On Fri, Mar 15, 2013 at 06:52:45PM +0100, Mike Hommey wrote:
I was considering we should get 3.14.x in both testing and
stable-security, actually, but it needs some work to make it on par with
the versions in testing and stable, because in its current state it
breaks some things people might
On Fri, Mar 15, 2013 at 10:30:09PM +0100, Julien Cristau wrote:
On Fri, Mar 15, 2013 at 18:56:21 +0100, Ralf Treinen wrote:
diff -ur rinputd-1.0.5.old/debian/config rinputd-1.0.5/debian/config
--- rinputd-1.0.5.old/debian/config 2012-04-12 20:06:14.0 +0200
+++
On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
So, here are a few more info:
- 3.13 disabled SSL 2.0 by default
- 3.13 added a defense against the Rizzo and Duong attack, which is
known to break applications. It can be disabled easily.
- 3.14 removed support for md5 signature of
severity 703128 important
thanks
Op zaterdag 16 maart 2013 00:45:18 schreef Christoph Anton Mitterer:
Marking this as important and security, as such ungracefull errors tend to
be prone to attacks.
Rightly so. These issues indeed should be fixed to prevent any security issues
proactively, and
Processing commands for cont...@bugs.debian.org:
severity 703128 important
Bug #703128 [src:davical] davical: errors when accessing some php files as
non-admin user
Severity set to 'important' from 'grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
703128:
Op zaterdag 16 maart 2013 09:37:25 schreef Yves-Alexis Perez:
On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
So, here are a few more info:
- 3.13 disabled SSL 2.0 by default
- 3.13 added a defense against the Rizzo and Duong attack, which is
known to break applications. It can
Processing commands for cont...@bugs.debian.org:
tags 698294 + confirmed pending
Bug #698294 [puppet] puppet: Checksum mismatch when copying followed symlinks
(upstream #7680)
Added tag(s) confirmed and pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Hi,
| -Change Pre-Depends to Depends (OK now that base-files Pre-Depends: awk)
This is not correct and needs to be reverted, since it means that gawk
might be unpacked before its dependencies during upgrades. If the awk
alternative is set to gawk, other packages which are unpacked in the
Processing commands for cont...@bugs.debian.org:
# will hopefully be fixed pre release, but otherwise can go in through
security
user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was
jcris...@debian.org).
usertags 697230 wheezy-can-defer
Processing control commands:
severity -1 serious
Bug #702703 [prelude-manager] prelude-manager: sql error during install: at
line 11: You have an error in your SQL syntax; [...] near 'TYPE=InnoDB' at line
4
Severity set to 'serious' from 'important'
--
702703:
Processing commands for cont...@bugs.debian.org:
severity 702428 important
Bug #702428 [xcp-xapi] HVM fails to start with VIF / qemu-dm error
Severity set to 'important' from 'serious'
End of message, stopping processing here.
Please contact me if you need assistance.
--
702428:
On Sat, Mar 16, 2013 at 08:56:15AM +0100, Ralf Treinen wrote:
On Fri, Mar 15, 2013 at 10:30:09PM +0100, Julien Cristau wrote:
On Fri, Mar 15, 2013 at 18:56:21 +0100, Ralf Treinen wrote:
diff -ur rinputd-1.0.5.old/debian/config rinputd-1.0.5/debian/config
---
Your message dated Sat, 16 Mar 2013 11:34:14 +
with message-id 1363433654.2662.14.ca...@jacala.jungle.funky-badger.org
and subject line Re: Bug#661018: FTBS due to new freexl
has caused the Debian Bug report #661018,
regarding FTBS due to new freexl
to be marked as done.
This means that you
On Sun, 2012-10-07 at 14:30 +0200, Mehdi Dogguy wrote:
On 21/09/2012 04:58, Peter Eisentraut wrote:
According to bug #678979 [0], which was submitted by the lead
upstream developer, slony 2.0 does not work well with postgresql
9.1. Therefore, we had to resolve to making an upgrade to slony
Your message dated Sat, 16 Mar 2013 11:47:41 +
with message-id e1ugpap-0003uh...@franck.debian.org
and subject line Bug#702453: fixed in cogl 1.10.2-7
has caused the Debian Bug report #702453,
regarding missing Replaces/Breaks: gir1.0-clutter-1.0
to be marked as done.
This means that you
Hi,
Here's the diff for the gawk I'm going to upload.
Cheers,
Thijs
diff -Nru gawk-4.0.1+dfsg/debian/changelog gawk-4.0.1+dfsg/debian/changelog
--- gawk-4.0.1+dfsg/debian/changelog 2012-05-21 10:36:06.0 +0200
+++ gawk-4.0.1+dfsg/debian/changelog 2013-03-16 12:43:50.0 +0100
@@
Your message dated Sat, 16 Mar 2013 12:02:37 +
with message-id e1ugpor-0005pr...@franck.debian.org
and subject line Bug#702524: fixed in gawk 1:4.0.1+dfsg-2.1
has caused the Debian Bug report #702524,
regarding gawk: Depends should really be Pre-Depends
to be marked as done.
This means that
Control: reopen -1
Hi,
squeeze is vulnerable, as seen on the Navigator Graph page by changing
the displaymode in the URL. It gets echoed back by this:
return divERROR: unknown displaymode $mode/div
I'm not convinced the 'blacklist characters' approach was a great way to
handle it, but at
Processing control commands:
reopen -1
Bug #659899 {Done: Antoine Beaupré anar...@debian.org} [smokeping]
CVE-2012-0790: XSS
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer
Processing control commands:
reassign -1 src:wagon2
Bug #701991 [src:maven] maven3: CVE-2013-0253
Bug reassigned from package 'src:maven' to 'src:wagon2'.
Ignoring request to alter found versions of bug #701991 to the same values
previously set
Ignoring request to alter fixed versions of bug
Processing control commands:
reassign -1 src:wagon2
Bug #701991 [src:wagon2] maven3: CVE-2013-0253
Ignoring request to reassign bug #701991 to the same package
tags -1 + patch
Bug #701991 [src:wagon2] maven3: CVE-2013-0253
Ignoring request to alter tags of bug #701991 to the same tags
Control: reassign -1 src:wagon2
Control: tags -1 + patch
Hi,
The email does not appear to have reached the BTS, so I am resending it
(and quoting it in full).
~Niels
On 2013-03-15 04:49, Arnaud Fontaine wrote:
Control: reassign -1 src:wagon2
Control: tags -1 + patch
Hello,
This
On Mon, Mar 11, 2013 at 08:56:47 -0700, Clint Byrum wrote:
This is fixed upstream by allowing the timeout to be raised... since it
is an arch:all package, I don't expect this to be disruptive to buildds,
only to users trying to build on extremely slow systems.
The submitter said the failures
Package: bdii
Version: 5.2.17-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install. As
per definition of the release team this makes the package too buggy for
a release, thus the severity.
From the
On 16/03/13 12:40, Steven Chamberlain wrote:
and the generated HTML contains:
IMG id=zoom BORDER=0 width=697 height=315
SRC=/smokeping/images/__navcache/136343653521739_now oops
_1363423440.png
Fortunately though, it doesn't seem possible to use an equals sign in
these parameters, and so
Processing commands for cont...@bugs.debian.org:
found 703141 1.4.0.6~dfsg1-3
Bug #703141 [scratch] scratch: fails to install if gnome-session-common is
installed but hicolor-icon-theme is not
Marked as found in versions scratch/1.4.0.6~dfsg1-3.
found 699647 1.3.5~rc2-1
Bug #699647
On Sat, 2013-03-16 at 12:40 +, Steven Chamberlain wrote:
Control: reopen -1
[...]
squeeze is vulnerable, as seen on the Navigator Graph page by changing
the displaymode in the URL. It gets echoed back by this:
Bug reopened
No longer marked as fixed in versions smokeping/2.6.7-1.
Is
Control: fixed -1 2.6.7-1
Hi Steven
On Sat, Mar 16, 2013 at 12:40:04PM +, Steven Chamberlain wrote:
Control: reopen -1
Hmm, as Adam wrote, was this intentional? Because this way we lost the
version tracking for already fixed version. BTS handles fixed versions
already.
Btw, it's a nice
Processing control commands:
fixed -1 2.6.7-1
Bug #659899 [smokeping] CVE-2012-0790: XSS
Marked as fixed in versions smokeping/2.6.7-1.
--
659899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE,
Package: bastille
Version: 1:3.0.9-13
Severity: serious
Tags: patch
The script /usr/sbin/bastille is not able to compute
PERL_VERSION correctly, leaving the variable empty
on system with mixed testing-unstable. The implemented
commmand pipe chain is broken and amateurish!
A functional patch is
Package: python-gevent
Version: 0.13.6-1+nmu2
Severity: serious
Tags: patch
The last NMU that fixed #661342 forgets to include the .egg-info
directory, causing tools like pip that rely on the egg infrastructure
to fail to see gevent.
-- System Information:
Debian Release: wheezy/sid
APT
❦ 3 mars 2013 00:28 CET, Holger Levsen hol...@layer-acht.org :
Here is my proposition:
http://anonscm.debian.org/gitweb/?p=pkg-roundcube/roundcube.git;a=commitd
iff;h=15f5a10444c9d4c8bf7b3e83a82dd6f9e2a4b384
seems right, yes, but it misses a pointer to instructions how to upgrade to a
Processing commands for cont...@bugs.debian.org:
tags 702703 +pending
Bug #702703 [prelude-manager] prelude-manager: sql error during install: at
line 11: You have an error in your SQL syntax; [...] near 'TYPE=InnoDB' at line
4
Added tag(s) pending.
tags 660455 +pending
Bug #660455
On Thu, Sep 20, 2012 at 22:55:28 +0900, Rolf Leggewie wrote:
On 20.09.2012 14:52, Hideki Yamane wrote:
The reason is scim-anthy was unblocked (Bug#685036) and migrated to
testing but scim (1.4.14-2) still stops in unstable. So, release
managers, can you consider to unblock scim to fix RC
Hi Vincent,
On Samstag, 16. März 2013, Vincent Bernat wrote:
So, here is a wiki page with a complete procedure for update.
http://wiki.debian.org/Roundcube/DeprecationOfSQLitev2
I am uploading a version of Roundcube with the appropriate NEWS entry
pointing to this page.
awesome, thanks a
Hi,
On 16/03/13 13:56, Adam D. Barratt wrote:
On Sat, 2013-03-16 at 12:40 +, Steven Chamberlain wrote:
No longer marked as fixed in versions smokeping/2.6.7-1.
Is that really what you meant to do?
I can't remember now, so it was probably a mistake, but now I can think
of a reason to
Control: found -1 2.6.7-1
Control: fixed -1 2.6.9-1~exp0
Control: fixed -1 2.3.6-5+squeeze1
Control: tags -1 pending
Control: block -1 with 703193
On 2013-03-16, Salvatore Bonaccorso wrote:
Control: fixed -1 2.6.7-1
Hi Steven
On Sat, Mar 16, 2013 at 12:40:04PM +, Steven Chamberlain
Processing control commands:
found -1 2.6.7-1
Bug #659899 [smokeping] CVE-2012-0790: XSS
Marked as found in versions smokeping/2.6.7-1; no longer marked as fixed in
versions smokeping/2.6.7-1.
fixed -1 2.6.9-1~exp0
Bug #659899 [smokeping] CVE-2012-0790: XSS
There is no source info for the
Your message dated Sat, 16 Mar 2013 16:48:54 +
with message-id e1uguhu-0004en...@franck.debian.org
and subject line Bug#659899: fixed in smokeping 2.6.9-1~exp0
has caused the Debian Bug report #659899,
regarding CVE-2012-0790: XSS
to be marked as done.
This means that you claim that the
Your message dated Sat, 16 Mar 2013 16:48:48 +
with message-id e1uguho-0004bj...@franck.debian.org
and subject line Bug#688634: fixed in roundcube 0.7.2-7
has caused the Debian Bug report #688634,
regarding roundcube-sqlite upgrade causes serious data-loss
to be marked as done.
This means
On Sat, 2013-03-16 at 11:38 +, Adam D. Barratt wrote:
On Sun, 2012-10-07 at 14:30 +0200, Mehdi Dogguy wrote:
On 21/09/2012 04:58, Peter Eisentraut wrote:
According to bug #678979 [0], which was submitted by the lead
upstream developer, slony 2.0 does not work well with postgresql
Processing commands for cont...@bugs.debian.org:
fixed 702669 4.3.9+dfsg1-1+squeeze8
Bug #702669 {Done: Adam D. Barratt a...@adam-barratt.org.uk} [typo3-src]
TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 Core
(CVE-2013-1842, CVE-2013-1843)
Bug #702574 {Done: Adam D.
Processing commands for cont...@bugs.debian.org:
fixed 659899 2.6.9-1~exp0
Bug #659899 {Done: Antoine Beaupré anar...@debian.org} [smokeping]
CVE-2012-0790: XSS
There is no source info for the package 'smokeping' at version '2.6.9-1~exp0'
with architecture ''
Unable to make a source version
Control: tags -1 confirmed
On 2013-03-16 16:03:55, Jeroen Dekkers wrote:
Package: python-gevent
Version: 0.13.6-1+nmu2
Severity: serious
Tags: patch
The last NMU that fixed #661342 forgets to include the .egg-info
directory, causing tools like pip that rely on the egg infrastructure
to
Processing control commands:
tags -1 confirmed
Bug #703187 [python-gevent] Last upload forgets to include .egg-info directory
Added tag(s) confirmed.
--
703187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
Moritz Muehlenhoff j...@inutil.org wrote:
Google fixed a security issue in icu, which is embedded in Chrome:
http://googlechromereleases.blogspot.de/2013/02/stable-channel-update_21.html
| [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to
Google Chrome Security Team (Inferno).
Jay Berkenbilt q...@debian.org wrote:
They also send me links to the upstream fixes:
http://bugs.icu-project.org/trac/changeset/32865
http://bugs.icu-project.org/trac/changeset/32908
I can prepare a new upload with these fixes and call it CVE-2013-0900.
There's a one-line fix for a
Your message dated Sat, 16 Mar 2013 20:26:44 +0100
with message-id 20130316192644.ga13...@earth.ramacher.at
and subject line Re: Bug#702633: CVE-2012-1016: NULL pointer dereference (DoS)
in plugins/preauth/pkinit/pkinit_srv.c
has caused the Debian Bug report #702633,
regarding CVE-2012-1016: NULL
control: severity -1 important
control: tag -1 unreproducible
Only Hartwig responded to my call to testing of fixed binary [1], and,
unfortunately, it still crashes for him on the same site [2]. It does
not for me, however I have a different CPU: UltraSPARC III as opposed
to UltraSPARC II in
Processing control commands:
severity -1 important
Bug #674908 [iceweasel] [sparc] iceweasel: JavaScript crash on some sites
Severity set to 'important' from 'grave'
tag -1 unreproducible
Bug #674908 [iceweasel] [sparc] iceweasel: JavaScript crash on some sites
Added tag(s) unreproducible.
--
package: src:libav
severity: grave
version: 6:0.8.5-1
Hi, the following vulnerabilities were published for libav. These are
currently unfixed in 0.8.5-1.
CVE-2013-0894[0]:
| Buffer overflow in the vorbis_parse_setup_hdr_floors function in the
| Vorbis decoder in vorbisdec.c in libavcodec in
Processing commands for cont...@bugs.debian.org:
close 672994
Bug #672994 [socat] CVE-2012-0219: buffer overflow
Marked Bug as done
tag 701897 -unreproducible
Bug #701897 [grep] CVE-2012-5667: buffer overflow with overly long input lines
Removed tag(s) unreproducible.
thanks
Stopping
Processing commands for cont...@bugs.debian.org:
close 619857
Bug #619857 [erlang] erlang: Urgend warning to upgrade to R14B02
Marked Bug as done
thanks
Stopping processing here.
Please contact me if you need assistance.
--
619857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619857
Processing commands for cont...@bugs.debian.org:
found 628843 1:4.1.4.2+svn3283-1
Bug #628843 [login] login: tty hijacking possible in su via TIOCSTI ioctl
Marked as found in versions shadow/1:4.1.4.2+svn3283-1.
notfound 628843 1:4.1.4.2+svn3283-2+squeeze1
Bug #628843 [login] login: tty
Processing commands for cont...@bugs.debian.org:
found 659899 2.3.6-5
Bug #659899 {Done: Antoine Beaupré anar...@debian.org} [smokeping]
CVE-2012-0790: XSS
Marked as found in versions smokeping/2.3.6-5.
notfound 659899 2.6.7-1
Bug #659899 {Done: Antoine Beaupré anar...@debian.org} [smokeping]
We can consider to put it into a DSA in which the text details how to disable
the options if they cause trouble. An alternative is to put it into spu
instead, where it may be slightly (probably just slightly) more acceptable to
change behaviour than in a DSA. But it will also mean having to
On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
We can consider to put it into a DSA in which the text details how to
disable
the options if they cause trouble. An alternative is to put it into spu
instead, where it may be slightly (probably just slightly) more acceptable
Hi Antoine
Dropping Tobias Oetiker again from Cc, don't know if he is actually
interested to follow this. But we might/should bring further issues
with smokeping to him.
On Sat, Mar 16, 2013 at 12:42:39PM -0400, Antoine Beaupré wrote:
Control: found -1 2.6.7-1
Control: fixed -1 2.6.9-1~exp0
On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
Hmm, this will quite sure not be approved. And Jonathan Wiltshire
already commented there. A new upstream version at this stage of the
freeze is not acceptable. But how about the attached patch for
unstable?
... which I
Hi!
On 16/03/13 21:53, Salvatore Bonaccorso wrote:
On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote:
[...] But how about the attached patch for
unstable?
Thank you for that. It does seem like the right way to handle it for
wheezy.
Your patch seems correct to me. But
Another difference is that upstream 2.6.9 used a replacement character
of underscore rather than a dot. Attached is my suggested revision of
Salvatore's patch (also adds filtering of time specifiers).
I've tested this on an existing wheezy/sid SmokePing installation; it
stops the injection of
Package: apt-transport-spacewalk
Version: 1.0.6-2
Severity: serious
If you remove the package (but not purge), the APT hook will be failing
every time any package is installed or removed:
# apt-get install -qq apt-transport-spacewalk
[...]
# dpkg -r apt-transport-spacewalk
(Reading database
Your message dated Sat, 16 Mar 2013 23:38:25 +
with message-id e1uh0gd-0008a7...@franck.debian.org
and subject line Bug#698294: fixed in puppet 2.7.18-4
has caused the Debian Bug report #698294,
regarding puppet: Checksum mismatch when copying followed symlinks (upstream
#7680)
to be marked
hi,
just in case somebody wants to debug this, here is a full backtrace from
python2.7-dbg:
bzed@harris ~% gdb --args python2.7-dbg -c 'import zbar'
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
On 2013-03-16, Steven Chamberlain wrote:
Another difference is that upstream 2.6.9 used a replacement character
of underscore rather than a dot. Attached is my suggested revision of
Salvatore's patch (also adds filtering of time specifiers).
I've tested this on an existing wheezy/sid
Your message dated Sun, 17 Mar 2013 00:49:06 +
with message-id e1uh1mc-0004k2...@franck.debian.org
and subject line Bug#659899: fixed in smokeping 2.6.8-2
has caused the Debian Bug report #659899,
regarding CVE-2012-0790: XSS
to be marked as done.
This means that you claim that the problem
Your message dated Sun, 17 Mar 2013 00:47:39 +
with message-id e1uh1ld-0003s9...@franck.debian.org
and subject line Bug#698910: fixed in zoneminder 1.24.2-8+squeeze1
has caused the Debian Bug report #698910,
regarding zoneminder: CVE-2013-0232: arbitrary command execution vulnerability
to be
Your message dated Sun, 17 Mar 2013 00:47:39 +
with message-id e1uh1ld-0003sd...@franck.debian.org
and subject line Bug#700912: fixed in zoneminder 1.24.2-8+squeeze1
has caused the Debian Bug report #700912,
regarding zoneminder: CVE-2013-0332: local file inclusion vulnerability
to be marked
Your message dated Sun, 17 Mar 2013 00:47:16 +
with message-id e1uh1kq-0003no...@franck.debian.org
and subject line Bug#702735: fixed in firebird2.1 2.1.3.18185-0.ds1-11+squeeze1
has caused the Debian Bug report #702735,
regarding firebird2.1: CVE-2013-2492: Request Processing Buffer Overflow
Your message dated Sun, 17 Mar 2013 00:47:26 +
with message-id e1uh1l0-0003q3...@franck.debian.org
and subject line Bug#702736: fixed in firebird2.5
2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1
has caused the Debian Bug report #702736,
regarding firebird2.5: CVE-2013-2492: Request Processing
Source: bitcoin
Version: 0.7.2-1
Severity: serious
From upstream:
http://bitcoin.org/may15.html
The most recent accidental fork is forcing an upgrade. We either
should get bitcoin 0.8.1 in to unstable or add some wrapper to
bitcoind and bitocin-qt to create a DB_CONFIG file.
Summary below:
15
Package: python-fife
Version: 0.3.4-1
Severity: serious
Unknown Horizons 2012.1 won't work with this new fife so we should
break it!
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
72 matches
Mail list logo