CVE List for 5.7:
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3331
CVE-2017-3450
CVE-2017-3453
CVE-2017-3454
CVE-2017-3455
CVE-2017-3456
CVE-2017-3457
CVE-2017-3458
CVE-2017-3459
CVE-2017-3460
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3465
CVE-2017-3467
CVE-2017-3468
CVE list for 5.5:
CVE-2017-3302
CVE-2017-3305
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3453
CVE-2017-3456
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3600
--
Lars
Your message dated Wed, 19 Apr 2017 01:33:55 +
with message-id
and subject line Bug#857794: fixed in reportbug 7.1.6
has caused the Debian Bug report #857794,
regarding reportbug: crash when encountering some non-ASCII characters
to be marked as done.
Processing commands for cont...@bugs.debian.org:
> tag 857794 pending
Bug #857794 [reportbug] reportbug: crash when encountering some non-ASCII
characters
Added tag(s) pending.
> tag 857794 pending
Bug #857794 [reportbug] reportbug: crash when encountering some non-ASCII
characters
Ignoring
tag 857794 pending
tag 857794 pending
thanks
Date: Tue Apr 18 20:53:16 2017 -0400
Author: Sandro Tosi
Commit ID: df3421fcd603037616d28b1d78a86374adb7acfb
Commit URL:
On Tue, Apr 11, 2017 at 12:16 PM, Niels Thykier wrote:
> Is there an update on this bug? :)
apologies for the delay, i'm preparing an upload
--
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+:
Processing control commands:
> reassign -1 gnome-orca
Bug #859262 [synaptic] freezes Orca screen reader
Bug reassigned from package 'synaptic' to 'gnome-orca'.
No longer marked as found in versions synaptic/0.84.2.
Ignoring request to alter fixed versions of bug #859262 to the same values
Control: reassign -1 gnome-orca
Control: affects -1 synaptic
Tim Retout:
> Hey,
>
> I managed to reproduce this issue by:
>
> 1) running orca and synaptic
> 2) clicking "Reload"
> 3) clicking "Mark all upgrades"
> 4) clicking "Apply" and proceeding to install ~12 packages.
>
> Orca stopped
Your message dated Tue, 18 Apr 2017 23:04:18 +
with message-id
and subject line Bug#859150: fixed in installation-guide 20170419
has caused the Debian Bug report #859150,
regarding installation-guide: leaves many /tmp/tmp* files behind
to be marked as
Package: libqt5charts5-dev
Version: 5.7.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package ships (or creates)
a broken symlink.
>From the attached log (scroll to the bottom...):
0m57.1s ERROR: FAIL: Broken symlinks:
Processing commands for cont...@bugs.debian.org:
> tags 860576 + pending
Bug #860576 [wdm] wdm: Missing dependency on an X server
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
860576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860576
Control: tag -1 unreproducible moreinfo
Hi again,
Niels Thykier wrote:
> Axel Beckert:
> > Niels Thykier wrote:
> >> I have reviewed the wdm init.d script and I cannot see that it takes
> >> plymouth into account (which leads to #782456). To the best of my
> >> knowledge, #782456 have to be
Processing control commands:
> tag -1 unreproducible moreinfo
Bug #860464 [wdm] wdm: Missing handling of plymouth (#782456)
Added tag(s) unreproducible and moreinfo.
--
860464: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860464
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: severity -1 important
On Wed, 5 Apr 2017 21:21:06 +0200 Andreas Beckmann wrote:
> Control: severity -1 serious
> and resulting in packages without copyright file after upgrade
> e.g. gdc-mips64-linux-gnuabi64 4:6.3.0-1 -> 4:6.3.0-2
This is tracked separately as
Processing control commands:
> severity -1 important
Bug #858112 [src:gcc-defaults] gcc-defaults: broken symlinks:
gcc-: /usr/share/doc/cpp-/README.Bugs ->
../gcc-6/README.Bugs
Severity set to 'important' from 'serious'
--
858112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858112
Debian
Processing control commands:
> reopen -1
Bug #858112 {Done: Matthias Klose } [src:gcc-defaults]
gcc-defaults: broken symlinks: gcc-:
/usr/share/doc/cpp-/README.Bugs -> ../gcc-6/README.Bugs
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed
Followup-For: Bug #858112
Control: reopen -1
Control: found -1 1.168
Hi,
the broken README.Bugs symlink is still there ...
/usr/share/doc/cpp-mips-linux-gnu/README.Bugs -> ../gcc-6-base/README.Bugs
/usr/share/doc/cpp-s390x-linux-gnu/README.Bugs -> ../gcc-6-base/README.Bugs
Package: clang-3.8
Version: 1:3.8.1-20
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package ships (or creates)
a broken symlink.
>From the attached log (scroll to the bottom...):
0m39.1s ERROR: FAIL: Broken symlinks:
Package: wdm
Version: 1.28-19
Severity: serious
If you install wdm on a minimal Debian system, you don't get a working
login manager, but error messages about not finding /usr/bin/X in the
syslog.
Installing xserver-xorg-core suffices to make wdm start up, but no input
device (mouse, keyboard)
Hey,
I managed to reproduce this issue by:
1) running orca and synaptic
2) clicking "Reload"
3) clicking "Mark all upgrades"
4) clicking "Apply" and proceeding to install ~12 packages.
Orca stopped speaking until synaptic was closed.
This only happened when upgrading via "Mark all upgrades"; I
Processing control commands:
> tag -1 patch pending
Bug #857992 [openjdk-8-jre-headless] openjdk-8-jre-headless: please add Breaks:
tzdata-java
Added tag(s) pending.
--
857992: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857992
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tag -1 patch pending
On 2017-04-14 22:11, anarcat wrote:
> I have tried to do a NMU for this and failed to build OpenJDK through
I had previously succeeded to build openjdk-8, so I just uploaded that
as a NMU to DELAYED/5. Please let me know if I should delay it longer or
cancel.
Hi all,
I don't know what to make of it, but when I first start the speechd-up
daemon by hand, then the init script succeeds (because it finds the
daemon already running). But now it comes, I then can stop and start the
daemon successfully, but only when I am quick enough. This is
reproducible,
Hi,
Am 18.04.2017 um 11:15 schrieb Emmanuel Bourg:
> Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit :
>
>> I'll get another look.
>
> I wrote a simple test case:
>
> import com.sun.jna.platform.unix.X11;
> public class JNATest {
> public static void main(String[] args) throws
Your message dated Tue, 18 Apr 2017 20:43:39 +0100
with message-id
and subject line
has caused the Debian Bug report #860341,
regarding libmtp-common: libmtp does not work w/ recent Android phones
to be marked as done.
This
Version: 1.1.13-1
Hi,
The release team has unblocked libmtp 1.1.13-1, hence closing.
Thanks.
--
Alessio Treglia | www.alessiotreglia.com
Debian Developer | ales...@debian.org
Ubuntu Core Developer| quadris...@ubuntu.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D
On Tue, 2017-04-18 at 18:50 +0200, Andreas Metzler wrote:
> On 2017-04-17 "Brent S. Elmer Ph.D." wrote:
> > On Sat, 2017-04-15 at 13:33 +0200, Andreas Metzler wrote:
> > > On 2017-04-14 "Brent S. Elmer" wrote:
>
> [...]
> > > > Apr 14 08:30:06 brente
Processing commands for cont...@bugs.debian.org:
> retitle 858316 rdiff-backup-fs: segmentation fault on i386
Bug #858316 [rdiff-backup-fs] rdiff-backup-fs: segmentation fault
Changed Bug title to 'rdiff-backup-fs: segmentation fault on i386' from
'rdiff-backup-fs: segmentation fault'.
> kthxbye
severity 860011 serious
thanks
I can confirm the broken GUI.
I had to run "xspim -font 6x10" to get it to launch, as per a comment
at the end of this Ubuntu issue, a different issue to #670949:
https://bugs.launchpad.net/ubuntu/+source/spim/+bug/824084
Marking as 'serious' because at least the
Processing commands for cont...@bugs.debian.org:
> severity 860011 serious
Bug #860011 [spim] xspim: white screen, broken gui
Severity set to 'serious' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
860011:
Your message dated Tue, 18 Apr 2017 17:49:15 +
with message-id
and subject line Bug#860007: fixed in gtkglext 1.2.0-7
has caused the Debian Bug report #860007,
regarding z88: FTBFS: gdkgl.h:22:29: fatal error: gdkglext-config.h: No such
file or directory
Your message dated Tue, 18 Apr 2017 17:34:15 +
with message-id
and subject line Bug#859560: fixed in xen 4.8.1-1
has caused the Debian Bug report #859560,
regarding xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV
guest breakout
Processing commands for cont...@bugs.debian.org:
> tags 860007 + pending
Bug #860007 [gtkglext] z88: FTBFS: gdkgl.h:22:29: fatal error:
gdkglext-config.h: No such file or directory
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
860007:
Processing control commands:
> retitle -1 daemon startup under systemd fails when exim is configured without
> daemon process
Bug #860317 [exim4] upgrade to latest stretch version breaks
Changed Bug title to 'daemon startup under systemd fails when exim is
configured without daemon process'
Processing commands for cont...@bugs.debian.org:
> reassign 860007 gtkglext
Bug #860007 [src:z88] z88: FTBFS: gdkgl.h:22:29: fatal error:
gdkglext-config.h: No such file or directory
Bug reassigned from package 'src:z88' to 'gtkglext'.
No longer marked as found in versions z88/13.0.0+dfsg2-4.
reassign 860007 gtkglext
found 860007 1.2.0-5
tags 860007 + patch
affects 860007 + z88
thanks
Hi,
This actually seems to be a regresion due to multi-arching gtkglext in
the 1.2.0-5 upload.
Patch attached. After applying it to gtkglext, z88 builds successfully.
Regards,
--
,''`.
:
On Tue, Apr 18, 2017 at 05:04:15PM +0200, Raphael Hertzog wrote:
> Hello everybody,
>
> On Sat, 14 Jan 2017, Moritz Mühlenhoff wrote:
> > > The upstream bug is now public:
> > > https://sourceforge.net/p/tcpdf/bugs/1005/
> >
> > Since K_TCPDF_CALLS_IN_HTML defaults to true in jessie, we should
Control: notforwarded -1
Control: tags -1 pending
[Only the old patch was forwarded]
On 17/04/17 20:00, James Cowgill wrote:
> As discussed in #839010 and after looking at this a bit more, I think
> this bug should be release-critical for stretch. Although I can get
> bind9 to start working on
Processing control commands:
> notforwarded -1
Bug #778720 [bind9] bind9: hangs / crashes on mips after some time
Unset Bug forwarded-to-address
> tags -1 pending
Bug #778720 [bind9] bind9: hangs / crashes on mips after some time
Added tag(s) pending.
--
778720:
Hi,
> z88: FTBFS: gdkgl.h:22:29: fatal error: gdkglext-config.h: No such file or
> directory
This seems related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=185307
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Processing commands for cont...@bugs.debian.org:
> retitle 860515 Translations missing in French KDE language packages
Bug #860515 [kde-l10n-fr] Many translations missing in french KDE lang packages
while we're close to release
Changed Bug title to 'Translations missing in French KDE language
Le 17/04/2017 à 21:20, Salvatore Bonaccorso a écrit :
> the following vulnerability was published for apache-log4j2.
>
> CVE-2017-5645[0]:
> Apache Log4j socket receiver deserialization vulnerability
Hi Salvatore,
The vulnerability has been fixed in unstable. liblog4j2-java isn't used
in
reassign 856024 multistrap
forcemerge 591518 856024
kthxbye
It appears multistrap has longstanding issues with dpkg-divert, e.g.:
- https://lists.debian.org/debian-embedded/2010/04/msg00025.html
- https://bugs.launchpad.net/ubuntu/+source/multistrap/+bug/646901 (in
Ubuntu, but same issue)
I
Processing commands for cont...@bugs.debian.org:
> reassign 856024 multistrap
Bug #856024 [molly-guard] molly-guard: causes failure to update systemd-sysv
Bug reassigned from package 'molly-guard' to 'multistrap'.
No longer marked as found in versions molly-guard/0.6.4.
Ignoring request to alter
Processing commands for cont...@bugs.debian.org:
> severity 852059 important
Bug #852059 [opendnssec-signer] opendnssec-signer: installation hangs on
invoke-rc.d due to script name being to long
Severity set to 'important' from 'serious'
> severity 859418 important
Bug #859418
Hello everybody,
On Sat, 14 Jan 2017, Moritz Mühlenhoff wrote:
> > The upstream bug is now public:
> > https://sourceforge.net/p/tcpdf/bugs/1005/
>
> Since K_TCPDF_CALLS_IN_HTML defaults to true in jessie, we should fix
> this in jessie.
>
> Could someone of the maintainers prepare an update?
Processing commands for cont...@bugs.debian.org:
> tags 856024 - unreproducible
Bug #856024 [molly-guard] molly-guard: causes failure to update systemd-sysv
Removed tag(s) unreproducible.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
856024:
tags 856024 - unreproducible
thanks
On 18 April 2017 at 13:53, Jonas Smedegaard wrote:
> Possibly this (sub)issue is tied to this:
>
> 1) install both packages _without_ executing postinst
> while *not* running systemd (e.g. in a chroot)
> 2) execute postinst of each package
Your message dated Tue, 18 Apr 2017 13:03:51 +
with message-id
and subject line Bug#860489: fixed in apache-log4j2 2.7-2
has caused the Debian Bug report #860489,
regarding apache-log4j2: CVE-2017-5645: socket receiver deserialization
vulnerability
to be
Quoting Tim Retout (2017-04-18 11:00:54)
> On 17 April 2017 at 18:59, Jonas Smedegaard wrote:
>> I don't recall, but believe I installed using plain standard
>> debian-installer with the "netboot" image. But possibly I might have
>> used multistrap, which means the order of
Your message dated Tue, 18 Apr 2017 12:48:58 +
with message-id
and subject line Bug#860233: fixed in gnome-paint 0.4.0-5
has caused the Debian Bug report #860233,
regarding gnome-paint: Segmentation fault on startup
to be marked as done.
This means that
tag 860489 + pending
thanks
Some bugs in the apache-log4j2 package are closed in revision
799b96337bcf909193aa76c6090ba511c05b64f6 in branch 'master' by
Emmanuel Bourg
The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/apache-log4j2.git/commit/?id=799b963
Commit message:
Processing commands for cont...@bugs.debian.org:
> tag 860489 + pending
Bug #860489 [src:apache-log4j2] apache-log4j2: CVE-2017-5645: socket receiver
deserialization vulnerability
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
860489:
Your message dated Tue, 18 Apr 2017 08:24:36 -0400
with message-id
and subject line
has caused the Debian Bug report #854130,
regarding libbson FTBFS on mips/mipsel: test-results.json aborted
to be marked as done.
This means
Your message dated Tue, 18 Apr 2017 12:04:28 +
with message-id
and subject line Bug#859969: fixed in ocaml-dtools 0.3.1-2
has caused the Debian Bug report #859969,
regarding ocaml-dtools FTBFS on ppc64el: dh_install: Cannot find (any matches
for)
Package: r10k
Version: 2.5.0-1
Severity: grave
The rugged provider, as provided by ruby-rugged in Debian, does neither
support HTTPS, nor SSH. As this is a hard dependency, I think it is
safe to assume it should work.
As long as rugged is in this state, I don't think a dependency with all
the
Your message dated Tue, 18 Apr 2017 11:48:50 +
with message-id
and subject line Bug#859966: fixed in ocaml-ao 0.2.0-2
has caused the Debian Bug report #859966,
regarding ocaml-ao FTBFS on ppc64el: dh_install: Cannot find (any matches for)
"src/*.cmx"
to
Source: mysql-5.7
Version: 5.7.17-1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for April 2017 will be released on
Tuesday, April 18. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.7.18.
The
Source: mysql-5.5
Version: 5.5.54-0+deb8u1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for April 2017 will be released on
Tuesday, April 18. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.5.55.
Hi again Stéphane,
On Tue, 18 Apr 2017 10:28:38 +0200, Stéphane Glondu wrote:
> On 13/04/2017 18:39, Frederic Bonnard wrote:
> > on bytecode only architectures, the native related files won't be compiled
> > because
> > ocamlopt is not available in ocaml. So I made those
Hi Stéphane,
On Tue, 18 Apr 2017 10:50:16 +0200, Stéphane Glondu wrote:
> On 18/04/2017 10:25, Stéphane Glondu wrote:
> >> on bytecode only architectures, the native related files won't be
> >> compiled because
> >> ocamlopt is not available in ocaml. So I made those files
tag 823688 pending
thanks
Hello,
Bug #823688 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/debian-edu/upstream/sitesummary.git/commit/?id=8eea2c3
---
commit
Processing commands for cont...@bugs.debian.org:
> tag 823688 pending
Bug #823688 {Done: Petter Reinholdtsen } [sitesummary]
sitesummary: prerm called with unknown argument `upgrade'
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
> tags 856487 + patch
Bug #856487 [libsbc1] libsbc1: compiling with gcc > 4.9 causes stack corruption
Ignoring request to alter tags of bug #856487 to the same tags previously set
> thanks
Stopping processing here.
Please contact me if you need
Le 18/04/2017 à 00:07, Emmanuel Bourg a écrit :
> I'll get another look.
I wrote a simple test case:
import com.sun.jna.platform.unix.X11;
public class JNATest {
public static void main(String[] args) throws Exception {
System.setProperty("jna.boot.library.name",
Your message dated Tue, 18 Apr 2017 09:04:13 +
with message-id
and subject line Bug#857744: fixed in qemu 1:2.8+dfsg-4
has caused the Debian Bug report #857744,
regarding qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection
to be marked as
# not reproducible on maintainer's system
tags 856024 unreproducible
thanks
On 17 April 2017 at 18:59, Jonas Smedegaard wrote:
> I don't recall, but believe I installed using plain standard
> debian-installer with the "netboot" image. But possibly I might have
> used multistrap,
Processing commands for cont...@bugs.debian.org:
> # not reproducible on maintainer's system
> tags 856024 unreproducible
Bug #856024 [molly-guard] molly-guard: causes failure to update systemd-sysv
Added tag(s) unreproducible.
> thanks
Stopping processing here.
Please contact me if you need
On 18/04/2017 10:25, Stéphane Glondu wrote:
on bytecode only architectures, the native related files won't be
compiled because
ocamlopt is not available in ocaml. So I made those files optional in
the attached patch.
Note that on ppc64el, ocamlopt is available starting with ocaml 4.03 and
.cmx
On 13/04/2017 18:39, Frederic Bonnard wrote:
on bytecode only architectures, the native related files won't be compiled
because
ocamlopt is not available in ocaml. So I made those files optional in the
attached patch.
Note that on ppc64el, ocamlopt is available starting with ocaml 4.03 and
.a,
On 13/04/2017 18:33, Frederic Bonnard wrote:
on bytecode only architectures, the native related files won't be compiled
because
ocamlopt is not available in ocaml. So I made those files optional in the
attached patch.
Note that on ppc64el, ocamlopt is available starting with ocaml 4.03 and
71 matches
Mail list logo