On Monday 25 August 2008 22:48, Sylvestre Ledru wrote:
Thank you very much for your patch.
It has been added [1] but fwbuilder is currently in NEW (for a new
package).
Torsten or I are going to upload it in unstable when the version -4 will
be processed.
Thanks, but please note that this fix
Hi,
It looks like the ionice binary is needed by the configure script.
It is included in the schedutils package which is not a dependency of
util-vserver.
There is no such package called 'schedutils', ionice is included in
util-linux.
Well, there was in stable. Judging from the
tags 496392 confirmed patch
thanks
Hi,
The issue is indeed present. Put the attached patch in debian/patches to fix
it.
cheers,
Thijs
10_fix_insecure_tmp.dpatch
Description: application/shellscript
pgp4ecuLTdKvT.pgp
Description: PGP signature
Package: base-files
Version: 4.0.5 4
Severity: important
Hi Santiago,
In version 4.0.5 you write:
* Changed awk from Depends to Pre-Depends. Closes: #314571, #469552.
This is required to make the awk virtual package to be truly essential,
The same situation happened in etch with mktemp. I
This is CVE-2008-3789. Please mention it in the changelog when uploading.
Perhaps someone can add it to the upstream bug, as I'm not allowed to access
that.
Thijs
pgpz1SJqheS7Y.pgp
Description: PGP signature
Hi Dirk,
On Monday 25 August 2008 13:57, Dirk Eddelbuettel wrote:
Upstream covers more than just Linux distros: Aix, Solaris, OS X, HP-UX,
... and even Windoze (though the javareconf script may not matter there).
But I just emailed the point person for javareconf. Maybe we can move
creation
tags 496437 confirmed
thanks
I confirmed that the package is full of insecure temp files. However given
that it's orphaned and has several problems, I'm asking for removal from
unstable.
Thijs
pgpsRJDccDc3p.pgp
Description: PGP signature
Package: ftp.debian.org
Hi,
Please remove newsgate from unstable, as result of the combination of the
following factors:
* It's riddled with insecure tempfile usage;
* As the documentation indicates the software is quite unfinished;
* Most recent upstream release 1996;
* Package has been up
tags 496427 confirmed
thanks
Indeed present, a simple grep yields a number of different results already,
see below. As the code contains many instances of different things written
to /tmp, it may make sense to resolve that by creating one private working
dir securely, and then prefixing that
tags 470279 moreinfo
thanks
Hi,
during the configuration of the benchmark, config-run writes to /usr. This
is a violation of the FHS, and means that lmbench cannot be ran when /usr
is mounted read-only, such as running from a live CD.
That would be a serious bug if that would be the
tags 496433 confirmed
thanks
Hi,
Indeed, several times the file /tmp/audiolink.db.tmp gets used in
code/audiolink. This is probably easily fixable through using the Perl::Temp
module and its mktemp() funtion to create a secure file once, (re)use that on
the several needed occasions and remove
tags 496419 confirmed
thanks
Hi,
A simple grep revealed a lot of tempfile issues here, see below. As far as I
understand it, the code runs as root. This makes the issue quite serious.
Please make sure this is fixed before lenny is released.
As several different temp files are used insecurely,
/changelog
+++ websvn-2.0/debian/changelog
@@ -1,3 +1,10 @@
+websvn (2.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix unconditional use of debconf in postrm (Closes: #417142).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Wed, 27 Aug 2008 15:56:07 +0200
+
websvn (2.0-2) unstable
On Wednesday 27 August 2008 17:56, Frank Louwers wrote:
The rexml lib is vulnerable to a DoS attack.
Please see
http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/.
This is CVE-2008-3790. Please mention it in the package changelog on uploads.
Thijs
pgpzxooaDe7u4.pgp
tags 496398 confirmed patch
thanks
Hi,
There's indeed this code in alert.d/test.alert:
echo `date` $* /tmp/test.alert.log
If I understand the code it is run as root so that is a significant risk. I'm
not sure how and when that script is ran though. Still, fixing it is easy,
I've attached
tags 470279 -moreinfo
severity 470279 serious
thanks
On Wednesday 27 August 2008 21:30, you wrote:
Yes. I run lmbench-run from a CD an a system with no disk and get errors
like:
./config-run: line 776: /usr/lib/lmbench/bin/i686-pc-linux-gnu/CONFIG.dfs:
Read-only file system
and indeed, in
Hi Johan,
It seems fixed with next upstream version 1.0.14
(using option 2: include the tiddlywiki_cp code in the jpoker source)
Please see the attached debuild.log
I believe current Uploader: Loic Dachary, will upload it in debian soon,
Hi Mark,
# * Package: dvb-utils - Tranistional dummy package
#- No transitional package for dvb-utils (Closes: #494012)
This bug has been pending for three weeks now, and since the package still has
to pass NEW, would it not be time to upload it sometime soon?
cheers,
Thijs
Hi Josselin,
Seahorse should use fcntl to set FD_CLOEXEC on its FDs.
I’ve patched seahorse in our svn to set FD_CLOEXEC on the agent socket.
Other open fds seem to be pipes opened by gpgme to talk to gpg that are
not closed after use. AIUI this is not a security issue.
This bug has been
Hi Michael,
On Fri, 13 Jun 2008 23:51:26 +0200, you wrote:
This actually worked after editing a patch to use iceape-* modules from
pkg-config instead of xulrunner-* modules. I can see websites in
Eclipse, like www.google.com. Worked like a charm.
I will upload that probably tomorrow or
Hi Francisco,
On Wed, 2 Jul 2008 13:54:01 +0200, you wrote:
I'm aware of the buildep problems. Ice embedded should be fixed shortly.
OTOH zeroc-ice-python, zeroc-ice-ruby, zeroc-ice-php, zeroc-ice-java and
zeroc-ice-csharp will all be requested to be removed from ftpmaster as soon
as some
Hi Augustin,
On Thu, August 28, 2008 12:12, Agustin Martin wrote:
reassign 496675 dictionaries-common, squirrelmail thanks
I am doing this reasignment, since I think this is the easier way to make
all discussion about this bug report reach easily both packages, and
also because this
On Fri, August 29, 2008 14:01, Emmanuel Rodriguez wrote:
I'm sorry I submitted the modified version of apt-file and not the
patch. The actual patch is in this message.
Thanks. The patch seems reversed though.
I think this would be a good addition to apt-file, but obviously only
after the lenny
Package: qa.debian.org
Severity: minor
User: [EMAIL PROTECTED]
Usertags: pts
Hi,
The page http://packages.qa.debian.org/g/gnupg.html displays that 3 bugs
are tagged with help, while clicking the link shows just two. This
mismatch stems from the fact that one of the bugs is merged with another.
I've made a new wordpress package [1] to fix cve-2008-3747. Could you
please upload it?
uploaded, thanks!
Thijs
pgpREQrMbjpUM.pgp
Description: PGP signature
Package: svk
Severity: important
Version: 2.0.2-2
Hi,
svk currently has two depends relationships with libfile-temp-perl which are
versioned:
Depends: [...], libfile-temp-perl ( 0.17)
Build-Depends-Indep: [...], libfile-temp-perl ( 0.17)
However, perl-modules also provides File::Temp,
block 497130 497170 497263
thanks
While there's probably no need to have a newer File::Temp as a separate
package, both svk and libpar-perl need to be changed first and I don't
think this should be considered release critical.
I think it would be desirable to fix this issue before lenny. Only
On Friday 29 August 2008 05:31, you wrote:
but I was also hoping that coreutils mktemp would replace mktemp.
Why didn't it, if I may ask?
Thijs
pgppo7T7chKpm.pgp
Description: PGP signature
On Friday 28 March 2008 21:12, Stefan Fritsch wrote:
claim 373589 [EMAIL PROTECTED]
thanks
FTR, I have started to work on this, though I am currently too busy to
finish it.
Relevant to this bug, we should monitor developments on this:
http://blog.ganneff.de/blog/2008/09/01/pdiffs.html
Package: apache2.2-common
Version: 2.2.9-7
Severity: minor
File: /etc/apache2/conf.d/security
Hi,
The file mentioned above has:
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and
Hi Florian,
Any updates on this issue?
thanks,
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: wordnet
Version: 1:2.1-4
Severity: serious
Tags: security patch
Hi,
As a followup to #481186, oCERT conducted a security audit finding several
more vulnerabilities:
http://www.ocert.org/advisories/ocert-2008-014.html
The advisory has a patch which was also used for lenny and etch.
Hi Edelhard,
while running archive wide piuparts tests your package failed on purge
because of wwwconfig-common beeing unavailable during postrm:
Are you aware that this bug is still open as a release critical issue in
Lenny? Your uploads after you fixed the bug include amongst others a new
Hi Christian,
On Tuesday 2 September 2008 07:46, Christian Perrier wrote:
We finally agreed that you would do the update yourself at the end of
the l10n update round.
That time has come.
Thank you for your help. I've uploaded this plus two other debconf
translations to unstable and will
Hi,
I am not sure if it is a bug that should be assigned to exaile ... but
exaile is crashing on start . with following error message :
I'm not the exile maintainer but just have a question: does this happen also
with the previous version of exaile, 0.2.11.1+debian-1, as it is in
On Tuesday 26 August 2008 22:38, Agustin Martin wrote:
I have been playing a bit with your patch. Please find attached a patch
explaining how are things now in my sandbox. Did not apply changes
related to -w and -T and also did some other minor changes.
Thijs, what do you think about the
Hi,
Here's a request to remove two security-bugged packages from testing:
convirt:
* Has security issue spread around the code. There's a patch but
it's necessarily invasive and untested.
* No maintainer response to the security bug or any other open bug.
* Package not in stable, doesn't
but not a requirement (e.g.: When you use this, please
consider to send an email to...)
If this is OK with you, all that is needed is just a reply to this email
stating that you agree. It would help us very much.
Thank you for your consideration, and we hope to hear from you.
kind regards,
Thijs
Hello Jan,
This issue has been resolved as per the statement of Makoto Matsumoto in
#498621.
cheers,
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Dear professor Matsumoto,
Thank you very much for your cooperation.
kind regards,
Thijs Kinkhorst
On Wed, October 1, 2008 10:28, Makoto Matsumoto wrote:
Hi,
I see, please remove this condition from the source code.
(I had not paid attention to this problem.)
I am thankful for using
On Thu, October 2, 2008 10:43, Gerfried Fuchs wrote:
Yoshinori Ohta of Business Architects Inc. found a XSS issue in blosxom
related to handling of unknown flavour types. The fix is now commited to
upstream CVS:
http://blosxom.cvs.sourceforge.net/viewvc/blosxom/blosxom2/blosxom.cgi?r
severity 500873 important
thanks
On Thu, October 2, 2008 11:25, Gerfried Fuchs wrote:
Not in itself, but it might be the case in connection with some plugin
extensions that enable comments or web editing (none of them are shipped in
Debian). I'm sorry to have wrongly put it as medium into the
On Mon, October 6, 2008 11:12, Gerfried Fuchs wrote:
Hi!
Copy to debian-release because this question is rather a question to
the release team, even though it's extremely late and hope is pretty low
...
* Thijs Kinkhorst [EMAIL PROTECTED] [2008-03-19 20:15:43 CET]:
On Wednesday 19 March
Hi,
I still experience this in current Courier, 0.60.0-2. I actually think the
problem is a bit wider: maildirmake also hangs on a Maildir that doesn't
have the 'tmp' subdir.
I have a script that uses maildirmake and it keeps hanging forever on a
damaged Maildir that somehow lost tmp/. It should
On Thu, September 25, 2008 23:31, Peter Palfrader wrote:
On Thu, 25 Sep 2008, Thijs Kinkhorst wrote:
- have it expire in a period long enough so a new point release will
have happened in the meantime, say half a year.
Probably still not acceptable for CD-Roms.
I don't think that should
clone 501635 -1
reassign -1 drupal6
severity 501635 important
thanks
Hi Ingo,
On Thu, October 9, 2008 07:35, Ingo Juergensmann wrote:
See the Drupal SA-2008-060 for more details:
Ok, I've done so, and find that:
* File upload access bypass: 6.x only. Serious issue.
* Access rules bypass: 5.x
Hi LaMont,
You wrote:
3) change /etc/default/syslog to say
SYSLOG=-a /var/spool/postfix/dev/log
and then rsync -av /dev/log /var/spool/postfix/dev/log
Note that any admin can do that, postfix may not edit the config file of
another package.
As it seems the bug you cloned this one as
On Fri, July 25, 2008 23:10, Russ Allbery wrote:
Daniel Dickinson [EMAIL PROTECTED] writes:
Packages like msttcorefonts cannot be installed without downloading
content that would be in non-free, or cannot be included in debian at
all, if packaged and should therefore be in contrib.
I'm
Package: pdnsd
Version: 1.2.4par-0.2 1.2.6-par-8
Severity: grave
Tags: security
Hi,
It seems that pdnsd is vulnerable to the DNS cache poisoning attack
as described by Dan Kaminski and referenced as CVE-2008-1447. I'm
not intimately aware of pdnsd; could you look into this issue and
see whether
Package: python-dnspython
Version: 1.3.5-3.1 1.6.0-1
Severity: grave
Tags: security
Hi,
From inspecting the code of dnspython, it seems that it is not using the
recommended source port randomisation for countering the cache poisoning
attack as discovered by Dan Kaminski and referenced as
Package: approx
Version: 2.8.0
Severity: normal
Hi,
We're using approx to download packages only once for our network of about 40
hosts. However it
seems that approx doesn't check every time whether its cache is still fresh.
We're expierencing this with security updates that appear much later
On Sun, July 27, 2008 16:54, Eric Cooper wrote:
We're using approx to download packages only once for our network of
about 40 hosts. However it seems that approx doesn't check every time
whether its cache is still fresh.
[...]
For clarity, what I expect approx to do:
1) On every request
On Sun, July 27, 2008 15:51, Pierre Habouzit wrote:
The security team already asked, and yes it uses port randomization,
it's documented in pdnsd.conf and the source matches too.
right, I found it now. Sorry for the noise, but wanted to be safe rather
than sorry.
cheers,
Thijs
--
To
On Sunday 27 July 2008 21:47, Steve Langasek wrote:
This makes updates almost impossible.
This is not the only case of software in Debian under trademarked names
that require a name change on modification.
I don't think there's a bug here.
Agreed, this case is explicitly covered by DFSG
severity 492465 important
thanks
Hi Robert,
On Monday 28 July 2008 07:27, Robert Edmonds wrote:
python-dnspython isn't a dns cache. it may be susceptible to forgery
resilience issues though. the qid field is explicitly randomized (but
with the standard library rng).
Yes - as I understand
Package: adns
Version: 1.4-0.1
Severity: important
Tags: security
Hi,
From inspecting the code of ands, it seems that it is not using the
recommended source port randomisation for countering the cache poisoning
attack as discovered by Dan Kaminski and referenced as CVE-2008-1447.
Since this is
Package: libnet-dns-perl
Version: 0.63-2
Severity: important
Tags: security
Hi,
From inspecting the code of libnet-dns-perl, it seems that it is not using the
recommended source port randomisation for countering the cache poisoning
attack as discovered by Dan Kaminski and referenced as
Package: mysql-dfsg-5.0
Version: 5.0.30-1
Severity: wishlist
Tags l10n patch
Hi,
Please find attached the updated debconf templates translation for Dutch.
Would be nice if this could be included into Lenny (translation updates
usually get freeze exceptions).
thanks,
Thijs
Gerfried,
On Monday 21 July 2008 12:46, Daniel Leidert wrote:
Am Montag, den 21.07.2008, 12:00 +0200 schrieb Gerfried Fuchs:
The German translation of the trust levels explicitly speaks of
trusting him while the English original doesn't do that gender
distinction. It's just plain wrong,
Hi Wouter,
I'm going to try a newer version of gpg, also with a cardman4040 for a
card reader, and see if that changes anything.
If there is any other information I can provide, please let me know.
Well, if that newer version did work would be useful info :-)
cheers,
Thijs
Hi René,
(doing the commenting)
[EMAIL PROTECTED]:~$ LANG=C gpg --no-default-keyring --keyring
elug-keyring.gpg
--delete-key 248aeb73 gpg: there is a secret key for public key 248aeb73!
gpg: use option --delete-secret-keys to delete it first.
What do you expect gpg to do here? The man page
On Sunday 27 July 2008 21:17, Torsten Werner wrote:
configure is not called with --with-capabilities. That means the
Build-Depends: libcap-dev is useless. I recommend switching to
libcap2-dev in case you want to enable capabilities because libcap-dev
is no longer maintained upstream.
Well, we
Hi Jordi,
On Friday 25 July 2008 02:18, Jordi Mallach wrote:
Mark Sapiro just committed a few changes to the 2.1 branch of Mailman
that seem trivial to fix in the Debian package and will several errors
that affect the usability of MM when using the Catalan locale.
The relevant diff is in
Hi Martin,
On Wednesday 16 July 2008 19:37, martin f krafft wrote:
No responses. I am 100% sure that it's either public domain or
anything DFSG-free we want.
Patch against 2.1.11 attached. It's a dpatch, but it modifies
debian/rules, so don't use it directly.
Thanks, I'm afraid we're too
Hi Marcin,
On Friday 29 February 2008 17:03, Marcin Owsiany wrote:
I am currently preparing an installation of mailman on our system. In
order to provide durability of the processed messages, we are going to
arrange for /var/lib/mailman to be located on a block-level replicated
filesystem.
Hi Andreas,
I don't have a ppc64 system available. Can you confirm that this bug is still
current with the version from unstable?
cheers,
Thijs
pgpenz6mRyDhX.pgp
Description: PGP signature
Hi Ben,
On Tuesday 29 July 2008 02:45, Ben Hutchings wrote:
This bug is rather likely to be exploitable for executing arbitrary
code. There also appear to be a bunch of places where buffer overflows
are possible.
Thanks for letting us know. I must say that reading that it crashes on very
Package: ftp.debian.org
Hi,
Please remove tirc for the following reasons:
* Has security bugs (see #487867)
* Crashes on many different current IRC servers (see #487867)
* Last upstream release 9 years ago
* Last maintainer upload 2 years ago
* Popcon votes 10
* There are many IRC clients
Hi Andreas,
yes, the bug is still current in unstable.
Thanks for looking at this.
Thanks. I've checked some other distributions and it seems RH and Gentoo
disable-asm aswell for ppc64, so I think we can do that too.
Would be nice of course if that wasn't necessary. Are you willing to
follow
On Tuesday 29 July 2008 23:50, Ian Jackson wrote:
For secure and reasonable operation you MUST run a full-service
nameserver on the same system as your adns applications, or on the
same local, fully trusted network. You MUST only list such
nameservers in the adns configuration (eg
I wrote:
perhaps this longer explanation from the INSTALL to a file under /u/s/d/,
e.g. README.security.
That should be README.Debian.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi!
On Mon, July 28, 2008 21:28, Enrico Zini wrote:
Steffen Joeris asked me to create some sort of tag index where the
security team tags can be viewed.
Thanks, but it's unclear to me where I can add such tags to packages. Anyone?
cheers,
Thijs
--
To UNSUBSCRIBE, email to [EMAIL
On Wed, July 30, 2008 11:47, Enrico Zini wrote:
If instead you refer to editing the tags related to the security team,
they are in svn://svn.debian.org/svn/secure-testing/data/package-tags
Thanks, I was indeed referring to this and was not aware that this was
also the primary source of those
Hi,
I'd like to vote for inclusion of this init script into the postfix
package. We're using it here and I think it's a very elegant solution: it
just uses the already available Postfix configuration variable to see
which services to start.
That makes it work exactly the same for the normal,
Package: deborphan
Version: 1.7.23
Severity: wishlist
Tags: l10n patch
Hi,
Please find attached the updated debconf templates translation for Dutch. I
merged in and completed your recent changes aswell.
thanks,
Thijs
nl.po
Description: application/gettext
pgpaMg7apmPoF.pgp
Description:
tags 493162 patch
thanks
--- libxslt-1.1.24.orig/libexslt/crypto.c
+++ libxslt-1.1.24/libexslt/crypto.c
@@ -595,11 +595,13 @@
int str_len = 0, bin_len = 0, hex_len = 0;
xmlChar *key = NULL, *str = NULL, *padkey = NULL;
xmlChar *bin = NULL, *hex = NULL;
+xsltTransformContextPtr
Package: qa.debian.org
Severity: wishlist
User: [EMAIL PROTECTED]
Usertags: pts
Hi,
The PTS currently displays stable and stable security updates in the left
column. I think it would be worthwhile to include testing security updates
aswell if available.
thanks,
Thijs
pgpbxXqXeoq4E.pgp
On Friday 1 August 2008 10:09, you wrote:
On Fri, Aug 01, 2008 at 09:11:05AM +0200, Thijs Kinkhorst [EMAIL PROTECTED]
wrote:
tags 493162 patch
thanks
Wouldn't a lot of the strings in this patch be better off allocated
on the stack?
Sorry, I should have made it clearer that I was just
Hi John,
You closed the bug with pygopherd on May 1st, but apparently the RFC was not
actually removed. Do you think you can fix this soon?
cheers,
Thijs
pgpqBIYKxIt6S.pgp
Description: PGP signature
Hi Martin,
Going through the security issues to fix before lenny, I came by this bug.
If I update from an archive whose key recently expired and I have
not yet updated the local copy via apt-key -- the local keyring says
it's expired -- APT does not complain but just proceeds. I think it
On Tuesday 5 August 2008 19:40, you wrote:
Please test whether bugs have been fixed in the environment where they
have been reported, in this case Debian Installer. Or at least be very
sure you have exactly reproduced the use case.
With BusyBox 1.10.2 'pidof debian-installer' still outputs
Package: devscripts
Version: 2.10.35
Severity: wishlist
Tags: patch
Hi,
Every bts-generated mail now always has a line like this:
# Automatically generated email from bts, devscripts version 2.10.35
this information is also duplicated in the X-BTS-Version header of the same
mail thus appearing
On Tuesday 5 August 2008 16:23, martin f krafft wrote:
also sprach Thijs Kinkhorst [EMAIL PROTECTED] [2008.08.05.0941 -0300]:
While it is desirable to implement key expiry, and I hope that the
APT team will do so, I do have doubts whether this sould be
critical for the release of Debian
On Tuesday 5 August 2008 20:41, Adam D. Barratt wrote:
I believe when removing the comment
has been suggested in the past, people requested that it remain in order
to make it obvious that the mail was sent automagically and not
manually by a user who just hadn't bothered to add any comments.
On Tuesday 5 August 2008 20:24, martin f krafft wrote:
Sure, we wouldn't want to endanger our release schedule for feature
enhancements or Debian's reputation. ;|
Or put differently, I'd rather spend our time on things that more
significantly improve the security a of Debian system, and to be
There's now a published exploit explicitly targeting things running adns:
http://milw0rm.com/exploits/6197
I believe it would be good to make an upload soon that makes it clear to users
that adns should not be used outside trusted environments.
Thijs
pgpCutWCumCHb.pgp
Description: PGP
Dear FTP-masters,
Please change pidentd from standard to optional.
Do you think this change would be possible for Lenny? As I stated in the bug
log I believe it would help ensure the security of a standard Debian install.
thanks,
Thijs
pgpOuPATdGq8x.pgp
Description: PGP signature
Hi Ondrej,
Your most recent 1.82-1 upload of postfix-policyd seems to be based on the
1.80-2.2 version. However, there was an NMU after that, 1.80-2.3 by Petter
Reinholdsen:
postfix-policyd (1.80-2.3) unstable; urgency=low
* Non-maintainer upload to solve release goal.
* Add LSB
Package: beep
Version: 1.2.2-11
Severity: wishlist
Tags: l10n patch
Hi,
Please find attached the updated debconf templates translation per your
request, as reviewed by the Dutch language team.
cheers,
Thijs
nl.po
Description: application/gettext
pgp9DCmL5nZke.pgp
Description: PGP
Package: devscripts
Version: 2.10.35
Severity: minor
Tags: patch
Hi,
Please find attached a very small typo fix in the help text of tagpending.
cheers,
Thijs
Index: tagpending.pl
===
--- tagpending.pl (revision 1581)
+++
Hello Magnus,
On Thursday 7 August 2008 03:45, Magnus Danielson wrote:
The Debianization of Mailman 2.1.11 has failed on a critical aspect, the
properties of /var/lib/mailman/locks and /var/lib/mailman/logs made it
impossible for Mailman to operate properly. The symbolic links used to
point
Package: mysql-dfsg-5.0
Version: 5.0.51a-11
Severity: minor
Hi,
The various binary packages of mysql-dfsg-5.0 ship
/usr/share/doc/*/EXCEPTIONS-CLIENT.gz
The contents of this file are also contained in the file copyright in that
same dir in accordance to Debian policy.
Because the content is
Hi Magnus,
On Thursday 7 August 2008 15:18, Thijs Kinkhorst wrote:
Thank you for your report. However, here I don't experience the problem you
are sketching: doing a fresh install I can start mailman and it keeps
running. The logs are there and it doesn't die.
I did a completely fresh install
Package: lintian
Version: 1.24.3
Severity: minor
Hi,
This is a cosmetic issue only. The test command-with-path-in-maintainer-script
misparses the command it detected. See e.g. in phpmyadmin:
command-with-path-in-maintainer-script
* postrm:12 /usr/sbin/lighty
* postinst:13
found 417142 2.0-2
It seems like the fix for the bug was accidentally reverted, as the exact same
problem is again present in the current version. Can you please investigate
and fix? The bug is release critical.
Thijs
pgpzlvnCpXLVM.pgp
Description: PGP signature
I got a private mail by the maintainer stating:
New version should be uploaded this weekend, I'll mail the
release team with details when that happens.
I'm having a bit of a problem with this upload, since my regular sponsor
seems to be away. I had asked a DD to upload it last weekend,
I haven't seen up-to-date patches for SKAS3 in months, the last one was
for 2.6.24-rc7 and didn't receive much testing (0 feedback on the
uml-devel list). Moreover the development has moved to SKAS4 with the
plan of pushing it to the main kernel as soon as it stabilizes.
This package is not
tags 492870 fixed-upstream patch
thanks
Hi,
Upstream patch is here:
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=967a8e515380;style=gitweb
Thijs
pgp69RBlqkBEb.pgp
Description: PGP signature
.
Thank you for your report. Yes, we are very aware and the fix is underway.
cheers,
Thijs Kinkhorst
Debian Security Team
pgpndoEP1NGzK.pgp
Description: PGP signature
On Monday 18 August 2008 20:35, Stefan Fritsch wrote:
Probably the directory /var/cache/apt/apt-file has the wrong
permissions. It is created correctly on new installs since 2.1.0 but
the permissions are not fixed on upgrades. Try if
sudo chmod og+rx /var/cache/apt/apt-file
fixes the
401 - 500 of 2622 matches
Mail list logo
