Processing commands for cont...@bugs.debian.org:
> fixed 780772 7.14-2+deb7u9
Bug #780772 {Done: Salvatore Bonaccorso } [drupal7] drupal7:
SA-CORE-2015-001: Access bypass and open redirect
Marked as fixed in versions drupal7/7.14-2+deb7u9.
> thanks
Stopping processing here.
Please contact me if
On Sat, 2015-03-21 at 00:51 -0400, Chris Knadle wrote:
> § 10.7.3 Behavior
> Configuration file handling must conform to the following behavior:
> • local changes must be preserved during a package upgrade
Well, strictly speaking, if the user had let that option at it's Debian
default
The issue here is that the openssh-server package modifies two config
files in /etc without any warning to the user, and that's a clear
Policy violation IMHO:
§ 10.7.3 Behavior
Configuration file handling must conform to the following behavior:
• local changes must be preserved during
Here's the patch that I am planning to apply upstream. Please comment
if you see anything wrong with it.
While the general idea is similar to Tomasz's patch, I've solved the
details a bit differently.
* I prefer to use ssize_t instead of unsigned long long int for memory
manipulations. Since s
tags 780519 + confimed
owner 780519 !
thanks
On Fri, Mar 20, 2015 at 11:10:28AM +0100, Markus Koschany wrote:
>
> [...]
>
> and recompiled openjdk-7 from scratch. But tomcat7 still fails to build
> from source even with this older openjdk-7 version.
I checked the failing unit tests and all of th
Processing commands for cont...@bugs.debian.org:
> tags 780519 + confimed
Unknown tag/s: confimed.
Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid
help security upstream pending sarge sarge-ignore experimental d-i confirmed
ipv6 lfs fixed-in-experimental fixed-upstre
On Wed, 2015-03-11 at 20:41 -0400, Mike Miller wrote:
> On Mon, Mar 02, 2015 at 12:34:01 +, Ben Hutchings wrote:
> > Changes:
> > lvm2 (2.02.111-2.1) unstable; urgency=medium
> > .
> >* Non-maintainer upload
> >* Add initramfs-tools boot script for preparing additional block
> >
Your message dated Fri, 20 Mar 2015 22:34:17 +
with message-id
and subject line Bug#747863: fixed in nut 2.7.2-4
has caused the Debian Bug report #747863,
regarding nut-client: Fails to install
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is no
Your message dated Fri, 20 Mar 2015 22:34:17 +
with message-id
and subject line Bug#747863: fixed in nut 2.7.2-4
has caused the Debian Bug report #747863,
regarding nut-client: Does not install cleanly
to be marked as done.
This means that you claim that the problem has been dealt with.
If th
Your message dated Fri, 20 Mar 2015 22:34:17 +
with message-id
and subject line Bug#747863: fixed in nut 2.7.2-4
has caused the Debian Bug report #747863,
regarding systemd service fails by default and causes package install failure
to be marked as done.
This means that you claim that the pro
Package: inspircd
Version: 2.0.5-1+b1
Severity: grave
Tags: security
Justification: user security hole
Hi,
I am an upstream maintainer for InspIRCd. The patch you have for CVE-2012-1836
(patches/03_CVE-2012-1836.diff) is not the same patch
we released as part of 2.0.7 (there was no 2.0.6) to add
Your message dated Fri, 20 Mar 2015 21:48:48 +
with message-id
and subject line Bug#780385: fixed in ecryptfs-utils 103-4
has caused the Debian Bug report #780385,
regarding ecryptfs-utils: CVE-2014-9687
to be marked as done.
This means that you claim that the problem has been dealt with.
If
Your message dated Fri, 20 Mar 2015 21:20:12 +
with message-id
and subject line Bug#780831: fixed in krb5 1.12.1+dfsg-19
has caused the Debian Bug report #780831,
regarding breaks if /etc/ssl/private is missing
to be marked as done.
This means that you claim that the problem has been dealt wi
Control: tags 780756 + patch
Control: tags 780756 + pending
Hi Fathi,
I've prepared an NMU for libzip (versioned as 0.11.2-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru libzip-0.11.2/debian/changelog libzip-0.11.2/debian/
Processing control commands:
> tags 780756 + patch
Bug #780756 [src:libzip] libzip: CVE-2015-2331: ZIP integer overflow
Added tag(s) patch.
> tags 780756 + pending
Bug #780756 [src:libzip] libzip: CVE-2015-2331: ZIP integer overflow
Added tag(s) pending.
--
780756: http://bugs.debian.org/cgi-bin
Processing commands for cont...@bugs.debian.org:
> limit source krb5
Limiting to bugs with field 'source' containing at least one of 'krb5'
Limit currently set to 'source':'krb5'
> tags 780831 + pending
Bug #780831 [krb5-kdc] breaks if /etc/ssl/private is missing
Added tag(s) pending.
> thanks
St
Processing commands for cont...@bugs.debian.org:
> limit source linux
Limiting to bugs with field 'source' containing at least one of 'linux'
Limit currently set to 'source':'linux'
> tags 780858 + pending
Bug #780858 [src:linux] Massive I/O data corruption on Marvell Armada XP
machines
Added ta
Package: mantis
Version: 1.2.18-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Dear Maintainer,
There is an upstream security update that fixes the following security issues:
* CVE-2014-9571: XSS in install.php
* CVE-2014-9572: Improper Access Control i
Control: tags 780827 + pending
Hi Jay!
I've prepared an NMU for xerces-c (versioned as 3.1.1-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
It is the same patch as used for the wheezy-security upload.
Regards,
Salvatore
diff -Nru xerces-c-3.1.1/debia
Processing control commands:
> tags 780827 + pending
Bug #780827 [src:xerces-c] xerces-c: CVE-2015-0252: Apache Xerces-C XML Parser
Crashes on Malformed Input
Added tag(s) pending.
--
780827: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780827
Debian Bug Tracking System
Contact ow...@bugs.d
Processing control commands:
> severity -1 serious
Bug #780591 [ltsp-client-builder] ltsp-client-builder fails when installing
Debian Edu combined server in virtualbox environment
Severity set to 'serious' from 'important'
> tags -1 patch
Bug #780591 [ltsp-client-builder] ltsp-client-builder fail
Processing commands for cont...@bugs.debian.org:
> fixed 780827 3.1.1-3+deb7u1
Bug #780827 [src:xerces-c] xerces-c: CVE-2015-0252: Apache Xerces-C XML Parser
Crashes on Malformed Input
The source 'xerces-c' and version '3.1.1-3+deb7u1' do not appear to match any
binary packages
Marked as fixed i
Package: src:linux
Version: 3.16.7-ckt7-1
Severity: grave
Tags: upstream
Hi folks,
We've upgraded a couple of our Marvell Armada XP based (armel/armhf)
buildd machines to Jessie, and they've almost immediately fallen over
with symptoms of really bad data corruption. On further investigation
and d
On Mar 20, Marco d'Itri wrote:
> Package 'libnl-3.0', required by 'libteam', not found
But then if I install it I get:
libtool: link: gcc -std=gnu99 -Wall -Werror -Wformat -Wformat-security -fPIE
-DPIE -D_FORTIFY_SOURCE=2 --param ssp-buffer-size=4 -fstack-protector -g -O2
-fPIE -fstack-protect
Package: libteam-dev
Version: 1.12-1
Severity: serious
$ pkg-config --exists --print-errors libteam
Package libnl-3.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnl-3.0.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libnl-3.0', requ
Your message dated Fri, 20 Mar 2015 22:41:22 +0900
with message-id <20150320224122.b6095196ee09aaf5dcc26...@debian.or.jp>
and subject line
has caused the Debian Bug report #768655,
regarding birdfont: FTBFS on jessie - error: 1 extra arguments for `Gdk.RGBA
Gtk.ColorSelection.get_current_rgba ()'
On 2015-03-20 10:03, Vincent Lefevre wrote:
On 2015-03-20 05:54:03 +0100, Christoph Anton Mitterer wrote:
On Fri, 2015-03-20 at 03:06 +0100, Vincent Lefevre wrote:
[...]
> In such a case, with such defaults, you won't be able to ssh into
> the machine, so that the AcceptEnv value doesn't matte
Your message dated Fri, 20 Mar 2015 22:23:37 +0900
with message-id <20150320222337.2e3baef174be03463468d...@debian.or.jp>
and subject line
has caused the Debian Bug report #767630,
regarding birdfont: depends on libgit2-dev which is unavailable on kfreebsd and
s390x
to be marked as done.
This me
Your message dated Fri, 20 Mar 2015 14:12:44 +0100
with message-id
and subject line Re: openjp2 2.0 -> 2.1 transition
has caused the Debian Bug report #761357,
regarding openjp3d-tools and libopenjp3d-tools: error when trying to install
together
to be marked as done.
This means that you claim t
Your message dated Fri, 20 Mar 2015 14:12:44 +0100
with message-id
and subject line Re: openjp2 2.0 -> 2.1 transition
has caused the Debian Bug report #761355,
regarding libopenjpeg6-dev and libopenjp2-7-dev: error when trying to install
together
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> tags 780650 + fixed-upstream
Bug #780650 [systemd] systemd: Sources not shipped for hwdb files
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
780650: http://bugs.debian.org/cgi-bin/bu
Please go ahead.
Security is important - thus it is a major feature that is broken and that
you fix - I believe, RC severity is appropriate.
Thanks!
Alexey
2015-03-20 8:50 GMT+01:00 intrigeri :
> Hi,
>
> Alexey Nezhdanov wrote (20 Mar 2015 05:56:55 GMT) :
> > First of all - huge thanks for doin
On 19.03.2015 21:47, Emmanuel Bourg wrote:
> Le 19/03/2015 19:02, Markus Koschany a écrit :
>
>> What I don't understand is why this went undetected for such a long
>> time. I mean there were numerous rebuilds so why does the test suite
>> fail in Jessie and even stable now?
>
> I bet this was ca
On 2015-03-20 05:54:03 +0100, Christoph Anton Mitterer wrote:
> On Fri, 2015-03-20 at 03:06 +0100, Vincent Lefevre wrote:
> > So, it's even easier: when the admin installs some software using,
> > say, LC_ALLOW_ARBITRARY_ACCESS, he can change the sshd config to
> > disallow this variable.
> Sorry,
Le 20/03/2015 09:03, Michael Biebl a écrit :
[adding the bug to CC]
Am 20.03.2015 um 08:46 schrieb Didier Roche:
Le 20/03/2015 08:39, Michael Biebl a écrit :
thanks for the patch. I had something like this in mind.
We could be extra nice and only add the After=tmp.mount if tmp.mount is
actually
[adding the bug to CC]
Am 20.03.2015 um 08:46 schrieb Didier Roche:
> Le 20/03/2015 08:39, Michael Biebl a écrit :
>> thanks for the patch. I had something like this in mind.
>> We could be extra nice and only add the After=tmp.mount if tmp.mount is
>> actually enabled, because we only need the Af
Package: krb5-kdc
Version: 1.12.1+dfsg-18
Severity: grave
/lib/systemd/system/krb5-kdc.service contains:
[Service]
InaccessibleDirectories=/etc/ssh /etc/ssl/private /root
so starting the unit will fail if one of the directories is missing:
Mar 20 08:44:09 bokassa systemd[1191]: Failed at step
Hi,
Alexey Nezhdanov wrote (20 Mar 2015 05:56:55 GMT) :
> First of all - huge thanks for doing that!
Thanks for answering :)
Just to be extra clear: does this implicitly mean you agree with the
RC severity and the NMU I've proposed? Should I just go ahead without
waiting any more time?
Cheers,
Hey,
Attaching the patch (which tries to be less intrusive with mounts, only
affecting /tmp) that I pinged on IRC for better tracking.
Tested under multiple configurations. /tmp isn't mounted as tmpfs
neither at boot, nor after a service restart having PrivateTmp. Enabling
the tmp mount unit now
Am 2015-03-20 06:25, schrieb Michael Biebl:
You can probably trigger this by putting 12 modules into
/etc/modules-load.d. Each one will generate a message for the
journal
and after the 11th the service will hang. Jupp, just tried it,
deadlocks. Will, kind-of, because after ~15s it will somehow
40 matches
Mail list logo