Source: musl
Version: 1.1.5-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for musl.
CVE-2015-1817[0]:
stack-based buffer overflow in ipv6 literal parsing
If you fix the vulnerability please also make sure to include the
CVE (Common
Processing control commands:
tags -1 confirmed
Bug #765577 [udev-udeb] netboot install writes duplicates to
70-persistent-net.rules
Bug #777126 [udev-udeb] udev: duplicate eth? entries
Added tag(s) confirmed.
Added tag(s) confirmed.
--
765577:
On Saturday, January 31, 2015 10:16:01 PM David Goodenough wrote:
Unfortunately I have a problem with the KDE bugs system. It says my login
is wrong, won't send me the password reminder, and won't let me create a
new one. No idea why it does not like me.
David
On Saturday 31 January
Processing commands for cont...@bugs.debian.org:
found 762950 4:4.8.4-4+deb7u1
Bug #762950 [libsolid4] digikam: Removes all images from database when
unaccessible mount is found
Marked as found in versions kde4libs/4:4.8.4-4+deb7u1.
thanks
Stopping processing here.
Please contact me if you
Processing control commands:
tags -1 + moreinfo unreproducible
Bug #781489 [criu] criu: links against libprotobuf-c0 which it doesn't depend
on$ criu
Added tag(s) unreproducible and moreinfo.
--
781489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781489
Debian Bug Tracking System
Contact
Control: tags -1 + moreinfo unreproducible
Hi
This does not look correct at first glance. criu/1.3.1-1 in
jessie/unstable depends on libprotobuf-c1 (as well criu/1.4-1 in
experimental). What does
apt-cache policy criu
shows?
Regards,
Salvatore
--
To UNSUBSCRIBE, email to
Processing control commands:
tags -1 + moreinfo unreproducible
Bug #781489 [criu] criu: links against libprotobuf-c0 which it doesn't depend
on$ criu
Ignoring request to alter tags of bug #781489 to the same tags previously set
--
781489:
Am 30.03.2015 um 04:56 schrieb Michael Biebl:
Looks like a found a simple reproducer (this is on my work laptop) done
during normal runtime of the system:
$ rm /etc/udev/rules.d/70-persistent-net.rules
$ while true ; do echo add /sys/class/net/eth0/uevent ; done
I let this run for one
Control: tag -1 patch
On 2015-03-24, Wolfgang Schweer wrote:
On Mon, Mar 23, 2015 at 12:02:05PM -0700, Vagrant Cascadian wrote:
On Tue, Mar 17, 2015 at 10:00:08PM +0100, Wolfgang Schweer wrote:
Confirmed after having started an USB stick installation on real (and
very old) hardware;
Processing control commands:
tag -1 patch
Bug #780591 [ltsp-client-builder] ltsp-client-builder fails when installing
Debian Edu combined server in virtualbox environment
Added tag(s) patch.
--
780591: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780591
Debian Bug Tracking System
Contact
Processing commands for cont...@bugs.debian.org:
retitle 778646 potrace: CVE-2013-7437: possible heap overflow
Bug #778646 [potrace] Multiple issues
Changed Bug title to 'potrace: CVE-2013-7437: possible heap overflow' from
'Multiple issues'
thanks
Stopping processing here.
Please contact me
On Mar 18, Faidon Liambotis parav...@debian.org wrote:
Well, the root cause IMO is that 75-persistent-net-generator.rules is
inherently susceptible to races. It's my understanding that it's valid
for events to be triggered multiple times -- there are multiple places
in d-i that udevadm
Processing commands for cont...@bugs.debian.org:
tags 781483 + upstream
Bug #781483 {Done: Simon McVittie s...@debian.org} [ikiwiki] ikiwiki:
cross-site scripting via openid_identifier
Added tag(s) upstream.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Your message dated Sun, 29 Mar 2015 06:18:43 +
with message-id e1yc6yv-0001gv...@franck.debian.org
and subject line Bug#779089: fixed in khronos-api 0~svn29577-2
has caused the Debian Bug report #779089,
regarding khronos-api: FTBFS due to missing texlive packages
to be marked as done.
This
Your message dated Sun, 29 Mar 2015 15:47:10 +
with message-id e1ycfqc-0002ox...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.8.5-2+deb7u2
has caused the Debian Bug report #780989,
regarding python-dulwich: CVE-2014-9706: arbitrary command execution
vulnerability in
Your message dated Sun, 29 Mar 2015 15:47:10 +
with message-id e1ycfqc-0002ox...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.8.5-2+deb7u2
has caused the Debian Bug report #780989,
regarding dulwich: CVE-2014-9706: does not prevent to write files in commits
with invalid
Your message dated Sun, 29 Mar 2015 15:48:32 +
with message-id e1ycfrw-0003fr...@franck.debian.org
and subject line Bug#780519: fixed in tomcat7 7.0.28-4+deb7u2
has caused the Debian Bug report #780519,
regarding tomcat7: FTBFS due to failing tests
to be marked as done.
This means that you
Processing control commands:
severity -1 serious
Bug #781451 [gcc-5] gcc-5 uninstallable: /usr/share/doc/gcc-5-base/changelog.gz
conflicts with gcc-5-base
Severity set to 'serious' from 'grave'
tags -1 + pending
Bug #781451 [gcc-5] gcc-5 uninstallable: /usr/share/doc/gcc-5-base/changelog.gz
Control: severity -1 serious
Control: tags -1 + pending
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Your message dated Sun, 29 Mar 2015 15:51:46 +
with message-id e1ycfv4-0003k2...@franck.debian.org
and subject line Bug#781120: fixed in perl 5.20.2-3
has caused the Debian Bug report #781120,
regarding perl: handling of non-readable directories on @INC
to be marked as done.
This means that
Hey Niels,
Understood. Hard to see exactly what's going on here because we seem to be
falling afoul of https://lists.debian.org/debian-devel/2014/04/msg00322.html.
Do you happen to know if there's another way to get access to
test-suite.log from these builds? The suggested work-around in that
Control: tags -1 confirmed
Am 18.03.2015 um 19:50 schrieb Michael Biebl:
Am 18.03.2015 um 18:52 schrieb Michael Biebl:
Am 18.03.2015 um 18:15 schrieb Faidon Liambotis:
Another less arbitrary/racy workaround I suggesed was a grep near the
top of write_net_rules' write_rule() function. Since
-=| Damyan Ivanov, 21.03.2015 21:23:06 + |=-
Package: libdbd-firebird-perl
Version: 0.91-2
Severity: grave
Tags: security upstream patch
I have committed the patch in packaging Git¹. I have also committed
another patch that replaces all sprintf() usage with snprintf(). Both
patches were
Package: grpn
Version: 1.1.2-3.1
Severity: serious
Hi,
Attempting to download and unpack the grpn source leads to the
following error:
$ dpkg-source -x grpn_1.1.2-3.1.dsc
gpgv: Signature made 2012-05-14T15:40:11 CEST using DSA key ID C9B55DAC
gpgv: Can't check signature: public key not found
Hi again,
sorry for the delay.
On 2015-03-24 00:02, Holger Levsen wrote:
I think it's also a question of ordering: if libpam-cap is updated first
and and libcap2-bin is removed second, things go well. If libcap2-bin is
removed first and libpam-cap second, you will encounter the problem.
I
Package: gcc-5
Version: 5-20150327-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
when trying to install gcc-5, I get the following error:
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
(Reading database ... 337056 files and directories
control: severity -1 important
control: retitle -1 libmono-corlib4.5-cil: possible dpkg trigger cycle
On Wed, Mar 25, 2015 at 5:26 PM, Niels Thykier wrote:
Is this upgrade problem still reproducible? There was an upload of dpkg
between you filing this upload. I do realise this does not affect
Processing control commands:
severity -1 important
Bug #775878 [libmono-corlib4.5-cil] libmono-corlib4.5-cil: circular
dependencies cause failures in some upgrade scenarios
Severity set to 'important' from 'serious'
retitle -1 libmono-corlib4.5-cil: possible dpkg trigger cycle
Bug #775878
Hi Romain,
Am 29.03.2015 um 12:56 schrieb Romain Francoise:
On Thu, Mar 26, 2015 at 09:36:32PM +0100, Michael Biebl wrote:
You could also ship the alias/symlink in the package, and not create it
via Alias=
Actually, that's what I would suggest to do anyway to align the old and
new name.
Hi Andreas,
On 2015-03-14 01:56, Andreas Beckmann wrote:
On 2015-03-13 23:49, Christian Kastner wrote:
Would you by chance be available for sponsoring? (No problem if not, but
if yes, please wait for an updated debdiff as the RT approved another
one-line fix.)
I'm not sure that this is the
Control: tags -1 + patch
Dear Maintainer,
I made nmu patch for that bug. But I don't have permission to upload.
http://mentors.debian.net/debian/pool/main/g/grpn/grpn_1.1.2-3.2.dsc
Cheers,
Mateusz
diff -Nru grpn-1.1.2/debian/changelog grpn-1.1.2/debian/changelog
---
Processing control commands:
tags -1 + patch
Bug #781450 [grpn] grpn: dpkg-source refuses to unpack the source (wrong strip
plus fuzz)
Added tag(s) patch.
--
781450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781450
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Hi,
On 2015-03-29 15:57, Christian Kastner wrote:
On 2015-03-24 00:02, Holger Levsen wrote:
I think it's also a question of ordering: if libpam-cap is updated first
and and libcap2-bin is removed second, things go well. If libcap2-bin is
removed first and libpam-cap second, you will encounter
On Thu, Mar 26, 2015 at 09:36:32PM +0100, Michael Biebl wrote:
You could also ship the alias/symlink in the package, and not create it
via Alias=
Actually, that's what I would suggest to do anyway to align the old and
new name.
Thanks for the suggestion, that would probably be more reliable
Source: capnproto
Version: 0.4.1-3
Severity: serious
Hi,
It seems that the current version of capnproto FTBFS on armel and
armhf due to a segmentation fault in one of the tests. This prevents
the new version of migrating to testing as it is a regression compared
to the version in testing.
Am Samstag, 28. März 2015, 14:33:04 schrieb Felix Zielcke:
On Mon, 23 Jun 2014 10:34:02 +0200 Martin Steigerwald
mar...@lichtvoll.de wrote:
Hi!
I bzr diff on /boot/grub/grub.cfg revealed â but already from last
week as I upgraded to the newer backport initramfs-tools, where
booting
Processing commands for cont...@bugs.debian.org:
user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
usertags 779420 - jessie-can-defer
Usertags were: jessie-can-defer.
Usertags are now: .
tags 779420 - jessie-ignore
Bug
Package: ikiwiki
Version: 3.20141016.1
Severity: serious
Tags: security fixed-upstream pending
Justification: cookie theft via XSS
Raghav Bisht reported a cross-site scripting vulnerability in the handling
of the openid_identifier parameter. Unfortunately this was reported in
public and while I
On Thu, Mar 26, 2015 at 09:24:39AM +0100, Tomasz Buchert wrote:
Hi,
there is 1.12 available (but the patch above solves
the problem as well).
This has been assigned CVE-2013-7437.
Bartosz, can you please upload a fixed package to unstable?
Cheers,
Moritz
--
To UNSUBSCRIBE, email
Processing commands for cont...@bugs.debian.org:
user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
usertags 768926 - jessie-can-defer
There were no usertags set.
Usertags are now: .
tags 768926 - jessie-ignore
Bug
Processing commands for cont...@bugs.debian.org:
user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
usertags 769344 - jessie-can-defer
There were no usertags set.
Usertags are now: .
tags 769344 - jessie-ignore
Bug
Processing commands for cont...@bugs.debian.org:
tags 762700 + pending
Bug #762700 [systemd] systemd: journald fails to forward some messages to syslog
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
762700:
On Thu, 26 Feb 2015 10:20:31 +1100 Dmitry Smirnov only...@debian.org
wrote:
Package: qemubuilder
Version: 0.73
Severity: serious
After upgrade to Jessie quemubuilder stopped working for me on all
architectures: unstable images successfully install dependencies on
--build
Your message dated Sun, 29 Mar 2015 21:49:40 +
with message-id e1ycl5q-00070f...@franck.debian.org
and subject line Bug#781483: fixed in ikiwiki 3.20150329
has caused the Debian Bug report #781483,
regarding ikiwiki: cross-site scripting via openid_identifier
to be marked as done.
This means
Your message dated Sun, 29 Mar 2015 22:06:40 +
with message-id e1yclls-0002gi...@franck.debian.org
and subject line Bug#781483: fixed in ikiwiki 3.20141016.2
has caused the Debian Bug report #781483,
regarding ikiwiki: cross-site scripting via openid_identifier
to be marked as done.
This
Your message dated Sun, 29 Mar 2015 22:06:26 +
with message-id e1yclle-0002dw...@franck.debian.org
and subject line Bug#781451: fixed in gcc-5 5-20150329-1
has caused the Debian Bug report #781451,
regarding gcc-5 uninstallable: /usr/share/doc/gcc-5-base/changelog.gz conflicts
with gcc-5-base
Your message dated Sun, 29 Mar 2015 22:33:51 +
with message-id e1yclmb-0005ks...@franck.debian.org
and subject line Bug#778631: fixed in icedtea-web 1.5-2+deb8u1
has caused the Debian Bug report #778631,
regarding icedtea-netx: Fails to start despite dependencies being met
to be marked as
On 2015-03-24, Wolfgang Schweer wrote:
On Mon, Mar 23, 2015 at 12:02:05PM -0700, Vagrant Cascadian wrote:
On Tue, Mar 17, 2015 at 10:00:08PM +0100, Wolfgang Schweer wrote:
Confirmed after having started an USB stick installation on real (and
very old) hardware; something like /dev/sdXY is
48 matches
Mail list logo