tags 740898 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 21 Mar 2015 12:05:27 +0100.
The fix will be in the next upload.
=
Ignore
retitle -1 debian/copyright for smartmontools is too restrictive
severity -1 wishlist
Il 14/02/2015 06:57, Mark H Weaver ha scritto:
Every package must be accompanied by a verbatim copy of its
copyright information and distribution license in the file
/usr/share/doc/package/copyright.
tags 766178 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 21 Oct 2014 13:28:29 +0200.
The fix will be in the next upload.
=
Correct
tags 754684 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 18 Oct 2014 16:53:15 +0200.
The fix will be in the next upload.
=
Fix FTBFS
Package: chromium
Version: 37.0.2062.120-3
Severity: grave
Hi,
debian/chromium.postinst line 12
Really you cannot remove /etc/default/chromium file without asking or warning
user...
You have to move in /etc/chromium-browser/default
This is what happens when you push huge commits and nobody
Package: chromium
Version: 37.0.2062.120-3
Severity: grave
Hi,
debian/chromium.postinst line 12
Really you cannot remove /etc/default/chromium file without asking...
You have to move it in /etc/chromium-browser/default
This is what happens when you push huge commits and nobody can double
tags 761728 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 4 Oct 2014 19:11:13 +0200.
The fix will be in the next upload.
=
Depends
tags 757758 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 4 Oct 2014 19:28:19 +0200.
The fix will be in the next upload.
=
Fixed sed
tags 745646 unreproducible
notfound 745646 34.0.1847.116-2
severity 745646 normal
thanks
Il 2014-04-30 20:30 Jonathan Nieder ha scritto:
However Vincent is right that the CRLSets[1] are a different mechanism
than OCSP revocation checking and that CRLSet checking is enabled by
default.
Yes,
Hi,
On 30/04/2014 02:28, Vincent Lefevre wrote:
No, Chromium developers tell users not to enable it, and consider
it as an obsolete option that will be removed. Indeed, in case of
real MITM attack, the attacker can block the OCSP server, in which
case Chromium will silently consider the
On 30/04/2014 19:49, Vincent Lefevre wrote:
Bug 745646 is a different bug, specifically about the CRLSet system,
which is very broken.
What you write is not a bug, if you want to do revocation check you must
enable it in settings.
chromium --temp-profile
Go to settings and enable revocation
Hi Thomas,
On 17/03/2014 08:34, Thomas Goirand wrote:
I've been waiting for comments on my security upload for 5 months now.
The issue was supposed to be embargoed (in fact, just waiting on
Debian...). Please review the fixed packages!!! If you don't have time
to review it, just accept that I
Hi,
commit 64b895bf23943f8c72a49216d24e36b128213167
Author: Giuseppe Iuculano iucul...@debian.org
Date: Mon Oct 21 13:05:14 2013 +0200
Move chrome_sandbox to chrome-sandbox, chromium reads that file
Your -2 uploads didn't contain my -1 changes. Michael, please, please,
update your
tags 717567 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Thu, 5 Sep 2013 13:34:36 +0200.
The fix will be in the next upload.
=
Fix FTBFS
tags 706909 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sun, 2 Jun 2013 10:08:14 +0200.
The fix will be in the next upload.
=
Use /var/lib
On 04/03/2013 16:39, Moritz Muehlenhoff wrote:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
Fix: https://code.google.com/p/v8/source/detail?r=13161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836
Fix: https://code.google.com/p/v8/source/detail?r=12543
Cheers,
Hi Roland,
On 07/02/2013 22:58, Roland Stigge wrote:
I prepared a security upload for stable (attached debdiff). Should I
upload it to stable-security(security-master)?
Thanks for contacting us.
please upload to security-master (please make sure to include the
.orig.tar.gz in the upload, -sa
Hi Dominic,
On 04/02/2013 21:28, Dominic Hargreaves wrote:
I had no replies about this, so I think it's time to bite the bullet
and decide whether we should target this fix at
- stable-security
- stable
- neither of the above.
I think I'm leaning towards stable on the basis that that's
On 02/01/2013 12:15, David Prévot wrote:
I've prepared an NMU for chromium-browser (versioned as
22.0.1229.94~r161065+dfsg-0.1) and
uploaded it to DELAYED/2.
No, you haven't uploaded it to DELAYED/2.
signature.asc
Description: OpenPGP digital signature
Hi,
On 17/12/2012 18:21, Jonathan Wiltshire wrote:
Security team: is it too late to get a CVE through you now that a public
bug has been filed? And should a DSA be prepared, as I have not looked
but can be fairly sure this will affect stable.
yes, if it is public, we cannot assign a CVE. you
tags 677393 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 16 Jul 2012 12:00:06 +0200.
The fix will be in the next upload.
=
Fixed FTBFS
tags 677393 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 16 Jul 2012 14:30:09 +0200.
The fix will be in the next upload.
=
Really fix
Hi Norbert!
On 07/02/2012 04:53 AM, Norbert Preining wrote:
In short, everything that
starts with
chromium://
Did you mean chrome:// ?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
tags 676142 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 13 Jun 2012 16:29:49 +0200.
The fix will be in the next upload.
=
Fixed FTBFS
tags 676636 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 12 Jun 2012 11:06:24 +0200.
The fix will be in the next upload.
=
Improved
tags 676636 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 11 Jun 2012 16:16:37 +0200.
The fix will be in the next upload.
=
Applied
On 02/06/2012 08:15, shawn wrote:
I noticed this while trying to get this package to build on armel.
Could you patch debian/control and try to build on armel again please?
--- a/debian/control
+++ b/debian/control
@@ -64,7 +64,7 @@ Build-Depends: cdbs,
libxt-dev,
libxtst-dev,
tags 674081 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 28 May 2012 10:41:13 +0200.
The fix will be in the next upload.
=
Support
tags 671994 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 19 May 2012 10:22:05 +0200.
The fix will be in the next upload.
=
Use gcc 4.6
Package: imagemagick
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The original fixes for the ImageMagick issues CVE-2012-0247 and
CVE-2012-0248 are incomplete.
Please see:
http://seclists.org/oss-sec/2012/q1/685
Package: maradns
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It was reported that MaraDNS suffers from a flaw where it is susceptible to
spoofing attacks. Due to an error in the cache update policy, which
does not properly handle revoked domain names, a remote
tags 660159 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sun, 19 Feb 2012 20:18:27 +0100.
The fix will be in the next upload.
=
Remove
On 16/01/2012 09:43, Giuseppe Iuculano wrote:
This is not for libv8, CVE description is wrong, this affects webkit:
http://trac.webkit.org/changeset/93495
Or better, the issue is in the V8 binding source in webkit. We use that
code only in chromium, I will check if stable is affected.
Cheers
tag 654534 patch
thanks
CVE-2011-3892
http://src.chromium.org/viewvc/chrome?view=revrevision=107489
CVE-2011-3893
this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
http://src.chromium.org/viewvc/chrome?view=revrevision=106599
http://src.chromium.org/viewvc/chrome?view=revrevision=106621
Dear Sergiusz,
it seems my reply to your private email didn't convince you, so replying
again on behalf of the Security Team.
Dear Security Team,
CVE-2008-4392 has Candidate status and is being reviewed for almost
three years now, and still must accepted by the CVE Editorial
Board[0].
On 12/10/2011 02:27 PM, gregor herrmann wrote:
Dear maintainer,
I've prepared an NMU for smbind (versioned as 0.4.7-5.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Gregor, thanks for your NMU. Please upload to DELAYED/0
Cheers,
Giuseppe.
Package: libxml2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest chrome updates:
CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a
Hi,
On 09/04/2011 09:20 PM, Raphael Geissert wrote:
NSS now ships modified certs of DigiNotar, their name is Explicitly Disabled
DigiNotar rest of the original CN here
In chromium, for example, if you browse a DigiNotar-signed website and check
the certificate chain you will see the
tags 639733 moreinfo unreproducible
thanks
Hi,
On 08/29/2011 08:43 PM, Laurens Blankers wrote:
Upgrading from 3.0.5+dfsg-1 to 3.2.1+dfsg-1 causes plugin files to be written
to
/usr/share/tinymce
which is partily symlinked from
/usr/share/wordpress/wp-includes/js/tinymce/
this
tags 639126 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 24 Aug 2011 14:25:06 +0200.
The fix will be in the next upload.
=
Fixed
In my case, reinstalling didn't fix the issue (Derbian testing i386)
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: curl
Version: 7.21.6-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please see http://curl.haxx.se/docs/adv_20110623.html
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Hi Antoine,
thanks for the bug report.
On 05/12/2011 06:14 AM, Antoine Beaupré wrote:
But the version in stable is a much more serious issue. I do not think
there is the possbility of maintaining that branch all by ourselves
here, and I would recommend either dropping the package from stable
tags 564853 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sun, 20 Mar 2011 11:11:40 +0100.
The fix will be in the next upload.
=
Fix FTBFS
# [$1000] [74675] High Invalid memory access in v8. Credit to Christian
Holler.
http://code.google.com/p/v8/issues/detail?id=1146
Patch: http://code.google.com/p/v8/source/detail?r=6773
This is CVE-2011-1286
# [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to
Package: libv8
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
chromium 10.0.648.127 fixed the following security issues in libv8:
# [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
Hey Timo,
On 02/09/2011 04:42 PM, Timo Juhani Lindfors wrote:
chrome/common/metrics_helpers.cc:22:20: error: prtime.h: No such file or
directory
Have you installed libnspr4-dev?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi Timo,
On 01/30/2011 01:57 PM, Timo Juhani Lindfors wrote:
the contents of src/v8 seems match what is in libv8. Would it be
possible to avoid compiling src/v8 if chromium-browser is anyway using
external libv8?
yes, the version in squeeze already compiles against libv8.
The next version in
Package: libvpx
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libvpx.
CVE-2010-4489[0]:
| Google Chrome before 8.0.552.215 does not properly handle WebM video,
| which allows remote
Package: pam
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomas Mraz pointed out that pam_namespace PAM module executes external
namespace.init script with an environment settings inherited form the program
or service that has pam_namespace configured.
Package: tomcat6
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for tomcat6.
CVE-2010-4312[0]:
| The default configuration of Apache Tomcat 6.x does not include the
| HTTPOnly flag in a
Package: moon
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for moon.
CVE-2010-4254[0]:
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is
| used, does not properly
Package: eucalyptus
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for eucalyptus.
CVE-2010-3905[0]:
| The password reset feature in the administrator interface for
| Eucalyptus 2.0.0 and
Package: phpmyadmin
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for phpmyadmin.
CVE-2010-4480[0]:
| error.php in PhpMyAdmin 3.3.8.1, and other versions before
| 3.4.0-beta1, allows
Package: libxml2
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libxml2.
CVE-2010-4494[0]:
| Double free vulnerability in Google Chrome before 8.0.552.215 allows
| remote
tags 607240 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Fri, 17 Dec 2010 10:59:01 +0100.
The fix will be in the next upload.
=
Use GPL
tags 602732 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 6 Dec 2010 16:51:02 +0100.
The fix will be in the next upload.
=
Remove
Package: libvpx
Version: 0.9.1-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Christoph Diehl discovered a memory corruption in libvpx.
(see the chromium blog post[0],
[$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.)
On 11/07/2010 10:27 AM, Giuseppe Iuculano wrote:
Patch: https://review.webmproject.org/#change,928
Please also apply the following regression patch:
http://review.webmproject.org/#change,1098
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: libxml2
Version: 2.7.7.dfsg-4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
it was discovered that libxml2 does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.
Patch:
fixed 602609 2.7.8.dfsg-1
thanks
It was fixed in 2.7.8
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
Package: libv8
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libv8.
CVE-2010-3412[0]:
| Race condition in the console implementation in Google Chrome before
| 6.0.472.59 has
On 09/23/2010 06:18 PM, Jérémy Lal wrote:
Thank you Giuseppe,
i'll fix this tonight.
You are welcome. Feel free to ping me if you need a sponsor.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
to
+overwriting arbitrary files. Thanks to Marc Deslauriers and the Ubuntu
+Security team (Closes: #590296)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 05 Sep 2010 15:33:19 +0200
+
wget (1.12-2) unstable; urgency=low
* acknoledge NMUs. Thanks for your work/help Matt and Anthony
diff -Nru
tags 591195 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 1 Sep 2010 23:43:44 +0200.
The fix will be in the next upload.
=
Remove
Package: lynx-cur
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lynx-cur.
CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
|
Package: uzbl
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for uzbl.
CVE-2010-2809[0]:
| The default configuration of the lt;Button2gt; binding in Uzbl before
| 2010.08.05 does not
Package: zabbix
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for zabbix.
CVE-2010-2790[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery
| function in
between lvm2 and clvmd
+(Closes: #591204)
+
+ -- Giuseppe Iuculano iucul...@debian.org Thu, 19 Aug 2010 11:56:07 +0200
+
lvm2 (2.02.66-2) unstable; urgency=medium
* Make libdevmapper1.02.1 depend on dmsetup. libdevmapper needs new enough
diff -Nru lvm2-2.02.66/debian/patches/CVE-2010
On 08/19/2010 12:26 PM, Bastian Blank wrote:
Where does this patch come from? It is not included into the upstream
source this way. As long as this is not known: NACK.
It comes from upstream, I used the essential part of the patch.
Please see:
On 08/19/2010 12:54 PM, Bastian Blank wrote:
Please describe the changes you made. It even differs in the comments.
This only shows the annoncement, the patch is in
https://bugzilla.redhat.com/attachment.cgi?id=434982
It is the same patch without the configure and Makefile stuff (upstream
On 08/19/2010 01:29 PM, Giuseppe Iuculano wrote:
It is the same patch without the configure and Makefile stuff (upstream
added --with-default-run-dir configure argument, I instead hardcoded it
to /var/run/clvmd.sock ). I removed that part to avoid autoreconf
I just noted I forgot
:57.0 +0200
+++ lvm2-2.02.66/debian/changelog 2010-08-19 13:48:52.0 +0200
@@ -1,3 +1,10 @@
+lvm2 (2.02.66-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2010-2526: Also check permission on restart.
+
+ -- Giuseppe Iuculano iucul...@debian.org Thu
On 08/19/2010 02:11 PM, Mehdi Dogguy wrote:
Why two NMUs for a single patch? Can't you drop the first one, fix it and
re-upload?
Because dcut rm --searchdirs lvm2* didn't work, now I'm trying with rm
DELAYED/1-day/libvm2*
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital
On 08/19/2010 03:27 PM, Mehdi Dogguy wrote:
I'm sure dcut cancel $changes_files works :)
oh, it worked, thanks! :-)
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
On 08/19/2010 04:29 PM, Bastian Blank wrote:
Sorry, this is not acceptable. The patch
- differes in comments,
- used path,
- removes autoconf parts without reason, autoreconf is called anyway, and
- is incomplete.
Well, FWIW this is instead acceptable from a NMUer point of view, anyway
this
On 07/11/2010 01:51 AM, Iustin Pop wrote:
I'm not sure I understand what you mean. The jdk is *not* used during
the binary build, except for unittests (if present). The jdk *is* used
during the indep build, for the java part. What do you see here as an
abuse?
Sorry, let me rephrase a bit.
On 07/11/2010 11:45 AM, Julien Cristau wrote:
On Sun, Jul 11, 2010 at 09:05:49 +0200, Giuseppe Iuculano wrote:
If you put openjdk-6 in b-d-i, protobuf can't be built on those archs
that hasn't openjdk-6, and imho this can be considered an FTBFS even if
the binary build works.
No, it can't
On 07/11/2010 12:27 PM, Julien Cristau wrote:
Because there's no requirement anywhere that says arch:all packages need
to be buildable on all architectures.
The binary target must be all that is necessary for the user to build
the binary package(s) produced from this source package.
So I think
On 07/11/2010 12:55 PM, Iustin Pop wrote:
Giuseppe, you didn't answer my other question. Can you confirm the
package builds fine and the java parts work with gcj?
Yes I can.
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
+1,11 @@
+protobuf (2.3.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Build-depends on on default-jdk and set JAVA_HOME to
+/usr/lib/jvm/default-java (Closes: #587732)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat, 10 Jul 2010 18:37:19 +0200
+
protobuf (2.3.0-2) unstable
Hi Iustin,
On 07/10/2010 08:39 PM, Iustin Pop wrote:
I was planning to revert the move of the openjdk-6 from b-d-i to b-d, as
an alternative to depend on default-jdk. The move was done simply to
have 'jar' available during the build time for a few optional unittests
which need it.
I think
Well, since the problem is somewhere in Quesoglc, I built a version of glc
with
debug symbols, to see where exactly the error is. And surprise, that version
worked. The locally rebuilt package without debug symbols also works. Not sure
what exactly is the problem, maybe libglc0 was built on
Since openjdk-6-jdk was available before on those arches, I hoped it
will come back. Do you think it won't?
It wasn't available, protobuf was built in those archs because you had
openjdk-6-jdk in Build-Depends-Indep instead of Build-Depends
Cheers,
Giuseppe.
signature.asc
Description:
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows
Package: lxr
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows remote
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ciao Giacomo,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2010-1448[0]:
| Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR
| Cross
Hi Timo,
On 06/25/2010 05:41 PM, Timo Juhani Lindfors wrote:
version 5.0.375.70~r48679-2 seems to start on openmoko!
I can use the menus but trying to load any page results in a dialog
that shows an error message that can not be copypasted. It says
something about The following page(s) have
On 06/25/2010 06:50 PM, Timo Juhani Lindfors wrote:
Giuseppe Iuculano giuse...@iuculano.it writes:
Could you try version 5.0.375.86~r49890-1 when it will be available in
armel please?
Sure but the blx instructions in libv8 will still be a problem, right?
Yes, please open a bug against
block 581265 by 583826
thanks
On 05/18/2010 10:21 PM, Moritz Muehlenhoff wrote:
The situation has changed a bit: Chromium might still be part of Squeeze.
Guiseppe is currently checking with upstream on the feasibility of a
upstream support lifetime suitable for the lifetime of Squeeze.
On 06/06/2010 06:16 PM, Olivier Berger wrote:
Thanks for caring.
I've tried and fix the most obvious problems reported by lintian and
update the changelog, and have re-uploaded an updated package to
mentors. If you can upload it for me, many thanks in advance.
Best regards,
I've added a
Package: ghostscript
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ghostscript.
CVE-2010-1628[0]:
| Ghostscript 8.64, 8.70, and possibly other versions allows
| context-dependent
Package: phpgroupware
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for phpgroupware.
CVE-2010-0404[0]:
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before
| 0.9.16.016
Package: phpgroupware
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for phpgroupware.
CVE-2010-0403[0]:
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw)
| before
Hi Christian,
On 06/04/2010 11:24 AM, christian bac wrote:
-the unstable version : 1:0.9.16.016+dfsg-1 that is uploaded on
mentors.
do you need a sponsor ?
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
On 06/04/2010 12:44 PM, Olivier Berger wrote:
Here :
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=phpgroupware
Please add the Closes entries for the security bugs and add the source
format (W: phpgroupware source: missing-debian-source-format).
Cheers.
Giuseppe.
tags 581280 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Fri, 4 Jun 2010 13:05:09 +0200.
The fix will be in the next upload.
=
Remove
Package: mysql-dfsg-5.1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mysql-dfsg-5.1.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files
Package: mysql-dfsg-5.0
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mysql-dfsg-5.0.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files
Package: gnustep-base
Version: 1.19.3-3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnustep-base.
CVE-2010-1620[0]:
| Integer overflow in the load_iface function in Tools/gdomap.c
1 - 100 of 388 matches
Mail list logo