Processing commands for [EMAIL PROTECTED]:
reopen 290974
Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks
Bug reopened, originator not changed.
tags 290974 sarge
Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks
Tags were: sarge security
reopen 290974
tags 290974 sarge
thanks
A few comments on this:
* (Thom May)
- Security fix - fix tempfile usage in check_forensic (Closes: #290974)
- Please help track this bugs in sarge by tagging them
- fmn.sh was not fixed. Even if not used in the Debian package I would
appreciate
Your message dated Thu, 20 Jan 2005 17:06:50 +0900
with message-id [EMAIL PROTECTED]
and subject line Processed: Fixed in NMU of perdition 1.15-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is
Processing commands for [EMAIL PROTECTED]:
severity 291347 important
Bug#291347: debian-installer: SiS5513 IDE Module doesn't work,, must use
ide-generic or ide based systems won't work
Severity set to `important'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Processing commands for [EMAIL PROTECTED]:
reassign 291331 libsdl1.2-dev
Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library
`/usr/lib/libartsc.la'
Bug reassigned from package `smilutils' to `libsdl1.2-dev'.
tags 291331 -sid
Bug#291331: smilutils: ftbfs [sparc]
Processing commands for [EMAIL PROTECTED]:
severity 291348 important
Bug#291348: kernel-image-2.6.8: SiS USB 1.0 Controller Fails in Bulk Transport
with, 2.6.8, fixed in 2.6.10
Severity set to `important'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug
reassign 291331 libsdl1.2-dev
tags 291331 -sid
merge 291331 291268
thanks
This is not a bug in smilutils. The current version of the libsdl1.2-dev
package is broken; reassigning.
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
Hi Brian,
merge 291339 284181
thanks
On Thu, Jan 20, 2005 at 05:12:45PM +1100, Brian May wrote:
Setting up alsa-modules-2.4.27-1-686 (1.0.6a+5) ...
depmod: *** Unresolved symbols in
/lib/modules/2.4.27-1-686/updates/alsa/snd-pdaudiocf.o
There's a fixed package for 2.4.27-2-* waiting in NEW.
Package: gaim-gnome
Version: 1:0.58-2.4
Severity: grave
Justification: renders package unusable
# LANG=en; apt-get install gaim-gnome
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation
reopen 289560
thanks
At least woody is not fixed. I just checked, there is also no entry in
http://www.debian.org/security/nonvulns-woody
for this issue. Either one (the first preferably) needs to be handled.
Greetings
Helge
--
Helge Kreutzmann, Dipl.-Phys. [EMAIL
Jeff,
Above and beyond the issue of distributing code without proper license
notices, the APSL 2.0 is not, in the opinion of many (and AFAICT, according
to the consensus of the debian-legal mailing list), a free license under the
DFSG. Although there's been extensive discussion about *which*
Your message dated Thu, 20 Jan 2005 04:47:15 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291209: fixed in csmash 0.6.6-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
On Wed, Jan 19, 2005 at 10:02:47AM +0100, Matías Costa wrote:
* Steve Langasek [Tue, 18 Jan 2005 05:14:14 -0800]:
I am not able to reproduce this bug using the packages in sarge. Can you
please downgrade kdelibs4 on your system to the version in unstable, to
confirm whether this bug
Your message dated Thu, 20 Jan 2005 10:37:55 +
with message-id [EMAIL PROTECTED]
and subject line DSA out
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen
On Tue, Jan 18, 2005 at 10:48:35AM -0600, Bud Rogers wrote:
If I start konqueror from the menu or command line, it comes up
normally. If I click on any link, it spawns another window and
contines to spawn new windows at about 2-3 second intervals. I have to
killall konqueror or C-c from
On Thu, 2005-01-20 at 17:12 +1100, Brian May wrote:
depmod: *** Unresolved symbols in
/lib/modules/2.4.27-1-686/updates/alsa/snd-pdaudiocf.o
[...]
I rebuilt the modules from the source code, and the modules I require
work (I still get undefined symbols from
* Javier Fern?ndez-Sanguino Pe?a ([EMAIL PROTECTED]) wrote :
reopen 290974
tags 290974 sarge
thanks
A few comments on this:
* (Thom May)
- Security fix - fix tempfile usage in check_forensic (Closes: #290974)
- Please help track this bugs in sarge by tagging them
- fmn.sh
Package: mysql-server
Version: 4.1.7-2
Priority: grave
Tags: experimental
Just a quick note to tell that there are several symlink vulnerabilities in
the experimental version of mysql-server which have been fixed in sid's.
This includes (but is not limited to) mysqlaccess (#291122), and
Package: maxdb
Severity: grave
Tags: sarge security
# sid is already fixed, so this is a reminder.
Two CVE ids have been assigned to this advisory:
Candidate: CAN-2005-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0081
Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.5
tags 284181 sid
Bug#284181: alsa-modules-2.4.27-1-686: plenty of unresolved symbols
Tags were: pending
Bug#284463: Alsa modules no longer load after minor kernel update
Bug#284485:
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.6-1-686
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
gaim-gnome was discontinuted starting with the 0.60 release, we
(upstream)
Processing commands for [EMAIL PROTECTED]:
reassign 291380 maxdb-7.5.00
Bug#291380: [EMAIL PROTECTED]: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB
Web Agent Multiple Denial of Service Vulnerabilities]
Warning: Unknown package 'maxdb'
Bug reassigned from package `maxdb' to `maxdb-7.5.00'.
Steve Langasek [EMAIL PROTECTED] wrote:
- The copyright license is terminated if you attempt to defend your patent
rights against Apple.
It should be emphasised that this is the case if you defend /any/ patent
rights against Apple. It's not limited to software patents, and it's not
limited
Hello Javier
On 2005-01-20 Javier Fernández-Sanguino Peña wrote:
Package: mysql-server
Version: 4.1.7-2
Priority: grave
Tags: experimental
experimental is obsolete. There is a bug for the FTP maintainers to remove
it but they have too much work to do it seems. Anyway don't use a version
in
I wrote:
I strongly suspect that you haven't built your alsa-modules package
against the sources for the kernel you are running.
Urg, sorry -- I was forgetting that not only the Debian
kernel-image-2.4.27-1-* packages but also kernel-image-2.4.27* packages
built from Debian sources had altered
Package: nautilus-cd-burner
Version: 2.8.6-3
Severity: grave
Justification: renders package unusable
When trying to burn a cd, Nautilus-cd-burner reports :
File image creation failed
Incorrectly named files were to be added to the CD
I found this on google that might be related :
Package: kernel-image-2.4.27-2-686
Version: 2.4.27-7
Severity: critical
Justification: breaks the whole system
When the install of kernel-image tries to create initrd,
those lines go to /var/log/messages:
Jan 20 09:39:39 fregate kernel: device-mapper: unknown block ioctl 0x801c6d02
Jan 20
tag 291064 patch
thanks
Hi!
FYI, I just fixed the Ubuntu package, you can get the debdiff from
http://patches.ubuntu.com/patches/awstats.CAN-2005-0016.diff
The upstream fix is much more invasive, I just did the necessary
changes to fix the vulnerability, nothing else.
Martin
--
Martin Pitt
Package: slapd
Version: 2.1.30-3
Severity: critical
Justification: causes serious data loss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
We are running debian sarge on some of our servers now and are getting
data and index corruption (every few weeks). On different servers
(configured the
--- Ralph Giles [EMAIL PROTECTED] wrote:
On Mon, Jan 10, 2005 at 09:37:18PM -0800, Josh Coalson wrote:
as far as I can piece together, the last releases went like:
FLAC release libOggFLAC went to
- --
1.1.0 1:2:0 from
Package: util-vserver
Version: 0.30-10
Severity: grave
Hi,
I had the problem that e.g. vserver-stats didn't work for me. On
checking it up, the build log proved that it is using syscall 273 for
that, instead of the really used one:
aba Bertl: if the configure script says: checking for number
Did you restart kde session after upgrade? If you create a new user
account, does konqueror behave the same? It is well known but
unfortunate that kde might not work after a major upgrade with the
old configuration files. If the new user works, you need to recreate
your ~/.kde configs.
That
Kalle Olavi Niemitalo wrote:
Package: kjc
Version: 2:1.1.4.PRECVS6-1
Severity: serious
The kaffe source package does not include the source code for kjc.
Instead, there is just a kjc.jar full of compiled class files.
/usr/share/doc/kjc/copyright describes:
* libraries/javalib/kjc.jar
Kopi Java
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.6
severity 291362 serious
Bug#291362: installation-reports: LVM install failed due to missing dmsetup
Severity set to `serious'.
End of message, stopping processing here.
Please
Jim Pick wrote:
Dalibor just removed kjc.jar from our CVS. We were already discussing
ways of redoing the build and packaging, and the bootstrapping process
with kjc.jar has been painful, to say the least. So we were going to
redesign the packaging process altogether anyhow.
Yeah, it is
Wholeheartedly agreed. KJC should definitely be a separate package.
Can classpath be entirely extricated from the Kaffe package? Is the JNI
integration that uniform across VMs in Debian?
On Thursday 20 January 2005 2:09 pm, Jim Pick wrote:
First off, I think calling it a GPL violation is a bit
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.5
tags 290890 sid
Bug#290890: Please remove distributed-net-pproxy.
There were no tags set.
Tags added: sid
End of message, stopping processing here.
Please contact me if you need
Ean Schuessler wrote:
Wholeheartedly agreed. KJC should definitely be a separate package.
Can classpath be entirely extricated from the Kaffe package? Is the JNI
integration that uniform across VMs in Debian?
Yep. Classpath has a nice feature called VM interface, which all VMs
using classpath
Wesley W. Terpstra wrote:
On Thu, Jan 20, 2005 at 02:59:00PM -0500, Joey Hess wrote:
initrd-tools 0.1.76 changed to abort on install to LVM if dmsetup was
not installed. I think this was a mistake. I'm ccing tbm, who made the
change.
I made the change.
Right, tbm only committed it.
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.6
severity 291006 serious
Bug#291006: Package: installation-reports
Severity set to `serious'.
severity 291362 serious
Bug#291362: installation-reports: LVM install failed due to
Processing commands for [EMAIL PROTECTED]:
severity 291426 important
Bug#291426: util-vserver doesn't work if compiled on a !ctx-kernel
Severity set to `important'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
severity 291426 important
thanks
On Thu, Jan 20, 2005 at 06:47:06PM +0100, Andreas Barth wrote:
Package: util-vserver
Version: 0.30-10
Severity: grave
Hi,
I had the problem that e.g. vserver-stats didn't work for me. On
checking it up, the build log proved that it is using syscall 273
On Fri, Jan 07, 2005 at 11:47:33PM +0100, Artur R. Czechowski wrote:
There are two issues concerning this bug:
1) missed dependency in libwvstreams-dev (#
Fixed in unstable.
2) files in libxplc0.3.10-dev are in location not under standard search
path
[...]
The 2nd issue requires
Thomas == Thomas Hood [EMAIL PROTECTED] writes:
Thomas I strongly suspect that you haven't built your
Thomas alsa-modules package against the sources for the kernel
Thomas you are running. Please double check that the kernel you
Thomas are running is the one built from the tree
Thomas == Thomas Hood [EMAIL PROTECTED] writes:
I rebuilt the modules from the source code, and the modules I
require work (I still get undefined symbols from
snd-{pdaudiocf,vx-cs,vxp440,vxpocket}.o, but I don't need these
anyway).
Thomas I strongly suspect that you
Go for it - I'm still waiting for keyring-maint to re-enable my account :/
Pat.
On Thursday 20 January 2005 16:50, Frank Lichtenheld wrote:
On Fri, Jan 07, 2005 at 11:47:33PM +0100, Artur R. Czechowski wrote:
There are two issues concerning this bug:
1) missed dependency in
Brian == Brian May [EMAIL PROTECTED] writes:
Thomas == Thomas Hood [EMAIL PROTECTED] writes:
Thomas I strongly suspect that you haven't built your
Thomas alsa-modules package against the sources for the kernel
Thomas you are running. Please double check that the kernel you
Package: mozilla-thunderbird-enigmail
Version: 2:0.90.0-1
Severity: grave
Justification: renders package unusable
This problem seems rather simple.
I apt-getted everything necessary for enigmail support : mozilla-thunderbird
andmozilla-thunderbird-enigmail including all dependencies. Enigmail
[EMAIL PROTECTED] wrote:
Above and beyond the issue of distributing code without proper license
notices, the APSL 2.0 is not, in the opinion of many (and AFAICT, according
to the consensus of the debian-legal mailing list), a free license under the
Where many in this context should be read as an
Processing commands for [EMAIL PROTECTED]:
reassign 291428 libtiff4-dev
Bug#291428: capi4hylafax: ftbfs [sparc] libtool: link: cannot find the library
`/usr/lib/libjpeg.la'
Bug reassigned from package `capi4hylafax' to `libtiff4-dev'.
merge 291428 291136
Bug#291136: capi4hylafax: FTBFS:
Your message dated Thu, 20 Jan 2005 18:17:39 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#289702: fixed in menu 2.1.21
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
Dalibor Topic wrote:
Thanks a lot for pointing that out, that's indeed a serious problem with
the package. I'll make sure that either kjc.jar includes the sources, or
kjc's source code including the patches is part of kaffe.
I've removed kjc in kaffe's CVS and made the build and the regression
* Matthijs Mohlmann ([EMAIL PROTECTED]) wrote:
We are running debian sarge on some of our servers now and are getting
data and index corruption (every few weeks). On different servers
(configured the same) we experience those problems. I think it is
openldap that causes this problem because
Package: openwebmail
Priority: grave
Version: 2.41-10
Tags: patch security
Openwebmail has multiple unsafe usages of temporary files (in /tmp) which
lead to race conditions and symlink attacks. There are actually a lot of
Perl scripts that, instead of using Perl's builtin File::Temp module use
Your message dated Thu, 20 Jan 2005 19:47:12 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291433: fixed in sword 1.5.7-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
On Fri, Jan 07, 2005 at 06:37:52PM +0100, Michael Schmitz wrote:
Severity: serious
Can you please comment on why you think these bugs make kino unsuitable
for release; specifically, which section of policy is violated? I'm not
denying that the bugs you reported are nasty and should be fixed, but
Processing commands for [EMAIL PROTECTED]:
tags 291166 + sarge
Bug#291166: rosegarden4: will not load any files
There were no tags set.
Tags added: sarge
thanks.
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
Processing commands for [EMAIL PROTECTED]:
clone 291488 -1
Bug#291488: RM: java2-common -- RoQA; unneeded package
Bug 291488 cloned as bug 291491.
reassign -1 java2-common
Bug#291491: RM: java2-common -- RoQA; unneeded package
Bug reassigned from package `ftp.debian.org' to `java2-common'.
reassign 291386 initrd-tools
thanks
On Thu, Jan 20, 2005 at 02:17:34PM +0100, Eric Deplagne wrote:
Package: kernel-image-2.4.27-2-686
Version: 2.4.27-7
Severity: critical
Justification: breaks the whole system
When the install of kernel-image tries to create initrd,
those lines go to
Your message dated Thu, 20 Jan 2005 23:17:45 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#288046: fixed in kernel-source-2.4.27 2.4.27-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case
Your message dated Thu, 20 Jan 2005 23:17:45 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#289202: fixed in kernel-source-2.4.27 2.4.27-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case
Your message dated Fri, 21 Jan 2005 02:07:34 -0500
with message-id [EMAIL PROTECTED]
and subject line New sablevm 1.1.9-1 debs built on sparc w/o problems
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the
Package: konversation
Version: 0.15-2
Severity: grave
Tags: security sarge sid
These problems have been discovered by Wouter Coekaerts in the konversation
IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
some older versions too. They are fixed in 0.15.1.
When you fix these
Package: wvdial
Version: 1.54.0-1
Severity: grave
Justification: package is completely unusable
The wvstreams package has changed package names from libwvstreams3-base to
libwvstreams4.0-base, making wvdial uninstallable in unstable. In addition,
wvdial prevents the new wvstreams from
64 matches
Mail list logo