Bug#858410: closing 858410

close 858410 8.13.11+dfsg-7 thanks

Processed: closing 858410

Processing commands for cont...@bugs.debian.org: > close 858410 8.13.11+dfsg-7 Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers Ignoring request to alter fixed versions of bug #858410 to the same values previously set Bug #858410

Bug#858410: gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers

Source: gitlab Version: 8.13.11+dfsg-2 Severity: grave Tags: patch upstream security fixed-upstream Control: fixed -1 8.13.11+dfsg-7 Hi, the following vulnerability was published for gitlab. CVE-2017-0882[0]: Information Disclosure in Issue and Merge Request Trackers If you fix the

Processed: gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers

Processing control commands: > fixed -1 8.13.11+dfsg-7 Bug #858410 [src:gitlab] gitlab: CVE-2017-0882: Information Disclosure in Issue and Merge Request Trackers Marked as fixed in versions gitlab/8.13.11+dfsg-7. -- 858410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858410 Debian Bug

Bug#857794: reportbug: crash when encountering some non-ASCII characters

Hi Nis, Others may have some additional comments but a couple of thoughts from an observer (I'm not the maintainer). C.UTF-8 is provided within glibc (it's in the libc-bin package so it is always available). Is it worth setting that as the locale for all communication with subprocesses? It

Bug#801564: marked as done (squid: prompting due to modified conffiles which were not modified by the user: /etc/squid/squid.conf)

Your message dated Wed, 22 Mar 2017 00:18:56 + with message-id and subject line Bug#801564: fixed in squid3 3.5.23-2 has caused the Debian Bug report #801564, regarding squid: prompting due to modified conffiles which were not modified by the user:

Bug#858402: hangs on install when trying to start

Package: docker.io Version: 1.11.2~ds1-6 Severity: grave I tried to install docker.io in Debian stretch (I know, it's banned, but I figured I'd try my luck) and it completely hangs apt-get install: $ LANG=C sudo dpkg --configure -a Setting up docker.io (1.11.2~ds1-6) ... addgroup: The group

Bug#858397: odin FTBFS on armel/armhf/i386: FAIL: cmdline-utils/odintestsuite

Source: odin Version: 2.0.3-0.1 Severity: serious https://buildd.debian.org/status/package.php?p=odin=sid ... /usr/bin/make check-TESTS make[4]: Entering directory '/«PKGBUILDDIR»' make[5]: Entering directory '/«PKGBUILDDIR»' ./test-driver: line 107: 3180 Aborted "$@" >

Bug#857794: reportbug: crash when encountering some non-ASCII characters

Thank you for your report, and for the nice recipe to reproduce the bug. Can you try the attached patch? >From f42c5879b91b11a986e93f7f92244cf938dae0fb Mon Sep 17 00:00:00 2001 From: Nis Martensen Date: Tue, 21 Mar 2017 22:23:49 +0100 Subject: [PATCH] Stop using

Bug#734101: openlp in Stretch in danger due to RC bug in libjs-jquery-mobile

Hi Paul, Have you tested your workaround with libjs-jquery-migrate-1 recently? The jQuery package in Debian got upgraded to 3.1.1 last October and I read on the page you link above: Hrm, I hadn't noticed this. Thanks for the heads up. which leaves me to wonder if your package is now broken

Bug#787338: marked as done (ftp.debian.org: incorrect lintian error leads to auto-rejection)

Your message dated Tue, 21 Mar 2017 22:14:05 +0100 with message-id

Bug#734101: openlp in Stretch in danger due to RC bug in libjs-jquery-mobile

Hi Raoul, On 20-03-17 21:32, Raoul Snyman wrote: >> If that is all, that would be a great solution to the problem at hand >> indeed. Does it require other adaptations? I guess one would need to >> guarantee that the migrate calls are actually included. How did you do >> that? I guess every

Processed: cmtk -> 1.1

Processing commands for cont...@bugs.debian.org: > user pkg-openssl-de...@lists.alioth.debian.org Setting user to pkg-openssl-de...@lists.alioth.debian.org (was sebast...@breakpoint.cc). > # PKGNAME > unarchive 844828 Bug #844828 {Done: Adrian Bunk } [src:cmtk] cmtk: FTBFS:

Processed: Re: Bug#858177: CVE-2016-3921

Processing control commands: > severity -1 important Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885 CVE-2016-3861 Severity set to 'important' from 'grave' > tags -1 -security Bug #858177 [src:android-platform-system-core] CVE-2016-3921 CVE-2016-3885 CVE-2016-3861

Bug#858177: CVE-2016-3921

Control: severity -1 important Control: tags -1 -security

Bug#858177: not affected

Almost all of the Android CVEs are for the Android OS, not the Android SDK. The tricky part is that they are built from the same source tree. Another thing to note is that some of the Android SDK libs used in the SDK run at elevated privileges in Android OS, but not when part of the SDK. So

Processed: downgrade 858382

Processing commands for cont...@bugs.debian.org: > severity 858382 wishlist Bug #858382 [gambas3] gambas3: No documentation Severity set to 'wishlist' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 858382:

Processed: Re: Bug#809167: cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation

Processing control commands: > severity -1 important Bug #809167 [cron] cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation Severity set to 'important' from 'critical' -- 809167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 Debian Bug Tracking

Bug#844584: dhclient should perform additional validity checks

Control: severity -1 important Hi, On Thu, Nov 17, 2016 at 08:10:34AM +, Anton Ivanov wrote: > https://samy.pl/poisontap/ > > This is a variation on an ancient "gem" by a DSL Modem vendor > where the router pretends to be the entire internet by spoofing > arp so that it captures all

Bug#809167: cron: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation

Control: severity -1 important Hi, On Sun, Jan 29, 2017 at 07:32:59PM +, Ben Hutchings wrote: > (I think this probably can be downgraded. At least on Linux, I expect > memory allocation to either succeed or kill the program. But this > should be fixed, anyway) Doing so now. Cheers, Ivo

Processed: Re: dhclient should perform additional validity checks

Processing control commands: > severity -1 important Bug #844584 [isc-dhcp-client] dhclient should perform additional validity checks Severity set to 'important' from 'serious' -- 844584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844584 Debian Bug Tracking System Contact

Bug#858380: llvm-toolchain-3.7: FTBFS in stretch (failing tests)

Package: src:llvm-toolchain-3.7 Version: 1:3.7.1-3 Severity: serious Dear maintainer: I tried to build this package in stretch with "dpkg-buildpackage -A" but it failed: [...] debian/rules build-indep dh

Processed: Version tracking fix

Processing commands for cont...@bugs.debian.org: > found 857991 0.2.6-1 Bug #857991 [npm2deb] npm2deb: Please Recommend npm instead of Depend Marked as found in versions npm2deb/0.2.6-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 857991:

Bug#858377: libblkmaker: doesn't support current bitcoin block version

Package: libblkmaker Version: 0.5.3-1 Severity: grave Tags: fixed-upstream Hi, The version of libblkmaker in sid/stretch supports bitcoin blocks up to version 4 only: http://sources.debian.net/src/libblkmaker/0.5.3-1/blkmaker.h/#L15 But since early 2016, the tip of the blockchain uses

Bug#858375: libmongo-client-doc: uninstallable after binNMU

Package: libmongo-client-doc Version: 0.1.8-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: libmongo-client-doc : Depends:

Processed: [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k

Processing commands for cont...@bugs.debian.org: > severity 857296 important Bug #857296 [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 857296:

Bug#857296: [hol88-library] hol88-library is an empty package on arm64, hppa, and m68k

severity 857296 important thanks Greetings and thanks for your report! Am looking into this now Take care, -- Camm Maguirec...@maguirefamily.org == "The earth is but one country,

Bug#858372: mono-fpm-server: dependency on arch:any package libfpm-helper0 is not binNMU-safe

Package: mono-fpm-server Version: 4.2-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts mono-fpm-server (arch:all) is no longer installable after the recent binNMU of xsp: The following packages have unmet dependencies: mono-fpm-server : Depends: libfpm-helper0 (= 4.2-2)

Bug#858215: marked as done (aodh-api: Missing dependency to net-tools)

Your message dated Tue, 21 Mar 2017 16:33:55 + with message-id and subject line Bug#858215: fixed in aodh 3.0.0-3 has caused the Debian Bug report #858215, regarding aodh-api: Missing dependency to net-tools to be marked as done. This means that you claim

Processed: user debian...@lists.debian.org, usertagging 851986, usertagging 724479, usertagging 856645 ...

Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 851986 piuparts There were no usertags set. Usertags are now: piuparts. > usertags 724479 piuparts There were no usertags set. Usertags

Bug#858366: libwhy-coq: sourceful upload needed to update coq dependency

Package: libwhy-coq Version: 2.36-5 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: libwhy-coq : Depends: coq-8.5+4.02.3 but it is not

Processed: close keystone bug

Processing commands for cont...@bugs.debian.org: > fixed 858217 2:10.0.0-7 Bug #858217 [src:keystone] keystone: Missing dependency to net-tools Marked as fixed in versions keystone/2:10.0.0-7. > End of message, stopping processing here. Please contact me if you need assistance. -- 858217:

Bug#856599: libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7

Followup-For: Bug #856599 Control: tag -1 pending patch Hi, I just uploaded the attached patch as a NMU to DELAYED/5. Please let me know if I should delay it longer. Andreas diff -Nru ktp-common-internals-15.08.3/debian/changelog ktp-common-internals-15.08.3/debian/changelog ---

Processed: Re: libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7

Processing control commands: > tag -1 pending patch Bug #856599 [libktpcommoninternals9] libktpcommoninternals9: please add Breaks: libktpcommoninternalsprivate7 Added tag(s) pending and patch. -- 856599: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856599 Debian Bug Tracking System

Bug#858215: marked as done (aodh-api: Missing dependency to net-tools)

Your message dated Tue, 21 Mar 2017 15:04:30 + with message-id and subject line Bug#858215: fixed in keystone 2:10.0.0-7 has caused the Debian Bug report #858215, regarding aodh-api: Missing dependency to net-tools to be marked as done. This means that

Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

Hi Gregor, On Tue, Mar 21, 2017 at 1:36 PM, gregor herrmann wrote: > On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote: > >> > This looks like a problem in perl itself possibly causing random crashes >> > elsewhere, too. >> Does this problem also show up with 5.24.1-1

Bug#858348: pmw-doc: uninstallable in sid after binNMU of pmw

Package: pmw-doc Version: 1:4.28-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: pmw-doc : Depends: pmw (= 1:4.28-2) but it is not

Bug#858316: rdiff-backup-fs: segmentation fault

On 03/21/2017 03:32 PM, Christian Marillat wrote: >>> I restored a directory today with rdiff-backup without problem. >> >> That was on amd64, I asumme? > > No on the i386 machine. Ah, sorry, I missed the difference between rdiff-backup and rdiff-backup-fs. >> Ok, then I definitely have to test

Bug#858316: rdiff-backup-fs: segmentation fault

On 21 mars 2017 08:40, John Paul Adrian Glaubitz wrote: > Hi Christian! > > On 03/21/2017 08:37 AM, Christian Marillat wrote: >> I called rdiff-backup-fs with sudo, same crash. >> I did a try with two differents backups, same crash. > > Ok, thanks. Will try to

Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

On Tue, 21 Mar 2017 13:31:32 +0100, gregor herrmann wrote: > > This looks like a problem in perl itself possibly causing random crashes > > elsewhere, too. > Does this problem also show up with 5.24.1-1 in testing and/or > 5.24.1-2 in unstable? Looking at the upstream ticket at

Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

Control: retitle -1 Perl 5.24 makes nama FTBFS due to segfault # or "Perl 5, version 24, ..." On Tue, 21 Mar 2017 13:14:53 +0100, Balint Reczey wrote: > Control: reassign -1 perl 5.24.0~rc3-1 > Control: affects -1 nama > Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault > This

Processed: Re: Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

Processing control commands: > retitle -1 Perl 5.24 makes nama FTBFS due to segfault Bug #839218 [perl] perl: Perl 24 makes nama FTBFS due to segfault Changed Bug title to 'Perl 5.24 makes nama FTBFS due to segfault' from 'perl: Perl 24 makes nama FTBFS due to segfault'. -- 839218:

Processed: Re: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

Processing control commands: > reassign -1 perl 5.24.0~rc3-1 Bug #839218 [src:nama] nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57. Bug reassigned from package 'src:nama' to 'perl'. No longer marked as found in versions nama/1.208-1.

Bug#839218: nama: FTBFS: Failed 1/7 test programs. 0/91 subtests failed.Bad plan. You planned 126 tests but ran 57.

Control: reassign -1 perl 5.24.0~rc3-1 Control: affects -1 nama Control: retitle -1 perl: Perl 24 makes nama FTBFS due to segfault Dear Perl Maintainers, On Fri, 30 Sep 2016 10:09:01 +0100 Chris Lamb wrote: > Source: nama > Version: 1.208-1 > Severity: serious > Justification:

Bug#858095: marked as done (atlc FTBFS on mips: Build killed with signal TERM after 360 minutes of inactivity)

Your message dated Tue, 21 Mar 2017 10:25:13 + with message-id and subject line Re: Bug#858095: atlc FTBFS on mips: Build killed with signal TERM after 360 minutes of inactivity has caused the Debian Bug report #858095, regarding atlc FTBFS on

Bug#847571: smartly-lexer NMUed, please merge NMU into git

Hi Holger, On Mo 20 Mär 2017 22:48:23 CET, Holger Levsen wrote: On Mon, Mar 20, 2017 at 06:21:38PM +, Mike Gabriel wrote: I am not sure, did we reach a conclusion on the smarty3 upload?. uhm, yes: [11:15] < sunweaver> I'll do the upload to unstable now, or do we want to ping the RT

Bug#858316: rdiff-backup-fs: segmentation fault

Hi Christian! On 03/21/2017 08:37 AM, Christian Marillat wrote: > I called rdiff-backup-fs with sudo, same crash. > I did a try with two differents backups, same crash. Ok, thanks. Will try to reproduce it. > I don't see this bug on an amd64 machine (kernel 4.1.39) Interesting. So it occurs on

Bug#858316: rdiff-backup-fs: segmentation fault

On 21 mars 2017 08:20, John Paul Adrian Glaubitz wrote: > Control: tags -1 moreinfo > > Hi Christian! > >> rdiff-backup-fs crash >> Here is the gdb bt and rdiff-backup-fs output >> (...) > > Could you provide a little more information on what exactly you did to

Bug#858316: rdiff-backup-fs: segmentation fault

Control: tags -1 moreinfo Hi Christian! > rdiff-backup-fs crash > Here is the gdb bt and rdiff-backup-fs output > (...) Could you provide a little more information on what exactly you did to provoke the crash? Does rdiff-backup-fs always segfault or just under certain circumstances? Adrian

Processed: Re: rdiff-backup-fs: segmentation fault

Processing control commands: > tags -1 moreinfo Bug #858316 [rdiff-backup-fs] rdiff-backup-fs: segmentation fault Added tag(s) moreinfo. -- 858316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#858316: rdiff-backup-fs: segmentation fault

Package: rdiff-backup-fs Version: 1.0.0-4+b2 Severity: grave Dear Maintainer, rdiff-backup-fs crash Here is the gdb bt and rdiff-backup-fs output Reading symbols from