On Tue, Jun 25, 2013 at 10:52:24PM +0200, Yves-Alexis Perez wrote:
On mar., 2013-06-25 at 18:34 +0200, Moritz Muehlenhoff wrote:
For lenny we should announce it's end of life as we recently did in the
chromium and icewerasel DSAs. Agreed?
I think you mean Squeeze?
Yes.
As we already
On Mon, Jun 03, 2013 at 08:30:30AM +0200, Didier Raboud wrote:
Hi Chris,
Le mardi, 9 août 2011 22.42:39, Moritz Muehlenhoff a écrit :
Chris, almost a year has passed. Do you agree with removal from
unstable or what's your plan for foomatic-gui?
It's been one more year-and-a-half without
On Mon, May 13, 2013 at 06:33:21PM +0200, Luigi Gangitano wrote:
Hi Moritz,
Il giorno 10/mag/2013, alle ore 18:45, Moritz Muehlenhoff j...@inutil.org
ha scritto:
Wheezy has released with squid and squid3, can we go ahead with the removal
of squid now?
With the help of Amos, I've
retitle 703348 CVE-2013-1854
thanks
On Mon, Mar 18, 2013 at 06:33:45PM +0100, Moritz Muehlenhoff wrote:
Package: ruby-activerecord-3.2
Severity: grave
Tags: security
Please see http://article.gmane.org/gmane.comp.security.oss.general/9750 for
details and patches.
The reference is wrong.
On Sat, Mar 16, 2013 at 01:49:24PM -0400, Jay Berkenbilt wrote:
They also send me links to the upstream fixes:
http://bugs.icu-project.org/trac/changeset/32865
http://bugs.icu-project.org/trac/changeset/32908
I can prepare a new upload with these fixes and call it CVE-2013-0900.
There's
On Mon, Jan 14, 2013 at 01:17:52PM +0100, Alexander Wirt wrote:
tag 697931 patch
thanks
Alexander Wirt schrieb am Saturday, den 12. January 2013:
On Fri, 11 Jan 2013, Moritz Muehlenhoff wrote:
Package: icinga
Severity: grave
Tags: security
Justification: user security hole
On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
Hi
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there
On Sat, Jan 26, 2013 at 11:26:27AM +, Adam D. Barratt wrote:
On Sun, 2013-01-13 at 11:53 -0800, Clint Byrum wrote:
According to this blog post by Stewart Smith:
http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/
It looks like
On Sun, Jan 27, 2013 at 11:45:06AM +0200, Timo Aaltonen wrote:
On 26.01.2013 23:06, Salvatore Bonaccorso wrote:
Hi Timo
On Thu, Jan 24, 2013 at 08:46:43PM +0200, Timo Aaltonen wrote:
On 24.01.2013 20:30, Moritz Muehlenhoff wrote:
Package: sssd
Severity: grave
Tags: security
Hi,
On Fri, Feb 01, 2013 at 10:09:34PM +, Jonathan Wiltshire wrote:
On Sun, Jan 20, 2013 at 08:49:26PM +0100, Moritz Mühlenhoff wrote:
On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
Control: found -1 3.2.1-2
On 2013-01-11 13:50, Moritz Muehlenhoff wrote
On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
Control: found -1 3.2.1-2
On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
Package: nagios3
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2012-6096:
On Sat, Jan 12, 2013 at 12:30:11AM +, Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the mysql-5.5 package:
#695001: mysql-5.5: New MySQL issues
It has been closed by Nicholas Bamber nicho...@periapt.co.uk.
Their
On Tue, Jan 08, 2013 at 02:45:59AM +0200, Tzafrir Cohen wrote:
Hi,
On Wed, Jan 02, 2013 at 10:56:43PM +0100, Salvatore Bonaccorso wrote:
Package: asterisk
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On Fri, Dec 28, 2012 at 05:03:25PM +0100, Pierre Chifflier wrote:
Sorry for the late reply. This seems to have fallen through the cracks
and I'm currently catching up with old mail.
I think this doesn't warrant a DSA, but could you fix this through
a stable point update?
On Fri, Dec 28, 2012 at 06:40:29PM +0100, Didier 'OdyX' Raboud wrote:
Le jeudi, 27 décembre 2012 20.43:12, Moritz Mühlenhoff a écrit :
AFAICS can there haven't been any regressions, can we should go ahead with
the update now.
EPARSE
I meant: No regressions in sid - We can proceed
On Sat, Dec 08, 2012 at 11:32:57AM +0100, Didier Raboud wrote:
Le samedi, 8 décembre 2012 09.12:20, Yves-Alexis Perez a écrit :
On sam., 2012-12-08 at 01:58 +0100, Didier 'OdyX' Raboud wrote:
I propose to get CVE-2012-5519 (#692791) fixed with the attached debdiff.
To be honest,
On Thu, Nov 08, 2012 at 10:40:19PM +0100, Pierre Chifflier wrote:
On Thu, Nov 08, 2012 at 08:03:35AM +0100, Moritz Muehlenhoff wrote:
Package: trousers
Severity: grave
Tags: security
Justification: user security hole
Please see here for details:
severity 687485 important
thanks
On Sat, Oct 13, 2012 at 10:00:01AM +0100, Nicholas Bamber wrote:
On 10/10/12 23:27, Nicholas Bamber wrote:
The patch did not compile as expected. I've been bogged down with other
packages. However I expect to have another go next week and look at
fixing the
On Mon, Oct 15, 2012 at 05:38:37AM -0400, Reinhard Tartler wrote:
None of these are merged into 0.5.x, has the code diverged so much?
I arrived only today from my two week trip and will work on backports
for 0.7-0.5 this week. Sorry for the delay.
Merry christmas Reinhard,
did you have a
On Wed, Nov 28, 2012 at 05:22:30PM +0100, Roland Stigge wrote:
On 11/28/2012 05:10 PM, Moritz Muehlenhoff wrote:
gatling 0.12 has two directory traversal vulns (one in the handling of
Host headers, one
in the ftp code) that have been fixed in Gatling 0.13.
Which ones do you mean? (e.g.
To address CVE-2012-4777, I will be uploading 3.9.4-5+squeeze6 with the
attached differences.
diff -urN ../tiff-3.9.4-5+squeeze5/debian/changelog ./debian/changelog
--- ../tiff-3.9.4-5+squeeze5/debian/changelog 2012-09-26 13:46:28.0
-0400
+++ ./debian/changelog2012-10-05
On Sat, Sep 29, 2012 at 04:58:55PM +0100, Simon McVittie wrote:
On 28/09/12 22:30, Geoffrey Thomas wrote:
CVE-2012-3524 is about setuid binaries linking libdbus being easily
trickable to do bad things via a malicious PATH (for finding
dbus-launch), or through a DBUS_* address variable using
On Wed, Sep 19, 2012 at 12:07:15PM +0200, Michael Kozma wrote:
Le 19/09/2012 12:00, Cyril Brulebois a écrit :
Michael, that should be “chan_sip” apparently?
Yes, sorry, but i have the same issue than Herman :
monitoring*CLI module load chan_sip
Unable to load module chan_sip
Command
tags 686867 patch
thanks
On Thu, Sep 06, 2012 at 10:03:58PM +0200, Moritz Muehlenhoff wrote:
Package: jruby
Severity: grave
Tags: security
Justification: user security hole
Hi,
jruby in Wheezy is still affected by
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4838
On Sun, Sep 16, 2012 at 01:39:06PM +0200, Kai Lüke wrote:
As far as I can see, the problem was not solved upstream:
https://live.gnome.org/gksu
http://anonscm.debian.org/gitweb/?p=users/kov/gksu-polkit.git;a=summary
So either one is stepping in for a patch or it's ignored...(?) maybe wontfix
severity 677418 normal
thanks
This is long-standing behaviour of GPM and changing it would break
valid use cases. There's certainly room for a new option with a
more tight handling, but this is not a RC security bug.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Sat, Aug 04, 2012 at 12:37:23AM +0200, Tobias Hansen wrote:
Hi,
t1lib has no upstream, but a number of security vulnerabilities and reverse
dependencies.
We need to know if #637488 can be ignored for wheezy or if we should go for
removal and file bugs against the reverse
://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
This was assigned CVE-2012-3445
Squeeze doesn't have virTypedParameter* so it isn't affected.
Cheers,
-- Guido
Thanks, I'll update the Security Tracker.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh
severity 634965 normal
thanks
On Sun, Jul 01, 2012 at 02:17:32PM -0600, Josue Abarca wrote:
Hello,
I have been trying to reproduce the bug that you reported:
http://bugs.debian.org/634965
but I have not been able to do it.
I am using an updated Debian Sid system to try it.
Do you
On Mon, Jan 17, 2011 at 12:27:15AM +0100, Julien Cristau wrote:
user release.debian@packages.debian.org
usertag 608981 squeeze-can-defer
tag 608981 squeeze-ignore
kthxbye
On Fri, Jan 14, 2011 at 23:35:48 +0100, Moritz Mühlenhoff wrote:
reassign 608981 libggi2
thanks
On Wed,
#upload-stable
We should fix CVE-2012-2807 though a DSA, though.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer
Univention GmbH be open.fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen
to fix
CVE-2011-2730. You can find it on
http://people.debian.org/~drazzib/security/
Could you please review it ?
Please direct this to t...@security.debian.org
Thanks!
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer
severity 649151 important
thanks
On Sat, May 26, 2012 at 11:27:21AM +0200, Jonas Smedegaard wrote:
I agree, Jonathan, that lack of documentation is not so severe an issue
that Debian would be better off released without CDBS. I merely had no
desire to play severity ping-pong or argue with
On Mon, Nov 29, 2010 at 11:28:31AM +0200, Modestas Vainius wrote:
The two are from my point of view RC
No, the first part is not RC because:
1) it is rare enough
2) there is no data loss involved
There is no info about the 2nd part and according to upstream, the bug has
been there
On Sun, May 13, 2012 at 05:52:05PM +0100, Steve McIntyre wrote:
On Sun, Oct 02, 2011 at 05:53:48PM -0430, Miguel Landaeta wrote:
#tag 611130 + idontgiveadamn
tag 611130 + moreinfo
kthxbye
Upstream doesn't answer any request about this bug.
I sent emails, I posted in their discussion
On Sun, May 13, 2012 at 06:04:03PM +0100, Steve McIntyre wrote:
On Tue, Mar 08, 2011 at 10:37:13PM +0100, Moritz Muehlenhoff wrote:
On Tue, Mar 08, 2011 at 02:02:31PM +0100, Hector Romojaro wrote:
Hi,
About openacs and dotlrn packages, I don't think they are affected by
any of the Xinha
On Sun, May 13, 2012 at 02:54:40PM +0200, Yves-Alexis Perez wrote:
On sam., 2012-05-12 at 23:45 +0200, Bernd Zeimetz wrote:
Being forced to upgrade to a new major version by a stable security support
is
nothing we should force our users to. Debian stable is known for (usually)
painfree
On Mon, Apr 23, 2012 at 09:58:33AM +, Gerrit Pape wrote:
Hi Team,
do you have any news on this pending security fix? If I can be of any
help, please don't hesitate to ask.
Sorry for the delay. I've just released the DSA.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Mon, Apr 16, 2012 at 12:43:40AM +0100, Nicholas Bamber wrote:
On 15/04/12 16:18, Arne Wichmann wrote:
Found: 665012 1.4.03-1.1
As far as I can see this is not yet fixed in stable.
cu
AW
Arne,
All the security issues are present in the stable release. I never
got a
On Mon, Apr 09, 2012 at 08:18:35PM -0400, Jay Berkenbilt wrote:
Mikulas Patocka miku...@artax.karlin.mff.cuni.cz wrote:
libtiff crashes on corrupted images when using electric fence memory
debugger.
. . .
Do you know whether this bug is present with libtiff4 3.9.4-5+squeeze3
or
On Sun, Apr 08, 2012 at 01:21:27PM +0200, Robert Grimm wrote:
tags 667998 moreinfo unreproducible
thanks
I have this running on i386 (virtual) and amd64 without problems.
Can you please try to get a backtrace with an unstripped build?
e.g.
$ DEB_BUILD_OPTIONS=nostrip apt-get -b source
On Sun, Feb 19, 2012 at 08:58:00AM +1100, Mark Purcell wrote:
On Tue, 24 Jan 2012 05:22:09 Ronny Standtke wrote:
But building v3.11.12-2 with pbuilder fails because in the debian/rules
step Correct Python interpreter path in all executables, readlink
fails to print
.jar
/usr/share/java/objenesis.jar
Attached patch fixes this, I'd appreciate some review from someone with more
Java packaging foo, though.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer
Univention GmbH Linux for Your
On Thu, Mar 22, 2012 at 04:47:00PM +0100, Moritz Muehlenhoff wrote:
Package: libpng
Severity: grave
Tags: security
This is CVE-2012-3045:
Fix in Chromium repository:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngrutil.c?r1=125311r2=125310pathrev=125311
I'm
solution would be dh-autoreconf.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http
Dear maintainer,
here's the debdiff for my openjade NMU.
Cheers,
Moritz
diff -u openjade1.3-1.3.2/config.sub openjade1.3-1.3.2/config.sub
--- openjade1.3-1.3.2/config.sub
+++ openjade1.3-1.3.2/config.sub
@@ -2,9 +2,9 @@
# Configuration validation subroutine script.
# Copyright (C)
Dear maintainer,
here's the debdiff for my stgit NMU.
Cheers,
Moritz
diff -u stgit-0.15/debian/changelog stgit-0.15/debian/changelog
--- stgit-0.15/debian/changelog
+++ stgit-0.15/debian/changelog
@@ -1,3 +1,10 @@
+stgit (0.15-1.1) unstable; urgency=low
+
+ * Non-maintainer upload for RC
exit status 2
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http://www.univention.de
On Wed, Mar 07, 2012 at 03:57:33PM +0100, Moritz Muehlenhoff wrote:
On Tue, Mar 06, 2012 at 10:12:35PM +0100, Yves-Alexis Perez wrote:
Source: freetype
Severity: grave
Tags: security
Justification: user security hole
Hi,
several vulnerabilities were found in freetype and were
On Dienstag, 6. März 2012 16:43:46 Moritz Muehlenhoff wrote:
Package: jifty
Version: 1.10518+dfsg-1
Severity: serious
Your package fails to build from source: (full build log attached)
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer
: debian/rules build gave error exit status 2
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http
.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http://www.univention.de
On Montag, 5. März 2012 11:08:41 Gilles LAMIRAL wrote:
Hello Moritz,
Perl release?
I think this code test is very old, the load fails. Perl changes.
This is Perl 5.14.2 from Debian unstable (5.14.2-9)
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
this with libcvs-perl 0.07. Do you have maybe the
full build log available?
The full log is attached. The system was once installed with squeeze, that's
why the hostname is squeezeamd64, but it's running a current Debian sid.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh
On Mon, Feb 13, 2012 at 09:15:43AM +0100, Moritz Muehlenhoff wrote:
Package: mysql-5.1
Severity: grave
Tags: security
Multiple security issues have been announced in MySQL:
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixMSQL
Unfortunately Oracle refuses
On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote:
Hi Moritz,
Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
There's a new issues, which affects 1.x:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012
.
This problem was fixed upstream in commit 0a0fbb4.
I am waiting for some bugfixes in the rsync handler before I upload
a new package. I have no precise ETA for this. Is it fine with you?
Sure, any time before the Wheezy release is fine :-)
Cheers,
Moritz
--
Moritz Mühlenhoff
On Wed, Nov 23, 2011 at 12:47:18PM -0600, Gunnar Wolf wrote:
Moritz Mühlenhoff dijo [Tue, Nov 22, 2011 at 09:47:28PM +0100]:
Hi Gunnar,
this doesn't warrant a DSA, but it would be appreciated if you
fix this through a point update:
http://www.debian.org/doc/manuals/developers-reference
On Sat, Feb 11, 2012 at 02:04:01PM +0100, Alessandro Ghedini wrote:
On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote:
On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote:
On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote:
Having
On Wed, Feb 01, 2012 at 10:46:51PM -0800, tony mancill wrote:
On 01/29/2012 06:05 AM, Moritz Muehlenhoff wrote:
Package: libstruts1.2-java
Severity: grave
Tags: security
Hi,
several vulnerabilities have been reported against Struts:
to avoid the need to call pkg-config.
See the pkg-config man page for more details.
The bug is still present in stable. I'm attaching the patch we used for
Univention Corporate Server.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software
On Thu, Jan 05, 2012 at 10:00:43AM +0100, Christoph Berg wrote:
Re: Moritz Muehlenhoff 2012-01-04 20120104171956.ga4...@inutil.org
Can you also assess whether (old)stable are affected, and if so, provide
packages? If not (affected or able), do let us know aswell.
In any case,
On Wed, Dec 28, 2011 at 08:21:50PM +0100, Jordi Mallach wrote:
On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote:
CVE_2011_2193 was fixed in DSA 2329.
The second issue, CVE-2011-2907, is still unfixed in stable.
My read of the Bugzilla log was that Redhat didn't actually
On Wed, Jan 04, 2012 at 01:04:22PM +0100, Didier Raboud wrote:
Hi Moritz,
(CC'ing #635549 as it was mentionned there and team@s.d.o as per [0])
First of all, sorry for the delay.
I have been preparing a stable-security upload for foomatic-filters,
reportedly vulnerable to CVE-2011-2964 in
On Wed, Dec 28, 2011 at 03:22:51PM +0100, Julien Cristau wrote:
torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low
[ Jordi Mallach ]
* [CVE_2011_2193]: Fix two potential buffer overflows:
jobid length and hostname length weren't properly checked,
and these
On Mon, Aug 08, 2011 at 09:46:59AM +0200, Sebastian Harl wrote:
Hi,
On Sat, Aug 06, 2011 at 08:06:17AM +0200, Michael Biebl wrote:
the libnotify 0.7 transition is currently ongoing [0].
Even if your package currently FTBFS for other reasons, it will also
fail to build due the API changes
On Tue, Dec 20, 2011 at 01:15:32AM +0100, Christoph Haas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://security-tracker.debian.org/tracker/CVE-2011-2904
I have extracted a patch using
svn diff -r r20742:r20789 frontends/php/acknow.php
from the upstream sources.
retitle 653168 RM: oprofile - unmaintained, replacements exist, buggy, low
popcon
reassign 653168 ftp.debian.org
severity 653168 normal
thanks
On Sat, Dec 24, 2011 at 03:55:43PM -0500, Roberto C. Sánchez wrote:
On Sat, Dec 24, 2011 at 04:56:55PM +0100, Moritz Muehlenhoff wrote:
Source:
retitle 653107 Include vserver patch
severity 653107 normal
thanks
On Sat, Dec 24, 2011 at 12:04:27PM -0500, micah anderson wrote:
On Fri, 23 Dec 2011 23:40:20 +0100, Moritz Muehlenhoff j...@debian.org
wrote:
Package: util-vserver
Severity: serious
util-vserver hasn't seen an upload
On Sun, Dec 18, 2011 at 04:34:51PM +, Jonathan Wiltshire wrote:
On Tue, Dec 06, 2011 at 08:01:18PM +0100, Moritz Muehlenhoff wrote:
What's the status of the following for stable?
http://security-tracker.debian.org/tracker/CVE-2011-1578
On Thu, Dec 01, 2011 at 09:47:53PM +0100, Florian Weimer wrote:
* Moritz Mühlenhoff:
Florian, what's the status of openjdk6 for stable/oldstable?
I've released the pending update for squeeze. lenny will eventually
follow, and so will the pending updates for squeeze, but judging by my
On Sun, Nov 27, 2011 at 03:10:57PM +, Colin Watson wrote:
tags 649322 security
severity 649322 grave
thanks
On Sat, Nov 19, 2011 at 11:19:48PM +0100, Leo Iannacone wrote:
The package clearsilver fails to compile with the new hardened compiler
flags dpkg-buildflag outputs [0].
The
On Fri, Nov 25, 2011 at 02:04:44PM +0100, Didier Raboud wrote:
Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
2. Insecure tempfile handling:
https://bugzilla.novell.com/show_bug.cgi?id=704608
https://bugs.launchpad.net/hplip/+bug/809904
This is CVE-2011-2722
On Fri, Nov 25, 2011 at 12:22:24PM +0100, Didier Raboud wrote:
Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit :
found 635549 3.10.6-2
notfound 635549 3.11.10
thanks
Hi Moritz,
Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit :
Two security issues
On Tue, Nov 01, 2011 at 08:31:00AM +0100, Moritz Muehlenhoff wrote:
Package: asterisk
Severity: grave
Tags: security
Please see http://downloads.asterisk.org/pub/security/AST-2011-012.html
Apparently stable/oldstable is not affected, please but double-check.
Asterisk maintainers, did you
On Mon, Nov 14, 2011 at 10:01:41PM +0900, Hideki Yamane wrote:
Hi,
On Thu, 10 Nov 2011 20:18:15 +0100
Florian Weimer f...@deneb.enyo.de wrote:
JPCERT disclosed an unspecified buffer overflow vulnerability in
ChaSen:
http://jvn.jp/en/jp/JVN16901583/index.html
Apparently, upstream
On Tue, Nov 01, 2011 at 06:28:48PM +0100, Moritz Muehlenhoff wrote:
Package: ldns
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=741024
http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
Ondrey, what's the status?
Cheers,
Moritz
--
On Fri, Oct 21, 2011 at 11:07:30AM +0200, Florian Weimer wrote:
* Moritz Muehlenhoff:
As for stable/oldstable: I noticed that Red Hat provided packages for
update 29 for RHEL 4 (RHEL 5 onwards use OpenJDK):
http://lwn.net/Articles/463919/
If anyone remembers the rationale behind the
On Mon, Oct 31, 2011 at 10:28:36AM -0600, Gunnar Wolf wrote:
Package: cherokee
Version: 1.2.100-1
Severity: grave
Tags: security
Justification: user security hole
CVE issue CVE-2011-2190 points out that the temporary admin password
generation function is seeded by the time and PID, which
On Mon, Apr 25, 2011 at 06:58:48PM +0200, Jaromil wrote:
this is now all fixed and uploaded to
http://apt.dyne.org/debian/pool/main/f/freej/freej_0.11git20110420-1.dsc
my packaging is being reviewed and hopefully will serve as a base to
make me debian maintainer, since i'd really like to
On Wed, Nov 09, 2011 at 04:49:14PM +0100, Didier Raboud wrote:
Le vendredi, 12 août 2011 00.40:07, Michele Martone a écrit :
On 20110808@19:24, Moritz Mühlenhoff wrote:
On Thu, Aug 04, 2011 at 10:11:16PM +0200, Michele Martone wrote:
Moreover, this may be the chance to upload an updated
On Tue, May 10, 2011 at 09:21:32PM +0200, Vincent Bernat wrote:
OoO Lors de la soirée naissante du mardi 10 mai 2011, vers 17:15,
Alexander Wirt formo...@debian.org disait :
Readwrite permissions to the pidfile of a daemon is a really bad idea. a
umask of 000 is probably never a
On Fri, Oct 14, 2011 at 05:54:44PM +0200, Moritz Muehlenhoff wrote:
On Wed, Oct 12, 2011 at 12:03:50PM +0300, Damyan Ivanov wrote:
Hello Damyan, are you planning to do this or do you need someone
else to take over? IMO this one warrants a DSA.
Thanks for the nudge. I have pushed the
On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote:
On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote:
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a package in SVN which is ready for upload. Before doing
so, Moritz, can
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
Package: libxml2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest
On Sun, Oct 02, 2011 at 11:44:39PM +0200, Ansgar Burchardt wrote:
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security upstream
Hi,
the last upstream release of libdigest-perl (1.17) contains a fix for an
unsafe use of eval: the argument to Digest-new($algo) was not checked
On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:
-=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=-
I'm reopening the bug, because I believe this fix applies to
squeeze, and should be fixed there.
Agreed.
Has anyone yet contacted the security team about this/is anyone
On Thu, Sep 22, 2011 at 12:18:22PM +0100, Steve Cotton wrote:
package exiftran
tags 636166 +fixed-upstream
thanks
Upstream version 2.08 adds support for libjpeg8.
As a patch, copying the files from 2.08's jpeg/80/ to 2.07's jpeg/
worked for me, without copying any of the makefile
On Fri, Sep 02, 2011 at 11:35:25PM +0200, Christoph Egger wrote:
Package: src:avifile
Version: 1:0.7.48~20090503.ds-5
Severity: serious
Tags: sid wheezy
Justification: fails to build from source (but built successfully in the past)
Hi!
Your package failed to build on the buildds:
retitle 638214 FTBFS: ICE on amd64
thanks
On Wed, Aug 17, 2011 at 08:29:26PM +0200, Moritz Muehlenhoff wrote:
Package: elmer
Severity: serious
Hi,
It's currently impossible to build elmerfem from source:
dpkg-buildpackage: source package elmerfem
dpkg-buildpackage: source version
On Wed, Aug 24, 2011 at 09:15:42PM +0200, Sylvestre Ledru wrote:
Source: avifile
Version: 1:0.7.48~20090503.ds-3
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110822 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
I have prepared a package in SVN which is ready for upload. Before doing
so, Moritz, can you look at this additional patch I found in the 2.4 SVN
branch?
svn diff -r4780:4781
On Sun, Jul 24, 2011 at 06:20:33PM +0200, Moritz Muehlenhoff wrote:
Package: virtualbox-ose
Version: 4.0.10-dfsg-1
Severity: grave
Tags: security
Does this affect the versions in Debian?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
On Thu, Jan 27, 2011 at 09:53:10AM -0430, Miguel Landaeta wrote:
On Tue, Jan 25, 2011 at 09:43:36PM +0100, Moritz Muehlenhoff wrote:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2087
Please get in touch with upstream, whether this has been addressed.
I just notified upstream to
On Sun, Jun 26, 2011 at 08:49:12AM +0300, Niko Tyni wrote:
On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote:
On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote:
Package: perl
Severity: grave
Tags: security
Hi Perl maintainers,
it turns out
On Thu, Jun 23, 2011 at 07:42:01AM +0200, Ondřej Surý wrote:
forcemerge 631286 631347
tags 631286 +squeeze wheezy sid
Thank you
Hi,
I already notice the bug when you reported it in postgresql and cloned the
bug.
Yes, the php5 is affected, but only squeeze and onwards (writing this
be reproduced in Squeeze.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http
/Squeeze with the attached patch (same as
Gert's, but for Squeeze) fixes the test suite failures for gammu/Squeeze.
It would be nice if this were fixed in a point update.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Hi,
* Moritz Mühlenhoff muehlenh...@univention.de [2011-02-14 10:27:55 CET]:
Am Montag 14 Februar 2011 04:24:35 schrieb John Lightsey:
Yes, I can reproduce the FTBFS with 1.14. This was corrected upstream
with 1.16 which is already in testing and unstable. The newer version
doesn't
On Fri, Apr 15, 2011 at 12:29:42PM -0400, Jim Salter wrote:
Package: webalizer
Version: 2.01.10-32.4
Severity: critical
Tags: security
Justification: root security hole
A server I admin running Debian Lenny with the current version of
webalizer installed was exploited through
901 - 1000 of 1021 matches
Mail list logo