) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Added autoconf, automake, and libtool in Build-Depends to regenerate
+configure and auto* files at build time, and fixed a regression introduced
+in previous NMU (Closes: #576457)
+
+ -- Giuseppe Iuculano Mon, 05 Apr
tags 575680 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 3 Apr 2010 12:54:14 +0200.
The fix will be in the next upload.
=
Updated German debconf
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-4274: Stack-based buffer overflow by processing X PixMap
+image header fields (Closes: #569060)
+
+ -- Giuseppe Iuculano Fri, 02 Apr 2010 11:27:22 +0200
+
netpbm-free (2:10.0-12.1) unstable; urgency=low
tags 574935 patch
tags 576086 patch
thanks
Hi,
this issue got a CVE id, CVE-2010-0743.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Patch:
http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commitdiff;h=107d922706cd36f3bb79bcca9bc4678c32
Package: jetty
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-4609[0]:
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote
| attackers to obtain sensitiv
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-4610[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty
| 6.x and 7.0.0 allow rem
Package: viewvc
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for viewvc.
CVE-2010-0736[0]:
| Cross-site scripting (XSS) vulnerability in the view_queryform
| function in lib/viewvc.py in
Package: arora
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for arora.
CVE-2010-1100[0]:
| Integer overflow in Arora allows remote attackers to bypass intended
| port restrictions on out
Package: python3.1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for python3.1.
CVE-2008-5983[0]:
| Untrusted search path vulnerability in the PySys_SetArgv API function
| in Python 2.6 a
Package: xpdf-reader
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.
CVE-2009-1188[0]:
| Integer overflow in the JBIG2 decoding feature in the
| SplashBitmap::SplashBitmap functio
Package: ruby1.9
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ruby1.9.
CVE-2009-1904[0]:
| The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173
| allows context-dep
Package: viewvc
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for viewvc.
CVE-2010-0004[0]:
| ViewVC before 1.1.3 composes the root listing view without using the
| authorizer for each
Package: squid3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for squid3.
CVE-2010-0308[0]:
| lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through
| 3.1.0.15 allows remot
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lxr-cvs.
CVE-2009-4497[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5
| and 0.9.6 allows r
Package: liboggplay
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for liboggplay.
CVE-2009-3388[0]:
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
| 2.0.1 might a
Package: libmikmod
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libmikmod.
CVE-2009-3995[0]:
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module
| Decoder Plug-in
Package: lib3ds
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lib3ds.
CVE-2010-0280[0]:
| Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
| Google SketchUp 7.x before 7
Package: krb5
Version: 1.8+dfsg~alpha1-7
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for krb5.
CVE-2010-0628[0]:
| The spnego_gss_accept_sec_context function in
| lib/gssapi/spnego/spnego
tags 575701 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 28 Mar 2010 16:02:37 +0200.
The fix will be in the next upload.
=
Updated French debconf
Hi Martin,
Il 28/03/2010 12:40, Martin Eberhard Schauer ha scritto:
> Dear Guiseppe,
> despite of translating the debconf template at the same day when your
> mail hit the german mailing list, he unfortunately failed submitting the
> po file in time.
> We would be very grateful if you could apply
Hi Alexander,
Il 26/03/2010 12:24, Alexander Sack ha scritto:
> Just pull and build the ubuntu package.
Is there a specific reason why you (Chromium team) uploaded
chromium-browser in Ubuntu two months ago and not yet in Debian?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital sig
tags 575525 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 27 Mar 2010 10:37:12 +0100.
The fix will be in the next upload.
=
Adopt nload, thanks to Jeroen
tags 575525 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 27 Mar 2010 10:37:12 +0100.
The fix will be in the next upload.
=
Adopt nload, thanks to Jeroen
tags 222170 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 27 Mar 2010 10:26:42 +0100.
The fix will be in the next upload.
=
Install upstream manpage and
Ciao Giuseppe!
Il 08/03/2010 10:13, Giuseppe Sacco ha scritto:
> LIMIT/OFFSET clause on postgresql manual is available at
> http://www.postgresql.org/docs/8.4/interactive/sql-select.html#SQL-LIMIT
Could you try the attacked patch please?
Cheers,
Giuseppe.
--- a/php/src/include.php
+++ b/php/src
tags 574965 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:12:55 +0100.
The fix will be in the next upload.
=
Updated Spanish debconf
tags 573821 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:08:27 +0100.
The fix will be in the next upload.
=
Updated Russian debconf
tags 574856 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:11:38 +0100.
The fix will be in the next upload.
=
Updated Czech debconf
tags 574250 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:09:50 +0100.
The fix will be in the next upload.
=
Updated Swedish debconf
tags 573641 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:06:37 +0100.
The fix will be in the next upload.
=
Updated Vietnamese debconf
tags 573544 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:03:39 +0100.
The fix will be in the next upload.
=
Updated debconf Basque
tags 573535 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 26 Mar 2010 13:01:47 +0100.
The fix will be in the next upload.
=
Update Vietnamese debconf
abase. (Closes: #574021)
+
+ -- Giuseppe Iuculano Thu, 18 Mar 2010 15:18:06 +0100
+
pango1.0 (1.20.5-5) stable; urgency=low
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
diff -u pango1.0-1.20.5/debian/patches/series
pango1.0-1.20.5/debian/patches/series
--- pango1.0-1
tags 574291 moreinfo unreproducible
thanks
Hi,
Il 17/03/2010 11:51, Andrey Smachev ha scritto:
> # arping -B
> Segmentation fault
I can't reproduce this, please provide[1] a meaningful debugging backtrace.
[1]http://wiki.debian.org/HowToGetABacktrace
Cheers,
Giuseppe
signature.asc
Descript
Il 17/03/2010 11:51, Andrey Smachev ha scritto:
> Versions of packages arping depends on:
> ii libc6 2.10.2-2 GNU C Library: Shared
> libraries
> ii libnet1 1.1.4-1library for the
> construction and h
> ii libpcap0.81.0.0-2
Package: pulseaudio
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Dan Rosenberg discovered an insecure temporary file creation in pulseadio.
Please see:
https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008
Upstream patch:
http://git
tags 573492 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 12 Mar 2010 21:52:32 +0100.
The fix will be in the next upload.
=
Updated Portuguese debconf
tags 573010 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Thu, 11 Mar 2010 13:02:22 +0100.
The fix will be in the next upload.
=
Support apache2 and lighttpd
tags 558081 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Thu, 11 Mar 2010 11:39:09 +0100.
The fix will be in the next upload.
=
Added Japanese po-debconf
reassign 572525 php-apc
severity 572525 serious
retitle 572525 completely unusable with php 5.3
thanks
Il 04/03/2010 19:30, sean finney ha scritto:
> hi giuseppe,
>
> can you by any chance isolate this to a specific page or chunk of code
> so that we could reproduce it?
This was caused by php-ap
Package: php5
Version: 5.3.1-5
Severity: normal
Hi,
it seems php segfaults with horde, backtrace attacked
Cheers,
Giuseppe
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (500,
'proposed-updates'), (50
Il 27/02/2010 08:04, Michael Gilbert ha scritto:
> this is because dkms doesn't have any cleanup code to remove the
> modules and files it creates. would it be make sense to add some
> dkms cleanup code to the kernel's postrm? if i find the time, i
> will look into this (if it sounds reasonable).
tags 549938 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Wed, 3 Mar 2010 15:52:17 +0100.
The fix will be in the next upload.
=
Fixed -e option in cron.daily
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
+(Closes: #570737)
+
+ -- Giuseppe Iuculano Tue, 02 Mar 2010 14:57:17 +0100
+
sudo (1.7.2p1-1) unstable; urgency=low
* new upstream version
only in patch2:
block 560822 by 569724
thanks
Il 27/02/2010 07:31, Michael Gilbert ha scritto:
> dkms_autoinstaller script was indeed run in the kernel's postinst, but
> it failed because i had forgotten the headers (note this wouldn't
> have been obvious to the average user). so thinking that all i need
> now ar
tags 570956 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Mon, 22 Feb 2010 14:37:14 +0100.
The fix will be in the next upload.
=
Removed powersaved from
Il 16/02/2010 17:38, maximilian attems ha scritto:
> this bug report is a joke. unless you come up with
> code that linux-2.6 should shipp or at least a clear
> indication of what it should do, I'd have to close it.
>
> a beginning would be to post said /etc/kernel/header_postinst.d/dkms
Let me r
tags 562720 security
thanks
Il 15/02/2010 22:13, Patrick Matthäi ha scritto:
> I am also CCing t...@security.debian.org now and raise the severity to
> grave. Sorry but it is in my eyes DEFINITLY a blocker!
I don't want take part in the severity ping-pong game, but if a remote user
can crash pidg
tags 567460 unreproducible
thanks
Il 14/02/2010 18:43, d...@post.com ha scritto:
> as there is no response from you by now, I would like to ask, if I can
> do something to help you in investigating my problem?
I can't reproduce your issue with virtualbox-ose-dkms package, so I guess
something is
Il 13/02/2010 23:05, maximilian attems ha scritto:
> and could you specify what you'd expect there?
User hook scripts.
signature.asc
Description: OpenPGP digital signature
Il 13/02/2010 21:07, Michael Gilbert ha scritto:
> my intent for this patch is for it to be executed only during the boot
> dkms module rebuild process. from brief testing, i've seen that this
> is the case (it is only executed at boot or runlevel change).
Which version? we removed[1] the init sc
tag 560822 - patch
Il 12/12/2009 19:10, Michael Gilbert ha scritto:
> reopen 560822
> tag 560822 patch
> thanks
>
> i've created a patch that automatically fetches the headers if they
> are missing. see attached debdiff. i believe error checking is
> sufficient because if apt-get fails, then th
Package: linux-2.6
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
it would be nice if linux-headers packages could run hooks files in
/etc/kernel/header_postinst.d on postinst.
This is a partial fix for #560822, dkms package already installs
/etc/kernel/header_postinst.d/
Package: gnome-screensaver
Version: 2.28.2-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for gnome-screensaver.
CVE-2009-4641[0]:
| gnome-screensaver 2.28.0 does not resume adherence to
Package: roundcube
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for roundcube.
CVE-2010-0464[0]:
| Roundcube 0.3.1 and earlier does not request that the web browser
| avoid DNS prefetchi
Package: imp4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for imp4.
CVE-2010-0463[0]:
| Horde IMP 4.3.6 and earlier does not request that the web browser
| avoid DNS prefetching of doma
Package: libapache-mod-security
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
libapache-mod-security 2.5.12 fixed multiple security flaws.
References:
[1]
http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.5.12/CHANGES_2.5.12.txt/downlo
Package: mysql-dfsg-5.1
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mysql-dfsg-5.1.
CVE-2008-7247[0]:
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41,
| and
+++ wordpress-2.0.10/debian/changelog
@@ -1,3 +1,10 @@
+wordpress (2.0.10-1etch6) oldstable; urgency=low
+
+ * [1eba647] Fixed CVE-2009-3622: Strip commas and spaces from charset
+in wp-trackback.php
+
+ -- Giuseppe Iuculano Sun, 07 Feb 2010 12:50:52 +0100
+
wordpress (2.0.10-1etch5) oldstable-security
/changelog
@@ -1,3 +1,9 @@
+wordpress (2.5.1-11+lenny3) stable; urgency=low
+
+ * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+ -- Giuseppe Iuculano Sun, 07 Feb 2010 12:27:14 +0100
+
wordpress (2.5.1-11+lenny2) stable; urgency=low
* [1dd14e6] Fixed a bug in the
tags 502329 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Tue, 2 Feb 2010 11:27:00 +0100.
The fix will be in the next upload.
=
Do not fail if $ISCONFIGURED is
-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3297: race condition in fusermount (Closes: #567633)
+
+ -- Giuseppe Iuculano Sun, 31 Jan 2010 22:23:35 +0100
+
fuse (2.8.1-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -u fuse-2.8.1/debian/patches/00list fuse-2.8.1/debian
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
+name (Closes: #564581)
+
+ -- Giuseppe Iuculano Fri, 29 Jan 2010 14:16:07 +0100
+
sendmail (8.14.3-9) unstable; urgency=low
* Batting 1000, build
Hi,
Attached is a debdiff of the changes I made for 8.14.3-9.1 0-day NMU.
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
-java (2.9.1-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
+via malformed XML input (Closes: #548358)
+
+ -- Giuseppe Iuculano Fri, 29 Jan 2010 11:19:09 +0100
+
libxerces2-java
fixed 566829 1:3.2.0~rc3-1
thanks
Il 25/01/2010 12:29, Rene Engelhard ha scritto:
> Oh, and please try with 3.2, too - though I don't see why this
> should matter, but.. - as that will be squeezes version if everthing
> goes OK (note downgrades will be tricky, so so might want to save
> your user
Hi,
Il 25/01/2010 12:27, Rene Engelhard ha scritto:
> Do you have some "security features" enabled somewhere?
No,
>
> What I also would try is ro check your .rdb files, maybe
> this is an other symptom of #566189/#566062/#565667...
After removing /var/spool/openoffice/uno_packages/cache/* I've
Package: openoffice.org
Version: 1:3.1.1-14
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
$ soffice
Error while mapping shared library sections:
pand:$OOO_BASE_DIR/program/cairocanvas.uno.so: No such file or directory.
Error while mapping shared library sections:
�[�
:
) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix two denial-of-service vulnerabilities: CVE-2009-3560 and CVE-2009-3720.
+(Closes: #560912)
+
+ -- Giuseppe Iuculano Sun, 24 Jan 2010 12:48:21 +0100
+
python2.5 (2.5.4-3) unstable; urgency=low
* Fix
tags 562353 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 23 Jan 2010 12:52:24 +0100.
The fix will be in the next upload.
=
Removed tetex-bin from Build
tags 543830 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sat, 23 Jan 2010 11:51:10 +0100.
The fix will be in the next upload.
=
New maintainer, thanks to
Hi,
Il 12/01/2010 12:44, Antti Pyykko ha scritto:
>>From /var/log/syslog
> -8<-
> Jan 12 13:42:11 hanuri smartd[9147]: Device: /dev/sdc, 5 Currently unreadable
> (pending) sectors
> Jan 12 13:42:11 hanuri smartd[9147]: internal error in MailWarning():
> cfg.mailwarn->emailfreq=0
> -8<-
Is this
tags 546566 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 22 Jan 2010 20:01:33 +0100.
The fix will be in the next upload.
=
Allow smartd 'DEVICESC
tags 545784 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 22 Jan 2010 19:52:27 +0100.
The fix will be in the next upload.
=
Fixed quietmode option
Closes
Hi,
sorry for late reply.
Il 29/09/2009 20:02, Reid Priedhorsky ha scritto:
>>> Yeah, I could look into that. Can you point me to some way to do so on
>>> Lenny that's not too disruptive? I don't want to do a full upgrade to
>>> testing.
>>
>> Are you using i386 or amd64?
>
> I'm running an amd6
tags 566224 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 22 Jan 2010 18:54:13 +0100.
The fix will be in the next upload.
=
Allow site names with dash
tags 313579 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Fri, 22 Jan 2010 18:02:48 +0100.
The fix will be in the next upload.
=
Merge from Ubuntu: New amule
Hi,
sorry for late reply.
Il 18/01/2010 10:00, Goswin von Brederlow ha scritto:
> That is a bit odd. I do see /lib/ld-linux.so.2 and /usr/bin/ldd in
> ia32-libs:ia64 so that should work.
>
> What kind of ia64 CPU do you have? Is it old enough to still have the
> i386 emulation hardware? Newer ia
@@
+dokuwiki (0.0.20090214b-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Check against cross-site request forgeries (CSRF)
+ * Fixed multiple vulnerabilities in ACL plugin (Closes: #565406)
+
+ -- Giuseppe Iuculano Sun, 17 Jan 2010 14:47:41 +0100
+
dokuwiki
tags 561832 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 17 Jan 2010 12:41:13 +0100.
The fix will be in the next upload.
=
Fixed the security id in wp
Il 16/01/2010 11:08, Goswin von Brederlow ha scritto:
> That usualy means one of the libraries can not be found.
> What does
>
> ldd i586-jdk/bin/unpack200
$ ldd i586-jdk/bin/unpack200
not a dynamic executable
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: sendmail
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sendmail.
CVE-2009-4565[0]:
| sendmail before 8.14.4 does not properly handle a '\0' character in a
| Common Name (CN) fi
Package: redmine
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for redmine.
CVE-2009-4459[0]:
| Redmine 0.8.7 and earlier uses the title tag before defining the
| character encoding in a
Vollstrecker ha scritto:
> So one package for one single small file? I got critized for spltting
> the translations and the utils into separate packages (which I have
> still reasons for). Where's the difference?
I don't know why you got criticized, but there are many other packages that
provide
Hi,
Vollstrecker ha scritto:
>> If we can add a gnome support, we should do it.
>
> And if we could add kde-support, we should do it? And if we could add
> opera-support, we should do it?
Why not? :-)
> everything, but I as a user would be pissed if I would have to install
> support for a sys
reopen 313579
thanks
Hi,
Debian Bug Tracking System ha scritto:
> Hi,
>
> I'm closing this bug, because this won't get included upstream, and
> including it in debian would help users of firefoy/iceweasel and gnome.
> I expect right after including this, someone wants lynx to be patched
> for
tags 562992 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Tue, 5 Jan 2010 08:43:30 +0100.
The fix will be in the next upload.
=
Disable fallocate and fix FTBFS
Giuseppe Iuculano ha scritto:
> Hi,
>
> Attached is a debdiff of the changes I made for 1.1.0.7-1.1 0-day NMU.
Hi,
previous NMU introduced a regression. Attached the debdiff for 1.1.0.7-1.2 0-day
NMU.
Cheers,
Giuseppe.
diff -u phpldapadmin-1.1.0.7/debian/changelog
phpldapadmi
(1.1.0.7-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-4427 (Closes: #561975)
+
+ -- Giuseppe Iuculano Sun, 03 Jan 2010 11:47:29 +0100
+
phpldapadmin (1.1.0.7-1) unstable; urgency=low
* New upstream release.
diff -u phpldapadmin-1.1.0.7
retitle 561975 CVE-2009-4427: Local file inclusion vulnerability
thanks
Hi,
this issue got a CVE id:
CVE-2009-4427[0]:
| Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
| allows remote attackers to include and execute arbitrary local files
| via a .. (dot dot) in the cmd par
Package: ia32-libs
Version: 20090808
Severity: serious
Hi,
it seems ia32-libs is broken on ia64:
$ file i586-jdk/bin/unpack200
i586-jdk/bin/unpack200: ELF 32-bit LSB executable, Intel 80386, version 1
(SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped
$ i586-jdk/
Hi,
this issue got a CVE id:
CVE-2009-4144[0]:
| NetworkManager (NM) 0.7.2 does not ensure that the configured
| Certification Authority (CA) certificate file for a (1) WPA Enterprise
| or (2) 802.1x network remains present upon a connection attempt, which
| might allow remote attackers to obtain
Package: network-manager-applet
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet.
CVE-2009-4145[0]:
| nm-connection-editor in NetworkManager (NM) 0.7.x exports c
tags 525265 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 27 Dec 2009 16:58:10 +0100.
The fix will be in the next upload.
=
Fixed a typo in ed2k man page
tags 525264 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 27 Dec 2009 16:51:46 +0100.
The fix will be in the next upload.
=
Fixed a typo in alc man page
tags 553716 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano on Sun, 27 Dec 2009 16:43:01 +0100.
The fix will be in the next upload.
=
Replace libreadline5-dev build
tags 548620 moreinfo unreproducible
thanks
> Package: amule-daemon
> Version: 2.2.1-1+lenny2
> Severity: grave
> File: /usr/bin/amuled
> Justification: renders package unusable
>
> It is impossible to use the program. Immediately does segfault.
I can't reproduce that, please provide[1] a meanin
Package: ghostscript
Version: 8.70~dfsg-2
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.
CVE-2009-4270[0]:
| Stack-based buffer overflow in the errprintf function in base/gs
Package: sql-ledger
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for sql-ledger.
CVE-2009-4402[0]:
| The default configuration of SQL-Ledger 2.8.24 allows remote attackers
| to perform
301 - 400 of 963 matches
Mail list logo
