Your message dated Wed, 27 Mar 2013 06:32:05 +
with message-id e1ukju1-0006m9...@franck.debian.org
and subject line Bug#702260: fixed in libxml2 2.7.8.dfsg-2+squeeze7
has caused the Debian Bug report #702260,
regarding libxml2: CVE-2013-0338 CVE-2013-0339
to be marked as done.
This means that
Package: mongodb
Severity: grave
Tags: security
Dear Maintainer,
Please see here for details [1] and a link to the upstream commit [2]:
[1] https://security-tracker.debian.org/tracker/CVE-2013-1892
[2] https://jira.mongodb.org/browse/SERVER-9124
Regrads
--
Prach Pongpanich
--
To
On Wed, Mar 27, 2013 at 12:53:44AM +0100, Bernhard R. Link wrote:
Sorry, but this is not enough to properly extract the contents of a
inline signed message. You still need to do possible unescaping between
those lines.
Is the unescaping part necessary for InRelease files? What are the rules
Processing control commands:
tags -1 +patch
Bug #699886 [mysql-5.5] TLS timing attack in yaSSL (Lucky 13)
Added tag(s) patch.
--
699886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699886
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to
Control: tags -1 +patch
Hi Thijs,
Thijs Kinkhorst th...@debian.org writes:
Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can
Hi Geoff,
Geoff Crompton geo...@trinity.unimelb.edu.au writes:
I upgraded to the 3.2.39-2 package last night, and this morning my
system wouldn't boot. I used Marco's advice in #551798 to set
init=/bin/bash, and found the boot stopped after running /etc/rcS.d/S02udev.
Can you still reproduce
Your message dated Wed, 27 Mar 2013 10:32:39 +
with message-id e1uknep-00055a...@franck.debian.org
and subject line Bug#703919: fixed in kvpm 0.8.6-3
has caused the Debian Bug report #703919,
regarding kvpm: When moving a disk partition, if another partition is mounted
the data being moved
Hi Ansgar, Mattia,
Ansgar Burchardt ans...@debian.org writes:
I also checked the initial Debian package on snapshot.debian.org
(version 20050930-1). It also has only the non-free license in the
individual files, but states Dual GPLv2/ACPICA Licence in d/copyright.
It also has the
Hi Tino,
I am somewhat confused by what the status is for this bugreport.
Could you shed some light on this? Are you preparing the upload, do you
need a sponsor, is there an unblock request to be filed?
--
Best regards,
Michael
--
To UNSUBSCRIBE, email to
Your message dated Wed, 27 Mar 2013 11:32:29 +
with message-id e1ukoaj-00065i...@franck.debian.org
and subject line Bug#703553: fixed in furiusisomount 0.11.3.1~repack1-0.1
has caused the Debian Bug report #703553,
regarding src:furiusisomount: missing source for compiled gettext (.mo) files
Hi,
Le mercredi 27 mars 2013 à 00:53 +0100, Bernhard R. Link a écrit :
* Benjamin Cama benjamin.c...@telecom-bretagne.eu [130326 18:33]:
index 1dc0f87..f44 100644
--- a/functions
+++ b/functions
@@ -530,8 +530,13 @@ download_release_sig () {
warning KEYRING Cannot check
Processing commands for cont...@bugs.debian.org:
severity 703332 serious
Bug #703332 [libactiviz.net-cil] If they are API compatible you MUST generate
and install a GAC policy file!
Severity set to 'serious' from 'normal'
thanks
Stopping processing here.
Please contact me if you need
tags 704042 patch
tags 704042 upstream
thanks
I have extracted the two patches which have been committed by upstream
to address the issue, attaching them. Will create a package ready for
NMU later to help speed things up if desired.
Cheers,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :'
Processing commands for cont...@bugs.debian.org:
tags 704042 patch
Bug #704042 [mongodb] CVE-2013-1892 -- mongodb: Remote shell access via run
method's use of native_helper
Added tag(s) patch.
tags 704042 upstream
Bug #704042 [mongodb] CVE-2013-1892 -- mongodb: Remote shell access via run
tags 704030 patch
thanks
Hi,
I created a patch from the upstream, see attached.
Cheers,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`-GPG: 62FF 8A75 84E0 2956 9546 0006 7426
Processing commands for cont...@bugs.debian.org:
tags 704030 patch
Bug #704030 [python-bcrypt] python-bcrypt: CVE-2013-1895: concurrency issue
leading to auth bypass
Added tag(s) patch.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
704030:
Le mercredi, 27 mars 2013 12.59:15, Benjamin Cama a écrit :
attached version fix both problems (and is based on latest master, after
Julien disabled InRelease support). Please not that it will still print
what's _before_ the BEGIN header, if present (there shouldn't be
anything, but if you
Hi all,
thank you very much for the effort. Can you please do NMU for me? I am
on quite distant location for next 2 days and the Internet connection is
not well enough to upload anything bigger then email.
Thank you,
Antonin
* John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de
On Wed, Mar 27, 2013 at 11:47:33AM +0100, Michael Stapelberg wrote:
Hi Ansgar, Mattia,
Ansgar Burchardt ans...@debian.org writes:
I also checked the initial Debian package on snapshot.debian.org
(version 20050930-1). It also has only the non-free license in the
individual files, but
Your message dated Wed, 27 Mar 2013 12:48:01 +
with message-id e1ukplp-h8...@franck.debian.org
and subject line Bug#704042: fixed in mongodb 1:2.0.6-1.1
has caused the Debian Bug report #704042,
regarding CVE-2013-1892 -- mongodb: Remote shell access via run method's use of
native_helper
Processing commands for cont...@bugs.debian.org:
forwarded 703916
http://icl.cs.utk.edu/lapack-forum/archives/lapack/msg01380.html
Bug #703916 {Done: Sébastien Villemot sebast...@debian.org} [lapack] LAPACK
package contains non-free files.
Set Bug forwarded-to-address to
Package: libawl-php
Version: 0.53-1
Severity: serious
Tags: upstream
Justification: unkown
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C
I have prepared an NMU with the attached debdiff. I'd be happy to upload
if the maintainer agrees.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`-GPG: 62FF 8A75 84E0 2956 9546
Thanks Michael! I suspect that we will see 2.2.2d in one of the upcoming
releases from Oracle. While I would prefer to ship wheezy with no known
security bugs, I don't have much time to build and test a new package. If
someone else wants to do that I will gladly sponsor it.
-Original
Your message dated Wed, 27 Mar 2013 13:33:28 +
with message-id e1ukqto-0003wj...@franck.debian.org
and subject line Bug#703916: fixed in lapack 3.4.2+dfsg-1~exp1
has caused the Debian Bug report #703916,
regarding LAPACK package contains non-free files.
to be marked as done.
This means that
Hi Mattia,
Mattia Dongili malat...@debian.org writes:
yes it is, that's what Al did already:
http://ftp-master.debian.org/new/acpica-unix_20130214-0.3.html
I see.
release-team: What’s your take on this? Can we get the new version into
Debian in time for wheezy or how should we handle this?
--
Le mercredi 27 mars 2013 à 13:32 +0100, Didier 'OdyX' Raboud a écrit :
Le mercredi, 27 mars 2013 12.59:15, Benjamin Cama a écrit :
attached version fix both problems (and is based on latest master, after
Julien disabled InRelease support). Please not that it will still print
what's _before_
Processing commands for cont...@bugs.debian.org:
# not required when appropriate versioning will do the job
tags 704025 - wheezy
Bug #704025 [olsrd] olsrd does not connect with others on amd64
Removed tag(s) wheezy.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Processing commands for cont...@bugs.debian.org:
# fixed in 2.4 series
fixed 704042 1:2.4.1-1
Bug #704042 {Done: John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de}
[mongodb] CVE-2013-1892 -- mongodb: Remote shell access via run method's use of
native_helper
Marked as fixed in versions
Your message dated Wed, 27 Mar 2013 16:17:45 +
with message-id e1ukt2n-0006ls...@franck.debian.org
and subject line Bug#697571: fixed in openbox 3.5.0-7
has caused the Debian Bug report #697571,
regarding openbox hangs when removing display from dual-head configuration with
xrandr
to be
Hello!
On Tue, Mar 26, 2013 at 05:02:49PM +0700, Prach Pongpanich wrote:
tags 703957 + patch
thanks
Dear maintainer,
I have prepared a patch (DEP-3 format) from upstream, which solves
the this bug (libarchive-3.0.4).
Thanks for preparing a prettified patch.
It deviates from
Your message dated Wed, 27 Mar 2013 16:47:35 +
with message-id e1uktvf-0005ql...@franck.debian.org
and subject line Bug#703957: fixed in libarchive 3.0.4-3
has caused the Debian Bug report #703957,
regarding libarchive: CVE-2013-0211
to be marked as done.
This means that you claim that the
Package: 389-ds
Severity: grave
Tags: security
Please see the following bug for details:
https://bugzilla.redhat.com/show_bug.cgi?id=913751
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hi Andreas,
On Wed, Mar 27, 2013 at 11:30 PM, Andreas Henriksson andr...@fatal.se wrote:
It deviates from
https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
and doesn't build though
Where did you get the patch from or why did you modify it?
I got
On 27.03.2013 13:44, Michael Stapelberg wrote:
Mattia Dongili malat...@debian.org writes:
yes it is, that's what Al did already:
http://ftp-master.debian.org/new/acpica-unix_20130214-0.3.html
I see.
release-team: What’s your take on this? Can we get the new version
into
Debian in time for
previously, upstream and local firewalls had been opened
now, a 'guest' role in the pg cluster has been created by alioth admins
please test the pet importer and let us know the result
--
Luca Filipozzi
http://www.crowdrise.com/SupportDebian
--
To UNSUBSCRIBE, email to
Processing commands for cont...@bugs.debian.org:
severity 696727 grave
Bug #696727 [cheese] cheese does not start with Gtk-Warning
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
696727:
On 03/27/2013 06:22 PM, Jon Dowland wrote:
severity 696727 grave
thanks
On Wed, Dec 26, 2012 at 03:36:44PM +0100, Giovanni74 wrote:
cheese does not start at all.
Here is the terminal output:
Wow.
I've just reproduced this. I'm mildly incredulous. Are we just unlucky? This
makes the
* Bastian Blank wa...@debian.org [130327 10:29]:
On Wed, Mar 27, 2013 at 12:53:44AM +0100, Bernhard R. Link wrote:
Sorry, but this is not enough to properly extract the contents of a
inline signed message. You still need to do possible unescaping between
those lines.
Is the unescaping
Am 27.03.2013 18:22, schrieb Jon Dowland:
severity 696727 grave
thanks
On Wed, Dec 26, 2012 at 03:36:44PM +0100, Giovanni74 wrote:
cheese does not start at all.
Here is the terminal output:
Wow.
I've just reproduced this. I'm mildly incredulous. Are we just unlucky? This
makes the
On 03/27/2013 07:38 PM, Michael Biebl wrote:
Am 27.03.2013 18:22, schrieb Jon Dowland:
severity 696727 grave
thanks
On Wed, Dec 26, 2012 at 03:36:44PM +0100, Giovanni74 wrote:
cheese does not start at all.
Here is the terminal output:
Wow.
I've just reproduced this. I'm mildly
Am 27.03.2013 19:58, schrieb Emilio Pozuelo Monfort:
On 03/27/2013 07:38 PM, Michael Biebl wrote:
Am 27.03.2013 18:22, schrieb Jon Dowland:
severity 696727 grave
thanks
On Wed, Dec 26, 2012 at 03:36:44PM +0100, Giovanni74 wrote:
cheese does not start at all.
Here is the terminal output:
On Fri 2013-03-15 01:08:00 -0400, Daniel Kahn Gillmor wrote:
Ugh, this is a bad result, but i don't think the bug is in 0.8.1 -- the
crashing bug is in the earlier version (0.8-2), and one of the changes
in 0.8.1 is to improve the behavior when such an upgrade is happening
(as well as to make
Processing commands for cont...@bugs.debian.org:
# the problem from 694933 is only present in sid
notfound 694933 1.2.1.1-1
Bug #694933 [src:haskell-warp] haskell-warp: FTBFS: unsatisfiable
build-dependency: libghc-blaze-builder-conduit-dev ( 0.5)
No longer marked as found in versions
Processing commands for cont...@bugs.debian.org:
found 704042 1:2.0.6-1
Bug #704042 {Done: John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de}
[mongodb] CVE-2013-1892 -- mongodb: Remote shell access via run method's use of
native_helper
Marked as found in versions mongodb/1:2.0.6-1.
On Wed, Mar 27, 2013 at 05:06:35PM +, Adam D. Barratt wrote:
On 27.03.2013 13:44, Michael Stapelberg wrote:
Mattia Dongili malat...@debian.org writes:
yes it is, that's what Al did already:
http://ftp-master.debian.org/new/acpica-unix_20130214-0.3.html
I see.
release-team: What’s your
Hi Michael and Emilio,
On Wed, Mar 27, 2013 at 08:00:06PM +0100, Michael Biebl wrote:
My guess would be that it is cogl/clutter/gl related.
Jon, does gnome-shell (or other clutter using applications) work for you?
Yep I run GNOME 3 including gnome-shell without problems.
I should probably
Hi,
I've got confirmation that a guest account at pet.d.n was created.
I was able to connect using
psql -h pet.debian.net -p 5432 pet guest
and
udd@ullmann:/srv/udd.debian.org/udd$ ./update-and-run.sh vcs
seemed to work fine - at least there were no error messages. So I
reenabled the
On Wed, Mar 27, 2013 at 07:38:45PM +0100, Michael Biebl wrote:
I do get those warnings, but afaics they are a red herring.
Indeed, I've fixed the warnings using the tip at
https://bugzilla.gnome.org/show_bug.cgi?id=671912 and I still have the same
behaviour, process runs, remains running, but
Just FWIW I've installed camorama which works fine - just to confirm that my
webcam
is OK.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Wed, Mar 27, 2013 at 09:16:17PM +, Jonathan Dowland wrote:
You are perhaps correct that those errors are a red herring. Nevertheless I
have a bt with G_DEBUG=fatal-warnings, attached in case it's useful.
Actually attached.
$ gdb ./.libs/cheese
GNU gdb (GDB) 7.4.1-debian
Copyright (C)
Your message dated Wed, 27 Mar 2013 23:07:58 +0100
with message-id 1364422078.7217.1.camel@kirk
and subject line This has been fixed
has caused the Debian Bug report #694933,
regarding haskell-warp: FTBFS: unsatisfiable build-dependency:
libghc-blaze-builder-conduit-dev ( 0.5)
to be marked as
Hi,
could anyone who is seeing the issue with Cheese freezing try to
disconnect their webcam? This might be an issue with the webcam failing
to initialize which probably depends on the model of webcam being used.
I cannot reproduce the problem either, but I also currently have no
webcam
In case the bug report was non-obvious, the stack corruption mentioned in the
description of the upstream patch affects 64-bit platforms, and platforms with
more aggressive compiler optimization.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe.
Processing commands for cont...@bugs.debian.org:
severity 704107 serious
Bug #704107 [request-tracker4] request-tracker4: GPG data stored in /var/cache
Severity set to 'serious' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
704107:
Processing commands for cont...@bugs.debian.org:
clone 704107 -1
Bug #704107 [request-tracker4] request-tracker4: GPG data stored in /var/cache
Bug 704107 cloned as bug 704109
reassign -1 request-tracker3.8
Bug #704109 [request-tracker4] request-tracker4: GPG data stored in /var/cache
Bug
Package: clang
Version: 1:3.0-6.1
Severity: grave
x-debbugs-cc: debian-...@lists.debian.org; cfe-...@cs.uiuc.edu
(note for non-debian people reading this, the version of clang in debian
wheezy is a 3.0 based version which already has patches to make it
invoke the linker with appropriate
I've read the full thread now, sorry for the quick response, I was working down
the list.
At Tue, 26 Mar 2013 13:46:08 +0100,
Michael Biebl wrote:
[1 text/plain; ISO-8859-1 (quoted-printable)]
Am 26.03.2013 09:48, schrieb Junichi Uekawa:
not enough information in the bug, 702811 seems to
Processing commands for cont...@bugs.debian.org:
severity 704055 normal
Bug #704055 [libawl-php] libawl-php: Session.php calls private attribute
'EMail::To' in line 695, missing accessor in EMail.php
Severity set to 'normal' from 'serious'
thanks
Stopping processing here.
Please contact me if
Processing commands for cont...@bugs.debian.org:
tag 704111 patch
Bug #704111 [clang] clang fails to correctly implement hard float ABI during
default compiles due to rediculously low default CPU setting.
Added tag(s) patch.
thanks
Stopping processing here.
Please contact me if you need
Attaching debdiff for suggested NMU.
Cheers,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaub...@debian.org
`. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
`-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
diff -Nru
Package: asterisk
Severity: grave
Tags: security patch upstream
Hi,
the following vulnerabilities were published for asterisk.
CVE-2013-2685[0]:
Buffer Overflow Exploit Through SIP SDP Header
CVE-2013-2686[1]:
Denial of Service in HTTP server
CVE-2013-2264[2]:
Username disclosure in SIP
Ok I just had a discussion with adam conrad about this on IRC.
According to him clang currently does assume that armv7 means coretex a8
and that coretex a8 mean full vfpv3 and neon. There is a patch in ubuntu
precise/quantal to fix this (26-armv7-not-neon.patch) but it's a pretty
big patch
63 matches
Mail list logo