tags 210963 fixed
thanks
Hello,
So, I guess the files from php4-pear-log should be in /usr/share/php
as well.
This was fixed in the NMU 1.6.0-1.1 on 7 Jan 2005, but the uploader
forgot to mention this bugnumber in the upload. Tagging fixed.
bye,
Thijs
signature.asc
Description: This is a
retitle 337391 libcgi-ssi-perl: requires net access to build
tags 337391 +pending
thanks
While the build-depends on netbase indeed solves this bug for networked
build hosts, the real problem was that 'make test' tried to access network
resources. I've disabled those tests that require network
Package: dbconfig-common
Version: 1.8.7
Severity: normal
File: /usr/sbin/dbconfig-load-include
Hey sean,
I'm exploring dbconfig-common for use in one of my packages. It really
solves a common problem but I'm working on having it integrate
seamlessly with previous (e.g. sarge) versions of my
Debian? Or is there still a need to keep it?
If you think it's right to remove it, please reassign this bug to
ftp.debian.org.
thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
tags 250428 wontfix
stop
Hello Toni,
while trying to import squidguard into an archive for tla-buildpackage,
I find this file which makes tla-importdsc barf:
samples/.sample.conf.swp
This file is part of the upstream tarball, but is not shipped in the
binary package. I don't think it's
On Mon, November 28, 2005 20:55, sean finney wrote:
so it seems the way getopt(1) handles cmdline arguments is that if you
have an argument that takes an optional argument (like -t [varname]), then
the argument must immediately follow the cmdline flag (-t[varname]).
some simple testing shows
Package: debhelper
Version: 5.0.7
Severity: minor
Tags: patch
The man page for debhelper contains a paragraph which repeatedly spells
compatibility as compatability; this patch fixes it.
bye,
Thijs
--- debhelper.pod.orig 2005-11-29 22:14:23.0 +0100
+++ debhelper.pod 2005-11-29
tags 326916 upstream
thanks
On Wed, 2005-09-07 at 16:00 +0200, Thijs Kinkhorst wrote:
I experienced a problem using CTN with MySQL Version 5.0 (but because of
the nature of the problem I assume it also affects using CTN with MySQL
Version 4.1)
I've noticed the problem aswell
Hello Laurent,
Could you upgrade quickly? This bug is open for 29 days and involve
security problems...
Coincidentally we were already working on it, and the fix has been
uploaded to Debian last night.
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
On Tue, 2005-11-01 at 20:52 +0100, Thijs Kinkhorst wrote:
Packages for 2.0.18 for sid are nearly ready, we only need some code to
add a new database table. Jeroen is working on this, and will upload as
soon as this is fixed.
Packages for sid have been uploaded. CVE-names were not present
On Wed, November 30, 2005 18:02, Thijs Kinkhorst wrote:
CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities
- 1. error_msg parameter to usercp_register.php
- 2. forward_page parameter to login.php
- 3. list_cat parameter to search.php
- Only relevant when register_globals
Package: yaclc
Version: 1.4.1
Severity: normal
Tags: patch
Hello Thomas,
The debian/copyright file shipped with yaclc is incorrect and
incomplete:
1) It lacks the copyright holder, and after the heading Copyright
follows text which is the licence.
2) debian/copyright mentions the GNU General
variables to strings instead of arrays.
+~ CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities.
+(Closes: #336582, #336587, #335662)
+
+(Items marked with ~ are only a vulnerability when running with the
+heaviliy discouraged register_globals = off setting)
+
+ -- Thijs
On Tue, 10 Aug 2004 02:08, Dave Harding wrote:
In brief, I don't think http://qa.debian.org/man-pages.html ,
which is a listing of missing man pages is acurately reflecting the
lintian report at:
http://lintian.debian.org/reports/Tbinary-without-manpage.html
What does the man-pages.html page
Package: dbconfig-common
Version: 1.8.8
Severity: wishlist
Hello Sean,
I'm working on adding dbconfig-common to my package. One thing I'm
encountering is that it allows to specify a table prefix which defaults
to phpbb2, so your tables will be of the format phpbb2_users etc. We
currently offer
On Sun, December 4, 2005 18:22, Christer Mjellem Strand wrote:
After the SQL schemas were moved away from the doc dir, an upgrade
results in the following error message:
zcat: /usr/share/phpbb2/schemas/mysql_schema.sql.gz: No such file or
directory
indicating that the schemas are expected
Forwarded Message
From: Alexander GQ Gerasiov [EMAIL PROTECTED]
To: Thijs Kinkhorst [EMAIL PROTECTED]
Subject: Re: Bug#336623: phpbb2-languages: Russian translations fixes
Date: Mon, 05 Dec 2005 12:25:46 +0300
Hello Thijs,
Thijs Kinkhorst wrote:
Thanks for the fix. Could you
and gzipping is not trivial to solve,
especially with my knowledge of the algorithm. I'll check what upstream
has to say about it.
regards,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
discontinue using those systems immediately and
do a full reinstall, since someone has had root-level access. If you
need more support for solving that problem, this bug report is not the
right place; you could try a mailinglist or hiring a consultant.
Good luck!
Thijs Kinkhorst
signature.asc
retitle 320961 RM: cabot (orphaned, never part of a stable release, never part
of testing, dead upstream, better alternatives exist)
reassign 320961 ftp.debian.org
thanks
Dearest ftp-masters,
I'm requesting the removal of cabot from Debian for the following
reasons:
- The package has been
Hello,
Please find attached a patch to fix this bug.
Since there was nu response from the maintainer at all, for 10 days now,
is a NMU warranted?
regards,
Thijs
--- include/functions.inc.php.orig 2005-05-10 18:59:08.805797600 +0200
+++ include/functions.inc.php 2005-05-10
There is a memory leak in read_passphrase_from_fd.
Thanks. Fixed in CVS for gnupg 1.4.
So this bugreport can be closed, right?
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I have solved this one in CVS:
You may also use this patch against 1.2.1 but I don't think it is
required, 1.2.2 shouldn't be too far away.
Since 1.2.5 / 1.4.1 are in sarge/sid, this can be closed now?
Thijs
signature.asc
Description: This is a digitally signed message part
Yes it is. Can you try this patch? If it works well, I'll put it
into 1.4.1.
This seems to work yes.
Has it been included in 1.4.1? If that's the case this bugreport can be closed.
Thijs
signature.asc
Description: This is a digitally signed message part
That did the trick indeed.
So this bug can now be closed?
Thijs
signature.asc
Description: This is a digitally signed message part
On Tue, May 10, 2005 14:55, Ulf Harnhammar wrote:
Protecting against this type of attack is much more complicated than
this. As Jeroen noted, HTML entities are interpreted, so you have to
protect against things like jav#97;script:. Some browsers allow varying
amounts of whitespace inside
used.
Regards,
Thijs Kinkhorst
signature.asc
Description: OpenPGP digital signature
Please note that the rar package, by the same upstream author,
contains such permission. So it should not be a problem to get the same
statement for unrar.
Thijs
signature.asc
Description: OpenPGP digital signature
Package: squirrelmail
Version: 2:1.4.4-5
Submitter: cml [EMAIL PROTECTED]
Tags: moreinfo
Hello Martin,
Please report all bugs in the Bug Tracking System to make sure they're
tracked well. I need some more information from you:
- Are you using Compose In New Window or not?
- What does Nothing
.
Regards,
Thijs Kinkhorst
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages xlockmore-gl depends on:
ii libc6
it logical at all to link a random IP-address to the
telnet protocol... there's as much sense in that as in linking it with
FTP, HTTP, irc or any other protocol. Therefore I propose to drop the
IP-address-to-telnet-links-parsing entirely.
Regards,
Thijs Kinkhorst
--
To UNSUBSCRIBE, email to [EMAIL
Package: www.debian.org
Followup-For: Bug #309768
As a followup to my previous mail: the HTML parser also adds weird FTP
links. See for example:
http://packages.debian.org/changelogs/pool/main/p/phpbb2/phpbb2_2.0.13+1-6/changelog
The entry Add README.multiboard:documentation for setting up
!
Regards,
Thijs Kinkhorst
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
reopen 309882
thanks
Please, try again, as I cannot reproduce this. I'm closing this bug.
Thanks for your swift reply, but the closing is perhaps a bit too swift
since I can still easily reproduce the problem here. Some example URLs
that exhibit the behaviour:
Package: upgrade-reports
Archive date: 2005-05-14
Upgrade date: 2005-05-14
uname -a: Linux schimmel 2.4.30 #3 Sat May 14 16:23:19 CEST 2005 i686
GNU/Linux
Method: aptitude
Contents of /etc/apt/sources.list:
deb http://ftp.nl.debian.org/debian/ sarge main contrib
deb http://security.debian.org/
retitle 307461 qa.debian.org: displays GPG key id not found for non-DD
maintainers
thanks
It concerns not all developers, but only maintainers that aren't
official DD's.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
if this page has any use at all, but that
is a different point.
Regards,
Thijs Kinkhorst
signature.asc
Description: OpenPGP digital signature
Package: qa.debian.org
Severity: normal
If a package only has a single news item, the link of this
item yields a 404 error. See for example:
http://packages.qa.debian.org/g/gaim-extendedprefs.html
Regards,
Thijs Kinkhorst
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Fri, May 20, 2005 13:39, Frank Lichtenheld wrote:
On Thu, May 19, 2005 at 11:27:07PM +0200, Thijs Kinkhorst wrote:
As a followup to my previous mail: the HTML parser also adds weird FTP
links. See for example:
I'm working on a updated script. Thanks for the reports.
Good, thanks. I've
severity 346255 minor
thanks
Hello Frederik,
On Fri, January 6, 2006 18:18, Frederik Reiss wrote:
on http://qa.debian.org/developer.php it is possible to inject javascript
and html tags:
http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E
On Fri, January 6, 2006 06:48, Igor Genibel wrote:
Please read the bugs filled against wnpp concerning mantis. It is already
adopted and uploaded.
Good to hear that. Especially with those vulnerabilities it's good when
there's an active maintainer.
BTW, are you considering of moving the
[0] [EMAIL PROTECTED]:~/qa/wml 1j $cvs ci -m 'filter input for sanity (Closes:
#346255)' developer.wml
Checking in developer.wml;
/org/cvs.debian.org/cvs/qa/wml/developer.wml,v -- developer.wml
new revision: 1.141; previous revision: 1.140
done
I think you might have broken something,
On Fri, 2006-01-06 at 17:03 -0500, Charles Fry wrote:
Perhaps dbconfig-common could help with this?
Perhaps indeed, it's planned to use dbconfig-common soon but I'm unaware
whether that would solve this specific bug, but we'll see.
Thijs
signature.asc
Description: This is a digitally signed
reopen 346255
thanks
On Sat, 2006-01-07 at 00:48 +0100, Christoph Berg wrote:
Re: Thijs Kinkhorst in [EMAIL PROTECTED]
I think you might have broken something, since viewing my own DDPO doesn't
work anymore:
http://qa.debian.org/developer.php?login=kink%40squirrelmail.orgcomaint=yes
Hello Mike,
After discussing the situation with upstream, we agreed that vegastrike
would better serve our users if it was not shipped in sarge.
Sarge has been released, will vegastrike be ready at the time of etch?
Thijs
signature.asc
Description: This is a digitally signed message part
Hello Hugo,
I feel kmatplot should not release with sarge. The project is dead
upstream, qmatplot should be considered at least, but even that is just
a make kmatplot build with gcc3 patched kmatplot 0.4.
Sarge has been released. I think it would be good to either decide to
let the package
This package is not ready for a stable release yet so this bug will
keep it out of Sarge.
Sarge has been released; time to let the package flow to testing,
preparing it for etch?
Thijs
signature.asc
Description: This is a digitally signed message part
I do not believe that the phpwiki package, as-is, is suitable for testing.
It is several minor releases behind upstream, will take significant work to
ensure easy upgrades to the latest upstream version, and has lots of minor
things that make it quirky in live use.
Sarge has been released
Hello Erich,
Minit should not be included in sarge.
The packaging is experimental and i did not recieve any feedback yet.
Since minit doesn't have any dependencies it can be installed from
unstable on even a potato system easily.
Since sarge has been released, do you think it would be time
Hello Martin,
too old for release, package of new upstream version 1.3.2 not yet in
releaseable condition.
I think it would be good to either upload the new upstream to unstable
and let it propagate to testing, or if this is not possible remove the
package from unstable aswell. This
On Sat, 2006-01-07 at 23:38 +1300, Matt Brown wrote:
On Sat, 2006-01-07 at 11:07 +0100, Thijs Kinkhorst wrote:
Sarge has been released by now; the package has been adopted by a new
maintainer who made quite some progress in reducing the bug list. Is it
now time to let the package flow
Hello Bradley, George,
gnokii now has an RC bug. However, Bradley offered it up for adoption in
[EMAIL PROTECTED], and George responded that he
would take it, so that's great. This would be a good time for George to
make a new upload :)
This is a serious bug filed against your package because
Hello Loïc,
Since you are now a comaintainer for evolution and there have been
several MU's since your NMU, this bug can be closed/acknowledged?
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
Hello Loïc,
Since you are now a comaintainer for evolution and there have been
several MU's since your NMU, this bug can be closed/acknowledged?
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
Package: mysql-admin
Version: 1.1.5-1
Severity: minor
Upstream calls this package mysql-administrator. For example in the
source tarball name and in the binary RPM packages. So I would expect to
find the package when I searched in Debian for mysql-administrator.
My first question would be why
On Tue, 2005-11-22 at 11:01 +0100, Thijs Kinkhorst wrote:
W: keylookup; Packages's control file contains 'Essential: no'.
W: keylookup; This package is marked Essential, without being known as
such.
Here's a patch that solves the issue.
Thijs
--- checks/control.py.orig 2006-01-10 12:49
On Tue, 2006-01-10 at 20:18 +, George Wright wrote:
On Mon, 2006-01-09 at 12:24 +0100, Thijs Kinkhorst wrote:
Hello Bradley, George,
However, since there hasn't been concrete action from George yet, I plan
to NMU this package after a week from now. I'll fix this bug, #334070
tags 346710 +patch
thanks
Hello,
Here's the patch.
Thijs
Package: gnokii
Version: 0.6.8-0.2
Followup-For: Bug #346710
Patch now attached.
--- control.orig2006-01-12 16:33:08.0 +0100
+++ control 2006-01-12 16:33:26.0 +0100
@@ -2,7 +2,7 @@
Section: comm
Priority: optional
Maintainer: Bradley Marshall [EMAIL PROTECTED]
Package: gnokii
Version: 0.6.8-0.2
Followup-For: Bug #334070
A patch for this bug.
Thijs
--- control.orig2006-01-12 16:48:48.0 +0100
+++ control 2006-01-12 16:49:12.0 +0100
@@ -7,7 +7,8 @@
Package: gnokii
Architecture: any
-Depends: ${shlibs:Depends},
Package: gnokii
Version: 0.6.8-0.2
Followup-For: Bug #343813
Here's a patch to upgrade to libmysqlclient15-dev.
Thijs
--- control.orig2006-01-12 16:50:29.0 +0100
+++ control 2006-01-12 16:51:15.0 +0100
@@ -2,7 +2,7 @@
Section: comm
Priority: optional
Maintainer:
On Thu, 2005-12-08 at 17:39 +0100, Joost van Baal wrote:
Could [EMAIL PROTECTED] please get created? Since this
I second this request.
Thijs
signature.asc
Description: This is a digitally signed message part
tags 328115 moreinfo
thanks
Hello Mário,
On Thu, 2005-10-06 at 10:45 +0100, Mário Filipe wrote:
I'm sending a .tgz file in attachment with two files:
squirrelmsg: the message, which was saved in evolution where it display
ok (in other graphical email clients there are no complaints either
.
thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Hello,
I suggest :
378c378
msgid Purge
---
msgid purge
in order to translate Purge to Vider.
Thanks, I'll forward this to the upstream maintainer of the French
translation for review and possibly inclusion.
bye,
Thijs
Hello Florian,
Also, the package source is really a bunch of unrelated dirs from each
utility, and at least one of them is Linux-specific (procinfo). I really
think they should be splitted.
I agree with this. Since you are the new maintainer and have been fixing
up this page, perhaps you'd
On Fri, 2005-12-16 at 11:25 +0100, Florian Ernst wrote:
Already working on this, please see
http://lists.debian.org/debian-boot/2005/11/msg01135.html.
Great, thanks. If you need any help, or need some testing, just let me
know.
Thijs
signature.asc
Description: This is a digitally signed
On Sun, 2005-12-18 at 00:15 +0100, Christian Hammers wrote:
Package: ctn
Please upgrade the build dependencies of your package to use
libmysqlclient15-dev
Thanks for the note. Currently, ctn only works with MySQL 4.1 as the
server, I don't think this should be a problem for the client
Package: debian-policy
Version: 3.6.2.1
Severity: minor
Tags: patch
The last paragraph of section 9.3.1:
Also, if the script name ends .sh, the script will be sourced in
runlevel S rather that being run in a forked subprocess, but will be
explicitly run by sh in all
On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote:
You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable
to it? Or did you miss it? Or did you just didn't document this?
This has been fixed but indeed isn't documented in the changelog. The
fact is that
-2005-3334: Sanitize incoming GET parameters in index.php.
+Patch from unstable package (Closes: #335997).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Mon, 19 Dec 2005 13:15:26 +0100
+
flyspray (0.9.7-2) unstable; urgency=high
* Let the user know how to perform database upgrade when mysql
tags 343610 +patch
thanks
Flyspray from unstable (currently 0.9.8-5) depends on phpapi, which obviously
isn't correct. phpapi is (AFAIK) only used by PHP modules, but correct me if
I'm wrong!
You are correct, phpapi should only be used as a dependency by PHP
modules. PHP applications like
Package: flyspray
Version: 0.9.8-5
Severity: minor
Tags: patch
Hello Pierre,
There are two typos in the following output by flyspray.postinst:
Setting up flyspray (0.9.8-5) ...
debconf informations savec in /etc/flyspray/debconf_info
informations should be information
savec
On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote:
For stable:
I've extracted the right patch from the unstable version (which has been
present without any bugreports since the end of October), and that is
attached. I've also prepared updated packages here:
http://www.a-eskwadraat.nl
a classic error
diff -ur flyspray-0.9.8.orig/debian/flyspray.postinst flyspray-0.9.8/debian/flyspray.postinst
--- flyspray-0.9.8.orig/debian/flyspray.postinst 2005-12-19 13:46:56.0 +0100
+++ flyspray-0.9.8/debian/flyspray.postinst 2005-12-19 14:12:45.0 +0100
@@ -149,7 +149,7 @@
On Mon, 2005-12-19 at 15:04 +0100, Florian Weimer wrote:
* Thijs Kinkhorst:
For the testing (etch) and unstable distribution (sid) this problem has
been fixed in version 0.9.8-5.
close 335997 0.9.8-4
-4 or -5?
The changelog for -4 lists the fix (* Branch pull from upstream
(closes
On Mon, 2005-12-19 at 16:26 +0100, Pierre Habouzit wrote:
Multiple Cross-Site-Scripting vulnerabilties have been found in
Flyspray. Have a look at
http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-va
riable.html for more details. This has been assigned CVE-2005-3334,
On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote:
-6 is the package that will fix all that should be, and it'll enter etch
in 10 days from now.
Great, my interest is that the problem is addressed in the best way
possible :) What about stable, do you want to prepare new updated
packages
merge 344094 309927
thanks
On Mon, 2005-12-19 at 18:21 -0500, Roberto Sanchez wrote:
I noticed that the page
http://packages.qa.debian.org/w/webcpp/news/1.html does not exist.
This is a known bug, see #309927.
Thijs
signature.asc
Description: This is a digitally signed message part
retitle 344132 Depend on libphp-phpmailer instead of using packaged version
thanks
On Tue, 2005-12-20 at 11:40 +0200, Serkan Kenar wrote:
Turkish translation for the bundled PHPMailer in Mantis package is
broken. This is fixed in the upstream release of PHPMailer. Broken file
is
.
Thanks in advance.
Thijs Kinkhorst
, thank you for your report, I will check this out with
upstream to see what's going on here.
regards,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Package: libjdom-java
Severity: minor
Arnaud Vandyck is spelled as Arnaud Vandyk, yields an extra entry in
http://www.debian.org/devel/people
bye,
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: wnpp
Severity: wishlist
Owner: Thijs Kinkhorst [EMAIL PROTECTED]
* Package name: squirrelmail-decode
Version : 1.0
Upstream Author : SquirrelMail Project Team
* URL : http://www.squirrelmail.org/
* License : GPL
Description : Extra decoding
/etc/init.d/shorewall stop will keep applied some of the shorewall settings
I experienced a problem that I think reduces to the same issue: I executed
/etc/init.d/shorewall stop, thinking that it would disable the shorewall
rules and hence enable all traffic. However, running
Those bug reports seem to basically imply that cruft should call
deborphan and report what it's found. But I don't think that is a good
idea, since cruft and deborphan have two different purposes.
Might it be an idea to supply 'deborphan' as a Suggests? I think it's
quite likely that people
Hello Jorge,
On Tue, December 27, 2005 22:43, Jorge Salamero Sanz wrote:
i'm still having the same problem in sarge and etch packages of
squirrelmail.
Can you tell us a bit more about the specifics of your problem and why you
think it's the same as this bug which has already been closed? The
On Tue, December 27, 2005 23:36, Jorge Salamero Sanz wrote:
maybe i read this bug too quick ...
my problem is whatever i put in squirrelmail default locale or options
display preferences languagem squirrelmail is always in english. i try
spanish, basque, french ... and always in enligsh
Hello Moritz,
On Sat, December 24, 2005 16:02, Moritz Muehlenhoff wrote:
The mentioned path disclosure is obviously not a problem, but does
the described XSS issue have real-world security implications?
Sorry for not getting back to you earlier, this is due to the holidays.
Hope you had a nice
The link to packages-arch-specific is broken.
The correct link is:
http://cvs.debian.org/srcdep/Packages-arch-specific?rev=HEADcvsroot=dakcontent-type=text/vnd.viewcvs-markup
It's appearently mangled by something when generating the document.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL
On Fri, 2005-12-30 at 05:02 +0100, Moritz Muehlenhoff wrote:
Lots of vulnerabilites have yet again been found in Mantis:
Since I've taken care of the previous round of vulnerabilities, I'll
take a look to see what I can do here, but provide no guarantees at this
point.
[Hilko, in another bug
Package: phpbb2
Severity: wishlist
Hello all,
The phpBB authors have released 2.0.19 today which lists the following
issues labeled as security:
1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the
url bbcode
2 * [Sec] fixed XSS issue (only valid for Internet Explorer)
On Sun, 2005-12-04 at 13:56 -0500, sean finney wrote:
at the very least, dbconfig-common could hold the common debconf
template, so that multiple packages could benefit from having the text
pre-translated.
I guess that would create confusion if dbconfig-common doesn't also
provide
reopen 335997
found 335997 0.9.7-2
thanks
Hello Pierre,
Sorry, didn't have time to get back to this earlier. I've verified that
unstable is indeed completely fixed for CVE-2005-3334 (which contains
some typos in the names of the affected variables).
Though, please note that this XSS
tags 334738 upstream
thanks
Hello Reine,
As Danish, Swedish and Finnish translations is broke upstreams, these were
dropped from the package. My wish is that those will be fixed, and
distributed
together with the next update to the debianzied package.
The upstream packages contain borked
Hello Nigel,
On Mon, 2005-12-05 at 14:34 +, Nigel Horne wrote:
I will look into it and try your suggestion. For what it is worth, I am
using the default settings for everything that I can, and IMHO defaults
should work!
I've checked this, and the default for gzip is Off on a brand clean
Hello Ian,
The recomended solution for having multiple boards on the same debian
system seems to be to use a single instalation of the site files, and
simply point each virtual host to a different database. This is
acomplished by placing a 'php_value auto_prepend_file ...' line within
Package: bugs.debian.org
Severity: wishlist
The titles of bugs are bolded links. However, if you mark a bug as
forwarded to some http-location (eg an upstream bts), you get two
bolded, long links for the same bug entry on the overview page. That
makes the section Forwarded Bugs very noisy.
There's an update to the status of this bug. We've got a response from
the upstream author, John Finlay, about our copyright concerns. He
writes:
We have decided to work on this for the next release, which will be
version 4.0. Version 4.0 should be finalized within a month. I have
resolved
retitle 314839 dutch -- Dutch dictionary in new (August 1996) spelling
owner 314839 !
thanks
Hello people,
I'm intending to adopt this package Real Soon Now. The new spelling is
coming up soon and the package needs to be changed for that. I will put
it in a svn repository that I can make
1 - 100 of 2622 matches
Mail list logo
