Package: rss2email
Version: 1:2.60-1
Severity: grave
Although there is code in rss2email.py for locking the feeds.dat file
in which all the state information is stored, this is never used on
Debian systems, only on SunOS/Solaris:
,
| unix = 0
| try:
| import fcntl
| if sys.ver
Package: dh-make-perl
Version: 0.24
Severity: serious
Tags: patch
When trying to create a .deb from DateTime-Format-ISO8601-0.0403,
dh-make-perl put the following line into debian/control:
Build-Depends-Indep: 5.8.8-6.1
>From looking at an older version of dh-make-perl, I guessed that
something
Package: dokuwiki
Version: 0.0.20060309-3
Severity: critical
Another security flaw that I was informed about through freshmeat.
Cheers,
-Hilko
Start of forwarded message
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [fmII] Privilege Escalati
Package: dokuwiki
Severity: critical
I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.
Cheers,
-Hilko
Start of forwarded message
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [
close 366947
thank you
The project module is not part of the Drupal core distribution and
thus not of the package.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Joey Hess <[EMAIL PROTECTED]> writes:
> Hilko Bengen wrote:
>> Do you have anything wxgtk2.4/python related installed? I remember
>> that in earlier versions of my package there was a bug related to
>> that.
>
> ii libwxgtk2.4 2.4.3.1
Joey Hess <[EMAIL PROTECTED]> writes:
> Package: ipodder
> Version: 2.1.9-4
> Severity: serious
>
> [EMAIL PROTECTED]:~>ipodder
> Traceback (most recent call last):
> File "/usr/share/ipodder/iPodderGui.py", line 44, in ?
> import gui.iPodderWindows
> File "/usr/share/ipodder/gui/iPodderWi
I have been able to reproduce this bug in a simpler setting. Calling
aptitude with an up-to-date package list, I immediately started the
upgrade ("U", "g"), exited the Preview buffer ("q"), and updated the
package lists again ("u"). Segmentation fault.
I have uploaded the resulting core file core.
I have been able to reproduce this bug in a simpler setting. Calling
aptitude with an up-to-date package list, I immediately started the
upgrade ("U", "g"), exited the Preview buffer ("q"), and updated the
package lists again ("u"). Segmentation fault.
I have uploaded the resulting core file core.
Package: aptitude
Version: 0.4.1-1
Severity: grave
When trying to update the packages list (pressing "u" in the GUI)
today, I got this warning:
,
| W: GPG error: http://ftp.de.debian.org sid Release: The following signatures
couldn't be verified because the public key is not available: NO_PU
Moritz Muehlenhoff <[EMAIL PROTECTED]> writes:
> Hilko Bengen wrote:
>> Thijs Kinkhorst <[EMAIL PROTECTED]> writes:
>>
>> > If/when I'll upload to unstable I'll orphan the package, unless Hilko
>> > wants to keep on maintaining it for now
Joe Wreschnig <[EMAIL PROTECTED]> writes:
> This package contains a version of Mark Pilgrim's Universal Feed Parser,
> without a proper license [0]. On December 28th, a relicensed (and
> updated) version of feedparser was uploaded in the python-feedparser
> package.
I have noticed the package and
Thijs Kinkhorst <[EMAIL PROTECTED]> writes:
> If/when I'll upload to unstable I'll orphan the package, unless Hilko
> wants to keep on maintaining it for now.
Have said vulnerabilities been fixed in 0.19.4? If yes, I suppose I
could do a quick uploead for unstable.
No, I do not want to keep main
Package: drupal
Version: 4.5.6-1
Severity: critical
Tags: pending
The valid_input_data function was removed, but some modules still use
it. I will provide an updated package as soon as a patch is available.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Florian Weimer <[EMAIL PROTECTED]> writes:
>> db_query uses sprintf to replace placeholder expressions if passed
>> more than one argument and it seems to me that using %s does the
>> same thing as PHP's string expansion as in 4.5.3.
>
> What about SQL injection? Doesn't db_query protect against i
notfound 336719 4.5.3-4
thank you
"Matthew A. Nicholson" <[EMAIL PROTECTED]> writes:
> I don't use 4.5.3, I use 4.5.5. I can download 4.5.3 and compare the
> source changes, but I don't use it and it's not an option for me to test
> with it. Give me a few hours and i'll get back to you. :)
The current version in sarge (w/ security updates) is 4.5.3-4 and from
looking at upstream's CVS tree, it appears to me as if the bug leading
to the security vulnerability was introduced _after_ 4.5.3.
Can you confirm that this bug exists in 4.5.3-4?
Moreover, merging the PostgreSQL-related issue
Thijs Kinkhorst <[EMAIL PROTECTED]> writes:
> Hello,
>
> On Thu, 29 Sep 2005, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
>> mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
>> the latest DSA upload that fixed several others:
>>
>> - 0006097: [security] user ID is cach
tags 325141 unreproducible
severity 325141 normal
thank you
Klemens Kasemaa <[EMAIL PROTECTED]> writes:
>> With a fresh installation, I could very well sign up and login
>> afterwards. Thus, for me the bug, as it was reported, is not
>> reproducible.
>
> problem is described here:
> http://www.ma
Klemens Kasemaa <[EMAIL PROTECTED]> writes:
> Package: mantis
> Version: 0.19.2-4
> Severity: grave
> Tags: patch
> Justification: renders package unusable
Please describe what you tried, what reaction you'd expect from Mantis
and what you got.
With a fresh installation, I could very well sign u
Aleksey I Zavilohin <[EMAIL PROTECTED]> writes:
> Hmm, where fix in stable? I think you can`t upload new version in
> sarge. Maybe need contact with Security Team?
I have done that. Alas, there hasn't been any response yet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsub
Package: fakeroot
Version: 1.4
Severity: grave
As of version 1.4, fakeroot gives me an interactive /bin/sh before
executing the command given on the command line:
,
| $ fakeroot debian/rules clean
| sh-3.00$ exit
| dh_testdir
| dh_testroot
| dh_clean
| [...]
`
After downgrading to 1.2.1
Package: drupal
Version: 4.5.2-0
Severity: critical
Tags: security, sarge
John Goerzen <[EMAIL PROTECTED]> writes:
> On Fri, Jun 03, 2005 at 10:56:47AM +0200, Hilko Bengen wrote:
>> Steve Langasek <[EMAIL PROTECTED]> writes:
>>
>> So, you are not accepting my dr
Package: python-4suite
Version: 0.99cvs20041008-5
Severity: grave
The output pretty much says it all:
Setting up python-4suite-doc (0.99cvs20041008-5) ...
cannot create dhelp file '/usr/share/doc/python-4suite-doc/html/.dhelp': No
such file or directory
dpkg: error processing python-4suite-doc (
Package: python-4suite
Version: 0.99cvs20041008-5
Severity: grave
The output pretty much says it all:
Setting up python-4suite-doc (0.99cvs20041008-5) ...
cannot create dhelp file '/usr/share/doc/python-4suite-doc/html/.dhelp': No
such file or directory
dpkg: error processing python-4suite-doc (
Apparently, bash's line number count is confused by the <
severity 292647 important
thanks
Same reason as for #292887: "drupal was not included in woody, so this
upgrade issue is not RC for sarge."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mark Robinson <[EMAIL PROTECTED]> writes:
> Package: drupal
> Version: 4.5.1-1
> Severity: serious
> Justification: Policy 10.7.3
Sorry, I don't fully understand your bug report. I guess that you
think there's something wrong with the way /etc/drupal/conf.php is
handled.
> Fatal error: Table 'dr
401 - 428 of 428 matches
Mail list logo
