Bug#876640: plinth: Insecure crypto settings used for auth-pubtkt

Package: plinth Version: 0.15.1+ds-1 Severity: grave Tags: security upstream Justification: user security hole Due to issues (now fixed) in libapache2-mod-auth-pubtkt, plinth v0.15.1 has insecure settings for key generation and signing. This may allow someone to impersonate a plinth user and

Bug#872441: stretch-pu: package gsoap/2.8.35-4+deb9u1

Hi Jonathan, On Sat, Sep 23, 2017 at 06:24:49PM +0100, Jonathan Wiltshire wrote: > Control: tag -1 confirmed > > On Fri, Aug 18, 2017 at 11:35:09AM +0200, Mattias Ellert wrote: > > fre 2017-08-18 klockan 08:46 +0100 skrev Adam D. Barratt: > > > On 2017-08-18 8:01, Mattias Ellert wrote: > > > >

Bug#876639: libgo11: Please consider backport "libgo: use gc's arch names as the default GOARCHs on MIPS"

Package: libgo11 Version: 7.2.0-5 Severity: wishlist Tags: upstream X-Debbugs-CC: pkg-go-maintain...@lists.alioth.debian.org Dear Maintainer, Currently the pkg-go team uses gccgo to build Go packages on MIPS* archs. However currently version of gccgo has different GOARCH name for MIPS*. Bug is

Bug#876638: jessie-pu: package db/5.1.29-9+deb8u1

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu db in jessie is affected by the CVE-2017-10140 ("Berkeley DB reads DB_CONFIG from cwd)", no bug in BTS filled for that since src;db removed from unstable. The NMU for src:db5.3 to

Bug#876637: ettercap: build dependency libluajit-5.1-dev is not available on mips64el and ppc64

Source: ettercap Version: 1:0.8.2-8 Severity: serious The build dependency libluajit-5.1-dev is not available on mips64el and ppc64, these architectures should be re-added at the build dependency.

Bug#800643: Workaround works for Debian Stretch

Reproduced here with debian-9.1.0-amd64+Gnome Appending this line: After=network-online.target to the [Unit] section of /lib/systemd/system/avahi-daemon.service then at next boot avahi-daemon message disappears. -- __ I'm using this express-made address because personal addresses

Bug#876635: haskell-cryptol FTBFS: Couldn't match type `t69' with `Pattern PName'

Source: haskell-cryptol Version: 2.4.0-2 Severity: serious Tags: buster sid https://buildd.debian.org/status/package.php?p=haskell-cryptol=sid ... dist-ghc/build/Cryptol/Parser.hs:1329:18: error: * Couldn't match type `t69' with `Pattern PName' `t69' is a rigid type variable bound by

Bug#876636: apache2: insserv noise

Package: apache2 Version: 2.4.27-6 During the package upgrade insserv creates two warnings: insserv: warning: current start runlevel(s) (empty) of script `apache-htcacheclean' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script

Bug#871648: qemu-system-x86: /usr/bin/qemu-system-i386 eats slowly but surely all the Dom0 memory

On Thu, 31 Aug 2017 12:11:00 + astian wrote: > Control: found -1 1:2.8+dfsg-7 > Control: tags -1 + patch fixed-upstream > > Hi, > > After staring at GDB for ungodly spans of time I managed to track down this > bug, ipso facto discovering that it was already fixed upstream

Bug#876552: nm: [PATCH] gendered pronoun in explain_statement_am_ok

On Sat, Sep 23, 2017 at 12:39:55PM -0400, Geoffrey Thomas wrote: > The am_ok page has the sentence, "The applicant will be notified once an > Application Manager is assigned who will contact him." > > Attached is a patch to change the pronoun to "them". I think this is the > only one-gender

Bug#876634: octave-signal FTBFS on i386: assert (isequal (b9, b16)) failed

Source: octave-signal Version: 1.3.2-2 Severity: serious https://buildd.debian.org/status/fetch.php?pkg=octave-signal=i386=1.3.2-2=1504777518=0 ... [fir2] > /<>/debian/octave-signal/usr/share/octave/packages/signal-1.3.2/fir2.m * test f = [0 0.6 0.6 1]; m = [1 1 0 0]; b9 = fir2 (30,

Bug#876618: science.js build-depends on removed nodejs-legacy

Depending on nodejs-legacy was a serious bug in the first place. Anyway (nodejs >= 6.11.2~) installs /usr/bin/node now. Jérémy 2017-09-24 2:16 GMT+02:00 Adrian Bunk : > Source: science.js > Version: 1.9.3-1 > Severity: serious > Tags: buster sid > > The following packages have

Bug#876632: sdpa FTBFS due to hardcoded (non-multiarch) path for libblas.a

Source: sdpa Version: 7.3.9+dfsg-1.1 Severity: serious https://buildd.debian.org/status/package.php?p=sdpa=sid ... cd . && CFLAGS="-g -O2 -fdebug-prefix-map=/<>/sdpa-7.3.9+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -fPIC -funroll-all-loops" CXXFLAGS="-g -O2

Bug#876633: nmu: libselinux_2.6-3+b2

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hello, a few days ago, a binNMU for the src:libselinux Debian package hit stretch-proposed-updates, providing among others a file named libselinux1_2.6-3+b2_amd64.deb - unfortunately such a

Bug#876484: torbrowser-launcher: stuck in "Tor exited during startup" loop with AppArmor

Chris Lamb: >> But I guess that this bug won't come back now that you've cleared >> .local/share/torbrowser > Mmm. I'm therefore going to close this bug; doesn't seem very useful keeping > it open now. Well, I see no indication that makes me confident it won't happen to anyone else. I'll let

Bug#853734: [pkg-boost-devel] Bug#853734: Bug#853734: ping

On Friday, September 22, 2017 3:17:58 PM CDT pdzie...@igf.fuw.edu.pl wrote: > Hi, > > what is the status of this bug? > > I think it has become more urgent to fix it since starting with Boost > 1.65.0 the > boost::python::numeric API has become obsolete and now only the > boost::python::numpy

Bug#876563: Some icons are broken

Control: reassign -1 libpng1.6 1.6.32-1 Control: forwarded -1 https://sourceforge.net/p/libpng/bugs/270/ Control: retitle -1 rejects valid PNG images with "IDAT: chunk data is too large" On 23.09.2017 21:59, Evgeny Kapun wrote: > Package: keepassx > Version: 2.0.3-1 > > Some icon files shipped

Bug#876631: libroscpp-dev: node_handle.h includes steady_timer.h but it isn't included in the package

Package: libroscpp-dev Version: 1.13.2+ds1-1 Severity: serious Control: affects -1 src:ros-actionlib https://buildd.debian.org/status/package.php?p=ros-actionlib=sid ... /usr/bin/c++ -DROSCONSOLE_BACKEND_LOG4CXX -DROS_PACKAGE_NAME=\"actionlib\" -Dactionlib_EXPORTS -I/<>/build/devel/include

Bug#876021: libreoffice-writer: launching writer makes libreoffice crash

Hi, On Sun, Sep 24, 2017 at 10:03:03AM +0200, Jérôme Bouat wrote: > >Do you have libreoffice-wiki-publisher installed? > > yes I have, version 1.2.0+LibO5.2.7-1 OK, I believe it goes away when you remove it, though, please remove it only after the required infomation ;) > >To confirm, please

Bug#876484: torbrowser-launcher: stuck in "Tor exited during startup" loop with AppArmor

Hi all, Thanks for the quick turnaround here. > But I guess that this bug won't come back now that you've cleared > .local/share/torbrowser Mmm. I'm therefore going to close this bug; doesn't seem very useful keeping it open now. > I'll go ahead and submit this change upstream. Great stuff.

Bug#872375: lirc: irrecord segfaults when recording a button

On 24/09/17 03:50, Francois Gouget wrote: Actually it's the -f option that causes the crash. I can reproduce it with: # irrecord -f /tmp/foo.conf This would just indicate that foo.conf is broken somehow. Given the state of lirc, I don't think it's feasible to make it handle any kind of

Bug#876630: jessie-pu: package db5.3/5.3.28-9+deb8u1

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi stable release managers, db5.3 in jessie is affected by the CVE-2017-10140 ("Berkeley DB reads DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of august has not

Bug#876314: stretch-pu: package trace-cmd/2.6-0.1+b1

On 23 September 2017 18:52:20 CEST, Jonathan Wiltshire wrote: >I appreciate your diligence. Please go ahead. thanks, uploaded. > >Thanks, Sebastian

Bug#876021: libreoffice-writer: launching writer makes libreoffice crash

Hello, Do you have libreoffice-wiki-publisher installed? yes I have, version 1.2.0+LibO5.2.7-1 To confirm, please send a gb backtrace; see https://wiki.documentfoundation.org/QA/BugReport/Debug_Information For each installed package of libreoffice, openjdk and libstdc++, I installed the

Bug#876401: ITA: xdg-utils -- desktop integration utilities from freedesktop.org

On Sat, 23 Sep 2017 15:49:41 +0300 =?UTF-8?B?0JrQvtC70Y8g0JPRg9GA0YzQtdCy?= wrote: Hello, > I'd like to work on this package and adopt it. First of all, it makes > sense to deal with an unreleased version from Git. Afterwards, I'll > merge a new upstream version, v1.1.2 and

Bug#843448: linux-image-4.8.0-1-armmp-lpae: fails to boot on Odroid-Xu4 with rootfs on USB

Hi, Finally I had the time and hardware available to look into this again and found a better way to fix it. Applying the attached patch results in a new exynos5422-odroidxu4.dtb that could simply be copied to /boot/dtbs/*/ I've tested this with the current kernel in sid

Bug#876629: stretch-pu: package db5.3/5.3.28-12+deb9u1

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi stable release managers, db5.3 in stretch is affected by the CVE-2017-10140 ("Berkeley DB reads DB_CONFIG from cwd)", #872436. The NMU to unstable back on end of august has not

Bug#872652: Problems building package

On 23/09/17 18:15, Andreas Tille wrote: On Sat, Sep 23, 2017 at 10:39:35AM +0100, Ghislain Vaillant wrote: Frederic gave a hint to bug #873921. Now that the situation with pandas / statsmodels is resolved, the package builds fine [1]. [1]

Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

On 2017-09-23 19:59 +0100, Adam D. Barratt wrote: > Control: tags -1 -moreinfo +confirmed > > On Thu, 2017-09-07 at 19:06 +0200, Cyril Brulebois wrote: >> Sven Joachim (2017-09-06): >> > Meanwhile seven new CVEs in the tic library and programs have been >> > reported, and I

Bug#876453: [debhelper-devel] Bug#876453: Remove support for upstart jobs from dh_installinit

Dimitri John Ledkov: > On 22 September 2017 at 19:24, Michael Biebl wrote: >> [...] >> >> Niels mentioned on IRC, that in compat 11, debhelper could make it an >> error to have an upstart file and use the opportunity to remind people >> to remove the conffile. >> >> I like that

Bug#876087: Source code and license of dmsc.asm

Hi, your acme code dmsc.asm is used in xscreensaver by Jamie Zawinski. Apparently there have been issues filed before at very Freedom oriented distributions that the file is not clearly licensed and the source code is not shipped with it. E.g. at https://labs.parabola.nu/issues/131 . This has

Bug#876424: evince: breaking pages when reading pdf files greater than 500 pages

On Fri, Sep 22, 2017 at 12:16:18AM -0300, Paulo wrote: > I've been trying to read pdf files using evince but some pages are breaking. I > Tried to use packages from testing and sid repositories but didn't work. I ran > the evince from cli and get some 'out of memory' errors, please look bellow:

Bug#872886: evince installation corrupts /etc/mailcap

Version: 3.24.1-1 On Tue, Aug 22, 2017 at 02:01:39AM -0500, Carlo Segre wrote: > When evince is installed and update-mime is executed, a corrupt entry > is added to mailcap such that any entries below the corrupt line are > ignored by programs like alpine. The corrupt line is listed below > (the

<    1   2   3