Source: nginx
Version: 1.24.0-2
Severity: serious
Tags: upstream
Justification: Policy 2.1.5
Dear Maintainer,
The company behind nginx fired half of their most senior programmers two
years ago, due to the country in which they reside (Russia). This might
be a violation of DFSG 5 (Debian Policy
Thank you very much for your answer.
It helps to understand the current situation.
(There was no way to tell if discussions happened somewhere else than here,
and/or if there were more details to how and when people are affected, how
frequent, etc. And some maintainers are quite lazy with
Hi,
it was asked already some months ago, but please:
Is this somthing a normal admin needs to worry about when upgrading? Should I
hold upgrades back?
I want to avoid spamming this, but please someone make clarity.
Debian Buster got released now, here is a critical bug in a very common
software, and apparently nobody cared about closing/postponing for several
months.
While I understand that many a volunteers and so on, for a Debian "stable"
I want to avoid spamming this, but please someone make clarity.
Debian Buster got released now, here is a critical bug in a very common software, and apparently nobody cared about closing/postponing for several months.
While I understand that many a volunteers and so on, for a Debian
Hi,
it was asked already some months ago, but please:
Is this somthing a normal admin needs to worry about when upgrading? Should I hold upgrades back?
Package: kdenlive
Version: 16.12.2-1
Severity: critical
Dear Maintainer,
Hi, i'm trying to use kdenlive but when i launch the app i see just the
titlebar, no content or other parts of application, is completly unusable
i hope you could solve it
thank you
-- System Information:
Debian Release:
Package: xpuzzles
Version: 5.5.4.1-2
Severity: serious
Justification: Policy 2.2.1
*** Please type your report below this line ***
According to the copyright file in this package,
# Permission to use, copy, modify, and distribute this software and
# its documentation for any purpose and
Hello,
I have the same problems as described in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644860 with
xul-ext-firetray 0.3.1-3 and icedove 3.1.15-1+b1 in Debian wheezy/sid
with 3.0.0-1-amd64 kernel, although xul-ext-firetray works with
iceweasel 7.0.1-4
Best regards
--
To
Hi,
* Apparently xmlto calls w3m or lynx to convert html to text, but I can't
find the call. (I don't know why neither one is a Build-Depend.) If w3m
is installed, it is called, but creates an error. Since I can't locate
the error, I have listed w3m as
Package: phpmyadmin
Version: 4:2.6.2-3sarge5
Severity: critical
Justification: root security hole
Tags: security patch
Since, phpmyadmin is on apache, and apache can be accessed from remote
host, so remote host can access mysql's [EMAIL PROTECTED] via phpmyadmin.
This will break mysql security
Martin Schulze [EMAIL PROTECTED] wrote:One question remains, though: + // buf_size = min(count, buf_size); + if (buf_size count) buf_size = count;Is there any reason not to write mim() here?It's a bit faster than buf_size = min(), since there's no need to reassign "buf_size" again, if it's less
Package: mimms
Version: 0.0.9-1
Severity: grave
Justification: user security hole
Tags: security patch
According to the patch attached in this report, it has many possible buffer
overflows.
For example,
- memcpy(buf, data, length) without bounding the limit of length,
while length depend on the
Package: pine
Version: 4.62-1
Severity: grave
Justification: renders package unusable
It should have binary .deb package for the original pine, so that it can
be redistributed in debian ftp archive. The package name may be
pine-orig, for example.
Without binary package, users will don't know
14 matches
Mail list logo
