Package: kitty
Version: 0.26.5-4
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team
Hello,
I was reading https://lists.debian.org/20230425190728.ga1471...@subdivi.de
in mutt and that mail contains 3 shell scripts as attachments
(application/x-sh). I wanted to have a look at the
Hello,
Le jeudi 13 octobre 2022, Thomas Braun a écrit :
> so I think it should be as easy as adding cppzmq-dev to the build
> dependencies.
>
> $diff -Nur control control.new
> --- control 2022-10-13 16:19:07.384578078 +0200
> +++ control.new 2022-10-13 16:19:03.972578004 +0200
> @@ -7,6
Hi,
On Mon, 01 Aug 2022, Chris Lamb wrote:
> Regardless of that though, I think we have two options:
>
> a) Revert back to the 3.2.14 LTS version in Debian unstable.
>
> b) Wait for the 4.x stream to become designated LTS. I believe this
>should happen with version 4.2, due for release in
On Tue, 26 Jul 2022, Paul Gevers wrote:
> Source: python-django
> Control: found -1 python-django/2:4.0.6-1
I'm surprised that we uploaded an non-LTS release to unstable.
Chris, why did you do that?
> I note that the changelog has this:
> "This security release mitigates the issue, but we have
Hello,
On Fri, 24 Jun 2022, Lucas Nussbaum wrote:
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
Thanks but I will not fix this bug. Intsead I have asked to remove
this package from unstable since it has been superseded by a native
field provided by Django:
Control: tags -1 + patch
Control: user de...@kali.org
Control: usertags -1 + kali-patch
On Sun, 17 Jul 2022 05:50:20 +0200 Cyril Brulebois wrote:
> I suppose the journal bits could be patched out for the udeb build (right
> now, configure ends up defining SYSTEMD_JOURNAL_SUPPORT to 1 there), but
Control: tag -1 + wontfix
On Sat, 23 Oct 2021, Lucas Nussbaum wrote:
> Source: logidee-tools
> Version: 1.2.19
>
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
Note that I requested removal of this package so I will not handle this
bug. See
Hello,
On Fri, 01 Oct 2021, Norbert Preining wrote:
> The failed autopkgtest can be boiled down to the following example (all
> the code is as taken from the logidee-tools generated code):
Sorry that logidee-tools created issues for you. For the record, I have
just requested the removal of that
Control: forcemerge 993204 996079
Le dimanche 10 octobre 2021, Simon McVittie a écrit :
> Package: gnome-shell-timer
>
> The metadata.json for this extension doesn't declare compatibility with
> GNOME 41. I don't know whether the actual code will need changes or not:
> the conservative
Hi,
the package has been dropped from testing a while ago due to this bug
but it's not clear to me that there's a real bug here.
On Wed, 23 Sep 2020, Matthias Klose wrote:
> Package: pipx
> Version: 0.12.3.1-3
> Severity: serious
> Tags: sid bullseye
>
> This package depends or build-depends on
Package: libmagics++-dev
Version: 4.5.2-1
Severity: grave
Justification: renders package unusable
I was alerted by a strange log in the package tracker:
/usr/lib/python3/dist-packages/debian/deb822.py:1403: UserWarning: cannot parse
package
relationship "i", returning it raw
I looked up what
Control: severity -1 important
Control: tag -1 + unreproducible
On Sun, 06 Dec 2020, Paul Wise wrote:
> On Sun, 2020-12-06 at 10:49 +0100, Raphael Hertzog wrote:
>
> > Duh, I am using it with GNOME Shell 3.38 but I have 3.38.1-2+b1 right
> > now and it's what I used to tes
Hi,
On Sun, 06 Dec 2020, Paul Wise wrote:
> When I try to load the Hamster extension, GNOME shell from unstable
> prints the following traceback into the systemd user journal, I guess
> it isn't compatible with GNOME shell 3.38 at this point in time.
Duh, I am using it with GNOME Shell 3.38 but
Hi,
On Mon, 23 Nov 2020, Matthias Klose wrote:
> https://ci.debian.net/data/autopkgtest/testing/amd64/s/scapy/8359116/log.gz
>
> [...]
> File "", line 25
>
> ^
> SyntaxError: expression cannot contain assignment, perhaps you meant "=="?
I see the following commit upstream:
Control: severity -1 important
I'm reducing the severity of this bug because this forbids
mailcap and mime-support to migrate to testing and they have to
migrate because the current mime-support is uninstallable in
a freshly installed testing system because media-types
(installed by default due
FWIW, this is really a bug in the build daemon that should not
set XDG_RUNTIME_DIR to some incorrect value:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842565
But I'll work around it in the mean time.
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋The Debian Handbook:
Hi,
Philipp, you uploaded the backport. Can you have a look at this report?
Ulrike, did you restart your computer after the upgrade just to make sure
that the dbus service was properly using the new code ?
Thank you in advance.
On Mon, 19 Oct 2020, Ulrike Uhlig wrote:
> Package:
Hi,
On Tue, 07 Jul 2020, Marcos Fouces wrote:
> I also done some work on ganglia-web and ganglia-linux-modules packages
> (also unpublished).
>
> I believe that it is still a good piece of software that deserve its
> place on Debian so i would like to step up as uploader (co-uploaders
>
Hi,
On Thu, 18 Jun 2020, Raphael Hertzog wrote:
> Actually your fix does not work because pkg_resources is not documented in
> setup.py or requirements.txt and thus it will not magically appear in
> ${python3:Depends} just by adding it in Build-Depends.
>
> I opened htt
On Wed, 17 Jun 2020, Emmanuel Arias wrote:
> I've just pushed to salsa the fix, could anyone review it and sponsor
> it, please?
Actually your fix does not work because pkg_resources is not documented in
setup.py or requirements.txt and thus it will not magically appear in
${python3:Depends} just
Hi,
On Wed, 17 Jun 2020, Emmanuel Arias wrote:
> I've just pushed to salsa the fix, could anyone review it and sponsor
> it, please?
I'll take care of it right now.
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/
⠈⠳⣄
Hi,
On Fri, 08 May 2020, Jeremy Bicha wrote:
> Maintainers, please indicate whether you are working on a fix or else
> this package will be removed from Debian Unstable soon. (You can
> always reintroduce the package if you remove the Python2
> dependencies.)
I just looked at the upstream source
Hi,
On Fri, 08 May 2020, Moritz Mühlenhoff wrote:
> > Your package either build-depends, depends on Python2, or uses Python2
> > in the autopkg tests. Please stop using Python2, and fix this issue
> > by one of the following actions.
>
> https://github.com/google/binplist/issues/6 is without
Control: retitle 954582 FTBFS: fatal error: stropts.h: No such file or directory
Control: forcemerge 954582 -1
I was mislead by the title of the other RC bug, it looks like both are
reporting the same underlying issue.
The proper solution seems to be to rebuild python 3.8 against glibc 2.30
and
Control: severity -1 important
On Tue, 18 Feb 2020, Sergio Durigan Junior wrote:
> Thanks for the report.
>
> It's not clear from your description whether tmpa_crtoef.htm is the
> only file that triggers this behaviour, or if this happens with any file
> when you try opening it with Midori.
>
>
Control: forwarded -1 https://github.com/vanhauser-thc/thc-hydra/issues/497
On Tue, 11 Feb 2020, Dominik George wrote:
> The licence of hydra states:
Actually the LICENSE file does not contain that sentence. It's only in the
README and it has been added 3 years ago
> The additional
FTR, upstream just notified me that the latest version available on GitHub
is now ready for Python 3:
https://github.com/websploit/websploit
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/
⠈⠳⣄ Debian Long Term Support:
Hello,
On Tue, 07 Jan 2020, Marco d'Itri wrote:
> #948257
In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948257#105, Ben is
wondering whether the fix should not be done in kmod since the ERROR
displayed is due to a Debian-specific patch that you applied
On Mon, 16 Dec 2019 14:28:33 +0100 Raphael Hertzog wrote:
> Great. Looking forward to it. Do you have any idea how much time you need
> to complete this Python 3 port of websploit?
On the 21th, I got a private reply saying that he might need 20 days
to complete the Python 3 port.
On Wed, 25 Dec 2019, Emmanuel Arias wrote:
> Raphaël, please could you review my patch?
Reviewed and uploaded.
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/
⠈⠳⣄ Debian Long Term Support: https://deb.li/LTS
Hello,
upstream seems to be close to release a Python 3 version, current
WIP is in https://github.com/epinna/weevely3/tree/Debian-master
according to https://github.com/epinna/weevely3/pull/119#issuecomment-568770367
Sending this mail to reset the auto-rm clock, hoping that Samuel will
upload a
Hello,
On Tue, 10 Dec 2019, 0X0Ptim0Us wrote:
> Got it, thank you. I will work on it
Great. Looking forward to it. Do you have any idea how much time you need
to complete this Python 3 port of websploit?
Regards,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋The Debian Handbook:
Hi,
On Fri, 18 Oct 2019, Moritz Mühlenhoff wrote:
> > I started having a look at packaging the new upstream release of
> > rekall, to support python 3 (mostly because rekall is a r-dep of some
> > of the packages i maintain). For now it looks like the most immediate
> > need is to get aff4 ported
On Thu, 17 Oct 2019, Ximin Luo wrote:
> Who is using reprepro to archive Debian Rust packages? That's the first
Anybody who is mirroring Debian unstable with reprepro right now. I have
no special interest in rust, but I do maintain a debian derivative
that we build with reprepro merging debian
Hello Ximin,
On Thu, 17 Oct 2019, Ximin Luo wrote:
> >> Do you have some concrete suggestions on how to improve the tool to reduce
> >> this "abuse"?
> >
> > Yes, I gave you one.
>
> It doesn't work.
Look, I'm not a cargo/rust expert, I won't design the tool for you but I
implemented
On Thu, 17 Oct 2019, Ximin Luo wrote:
> Can you please explain why 256 KB provides field is "abuse"?
Because that's the amount of metadata required for 250 common packages.
> Do you have some concrete suggestions on how to improve the tool to reduce
> this "abuse"?
Yes, I gave you one.
> BTW,
Hi,
On Thu, 17 Oct 2019, Sylvestre Ledru wrote:
> I will see how to add a lintian check to block that from happening again.
FWIW, I already filed #942493 against lintian this morning.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS:
On Thu, 17 Oct 2019, Ximin Luo wrote:
> Control: tags -1 + wontfix
This is clearly not acceptable. You can't ignore problems like this one.
I saw you already broke debian-installer once with the former packages
that overflowed the 16K limit of cdebootstrap. Now it's the turn of
reprepro and this
On Thu, 17 Oct 2019, Raphaël Hertzog wrote:
> For this reason, I'm going to NMU the package and disable/reduce the Provides
> field until you find a reasonable solution.
Uploaded rust-web-sys_0.3.28-1.1_source.changes. It's still 150K but
should make reprepro happy.
I believe it's unreasonable
Control: tag -1 fixed-upstream
On Wed, 11 Sep 2019 14:00:54 +0200 =?utf-8?Q?S=C3=A9bastien?= Delafond
wrote:
> Upstream indicates that:
>
> We are working actively on that subject. So the next release of
> centreon-broker won't need qt4 nor qt5. Qt will be completely removed
> from it.
On Tue, 01 Oct 2019, Didier 'OdyX' Raboud wrote:
> > There are no reverse dependencies of src:shiboken in unstable and it has
> > been replaced by src:pyside2, let's remove from the archive?
>
> As maintainer: agreed!
Can you file the RM request then?
Thank you.
--
Raphaël Hertzog ◈ Debian
Control: tag -1 + pending
On Tue, 13 Aug 2019, peter green wrote:
> While sending https://lists.debian.org/debian-python/2019/08/msg00072.html I
> got
>
> forensics-de...@lists.alioth.debian.org
> (generated fromrek...@packages.debian.org)
> host alioth-lists-mx.debian.net
Hi,
On Sun, 25 Aug 2019, Scott Kitterman wrote:
> If you have lost interest in the package, please let me know so I can ask to
> have it removed.
Don't remove rekall please. There's a new upstream release with Python 3
support. We will get to it eventually.
Cheers,
--
Raphaël Hertzog ◈ Debian
On Sun, 11 Aug 2019, Christian Marillat wrote:
> But bevare fixind the include file path (drm/ttm/ttm_page_alloc.h) doesn't
> work at all the virtualbox doesn't start.
I fixed the path, the build went through. I rebooted my VM and it worked.
What exactly was the failure that you had? Did you
Hi,
On Thu, 15 Aug 2019, Darsey Litzenberger wrote:
> I haven't gotten around to testing, but it looks like maybe all that needs
> to be done is to disable building some of these modules after a certain
> kernel version.
At least I can confirm that if you disable "vboxvideo" from the
dkms
Control: tag -1 + confirmed upstream fixed-upstream
Hi,
On Sat, 20 Jul 2019, peter green wrote:
> elastalert (build-)depends on the python-croniter binary package which
> is no longer built by the python-croniter binary package.
>
> If you want to keep your package in Debian you will probablly
Hi,
On Sun, 23 Jun 2019, Guido Günther wrote:
> > But after a reboot with the good systemd, it began again to work... sorry
> > for the noise!
>
> Thanks for reporting all the details! Should we expect issues with newer
> systemd then or do you deem the problems related to the patches you
>
On Sat, 22 Jun 2019, Raphael Hertzog wrote:
> And despite this I still have the error and yet the libvirt-qemu user
> is part of the kvm group:
> $ id libvirt-qemu
> uid=124(libvirt-qemu) gid=130(kvm) groupes=130(kvm),132(libvirt-qemu)
Still I confirm that the libvirt-qemu user
Control: found -1 5.0.0-3
Control: found -1 5.2.0-2
On Sat, 22 Jun 2019, Raphaël Hertzog wrote:
> For a few days/weeks (I'm not sure when it started exactly), I can no
> longer run my VM with virt-manager.
I tried downgrading to the version in testing, but the problem stayed the
same. I also
Hi,
On Wed, 05 Jun 2019, Michael Biebl wrote:
> systemd-networkd.service in v241 is locked down more tightly then v232.
> It might be worth a try to comment out the hardening features one by one
> to see if one of them causes your problem.
Thanks for the idea! I tried that but it did not help. I
Hi,
On Wed, 05 Jun 2019, Michael Biebl wrote:
> What's the status of this bug?
No progress.
> Can you reproduce it with v242 from experimental?
Yes.
> I guess upstream is waiting for your feedback:
> https://github.com/systemd/systemd/issues/12656#issuecomment-496293294
I will provide my
Control: severity -1 important
On Fri, 08 Mar 2019, Axel Beckert wrote:
> tomb's exhume subcommand calls steghide:
>
> ~ → tomb exhume /tmp/example.jpg
> tomb [E] Steghide not installed: cannot exhume keys from images.
The failure mode is rather clean, I don't think the missing
Hi,
On Thu, 24 Jan 2019, Alf Gaida wrote:
> Commit
> https://salsa.debian.org/dpkg-team/dpkg/commit/4a4619831de8b8972f86b489660dc98f187cfa34.patch
> breaks reprepro.
For reference, that commit says this:
| dpkg-genchanges: Only reference binary packages being uploaded
|
| The .changes file
Hi,
On Sun, 24 Jun 2018, Geoffrey Thomas wrote:
> Upstream is being slow to put out a new release, there's some blocker
> involving the new freetds. I asked if that was resolved yet:
>
> https://github.com/pymssql/pymssql/issues/528
>
> At some point (probably in a month or two, honestly...)
Hi,
On Sat, 26 Jan 2019, Norbert Preining wrote:
> FIrst of all, I cannot reproduce this error on sid, so with all packages
> properly upgraded.
>
> That means, I assume you have a mixed upgrade of packages where it
> fails, is this correct?
Yes, debci triggers autopkgtest of reverse
Hi,
On Thu, 17 Jan 2019, Andreas Beckmann wrote:
> rozofs recently started to FTBFS in an up-to-date sid+experimental
> pbuilder environment:
FWIW, I filed earlier today an RM bug:
https://bugs.debian.org/919568
So I don't plan to handle this bug.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Hello,
just FYI since upstream was unable to port the code to the GObject
Introspection bindings, he started to rewrite the application in
C++ using GTKmm. This is happening in the "future" directory of the
upstream git repository (master branch) and the author shares
some progress information
Hi,
On Sun, 13 Jan 2019, Adrian Bunk wrote:
> Test cases that passed in patchelf 0.8 fail since 0.9,
> and segmentation fault on things like setting rpath
> might be close enough to "entirely broken".
In that case, it would certainly help upstream if someone
(maintainer/porter) could try to "git
Hi,
On Sat, 12 Jan 2019, Adrian Bunk wrote:
> pyside2 is now built without patchelf on mips64el.
>
> Doing the same for mips and mipsel should fix the problem for pivy.
Yeah, but this is not going in the right direction. This means that
pyside will be built with the embedded patchelf. The
Hello Daniel,
we want wireguard in Kali and Kali is based on Debian testing. For now we
imported it manually from Debian Unstable but it's counter-productive,
we have rolling distributions (kali and testing) and an upstream
following a rolling model and yet we don't have its packages
Hi,
On Thu, 13 Sep 2018, 殷啟聰 | Kai-Chung Yan wrote:
> > It would have helped if you had given me the URL of the repository.
> > Anyway, I'm willing to sponsor the update (even though I don't know much
> > about Android Tools) but I have a few comments:
>
> Thank you for the sponsor, it will help
Hello,
On Tue, 11 Sep 2018, 殷啟聰 | Kai-Chung Yan wrote:
> Sorry for being dormant on the matter. We had been in the process of
> updating the whole SDK suite to Oreo but it is blocked by an upload of
> this package. The latest update produces several new packages so I don't
> have the permission
Hello,
this bug on android-platform-system-core is the reason why
apktool got dropped from Debian Testing. I would like it to go back
to Debian Testing.
I saw that the package has many updates in the git repository.
I guess the FTBFS issue is fixed in the new upstream version that you
packaged
Control: affects 904200 acccheck
On Mon, 03 Sep 2018, p...@reseau-libre.net wrote:
> I've updated the acccheck.pl behavior to correct (i hope) the
> CVE-2018-12268. User and password input files are sanitized before any use
> in the generated commandline string. The patch is given attached to
Hi,
On Mon, 27 Aug 2018, Sean Whitton wrote:
> On Mon 27 Aug 2018 at 12:58PM +0200, Raphael Hertzog wrote:
> > Or you could have read dh_linktree's manual page and see that you can
> > use "replace" instead of "deduplicate" to get a weak dependency.
>
>
Hi,
On Sat, 25 Aug 2018, Sean Whitton wrote:
> Urgh.
>
> I am reluctantly (yet gratefully!) working on implementing Ian's
> substvar hack.
Or you could have read dh_linktree's manual page and see that you can
use "replace" instead of "deduplicate" to get a weak dependency.
$ git diff
diff
Hi,
On Wed, 18 Jul 2018, Axel Beckert wrote:
> > Axel mentioned failed bin-nmu but it looks like the bin-nmu worked:
> > https://buildd.debian.org/status/fetch.php?pkg=wcc=amd64=0.0.2%2Bdfsg-3%2Bb2=1531313043=0
>
> Sorry, I deduced that from "uninstallable + FTBFS".
>
> > I downgraded the bug
Control: severity -1 important
Control: tag -1 + unreproducible
Philippe, if you don't put Sylvestre and Axel in copy, they won't get
your mail sent only to 902...@bugs.debian.org.
On Wed, 18 Jul 2018, Philippe Thierry wrote:
> I take a look at the bug you reported and I didn't managed to
Hello Alberto,
it's been 8 years that you haven't touched netkit-tftp and the package
has been removed from Debian testing due to the bug I'm replying to.
Can you take care of fixing the bug and/or properly orphaning the package
if you are no longer interested in it?
Regards,
On Fri, 15 Sep
Hi Simon,
On Wed, 06 Jun 2018, Simon McVittie wrote:
> Since nobody seems to have objected to this and I found myself wanting to
> refer to up-to-date schroot/sbuild source code today, I've imported both
> projects into Salsa using `git push --mirror` from the archives in
>
Hi,
On Thu, 24 May 2018, Johannes Schauer wrote:
> yes, I read about this possibility on debian-devel@ and it sounds intriguing.
> But I neither know how to set up that team on tracker, nor am I convinced yet,
> that it would make sense to do so. Which packages would be maintained by that
> team?
Hi,
On Thu, 24 May 2018, Christoph Biedl wrote:
> as you've probably heard, Debian's alioth services are shutting down.
> This affects your package schroot since the list address
> buildd-tools-de...@lists.alioth.debian.org used in the Maintainer:
> field was not transferred to the alioth-lists
On Mon, 23 Apr 2018, Hideki Yamane wrote:
> Hi,
>
> On Sun, 22 Apr 2018 09:40:54 +1000
> David Margerison wrote:
> > > "$@" is extracted as '' and wget tries to fetch it and fails,
> > > then returns 1.
> >
> > Regarding the proposed fix, in general using $@
Hi,
On Tue, 24 Apr 2018, Hideki Yamane wrote:
> I'll revert below your commit since this regression fix also solve it.
>
> > commit c1c20ed48e83fe9d4f3512c524f7734d4e1469ac
> > Author: Raphaël Hertzog
> > Date: Thu Apr 12 12:18:29 2018 +0200
> >
> > Do not use HTTPS
On Fri, 09 Mar 2018, Adrian Bunk wrote:
> I've prepared an NMU for wcc (versioned as 0.0.2+dfsg-2.1) and uploaded
> it to DELAYED/3. Please feel free to tell me if I should cancel it.
Thanks for this, but I just uploaded a new version with this change and
other cleanups too.
Cheers,
--
Raphaël
Control: severity -1 important
On Sat, 03 Feb 2018, Andreas Metzler wrote:
> > Debug information is in e17-dbgsym,
> > likely the fix is to drop e17-dbg.
>
> This is fixed in experimental.
Why not in unstable? This bug was marked as grave (it probably did not
deserve this severity, but nobody
Hello Michael,
On Thu, 18 Jan 2018, Michael Stapelberg wrote:
> Given that the package’s only purpose is to populate /boot/firmware, may I
> ask why it’s being installed in your builds at all? I’d like to understand
> the use-case before adding code to deal with it.
The package name contains
Hello,
On Wed, 17 Jan 2018, Aurelien Jarno wrote:
> busybox is compiled with -mpreferred-stack-boundary=2 on i386 which has
> the same effect of reducing the default stack alignment from 16 bytes to
> 2 bytes. This comes from arch/i386/Makefile:
>
> | # -mpreferred-stack-boundary=2 is essential
[ Copy to upstream author to know his plans wrt openssl 1.1
and to invite him to review the current patches ]
Hello Stephen,
On Sun, 26 Jun 2016, Stephen Kitt wrote:
> On Sun, 26 Jun 2016 12:23:30 +0200, Kurt Roeckx wrote:
> > If you have problems making things work, feel free
On Sat, 13 Jan 2018, Michael Stapelberg wrote:
> The only change that seems in any way related to me is
> https://anonscm.debian.org/cgit/pkg-raspi/raspi3-firmware.git/commit/?id=c977f0210ab5c577b9d5296e4e4391225a7f85ca
This change is not the cause of the regression. The package fails at
initial
Hello Sylvestre,
On Thu, 07 Dec 2017, Sylvestre Ledru wrote:
> I don't see the patch fixing the issue?!
The debian security tracker has a note with this patch:
https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac
It looks like the problematic "file"
On Tue, 19 Dec 2017, Emilio Pozuelo Monfort wrote:
> > Chris or Thorsten, could you possibly look into what it involves and see
> > whether
> > it's doable on the ftpmaster side ?
>
> Another, easier option would be to declare these packages as unsupported
> security-wise.
I pushed a commit
Hi,
On Tue, 19 Dec 2017, Salvatore Bonaccorso wrote:
> > Actually it got removed from wheezy in the mean time. Since it was
> > marked that way in dla-needed.txt, I pinged the ftp.d.o bug report and
> > pinged Chris Lamb (as ftp assistant) and the package is gone from wheezy:
> >
> > $ rmadison
Hello,
On Sun, 17 Dec 2017, Ola Lundqvist wrote:
> After some more reading I think removing it should be ok anyway. I'll
> change the wording from "will be removed" to "may be removed" to allow
> us the freedom to keep it if nobody takes the action to actually
> remove it.
Actually it got
On Tue, 28 Nov 2017, Goirand Thomas (aka zigo) wrote:
> I did try to purge and it didn't help. The issue is indeed about 2
> kernels installed, though as I wrote, upgrading linux-image-amd64 first
> works arround the problem. So I'm not sure what's going on, really. Any
> hint/clue ?
Run
Hi Thomas,
On Sun, 26 Nov 2017, Thomas Goirand wrote:
> After booting a Stretch live image, I tried to upgrade it to Sid, and
> it fails with this error:
>
> update-initramfs: deferring update (trigger activated)
> cp: target '/lib/live/mount/medium/live/vmlinuz.new' is not a directory
This is
Hello Dominik,
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of xrdp:
https://security-tracker.debian.org/tracker/CVE-2017-16927
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
Hello Sylvestre,
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of ohcount:
https://security-tracker.debian.org/tracker/CVE-2017-16926
Would you like to take care of this yourself?
I tried to file an upstream bug as a first step (since
Hello,
This bug should be quickly fixed because ZFS is broken in Debian
Testing right now, spl-linux migrated already and zfs-linux did not
migrate due to this bug.
Someone reported this problematic mismatch in Kali (which is based on
Debian testing):
https://bugs.kali.org/view.php?id=4351
Hi,
On Tue, 31 Oct 2017, Chris Lamb wrote:
> > Oh, #867254 was only filed for the "trivial" case in sid. But the
> > problem also occurs on upgrades from stretch (openstack-dashboard gets
> > triggered after python-django was upgraded and blows up), which is the
> > case we need the Breaks for.
>
Hello Kurt,
On Fri, 22 Sep 2017, Kurt Roeckx wrote:
> I have to admit that I didn't consider derivatives that take a
> snapshot of testing, and we also seem to have a large amount of
> people that do use testing. My intention was to target the more
> advanced users, and having it in testing might
Source: libpam4j
Severity: serious
Hello,
I just came across libpam4j while handlinge CVE-2017-12197 and I noticed
that:
- the package has not seen an update since 2012
- the package has no reverse dependency in Debian
- upstream seems to have disappeared (the current Homepage URL is dead
and
Source: libpam4j
Version: 1.4-2
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libpam4j.
CVE-2017-12197[0]: libpam4j: Account check bypass
PAM.authentication() does not call pam_acct_mgmt(). As a consequence, the
PAM account is not properly verified. Any user
On Sat, 05 Aug 2017, Jakub Wilk wrote:
> exiv2 FTBFS on i386:
And on amd64 currently too:
dh_makeshlibs -O--parallel -O--buildsystem=cmake
dpkg-gensymbols: avertissement: certains nouveaux symboles sont apparus dans le
fichier des symboles : Veuillez consulter le fichier de différences
Hi,
On Thu, 21 Sep 2017, Sebastian Andrzej Siewior wrote:
> The changes Kurt asked about is something that openssl upstream supports
> and is something that openssl 1.1 considers the right way of doing
> things (in contrast to the disable TLS-version X thingy which are marked
> deprecated or
Hi Kurt,
On Fri, 22 Sep 2017, Kurt Roeckx wrote:
> I have to admit that I didn't consider derivatives that take a
> snapshot of testing, and we also seem to have a large amount of
> people that do use testing. My intention was to target the more
> advanced users, and having it in testing might be
Control: tag -1 + patch
Hello,
On Mon, 18 Sep 2017, SZ Lin wrote:
> CMake Error at nasl/CMakeLists.txt:147 (add_library):
> Target "openvas_nasl_shared" links to item " -lpcap" which has leading or
> trailing whitespace. This is now an error according to policy CMP0004.
>
> This issue is caused
On Mon, 11 Sep 2017, Philipp Kern wrote:
> https://packages.qa.debian.org/o/openssl/news/20170824T211015Z.html seems to
> have pushed this onto client applications? I.e. it's no longer hard disabled
> but client applications need to explicitly enable them?
Yes, I'm aware of that but Kurt never
[ Copy to the Debian bugtracker ]
Hello Christian,
a few security issues have been reported against libgig:
http://seclists.org/fulldisclosure/2017/Aug/39
The reproducer files are attached too:
http://seclists.org/fulldisclosure/2017/Aug/att-39/poc_zip.bin
I wanted to check that you were aware
Source: libgig
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for libgig. See
http://seclists.org/fulldisclosure/2017/Aug/39 for the initial report
with reproducer files.
1 - 100 of 699 matches
Mail list logo