On 31/01/2022 19:39, Paul Gevers wrote:
Source: pure-ftpd
Version: 1.0.49-4.1
Severity: serious
Control: close -1 1.0.50-2
Tags: sid bookworm pending
User: release.debian@packages.debian.org
Usertags: out-of-sync
Dear maintainer(s),
The Release Team considers packages that are out-of-sync
On 1/18/21 11:55 PM, Andreas Beckmann wrote:
> Followup-For: Bug #943874
> Control: tag -1 patch pending
>
> Hi,
>
> I'm attaching a patch that tries to clean up the docdir symlink mess.
> The package is already uploaded to DELAYED/5.
>
>
> Andreas
>
Thanks a lot for your fixes!
Regards
On 12/7/20 10:52 AM, Sylvain Beucler wrote:
> Hi,
>
> On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)"
> wrote:
>> On 10/7/20 3:03 PM, Sylvain Beucler wrote:
>> > I noticed this local root escalation yesterday and I'm working on a
>>
On 10/7/20 3:03 PM, Sylvain Beucler wrote:
> Hi,
>
> I noticed this local root escalation yesterday and I'm working on a
> Stretch LTS update.
> See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1
>
> Are there plans to update buster?
>
> Cheers!
> Sylvain
>
Hello Sylvain,
package: sympa
severity: critical
tags: upstream security patch
Security advisory: https://sympa-community.github.io/security/2020-002.html
Excerpt:
--snip--
A vulnerability has been discovered in Sympa web interface by which attacker
can execute arbitrary code with root
privileges.
Sympa
package: sympa
severity: critical
version: 6.2.40~dfsg-3
tags: patch
A vulnerability has been discovered in Sympa web interface that can
cause denial of service (DoS) attack.
By submitting requests with malformed parameters, this flaw allows to
create junk files in Sympa's directory for
On 9/16/19 3:53 PM, Thomas Deutschmann wrote:
> Source: pure-ftpd
> Severity: grave
> Justification: causes non-serious data loss
>
> Dear Maintainer,
>
> please consider disabling TLS 1.3 support.
>
> While you added TLS 1.3 compatibility through bug 918630, this uncovered
> a grave bug in
Hello Daniel,
sorry for the very, very late answer to your bug report.
This problem still exists in current Sympa and I actually suspect that you are
correct and this a problem with
Cookie handling.
It actually results in *changing* the current password.
Regards
Racke
--
Ecommerce
Hello,
attached is a patch to skip install of python-mode for Xemacs21.
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
--- python-mode-6.2.3/debian/emacsen-install 2017-01-17
I think the main problem is that xemacs21 is quite stale, latest upstream
release dating back to 2013.
Thus it doesn't support (string-to-syntax)
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning
This even happens on a normal system - looks like it enters an infinite loop:
Loading 50w3m-el...
Loading 20apel...
Loading 50flim...
Loading 50w3m-el...
Loading 20apel...
Loading 50flim...
Loading 50w3m-el...
Loading 20apel...
Loading 50flim...
Loading 50w3m-el...
Loading 20apel...
Loading
Package: sympa
Version: 6.2.20~dfsg-2
Severity: serious
upgrade_send_spool.pl could leave some messages not upgraded [diff]
"sympa.pl --change_user_email" was broken GH #65
Next release is planned for 1st of October.
Regards
Racke
--
Ecommerce and Linux consulting + Perl and
On 07/05/2017 10:42 PM, Daniel Gnoutcheff wrote:
> Control: found -1 6.1.23~dfsg-2+deb8u1
>
> I've experienced this on jessie as well when upgrading from
> 6.1.23~dfsg-2 to 6.1.23~dfsg-2+deb8u1 for the 8.7 point release.
>
> The listmaster directive in /etc/sympa/sympa.conf got clobbered,
On 07/18/2017 01:02 AM, Adrian Bunk wrote:
> Source: sympa
> Version: 6.2.16~dfsg-4
> Severity: serious
>
> https://buildd.debian.org/status/package.php?p=sympa=sid
>
> ...
> checking for pod2man... /usr/bin/pod2man
> checking for makemap... /usr/bin/makemap
> checking user-supplied newaliases
ase use
> dpkg-maintscript-helper rm_conffile
> to remove it properly (also from dpkg's database).
>
>
> cheers,
>
> Andreas
>
Patch attached.
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.
co
On 06/10/2017 03:06 PM, Stefan Hornburg (Racke) wrote:
> On 06/10/2017 02:02 PM, Andreas Beckmann wrote:
>> Package: sympa
>> Version: 6.2.16~dfsg-3
>> Severity: serious
>> User: debian...@lists.debian.org
>> Usertags: piuparts
>>
>> Hi,
>>
&g
On 06/10/2017 02:02 PM, Andreas Beckmann wrote:
> Package: sympa
> Version: 6.2.16~dfsg-3
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed your package modifies conffiles.
> This is forbidden by the policy, see
>
On 05/30/2017 03:38 PM, Dominik George wrote:
> Hi,
>
>> In this case the head command might not be in the path Sympa is seeing.
>> Could you please test if
>> `/usr/bin/head ...` works for you?
>
> Yes, it does.
>
> -nik
>
OK, thanks a lot. I'll adjust the default settings for the
On 05/30/2017 10:35 AM, Dominik George wrote:
> Hi,
>
>> The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian
>> package,
>> so this hasn't changed?
>
> Confirmed.
>
>>
>> What are the permissions of the cookie file?
>
> 640 owned by sympa:sympa
>
> I have placed debugging
On 05/30/2017 09:37 AM, Dominik George wrote:
> Package: sympa
> Version: 6.2.16~dfsg-3
> Severity: grave
> Justification: renders package unusable
>
> SYMPA suddenly refuses to start with:
>
> May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter
> has changed. You may
On 04/04/2017 07:01 AM, Mattia Rizzolo wrote:
> Control: tags 848015 + patch
> Control: tags 848015 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for ciphersaber (versioned as 1.01-2.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
>
>
On 07/03/2016 07:07 PM, Andreas Beckmann wrote:
> Package: courier-mta
> Version: 0.76.1-3+exp1
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed your package failed to install. As
> per definition of the release team
On 07/12/2014 10:12 AM, Willi Mann wrote:
Package: sqwebmail
Version: 0.73.1-1.2
Severity: serious
Justification: fails to install
Hi Racke,
sqwebmail fails to install if the directory /var/www does not exist (which
apparently does not exist if nginx is installed as httpd-cgi):
On 03/17/2014 03:25 AM, Thomas L Marshall wrote:
Package: courier-maildrop
Version: 0.73.1-1
Severity: grave
Tags: d-i
Justification: renders package unusable
Dear Maintainer,
After upgrading to courier-maildrop_0.73.1-1_amd64.deb, my email server begin
bouncing messages with the
severity 741620 grave
thanks
On 03/14/2014 04:38 PM, Joey Hess wrote:
Package: courier-imap-ssl
Version: 4.15-1
Severity: normal
Establishing connection to kitenet.net:143
ERROR: While attempting to sync account 'joey'
command: CAPABILITY = socket error: class 'ssl.SSLError' - [Errno
On 11/21/2013 08:01 AM, Andreas Rittershofer wrote:
Package: courier-pop-ssl
Version: 0.68.2-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
apt-get upgrade
* What was the outcome of this action?
apt-get is not
Package: courier-pop-ssl
Version: 0.73.1-0.1
Severity: grave
Justification: renders package unusable
It fails on a fresh install on my system:
Setting up courier-pop-ssl (0.73.1-0.1) ...
cp: not writing through dangling symlink ‘/usr/lib/courier/pop3d.pem’
dpkg: error processing package
tags 730086 unreproducible
severity 730086 important
thanks
On 11/21/2013 08:01 AM, Andreas Rittershofer wrote:
Package: courier-pop-ssl
Version: 0.68.2-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
apt-get upgrade
package: dh-make-drupal
version: 1.6-1
severity: grave
racke@argus:~/build$ dh-make-drupal google_analytics
/usr/bin/dh-make-drupal:695:in `fetch_data': undefined method `search' for
nil:NilClass (NoMethodError)
from /usr/bin/dh-make-drupal:747:in `for'
from
package: request-tracker4
severity: critical
tags: security
From the RT mailing lists:
We have determined a number of security vulnerabilities which affect
both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and
4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as
package: request-tracker3.8
severity: critical
tags: security
From the RT mailing lists:
We have determined a number of security vulnerabilities which affect
both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and
4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as
Hello,
on my local machine it fails too in my sid /chroot. Building the package
from my installed wheezy works fine.
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP = http://www.icdevgroup.org/
Interchange
On 04/18/2012 11:40 AM, Alberto Serrano wrote:
Hi Racke,
We have been experiencing the same issue since upgrade to 0.67.0 (yesterday
at 19:00 GMT+2 approx.). Imap server connections don't work properly
anymore.
In /var/log/syslog, the imap log entries stop after initial connection:
Apr
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote:
Package: courier-imap
Version: 4.10.0-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
An update.
* What exactly did you do (or not do) that was effective (or
On 04/18/2012 01:25 PM, Jesse Molina wrote:
Here an FYI of a problem I had recently. I doubt this is the same issue, but
I'll write it up anyway for posterity.
I had a similar issue about a week ago when I updated some courier related
packages.
The issue turned out to be some kind of
On 04/18/2012 02:15 PM, Alberto Serrano wrote:
Confirmed. After installing fam, the problem is solved:
# apt-get install fam libfam0
So it was probably related to the recent upgrade of libgamin0 0.1.10-4.
Thanks again,
Alberto.
PS: To those applying this workaround. Do not install only
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote:
Package: courier-imap
Version: 4.10.0-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
An update.
* What exactly did you do (or not do) that was effective (or
On 04/01/2011 08:19 PM, Ralf Treinen wrote:
Package: courier-mta,dot-forward
Version: courier-mta/0.65.3-2
Version: dot-forward/1:0.71-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Date: 2011-04-01
Architecture: amd64
Distribution: sid
Hi,
automatic installation
On 09/01/2011 11:05 PM, Igor Sverkos wrote:
Hi,
please correct me, but the current Debian stable (squeeze) looks still
vulnerable:
root@squeeze /root # apt-show-versions pure-ftpd
pure-ftpd/squeeze uptodate 1.0.28-3
Did you forget to create an update for the stable branch?
That's
package: pure-ftpd, pure-ftpd-mysql, pure-ftpd-postgresql
severity: serious
tag: security
From the author on the Pure-FTPd mailinglist:
--snip--
A new 0-day multiple vendors vulnerability in the glob(3) function
has been published.
A command like STAT {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote:
Source: courier
Version: 0.65.3-2
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110408 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your package failed to build on
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote:
Source: courier
Version: 0.65.3-2
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110408 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your package failed to build on
package: pure-ftpd
tags: security
severity: grave
The new release 1.0.30 fixes a flaw similar to Postfix's CVE-2011-0411 by
clearing the command-line buffer after switching to TLS.
Reference:
http://tech.groups.yahoo.com/group/postfix-users/message/275069
Regards
Racke
--
LinuXia
Hello,
I asked on the mailing list for a single patch which fixes the TLS security
flaw so we can use it for stable and maybe oldstable security upgrade.
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP =
Hello,
The patch can be found on GitHub:
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP = http://www.icdevgroup.org/
On 01/07/2011 07:23 PM, Mehdi Dogguy wrote:
On 0, Stefan Hornburg (Racke)ra...@linuxia.de wrote:
On 12/29/2010 06:20 PM, Christian PERRIER wrote:
I got a verbal ACK from at least one release team member that fixing
the Portuguese debconf translation update for squeeze (with a t-p-u
upload
On 12/29/2010 06:20 PM, Christian PERRIER wrote:
I got a verbal ACK from at least one release team member that fixing
the Portuguese debconf translation update for squeeze (with a t-p-u
upload) would be OK.
I was indeed about to build such upload when I got pointed by Julien
to this RC bug.
On 12/11/2010 01:41 AM, Lucas Nussbaum wrote:
Package: sympa
Version: 6.0.1+dfsg-3
Severity: serious
User: debian...@lists.debian.org
Usertags: instest-20101207 instest
Hi,
While testing the installation of all packages in squeeze, I ran
into the following problem:
[..]
+ echo Not
On 11/13/2010 09:59 PM, Julien Cristau wrote:
On Tue, Nov 2, 2010 at 12:27:59 +0100, Stefan Hornburg (Racke) wrote:
On 11/02/2010 12:25 PM, Julien Cristau wrote:
On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote:
On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote
On 11/02/2010 09:20 PM, Adam D. Barratt wrote:
On Tue, 2010-11-02 at 12:27 +0100, Stefan Hornburg (Racke) wrote:
On 11/02/2010 12:25 PM, Julien Cristau wrote:
On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote:
On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote:
Err
On 11/02/2010 12:25 PM, Julien Cristau wrote:
On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote:
On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote:
On Tue, Aug 31, 2010 at 15:00:32 +0200, Stefan Hornburg (Racke) wrote:
Fix applied to Git:
http://git.debian.org/?p
package: sympa
version: 6.1.1~dfsg-1
severity: grave
Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes failure
of postinst script:
Setting up sympa (6.1.1~dfsg-1) ...
dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf
dbconfig-common: flushing
On 10/26/2010 10:18 PM, Stefan Hornburg (Racke) wrote:
package: sympa
version: 6.1.1~dfsg-1
severity: grave
Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes
failure
of postinst script:
Setting up sympa (6.1.1~dfsg-1) ...
dbconfig-common: writing config to /etc/dbconfig
On 09/23/2010 06:54 AM, Thomas Goirand wrote:
Hi,
Here's a patch to fix the issue. Do you agree that is the way to fix it,
and would you accept that I NMU this fix, so that it has a chance to get
into Squeeze soon?
Thomas Goirand (zigo)
I'm going to upload fixed packages myself.
Regards
On 09/23/2010 06:54 AM, Thomas Goirand wrote:
Hi,
Here's a patch to fix the issue. Do you agree that is the way to fix it,
and would you accept that I NMU this fix, so that it has a chance to get
into Squeeze soon?
Thomas Goirand (zigo)
I'm going to upload a fixed version myself.
Thanks for
On 09/19/2010 07:52 PM, Thomas Goirand wrote:
Package: courier-imap
Version: 4.8.0-1
Severity: grave
In the file /etc/courier/imapd, there is the following:
IMAP_ULIMITD=65536
While it doesn't seem so problematic under i386, under amd64 arch, each time
I want to setup a server with
On 08/25/2010 01:59 PM, Stefan Hornburg (Racke) wrote:
On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote:
Package: sympa
Version: 6.0.1+dfsg-2
Severity: critical
{,family,bounce}queue binaries are now installed in
/usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will
breaks
On 08/26/2010 09:49 AM, Jonas Smedegaard wrote:
On Thu, Aug 26, 2010 at 08:24:46AM +0200, Emmanuel Bouthenot wrote:
Well, you not experiencing problems avoiding Recommends do not really
change the Debian definition of the Recommends: stanza:
`Recommends'
This declares a strong, but not
On 08/24/2010 11:44 AM, Jonas Smedegaard wrote:
Hi Emmanuel,
On Mon, Aug 23, 2010 at 09:20:38PM +0200, Emmanuel Bouthenot wrote:
Package: sympa
Version: 6.0.1+dfsg-2
Severity: grave
To start correctly, task_manager.pl daemon expects
/usr/share/sympa/default/ca-bundle.crt to be a valid symlink
On 08/25/2010 09:11 AM, Emmanuel Bouthenot wrote:
When not respecting recommends, you cannot expect package to work
out of the box but will need some hand-tuning to get working.
I never install Recommends on my Debian machines (servers, desktop,
laptop). It's the first time I encounter such
On 08/25/2010 10:34 AM, Jonas Smedegaard wrote:
On Wed, Aug 25, 2010 at 09:18:36AM +0200, Stefan Hornburg (Racke) wrote:
IMHO Sympa daemons should work without packages in Recommends.
And ca-certificates isn't really a problem to be depend on.
Is S/MIME a mandatory or optional feature
On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote:
Package: sympa
Version: 6.0.1+dfsg-2
Severity: critical
{,family,bounce}queue binaries are now installed in
/usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will
breaks mail aliases used by SYMPA during the upgrade from Lenny
On 06/01/2010 03:05 AM, Paul Szabo wrote:
Package: courier-faxmail
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package depends on ghostscript, and may be affected.
On 06/01/2010 03:05 AM, Paul Szabo wrote:
Package: courier-faxmail
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package depends on ghostscript, and may be affected.
On 06/01/2010 01:18 AM, Adam Warner wrote:
Package: courier
Version: 0.64.2-1
Severity: grave
Upstream has the patch:
http://sourceforge.net/mailarchive/forum.php?thread_name=4BA4F266.3080603%40linuxia.deforum_name=courier-users
Thunderbird chokes on that and requests a login again, claiming a
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote:
Dear Racke,
What kind of fixes do you have in mind?
Please add the -P- option to all $GS invocations.
OK, I'll do so today. I just wonder why this option isn't mentioned
in the gs manpage.
Regards
Racke
--
LinuXia
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote:
Dear Racke,
What kind of fixes do you have in mind?
Please add the -P- option to all $GS invocations.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
On 05/06/2010 10:35 PM, Sascha Silbe wrote:
I've worked around this by killing the remaining courier processes
manually (pkill -f courier) and hacking
/var/lib/dpkg/info/courier-authdaemon.prerm to do exit 0 immediately.
Courier is now gone from my system.
CU Sascha
OK, thanks for the
severity 436266 important
thanks
On 05/03/2010 11:04 PM, Olaf van der Spek wrote:
severity 436266 serious
thanks
This one leads to data loss...
I don't consider this a serious data loss. Volatile and discarded
data has to be purged at some point.
Of course, the default setting can still be
On 04/28/2010 04:23 PM, Malte S. Stretz wrote:
Package: sympa
Version: 6.0.1-1
Severity: grave
Justification: renders package unusable
Startup will fail because the following Perl libraries aren't automatically
pulled in:
libfile-copy-recursive
libnet-netmask-perl
libterm-progressbar-perl
package: interchange
severity: critical
tags: security, fixed-upstream
Interchange 5.7.6 closes a potential HTTP response splitting
vulnerability.
For details see http://www.icdevgroup.org/i/dev/news?mv_arg=00042.
The patch to fix the vulnerability is here:
Stefan Hornburg (Racke) wrote:
package: courier
severity: serious
Courier packages fail to build on sid (AMD64 architecture). The error
message is:
/usr/bin/libtool --tag=CXX --mode=link g++ -Wall -I./.. -I..
-I./../afx -I./../rfc822 -I./libs -g -O2 -lcrypt -o aliaslookup
aliaslookup.o
package: drupal6
severity: critical
tags: security
* Advisory ID: DRUPAL-SA-CORE-2010-001
* Project: Drupal core
* Version: 5.x, 6.x
* Date: 2010-March-03
* Security risk: Critical
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities
DESCRIPTION
Jan Dittberner wrote:
I patched debian/rules to use the system libtool to fix this FTBFS and
NMUed it at BSP Mönchengladbach.
That's great. Please send me the patch.
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
Ansgar Burchardt wrote:
Source: sympa
Version: 5.4.7-1
Severity: serious
Justification: FTBFS
Hi,
sympa failed to build [1] on hppa, hurd-i386, ia64, mips, mipsel, sparc
because libmime-base64-perl is no longer a real package and sympa has a
versioned build-dep on it.
Replacing the build-dep
Ansgar Burchardt wrote:
Hi,
Stefan Hornburg (Racke) ra...@linuxia.de writes:
So why does it fail if perl is present? That seems odd to me.
Some buildds will not consider alternative dependencies, others may do
so. Many buildds run different versions of sbuild (see also for example
#541342
Michael Gilbert wrote:
Package: courier-authlib
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for libtool. I have determined that this package embeds a
vulnerable copy of the libtool source code. However, since this is a
mass bug
Package: request-tracker3.6
Tag: security
Severity: critical
http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html
RT 3.8.6 is not affected.
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP
tags 555087 + confirmed patch
thanks
Heiner Markert wrote:
Package: courier-mta
Version: 0.59.0-3
Severity: serious
--- Please enter the report below this line. ---
When performing
apt-get install courier-mta
on an otherwise clean squeeze system, dpkg fails with an post-install script
error
Heiner Markert wrote:
Package: courier-mta
Version: 0.59.0-3
Severity: serious
--- Please enter the report below this line. ---
When performing
apt-get install courier-mta
on an otherwise clean squeeze system, dpkg fails with an post-install script
error in package courier-mta.
Installing the
tag 554182 + pending confirmed
thanks
Manoj Srivastava wrote:
Package: courier
Version: 0.63.0-1
Severity: serious
User: lintian-ma...@debian.org
Usertags: missing-build-dependency
The package doesn't specify a build dependency on a package that is
used in debian/rules. Also, it depends on
tag 553539 + confirmed fixed-upstream
thanks
Manoj Srivastava wrote:
Package: interchange-ui
Version: 5.7.2-1
Severity: serious
User: lintian-ma...@debian.org
Usertags: dir-or-file-in-var-www
Debian packages should not install files under /var/www. This is not
one of the /var directories in
Barry deFreese wrote:
Hi,
What's the status of this. It is from 2006 but interchange has been in
testing for a while now.
Hello, Barry!
Interchange has moved its documentation system, so it'll take a while
to adjust the package accordingly.
Regards
Racke
--
LinuXia Systems =
Olivier Berger wrote:
On Sun, Sep 20, 2009 at 02:52:53PM +0200, Ralf Treinen wrote:
Unpacking sympa (from .../sympa_5.4.7-1_amd64.deb) ...
dpkg: error processing /var/cache/apt/archives/sympa_5.4.7-1_amd64.deb
(--unpack):
trying to overwrite '/usr/bin/task_manager', which is also in package
Laurent Bonnaud wrote:
Package: courier-base
Version: 0.61.2-1
Justification: postinst script must not fail
Severity: serious
Hi,
here is the problem:
Setting up courier-base (0.61.2-1) ...
update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz
is already managed by
Erwan David wrote:
On Tue, Mar 03, 2009 at 11:01:20AM CET, Stefan Hornburg ra...@linuxia.de said:
Erwan David wrote:
Package: courier-imap-ssl
Version: 4.4.0-2
Severity: grave
Justification: renders package unusable
Since upgrade to lenny, I cannot get a ssl connection with
courier-imap. Here
Raphael Geissert wrote:
Source: interchange
Severity: grave
Version: 5.6.0-1
Tags: security
Hi,
The following SA (Secunia Advisory) id was published for interchange.
SA32658[1]:
Some vulnerabilities have been reported in Interchange, which can be
exploited by malicious people to conduct
Luk Claes wrote:
Hi
Any news from upstream? Can we expect an upload shortly?
No word from upstream.
Regards
Racke
--
LinuXia Systems = http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP = http://www.icdevgroup.org/
Interchange Development
Luk Claes wrote:
Stefan Hornburg (Racke) wrote:
Luk Claes wrote:
Hi
Any news from upstream? Can we expect an upload shortly?
No word from upstream.
Will you upload a version that at least takes care of being able to
recover from a power failure like the patch submitter proposes?
We have
Niko Tyni wrote:
severity 501605 serious
tag 501605 - unreproducible
thanks
On Thu, Oct 09, 2008 at 01:42:39PM +0200, Patrick Schoenfeld wrote:
Severity 501605 important
thanks
I have tested the installation of sympa as well and I can't reproduce
the problem. Additional I auditted the
Thomas Viehmann wrote:
Hi,
sympa has two RC bugs open for about one month, #496520 about insecure
usage of tmp (which looks at least partially fixed upstream, but has no
maintainer response) and #498144 about problems on upgrade (with an
initial maintainer response will investigate, also
Thomas Viehmann wrote:
Hi,
sympa has two RC bugs open for about one month, #496520 about insecure
usage of tmp (which looks at least partially fixed upstream, but has no
maintainer response) and #498144 about problems on upgrade (with an
initial maintainer response will investigate, also
Lucas Nussbaum wrote:
On 03/10/08 at 15:21 +0200, Olivier Berger wrote:
Le vendredi 03 octobre 2008 à 12:43 +0200, Thomas Viehmann a écrit :
It does not seem to have reverse dependencies. There are a few users
(double digit popcon), but not exceedingly many.
As it is on the servers, I assume
Steve Langasek wrote:
On Wed, Jul 30, 2008 at 09:18:55PM +0300, Teodor wrote:
I didn't received any response from the alpha buildd admins, maybe the
message was lost. Is there anyone who can tell where the problem is
and fix it?
Can you unblock it also? It is 26 days old and it could migrate
Steffen Joeris wrote:
Package: courier-authlib
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
It was announced that courier-authlib suffers from a sql injection
vulnerability with MySQL databases that use non-Latin character
sets.
For more information see
Simon Josefsson wrote:
Severity: serious
Package: courier
Version: 0.59.0-1
User: [EMAIL PROTECTED]
Usertags: nonfree-doc rfc
Hi!
This source package contains the following files that claim to be
released under the non-free IETF license in RFC 2026:
Stefan Hornburg wrote:
Nico Golde wrote:
Hi,
the attached patch fixes this issue.
It will be also archive on:
http://people.debian.org/~nion/nmu-diff/sympa-5.3.4-3_5.3.4-3.1.patch
sympa_5.3.4-4_i386.changes uploaded successfully to localhost
along with the files:
sympa_5.3.4-4.dsc
Willi Mann wrote:
I don't know if it should supply it, but it doesn't.
Hi Racke, hi Lucas!
Why don't we just ship the directory /usr/lib/cgi-bin in the sqwebmail
package? Except for a lintian warning (empty directory), that should
work, AFAIK, as a directory can be owned by more than one
Lucas Nussbaum wrote:
Package: sqwebmail
Version: 0.58.0-1
Severity: serious
In a clean chroot:
Setting up sqwebmail (0.58.0-1) ...
cp: cannot create regular file `/usr/lib/cgi-bin/sqwebmail': No such file or
directory
dpkg: error processing sqwebmail (--configure):
subprocess
Lucas Nussbaum wrote:
On 25/01/08 at 13:48 +0100, Stefan Hornburg (Racke) wrote:
Lucas Nussbaum wrote:
On 25/01/08 at 13:02 +0100, Stefan Hornburg (Racke) wrote:
Lucas Nussbaum wrote:
Package: sqwebmail
Version: 0.58.0-1
Severity: serious
In a clean chroot:
Setting up sqwebmail (0.58.0
1 - 100 of 131 matches
Mail list logo