Bug#702071: CVE-2013-1788, CVE-2013-1789 and CVE-2013-1790

Package: poppler Severity: grave Tags: security Hi, the following vulnerabilities were published for poppler. CVE-2013-1788[0]: invalid memory issues CVE-2013-1789[1]: crash in broken documents CVE-2013-1790[2]: uninitialized memory read Patches are referenced in the Red Hat Bugzilla to the r

Bug#702070: widelands: Copyright file points to wrong license and doesn't cite source

Package: widelands Version: 1:17-3 Severity: serious Justification: Policy 12.5 Dear Maintainer, I noticed that Widelands' copyright file points to the wrong GPL: "This game is distributed under the GPL licence (to be found under /usr/share/common-licenses/GPL on a Debian box)." This leads to GPL

Bug#701959: segfault in vi applet (data loss possible)

02.03.2013 15:57, Cyril Brulebois wrote: > Michael Tokarev (01/03/2013): >> Package: busybox >> Version: 1:1.20.0-7 >> Severity: important >> Tags: upstream patch pending >> >> `P' and `p' commands in vi ("paste") results in a segfault if >> nothing has been put into paste buffer. This may trivia

Bug#702013: unblock: chromium-browser/25.0.1364.97-1

On Sat, Mar 02, 2013 at 01:12:51PM +0100, Julien Cristau wrote: > On Fri, Mar 1, 2013 at 17:56:10 +0100, Moritz Muehlenhoff wrote: > > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > Please unblock chromium-browser

Bug#701081: debian-policy: mandate an encoding for filenames in binary packages

On Sat, Feb 23, 2013 at 08:02:10AM +0100, Helmut Grohne wrote: > On Sat, Feb 23, 2013 at 01:31:32PM +0900, Charles Plessy wrote: > > - There are here and there discussions raising possible corner cases > >where distributing files with a name not representable in UTF-8 might > >be justified

Bug#702005: libpython2.7: Upgrade to libpython2.7 2.7.3-7 fails, breaking python entirely

On Sat, Mar 2, 2013 at 10:38:03 +0100, Vincent Lefevre wrote: > On 2013-03-01 20:43:07 +0100, Sven Joachim wrote: > > I received error messages from GMX that the mails could not be > > delivered, but unfortunately have deleted them already. :-( > > If the problem persists, I'll forward it to the

Bug#698322: Include Dvorak Native Brazilian in list of keyboard layouts

Ben Hutchings (05/02/2013): > I think this 'just' needs the front-ends used in the installer to > include a 'show password' checkbox when prompting for a password. It's > not something so important and so simple that the installer team should > feel obliged to do it, but maybe if Juliano or anoth

Bug#688634: roundcube-sqlite upgrade causes serious data-loss

On Fri, Mar 1, 2013 at 16:17:34 -0800, Russ Allbery wrote: > Hello folks, > > After reviewing the bug discussion, I believe the correct thing to do here > is to remove the roundcube-sqlite package from wheezy entirely. That will > block an upgrade from squeeze by forcing the admin to realize th

Bug#688336: os-prober 1.56 and btrfs

Christian PERRIER (04/02/2013): > Do you think it would be OK to already commit this is the master > branch so that these important contributions are not simply forgotten > when we really start working on jessie (in a year or so...:-( ). > > Of course, if we do this, we fork a wheezy branch "just

Bug#690067: what is to be done?

tags 690067 +patch thanks On Tue, Dec 11, 2012 at 12:13:37PM +0100, Gergely Nagy wrote: > Csillag Tamas writes: > > > The patch seems fine to me. > > Is something missing? Is something still needs to be done? > > I still need to prep the other things. I most likely will have time this > coming

Bug#697890: iwconfig not in /sbin

Christian PERRIER (10/02/2013): > Quoting Christian PERRIER (bubu...@debian.org): > > OK, you guys convinced me. Re-opening the bug, then. > > > > Should this be wheezy material? Certainly. ;) > I pushed 3d1e7081810f5dde9915238e7a8b6e2d991128f8 in tasksel git. > > I suggest we keep this for D-

Bug#702021: debian wheezy not booting

it's quite a big file 700 kb so here it is http://wklej.org/id/970189/txt/ 2013/3/2 Cyril Brulebois > Piotrek (02/03/2013): > > Ok so now I installed amd64 sucesfully on eufi but still same error > appears > > after waiting for dev to be fully popullated black screen appears. I > tried > > add

Bug#702013: unblock: chromium-browser/25.0.1364.97-1

On Fri, Mar 1, 2013 at 17:56:10 +0100, Moritz Muehlenhoff wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock chromium-browser 25.0.1364.97-1. It fixes many security issues > and will be updated to the curr

Bug#701081: debian-policy: mandate an encoding for filenames in binary packages

Le Sun, Feb 24, 2013 at 11:54:01AM +0900, Charles Plessy a écrit : > Le Sat, Feb 23, 2013 at 08:02:10AM +0100, Helmut Grohne a écrit : > > > > I have to admit, that I am slightly in favour of just copying Fedora's > > approach. Making distributions more compatible with each other seems > > like a

Bug#702069: link() with non-synchronous Filesystems

Package: qmail Version: (1.06-5) What abouth the Linux port to fix non-synchronous link() problem on linux filesystems like reiserfs/ext2 ? Qmail is unstable on that fs, and reiserfs is still a nice solution for qmail. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org wi

Bug#701959: segfault in vi applet (data loss possible)

Michael Tokarev (01/03/2013): > Package: busybox > Version: 1:1.20.0-7 > Severity: important > Tags: upstream patch pending > > `P' and `p' commands in vi ("paste") results in a segfault if > nothing has been put into paste buffer. This may trivially result > in a loss of all changes in a file b

Bug#700356: libperl-critic-perl: eval return value checking policy now obsolete

Hi Russ I'm sorry for the delay without a reply to you. I have now forwarded this to upstream. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#702061: debian-installer: rdate fails without -o

Control: reassign -1 rdate 1:1.2-5 Control: tag -1 d-i Hi Riku, Riku Saikkonen (02/03/2013): > Package: debian-installer > Version: 20130211 > > (I hope the version is correct - I don't know how to find it from the > installer. I used the wheezy RC1 installer from: > > http://cdimage.debian.

Bug#702068: klibc: FTBFS with linux-libc-dev from experimental installed

Source: klibc Version: 2.0.1-3.1 Severity: important On my amd64 system with linux-libc-dev version 3.8-1~experimental.1, I get this build failure: ... perl /home/daniel/x32/klibc/klibc-2.0.1/usr/klibc/socketcalls.pl usr/klibc/socketcalls/SOCKETCALLS.i x86_64 usr/klibc/socketcalls > usr/klib

Bug#700719: postfix - Computes bogus public key fingerprints

Hi LaMont, Release Team, I've taken a look at this RC bug in Postfix. Looking at the diff between 2.9.3-2.1 (testing) and 2.9.6-1 (sid), t I've attached the debdiff between testing and unstable removing changes to po files, documentation and tests. The changes for this bug are the majority, and

Bug#702067: UDD: bugs.cgi - incomplete output on some searches

Package: qa.debian.org Severity: minor Hi, It seems that the UDD does not properly handle some queries. I suspect (but haven't confirmed) that it might be quries with 0 results. The query in [1] relibly seems to cause an incomplete HTML output. I suspect this query to give an empty result; sinc

Bug#702066: ITP: trac-code-comments -- code comments and review plugin for Trac

Package: wnpp Severity: wishlist Owner: python-apps-t...@lists.alioth.debian.org Package name: trac-code-comments Version : 1.1.1 Upstream Author : Nikolay Bachiyski , Thorsten Ott URL : https://github.com/Automattic/trac-code-comments-plugin License : (GPL2 Progr

Bug#702065: movabletype-opensource: Last update lost the previous preinst

Package: movabletype-opensource Version: 5.1.4+dfsg-3 Severity: important The last update added debian/movabletype-opensource.preinst but there already a debian/preinst. Fortunately the loss of the previous file does not break the package horribly, but it did contain an important notice about sec

Bug#702021: debian wheezy not booting

Piotrek (01/03/2013): > Package: installation-reports > > Boot method: > Image version: > > Date: <01.03.2013> > > Machine: > Processor:i5 3210 > Memory:4gb > > > Base System Installation Che

Bug#702064: uruk: [PATCH] Replace obsolete 'state' module usage with 'conntrack'.

package: uruk tags: confirmed Thanks for this very nice patch. Wish all donated patches fixed documentation too... Will apply soonish. Greetings from Cambridge, Joost --- Begin Message --- The iptables 'state' module has been obsoleted and produces warnings in current Debian sid. The modern

Bug#702063: ices2: New upstream release available: 2.0.2

Package: ices2 Severity: normal Tags: patch Dear Maintainer, Ices 2.0.2 was released last august, please update the Debian package. Looking at the changelog it seems that #255417 should be fixed there too. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'te

Bug#702062: [thunar] [thunar] Can freeze X session used together with xarchiver to open a file in a password protected archive

Package: thunar Version: 1.2.3-4+b1 Severity: important --- Please enter the report below this line. --- Hi, Suppose that xarchiver is the default thunar action when clicking an archive file and that it's password protected (tested rar and zip archive types). If you double-click any file in the a

Bug#700923: [Secure-testing-team] Bug#700923: pacemaker: CVE-2013-0281

severity 700923 important thanks Hi, I find it unlikely that in serious deployments remote cib management would be enabled for untrusted connections. This kind of management usually happens over separate networks or is appropriately guarded by other controls. And where not, the worst result is

Bug#695838: parcimonie-applet: segfaults in perl periodically

Hi, Paul Wise wrote (19 Feb 2013 03:57:54 GMT) : >> - libglib-perl 3:1.280-1 > Crashed. >> - libglib-object-introspection-perl 0.014-1 > Hasn't crashed yet and it has been overnight. It's now been a while since I've run Wheezy + libglib-perl 3:1.280-1 + libglib-object-introspection-perl 0.01

Bug#702059: eclipse-cdt is missing a dep: libglib2.0-bin, crashed after startup

On 2013-03-02 11:59, Michael Strobel wrote: > Package: eclipse-cdt > Version: 8.1.0+dfsg-2 > Severity: normal > > Dear Maintainer, > >i installed eclipse-cdt and it crashed at startup installing >libglib2.0-bin resolved the issue. A dep should be added to this >package to install it a

Bug#701135: removal has been requested

Removal of this package has been requested by the maintainer in #701858. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#700290: pbuilder: clang support

On Sat, 02 Mar 2013 16:59:35 +0900 Junichi Uekawa wrote: > Sorry, no please use a hookdir, it's there to be used. I don't like to > add too many options to pbuilder. I understand you don't like too many options, but also you don't consider the situations for usage of my proposal, as "switching"

Bug#702061: debian-installer: rdate fails without -o

Package: debian-installer Version: 20130211 (I hope the version is correct - I don't know how to find it from the installer. I used the wheezy RC1 installer from: http://cdimage.debian.org/cdimage/wheezy_di_rc1/i386/iso-cd/debian-wheezy-DI-rc1-i386-netinst.iso ) The installer (at least the net

Bug#702060: gtksourceview2: FTBFS on x32: Needs libtool update

Source: gtksourceview2 Version: 2.10.4-1 Severity: wishlist Tags: patch User: debian-...@lists.debian.org Usertags: port-x32 ftbfs-libtool The gtksourceview2 source package is getting this build failure on x32: http://buildd.debian-ports.org/status/fetch.php?pkg=gtksourceview2&arch=x32&ver=2.10.4

Bug#702059: eclipse-cdt is missing a dep: libglib2.0-bin, crashed after startup

Package: eclipse-cdt Version: 8.1.0+dfsg-2 Severity: normal Dear Maintainer, i installed eclipse-cdt and it crashed at startup installing libglib2.0-bin resolved the issue. A dep should be added to this package to install it automatically. -- System Information: Debian Release: 7.0

Bug#701946: aptitude: Internal error: no filename for :amd64 after a failed install

On 2 March 2013 15:41, Daniel Hartwig wrote: > On 2 March 2013 09:57, Daniel Dickinson wrote: >> This happens with any of the packages I have tried to reinstall. For >> example, if ccrypt is already installed, the emacs23 amd64 23.4+1-4 will >> fail to install. If you subsequently attempt a rein

Bug#665921: apt: use all hashsums availble in secure APT

Control: tags 423902 = wontfix Control: tags 665921 = wontfix Control: severity 665921 wishlist Control: merge 423902 665921 Hello again Christoph, others Thanks for your continued interest and feedback regarding security in apt. In Bug#423902, Colin Watson wrote: > On Mon, May 14, 2007 at 10:2

Bug#702058: hocr: FTBFS on x32: Needs libtool update

Source: hocr Version: 0.10.17-1 Severity: wishlist Tags: patch User: debian-...@lists.debian.org Usertags: port-x32 ftbfs-libtool The hocr source package is getting this build failure on x32: http://buildd.debian-ports.org/status/fetch.php?pkg=hocr&arch=x32&ver=0.10.17-1&stamp=1361154449>: ... /b

Bug#702057: support for squeeze-sloppy-backports

package: buildd.debian.org x-debbugs-cc: debian-backpo...@lists.debian.org severity: wishlist Hi, please setup wanna-build support for squeeze-sloppy-backports, so that this suite can be created and used. Thanks already and for all your work running this in the first place! :-) cheers,

Bug#702056: The package libpolybori-dev doesn't ship a flags.conf

Package: libpolybori-dev Version: 0.8.3-1~exp1 Severity: minor The package doesn't ship a flags.conf file, which is annoying since sage expects it. The sage spkg builds polybori using: ${SCONS} devel-install install "PREFIX=${SAGE_LOCAL}" \ "INSTALLDIR=${SAGE_LOCAL}/share/polybori"

Bug#699692: [Pkg-openssl-devel] Bug#699692: "Illegal instruction" when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86

On Sat, Mar 02, 2013 at 01:17:46AM +0100, Hans-Juergen Mauser wrote: > Hello Kurt, > > see the required information attached to this mail. If I can provide > further information, don't hesitate to ask me. So for some reason it seems to think your CPU supports the RDRAND instructions, which is onl

Bug#671351: "Use these settings for all networks sharing this essid" does not work

Hi, I faced similar behaviour. When I've used the option it didn't seem to affect all access points with the same essid. My problem was that /etc/wicd/wireless-settings.conf file contained records for some of the access points I've already accessed before. For these AP the cached (not working)

Bug#702046: [Pkg-xen-devel] Bug#702046: Bug#702046: xen-utils-4.0: PyGrub VM Boot fails after xen-utils 4.0.1-5.6 -> 4.0.1-5.7 Update

On Sat, 2013-03-02 at 09:41 +, Ian Campbell wrote: > > I've attached a debdiff of what I believe the fix is going to be. > However I'm travelling at the moment and on a slight dodgy Internet > link so testing is taking a little longer than normal. I'll try and > report back ASAP. Actually the

Bug#545272: This is probably security relevant

To me this issue looks like a security-bug, a denial of service attack is possible if the attacker controls (or can influence) the jabber service used by asterisk. The result is a segmentation fault of asterisk. So I guess the prio should be raised and the enclosed patch should be applied before s

Bug#702046: [Pkg-xen-devel] Bug#702046: xen-utils-4.0: PyGrub VM Boot fails after xen-utils 4.0.1-5.6 -> 4.0.1-5.7 Update

Adding security folks to cc. On Sat, 2013-03-02 at 08:46 +0100, Sebastian Melchior wrote: > Package: xen-utils-4.0 > Version: 4.0.1-5.7 > Severity: important > > After Upgrading to xen-utils 4.0.1-5.7 my pygrub Xen VMs won't boot. Running > pygrub manually shows: > > /usr/lib/xen-default/bin/pyg

Bug#582109: debian-policy: document triggers where appropriate

Le Sun, Feb 24, 2013 at 04:41:55PM +0900, Charles Plessy a écrit : > > I am having a look at how to document triggers. In order to simplify the > explanation and re-use more easily material from the file above, I think > that we would benefit from documenting the dpkg states for a package. How a

Bug#702005: libpython2.7: Upgrade to libpython2.7 2.7.3-7 fails, breaking python entirely

The 2.7.3-7+b1 version didn't solve the problem (from a 2.7.3-6 -> 2.7.3-7+b1 upgrade on a different amd64 machine). On 2013-03-01 20:43:07 +0100, Sven Joachim wrote: > I received error messages from GMX that the mails could not be > delivered, but unfortunately have deleted them already. :-( > If

Bug#698526: [Piuparts-devel] Bug#698526: Sort known issues by reverse dependency count

Hi, On Dienstag, 26. Februar 2013, Andreas Beckmann wrote: > I'm primarily concerned about reimplementing a bad piece of code (the > second half of dwke that creates the .tpl files) in order to build a new > feature on top of it. The perfectionist in me would like to fix things > properly first.

Bug#701823: installation-report: Encrypted LVM assisted install failed on Lenovo T430s

Em 27-02-2013 15:45, Raphaël Walther escreveu: Please find attached the error message and a few logs. Lot's of hard drive errors, such as: Feb 27 12:53:59 kernel: [ 839.770044] ata1.00: exception Emask 0x0 SAct 0xfffc SErr 0x0 action 0x6 frozen Feb 27 12:53:59 kernel: [ 839.770052] ata1.00

Bug#702055: libpils0, libpils-dev, libstonith0, libstonith-dev: transitional packages uninstallable in lenny

Package: libpils0,libpils-dev,libstonith0,libstonith-dev Version: 2.1.3-6lenny4 Severity: minor Tags: lenny User: debian...@lists.debian.org Usertags: piuparts Control: fixed -1 2.99.2+sles11r9-1 Hi, during a test with piuparts I noticed your package is not installable in lenny The following p

Bug#702054: link() with non-synchronous Filesystems

Package: qmail-src Version: (1.03-49.2) [non-free] In 1.03-46 changelog: Removed link-sync patch (Closes #466447) The removed patch would be a Linux port that fix non-synchronous link() problem with some Linux Filesystems like reiserfs/ext2, so just removing it without fixing in other ways,

Bug#702053: Acknowledgement (unblock: nautilus-image-manipulator/1.1-2)

The promised debdiff. +Emilien diff -Nru nautilus-image-manipulator-1.1/debian/changelog nautilus-image-manipulator-1.1/debian/changelog --- nautilus-image-manipulator-1.1/debian/changelog 2012-06-26 19:42:52.0 +0200 +++ nautilus-image-manipulator-1.1/debian/changelog 2013-03-

Bug#702053: unblock: nautilus-image-manipulator/1.1-2

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release team, Please unblock package nautilus-image-manipulator The package has 2 severe bugs in testing, which: - makes the software unusable if the config file is edited manually (bug

Bug#617613: freecad in fact does not link to incompatible libraries

Dear all, if the decision is so difficult, I propose to remove the package from testing/Wheezy. The discussed FreeCAD-version is pretty old (0.12), a new one (0.13) with a bunch of improvements is already packaged for experimental and I am planning to push it into backports. I will request the p

Bug#701649: [Pkg-libvirt-maintainers] Bug#701649: libvirt-bin - libvirtd changes permissions of devices to libvirt-qemu:kvm

On Tue, Feb 26, 2013 at 05:52:25AM +0100, Guido Günther wrote: > This is configuratble via the group option in /etc/libvirt/qemu.conf. I > do think that kvm is a reasonable choice since kvm isn't a general > purpose group but one reserved for processes running kvm instances. kvm is general purpose

Bug#702052: visualvm: Please package visualvm 1.3.5

Package: visualvm Version: 1.3.3-2 Severity: wishlist Dear Maintainer, Please consider packaging newer version of visualvm. 1.3.5 has been released in November 2012 and I found it much faster then currently packaged 1.3.3. If required, I can help with packaging. Regards Paweł -- System Inform

Bug#700591: [pbuilder] Add support for shared memory mounting point

Junichi Uekawa dixit: >(I don't particularly like the fact that simple builds requiring >directories outside of your home directory other than /tmp to be >writeable) I agree with that (in fact, IMHO even writing to something rooted under $HOME is not nice). In BSD ports, there is some attempt us

Bug#698732: dspam external map does not work with TLS enabled

I think we've already figured it out. The problem is that DSPAM currently only supports TLS via STARTTLS but I'm using ldaps which is a different protocol. I would have submitted a patch already but I currently don't have a Linux dev environment to do the build on (only a server which, for secur

Bug#702051: dovecot-sieve: Can't remove package (dovecot.pem: No such file or directory)

Package: dovecot-sieve Version: 1:2.1.7-7 Severity: normal $ dpkg --purge remove dovecot-sieve dpkg: warning: ignoring request to remove remove which isn't installed (Reading database ... 371986 files and directories currently installed.) Removing dovecot-sieve ... Starting IMAP/

Bug#702037: blueman: enabling bluetooth plugin reports "PulseAudio too old, required 0.9.15 or higher"

Hi, thanks for your report. What's your pulseaudio version (dpkg -l pulseaudio)? Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#699744: nagios3-cgi: prompting due to modified conffiles which were not modified by the user: /etc/nagios3/stylesheets/outages.css

Control: reopen -1 Control: reassign -1 release-notes Control: affects -1 + nagios3-cgi On 2013-03-02 07:35, Alexander Wirt wrote: > On Fri, 01 Mar 2013, Russ Allbery wrote: > >> Based on the bug discussion, I believe this bug against nagios3-cgi should >> be closed. The problem is with the dpkg

Bug#702050: tasksel: a meta task to install all language tasks ?

Package: tasksel Severity: wishlist X-Debbugs-CC: debian-de...@lists.debian.org Le Tue, Feb 26, 2013 at 04:57:48PM -0800, Russ Allbery a écrit : > Charles Plessy writes: > > > on these systems, getting all the default fonts and input methods would > > also be a big plus. For the moment we are y

Bug#700808: emacs: editing text file containing korean quickly results in 100% cpu usage

Hi Rob, I tried doing exactly the same (so without using my .emacs file). By just pressing the arrow key to scroll either left or right or up and down I was at random times getting 100% CPU usage, although the recovery was a lot quicker than the very long hangs I was getting with my previous us

Bug#702049: xul-ext-ubiquity: uninstallable in sid

Package: xul-ext-ubiquity Version: 0.6.2-1 Severity: important Tags: sid User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: xul-ext-ubiquity : Depends: ic

Bug#702048: openntpd: unowned files after purge (policy 6.8, 10.8): /var/lib/openntpd/ntpd.drift

Package: openntpd Version: 20080406p-5 Severity: important User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package left unowned files on the system after purge, which is a violation of policy 6.8 (or 10.8): http://www.debian.org/doc/debian-polic

Bug#700591: [pbuilder] Add support for shared memory mounting point

At Wed, 27 Feb 2013 22:30:58 + (UTC), Thorsten Glaser wrote: > > Junichi Uekawa dixit: > > >I think the reason it's not done yet is that pbuilder predates > >/run/shm and we need to be updated... > > No, it was not done for /dev/shm either. /me smells security issues > or something like that

Bug#700290: pbuilder: clang support

At Thu, 28 Feb 2013 12:05:32 +0900, Hideki Yamane wrote: > > Hi, > > On Thu, 28 Feb 2013 07:02:54 +0900 > Junichi Uekawa wrote: > > I like the way this is very compact patch, but I dislike that it > > requires adding a config parameter to pbuilder (because it will need > > to be propagated to co

<    1   2   3