Hi,
> a test with piuparts revealed that your package uses files from
> /usr/share/doc in its maintainer scripts which is a violation of
> Policy 12.3: "Packages must not require the existence of any files in
> /usr/share/doc/ in order to function."
> cp: cannot stat '/usr/share/doc/mibrfcs/*':
tags 767611 -moreinfo
thanks
Hi,
Now dak rm only lists hurd/sparc, so libgcrypt11 can be removed:
efl: libecore-con1 [sparc]
libeet1 [sparc]
libevas1 [sparc]
libevas1-engines-x [sparc]
gnome-keyring: gnome-keyring [hurd-i386]
gvfs: gvfs-backends [hurd-i386]
libgnome-keyring: libgn
Package: ftp.debian.org
Severity: normal
Hi,
Please remove zoneminder from unstable.
It has been removed from testing 10 months ago. It has 3 open RC bugs. It
depends on the obsolete and security-buggy libgcrypt11 thereby preventing that
package from being removed.
There is some report of renew
Package: ftp.debian.org
Severity: normal
Hi,
Please remove freepops from unstable.
It has been removed from testing over a year ago with no visible action since.
It has two RC bugs filed well over a year ago without a single response.
It depends on libgcrypt11, a security-buggy obsolete library
notfound 779547 0.0.20120125b-1
thanks
Present since release_candidate_2013-10-28
signature.asc
Description: This is a digitally signed message part.
On Thu, February 19, 2015 10:38, Florian Schlichting wrote:
> Newly released RFC 7465 [0] describes RC4 as being "on the verge of
> becoming practically exploitable" and consequently mandates that both
> servers and clients MUST NOT offer or negotiate an RC4 cipher suite, and
> indeed terminate the
> Is there any progress on this bug?
I'm unsure what we should be doing on this bug. I think the current
description of www-data gives the most factual one: it is the one the
webserver will run as, so don't make the content writable by it.
Who else on the system gets write access, seems very en
On Sat, February 21, 2015 01:32, Daniel Kahn Gillmor wrote:
> Source: gnupg
> Version: 1.4.18-6
> Severity: wishlist
> Tags: patch
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: timestamps_in_pe_binaries
>
> I believe that the gnupg package can be made reproducible with the
> attac
On Fri, February 13, 2015 16:10, Joost van Baal-IliÄ wrote:
>> CVE-2014-4172
>
> php-cas problem, fixed in Debian's php-cas 1.3.3-1 and 1.3.1-4+deb7u1.
> Moodle ships with unchanged phpCAS 1.3.3, see
> moodle-2.7.5+dfsg/auth/cas/CAS/moodle_readme.txt Moodle can likely use the
> Debian-maintained
Hi Etienne,
On Wed, February 11, 2015 00:32, Etienne MAHE wrote:
> Package: ttf-mscorefonts-installer
> Version: 3.6
>
> Good day,
>
> I cannot install the ttf-mscorefonts package. I have tried to reinstall
> it several times but I get the following message :
Sourceforce (that hosts the fonts) h
Hi Antonio,
On Mon, February 2, 2015 15:34, Antonio Terceiro wrote:
> ping :)
As a heads up, we're currently preparing a upload for stable-security
where this patch will most likely be included.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "uns
On Mon, January 26, 2015 00:16, Simon Josefsson wrote:
> Thijs Kinkhorst writes:
>
>> Hi,
>>
>> When authentication via yubikey is triggered, the module prompts:
>>
>> YubiKey for `username':
>>
>> However, there's no visual feedback th
Hi,
> See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
> as part of syncing; given the low strength and size of MD4, and the
> relative ease of computing collisions/preimages, that makes librsync
> unsafe to use on untrusted data, such as when running a duplicity
> backup.
>
Package: libpam-yubico
Version: 2.17-2
Severity: wishlist
Hi,
When authentication via yubikey is triggered, the module prompts:
YubiKey for `username':
However, there's no visual feedback that characters are being input when
you press the button on the yubikey, so as a user you're unsure if
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package python-django.
It fixes several security issues.
The NMU seems to add a stray .orig in the source package; but I reckon
that is harmless and should not block fixing
arbitrary
+file access (CVE-2013-6892, Closes: #775682).
+
+ -- Thijs Kinkhorst Sat, 24 Jan 2015 12:31:44 +
+
websvn (2.3.3-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru websvn-2.3.3/debian/patches/13_security_CVE-2013-6892.patch websvn-2.3.3/debian/patches/13_security_CVE
Hi,
I've NMU'ed websvn for this security issue with attached debdiff.
Cheers,
Thijs
websvn_nmudiff.debdiff
Description: Binary data
Package: websvn
Severity: serious
Tags: security patch
Hi,
James Clawson reported:
"Arbitrary files with a known path can be accessed in websvn by committing a
symlink to a repository and then downloading the file (using the download
link).
An attacker must have write access to the repo, and th
Package: websvn
Severity: minor
Hi,
While investigating websvn I encountered some issues you may want to improve:
- Package includes a number of patches in debian/patches/ that are
obsolete and hence not in series. That confused me. Maybe remove the
patches from there?
- Still alternatively depen
Package: lintian
Version: 2.5.30
Severity: normal
Hi,
The 'source-is-missing' check can generate really excessive output of many
hundreds of tags when just a single source is missing. Take for example
roundcube which currently has 800+ tags which nearly all relate to tinymce
missing:
https://lint
discussed at the security team meeting.
Please apply.
Thanks,
Thijs
>From 22817e551a4b55c9f94bc66c027d42ab87492fdb Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst
Date: Sat, 17 Jan 2015 18:26:40 +0100
Subject: [PATCH] Remove php5,memcached from limited-support
Our PHP support is not different f
tags 582196 moreinfo
thanks
Hi Mike,
On Fri, May 21, 2010 03:12, Michael Gilbert wrote:
>> That's not a bug in the tracker, you should simply only add entries
>> to DSA/list which point to security problems.
>
> i am going to work on this problem, so please don't override my
> reminder without du
Op maandag 12 januari 2015 23:03:56 schreef Stephen Kitt:
> Done, I've uploaded binutils-mingw-w64 2+deb7u1 which produces
> binutils-mingw-w64{,-i686,x86-64} 2.22-8+deb7u2+2+deb7u1 (ugh, that's
> terrible, sorry...).
Thanks, released now.
How do you plan to handle unstable and jessie?
Cheers,
On Mon, January 12, 2015 20:18, Ansgar Burchardt wrote:
> Hi,
>
> Thijs Kinkhorst writes:
>> Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
>>> On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
>>> > This is not something we do very routi
Hi ftpmaster,
Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
> On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
> > This is not something we do very routinely, so I'd like to confirm: if
> > these binNMU's are triggered for stable-security, do the
Op maandag 12 januari 2015 08:15:39 schreef Adam D. Barratt:
> On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote:
> > binutils was recently updated in wheezy-security and wheezy-p-u to fix
> > a number of security issues identified in DSA-3123-1; of these, a
> > number concern binutils-mingw-w6
On Wed, January 7, 2015 18:33, Jérôme wrote:
>> This posting to Mailman-Users could be related:
>> http://www.mail-archive.com/mailman-users@python.org/msg60891.html
>
> Indeed. The post is mine, and I reference this bug in it.
>
> This occurred again recently, so searched once more.
>
> Some sol
Package: harden-doc
Severity: normal
Tags: patch
Hi,
Attached patch updates the manual to mention the more featureful 'needrestart'
tool in the section on library restarts, and removes the lsof line since
there's better alternatives (install checkrestart or needrestart; we don't
need to confuse t
On Thu, December 11, 2014 19:38, Niels Thykier wrote:
> I have applied and committed your patch with 3 changes. These changes
> are:
>
> * In the first paragraph, avoid implying that all packages have been
>compiled without SSLv3 support (as I recall, at least openssl still
>have it, and
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package znc.
The upload adds an upstream patch that allows to disable SSL
protocols, and disables SSLv2 and SSLv3.
unblock znc/1.4-2
Thanks,
Thijs
--
To UNSUBSCRIBE, ema
On Mon, December 22, 2014 10:22, Friedhelm Mehnert wrote:
> O.K. I know now what the problem is.
>
> But since the maintainers obviously are not interested at all, I can't
> be bothered either.
It's quite harsh to tell the volunteers that maintain this package that
we're "obviously not interested
severity 772639 important
thanks
Hi Tomoo,
On Tue, December 9, 2014 14:40, Tomoo Nomura wrote:
> When login from squirrelmail to imap server, the server rejects the
> request due to "Unknown user or invalid password".
> The reason is that squirrelmail sents incorrect password to the server.
> Squ
Package: release-notes
Severity: wishlist
Tags: patch
Hi,
Attached patch renames the "Hardening" section to "Security", adds mention
of the removed SSLv3 protocol and progress on hardened build flags.
Cheers,
Thijs
Index: en/whats-new.dbk
+
@@ -1,3 +1,11 @@
+simplesamlphp (1.13.1-2) unstable; urgency=medium
+
+ * Add xmlc14n.patch fixing extreme resource consumption when processing
+large metadata files (closes: #772121).
+See: https://simplesamlphp.org/metaprocessing
+
+ -- Thijs Kinkhorst Fri, 05 Dec 2014 10:13:00
Package: simplesamlphp
Severity: important
PHP's XML parser has a known issue in XML canonicalization that makes the
amount of memory consumed grow with the square of the amount of entries it
processes when run on a subtree (https://bugs.php.net/bug.php?id=53655).
This is a problem for simpleSAML
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
Please remove cyassl from jessie. The library has a number of open security
issues affecting the version in jessie, but has no packages actually depending
on it.
While security team encoura
Hi,
> sid/jessie will be fixed, soon. But I can not take the responsibility
> for backporting this patch to znc=0.206.
I've not seen movement in sid yet on this issue. Is it still on your
radar? Anything I can help with?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@list
Hi,
> Could you please make an upload with only this change to sid? Then we can
> ask the release team to unblock it for jessie.
It's still tagged pending. Do you need help to get this change uploaded?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnutls28. The only change is a patch from upstream
to disable the obsolete protocol SSLv3. OpenSSL in jessie also has SSLv3
disabled.
unblock gnutls28/3.3.8-5
Thank
On Wed, November 19, 2014 18:01, Karl O. Pinc wrote:
> Hi,
>
> Any way to get the priority on this bug bumped?
> The emails every 30 minutes are very annoying.
What do you mean bump the priority? The bug has been fixed early this
morning already.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-
Package: mariadb-server-10.0
Version: 10.0.14-4
Severity: normal
Hi,
Recently I've answered a debconf queston whether I indeed want to migratie
to MariaDB (oneway_migrate). I answered positively to that question.
Hoever, whenever MariaDB is upgraded on my system, I get the question
again.
It may
Hi Roland,
On Mon, November 17, 2014 10:02, Roland Stigge wrote:
> On 11/16/2014 01:17 PM, Thijs Kinkhorst wrote:
>> Sorry, I have to change my request because I've now seen that the new
>> upstream release of polarssl also fixes some other security issues.
>>
>
Package: cyassl
Version: 2.9.4+dfsg-3
Severity: important
Tags: security
Hi,
Can SSLv3 be disabled in cyassl please?
As a reference, OpenSSL disabled this in jessie and sid:
https://packages.qa.debian.org/o/openssl/news/20141015T180434Z.html
It would be good for security and consistency if cyas
Package: gnutls28
Version: 3.3.8-4
Severity: important
Tags: security
Hi,
Can SSLv3 be disabled in our GnuTLS build please?
As a reference, OpenSSL disabled this in jessie and sid:
https://packages.qa.debian.org/o/openssl/news/20141015T180434Z.html
It would be good for security and consistency
On Sun, November 16, 2014 17:01, Daniel Pocock wrote:
> On 16 November 2014 16:58:47 CET, Jonathan Wiltshire
>>Did you get any responses from elsewhere to this?
> Not yet, I'll follow up after the weekend. If no response, I'm happy to
> NMU the one line fix to copy the missing header into the de
Hi Roland,
Sorry, I have to change my request because I've now seen that the new
upstream release of polarssl also fixes some other security issues.
Will you be contacting the release team for an unblock request?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian
Package: polarssl
Version: 1.3.8-1
Severity: important
Tags: security
Hi Roland,
I see that SSLv3 has been disabled in polarssl/1.3.9-2 in sid, excellent.
However, it's really desirable to have this fix also in jessie.
Given that unstable has a new upstream release with many changes, I think
it'
Hi Joachim,
> > openssl disabled it entirely; it features a dedicated build flag for it
> > (no-ssl3).
>
> Ok, I think we can easily follow suit here. Removing code is always
> simple :-)
>
> > Could you approach haskell-tls upstream for their recommendation to
> > disable it?
>
> Vincent, did you
> Sure, I just requested commit access on Alioth to follow that path,
> thanks.
Approved that request.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi David,
> Please consider updating the French translation of GnuPG, for which I'm
> the 'official' translator. There has been a few new strings since the
> last update, and the 'passphrase' translation has been fixed in the
> mean time.
I did not see any translation attached. Is there some spec
severity 661020 normal
thanks
Hi,
> From what I see the remote file inclusion is limited to environments with
> register_globals being on though.
I've investigated this issue. The vast majority of the mentioned 'attacks'
evidently only possible through register_globals, and the one about
'create
Hi Noah,
> I am not interested in playing bug ping-pong with the libnet-dns-perl
> maintainers, though this bug lies with that package. It has already been
> fixed upstream and in unstable.
No, I don't think the problem is in libnet-dns-perl but in spamassassin.
SA uses a fragile and inappropriat
On Thu, November 13, 2014 22:49, Thomas Liske wrote:
> tag 767370 upstream,fixed-upstream
> thanks
>
>
> Hi Thijs,
>
> needrestart did not find any kernel images which triggers this special
> bug. There was a divison by zero triggered by calculating the
> progressbar length.
>
> needrestart did not
On Wed, November 12, 2014 21:28, Thomas Liske wrote:
> Could you please run needrestart (without -v) again and run `pstree -a`?
> There should be debconf's frontend running as the parent process of
> needrestart:
>
>
> | | `-bash
> | | `-frontend -w /usr/share/debcon
On Wed, November 12, 2014 14:29, Marco d'Itri wrote:
> On Nov 12, Thijs Kinkhorst wrote:
>
>> Can you remove SSLv3 from the default list?
> I do not know the implications wrt clients support.
> Christian, did you do any tests?
>
>> >> +=item I
>> >
On Wed, November 12, 2014 12:55, Marco d'Itri wrote:
> Can I merge this for jessie?
I'd strongly prefer if we could indeed merge this for jessie.
>> INN, at the moment, supports TLS connections to nnrpd, but does not
>> allow any configuration besides the certificate and key.
>> +=item I
>> +
>>
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package file.
* Fixes a security issue, urgency set to high
* Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
Fix note bounds reading, Francisco Alonso / Red Hat (CV
On Mon, November 10, 2014 21:46, Thomas Liske wrote:
>> What can I do to help debug this?
>
> Good question. I'm unable to reproduce it on any of my maschines nor do
> I have any idea why this happens. Maybe we require some debconf guru
> helping us to dig into it?
Maybe.. I'm not a debconf guru e
On Sun, November 2, 2014 12:42, Thomas Liske wrote:
> Hi,
>
> On 10/30/2014 04:59 PM, Thijs Kinkhorst wrote:
>> With current needrestart on jessie, after upgrading my packages I see
>> debconf-command like output in my terminal (SET ...) but no debconf
>> interface
&g
On Sat, November 8, 2014 22:25, intrigeri wrote:
> I doubt it would add much value, but Jonathan's point was about
> getting enough information to assess severity, so perhaps you could
> tell the release team what severity you _would_ set for each of these
> bugs in the Debian BTS, if they were rep
On Fri, November 7, 2014 12:52, Jonathan Wiltshire wrote:
> On 2014-11-07 07:30, Thijs Kinkhorst wrote:
>> This is an upstream release limited to strictly bugfixes.
>
> Are there corresponding Debian bugs so we can assess severity please?
These are the issues fixed in this
27;}->{'/search/tweets'}->{'limit'}));
+0+$rate_limit_ref->{'resources'}->{'statuses'}->{'\\/statuses\\/mentions_timeline'}->{'limit'},
+0+$rate_limit_ref->{'resources'}->{'search'}->{'\\/sea
.
+
+ -- Thijs Kinkhorst Mon, 27 Oct 2014 19:23:35 +
+
simplesamlphp (1.13.0-1) unstable; urgency=medium
* New upstream release.
diff -Nru simplesamlphp-1.13.0/debian/control simplesamlphp-1.13.1/debian/control
--- simplesamlphp-1.13.0/debian/control 2014-08-18 11:11:23.0 +0200
On Sun, November 2, 2014 08:32, Christos Trochalakis wrote:
> I have prepared a patch and I plan to merge it in a few days. SSLv3
> is disabled in the http {} scope so it affects all vhosts that not
> expicitly override it.
>
> http://anonscm.debian.org/cgit/collab-maint/nginx.git/commit/?h=no-sslv
Hi Thomas,
On Fri, October 31, 2014 12:48, Thomas Ward (Dark-Net) wrote:
> fixed 1.6.2-3
> thanks
>
> Confirmed: This was done already. The commit this was done in was
> this one:
> http://anonscm.debian.org/cgit/collab-maint/nginx.git/commit/?id=9a4e0f0a698bee2b03b7f417ad9286e5eb22141e
Thanks.
Package: nginx
Version: 1.6.2-2
Severity: important
Hi,
Please disable the legacy SSLv3 protocol by default for installations of
nginx. It doesn't need to be disabled completely per se, but should not
be available on a default installation.
This helps to defend against the recent "POODLE" attack
Package: needrestart
Version: 1.2-2
Severity: normal
Hi,
With current needrestart on jessie, after upgrading my packages I see
debconf-command like output in my terminal (SET ...) but no debconf interface
is presented. It waits for input after each one, so I press enter after "SET
..", then afetr
severity 766972 minor
fixed 766972 5.5.0+dfsg-1
thanks
Hi Roman,
On Mon, October 27, 2014 09:56, Roman Vasilev wrote:
> Problem with phpinfo() display libjpeg version:
>
> Actual result:
>
> root@eurosmed ~ # php -i | grep libJPEG
> libJPEG Version => unknown
>
> After path re
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has
On Wed, October 15, 2014 16:30, Henrik Langos wrote:
> Hi Thijs,
>
> On 10/15/14 14:26, Thijs Kinkhorst wrote:
>> On Wed, October 15, 2014 14:07, Henrik Langos wrote:
>>> There is a simple one line patch available for dovecot 2.0.
>>> Maybe a similar way exists for
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
> There is a simple one line patch available for dovecot 2.0.
> Maybe a similar way exists for 1.2.
Do you have a pointer to this patch?
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscr
Hi Paul,
> Installing tmpreaper gives you the debconf question about security. The
> action to take is not entirely accurate anymore:
>
> If after that you still want tmpreaper to run, please edit
> /etc/tmpreaper.conf and remove the line:
> .
> echo "Please read /usr/share/doc/tmpreaper/READ
Package: apache2
Version: 2.4.10-5
Severity: wishlist
Hi,
The shipped mods-available/ssl.conf now contains:
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
I propose to chan
On Thu, October 9, 2014 14:58, Jonathan McDowell wrote:
> On Wed, Oct 08, 2014 at 07:57:14PM +0100, Jonathan Dowland wrote:
>> Hey, I noticed that the most recent DSA failed signature check for me.
>> This is because Thijs' signing key had an expiry of 2014-06-16 at some
>> point. He has more recen
This is CVE-2014-7206.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I've asked ftp-master to remove this package from sid in #764256.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: ftp.debian.org
Severity: normal
Hi,
Please remove freesci from unstable. The code has been merged into
scummvm years ago. I talked about this with Bas and he's fully in
agreement, so labelling this as ROM. It hasn't been in testing
since august.
Thanks,
Thijs
--
To UNSUBSCRIBE, emai
On Tue, September 30, 2014 18:55, Agustin Martin wrote:
>> > myspell-nl could maybe provide virtual package name hunspell-nl
>
> I think this was once proposed and not implemented. Do not remember the
> reasons. René is the person behind hunspell and might remember why.
>
> It seems to be harmless
Hi,
On Tue, September 30, 2014 08:17, Daniel Iancu wrote:
> I have this line over and over in the web server logs:
> phpmyadmin: Failed to load /etc/phpmyadmin/config-db.php
>
> I checked the permissions on config-db.php
> and it's owned by root:www-data with permissions -rw-r-.
>
> So it's ve
On Mon, September 29, 2014 13:33, Michael Meskes wrote:
> @security: Is this enough of a security problem to warrant a stable
> upload?
>
> The fix seems easy enough, just run pinky if $user is still empty.
On its own, I would not consider failure to lock the screen in specific
situations a high p
All,
> Thank you Paul, indeed it helped me, as I too ran into this issue in a
> fresh Jessie install. I didn't have to downgrade OpenSSH, however, just
> edit PermitRootLogin as you did.
So am I right to conclude that this bug actually concerns the change that
changes PermitRootLogin to without-
Hi Thorsten
Op vrijdag 26 september 2014 15:28:55 schreef Thorsten Glaser:
> Failure to do so will mean shipping Mediawiki 1.19 in
> jessie, which is currently upstream’s oldstable and
> fading LTS. Mediawiki 1.23 is upstream’s current LTS;
> we have an agreement from upstream to support 1.19 for
Hi,
The security team is working on an update which includes amongst others
the patch referenced in this bug.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: libxml2
Version: 2.7.8.dfsg-2+squeeze9 2.8.0+dfsg1-7+wheezy1
Severity: important
Tags: security
Hi,
The patch applied to libxml2 for wheezy and squeeze-lts for CVE-2014-0191
seems to be applied wrong. A line is duplicated in xmlSAXParseDTD:
@@ -12324,6 +12341,12 @@ xmlSAXParseDTD(xmlSAX
On Sat, September 13, 2014 18:49, Thijs Kinkhorst wrote:
> On Wed, September 10, 2014 09:01, Alexandre Detiste wrote:
>> Source: dutch
>> Version: please provide hunspell-nl
>> Severity: wishlist
>>
>> Dear Maintainer,
>>
>> It's not at a
On Fri, September 19, 2014 11:16, Stefano Zacchiroli wrote:
> On Fri, Sep 19, 2014 at 10:46:31AM +0200, Raphael Hertzog wrote:
>> In any case, Distro Tracker is 100% Python and I don't see us relying on
>> libparse-debianchangelog-perl to generate pretty changelogs. So this
>> wishlist is likely to
Package: tracker.debian.org
Severity: wishlist
Hi,
The changelogs are currently displayed in plain text format. Tools like
libparse-debianchangelog-perl can pretty print those to HTML so they have nice
headings, clickable bug numbers, etc.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs
Package: security-tracker
Severity: wishlist
Hi,
In the overview per-package, the tracker currently shows for each CVE
name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy,
wheezy-security, jessie, sid.
I think for the overviews it would be preferable if the table just shows
On Tue, September 16, 2014 09:10, Paul Wise wrote:
> Could we get a new URL that also has information about unimportant and
> resolved issues and DSAs? I would suggest a format like what lintian
> uses:
Not sure what you'd use that additional info for, but I would heartily
disrecommend to display
On Mon, September 15, 2014 18:25, Matthias Urlichs wrote:
> Hi,
>
> Thijs Kinkhorst:
>> I've talked briefly with Enrico, DDE's developer, and he indicated he
>> doesn't have time to bring it back to life. Therefore my question: is
>> there someone inter
On Sun, August 31, 2014 11:54, Morten Bo Johansen wrote:
> Trying to use rapt-file to search for a file produces the
> following error message:
> urllib2.URLError:known>
Thanks for reporting. The service dde.debian.net on which rapt-file
depends has gone down and currently doesn't have a ma
All,
The 'rapt-file' tool shipped in apt-file uses dde.debian.net to query for
filenames, obviating the need to download Contents files before you can
search. Unfortunately, dde.debian.net is down and we, the apt-file
maintainers, got reports that therefore, rapt-file has become useless.
I've tal
Hi,
On Thu, September 4, 2014 22:04, marc zonzon wrote:
> I have the same problem with apt-file v 2.5.2.3. This bug is caused by
> the inaccessibility of dde.debian.net which is a cname for
> paganini.debian.org and there is no more any DNS for
> paganini.debian.org.
>
>
> The role of Debian Data
On Mon, September 15, 2014 16:07, Holger Levsen wrote:
> control: tags -1 + pending
>
> Hi,
>
> see attached. This version also deals with several URLs in one note :)
>
> It also works for all three recent examples of Salvatore.
Go
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@li
On Mon, September 15, 2014 01:36, Holger Levsen wrote:
> Hi,
>
> See attached or branch html5+external_css from
> ssh://git.debian.org/git/collab-maint/secure-testing.git
>
> These patches turn the html into html5 and introduce a modern, slick css
> style
> inspired from tracker.d.o - enjoy! :)
>
>
On Wed, September 10, 2014 09:01, Alexandre Detiste wrote:
> Source: dutch
> Version: please provide hunspell-nl
> Severity: wishlist
>
> Dear Maintainer,
>
> It's not at all evident that someone can mix hunspell & myspell
> dictionaries packages.
>
> myspell-nl could maybe provide virtual package
Package: needrestart
Version: 1.1-1
Severity: normal
Hi,
When installing needrestart on a standard Debian system, one is required to
install 20 MB of dependencies. This seems quite heavy, and would in my
opinion preclude needrestart to become a more widely installed tool.
The sole culprit of thi
On Wed, September 3, 2014 13:31, Alexander Wirt wrote:
>> Desired situation:
>>
>> Subject: [SECURITY] [DSA 3017-1] php-cas security update
>> Subject: [SECURITY] [DLA 43-1] eglibc security update
> Done, but untested. Please test this as soon as possible.
Works as designed, thank you!
Thijs
Package: lists.debian.org
Severity: wishlist
Hi,
Can you please configure the debian-lts-announce list so it has a subject
prefix "[SECURITY] ", in the same way that debian-security-announce has?
Current difference between d-s-a and d-l-a:
Subject: [SECURITY] [DSA 3017-1] php-cas security upda
Hi,
On Sun, August 31, 2014 11:54, Morten Bo Johansen wrote:
> Trying to use rapt-file to search for a file produces the
> following error message:
> urllib2.URLError:known>
It seems "dde.debian.net" no longer exists.
Enrico, do you know what happened to it?
Cheers,
Thijs
--
To UNSUB
101 - 200 of 2643 matches
Mail list logo