package: webkit
version: 1.2.4-1
severity: grave
the amd64 package is currently uninstallable due to dependency on gtk2 = 2.21,
but only version 2.20 is available in unstable. the package was probably built
in the wrong environment again:
$ sudo apt-get install libwebkit-1.0-2
Reading
symlink in lib64bz2-1.0 also (closes: #594733).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Mon, 06 Sep 2010 14:17:57 -0400
+
bzip2 (1.0.5-5) unstable; urgency=low
* Provide missing symlink in lib32bz2-1.0
diff -u bzip2-1.0.5/debian/rules bzip2-1.0.5/debian/rules
--- bzip2-1.0.5/debian
Package: ghostscript
Version: 8.71~dfsg2-6
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for ghostscript. There are a bunch of upstream patches for
this [1]. Marking the bug as serious for now since the issue should be
fixed before
.
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Sun, 05 Sep 2010 20:28:57 -0400
+
virtualbox-ose (3.2.8-dfsg-1) unstable; urgency=low
* New upstream release. (LP: #614697)
diff -u virtualbox-ose-3.2.8-dfsg/debian/patches/18-system-xorg.patch virtualbox-ose-3.2.8-dfsg/debian/patches/18-system
Package: mantis
Version: 1.1.8+dfsg-5
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mantis. After a quick search, I couldn't find enough info
to be able to check whether this affects older versions. Please check.
On Sat, 04 Sep 2010 20:53:33 +0200 sils wrote:
version 595510 1.2.x
forwarded 595510 http://www.mantisbt.org/bugs/view.php?id=12312
thanks
according to that bug report the issue is actually in nusoap. i see
that mantis already depends on that. if you are completely sure that
mantis doesn't
reopen 509287
thanks
I forgot to close the bug previously.
We collected many information and it comes out that the
software was intendet to be distributed freely.
intention is not sufficient. the license itself as written must be
interpretable as dfsg-free. i think the package needs to
On Tue, 31 Aug 2010 14:19:51 -0400, Stephen van Egmond wrote:
On a practical level this issue is a colossal waste of time. We have
established:
debian isn't solely guided by practicality, but instead by more
fundamentally interesting principles.
1) The package is useful
2) The identity of
-u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,9 @@
+bzip2 (1.0.5-4ubuntu1) maverick; urgency=low
+
+ * Provide missing symlink in lib32bz2 (closes #XX).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com
On Mon, 23 Aug 2010 13:55:54 +0100, Eric S Fraga wrote:
Package: xpdf
Version: 3.02-9
Severity: grave
Justification: renders package unusable
Attempting to start xpdf with any PDF document gives the error message:
$ xpdf opt.pdf
xpdf: pthread_mutex_lock.c:62: __pthread_mutex_lock:
On Tue, 17 Aug 2010 08:45:26 -0400, Sam Hartman wrote:
Will upload 1.6.2.
I guess I should do something about testing too. I'll ask -release if
they will permit 1.6.2 into testing but kind of expect a no answer, so
I'll proabably need to prepare something for tpu.
they'll usually grant
Package: barnowl
Version: 1.5.1-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for barnowl.
CVE-2010-2725[0]:
| BarnOwl before 1.6.2 does not check the return code of calls to the
| (1) ZPending and (2) ZReceiveNotice functions in
Package: rekonq
Version: 0.5.0-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for rekonq.
CVE-2010-2536[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and
| earlier allow remote attackers to inject arbitrary
attached is a debdiff where the replaces is also versioned. this
change was required by the release team.
poppler.debdiff
Description: Binary data
On Sun, 8 Aug 2010 23:40:38 -0400, Anibal Monsalve Salazar wrote:
On Tue, Aug 03, 2010 at 01:47:15PM -0400, Michael Gilbert wrote:
package: ssmtp
version: 2.64-4
severity: serious
tags: security
a buffer overflow in ssmtp:
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
On Mon, 9 Aug 2010 21:25:37 -0400 Anibal Monsalve Salazar wrote:
On Mon, Aug 09, 2010 at 11:10:46AM -0400, Michael Gilbert wrote:
that means that the info hasn't yet been populated in their database.
it was assigned on oss-security, and sometimes it takes a many days to
enter the database
On Sun, 8 Aug 2010 00:08:50 +0900 Osamu Aoki wrote:
Hi,
Thanks Michael for your effort.
On Sat, Aug 07, 2010 at 03:05:06AM -0400, Michael Gilbert wrote:
Attached is a debdiff for the poppler NMU to fix the xpdf-utils
conflict. I've uploaded the package to mentors [0]. Would you
On Sun, 8 Aug 2010 02:04:24 +0900 Osamu Aoki wrote:
Hi maintainer of poppler,
This is intent to NMU mail.
On Sat, Aug 07, 2010 at 11:42:02AM -0400, Michael Gilbert wrote:
On Sun, 8 Aug 2010 00:08:50 +0900 Osamu Aoki wrote:
I don't think we should risk waiting on the maintainer since
severity 561762 important
thanks
even though kde4libs really needs to be checked against these webkit
issues, it isn't a reason to hold up the release.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
severity 592068 normal
thanks
deborphan doesn't actually remove anything. it's up to the user to
make an informed decision based on its output.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
hi,
attached is a debdiff for an NMU that i plan to seek sponsorship for.
this fixes a conflict that is currently preventing xpdf from
transitioning to testing. this is RC, so it will be uploaded to the 2
day delayed queue i believe.
best wishes,
mike
poppler.debdiff
Description: Binary data
package: ssmtp
version: 2.64-4
severity: serious
tags: security
a buffer overflow in ssmtp:
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
note that current code is slightly different than ubuntu, so its not
entirely clear whether debian is affected. please check.
thanks,
mike
retitle 591515 CVE-2008-7258 buffer overflow
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
can we downgrade the severity of this issue since there is a fix
included (even though it isn't ideal)? it's currently RC.
best wishes,
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Wed, 14 Jul 2010 16:52:06 +0200 Cyril Brulebois wrote:
Source: webkit
Version: 1.2.2-1
Severity: serious
Justification: FTBFS
Hi,
your package FTBFS on all buildds. Logs excerpt on i386:
| CXX
WebCore/platform/graphics/cairo/libwebkit_1_0_la-FontCustomPlatformData.lo
| CXX
On Sun, 06 Jun 2010 15:15:36 +0200 Sacra Mateos wrote:
Package: virtualbox-ose-dkms
Version: 3.2.0-dfsg-1
--- Please enter the report below this line. ---
I cannot run VirtualBox even following Mike's suggestions.
After installing kernel source and headers and reinstalling VirtualBox,
On Sun, 6 Jun 2010 19:46:57 +0200 Francesco Poli wrote:
Hello!
Is there any progress on this bug?
It seems to be the only reason why xpdf is still out of Debian
testing...
it's a trivial bug. its fixed. its being held up by more significant
changes to the package as being discussed on
On Sat, 05 Jun 2010 17:15:36 +0200 Bernard Drapeau wrote:
Package: virtualbox-ose-dkms
Version: 3.2.0-dfsg-1
Severity: grave
--- Please enter the report below this line. ---
Vistualbox fails to compile some modules.
I reinstalled virtualbox-ose and virtualbox-ose-dkms.
After
wouldn't it make more sense to solve these issues in the ghostscript
package by itself; rather than 100 different packages.
even if ghostscript won't change their code, debian always has the
option to fix it anyway. that could be done be either applying a
patch that automatically uses the
Package: perl
Version: 5.10.1-12
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for perl.
CVE-2010-1974[0]:
| Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module
| before 2.25 for Perl allow context-dependent
On Sun, 23 May 2010 20:09:53 +0200 Vincent Lefevre wrote:
Package: dhcp3-client
Version: 3.1.3-2
Severity: critical
Tags: security
Justification: root security hole
I've just seen:
$ ll /etc/resolv.conf
-rw-rw-rw- 1 root root 23 2010-05-23 08:40:05 /etc/resolv.conf
i see 644
On Sun, 23 May 2010 22:29:47 +0200 Vincent Lefevre wrote:
On 2010-05-23 12:17:26 -0400, Michael Gilbert wrote:
i see 644 permissions on my system; although i admit that i have not
veered from the default settings with respect to dhcp.
Yes, /etc/resolv.conf usually has 644 permissions
package: chromium-browser
severity: serious
i know there is already an RC-blocker for chromium, but another
important issue is security support over squeeze's lifetime. it will be
very difficult to provide support for a beta version for 3 years or so.
hence, this package should not migrate to
severity 582590 important
thanks
denial-of-service don't need to be treated as release critical ;)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thu, 20 May 2010 05:02:04 -0700 (PDT) john terragon wrote:
ld: Relocatable linking with relocations from format elf32-i386
(/var/lib/dkms/fglrx/10-4/build/2.6.x/libfglrx_ip.a.GCC4) to format
elf64-x86-64 (/var/lib/dkms/fglrx/10-4/build/2.6.x/fglrx.o) is not
supported
^ this is the problem.
severity 582312 important
thanks
On Thu, 20 May 2010 22:54:10 -0400 Michael Gilbert wrote:
i may get around to implementing that at some point, but it will
probably be much more expedient if you take a stab at it (especially
since this problem is of interest to you).
in the meantime, i am
grep'ing for jpeg on texlive-bin build log [1], shows that system
libjpeg is installed during build, and also does not show that a libjpeg
is being built or even linked against !
upstream probably includes that as a dependency of libgd2, which is why
its there. thanks for clearing this up!
On Wed, 19 May 2010 14:53:34 -0700 (PDT) john terragon wrote:
Another update.
It doesn't work, not even by invoking dkms directly. I mistakenly invoked
dkms after I rebooted into a 2.6.32-4-686 kernel. It built the fglrx module
for 2.6.32-5-amd64 but it wasn't the right format.
do you
And could you *PLEASE* verify *before* submitting a grave bug that this
actually applies to the pacakge?
this is actually my fault. i had recently checked the texlive-bin
package for the existence embedded code copies, but didn't do a
complete job to determine if
On Wed, 12 May 2010 08:17:27 +0200 Reinhard Tartler wrote:
On Wed, May 12, 2010 at 00:25:52 (CEST), Michael Gilbert wrote:
an integer underflow was fixed in a recent DSA, but is still vulnerable
in the latest mplayer in unstable. see:
http://lists.debian.org/debian-security-announce/2010
package: mplayer
severity: serious
version: 2:1.0~rc3+svn20100502-2
tags: security
an integer underflow was fixed in a recent DSA, but is still vulnerable
in the latest mplayer in unstable. see:
http://lists.debian.org/debian-security-announce/2010/msg00085.html
--
To UNSUBSCRIBE, email to
hi, attached is a debdiff that fixes these issues. i am looking for a
sponsor. the package is at:
http://mentors.debian.net/debian/pool/main/t/texlive-bin
mike
texlive.debdiff
Description: Binary data
On Sun, 25 Apr 2010 17:23:29 +0200 Lucas Nussbaum wrote:
On 23/04/10 at 21:09 -0400, Michael Gilbert wrote:
On Thu, 22 Apr 2010 17:48:28 +0200 Lucas Nussbaum wrote:
On 06/03/10 at 15:47 -0500, Michael Gilbert wrote:
Package: ruby1.9
Version: 1.9.0.5-1
Severity: serious
Tags
On Thu, 22 Apr 2010 17:48:28 +0200 Lucas Nussbaum wrote:
On 06/03/10 at 15:47 -0500, Michael Gilbert wrote:
Package: ruby1.9
Version: 1.9.0.5-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ruby1.9. Note
Package: webkit
Version: 1.2.0-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for webkit. Note that the upstream developers may not be
aware of this problem since google's fixes are to KURLGoogle.cpp, which
doesn't exist. However,
attached is the debdiff for an nmu that i am doing for this issue.
mike
gmime.debdiff
Description: Binary data
fixed 574064 1.1.90-1
thanks
i have checked. all of these issues are fixed in the latest webkit.
note that stable's webkit is still vulnerable to these and many other
old webkit issues [0]. perhaps it should be removed from lenny since
there is no ongoing security work?
mike
[0]
fixed 574021 1.26.2-1
thanks
i've checked the pango source code in unstable, and the vulnerable code
is not present.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
I have prepared an updated package for this issue, and I am looking for
a sponsor. If I find one or if you are willing to sponsor, this will
be NMU'd. The debdiff is attached.
The package can be found at:
http://mentors.debian.net/debian/pool/main/p/pulseaudio
Best wishes,
Michael Gilbert
package: virtualbox-ose-guest-x11
version: 3.1.4-dfsg-2
severity: serious
hi, there appears to be some sort of incompatibility between vboxvideo
and the latest kernel. after installing the 2.6.32-4 kernel, X will no
longer start.
i have checked the differences between the Xorg.0.log file under,
Package: barnowl
Version: 1.0.1-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for barnowl.
CVE-2010-0793[0]:
| Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to
| cause a denial of service (crash) and possibly execute
Source: webkit
Version: 1.0.1-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for webkit. Apple's report is once again notoriously sparse,
so I can't determine whether debian's webkit packages are affected.
Perhaps more info is
package: libtheora
version: 1.0~beta3-1
severity: serious
tags: security
Hi,
I have prepared a lenny package for the theora issues that are
were recently addressed in xulrunner. Note that two of them never got a
CVE (one should probably be requested), but have been fixed ever since
the first
package: samba
version: 2:3.2.5-4
severity: serious
tags: security , patch
Hi,
I have prepared a lenny package for the samba directory traversal. Note
that this introduces a change in default settings. The package and a
debdiff are at http://alioth.debian.org/~gilbert-guest/samba.
These issues
I probably should have mentioned that this is being tracked in unstable
as bug #568493.
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: ruby1.9
Version: 1.9.0.5-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ruby1.9. Note this was fixed in 1.9.1, and it isn't
really clear whether it affects 1.9. I can't find enough info to say
either way. Please check.
fyi, upstream just released version 0.5.1 [0], and it looks like they
backported all of these security fixes, so it may be easier to figure
out the needed patches from the diff there.
would it be wise to plan to ship squeeze with their stable point
releases rather than their latest svn?
thanks
would it be wise to plan to ship squeeze with their stable point
releases rather than their latest svn?
oops, i just read an earlier message where you mentioned that was your
plan all along. good to hear.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
Package: tdiary
Version: 2.2.1-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for tdiary.
CVE-2010-0726[0]:
| Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack
| transmission) plugin in tDiary 2.2.2 and earlier
On Tue, 2 Mar 2010 23:14:50 +0100, Stefano Zacchiroli wrote:
On Mon, Dec 07, 2009 at 12:05:22AM -0500, Michael Gilbert wrote:
The following CVE (Common Vulnerabilities Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool
fixed 535793 1.1.21-1
thanks
hi, all of these issues have been triaged in the debian security
tracker [0] and found to be fixed on or before the latest webkit in
unstable.
many of these; however are still open in stable (the open issues at
[0]). a DSA needs to be issued for those.
thanks,
mike
--- vboxgtk-0.5.0/debian/changelog
+++ vboxgtk-0.5.0/debian/changelog
@@ -1,3 +1,9 @@
+vboxgtk (0.5.0-1.1) unstable; urgency=low
+
+ * Fix startup crash (closes: #560381).
+
+ -- Michael Gilbert michael.s.gilb...@gmail.com Sat, 27 Feb 2010 13:21:28 -0500
+
vboxgtk (0.5.0-1) unstable; urgency=low
On Wed, 24 Feb 2010 08:00:45 -0500, Zachary Uram wrote:
This sucks. Stupid closed source drivers cause such problems. Any
workaround I can do?
I need to build the fglrx driver for debian squeeze (ati radeon hd
4550 card), but I just saw this bug
saying the packages have been removed from
On Tue, 23 Feb 2010 11:30:57 -0300, Gustavo Noronha Silva wrote:
On Mon, 2010-02-22 at 22:40 -0500, Michael Gilbert wrote:
version: 1.1.21-1
i've checked all of these issues, and they are all fixed in the latest
version in unstable. thanks.
Awesome! Did you take notes of what commits
severity 571036 important
thanks
On Mon, 22 Feb 2010 18:03:55 -0500 Don Pellegrino wrote:
The 10.2 release of the ATI Catalyst drivers (fglrx) are incompatible
with compositing in KDE 4.3 as discussed on Phoronix at
[http://www.phoronix.com/forums/showthread.php?t=22057#post112989].
It has
version: 1.1.21-1
i've checked all of these issues, and they are all fixed in the latest
version in unstable. thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
package: ffmpeg
version: 0.svn20080206-18
severity: serious
tags: security
hi, i have just tested the latest ffmpeg update against the original
proof of concepts [0] reported in bug #550442 [1]. many of them are
still effective. there is some good news though; i've found that
upstream has
hi,
i've built packages that address the open xpdf issues [0]. the planned
nmu for unstable is attached.
i can assist with xpdf security updates in the future.
mike
[0] http://alioth.debian.org/~gilbert-guest/xpdf/
xpdf-sid.debdiff
Description: Binary data
package: samba
version: 2:3.4.5~dfsg-1
severity: critical
hi, a zero-day remote access exploit has been demonstrated using a
vulnerability in samba [0]. the only info to go on right now is a
rather blurry video demonstrating the exploit in action as well as the
code modified. i know this isn't a
note that it looks to be exposed only for public shares that are
writable, which should be an uncommon configuration for
security-conscious users.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Tue, 26 Jan 2010 13:33:32 +0100, Stefano Zacchiroli wrote:
All in all (and unless I've missed something), the choice seems to be
relatively self contained. We would just need to promote to standard
python-support and python-apt. For reference, on amd64 the total
installed-size of the 2 is
On Tue, 26 Jan 2010 14:21:11 +0100, Matthias Klose wrote:
close 566233
thanks
On 25.01.2010 00:18, Michael Gilbert wrote:
reopen 566233
thanks
On Fri, 22 Jan 2010 11:51:13 + Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which
reopen 560953
thanks
On Mon, 25 Jan 2010 15:24:10 +, Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the smart package:
#560953: CVE-2009-3560 and CVE-2009-3720 denial-of-services
It has been closed by Free
reassign 566634 libopenal1
found 566634 1.10.622-1
retitle 566634 libopenal1: pulseaudio deadlocks with latest version of openal
forwarded
http://www.mail-archive.com/pulseaudio-disc...@mail.0pointer.de/msg05595.html
thanks
On Sun, 24 Jan 2010 11:36:25 +0100 Patrick Matthäi wrote:
Package:
note that this is claimed fixed in upstream version 1.11.753:
http://kcat.strangesoft.net/openal.html
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
reopen 566233
thanks
On Fri, 22 Jan 2010 11:51:13 + Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the python2.6 package:
#566233: CVE-2009-3560 and CVE-2009-3720 denial-of-services
It has been closed by Matthias
Package: openjdk-6
Version: 6_6b17~pre3-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) ids were
published for openjdk-6 in 2007. It is very likely that they are all
fixed; however, this needs to be manually verified. Please check. Thank
you.
Package: openjdk-6
Version: 6_6b17~pre3-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openjdk-6. It is very likely that they are all
fixed; however, this needs to be manually verified. Please check and
reply in-line with the
Package: openjdk-6
Version: 6_6b17~pre3-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openjdk-6. It is very likely that they are all
fixed; however, this needs to be manually verified. Please check and
reply in-line with the
Please reply in-line with the fixed package version for each issue.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
package: python2.5
version: 2.5.2-15
severity: serious
hi, python2.5 fails to build from source on lenny. i am working on
fixing the expat security issues, so i am considering disabling the
failing pybench test in order to get it to build. do you see any issue
with doing so? see build error
On Fri, 22 Jan 2010 01:12:21 +0100 Matthias Klose wrote:
On 22.01.2010 01:01, Michael Gilbert wrote:
package: python2.5
version: 2.5.2-15
severity: serious
hi, python2.5 fails to build from source on lenny. i am working on
fixing the expat security issues, so i am considering
On Sun, Dec 13, 2009 at 11:21 AM, Matthias Klose wrote:
On 13.12.2009 16:29, Michael Gilbert wrote:
Hi all,
In order to guarantee that the system expat is used, the
'--with-expat=sys' configure argument must be used. If you think
your package is already using the system expat, or if you
On Sun, 17 Jan 2010 09:52:03 +0100 Mike Hommey wrote:
Other than the fact that one bug report for several bugs is not helpful
for bug tracking, it looks to me like CVE-2009-2061 has been fixed at
the same time as CVE-2009-1836.
Understood. CVE dumps tend to include many issues in the same
package: python2.5
version: 2.5.4-3
severity: serious
hi, the python source packages contain a non-free audio clip that is
from Monty Python's Flying Circus, which is Copyright 1969. i doubt
that the copyright holders have put any of that material into the
public domain, and the copyright term
Package: xulrunner
Version: 1.9.1.6-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for xulrunner.
CVE-2009-1597[0]:
| Mozilla Firefox executes DOM calls in response to a javascript: URI in
| the target attribute of a submit element
forcemerge 564526 559531
thanks
this is additional information for the existing report. it would have
been better to add it on there, rather than opening a new report.
thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
package: virtualbox-ose-guest-x11
version: 3.1.2-dfsg-1
severity: serious
hi, the virtualbox video modules are currently uninstallable due to
unmet dependencies. this is actually a bit odd because the current
xserver is actually newer than the one stated as required:
$ sudo apt-get install
the root of the problem may be that it needs to provide an
xserver-xorg-video-6?
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thu, 07 Jan 2010 19:27:02 + Ben Hutchings wrote:
Julien Cristau pointed out the thread
http://thread.gmane.org/gmane.comp.security.oss.general/2457. It
appears that Red Hat allocated CVE-2009-4536 for this and CVE-2009-4538
for a similar bug in e1000e.
do you follow kernel-sec [0]?
Package: gwt
Version: 1.6.4-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for gwt. These may have been fixed upstream in the past
since these were issued a while ago, but since this is the initial
upload of the package, this needs
retitle 563542 gwt: CVE-2007-2378 and CVE-2007-6452 vulnerabilities
thanks
Oops, that should have been CVE-2007-6452:
CVE-2007-6452[0]:
| Unspecified vulnerability in the benchmark reporting system in Google
| Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors,
| possibly
package: bochs
version: 2.4.2-1
severity: grave
hi, the latest version of bochs fails to build because it lacks a
dependency on docbook (which contains the dtd's needed during the build
process).
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
fixed 8.64~dfsg-2
thanks
marking as fixed in unstable since the system jasper library has been
used for a while now.
mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: gs-gpl
Version: 8.54.dfsg.1-5
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for ghostscript. gs-gpl is the source package for
ghostscript in etch. I have not determined whether the vulnerable code
related to these CVEs is
Package: qt4-x11
Version: 4:4.5.3-4
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) ids were
published for webkit. qt4-x11 embeds webkit, so most of these issues
are likely applicable to this package. Since there are so many
problems, I have not had
Package: kdelibs
Version: 4:3.5.10.dfsg.1-2.1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) ids were
published for webkit. webkit was forked from khtml, so these
issues very like apply to this package as well. Since there are so
many problems, I
Package: kde4libs
Version: 4:4.3.4-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) ids were
published for webkit. webkit was forked from khtml, so these
issues very like apply to this package as well. Since there are so
many problems, I have not had
On Fri, 18 Dec 2009 10:54:15 +, Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the openjdk-6 package:
#560908: openjdk-6: deluge of vulnerabilities
It has been closed by Matthias Klose.
are you 100% sure that all
On Thu, 17 Dec 2009 16:13:36 +0200, Teodor wrote:
Package: cacti
Version: 0.8.7e-1.1
Severity: grave
Tags: security
Justification: user security hole
I've noticed in the past that cacti RE-adds the symbolic link
conf.d/cacti.conf
on every upgrade even if the source file was *manually*
701 - 800 of 1088 matches
Mail list logo