tag 654534 patch
thanks
Note patches are available on the CVE pages for these issues:
http://security-tracker.debian.org/tracker/source-package/libav
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
by the Security Team.
+ * Fix CVE-2011-4516 and CVE-2011-4517: two buffer overflow issues possibly
+exploitable via specially crafted input files (closes: #652649).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Tue, 03 Jan 2012 14:58:11 -0500
+
jasper (1.900.1-12) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Support libc multiarch include file path (closes: bug #650654).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Sun, 01 Jan 2012 13:01:50 -0500
+
wine (1.0.1-3.4) unstable; urgency=low
* Non-maintainer upload.
diff -u wine-1.0.1/debian/rules wine-1.0.1
On Mon, Jan 2, 2012 at 12:33 PM, Jakub Wilk wrote:
* Michael Gilbert 2012-01-02, 11:22:
diff -u wine-1.0.1/debian/rules wine-1.0.1/debian/rules
--- wine-1.0.1/debian/rules
+++ wine-1.0.1/debian/rules
@@ -13,6 +13,7 @@
else
CFLAGS=-O2 -g
endif
+CFLAGS+=-I/usr/include/$(shell dpkg
On Sun, Jan 1, 2012 at 9:31 AM, Jonathan Wiltshire wrote:
tag 653877 + moreinfo
thanks
On Sat, Dec 31, 2011 at 04:36:19PM -0500, Michael Gilbert wrote:
package: replaceit
version: 1.0.0-5
severity: serious
According to the replaceit LICENSE file, this software needs to abide
package: replaceit
version: 1.0.0-5
severity: serious
According to the replaceit LICENSE file, this software needs to abide
by the following restriction: Redistributions are made at no charge
beyond the reasonable cost of materials and delivery. This seems to
be non-free as reasonable could be
On Thu, Dec 22, 2011 at 11:54 AM, Tyler Hicks tyhi...@canonical.com wrote:
Package: t1lib
Version: 5.1.2-3
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
On Thu, Dec 22, 2011 at 4:22 PM, Kurt Seifried wrote:
Sent this to the bug, not sure if it went through, sending to you two
manually to make sure you see it.
More info on those CVE's is available at:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1552
severity 650699 normal
thanks
On Thu, Dec 1, 2011 at 11:24 PM, lina wrote:
Source: fglrx-driver
Version: 11-11-3
Severity: serious
Tags: upstream
Justification: serious
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* Failure to enter into the
forcemerge 641873 647576
thanks
Can you read the pdf in
http://portal.gsdi.org/files/?artifact_id=940
No, and you've already submitted #646223 about this, which had already
been submitted in #641873. Please try to avoid cluttering the BTS
like this.
--
To UNSUBSCRIBE, email to
On Fri, Nov 4, 2011 at 7:57 PM wrote:
All
I
Know
is
that
after many years of being able to use this package,
it is now broken
and you folks are calmly issuing new versions of a broken package.
You're currentlyusing a release that is called unstable. Thus, it
should not be so surprising
On Fri, Nov 4, 2011 at 9:20 PM, wrote:
MG it along by debugging font loading on these problematic pdfs. I just
There is no debug option, and strace just gives a mess. All I know is
$ pdffonts $@
Try gdb:
http://www.cs.cmu.edu/~gilpin/tutorial/
All I know is previous debian xpdf versions
On Fri, Nov 4, 2011 at 8:48 AM, Tom Marble wrote:
It's a shame because this means, among other things, that we cannot
enjoy Gnome 3 completely.
I'm not sure if this is common knowledge yet, but the free ati driver
(including 3d and desktop compositing support) has come a *long* way
since the
On Fri, Nov 4, 2011 at 9:50 PM, wrote:
Derek, I have a recommendation,
there should be a way or a flag to print errors to the calling shell
when there are font problems.
The user should not need to use gdb to figure out why.
Thanks.
Of course users do not normally need to learn gdb, but
found 639875 1:11-10-1
thanks
Does AMD know about this?
Who knows? You can send a message to their support form asking the
question, but it's highly doubtful that they'll respond:
http://emailcustomercare.amd.com/
Best wishes,
Mike
--
To UNSUBSCRIBE, email to
On Fri, Oct 28, 2011 at 9:20 AM, Mehdi Dogguy wrote:
Package: mplayer2
Version: 2.0-134-g84d8671-8
Severity: grave
Tags: security
Justification: user security hole
Please see:
http://www.openwall.com/lists/oss-security/2011/10/14/1
I've been given a patch that fixes it, but it needs to be made to the BIND
sources that are in the tarball that gets unpacked at build time, so I don't
have a good way of applying the patch during the build. I think I'm stuck
resolving this bug until you make a new release that includes the
tag 643470 patch
thanks
I've created a patch that addresses all of the unused-but-set-variable
issues. See attached.
Best wishes,
Mike
--- isc-dhcp-4.2.2.orig/dst/prandom.c
+++ isc-dhcp-4.2.2/dst/prandom.c
@@ -694,7 +694,6 @@
{
int dir = 0, b;
int bytes, n, cmd = 0, dig = 0;
- int start
Josh Triplett wrote:
Package: gnome-screensaver
Version: 3.0.1-1
Severity: grave
Tags: security
I upgraded gnome-screensaver, and it stopped locking the screen when I
close the lid of my laptop. It now only locks if I explicitly lock the
screen (ctrl-alt-L), or after some timeout (on
Josh Triplett wrote:
The screen does not *have* to be locked, no. The user may choose to
have the screen locked (which to the best of my knowledge represents the
default configuration for gnome-screensaver/gnome-power-manager). If
the user *does* choose such a configuration, then a
package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch
A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].
I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I
forcemerge 641873 645108
thanks
jida...@jidanni.org wrote:
X-Debbugs-Cc: der...@glyphandcog.com
Package: xpdf
Version: 3.03-5
Help,
http://portal.gsdi.org/files/?artifact_id=928
has become unreadable. The sidebar content is fine though.
Please check existing bug reports before
severity 641873 serious
tag 641873 help
thanks
I'm not very happy about this regression, and I don't want it making
it's way into testing, so I'm making this an RC issue.
Also, I don't foresee having enough time to work on this for a while,
so I'm looking for help; primarily in the form of
On Tue, 6 Sep 2011 16:08:29 +0200 Vincent Lefevre wrote:
On 2011-09-06 14:05:59 +0200, Chung-chieh Shan wrote:
No, we should not assume that TMPDIR is set by a malicious agent; that
is possible but it is also possible that TMPDIR is set by a friendly
agent whose goal is to increase the
On Sun, 4 Sep 2011 19:26:47 -0500 Jonathan Nieder wrote:
(-cc: bug#640389; +cc: bug#635849)
Michael Gilbert wrote:
Jonathan Nieder wrote:
[1] The crux in bug #635849 is that if the user is allowed to
influence TMPDIR or the template argument then the filename returned
by tempfile
On Sun, 4 Sep 2011 00:14:47 +0200 gregor herrmann wrote:
tags 619243 + patch
tags 619243 + pending
thanks
Dear maintainer,
I've prepared an NMU for protoaculous (versioned as 3+nmu2) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Hi,
Looks good
Jonathan Nieder wrote:
Hi,
Vincent Lefevre wrote:
--- /usr/bin/xpdf 2011-07-28 06:29:44.0 +0200
+++ xpdf2011-07-29 16:36:38.0 +0200
@@ -78,7 +78,7 @@
elif [ $cat = cat ]; then
$cmd -title $title $file $pages
else
-tmp=$(tempfile -p $(basename
severity 640087 important
tag 640087 unreproducible , moreinfo
thanks
hi,
i can't reproduce this with 3.03-2:
$ pdftk hello.pdf output test.pdf user_pw test
$ xpdf -upw test test.pdf
[ok]
$ xpdf.real -upw test test.pdf
[ok]
can you retest?
thanks,
Mike
--
To UNSUBSCRIBE, email to
Jonathan Nieder wrote:
Michael Gilbert wrote:
If the attacker
has control of /tmp and all can generate any file name permutation in
time to get his malicious version in place of the intended one, then
the real issue is that tmpfile's file name generation is weak, and the
problem
On Sun, 28 Aug 2011 16:44:48 +0100 Jonathan Wiltshire wrote:
Package: xpdf
Followup-For: Bug #635849
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious
Michael Biebl wrote:
tags 638689 moreinfo
thanks
Am 21.08.2011 06:31, schrieb Michael Gilbert:
package: evince
version: 2.30.0-1
severity: serious
tag: patch
evince currently ftbfs. The attached patch explicitly passes -lz to
the linker, which fixes the issue.
Builds fine
hartm...@debian.org wrote:
tags 619031 + patch
tags 619031 + pending
thanks
Dear maintainer,
I've prepared an NMU for protoaculous (versioned as 3+nmu1) and
uploaded it to DELAYED/4. Please feel free to tell me if I
should delay it longer.
Regards.
diff -Nru
Vincent Lefevre wrote:
tags 635849 patch
thanks
On 2011-07-29 23:22:24 +0900, Osamu Aoki wrote:
Can any of you who seems to know bettwer on this subject propse good
solution while keeping major part of this feature. Other wise we get
bug report for breaking backward comparibility
On Wed, 06 Jul 2011 06:54:52 +0200 Michael Biebl wrote:
Hi,
Am 04.07.2011 01:28, schrieb Michael Biebl:
I've just uploaded poppler 0.16.7-2 to unstable. That means your package
will
ftbfs now. Thus bumping the severity.
I've uploaded an NMU to DELAYED/5.. Please let me know if you
forcemerge 594065 628591
thanks
please check your expat version, which i think is the cause of this
problem, but haven't gotten an sufficient user response yet.
thanks,
mike
On Mon, May 30, 2011 at 10:14 AM, Lionel Elie Mamane wrote:
notfound 628591 3.02-2
found 628591 3.02-9
thanks
On
package: libxml2
version: 2.7.8.dfsg-2
severity: serious
tag: security
some overflow issues were disclosed for libxml2. see:
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
best wishes,
mike
--
To UNSUBSCRIBE, email to
package: debsecan
version: 0.4.14
severity: serious
tag: patch
VersionCompare is no longer available in python-apt as of version 0.8
which is now in unstable, so debsecan always crashes. here is a patch
that fixes that.
best wishes,
mike
--- debsecan 2010-03-07 10:52:24.0 -0500
+++
package: krb5
version: 1.9+dfsg-1
severity: serious
tags: security
another advisory has been issued for kerberos:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
best wishes,
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
-maintainer upload.
+ * Fix cve-2011-0997: remote code execution vulnerability in dhclient
+(closes: #621099).
+ * Fix ftbfs with 'ld --no-as-needed' (closes: #602312).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Sat, 09 Apr 2011 10:57:14 -0400
+
isc-dhcp (4.1.1-P1-16) unstable; urgency
package: krb5
version: 1.8.3+dfsg-4
severity: serious
tags: security
an new security advisory for krb5 has been issued:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
package: busybox-udeb
version: 1:1.17.1-10
severity: grave
Hi, testing is currently uninstallable since debootstrap (as of 1.0.28)
no longer uses md5 for integrity checks. It can make use of various
shaXYZsum instead. I think providing sha1sum should be sufficient, but
it may make sense to
On Sat, 26 Feb 2011 11:29:06 +0100 Aurelien Jarno wrote:
On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote:
package: eglibc
version: 2.11.2-10
severity: grave
tag: security
A memory corruption issue has been disclosed for eglibc [0]. I've
checked, and lenny (glibc
Hi,
Are you working on an updated squeeze package for this? If not, I'll
prepare one for a DSA since the patch is fairly straightforward.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
package: fluxbox
version: 1.3.0-1
severity: serious
Hey Paultag ;)
Looks like some of the fluxbox themes have non-free licenses. For
example: data/styles/ostrich/theme.cfg. See [0] for more discussion
too.
[0]http://lists.fedoraproject.org/pipermail/legal/2011-February/001560.html
--
To
package: eglibc
version: 2.11.2-10
severity: grave
tag: security
A memory corruption issue has been disclosed for eglibc [0]. I've
checked, and lenny (glibc), squeeze, and sid are affected by the poc.
experimental is not. According to the report, this permits arbitrary
code execution.
[0]
package: debootstrap
version: 1.0.26
severity: serious
this is already in discussion on -devel, but i figure its worth a bug
report for tracking purposes. sid and wheezy can't be bootstrapped
anymore since their release files lack md5sums.
best wishes,
mike
--
To UNSUBSCRIBE, email to
Note that a new CVE id (CVE-2011-0536) has been assigned for a
vulnerability introduced by the patches for cve-2010-3847 [0]. It
sounds like this affects the recent DSAs. Please take a look at the
code and figure out what needs to be done to resolve these three
issues: CVE-2010-3847,
reopen 600667
thanks
Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed. The original fix in
-7 may have
On Thu, 23 Dec 2010 17:28:01 +0100, Julien Cristau wrote:
On Wed, Dec 22, 2010 at 15:40:55 +, Jonathan Wiltshire wrote:
This patch has come from two upstream commits to fix the CVE and the
debdiff for an nmu is attached. If it's ok with you, I'll go ahead with if
the maintainer hasn't
On Thu, Dec 23, 2010 at 5:14 PM, Jonas Smedegaard wrote:
Hi Julien,
On Thu, Dec 23, 2010 at 10:34:50PM +0100, Julien Cristau wrote:
On Fri, Dec 17, 2010 at 20:15:19 -0500, Michael Gilbert wrote:
On Sun, Dec 12, 2010 at 3:31 PM, Michael Gilbert wrote:
On Fri, Dec 10, 2010 at 11:03 PM
package: pcsc-lite
version: 1.4.102-1+lenny3
severity: serious
tags: security
an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
package: ccid
version: 1.3.8-1
severity: serious
tags: security
an advisory has been issued for the pcsc-lite ccid driver:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
i have checked that the vulnerable code is present in both lenny and
sid.
severity 607497 important
fixed 607497 0.2.7-1.1
thanks
On Sun, 19 Dec 2010 04:05:00 +0100 Witold Baryluk wrote:
Package: midori
Version: 0.2.7-1.1
Severity: grave
Tags: security squeeze
Justification: user security hole
Simple example
Go to https://turtle.libre.fm/
(this site have
I am 100% certain that this code is not present in the generated object
code, and don't need further assurance of that:
$ nm -D /usr/bin/ssh /usr/sbin/sshd | grep jpake
$
OK, good enough for me. Thanks!
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
On Sun, Dec 12, 2010 at 3:31 PM, Michael Gilbert wrote:
On Fri, Dec 10, 2010 at 11:03 PM, Jonas Smedegaard wrote:
Please do push your changes and prepare a release for unstable. That
release will not be an NMU, though, but a real release by our team,
including you!
I created a new branch
reopen 606922
thanks
That's correct. It's disabled upstream and we haven't enabled it. I
have no intention of enabling it until upstream say it's OK to do so
(which will probably consist of enabling it by default).
Here's the upstream commit message:
- d...@cvs.openbsd.org 2010/09/20
tag 606922 patch
thanks
On Fri, Dec 17, 2010 at 12:53 AM, Russ Allbery wrote:
Michael Gilbert michael.s.gilb...@gmail.com writes:
I apologize ahead of time for the bts ping pong, but according to the
build log (which is where I checked for my original bug report) jpake
is indeed built
On Fri, Dec 10, 2010 at 11:03 PM, Jonas Smedegaard wrote:
Please do push your changes and prepare a release for unstable. That
release will not be an NMU, though, but a real release by our team,
including you!
I created a new branch and pushed it to git called 8.71-dfsg2-7.
Please review and
Package: openssh
Version: 1:5.5p1-5
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openssh.
CVE-2010-4478[0]:
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly
| validate the public parameters in the J-PAKE
On Fri, 10 Dec 2010 19:45:18 +0100, Moritz Muehlenhoff wrote:
On Thu, Dec 09, 2010 at 10:48:46PM -0500, Michael Gilbert wrote:
I've isolated and applied the patches needed to fix CVE-2010-2055 in
ghostscript. See attached debdiff.
Would anyone be so kind to sponsor this? The package
On Fri, 10 Dec 2010 21:24:57 +0100, Jonas Smedegaard wrote:
On Fri, Dec 10, 2010 at 07:45:18PM +0100, Moritz Muehlenhoff wrote:
On Thu, Dec 09, 2010 at 10:48:46PM -0500, Michael Gilbert wrote:
I've isolated and applied the patches needed to fix CVE-2010-2055 in
ghostscript. See attached
On Fri, 10 Dec 2010 23:19:19 +0100, Jonas Smedegaard wrote:
Seems you are interested, then. Great!
Yes.
You probably requested to join the ghostscript project. Confusingly
that's not relevant: ghostscript git is hosted in the collab-maint
project. Please request membership of that (if
On Fri, Dec 10, 2010 at 8:18 PM, Jonas Smedegaard wrote:
On Fri, Dec 10, 2010 at 05:35:57PM -0500, Michael Gilbert wrote:
On Fri, 10 Dec 2010 23:19:19 +0100, Jonas Smedegaard wrote:
Seems you are interested, then. Great!
Yes.
You probably requested to join the ghostscript project
I've isolated and applied the patches needed to fix CVE-2010-2055 in
ghostscript. See attached debdiff.
Would anyone be so kind to sponsor this? The package is at:
http://mentors.debian.net/debian/pool/main/g/ghostscript/
Mike
ghostscript.debdiff
Description: Binary data
On Thu, 02 Dec 2010 09:17:30 +0100, Goswin von Brederlow wrote:
Michael Gilbert michael.s.gilb...@gmail.com writes:
tag 605218 patch
thanks
On Wed, Dec 1, 2010 at 4:34 PM, Julien Cristau wrote:
On Wed, Dec  1, 2010 at 16:18:54 -0500, Michael Gilbert wrote:
Since ia32-libs
Since ia32-libs-workaround-499043 is a third-party package, this really
isn't Debian's problem. I think that the bug can be safely closed. In
the meantime, this discussion can serve as a record for anyone else who
may have installed the rogue package and run into the problem.
Mike
--
To
I wonder if this bug can be downgraded (or marked squeeze-ignore).
The weaknesses of MD5 are well-known, and support for it should be
deprecated, but I don't think that needs to be done for squeeze.
Post-squeeze, the solution should fail for md5 signatures by default.
It should require an
tag 605218 patch
thanks
On Wed, Dec 1, 2010 at 4:34 PM, Julien Cristau wrote:
On Wed, Dec 1, 2010 at 16:18:54 -0500, Michael Gilbert wrote:
Since ia32-libs-workaround-499043 is a third-party package, this really
isn't Debian's problem. I think that the bug can be safely closed
package: krb5
version: 1.8.3+dfsg-2
severity: serious
tags: security
Multiple issues have been disclosed for krb5. See:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
This likely also affects lenny, but I haven't checked. Please work
with the security team to issue a DSA.
On Sat, 27 Nov 2010 11:54:52 +0100 Jonas Smedegaard wrote:
Hi Michael,
On Fri, Nov 26, 2010 at 10:43:56PM -0500, Michael Gilbert wrote:
If I'm reading this discussion right, you expect someone else to apply
the attached patches and then assume responsibility for the entire
package since
If I'm reading this discussion right, you expect someone else to apply
the attached patches and then assume responsibility for the entire
package since you're unwilling maintain it if it has any more patches?
That seems a bit extreme, but I will take a look at doing so when I
find some time. It
package: nvidia-graphics-drivers
version: 195.36.24-4
severity: grave
Hi,
After the call for upgrade testing, I just did a lenny-to-squeeze
test on an old system of mine. The nvidia-*-legacy-96xx kernel module
and glx were installed under lenny (to support an old nvidia card that
none of the
On Wed, 17 Nov 2010 21:29:03 -0500 Michael Gilbert wrote:
During the dist-upgrade (section 4.5.6), a lot of xorg drivers and
xorg itself ended up getting removed. After the dist-upgrade, I
manually installed xorg, which removed nvidia-glx-legacy-96xx. After
that X still wouldn't work since I
On Wed, 17 Nov 2010 18:44:41 -0800 Russ Allbery wrote:
reassign 603878 nvidia-graphics-drivers-legacy-96xx
found 603878 nvidia-graphics-drivers-legacy-96xx/96.43.07-2
fixed 603878 nvidia-graphics-drivers-legacy-96xx/96.43.18-1
close 603878
thanks
Michael Gilbert michael.s.gilb
Package: proftpd-dfsg
Version: 1.3.1-17lenny4
Severity: grave
Tags: security , patch
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for proftpd-dfsg.
CVE-2010-4221[0]:
| Multiple stack-based buffer overflows in the pr_netio_telnet_gets
| function in netio.c in ProFTPD
Package: yui
Version: 2.5.0-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for yui.
CVE-2010-4207[0]:
| Cross-site scripting (XSS) vulnerability in the Flash component
| infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla,
package: libvdpau
version: 0.4-5
severity: grave
libvdpau ftbfs on amd64 since its missing a build-depends on
ia32-libs-dev.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
tag 603220 patch
thanks
attached is a debdiff that fixes this.
mike
libvdpau.debdiff
Description: Binary data
fixed 602779 1:10-9-3
severity 602779 grave
thanks
This is solved with 1:10-9-3, but it has not been migrated to testing, yet
increase the severity since this does leave the driver unusable. we
need the new ia32libs to migrate to testing, but that may not happen
(see discussion on
On Mon, 8 Nov 2010 16:36:36 +0100, Julien Cristau wrote:
On Mon, Nov 8, 2010 at 10:16:49 -0500, Michael Gilbert wrote:
fixed 602779 1:10-9-3
severity 602779 grave
thanks
This is solved with 1:10-9-3, but it has not been migrated to testing, yet
increase the severity since
package: wine
severity: serious
version: 1.0.1-3
wine ftbfs due to missing freetype dependency on amd64. this is due
ia32-libs headers getting moved to the ia32-libs-dev package.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
maintainable
and supported then the version in Lenny.
Still, there's no followup from the maintainers since a week.
I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after
having worked on getting many CVEs handled upstream. Michael Gilbert
also worked on a few
severity 601326 important
thanks
On Tue, 26 Oct 2010 13:04:35 +0200 (CEST), kA kA wrote:
Thanx for that quick reaction.
Sorry for the following misunderstanding: I did not upgrade fglrx-driver but
only upgrade my installation from lenny to squeeze.
Meanwhile, I have now completely switched
package: kfreebsd-7
version: 7.3-7
severity: serious
tags: security
another freebsd privilege escalation has been disclosed:
http://www.exploit-db.com/exploits/15206/
this seems different than the recent CVE advisories. i haven't
checked any of this, but they claim 7.0-7.2 are affected and
On Thu, 21 Oct 2010 19:36:04 +0200, Aurelien Jarno wrote:
On Mon, Oct 18, 2010 at 06:58:45PM -0400, Michael Gilbert wrote:
package: eglibc
version: 2.11.2-6
severity: grave
tag: patch
an issue has been disclosed in eglibc. see:
http://seclists.org/fulldisclosure/2010/Oct/257
Package: openjdk-6-jre-lib
Version: 6b18-1.8.2-1
Severity: serious
openjdk-6-jre-lib is currently not removeable on sid. this may be
because openjdk-6-jre-headless depends on openjdk-6-jre-lib
(= ${source:Version} and openjdk-6-jre-lib depends on
openjdk-6-jre-headless (= ${base:Version}). i
package: eglibc
version: 2.11.2-6
severity: grave
tag: patch
an issue has been disclosed in eglibc. see:
http://seclists.org/fulldisclosure/2010/Oct/257
patch available:
http://sourceware.org/ml/libc-hacker/2010-10/msg7.html
best wishes,
mike
--
To UNSUBSCRIBE, email to
On Wed, 22 Sep 2010 16:35:29 -0700 Sean Kellogg wrote:
I still have a FTBFS problem with this update.
When doing the dkms thing with the new package it first reported:
Error! Your kernel headers for kernel amd64 cannot be found at
/lib/modules/amd64/build or
I still have a FTBFS problem with this update.
When doing the dkms thing with the new package it first reported:
Error! Your kernel headers for kernel amd64 cannot be found at
/lib/modules/amd64/build or /lib/modules/amd64/source.
[...]
make
severity 597783 grave
thanks
On Thu, 23 Sep 2010 01:00:38 +0200 Michel Casabona wrote:
Package: fglrx-source
Version: 1:10-9-2
Severity: normal
Hi,
Thanks for the fix to #597478. However the module fails to build using a
locally built kernel because there is no file
On Wed, 22 Sep 2010 21:42:45 -0500 Chris Lawrence wrote:
Package: fglrx-source
Version: 1:10-9-2
Severity: normal
I am experiencing the same problem with fglrx-source 1:10-9-2; here's
the log from my build using module-assistant:
=== LOG SNIPPET BEGINS ===
Extracting the package
Thanks for caring about Qt4. Sadly, buildds running out of space is
something that happens often and filing bugs about this issue is not
useful given there is nothing that can be done from the maintainers.
this build failure is holding up migration of a security fix to
testing. the
On Mon, 20 Sep 2010 17:22:07 +0200, Patrick Matthäi wrote:
Am 20.09.2010 05:19, schrieb Michael Gilbert:
On Sun, 19 Sep 2010 23:02:18 -0400 Michael Gilbert wrote:
package: fglrx-modules-dkms
version: 1:10-9-1
severity: grave
tags: pending
due to a function rename, the kernel
On Mon, 20 Sep 2010 18:51:16 -0400 Jon wrote:
Package: linux-2.6
Version: 2.6.32-23
Justification: root security hole
Severity: critical
Tags: security
The changelog says the CVE-2010-3301 was fixed in this update:
* x86-64, compat (CVE-2010-3301):
- Retruncate rax after ia32
package: qt4-x11
version: 4:4.6.3-2
severity: grave
https://buildd.debian.org/fetch.cgi?pkg=qt4-x11ver=4:4.6.3-2arch=s390stamp=1283800739file=log
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
forcemerge 584653 595701
thanks
On Fri, 17 Sep 2010 13:16:38 +0200 Didier 'OdyX' Raboud wrote:
Hi Michael,
Isn't this CVE-2010-2055 a duplicate of the RC bugs #584653 #584663 ?
yes, it appears so. thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
package: fglrx-modules-dkms
version: 1:10-9-1
severity: grave
tags: pending
due to a function rename, the kernel module now fails to build on
amd64:
CC [M] /var/lib/dkms/fglrx/10-9/build/kcl_ioctl.o
/var/lib/dkms/fglrx/10-9/build/kcl_ioctl.c: In function
‘KCL_IOCTL_AllocUserSpace32’:
On Sun, 19 Sep 2010 23:02:18 -0400 Michael Gilbert wrote:
package: fglrx-modules-dkms
version: 1:10-9-1
severity: grave
tags: pending
due to a function rename, the kernel module now fails to build on
amd64:
CC [M] /var/lib/dkms/fglrx/10-9/build/kcl_ioctl.o
/var/lib/dkms/fglrx
On Mon, 13 Sep 2010 14:32:25 +, Alexander Kurtz wrote:
Source: webkit
Version: 1.2.4-1
Severity: serious
Hi,
webkit 1.2.4-1 FTBFS on mipsel[1] with this error:
[...]
/bin/mkdir -p ./.deps/DerivedSources
CXXLD libJavaScriptCore.la
CXXLD
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: rm
Severity: normal
Please remove fluxconf from unstable. It has a critical bug, and it
hasn't been updated in a year and a half. See bug #592804 for more
details.
Thanks,
Mike
--
To UNSUBSCRIBE, email to
601 - 700 of 1088 matches
Mail list logo
