi.board.name: CN0J14 dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 8 dmi.chassis.vendor: Dell Inc. dmi.chassis.version: A00 dmi.modalias: dmi:bvnDellInc.:bvrA00:bd08/05/2008:svnDellInc.:pnInspiron910:pvrA00:rvnDellInc.:rnCN0J14:rvrA00:cvnDellInc.:ct8:cvrA00: dmi.product.name: Inspiron 910 dmi.product.version: A00 dmi.sys.vendor: Dell Inc. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 lucid ubuntu-une -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 875300] Re: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/875300 Title: [Realtek ALC268] ALSA test tone not correctly played back (regression in lucid from 2.6.32-33.72) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/875300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 863678] [NEW] [CVE-2011-2766] authentication bypass
*** This bug is a security vulnerability *** Public security bug reported: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479 provides information about an authentication bypass vulnerability in libfcgi- perl. Looks like this affects maverick, natty and oneiric. ** Affects: libfcgi-perl (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Description changed: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479 provides information about an authentication bypass vulnerability in libfcgi- - perl. Looks like this supports maverick, natty and oneiric. + perl. Looks like this affects maverick, natty and oneiric. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2766 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/863678 Title: [CVE-2011-2766] authentication bypass To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfcgi-perl/+bug/863678/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806192] [NEW] duplicate work in libbsd patch
Public bug reported: Hello, I noticed that you're still adding an extra patch to disable use of libutil.h. This should no longer be needed as we added a similar change in debian/config.debian (in 5.12.3-3). Cheers, Dominic. ** Affects: perl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806192 Title: duplicate work in libbsd patch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/806192/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for lucid. This fixes the more recent bunch of issues too. It's a straightforward port of my updates for Debian. Not test-built on Ubuntu or tested (I don't have Ubuntu machines to hand). ** Patch added: request-tracker3.8-lucid-security-2011-04-19.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146783/+files/request-tracker3.8-lucid-security-2011-04-19.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
The last patch missed out the installation of the vulnerable-passwords script. Please use this one instead. ** Patch added: request-tracker3.8-lucid-security-2011-05-29.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146802/+files/request-tracker3.8-lucid-security-2011-05-29.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for hardy. This fixes some other old security issues as well as the more recent ones. This probably needs more testing than the other updates. ** Patch added: request-tracker3.6-hardy-security-2011-05-29.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146817/+files/request-tracker3.6-hardy-security-2011-05-29.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 778184] Re: package request-tracker3.8 3.8.10-1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1
So MySQL was stopped in the middle of the upgrade. Not sure what the upgrade scripts can do about this. To fix up, run this as root: /usr/sbin/rt-setup-database-3.8 --action insert --datafile /usr/share /request-tracker3.8/etc/upgrade/3.8.9/content --skip-create Note: you seem to have dbconfig-common configured thinking that your database is sqlite, where it's actually configured with MySQL. This will break things horribly. Either configure RT to use MySQL via dbconfig- common (dpkg-reconfigure request-tracker3.8), or don't use dbconfig at all (also through dpkg-reconfigure request-tracker3.8). It wouldn't have mattered in some cases, but you may find this will cause breakage in the future otherwise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/778184 Title: package request-tracker3.8 3.8.10-1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
On Wed, May 04, 2011 at 09:27:54PM -, Jamie Strandboge wrote: Thanks for the debdiff! No problem. I take it you'd be interested in updates for lucid, and hardy (and dapper-backports?) too? Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for maverick. This fixes the more recent bunch of issues too. It's a straightforward port of my updates for Debian. Not test-built on Ubuntu or tested (I don't have Ubuntu machines to hand). If this is any use, I can look at preparing similar updates for previous versions. ** Patch added: request-tracker3.8-maverick-security-2011-04-19.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2070508/+files/request-tracker3.8-maverick-security-2011-04-19.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 477106] Re: [regression] lucid alpha-2 and earlier freeze upon suspend with sd card plugged in with some hardware
2.6.32-26 also fixes the suspend with SD card inserted problems with my Dell Mini 9 (with /etc/pm/config.d/suspend_modules empty). -- [regression] lucid alpha-2 and earlier freeze upon suspend with sd card plugged in with some hardware https://bugs.launchpad.net/bugs/477106 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 407783] Re: include a default apache2 site file
I recommend that this bug be closed. -- include a default apache2 site file https://bugs.launchpad.net/bugs/407783 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 444046] Re: rt-setup-database-3.8 does not seem to work
What's odd here is that the database name is blank. I would be interested if this is reproducible in the current version of RT in Ubuntu (3.8.8-4). There is an outstanding upstream ticket about some more pathological cases[1] but in this case it seems like the problem is the completely blank database name. [1] http://issues.bestpractical.com/Ticket/Display.html?id=7568 ** Bug watch added: issues.bestpractical.com/ #7568 http://issues.bestpractical.com/Ticket/Display.html?id=7568 -- rt-setup-database-3.8 does not seem to work https://bugs.launchpad.net/bugs/444046 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 647543] Re: package request-tracker3.8 (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 10
The version isn't stated, but I think this is fixed in more recent versions. I don't remember the details, but I do recall finding and fixing a bug looking like this. I would be interested to hear more. -- package request-tracker3.8 (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 10 https://bugs.launchpad.net/bugs/647543 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 407783] Re: include a default apache2 site file
** Changed in: request-tracker3.8 (Ubuntu) Status: New = Invalid -- include a default apache2 site file https://bugs.launchpad.net/bugs/407783 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 407783] Re: include a default apache2 site file
Apache configuration files are included in the rt3.8-apache2 package (it's a bit more complicated than you suggest though). -- include a default apache2 site file https://bugs.launchpad.net/bugs/407783 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 457685] Re: RT3.6 is EOL
rtfm has been updated to work with request-tracker3.8 now so there is no reason to keep this in (request-tracker3.6 has also been removed from Debian unstable). -- RT3.6 is EOL https://bugs.launchpad.net/bugs/457685 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 436729] Re: [Dell Inc. Inspiron 910] suspend/resume failure [non-free: wl]
I can also confirm this behaviour with Netbook Remix upgraded from 9.04 to 9.10 RC. Suspend freezes (needs power button pressing to turn off) with SDHC card inserted, works without. -- [Dell Inc. Inspiron 910] suspend/resume failure [non-free: wl] https://bugs.launchpad.net/bugs/436729 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 444027] Re: gpsd unusable configuration
This issue caused rather a lot of grief during the upgrade to karmic I performed today. I'm not sure whether those problems were entirely within the realm of gpsd or whether the update-manager/debconf bits were handling errors badly. When the debconf message popped up, clicking on 'Forward' (in the gui interface) did nothing, and clicking 'back' propogated an error back to dpkg. After clicking 'back' several times on this error message, the upgrade eventually completed. -- gpsd unusable configuration https://bugs.launchpad.net/bugs/444027 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 457679] [NEW] XSS vulnerability when displaying Custom Field values
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: request-tracker3.8 Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546829 for details of a cross site scripting vulnerability in RT in karmic. Fixed in Debian. ** Affects: request-tracker3.8 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- XSS vulnerability when displaying Custom Field values https://bugs.launchpad.net/bugs/457679 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 457685] [NEW] RT3.6 is EOL
Public bug reported: Binary package hint: request-tracker3.6 I don't think that RT 3.6 should be released with karmic; it has been removed from Debian testing and will be removed from unstable shortly as it's been EOLed. Please see Debian RC bug http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=535007 Note that one reason you may choose to leave it in is to provide a version that works with rtfm, as no version of rtfm that works with RT 3.8 has yet been worked on in Debian (it is on the cards). ** Affects: request-tracker3.6 (Ubuntu) Importance: Undecided Status: New ** Description changed: Binary package hint: request-tracker3.6 I don't think that RT 3.6 should be released with karmic; it has been removed from Debian testing and will be removed from unstable shortly as it's been EOLed. Please see Debian RC bug http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=535007 Note that one reason you may choose to leave it in is to provide a - version that works with rtfm, as no version of rtfm has yet been worked - on in Debian (it is on the cards). + version that works with rtfm, as no version of rtfm that works with RT + 3.8 has yet been worked on in Debian (it is on the cards). -- RT3.6 is EOL https://bugs.launchpad.net/bugs/457685 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 440430] Re: package request-tracker3.8 3.8.4-1 failed to install/upgrade:
Does running dpkg-reconfigure request-tracker3.8 manually do the upgrade for you? Since the database upgrades are handled by dbconfig-common, I will move this bug there; but I'm not sure that there is a real solution to this except perhaps to provide more hints in the error. ** Package changed: request-tracker3.8 (Ubuntu) = dbconfig-common (Ubuntu) -- package request-tracker3.8 3.8.4-1 failed to install/upgrade: https://bugs.launchpad.net/bugs/440430 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dbconfig-common in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 440430] Re: package request-tracker3.8 3.8.4-1 failed to install/upgrade:
Does running dpkg-reconfigure request-tracker3.8 manually do the upgrade for you? Since the database upgrades are handled by dbconfig-common, I will move this bug there; but I'm not sure that there is a real solution to this except perhaps to provide more hints in the error. ** Package changed: request-tracker3.8 (Ubuntu) = dbconfig-common (Ubuntu) -- package request-tracker3.8 3.8.4-1 failed to install/upgrade: https://bugs.launchpad.net/bugs/440430 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 368831] Re: UNR - Restart text incorrect
*** This bug is a duplicate of bug 318613 *** https://bugs.launchpad.net/bugs/318613 ** This bug has been marked a duplicate of bug 318613 Wrong Restart Text -- UNR - Restart text incorrect https://bugs.launchpad.net/bugs/368831 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 383617] Re: Incorrect wording in UNR Session Manager 'Quit Session' dialog
*** This bug is a duplicate of bug 318613 *** https://bugs.launchpad.net/bugs/318613 ** This bug has been marked a duplicate of bug 318613 Wrong Restart Text -- Incorrect wording in UNR Session Manager 'Quit Session' dialog https://bugs.launchpad.net/bugs/383617 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 316821] Re: package request-tracker3.6 3.6.7-2 failed to install/upgrade: subprocess post-installation script returned error exit status 1
The error is: ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2). unable to connect to mysql server. error encountered creating user: which means that you've configured RT to use MySQL, but there is no MySQL database running on the host. -- package request-tracker3.6 3.6.7-2 failed to install/upgrade: subprocess post-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/316821 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 187570] Re: Sun Java 6 package should be updated to 6u4
The most recent security update was 6u13. -- Sun Java 6 package should be updated to 6u4 https://bugs.launchpad.net/bugs/187570 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 272889] [NEW] consider syncing movabletype-opensource from Debian
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: movabletype-opensource Several important fixes have gone into Debian since the last ubuntu sync: movabletype-opensource (4.2.1-2) unstable; urgency=low * Fix SignIn widget by adapting JSON related code to new JSON.pm behaviour (closes: #498747). Thanks to Peter Gervai for the fix. -- Dominic Hargreaves [EMAIL PROTECTED] Sat, 20 Sep 2008 23:50:53 +0100 movabletype-opensource (4.2.1-1) unstable; urgency=low * New upstream release (version 4.21) - fixes archive mapping bug (closes: #496776) * Change MTA dependencies to exim4 | mail-transport-agent. This is still not ideal but the best we can do pending a global fix (closes: #495858) -- Dominic Hargreaves [EMAIL PROTECTED] Sun, 31 Aug 2008 22:01:39 +0100 movabletype-opensource (4.2-1) unstable; urgency=medium * New upstream final release - contains translation/doc updates and small bugfixes * Preserve urgency from previous release -- Dominic Hargreaves [EMAIL PROTECTED] Wed, 13 Aug 2008 22:30:03 +0100 movabletype-opensource (4.2~rc5-1) unstable; urgency=medium * New upstream release candidate * Urgency medium as new release includes some preventative security fixes: http://www.movabletype.org/2008/08/movable_type_42_rc5_and_security_updates.html -- Dominic Hargreaves [EMAIL PROTECTED] Sat, 9 Aug 2008 15:13:40 +0100 including some security issues. I recommend that these changes be considered for inclusion into your next release. Security issues are CVE-2008-4079. (Note: I'm not an Ubuntu user, just a concerned Debian developer :) ** Affects: movabletype-opensource (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Summary changed: - conside syncing movabletype-opensource from Debian + consider syncing movabletype-opensource from Debian -- consider syncing movabletype-opensource from Debian https://bugs.launchpad.net/bugs/272889 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs