* added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
tcltags.sh so they use mktemp instead of insecure $$ construction to
create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be
On Tue, Jan 18, 2005 at 11:38:55PM +0100, Thomas Schmidt wrote:
Well, it seems that there are different opinions in this case - some
developers (you for example) say that system users should be removed
when the package is purged, some say that it is no problem if the
user is not deleted.
Processing commands for [EMAIL PROTECTED]:
tags 289595 sid
Bug#289595: libofx0c102: library version changed but package name did not
There were no tags set.
Tags added: sid
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
El Martes 18 Enero 2005 14:14, Steve Langasek escribió:
tags 289646 experimental
thanks
Matias,
I am not able to reproduce this bug using the packages in sarge. Can you
please downgrade kdelibs4 on your system to the version in unstable, to
confirm whether this bug still exists for you?
El Miércoles 19 Enero 2005 01:08, Adeodato Simó escribió:
reassign 289646 kdelibs4
tags 289646 - experimental
tags 289646 + sid
thanks
* Matías Costa [Mon, 10 Jan 2005 11:33:09 +0100]:
Hi Matías,
kbabel crashes (SIGSEGV) with certain entries. This makes imposible to
work. You can find
Package: tetex-bin
Version: 2.0.2-26
Severity: grave
Tags: security patch
Hi,
seems to be another overflow in the xpdf library.
http://www.securityfocus.com/archive/1/387583
patch available at the vendor site:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Yet I didn't have the time,
Hi Javier!
Javier Fernández-Sanguino Peña [2005-01-19 9:08 +0100]:
* added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
tcltags.sh so they use mktemp instead of insecure $$ construction to
create temporary files (CAN-2005-0069) (closes: #289560)
A few
.
==
Candidate: CAN-2004-1378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1378
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050119
Category: SF
Reference: BUGTRAQ:20040920 Possible DoS attack against jabberd 1.4.3 and
jadc2s 0.9.0
Reference: URL:http
Jamie Heilman [2005-01-18 10:42 -0800]:
Changes:
sysfsutils (1.2.0-2) unstable; urgency=low
.
* sysfsutils.init: Use shell bash instead of sh. (closes: #291011)
Please do not use bash, just fix the real problem, I offered a patch
in #291022 which does this (and more).
What is
Processing commands for [EMAIL PROTECTED]:
tags 291153 + sid
Bug#291153: Can't load/install gnucash into unstable
There were no tags set.
Tags added: sid
stop
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian
Martin Pitt wrote:
Jamie Heilman [2005-01-18 10:42 -0800]:
Changes:
sysfsutils (1.2.0-2) unstable; urgency=low
.
* sysfsutils.init: Use shell bash instead of sh. (closes: #291011)
Please do not use bash, just fix the real problem, I offered a patch
in #291022 which does
tags 291153 + sid
stop
On 19.01.05 Russell Sutherland ([EMAIL PROTECTED]) wrote:
I can't install the gnucash package onto an
updated unstable system. The error message is as follows:
# apt-get install gnucash
Reading Package Lists... Done
Building Dependency Tree... Done
On Wed, Jan 19, 2005 at 10:24:20AM +0100, Martin Pitt wrote:
I read your patch, but I deliberately wrote my own very simple
version, because:
Martin, just to get things straight, my comments are not directed
towards you, but towards the vim maintainer.
- I wanted to avoid the tempfile race
Martin Schulze wrote:
--- mod_auth_radius.c~2003-03-24 20:16:15.0 +0100
+++ mod_auth_radius.c 2005-01-13 13:01:42.0 +0100
@@ -971,8 +971,11 @@ find_attribute(radius_packet_t *packet,
}
return attr;
}
-#define radcpy(STRING, ATTR) {memcpy(STRING, ATTR-data,
Michael Banck:
The package builds fine like that, it's just the additional kernel
modules which need to be built by a different script, AIUI
Steve Langasek:
well, here's the thing. the source package does build if you run
the normal debian/rules commands; but those binary packages that
Sven Luther wrote:
severity 242068 grave
thanks
Maybe this explanation should be added here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286305msg=7
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
Your message dated Wed, 19 Jan 2005 07:17:16 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#289976: fixed in libapache-mod-auth-radius 1.5.7-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the
Le Sat, 15 Jan 2005 12:10:51 -0500
Justin Pryzby [EMAIL PROTECTED] a écrit :
On Sat, Jan 15, 2005 at 04:41:12PM +0100, Sébastien Lardière wrote:
Package: sylpheed-claws-gtk2
Version: 0.9.12cvs187.1-1
Severity: grave
Tags: experimental
Justification: renders package unusable
This
Processing commands for [EMAIL PROTECTED]:
tags 291143 sid
Bug#291143: openswan: FTBFS: Missing build dependency.
There were no tags set.
Tags added: sid
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian
Processing commands for [EMAIL PROTECTED]:
tags 291132 sid
Bug#291132: perdition: FTBFS: Using non PIC code in shared lib.
There were no tags set.
Tags added: sid
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Package: csmash
Version: 0.6.6-5
Severity: grave
Justification: renders package unusable
since update 0.6.6-5 the playing window is totally black !
otherwise the game seems to be running ok :-)
this holds with or without fullscreen and on both of my machines
(a desktop PC with linux 2.6.7 and a
* Thomas Hood
| What is the best way to run a command if and only if it is on the PATH?
findcommand() {
while [ $# -ge 1 ]; do
P=$PATH
while [ $P ]; do
D=${P%%:*}
P=${P#*:}
if [ $D = $P ]; then
P=
fi
Processing commands for [EMAIL PROTECTED]:
tag 291209 confirmed
Bug#291209: csmash window black !
There were no tags set.
Tags added: confirmed
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.5
tags 290638 fixed-upstream
Bug#290638: sylpheed-claws-gtk2: Freeze with new Gtk 2.6 libraries
Tags were: experimental
Tags added: fixed-upstream
End of message, stopping processing
tag 291209 confirmed
thanks
On my laptop, the window is not black, but mostly white. The top of
the window looks distorted. Sound seems to be okay.
Justin
On Wed, Jan 19, 2005 at 01:54:16PM +0100, vu-ngoc.san wrote:
Package: csmash
Version: 0.6.6-5
Severity: grave
Justification: renders
Hi,
I just fixed this bug, it's in 1.0.0cvs2.2. The culprit was trayicon, so
just updating this package should fix it.
See bugzilla for more info.
--
Colin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Your message dated Wed, 19 Jan 2005 09:32:44 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#290855: fixed in postfix 2.1.5-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now
Package: mozilla-firefox
Version: 1.0+dfsg.1-2
Severity: grave
Justification: renders package unusable
Just seg faults when I try to start it.
[EMAIL PROTECTED]:~$ firefox -V
FIREFOX_DSP=
APPLICATION_ID=firefox
CMDLINE_DISPLAY=
DISPLAY=:0.0
REMOTE=0
TRY_USE_EXIST=0
OPTIONS=
DEBUG=0
DEBUGGER=
In version 040926-3 i added a run test in debian/rules to ensure the
package build was failing when built on 64bits architectures. It appears
it fails running on many other architectures.
I already asked for removal (#276212) on 64bits architectures and will
soon do so on all the missing ones. It
* Pietro Abate ([EMAIL PROTECTED]) wrote:
I'm using ldap together with kerberos (that works ok). After installing
the following packages libnss-ldap libdb3-util libsasl7 I get
Something about that doesn't add up- why are you installing libsasl7?
Everything should be using libsasl2. Can you
Package: pmount
Version: 0.0.4
Severity: serious
Hi,
Your package is failing to build with the following error:
mke2fs 1.36-rc2 (11-Jan-2005)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128 inodes, 1024 blocks
51 blocks (4.98%) reserved for the super user
Package: gengameng
Version: 4.1-5
Severity: serious
Hi,
Your package is failing to build with the following error:
/bin/sh ../../libtool --mode=link c++ -g -O2 -o libgengameng.la -rpath
/usr/lib -version-info 4:1:0 -no-undefined GameEngine.lo PixmapArray.lo
PixmapLoadError.lo Sprite.lo
Package: kernel-patch-2.6.8-hppa
Version: 2.6.8-4
Severity: serious
It seems that kernel-patch-2.6.8-hppa doesn't work with
kernel-source-2.6.8 (ie version 2.6.8-12), so it is simply unuseable:
START applying hppa_2_6_8 patch (hppa architecture)
Testing whether hppa architecture patch for 2.6.8
Package: specimen
Version: 0.4.3-1
Severity: grave
Justification: renders package unusable
specimen is in sid with an apparent dependency on libphat0,
which does not exist.
# apt-get -t unstable install specimen
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could
Package: kpdf
Severity: grave
Tags: security sarge sid
This problem also affects kpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
Package: xfonts-artwiz
Version: 1:1.3-1
Severity: serious
Hi,
Your package if failing to build with the following error:
cd /usr/src/xfonts-artwiz-1.3/upstream tar -xvjf
artwiz_src.tar.bz2 cd artwiz \
for font in *.bdf; do \
bdftopcf ${font} | \
gzip
Package: gnumeric
Version: 1.4.1-1
Severity: critical
Justification: causes serious data loss
Hello.
Save a file, say Book1.gnumeric, in a directory named é. In the
window dedicated to save, it is named \351 (iso8859-1, octal) in
the saving dialog. Nothing seems unusual, I heard that gnome uses
Package: xpdf-reader
Version: 3.00-11
Severity: grave
Tags: patch security
xpdf is vulnerable to a buffer overflow that can be exploited by
malicious pdfs to execute arbitrary code. The hole is described here:
Jay Berkenbilt [EMAIL PROTECTED] writes:
I'll prepare a fix today with urgency high. (There are only three
days left before tiff was to enter testing anyway, so, assuming a
day's delay from sponsorship, this won't unduly speed up the
transition of this new upstream release. If you prefer, I
Processing commands for [EMAIL PROTECTED]:
tags 291136 + pending
Bug#291136: capi4hylafax: FTBFS: Missing build dependencies.
Tags were: sid
Tags added: pending
tags 244247 + pending
Bug#244247: libtiff-tools: tiff2ps seems to ignore the -w option
There were no tags set.
Tags added: pending
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alessandro Polverini wrote:
[...]
| Of course if it would be possible to tell tomcat to follow symbolic
| links it would be much better, but I don't know if this is possible.
|
~From /usr/share/doc/tomcat4/README.Debian.gz:
- - Tomcat 4.1 does not
Responding to myself.
I didn't knew that using :
Resources className=org.apache.naming.resources.FileDirContext
allowLinking=true /
inside the admin context could solve the problem also for jars.
Please close the bug since it's not relevant any more.
Sorry,
Alex
--
To UNSUBSCRIBE, email
Hi Mark,
I've prepared a 0-day NMU for this bug that will be uploaded shortly. The
short patch is attached; verified to build in a pbuilder chroot once fastjar
is listed as a build dependency.
Thanks,
--
Steve Langasek
postmodern programmer
diff -Nru
Hrm, of course the patch should be:
--- old/httplink.py 2004-05-31 11:52:43.0 -0700
+++ new/httplink.py 2005-01-18 17:52:24.0 -0800
@@ -60,11 +60,7 @@
(username, passwd, realhost, port) = parse_host(host)
-h = httplib.HTTP()
-if port:
-
Hamish wrote:
Just an update re. less-insecure tempfiles ..
In the upstream GRASS 5.7 CVS[*] pretty much everything in the scripts/
directory now uses g.tempfile. C modules are next. I am not sure what to
do with the init scripts libs where the GRASS tempfile fn's may not be
available..
This problem has been assigned CAN-2005-0116:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116
Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=185type=vulnerabilitiesflashstatus=false
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.5
tags 291255 confirmed
Bug#291255: wings3d do not work
There were no tags set.
Tags added: confirmed
End of message, stopping processing here.
Please contact me if you need
Processing commands for [EMAIL PROTECTED]:
reassign 291268 libsdl1.2-dev
Bug#291268: gengameng: FTBFS: Missing build dependency?
Bug reassigned from package `gengameng' to `libsdl1.2-dev'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for [EMAIL PROTECTED]:
retitle 291245 CAN-2005-0064: Arbitrary code execution in koffice
Bug#291245: CAN-2005-0064: Arbitrary code execution in gpdf
Changed Bug title.
severity 291245 grave
Bug#291245: CAN-2005-0064: Arbitrary code execution in koffice
Severity set to
Your message dated 19 Jan 2005 11:21:43 -0800
with message-id [EMAIL PROTECTED]
and subject line [Thomas Viehmann [EMAIL PROTECTED]] Bug#291153: Can't
load/install gnucash into unstable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been
reassign 291268 libsdl1.2-dev
thanks
On Wed, Jan 19, 2005 at 08:14:11PM +0100, Kurt Roeckx wrote:
grep: /usr/lib/libartsc.la: No such file or directory
[...]
/usr/bin/ld: cannot find -lXt
It seems more package are failing since the last change to
libsdl1.2
The libSDL.la file says:
file with a large /Encrypt /Length keyLength value.
See the KDE Security Advisory at:
http://www.kde.org/info/security/advisory-20050119-1.txt
An upload is expected today (not before dinstall, though).
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Experience
Package: openswan-modules-source
Version: 2.3.0-1
Severity: grave
I get the following behaviour when trying to compile 2.4.29 plus the
openswan modules using kernel-package:
[...]
Module /usr/src/modules/alsa-driver processed fine
make[1]: Entering directory `/usr/src/modules/openswan'
Package: mysql++
Version: 1.7.9.sp4-5
Severity: serious
Hi,
Your package build depends on libmysqlclient-dev ( 3.23.49).
libmysqlclient-dev is a virtual package and you can't have a
versioned dependency on virtual packages.
Either you need to remove the version, or you have to use
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.8.6
merge 291270 291251
Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf
Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
Merged 291251 291270.
End of
Hi Kurt!
Kurt Roeckx [2005-01-19 20:28 +0100]:
Package: pmount
Version: 0.0.4
Severity: serious
Hi,
Your package is failing to build with the following error:
mke2fs 1.36-rc2 (11-Jan-2005)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128
reassign 291269 libpmount
severity 291269 important
thanks
On Wed, Jan 19, 2005 at 10:05:58PM +0100, Martin Pitt wrote:
Hi Kurt!
Kurt Roeckx [2005-01-19 20:28 +0100]:
Package: pmount
Version: 0.0.4
Severity: serious
[...]
What on earth is that? pmount never executes mke2fs (what for?).
Package: python-epydoc
Version: 2.1-5
Severity: serious
Hi,
When trying to install the python-epydoc package I get the
following error:
Setting up python-epydoc (2.1-5) ...
dpkg: error processing python-epydoc (--configure):
subprocess post-installation script returned error exit status 1
Your message dated Wed, 19 Jan 2005 23:28:39 +0100
with message-id [EMAIL PROTECTED]
and subject line Bug#291237: Problem solved...
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
When trying to install the python-epydoc package I get the
following error:
Setting up python-epydoc (2.1-5) ...
dpkg: error processing python-epydoc (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
python-epydoc
E:
Processing commands for [EMAIL PROTECTED]:
severity 291269 serious
Bug#291269: pmount: FTBFS: Block device required.
Severity set to `serious'.
tags 291269 pending
Bug#291269: pmount: FTBFS: Block device required.
There were no tags set.
Tags added: pending
thanks
Stopping processing here.
Your message dated 19 Jan 2005 15:23:18 -0800
with message-id [EMAIL PROTECTED]
and subject line now it can be closed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to
Your message dated Wed, 19 Jan 2005 19:03:11 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291269: fixed in libpmount 0.0.5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now
Your message dated Wed, 19 Jan 2005 19:17:17 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291292: fixed in epydoc 2.1-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your
I hope I'll find time next weekend for a new upload.
There's no hurry, take your time, these scripts have been in Debian for
ages. You can even wait until the next upstream version is released, no
sense in making two uploads to fix these.
Regards
Javier
--
To UNSUBSCRIBE, email to [EMAIL
://www.kde.org/info/security/advisory-20050119-1.txt
(Closes: #291251)
.
* Update package description for several packages, provided by Jesús
Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler,
kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881
/security/advisory-20050119-1.txt
An upload is expected today (not before dinstall, though).
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Experience is something you don't get until just after you need it.
---
Received: (at 291251-close
Processing commands for [EMAIL PROTECTED]:
forwarded 291027 [EMAIL PROTECTED]
Bug#291027: knoda fails to start because of undefined symbol
Noted your statement that Bug has been forwarded to [EMAIL PROTECTED]
End of message, stopping processing here.
Please contact me if you need assistance.
Processing commands for [EMAIL PROTECTED]:
tags 291259 sid
Bug#291259: xfonts-artwiz: FTBFS: Missing build dependency.
There were no tags set.
Tags added: sid
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
Your message dated Wed, 19 Jan 2005 21:32:13 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#290974: fixed in apache 1.3.33-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now
Processing commands for [EMAIL PROTECTED]:
merge 291064 291306
Bug#291064: Arbitrary command execution
Bug#291306: awstats: possible remote command execution vulnerability (iDEFENSE)
Merged 291064 291306.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug
Your message dated Wed, 19 Jan 2005 21:47:06 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291259: fixed in xfonts-artwiz 1:1.3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is
Package: smilutils
Version: 0.3.0-7
Severity: serious
Tags: sid
Justification: fails to build from source
smilutils fails to build from source on my sparc pbuilder. (buildd
failed due to unavailable dependancy.) Full build log available on
request.
/bin/sh ../../libtool --mode=link g++
Processing commands for [EMAIL PROTECTED]:
package swami
Ignoring bugs not assigned to: swami
severity 279154 serious
Bug#279154: swami files are in /debian/
Severity set to `serious'.
quit
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for [EMAIL PROTECTED]:
severity 290333 important
Bug#290333: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files
Bug#290340: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files
Severity set to `important'.
thanks
Stopping processing here.
Please
severity 290333 important
thanks
Domenico,
I cannot reproduce this bug at all. Can you reproduce it consistently by
reinstalling the old version of libboost-thread-dev and upgrading?
If you suspect this is a bug in dpkg (and I don't see what *else* it would
be), the bug should probably be
tag 279154 confirmed
thanks
swami.glade is the only non-directory file which is installed to /debian/.
Justin
On Wed, Jan 19, 2005 at 09:03:06PM -0800, Debian Bug Tracking System wrote:
Processing commands for [EMAIL PROTECTED]:
package swami
Ignoring bugs not assigned to: swami
Processing commands for [EMAIL PROTECTED]:
tag 291132 + fixed
Bug#291132: perdition: FTBFS: Using non PIC code in shared lib.
Tags were: sid
Tags added: fixed
quit
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
Package: kernel-image-2.6.8-1-386
Version: 2.6.8-10
Severity: critical
File: kernel-image-2.6.8
Justification: breaks unrelated software
The USB controller on my board doesn't work with 2.6.8 but does with
2.6.10. I've called this critical but you may only consider it grave
sicne not too many
79 matches
Mail list logo
