close 858410 8.13.11+dfsg-7
thanks
Processing commands for cont...@bugs.debian.org:
> close 858410 8.13.11+dfsg-7
Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue
and Merge Request Trackers
Ignoring request to alter fixed versions of bug #858410 to the same values
previously set
Bug #858410
Source: gitlab
Version: 8.13.11+dfsg-2
Severity: grave
Tags: patch upstream security fixed-upstream
Control: fixed -1 8.13.11+dfsg-7
Hi,
the following vulnerability was published for gitlab.
CVE-2017-0882[0]:
Information Disclosure in Issue and Merge Request Trackers
If you fix the
Processing control commands:
> fixed -1 8.13.11+dfsg-7
Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue
and Merge Request Trackers
Marked as fixed in versions gitlab/8.13.11+dfsg-7.
--
858410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858410
Debian Bug
Hi Nis,
Others may have some additional comments but a couple of thoughts from an
observer (I'm not the maintainer).
C.UTF-8 is provided within glibc (it's in the libc-bin package so it is always
available). Is it worth setting that as the locale for all communication with
subprocesses? It
Your message dated Wed, 22 Mar 2017 00:18:56 +
with message-id
and subject line Bug#801564: fixed in squid3 3.5.23-2
has caused the Debian Bug report #801564,
regarding squid: prompting due to modified conffiles which were not modified by
the user:
Package: docker.io
Version: 1.11.2~ds1-6
Severity: grave
I tried to install docker.io in Debian stretch (I know, it's banned,
but I figured I'd try my luck) and it completely hangs apt-get
install:
$ LANG=C sudo dpkg --configure -a
Setting up docker.io (1.11.2~ds1-6) ...
addgroup: The group
Source: odin
Version: 2.0.3-0.1
Severity: serious
https://buildd.debian.org/status/package.php?p=odin=sid
...
/usr/bin/make check-TESTS
make[4]: Entering directory '/«PKGBUILDDIR»'
make[5]: Entering directory '/«PKGBUILDDIR»'
./test-driver: line 107: 3180 Aborted "$@" >
Thank you for your report, and for the nice recipe to reproduce the bug.
Can you try the attached patch?
>From f42c5879b91b11a986e93f7f92244cf938dae0fb Mon Sep 17 00:00:00 2001
From: Nis Martensen
Date: Tue, 21 Mar 2017 22:23:49 +0100
Subject: [PATCH] Stop using
Hi Paul,
Have you tested your workaround with libjs-jquery-migrate-1 recently?
The jQuery package in Debian got upgraded to 3.1.1 last October and I
read on the page you link above:
Hrm, I hadn't noticed this. Thanks for the heads up.
which leaves me to wonder if your package is now broken
Your message dated Tue, 21 Mar 2017 22:14:05 +0100
with message-id
Hi Raoul,
On 20-03-17 21:32, Raoul Snyman wrote:
>> If that is all, that would be a great solution to the problem at hand
>> indeed. Does it require other adaptations? I guess one would need to
>> guarantee that the migrate calls are actually included. How did you do
>> that? I guess every
Processing commands for cont...@bugs.debian.org:
> user pkg-openssl-de...@lists.alioth.debian.org
Setting user to pkg-openssl-de...@lists.alioth.debian.org (was
sebast...@breakpoint.cc).
> # PKGNAME
> unarchive 844828
Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:
Processing control commands:
> severity -1 important
Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885
CVE-2016-3861
Severity set to 'important' from 'grave'
> tags -1 -security
Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885
CVE-2016-3861
Control: severity -1 important
Control: tags -1 -security
Almost all of the Android CVEs are for the Android OS, not the Android
SDK. The tricky part is that they are built from the same source tree.
Another thing to note is that some of the Android SDK libs used in the
SDK run at elevated privileges in Android OS, but not when part of the
SDK. So
Processing commands for cont...@bugs.debian.org:
> severity 858382 wishlist
Bug #858382 [gambas3] gambas3: No documentation
Severity set to 'wishlist' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
858382:
Processing control commands:
> severity -1 important
Bug #809167 [cron] cron: Cron Daemon Use-After-Free Vulnerability May Cause
Local Root Privilege Escalation
Severity set to 'important' from 'critical'
--
809167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
Debian Bug Tracking
Control: severity -1 important
Hi,
On Thu, Nov 17, 2016 at 08:10:34AM +, Anton Ivanov wrote:
> https://samy.pl/poisontap/
>
> This is a variation on an ancient "gem" by a DSL Modem vendor
> where the router pretends to be the entire internet by spoofing
> arp so that it captures all
Control: severity -1 important
Hi,
On Sun, Jan 29, 2017 at 07:32:59PM +, Ben Hutchings wrote:
> (I think this probably can be downgraded. At least on Linux, I expect
> memory allocation to either succeed or kill the program. But this
> should be fixed, anyway)
Doing so now.
Cheers,
Ivo
Processing control commands:
> severity -1 important
Bug #844584 [isc-dhcp-client] dhclient should perform additional validity checks
Severity set to 'important' from 'serious'
--
844584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844584
Debian Bug Tracking System
Contact
Package: src:llvm-toolchain-3.7
Version: 1:3.7.1-3
Severity: serious
Dear maintainer:
I tried to build this package in stretch with "dpkg-buildpackage -A"
but it failed:
[...]
debian/rules build-indep
dh
Processing commands for cont...@bugs.debian.org:
> found 857991 0.2.6-1
Bug #857991 [npm2deb] npm2deb: Please Recommend npm instead of Depend
Marked as found in versions npm2deb/0.2.6-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
857991:
Package: libblkmaker
Version: 0.5.3-1
Severity: grave
Tags: fixed-upstream
Hi,
The version of libblkmaker in sid/stretch supports bitcoin blocks up to
version 4 only:
http://sources.debian.net/src/libblkmaker/0.5.3-1/blkmaker.h/#L15
But since early 2016, the tip of the blockchain uses
Package: libmongo-client-doc
Version: 0.1.8-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
libmongo-client-doc : Depends:
Processing commands for cont...@bugs.debian.org:
> severity 857296 important
Bug #857296 [hol88-library] hol88-library is an empty package on arm64, hppa,
and m68k
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
857296:
severity 857296 important
thanks
Greetings and thanks for your report! Am looking into this now
Take care,
--
Camm Maguirec...@maguirefamily.org
==
"The earth is but one country,
Package: mono-fpm-server
Version: 4.2-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
mono-fpm-server (arch:all) is no longer installable after the recent binNMU of
xsp:
The following packages have unmet dependencies:
mono-fpm-server : Depends: libfpm-helper0 (= 4.2-2)
Your message dated Tue, 21 Mar 2017 16:33:55 +
with message-id
and subject line Bug#858215: fixed in aodh 3.0.0-3
has caused the Debian Bug report #858215,
regarding aodh-api: Missing dependency to net-tools
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 851986 piuparts
There were no usertags set.
Usertags are now: piuparts.
> usertags 724479 piuparts
There were no usertags set.
Usertags
Package: libwhy-coq
Version: 2.36-5
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
libwhy-coq : Depends: coq-8.5+4.02.3 but it is not
Processing commands for cont...@bugs.debian.org:
> fixed 858217 2:10.0.0-7
Bug #858217 [src:keystone] keystone: Missing dependency to net-tools
Marked as fixed in versions keystone/2:10.0.0-7.
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
858217:
Followup-For: Bug #856599
Control: tag -1 pending patch
Hi,
I just uploaded the attached patch as a NMU to DELAYED/5.
Please let me know if I should delay it longer.
Andreas
diff -Nru ktp-common-internals-15.08.3/debian/changelog ktp-common-internals-15.08.3/debian/changelog
---
Processing control commands:
> tag -1 pending patch
Bug #856599 [libktpcommoninternals9] libktpcommoninternals9: please add Breaks:
libktpcommoninternalsprivate7
Added tag(s) pending and patch.
--
856599: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856599
Debian Bug Tracking System
Your message dated Tue, 21 Mar 2017 15:04:30 +
with message-id
and subject line Bug#858215: fixed in keystone 2:10.0.0-7
has caused the Debian Bug report #858215,
regarding aodh-api: Missing dependency to net-tools
to be marked as done.
This means that
Hi Gregor,
On Tue, Mar 21, 2017 at 1:36 PM, gregor herrmann wrote:
> On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote:
>
>> > This looks like a problem in perl itself possibly causing random crashes
>> > elsewhere, too.
>> Does this problem also show up with 5.24.1-1
Package: pmw-doc
Version: 1:4.28-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The following packages have unmet dependencies:
pmw-doc : Depends: pmw (= 1:4.28-2) but it is not
On 03/21/2017 03:32 PM, Christian Marillat wrote:
>>> I restored a directory today with rdiff-backup without problem.
>>
>> That was on amd64, I asumme?
>
> No on the i386 machine.
Ah, sorry, I missed the difference between rdiff-backup and
rdiff-backup-fs.
>> Ok, then I definitely have to test
On 21 mars 2017 08:40, John Paul Adrian Glaubitz
wrote:
> Hi Christian!
>
> On 03/21/2017 08:37 AM, Christian Marillat wrote:
>> I called rdiff-backup-fs with sudo, same crash.
>> I did a try with two differents backups, same crash.
>
> Ok, thanks. Will try to
On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote:
> > This looks like a problem in perl itself possibly causing random crashes
> > elsewhere, too.
> Does this problem also show up with 5.24.1-1 in testing and/or
> 5.24.1-2 in unstable?
Looking at the upstream ticket at
Control: retitle -1 Perl 5.24 makes nama FTBFS due to segfault
# or "Perl 5, version 24, ..."
On Tue, 21 Mar 2017 13:14:53 +0100, Balint Reczey wrote:
> Control: reassign -1 perl 5.24.0~rc3-1
> Control: affects -1 nama
> Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault
> This
Processing control commands:
> retitle -1 Perl 5.24 makes nama FTBFS due to segfault
Bug #839218 [perl] perl: Perl 24 makes nama FTBFS due to segfault
Changed Bug title to 'Perl 5.24 makes nama FTBFS due to segfault' from 'perl:
Perl 24 makes nama FTBFS due to segfault'.
--
839218:
Processing control commands:
> reassign -1 perl 5.24.0~rc3-1
Bug #839218 [src:nama] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests
failed.Bad plan. You planned 126 tests but ran 57.
Bug reassigned from package 'src:nama' to 'perl'.
No longer marked as found in versions nama/1.208-1.
Control: reassign -1 perl 5.24.0~rc3-1
Control: affects -1 nama
Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault
Dear Perl Maintainers,
On Fri, 30 Sep 2016 10:09:01 +0100 Chris Lamb wrote:
> Source: nama
> Version: 1.208-1
> Severity: serious
> Justification:
Your message dated Tue, 21 Mar 2017 10:25:13 +
with message-id
and subject line Re: Bug#858095: atlc FTBFS on mips: Build killed with signal
TERM after 360 minutes of inactivity
has caused the Debian Bug report #858095,
regarding atlc FTBFS on
Hi Holger,
On Mo 20 Mär 2017 22:48:23 CET, Holger Levsen wrote:
On Mon, Mar 20, 2017 at 06:21:38PM +, Mike Gabriel wrote:
I am not sure, did we reach a conclusion on the smarty3 upload?.
uhm, yes:
[11:15] < sunweaver> I'll do the upload to unstable now, or do we
want to ping the RT
Hi Christian!
On 03/21/2017 08:37 AM, Christian Marillat wrote:
> I called rdiff-backup-fs with sudo, same crash.
> I did a try with two differents backups, same crash.
Ok, thanks. Will try to reproduce it.
> I don't see this bug on an amd64 machine (kernel 4.1.39)
Interesting. So it occurs on
On 21 mars 2017 08:20, John Paul Adrian Glaubitz
wrote:
> Control: tags -1 moreinfo
>
> Hi Christian!
>
>> rdiff-backup-fs crash
>> Here is the gdb bt and rdiff-backup-fs output
>> (...)
>
> Could you provide a little more information on what exactly you did to
Control: tags -1 moreinfo
Hi Christian!
> rdiff-backup-fs crash
> Here is the gdb bt and rdiff-backup-fs output
> (...)
Could you provide a little more information on what exactly you did to provoke
the crash? Does rdiff-backup-fs always segfault or just under certain
circumstances?
Adrian
Processing control commands:
> tags -1 moreinfo
Bug #858316 [rdiff-backup-fs] rdiff-backup-fs: segmentation fault
Added tag(s) moreinfo.
--
858316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Package: rdiff-backup-fs
Version: 1.0.0-4+b2
Severity: grave
Dear Maintainer,
rdiff-backup-fs crash
Here is the gdb bt and rdiff-backup-fs output
Reading symbols from
51 matches
Mail list logo