Bug#411198: marked as done (gquilt: doesn't start due to dependency problem)
Your message dated Sat, 17 Feb 2007 09:32:02 + with message-id [EMAIL PROTECTED] and subject line Bug#411198: fixed in gquilt 0.17-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gquilt Version: 0.17-2 Severity: serious Justification: renders package unusable Hello, I have recently updated python 2.4 and from this time, gquilt refused working with an error message immediately after I run it: RuntimeError: Bad magic number in .pyc file Probably there is some problem with the dependencies? I have only python 2.3 and 2.4 installed Regards Jiri Palecek -- System Information: Debian Release: 4.0 Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17.3 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-2) (ignored: LC_ALL set to cs_CZ) Versions of packages gquilt depends on: ii python-central0.5.12 register and build utility for Pyt ii python-gtk2 2.8.6-8Python bindings for the GTK+ widge ii quilt 0.45-6 Tool to work with series of patche Versions of packages gquilt recommends: ii meld 1.1.3-1.2 graphical tool to diff and merge f -- no debconf information -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ---End Message--- ---BeginMessage--- Source: gquilt Source-Version: 0.17-3 We believe that the bug you reported is fixed in the latest version of gquilt, which is due to be installed in the Debian FTP archive: gquilt_0.17-3.diff.gz to pool/main/g/gquilt/gquilt_0.17-3.diff.gz gquilt_0.17-3.dsc to pool/main/g/gquilt/gquilt_0.17-3.dsc gquilt_0.17-3_all.deb to pool/main/g/gquilt/gquilt_0.17-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christine Spang [EMAIL PROTECTED] (supplier of updated gquilt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Fri, 16 Feb 2007 23:59:45 -0500 Source: gquilt Binary: gquilt Architecture: source all Version: 0.17-3 Distribution: unstable Urgency: high Maintainer: Christine Spang [EMAIL PROTECTED] Changed-By: Christine Spang [EMAIL PROTECTED] Description: gquilt - graphical wrapper for quilt Closes: 411198 Changes: gquilt (0.17-3) unstable; urgency=high . * High urgency, closes a release-critical bug. * Gquilt ships private python modules; declare a tight dependency on python. (Closes: #411198) * Remove debian/watch and change homepage url; upstream has moved to sourceforge. * Check package against current python policy. Files: e90f1e4bdba8a6bd237ac41efcf028ac 638 gnome optional gquilt_0.17-3.dsc d828a6643cce9480989038166fa483bf 3991 gnome optional gquilt_0.17-3.diff.gz 54c7493293ef47fb0df15dd03aa47594 46798 gnome optional gquilt_0.17-3_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1snK1OXtrMAUPS0RAk8oAJ9mmdiss6CT6NKtkDwZopbCW95FJgCfRVhN DcK6LG0Ow/7i4x1cg9zq4rg= =4wp2 -END PGP SIGNATURE- ---End Message---
Bug#411240: kolab-cyrus-imapd: Corrupt quota files cause data loss
Package: kolab-cyrus-imapd
Version: 2.2.13-2
Severity: grave
Justification: renders package unusable
Today I discovered that lmtpd segfaulted on any local mail. After a
little inveestigating, I found that the problem was caused by the
following lines in imap/quota_db.c:
---8--
int quota_read(struct quota *quota, struct txn **tid, int wrlock)
{
int r;
int qrlen;
const char *data;
int datalen;
if (!quota-root || !(qrlen = strlen(quota-root)))
return IMAP_QUOTAROOT_NONEXISTENT;
if (wrlock)
r = QDB-fetchlock(qdb, quota-root, qrlen, data, datalen, tid);
else
r = QDB-fetch(qdb, quota-root, qrlen, data, datalen, tid);
switch (r) {
case CYRUSDB_OK:
sscanf(data, %lu %d, quota-used, quota-limit);
break;
---8--
An ltrace showed that data pointed to 0 when sscanf was called. I found
two files:
/var/lib/cyrus/domain/u/ulrich-p-klein.de/quota/k/user.klein
/var/lib/cyrus/domain/u/ulrich-p-klein.de/quota/k/user.klein.NEW
The first file was empty, the second (sorry, I didn't keep it) was 5
bytes long. Calling cyrqouta or cyrquota -f didn't help.
After removal of those files, everything worked fine.
-- System Information:
Debian Release: 4.0
APT prefers testing-proposed-updates
APT policy: (900, 'testing-proposed-updates'), (900, 'testing'), (400,
'stable'), (300, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages kolab-cyrus-imapd depends on:
ii kolab-cy 2.2.13-2Cyrus mail system (common files)
ii libc62.3.6.ds1-12GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii libdb4.2 4.2.52+dfsg-1 Berkeley v4.2 Database Libraries [
ii libkrb53 1.6.dfsg~alpha1-1 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.2 OpenLDAP libraries
ii libsasl2 2.1.22.dfsg1-8 Authentication abstraction library
ii libssl0. 0.9.8c-4SSL shared libraries
ii libwrap0 7.6.dbs-12 Wietse Venema's TCP wrappers libra
kolab-cyrus-imapd recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#408325: sfsauthd: fatal: Should not be reached - server fails on arm nslu2
Processing commands for [EMAIL PROTECTED]: severity 408325 important Bug#408325: sfsauthd: fatal: Should not be reached - server fails on arm nslu2 Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408325: sfsauthd: fatal: Should not be reached - server fails on arm nslu2
severity 408325 important thanks On Sat, Feb 17, 2007 at 02:01:55AM +, Brian Brunswick wrote: I would say if the server binary has ever worked on any arm machine, then keep it. Good enough for me. So aap-pwauth-password is presumably coming in as an empty string, and of course I was trying to sfs_register as root. That is supposed to work still, isn't it? I have a [EMAIL PROTECTED] usable sfs login on my server, but I set it up some time ago Hmm, so it sounds like this might even be a configuration issue, and there's hope after all :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405425: marked as done (FrSIRT/ADV-2007-0026: vlc: cdio_log_handler() and vcd_log_handler() Format String Vulnerabilities)
Your message dated Sat, 17 Feb 2007 12:10:32 + with message-id [EMAIL PROTECTED] and subject line Bug#405425: fixed in vlc 0.8.1.svn20050314-1sarge2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: vlc Version: 0.8.6-svn20061012.debian-1 Severity: critical Tags: security Justification: root security hole Description: Multiple vulnerabilities have been identified in VideoLAN VLC, which could be exploited by attackers to take complete control of an affected system. These issues are due to format string errors in the cdio_log_handler() and vcd_log_handler() functions that call msg_Dbg(), msg_Warn(), and msg_Err() in an insecure manner, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page or opening a malicious M3U playlist. Affected: VideoLAN VLC version 0.8.6 and prior Solution: A fix is available via SVN : http://trac.videolan.org/vlc/changeset/18481 References: http://www.frsirt.com/english/advisories/2007/0026 http://projects.info-pull.com/moab/MOAB-02-01-2007.html -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' :Alex de Oliveira Silva | enerv `. `' www.enerv.net `- ---End Message--- ---BeginMessage--- Source: vlc Source-Version: 0.8.1.svn20050314-1sarge2 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive: gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb gvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_i386.deb kvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_i386.deb libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb qvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_i386.deb vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb vlc_0.8.1.svn20050314-1sarge2.diff.gz to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.diff.gz vlc_0.8.1.svn20050314-1sarge2.dsc to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.dsc vlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_i386.deb wxvlc_0.8.1.svn20050314-1sarge2_i386.deb to pool/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_i386.deb A summary of the changes between this version and the previous one is attached.
Bug#386519: marked as done (sql-ledger: Security vulnerability CVE-2006-4244)
Your message dated Sat, 17 Feb 2007 12:10:29 + with message-id [EMAIL PROTECTED] and subject line Bug#386519: fixed in sql-ledger 2.4.7-2sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: sql-ledger Severity: grave Tags: security Justification: user security hole http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4244 Recently fully disclosed at http://www.securityfocus.com/archive/1/445512/30/0/threaded Looking at the source of menu.pl it appears to work exactly as Chris Travers describes it. Apparently all versions from 2.4.4 onwards are affected, which includes the version in sarge. ---End Message--- ---BeginMessage--- Source: sql-ledger Source-Version: 2.4.7-2sarge1 We believe that the bug you reported is fixed in the latest version of sql-ledger, which is due to be installed in the Debian FTP archive: sql-ledger_2.4.7-2sarge1.diff.gz to pool/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1.diff.gz sql-ledger_2.4.7-2sarge1.dsc to pool/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1.dsc sql-ledger_2.4.7-2sarge1_all.deb to pool/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphael Hertzog [EMAIL PROTECTED] (supplier of updated sql-ledger package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sun, 26 Nov 2006 11:00:57 + Source: sql-ledger Binary: sql-ledger Architecture: source all Version: 2.4.7-2sarge1 Distribution: stable-security Urgency: high Maintainer: Finn-Arne Johansen [EMAIL PROTECTED] Changed-By: Raphael Hertzog [EMAIL PROTECTED] Description: sql-ledger - A web based double-entry accounting program Closes: 386519 Changes: sql-ledger (2.4.7-2sarge1) stable-security; urgency=high . * Security upload. * Fix bad handling of sessionid: CVE-2006-4244 Closes: #386519 (backported from 2.6.18) * Fix directory traversal security issues (backported from 2.6.19) * Fix a remote execution vulnerability too (backported from 2.6.21). Files: 0392c058e58df7deca105cddb2b40ca5 655 web optional sql-ledger_2.4.7-2sarge1.dsc 04c9ffe49045cad569c5a368d7ebaa76 1695610 web optional sql-ledger_2.4.7.orig.tar.gz 45d1d70cfa3c385bf74b38bcccbe584c 18423 web optional sql-ledger_2.4.7-2sarge1.diff.gz 9cd9a4cf9057efc57384fe952bf4751f 1796848 web optional sql-ledger_2.4.7-2sarge1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFcxsbXm3vHE4uyloRAi14AJ98kBE8WyrwrNfWYZl1np0wIkwWhgCfefyT CWthQSOMHdc/BAaruRIhiA0= =+0Sh -END PGP SIGNATURE- ---End Message---
Bug#341394: marked as done (Webmin miniserv.pl perl format string vulnerability - Perl syslog bug attack)
Your message dated Sat, 17 Feb 2007 12:10:32 + with message-id [EMAIL PROTECTED] and subject line Bug#341394: fixed in webmin 1.180-3sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: Webmin Version: 1.180-3 Severity: grave Tags: security The webmin `miniserv.pl' web server component is vulnerable to a new class of exploitable (remote code) perl format string vulnerabilities. During the login process it is possible to trigger this vulnerability via a crafted username parameter containing format string data. In the observed configuration the process was running as the user root, so if remote code execution is successful, it would lead to a full remote root compromise in a standard configuration. A valid login is not required to trigger this vulnerability, only access to the miniserv.pl port (default 1). Date Found: September 23, 2005. Public Release: November 29, 2005. Application:webmin miniserv.pl, *all versions below 1.250* Credit: Jack Louis of Dyad Security More information available at: http://www.dyadsecurity.com/webmin-0001.html There are new fixed versions available at http://www.webmin.com/ http://www.webmin.com/security.html says: Perl syslog bug attack Effects Webmin versions below 1.250 and Usermin versions below 1.180, with syslog logging enabled. When logging of failing login attempts via syslog is enabled, an attacker can crash and possibly take over the Webmin webserver, due to a bug in Perl's syslog function. Upgrading to the latest release of Webmin is recommended. Thanks to Jack at Dyad Security for reporting this problem to me. Since this is my first bug report to Debian I hope everything is correct.. I don't know if it is necessary to post this bug for other versions and usermin as well. Thanks in advance! Andreas ---End Message--- ---BeginMessage--- Source: webmin Source-Version: 1.180-3sarge1 We believe that the bug you reported is fixed in the latest version of webmin, which is due to be installed in the Debian FTP archive: webmin-core_1.180-3sarge1_all.deb to pool/main/w/webmin/webmin-core_1.180-3sarge1_all.deb webmin_1.180-3sarge1.diff.gz to pool/main/w/webmin/webmin_1.180-3sarge1.diff.gz webmin_1.180-3sarge1.dsc to pool/main/w/webmin/webmin_1.180-3sarge1.dsc webmin_1.180-3sarge1_all.deb to pool/main/w/webmin/webmin_1.180-3sarge1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Noah Meyerhans [EMAIL PROTECTED] (supplier of updated webmin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 23 Oct 2006 17:16:10 -0400 Source: webmin Binary: webmin-core webmin Architecture: source all Version: 1.180-3sarge1 Distribution: stable-security Urgency: high Maintainer: [EMAIL PROTECTED] Changed-By: Noah Meyerhans [EMAIL PROTECTED] Description: webmin - web-based administration toolkit webmin-core - core modules for webmin Closes: 341394 Changes: webmin (1.180-3sarge1) stable-security; urgency=high . * Non-maintainer upload by the security team. * CVE-2005-3912 Fix syslog format string vulnerability in miniserv.pl (Closes: #341394) This string vulnerability could be used to gain access to the account running miniserv.pl by creating a specialy crafted username. * CVE-2006-3392 Fix input sanitization bug that could be exploited to allow an attacker to read arbitrary files. * CVE-2006-4542 Fix cross-site scripting vulnerability caused by the failure to properly cope with null characters in a URL. Files: 5e723deaccb3db60794e0cb385666992 703 admin optional webmin_1.180-3sarge1.dsc f8fe363e7ccd8fe4072d84cd86a3510e 31458 admin optional webmin_1.180-3sarge1.diff.gz ff19d5500955302455e517cb2942c9d0 2261496 admin optional webmin_1.180.orig.tar.gz 34d96210d581dde8ffea7be82e0897f4 1097552 admin optional webmin_1.180-3sarge1_all.deb 8fa7064325ded44e7f8dbd226b81d9dd 1121200 admin optional webmin-core_1.180-3sarge1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux)
Bug#401873: marked as done (Unusual MIME Encoding Content Filter Bypass)
Your message dated Sat, 17 Feb 2007 12:09:55 + with message-id [EMAIL PROTECTED] and subject line Bug#401873: fixed in clamav 0.84-2.sarge.13 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: clamav Version: 0.88.6-1 Tags: security Severity: grave As reported in http://www.quantenblog.net/security/virus-scanner-bypass ClamAV passed an EICAR test file if the following conditions are met: 1. the EICAR file is encoded in Base64 including characters not in the standard alphabet (e.g. whitespaces) and 2. the part containing the EICAR file is nested within one or several levels of multipart/mixed content. ---End Message--- ---BeginMessage--- Source: clamav Source-Version: 0.84-2.sarge.13 We believe that the bug you reported is fixed in the latest version of clamav, which is due to be installed in the Debian FTP archive: clamav-base_0.84-2.sarge.13_all.deb to pool/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb clamav-daemon_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb clamav-docs_0.84-2.sarge.13_all.deb to pool/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb clamav-freshclam_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb clamav-milter_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb clamav-testfiles_0.84-2.sarge.13_all.deb to pool/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb clamav_0.84-2.sarge.13.diff.gz to pool/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz clamav_0.84-2.sarge.13.dsc to pool/main/c/clamav/clamav_0.84-2.sarge.13.dsc clamav_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb libclamav-dev_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb libclamav1_0.84-2.sarge.13_i386.deb to pool/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Gran [EMAIL PROTECTED] (supplier of updated clamav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 11 Dec 2006 22:34:11 + Source: clamav Binary: clamav libclamav-dev clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav1 clamav-docs Architecture: source all i386 Version: 0.84-2.sarge.13 Distribution: stable-security Urgency: low Maintainer: Stephen Gran [EMAIL PROTECTED] Changed-By: Stephen Gran [EMAIL PROTECTED] Description: clamav - antivirus scanner for Unix clamav-base - base package for clamav, an anti-virus utility for Unix clamav-daemon - antivirus scanner daemon clamav-docs - documentation package for clamav, an anti-virus utility for Unix clamav-freshclam - downloads clamav virus databases from the Internet clamav-milter - antivirus scanner for sendmail clamav-testfiles - use these files to test that your Antivirus program works libclamav-dev - clam Antivirus library development files libclamav1 - virus scanner library Closes: 401873 401874 Changes: clamav (0.84-2.sarge.13) stable-security; urgency=low . * libclamav/message.c: Unusual MIME Encoding Content Filter Bypass [ CVE-2006-6406 ] (closes: #401873) * clamscan/clamscan.c clamscan/manager.c clamscan/options.c clamav-milter/clamav-milter.c shared/cfgparser.c clamd/server-th.c libclamav/scanners.c libclamav/mbox.c libclamav/clamav.h etc/clamd.conf: nested multipart DoS [ CVE-2006- ] (closes: 401874) Files: a99fd16ec6cd3597495d66c43d86b085 874 utils optional clamav_0.84-2.sarge.13.dsc 96f6c6b906aeeb954ab2c87551d2c603 180118 utils optional clamav_0.84-2.sarge.13.diff.gz 724ad22ce36c7ead6c7f4712bb5f0ff3 155278 utils optional clamav-base_0.84-2.sarge.13_all.deb 83e7462649f84e9de615de7fb6eb2b54 124236 utils optional clamav-testfiles_0.84-2.sarge.13_all.deb e78c2d70bd21ab4825f7bd094b7cf28f 694788 utils optional clamav-docs_0.84-2.sarge.13_all.deb 4f53bc2e71a80762da1e82bff4117126 255048 libs optional libclamav1_0.84-2.sarge.13_i386.deb
Bug#396099: marked as done (CVE-2006-5449: Ingo Folder Name Shell Command Injection Vulnerability)
Your message dated Sat, 17 Feb 2007 12:10:07 + with message-id [EMAIL PROTECTED] and subject line Bug#396099: fixed in ingo1 1.0.1-1sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- package: ingo1 tags: security severity: grave A vulnerability has been found in ingo: procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. This is fixed in 1.1.2. See http://secunia.com/advisories/22482 for details. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- Source: ingo1 Source-Version: 1.0.1-1sarge1 We believe that the bug you reported is fixed in the latest version of ingo1, which is due to be installed in the Debian FTP archive: ingo1_1.0.1-1sarge1.diff.gz to pool/main/i/ingo1/ingo1_1.0.1-1sarge1.diff.gz ingo1_1.0.1-1sarge1.dsc to pool/main/i/ingo1/ingo1_1.0.1-1sarge1.dsc ingo1_1.0.1-1sarge1_all.deb to pool/main/i/ingo1/ingo1_1.0.1-1sarge1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Lionel Elie Mamane [EMAIL PROTECTED] (supplier of updated ingo1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 1 Nov 2006 22:22:41 +0100 Source: ingo1 Binary: ingo1 Architecture: source all Version: 1.0.1-1sarge1 Distribution: stable-security Urgency: high Maintainer: Horde Maintainers [EMAIL PROTECTED] Changed-By: Lionel Elie Mamane [EMAIL PROTECTED] Description: ingo1 - email filter component for Horde Framework Closes: 396099 Changes: ingo1 (1.0.1-1sarge1) stable-security; urgency=high . * Security update: - Fix remote autenticated user arbitrary command execution via shell metacharacters in mailbox name (closes: #396099) This is CVE-2006-5449. * Change maintainer to Horde team. Files: b8be1fc591da938deb08cb78a9d42f0d 683 web optional ingo1_1.0.1-1sarge1.dsc 509bf92a2ee44597d6ffd9a0a9b4a039 733108 web optional ingo1_1.0.1.orig.tar.gz 358e14a64fe43a56cc1b9742f271c3ec 5161 web optional ingo1_1.0.1-1sarge1.diff.gz 83f7044a2861f8e6aaea0c684fb2f6e0 760018 web optional ingo1_1.0.1-1sarge1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFSj8kXm3vHE4uyloRAnlLAJ47kwlCnyBZKGdzhVhmXJu6pZ70NACgnMK7 f+Qd0ESTqDnogSZBTh/EuPM= =BMC2 -END PGP SIGNATURE- ---End Message---
Bug#398317: marked as done (trac: upgrade to 0.8.1-3sarge6 causes internal errors)
Your message dated Sat, 17 Feb 2007 12:10:31 + with message-id [EMAIL PROTECTED] and subject line Bug#398317: fixed in trac 0.8.1-3sarge7 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: trac Version: 0.8.1-3sarge6 Severity: grave Justification: renders package unusable After applying the security patch to upgrade to 0.8.1-3sarge6, I am no longer able to access any Trac page on my system. Every page request produces an error: Trac detected an internal error: 'module' object has no attribute 'quote_cookie_value' with Python tracback: Traceback (most recent call last): File /usr/lib/python2.3/site-packages/trac/core.py, line 614, in cgi_start real_cgi_start() File /usr/lib/python2.3/site-packages/trac/core.py, line 609, in real_cgi_start dispatch_request(path_info, args, req, env) File /usr/lib/python2.3/site-packages/trac/core.py, line 511, in dispatch_request req.form_token = get_form_token(req) File /usr/lib/python2.3/site-packages/trac/core.py, line 468, in get_form_token path = util.quote_cookie_value(req.cgi_location) AttributeError: 'module' object has no attribute 'quote_cookie_value' Neither restarting Apache nor rebooting solved the problem. I hope I can downgrade. (apt-get install trac=0.8.1-3sarge5 says that version is unavailable.) Thanks, Christopher -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.9-050512a Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages trac depends on: ii python2.3.5-2An interactive high-level object-o ii python-clearsilver0.9.13-3.2 python bindings for clearsilver ii python-sqlite 1.0.1-2python interface to SQLite ii python2.3-subversion 1.1.4-2python modules for interfacing wit ii subversion1.1.4-2advanced version control system (a -- no debconf information ---End Message--- ---BeginMessage--- Source: trac Source-Version: 0.8.1-3sarge7 We believe that the bug you reported is fixed in the latest version of trac, which is due to be installed in the Debian FTP archive: trac_0.8.1-3sarge7.diff.gz to pool/main/t/trac/trac_0.8.1-3sarge7.diff.gz trac_0.8.1-3sarge7.dsc to pool/main/t/trac/trac_0.8.1-3sarge7.dsc trac_0.8.1-3sarge7_all.deb to pool/main/t/trac/trac_0.8.1-3sarge7_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Otavio Salvador [EMAIL PROTECTED] (supplier of updated trac package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 13 Nov 2006 10:01:30 -0200 Source: trac Binary: trac Architecture: source all Version: 0.8.1-3sarge7 Distribution: stable-security Urgency: high Maintainer: Jesus Climent [EMAIL PROTECTED] Changed-By: Otavio Salvador [EMAIL PROTECTED] Description: trac - Enhanced wiki and issue tracking system for software development Closes: 398317 Changes: trac (0.8.1-3sarge7) stable-security; urgency=high . * debian/patches/13_CSRF.patch: add a missing hook to fix a regression. Thanks to Simone Piccardi [EMAIL PROTECTED] for the patch. Closes: #398317. Files: 3e2a71eb01a324d3a26f9e6c001fbba5 656 web optional trac_0.8.1-3sarge7.dsc 9cdb9eed54faecbe2c4df8f5106dafdb 14842 web optional trac_0.8.1-3sarge7.diff.gz 5c0659ad7e99970da829c0258209b747 200092 web optional trac_0.8.1-3sarge7_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFWNcTXm3vHE4uyloRAlP0AKCDfMAnsSMJqxvzi3OgA8k1u8CrHQCdEh9z QeYSeALGkan3woXsvi9xQxk= =zzkO -END PGP SIGNATURE- ---End Message---
Bug#384454: marked as done (ftpd: Does not handle symlink? NFS? home directory)
Your message dated Sat, 17 Feb 2007 12:10:15 + with message-id [EMAIL PROTECTED] and subject line Bug#384454: fixed in linux-ftpd 0.17-20sarge2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ftpd Version: 0.17-20 Severity: normal I have my home directory within an NFS-mounted directory, and logging in I get (just / instead of my home dir): [EMAIL PROTECTED]:~$ /usr/bin/ftp asti Connected to asti.maths.usyd.edu.au. 220 asti.maths.usyd.edu.au FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.17) ready. Name (asti:psz): psz 331 Password required for psz. Password: 230- No directory! Logging in with home=/ 230- Linux asti.maths.usyd.edu.au 2.6.8-spm1.5 #1 SMP Mon Jul 17 07:05:34 EST 2006 i686 GNU/Linux 230- 230- The programs included with the Debian GNU/Linux system are free software; 230- the exact distribution terms for each program are described in the 230- individual files in /usr/share/doc/*/copyright. 230- 230- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 230- permitted by applicable law. 230 User psz logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp pwd 257 / is current directory. ftp cd /users/amstaff/psz 250 CWD command successful. ftp pwd 257 /pisa/users/amstaff/psz is current directory. ftp quit 221 Goodbye. [EMAIL PROTECTED]:~$ I do not get this nonsense when logging in to the machine containing my home dir. Settings that may be relevant to ftpd are: [EMAIL PROTECTED]:~$ grep psz /etc/passwd psz:x:1001:1001:Paul Szabo:/users/amstaff/psz:/bin/bash [EMAIL PROTECTED]:~$ ls -l /etc/ftp* -rw-r--r-- 1 root root 76 Apr 18 2002 /etc/ftpchroot -rw-r--r-- 1 root root 91 Apr 18 2002 /etc/ftpusers [EMAIL PROTECTED]:~$ grep . /etc/ftp* /etc/ftpchroot:# /etc/ftpchroot: list of users who needs to be chrooted. See ftpchroot(5). /etc/ftpusers:# /etc/ftpusers: list of users disallowed ftp access. See ftpusers(5). /etc/ftpusers:root /etc/ftpusers:ftp /etc/ftpusers:anonymous [EMAIL PROTECTED]:~$ grep bash /etc/shells /bin/bash /bin/rbash [EMAIL PROTECTED]:~$ and to my home dir (my own trace_path utility): [EMAIL PROTECTED]:~$ trace_path ~ Tracing path /users/amstaff/psz Dir / (users/amstaff/psz to go) Dir /users (amstaff/psz to go) Link /users/amstaff - /pisa/users/amstaff (psz to go) Dir / (pisa/users/amstaff/psz to go) Dir /pisa (users/amstaff/psz to go) Dir /pisa/users (amstaff/psz to go) Dir /pisa/users/amstaff (psz to go) Dir /pisa/users/amstaff/psz Traversed 7 directories, 1 links [EMAIL PROTECTED]:~$ mount | grep users /dev/sda6 on /usr/users type ext3 (rw,usrquota) pisa:/usr/users on /pisa/users type nfs (rw,bg,rsize=8192,wsize=8192,addr=129.78.69.136) [EMAIL PROTECTED]:~$ Thanks, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm1.5 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ftpd depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam0g0.76-22 Pluggable Authentication Modules l ii netbase 4.21 Basic TCP/IP networking system -- debconf information: * ftpd/globattack: ---End Message--- ---BeginMessage--- Source: linux-ftpd Source-Version: 0.17-20sarge2 We believe that the bug you reported is fixed in the latest version of linux-ftpd, which is due to be installed in the Debian FTP archive: ftpd_0.17-20sarge2_i386.deb to pool/main/l/linux-ftpd/ftpd_0.17-20sarge2_i386.deb linux-ftpd_0.17-20sarge2.diff.gz to pool/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz linux-ftpd_0.17-20sarge2.dsc to pool/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta [EMAIL PROTECTED] (supplier of updated linux-ftpd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED
Bug#402063: marked as done (vulnerable to overflow in PS handling (CVE-2006-5864))
Your message dated Sat, 17 Feb 2007 12:09:59 +
with message-id [EMAIL PROTECTED]
and subject line Bug#402063: fixed in evince 0.1.5-2sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---BeginMessage---
Package: evince
Version: 0.4.0-2
Severity: critical
Tags: security, patch
This is the same vulnerability as reported against gv as bug 398292,
since evince has old gv code embedded (I've updated the wiki to reflect
this: http://wiki.debian.org/EmbeddedCodeCopies)
Patch attached (applies to both 0.4.0 and 0.6.1).
--
Kees Cook@outflux.net
diff -Nur evince-0.4.0/ps/ps.c evince-0.4.0.new/ps/ps.c
--- evince-0.4.0/ps/ps.c2005-06-17 06:33:00.0 -0700
+++ evince-0.4.0.new/ps/ps.c2006-12-04 12:28:32.280683848 -0800
@@ -1225,6 +1225,9 @@
quoted = 1;
line++;
while(*line !(*line == ')' level == 0)) {
+ if (cp - text = PSLINELENGTH - 2) {
+return NULL;
+ }
if(*line == '\\') {
if(*(line + 1) == 'n') {
*cp++ = '\n';
@@ -1295,8 +1298,12 @@
}
}
else {
-while(*line !(*line == ' ' || *line == '\t' || *line == '\n'))
+while(*line !(*line == ' ' || *line == '\t' || *line == '\n')) {
+ if (cp - text = PSLINELENGTH - 2) {
+return NULL;
+ }
*cp++ = *line++;
+}
}
*cp = '\0';
if(next_char)
---End Message---
---BeginMessage---
Source: evince
Source-Version: 0.1.5-2sarge1
We believe that the bug you reported is fixed in the latest version of
evince, which is due to be installed in the Debian FTP archive:
evince_0.1.5-2sarge1.diff.gz
to pool/main/e/evince/evince_0.1.5-2sarge1.diff.gz
evince_0.1.5-2sarge1.dsc
to pool/main/e/evince/evince_0.1.5-2sarge1.dsc
evince_0.1.5-2sarge1_i386.deb
to pool/main/e/evince/evince_0.1.5-2sarge1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Loic Minier [EMAIL PROTECTED] (supplier of updated evince package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.7
Date: Fri, 8 Dec 2006 10:05:51 +0100
Source: evince
Binary: evince
Architecture: source i386
Version: 0.1.5-2sarge1
Distribution: stable-security
Urgency: high
Maintainer: Sebastien Bacher [EMAIL PROTECTED]
Changed-By: Loic Minier [EMAIL PROTECTED]
Description:
evince - Document (postscript, pdf) viewer
Closes: 402063
Changes:
evince (0.1.5-2sarge1) stable-security; urgency=high
.
* SECURITY: new patch, 10_CVE-2006-5864.patch, fixes a buffer overflow in
the PostScript processor; thanks Kees Cook; CVE-2006-5864;
closes: #402063.
Files:
82308e07e1d4ff19d5c20bfa08a2ca4d 1627 gnome optional evince_0.1.5-2sarge1.dsc
cc698ae555493976c43275894e235aa3 1005696 gnome optional
evince_0.1.5.orig.tar.gz
31a28bde68dcb7d3e251f9dc1b9f88ab 35845 gnome optional
evince_0.1.5-2sarge1.diff.gz
701bf1d4c90d3df689b473c5ee49a2c6 547712 gnome optional
evince_0.1.5-2sarge1_i386.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFjvtbXm3vHE4uyloRAsVhAJ9KKMJnPWgeJ0Xl5vWKFzsRWb2mWQCfb6R4
Zc9dZwoDSofArx7oTzlKW80=
=CwN/
-END PGP SIGNATURE-
---End Message---
Bug#394025: marked as done (CVE-2006-5444: Remote compromise in chan_skinny)
Your message dated Sat, 17 Feb 2007 12:09:53 + with message-id [EMAIL PROTECTED] and subject line Bug#394025: fixed in asterisk 1:1.0.7.dfsg.1-2sarge4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: asterisk Version: 1.0.7.dfsg.1-2sarge3 Severity: Critical Tags: Security Asterisk 1.0 and 1.2 versions up to and including 1.2.12.1 and 1.0.11 are vulnerable to a remote, unauthenticated heap overflow leading to arbitrary code execution as root. New upstream releases 1.0.12 and 1.2.13 provide patches for this problem. No public expliot is currently known, but private proof-of-concept took less than a day. More information is available in the security advisory from Security-Assessment, at http://www.security-assessment.com, or http://www.storm.net.nz/projects/18 --- Adam Boileau / Metlstorm ---End Message--- ---BeginMessage--- Source: asterisk Source-Version: 1:1.0.7.dfsg.1-2sarge4 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive: asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb to pool/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb to pool/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb to pool/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb to pool/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb to pool/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb to pool/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb to pool/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb asterisk_1.0.7.dfsg.1-2sarge4.diff.gz to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz asterisk_1.0.7.dfsg.1-2sarge4.dsc to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb to pool/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Hutchings [EMAIL PROTECTED] (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 25 Nov 2006 16:12:26 + Source: asterisk Binary: asterisk-sounds-main asterisk-h323 asterisk-web-vmail asterisk-gtk-console asterisk asterisk-config asterisk-dev asterisk-doc Architecture: source all powerpc Version: 1:1.0.7.dfsg.1-2sarge4 Distribution: stable-security Urgency: high Maintainer: Martin Schulze [EMAIL PROTECTED] Changed-By: Ben Hutchings [EMAIL PROTECTED] Description: asterisk - open source Private Branch Exchange (PBX) asterisk-config - config files for asterisk asterisk-dev - development files for asterisk asterisk-doc - documentation for asterisk asterisk-gtk-console - gtk based console for asterisk asterisk-h323 - asterisk H.323 VoIP channel asterisk-sounds-main - sound files for asterisk asterisk-web-vmail - web based (GCI) voice mail interface for asterisk Closes: 394025 Changes: asterisk (1:1.0.7.dfsg.1-2sarge4) stable-security; urgency=high . * Non-maintainer upload * Backported fix for buffer overflow in chan_skinny driver induced by an undetected integer underflow [debian/patches/99_CVE-2006-5444.dpatch] (Closes: #394025) Files: 2441c1ccc8467ecefc45b58711b9602f 1259 comm optional asterisk_1.0.7.dfsg.1-2sarge4.dsc 17c8aaae715230d9ea8d0485eb7cfe95 70588 comm optional asterisk_1.0.7.dfsg.1-2sarge4.diff.gz a5ddadc5ba22723d32a74a2bc4fb9dfc 1577766 doc optional asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb 0fda6ac9d47e7d5bcd9786c7ab17ebd5 83382 devel optional asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb bf9fae8e20a5e299d1c24e5fce59ee96 1180298 comm optional asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb eb425bfc6db224dd17346c0a03f06853 28378 comm optional
Bug#334350: marked as done (flexbackup: CVE-2005-4802: default config insecure temporary file creation)
Your message dated Sat, 17 Feb 2007 12:10:01 + with message-id [EMAIL PROTECTED] and subject line Bug#334350: fixed in flexbackup 1.2.1-2sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: flexbackup Severity: grave Tags: security ZATAZ Audits has published an advisory concerning flexbackup. Based on a cursory investigation of the source package, Debian is affected as well. From: ZATAZ Audits [EMAIL PROTECTED] Subject: [Full-disclosure] flexbackup default config insecure temporary file creation Date: Mon, 17 Oct 2005 10:06:06 +0200 Organization: ZATAZ Audits Message-ID: [EMAIL PROTECTED] # flexbackup default config insecure temporary file creation Vendor: http://flexbackup.sourceforge.net/ Advisory: http://www.zataz.net/adviso/flexbackup-09192005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low # The vulnerabilities ared due to insecure temporary files creations due to a default config. [...] ---End Message--- ---BeginMessage--- Source: flexbackup Source-Version: 1.2.1-2sarge1 We believe that the bug you reported is fixed in the latest version of flexbackup, which is due to be installed in the Debian FTP archive: flexbackup_1.2.1-2sarge1.diff.gz to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz flexbackup_1.2.1-2sarge1.dsc to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc flexbackup_1.2.1-2sarge1_all.deb to pool/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt B. Kaiser [EMAIL PROTECTED] (supplier of updated flexbackup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 7 Oct 2006 16:27:37 -0700 Source: flexbackup Binary: flexbackup Architecture: source all Version: 1.2.1-2sarge1 Distribution: stable-security Urgency: high Maintainer: Kurt B. Kaiser [EMAIL PROTECTED] Changed-By: Kurt B. Kaiser [EMAIL PROTECTED] Description: flexbackup - Flexible backup tool for small to medium sized installations Closes: 334350 Changes: flexbackup (1.2.1-2sarge1) stable-security; urgency=high . * Fix RC bug: unsafe use of temp file, CVE-2005-4802. (Closes: #334350) http://bugs.gentoo.org/show_bug.cgi?id=105000 http://bugs.gentoo.org/show_bug.cgi?id=116510 Files: 06539319d0534272e216306562677723 587 admin optional flexbackup_1.2.1-2sarge1.dsc 4955c89dbee354248f354a9bf0a480dd 80158 admin optional flexbackup_1.2.1.orig.tar.gz 3365f545bd49464f4e58bacc503f8b28 3546 admin optional flexbackup_1.2.1-2sarge1.diff.gz 240f8792a65a0d80b8ef85d4343a4827 75836 admin optional flexbackup_1.2.1-2sarge1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFYNAyXm3vHE4uyloRAvx+AJ9bbMoejBdIRB3IHA191ljBs7OmTwCeI43b 7CQ/3ZMVtoDDZHUhjjTGDQQ= =dZMt -END PGP SIGNATURE- ---End Message---
Bug#409702: amd64 problem
Hi,
I looked again at the issue and it seems like this is an
AMD64 issue, Adolf also uses AMD64.
A patch which should fix this for AMD64 is attached, I also
sent it to him.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de
JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
--- cheops-ng-0.2.3/probe.c 2005-10-17 22:49:42.0 +0200
+++ probe.c 2007-02-17 13:46:45.0 +0100
@@ -92,27 +92,27 @@
void get_probe_each(gpointer data, gpointer user_data)
{
- u32 *args = (u32 *)user_data;
- u32 port = args[0];
+ u64 *args = (u64 *)user_data;
+ u64 port = args[0];
struct probe *p = (struct probe *)data;
struct probe **pp = (struct probe **)args[1];
-// DEBUG(printf(%s()\n, __FUNCTION__));
- if(*pp == NULL)
+ DEBUG(printf(%s()\n, __FUNCTION__));
+ if(pp *pp == NULL)
{
- if( p-port == (u16)port)
+ if(p-port == (u16)port)
*pp = p;
}
}
struct probe *get_probe(unsigned short port)
{
- u32 args[2];
+ u64 args[2];
struct probe *p = NULL;
- DEBUG(printf(%s()\n, __FUNCTION__));
+ //DEBUG(printf(%s()\n, __FUNCTION__));
args[0] = port;
- args[1] = (u32)p;
+ args[1] = (u64)p;
g_list_foreach(probes, get_probe_each, args);
pgpii8DMxyH0m.pgp
Description: PGP signature
Processed: patch
Processing commands for [EMAIL PROTECTED]: tags 409702 + patch Bug#409702: cheops-ng: Program cheops-agent immediately segfaults Tags were: moreinfo Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409702: patch correction
Hi,
accidently uncommented the wrong DEBUG.
Fixed patch attached.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de
JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
--- cheops-ng-0.2.3/probe.c 2005-10-17 22:49:42.0 +0200
+++ probe.c 2007-02-17 14:27:22.0 +0100
@@ -92,13 +92,13 @@
void get_probe_each(gpointer data, gpointer user_data)
{
- u32 *args = (u32 *)user_data;
- u32 port = args[0];
+ u64 *args = (u64 *)user_data;
+ u64 port = args[0];
struct probe *p = (struct probe *)data;
struct probe **pp = (struct probe **)args[1];
// DEBUG(printf(%s()\n, __FUNCTION__));
- if(*pp == NULL)
+ if(pp *pp == NULL)
{
if( p-port == (u16)port)
*pp = p;
@@ -107,12 +107,12 @@
struct probe *get_probe(unsigned short port)
{
- u32 args[2];
+ u64 args[2];
struct probe *p = NULL;
DEBUG(printf(%s()\n, __FUNCTION__));
args[0] = port;
- args[1] = (u32)p;
+ args[1] = (u64)p;
g_list_foreach(probes, get_probe_each, args);
pgpqoZPDuG9l1.pgp
Description: PGP signature
Bug#409702: Solution found, patch available
Hello Javier,
Nico Golde was so kind to investigate the segfault problem with cheops-ng. He
found the solution and provided a patch for the file probe.c .
As the program runs on a 32 bit computer without the patch this is indeed a
plattform specific issue.
A big thank you goes to Nico for his excellent work.
With the patch applied the program ran without any problems. The patch file is
attached.
Best regards,
Adolf
--- cheops-ng-0.2.3/probe.c 2005-10-17 22:49:42.0 +0200
+++ probe.c 2007-02-17 13:46:45.0 +0100
@@ -92,27 +92,27 @@
void get_probe_each(gpointer data, gpointer user_data)
{
- u32 *args = (u32 *)user_data;
- u32 port = args[0];
+ u64 *args = (u64 *)user_data;
+ u64 port = args[0];
struct probe *p = (struct probe *)data;
struct probe **pp = (struct probe **)args[1];
-// DEBUG(printf(%s()\n, __FUNCTION__));
- if(*pp == NULL)
+ DEBUG(printf(%s()\n, __FUNCTION__));
+ if(pp *pp == NULL)
{
- if( p-port == (u16)port)
+ if(p-port == (u16)port)
*pp = p;
}
}
struct probe *get_probe(unsigned short port)
{
- u32 args[2];
+ u64 args[2];
struct probe *p = NULL;
- DEBUG(printf(%s()\n, __FUNCTION__));
+ //DEBUG(printf(%s()\n, __FUNCTION__));
args[0] = port;
- args[1] = (u32)p;
+ args[1] = (u64)p;
g_list_foreach(probes, get_probe_each, args);
Bug#409702: Solution found, patch available
On Sat, Feb 17, 2007 at 02:48:49PM +0100, Adolf Winterer wrote: With the patch applied the program ran without any problems. The patch file is attached. Ok. Since you confirm that the bug dissapears with the provided patch I will make a new version upload fixing it with that patch. Thanks Javier signature.asc Description: Digital signature
Bug#384690: marked as done (ftp.debian.org: dresden-ocl_1.1.orig.tar.gz missing in archive)
Your message dated Sat, 17 Feb 2007 14:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#358736: fixed in dresden-ocl 1.1.debian-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: dresden-ocl Severity: important Hi, consider: [EMAIL PROTECTED]:~$ ls -l /org/ftp.debian.org/ftp/pool/main/d/dresden-ocl total 580 -rw-rw-r-- 1 archvsync archvsync 4247 2006-02-01 09:47 dresden-ocl_1.1-10.diff.gz -rw-rw-r-- 1 archvsync archvsync809 2006-02-01 09:47 dresden-ocl_1.1-10.dsc -rw-rw-r-- 1 archvsync archvsync 576850 2006-02-01 09:47 libocl-argo-java_1.1-10_all.deb [EMAIL PROTECTED]:~$ bye, Roland -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) ---End Message--- ---BeginMessage--- Source: dresden-ocl Source-Version: 1.1.debian-1 We believe that the bug you reported is fixed in the latest version of dresden-ocl, which is due to be installed in the Debian FTP archive: dresden-ocl_1.1.debian-1.diff.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.diff.gz dresden-ocl_1.1.debian-1.dsc to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.dsc dresden-ocl_1.1.debian.orig.tar.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian.orig.tar.gz libocl-argo-java_1.1.debian-1_all.deb to pool/main/d/dresden-ocl/libocl-argo-java_1.1.debian-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch [EMAIL PROTECTED] (supplier of updated dresden-ocl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 17 Feb 2007 14:38:04 +0100 Source: dresden-ocl Binary: libocl-argo-java Architecture: source all Version: 1.1.debian-1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Michael Koch [EMAIL PROTECTED] Description: libocl-argo-java - Dresden OCL (Object Constraint Language) Java Toolkit Closes: 358736 384690 Changes: dresden-ocl (1.1.debian-1) unstable; urgency=low . * New upload with orig tarball to work around bug in archive software (Closes: #358736, #384690) Files: e45a94d9991022c103d30fa82ef69207 828 libs optional dresden-ocl_1.1.debian-1.dsc b36d86ca3d07de1e288a8966d61416a9 2134569 libs optional dresden-ocl_1.1.debian.orig.tar.gz b15773b56d9fea041a07db43c67f6c33 4342 libs optional dresden-ocl_1.1.debian-1.diff.gz 44506dbd185d45cc7c22fce72eb6ea31 578832 libs optional libocl-argo-java_1.1.debian-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1whxWSOgCCdjSDsRAtMfAKCEygQiEc+a6/gYy6z/syiikfzfrACgm9XG shQ9joVSwT0K9nYPIPWf5mg= =uJ7z -END PGP SIGNATURE- ---End Message---
Bug#358736: marked as done (dresden-ocl: orig.tar.gz missing in archive (- FTBFS))
Your message dated Sat, 17 Feb 2007 14:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#358736: fixed in dresden-ocl 1.1.debian-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: dresden-ocl Severity: important Hi, consider: [EMAIL PROTECTED]:~$ ls -l /org/ftp.debian.org/ftp/pool/main/d/dresden-ocl total 580 -rw-rw-r-- 1 archvsync archvsync 4247 2006-02-01 09:47 dresden-ocl_1.1-10.diff.gz -rw-rw-r-- 1 archvsync archvsync809 2006-02-01 09:47 dresden-ocl_1.1-10.dsc -rw-rw-r-- 1 archvsync archvsync 576850 2006-02-01 09:47 libocl-argo-java_1.1-10_all.deb [EMAIL PROTECTED]:~$ bye, Roland -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) ---End Message--- ---BeginMessage--- Source: dresden-ocl Source-Version: 1.1.debian-1 We believe that the bug you reported is fixed in the latest version of dresden-ocl, which is due to be installed in the Debian FTP archive: dresden-ocl_1.1.debian-1.diff.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.diff.gz dresden-ocl_1.1.debian-1.dsc to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.dsc dresden-ocl_1.1.debian.orig.tar.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian.orig.tar.gz libocl-argo-java_1.1.debian-1_all.deb to pool/main/d/dresden-ocl/libocl-argo-java_1.1.debian-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch [EMAIL PROTECTED] (supplier of updated dresden-ocl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 17 Feb 2007 14:38:04 +0100 Source: dresden-ocl Binary: libocl-argo-java Architecture: source all Version: 1.1.debian-1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Michael Koch [EMAIL PROTECTED] Description: libocl-argo-java - Dresden OCL (Object Constraint Language) Java Toolkit Closes: 358736 384690 Changes: dresden-ocl (1.1.debian-1) unstable; urgency=low . * New upload with orig tarball to work around bug in archive software (Closes: #358736, #384690) Files: e45a94d9991022c103d30fa82ef69207 828 libs optional dresden-ocl_1.1.debian-1.dsc b36d86ca3d07de1e288a8966d61416a9 2134569 libs optional dresden-ocl_1.1.debian.orig.tar.gz b15773b56d9fea041a07db43c67f6c33 4342 libs optional dresden-ocl_1.1.debian-1.diff.gz 44506dbd185d45cc7c22fce72eb6ea31 578832 libs optional libocl-argo-java_1.1.debian-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1whxWSOgCCdjSDsRAtMfAKCEygQiEc+a6/gYy6z/syiikfzfrACgm9XG shQ9joVSwT0K9nYPIPWf5mg= =uJ7z -END PGP SIGNATURE- ---End Message---
Bug#384690: marked as done (ftp.debian.org: dresden-ocl_1.1.orig.tar.gz missing in archive)
Your message dated Sat, 17 Feb 2007 14:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#384690: fixed in dresden-ocl 1.1.debian-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: dresden-ocl Severity: important Hi, consider: [EMAIL PROTECTED]:~$ ls -l /org/ftp.debian.org/ftp/pool/main/d/dresden-ocl total 580 -rw-rw-r-- 1 archvsync archvsync 4247 2006-02-01 09:47 dresden-ocl_1.1-10.diff.gz -rw-rw-r-- 1 archvsync archvsync809 2006-02-01 09:47 dresden-ocl_1.1-10.dsc -rw-rw-r-- 1 archvsync archvsync 576850 2006-02-01 09:47 libocl-argo-java_1.1-10_all.deb [EMAIL PROTECTED]:~$ bye, Roland -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) ---End Message--- ---BeginMessage--- Source: dresden-ocl Source-Version: 1.1.debian-1 We believe that the bug you reported is fixed in the latest version of dresden-ocl, which is due to be installed in the Debian FTP archive: dresden-ocl_1.1.debian-1.diff.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.diff.gz dresden-ocl_1.1.debian-1.dsc to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.dsc dresden-ocl_1.1.debian.orig.tar.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian.orig.tar.gz libocl-argo-java_1.1.debian-1_all.deb to pool/main/d/dresden-ocl/libocl-argo-java_1.1.debian-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch [EMAIL PROTECTED] (supplier of updated dresden-ocl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 17 Feb 2007 14:38:04 +0100 Source: dresden-ocl Binary: libocl-argo-java Architecture: source all Version: 1.1.debian-1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Michael Koch [EMAIL PROTECTED] Description: libocl-argo-java - Dresden OCL (Object Constraint Language) Java Toolkit Closes: 358736 384690 Changes: dresden-ocl (1.1.debian-1) unstable; urgency=low . * New upload with orig tarball to work around bug in archive software (Closes: #358736, #384690) Files: e45a94d9991022c103d30fa82ef69207 828 libs optional dresden-ocl_1.1.debian-1.dsc b36d86ca3d07de1e288a8966d61416a9 2134569 libs optional dresden-ocl_1.1.debian.orig.tar.gz b15773b56d9fea041a07db43c67f6c33 4342 libs optional dresden-ocl_1.1.debian-1.diff.gz 44506dbd185d45cc7c22fce72eb6ea31 578832 libs optional libocl-argo-java_1.1.debian-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1whxWSOgCCdjSDsRAtMfAKCEygQiEc+a6/gYy6z/syiikfzfrACgm9XG shQ9joVSwT0K9nYPIPWf5mg= =uJ7z -END PGP SIGNATURE- ---End Message---
Bug#358736: marked as done (dresden-ocl: orig.tar.gz missing in archive (- FTBFS))
Your message dated Sat, 17 Feb 2007 14:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#384690: fixed in dresden-ocl 1.1.debian-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: dresden-ocl Severity: important Hi, consider: [EMAIL PROTECTED]:~$ ls -l /org/ftp.debian.org/ftp/pool/main/d/dresden-ocl total 580 -rw-rw-r-- 1 archvsync archvsync 4247 2006-02-01 09:47 dresden-ocl_1.1-10.diff.gz -rw-rw-r-- 1 archvsync archvsync809 2006-02-01 09:47 dresden-ocl_1.1-10.dsc -rw-rw-r-- 1 archvsync archvsync 576850 2006-02-01 09:47 libocl-argo-java_1.1-10_all.deb [EMAIL PROTECTED]:~$ bye, Roland -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) ---End Message--- ---BeginMessage--- Source: dresden-ocl Source-Version: 1.1.debian-1 We believe that the bug you reported is fixed in the latest version of dresden-ocl, which is due to be installed in the Debian FTP archive: dresden-ocl_1.1.debian-1.diff.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.diff.gz dresden-ocl_1.1.debian-1.dsc to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian-1.dsc dresden-ocl_1.1.debian.orig.tar.gz to pool/main/d/dresden-ocl/dresden-ocl_1.1.debian.orig.tar.gz libocl-argo-java_1.1.debian-1_all.deb to pool/main/d/dresden-ocl/libocl-argo-java_1.1.debian-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch [EMAIL PROTECTED] (supplier of updated dresden-ocl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 17 Feb 2007 14:38:04 +0100 Source: dresden-ocl Binary: libocl-argo-java Architecture: source all Version: 1.1.debian-1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Michael Koch [EMAIL PROTECTED] Description: libocl-argo-java - Dresden OCL (Object Constraint Language) Java Toolkit Closes: 358736 384690 Changes: dresden-ocl (1.1.debian-1) unstable; urgency=low . * New upload with orig tarball to work around bug in archive software (Closes: #358736, #384690) Files: e45a94d9991022c103d30fa82ef69207 828 libs optional dresden-ocl_1.1.debian-1.dsc b36d86ca3d07de1e288a8966d61416a9 2134569 libs optional dresden-ocl_1.1.debian.orig.tar.gz b15773b56d9fea041a07db43c67f6c33 4342 libs optional dresden-ocl_1.1.debian-1.diff.gz 44506dbd185d45cc7c22fce72eb6ea31 578832 libs optional libocl-argo-java_1.1.debian-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1whxWSOgCCdjSDsRAtMfAKCEygQiEc+a6/gYy6z/syiikfzfrACgm9XG shQ9joVSwT0K9nYPIPWf5mg= =uJ7z -END PGP SIGNATURE- ---End Message---
Bug#409702: Solution found, patch available
Hallo Javier, * Javier Fernández-Sanguino Peña [EMAIL PROTECTED] [2007-02-17 15:19]: On Sat, Feb 17, 2007 at 02:48:49PM +0100, Adolf Winterer wrote: With the patch applied the program ran without any problems. The patch file is attached. Ok. Since you confirm that the bug dissapears with the provided patch I will make a new version upload fixing it with that patch. Please use my last patch, since I mixed up uncommented DEBUG stuff in this patch. Kind regards Nico -- Nico Golde - http://www.ngolde.de JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons, gimme a keyboard with 103/104/105 keys! pgpYvhtBgCKbi.pgp Description: PGP signature
Bug#384793: marked as done (charva: FTBFS: [...]/charva-1.1.1/build.xml:195: compilation failed)
Your message dated Sat, 17 Feb 2007 16:33:13 +0100
with message-id [EMAIL PROTECTED]
and subject line charva: FTBFS: [...]/charva-1.1.1/build.xml:195: compilation
failed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---BeginMessage---
Package: charva
Version: 1.1.1-3
Severity: serious
Justification: no longer builds from source
Hello,
There was a problem while autobuilding your package:
Automatic build of charva_1.1.1-3 on saturne by sbuild/amd64 85
Build started at 20060824-1526
***
[...]
clean:
compile:
[mkdir] Created dir: /build/buildd/charva-1.1.1/java/classes
[javac] Compiling 128 source files to
/build/buildd/charva-1.1.1/java/classes [javac] --
[javac] 1. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/BorderLayout.java [javac]
(at line 232)
[javac] private int _hgap = 0;
[javac] ^
[javac] The field BorderLayout._hgap is never read locally
[javac] --
[javac] 2. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/BorderLayout.java [javac]
(at line 233)
[javac] private int _vgap = 0;
[javac] ^
[javac] The field BorderLayout._vgap is never read locally
[javac] --
[javac] --
[javac] 3. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/Font.java [javac] (at line
57)
[javac] private int _size;
[javac] ^
[javac] The field Font._size is never read locally
[javac] --
[javac] --
[javac] 4. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/IllegalComponentStateExcepti
on.java [javac] (at line 26)
[javac] public class IllegalComponentStateException
[javac]^^
[javac] The serializable class IllegalComponentStateException does not
declare a static final serialVersionUID field of type long [javac]
--
[javac] --
[javac] 5. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/LayoutManager.java [javac]
(at line 22)
[javac] import java.util.Vector;
[javac]
[javac] The import java.util.Vector is never used
[javac] --
[javac] --
[javac] 6. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/LayoutManager2.java [javac]
(at line 22)
[javac] import java.util.Vector;
[javac]
[javac] The import java.util.Vector is never used
[javac] --
[javac] --
[javac] 7. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/SyncQueue.java [javac] (at
line 29)
[javac] class SyncQueue
[javac] ^
[javac] The serializable class SyncQueue does not declare a static
final serialVersionUID field of type long [javac] --
[javac] --
[javac] 8. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/TerminfoCapabilityException.
java [javac] (at line 28)
[javac] public class TerminfoCapabilityException extends Exception {
[javac]^^^
[javac] The serializable class TerminfoCapabilityException does not
declare a static final serialVersionUID field of type long [javac]
--
[javac] --
[javac] 9. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/event/AWTEvent.java [javac]
(at line 22)
[javac] import charva.awt.*;
[javac] ^^
[javac] The import charva.awt is never used
[javac] --
[javac] --
[javac] 10. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/event/ActionEvent.java
[javac] (at line 29)
[javac] public class ActionEvent
[javac]^^^
[javac] The serializable class ActionEvent does not declare a static
final serialVersionUID field of type long [javac] --
[javac] --
[javac] 11. WARNING in
/build/buildd/charva-1.1.1/java/src/charva/awt/event/AdjustmentEvent.java
[javac] (at line 28)
[javac] public class AdjustmentEvent
[javac]^^^
[javac] The serializable class AdjustmentEvent does not declare a
static final serialVersionUID field of type long [javac] --
[javac] --
[javac] 12. WARNING in
Bug#410946: another idea
martin f krafft [EMAIL PROTECTED] wrote: Why don't we simply drop a script into /etc/cron.hourly which sleeps for up to 60 minutes and then calls debsecan, I have no opinion about what the right approach is for the timing stuff. But it seems to me as if this is a different issue, for sure not RC. I'm not sure what you want to achieve with this double action (fixing a bug and doing it in public). If you want to show how to do an NMU, I suggest not to touch the cron mechanism. using /etc/default/debsecan to determine the suite? That would solve the problems, no? Yes, it seems so. Florian has already suggested something like this. If I were him, I would also read the mailto setting from /etc/default/debsecan. If I were you, I wouldn't make such an unnecessary change in an NMU. Oh, no, if I were you, I wouldn't consider an NMU here at all. I don't know Florians opinion about this, and he has the saying here. But if you ask me, unless there's a particular reason why you choose this bug (which I didn't read so far), I think it is a bad example for your famous talk. NMU work should be concentrated on RC bugs which are hard to fix or which have not been addressed properly in the past. A bug that is two days old and already lead to a fruitful discussion between the submitter and the maintainer does not need to be fixed in an NMU. Regards, Frank -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)
Bug#411257: gambas: sizeof(CLASS) = 256 !
Package: gambas Version: 1.0.15-1 Severity: grave Justification: renders package unusable I get the following error when trying to start Gambas: sizeof(CLASS) = 256 ! ERROR: #51: Bad archive: Invalid argument Gambas fails to start due to the above error. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-amd64 Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Versions of packages gambas depends on: ii alien 8.64 install non-native packages with d ii fakeroot1.5.10 Gives a fake root environment ii gambas-doc 1.0.15-1 Free VB-like language ii gambas-gb-compress 1.0.15-1 The Gambas compression component ii gambas-gb-db1.0.15-1 The Gambas database component ii gambas-gb-debug 1.0.15-1 The debugger helper component for ii gambas-gb-eval 1.0.15-1 The Gambas expression evaluator co ii gambas-gb-net 1.0.15-1 The Gambas networking component ii gambas-gb-net-curl 1.0.15-1 The Gambas advanced networking com ii gambas-gb-qt1.0.15-1 The Gambas Qt GUI component ii gambas-gb-qt-editor 1.0.15-1 The Gambas source code editor comp ii gambas-gb-qt-ext1.0.15-1 The Gambas extended Qt GUI compone ii gambas-gb-sdl 1.0.15-1 The Gambas SDL component ii gambas-gb-vb1.0.15-1 The Gambas Visual Basic (tm) compa ii gambas-gb-xml 1.0.15-1 The Gambas Visual Basic (tm) compa ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries gambas recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#410352: Clone against ftp.debian.org
clone #410352 -1 retitle -1 RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team reassign -1 ftp.debian.org stop -- Loïc Minier [EMAIL PROTECTED]
Processed: Clone against ftp.debian.org
Processing commands for [EMAIL PROTECTED]: clone #410352 -1 Bug#410352: gstreamer0.8: Should not be released with Etch Bug 410352 cloned as bug 411258. retitle -1 RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team Bug#411258: gstreamer0.8: Should not be released with Etch Changed Bug title. reassign -1 ftp.debian.org Bug#411258: RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team Bug reassigned from package `gst-ffmpeg' to `ftp.debian.org'. stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 411258 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 severity 411258 normal Bug#411258: RM: gst-ffmpeg -- RoM; superseded by gstreamer0.10-ffmpeg and not supported by the security team Severity set to `normal' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#410400: marked as done (ldtp: FTBFS: make: dh_pysupport: Command not found)
Your message dated Sat, 17 Feb 2007 17:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#410400: fixed in ldtp 0.7.0-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ldtp Version: 0.7.0-1 Severity: serious Hi, Your package is failing to build with the following error: dh_pysupport -a make: dh_pysupport: Command not found make: *** [binary-arch] Error 127 Kurt ---End Message--- ---BeginMessage--- Source: ldtp Source-Version: 0.7.0-2 We believe that the bug you reported is fixed in the latest version of ldtp, which is due to be installed in the Debian FTP archive: ldtp_0.7.0-2.diff.gz to pool/main/l/ldtp/ldtp_0.7.0-2.diff.gz ldtp_0.7.0-2.dsc to pool/main/l/ldtp/ldtp_0.7.0-2.dsc ldtp_0.7.0-2_i386.deb to pool/main/l/ldtp/ldtp_0.7.0-2_i386.deb python-ldtp_0.7.0-2_all.deb to pool/main/l/ldtp/python-ldtp_0.7.0-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kartik Mistry [EMAIL PROTECTED] (supplier of updated ldtp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Fri, 16 Feb 2007 15:23:19 +0530 Source: ldtp Binary: ldtp python-ldtp Architecture: source i386 all Version: 0.7.0-2 Distribution: unstable Urgency: low Maintainer: Kartik Mistry [EMAIL PROTECTED] Changed-By: Kartik Mistry [EMAIL PROTECTED] Description: ldtp - GNU/Linux Desktop Testing Project (GNU/LDTP) python-ldtp - Python bindings for GNU/Linux Desktop Testing Project Closes: 410400 Changes: ldtp (0.7.0-2) unstable; urgency=low . * Fix FTBFS by moving python-support to build-depends (Closes:#410400) Files: 6fc99641bd7d40ca70d5e1df11828205 690 devel optional ldtp_0.7.0-2.dsc d5599394a9a9abc183d54281f33cf715 6776 devel optional ldtp_0.7.0-2.diff.gz 345e197d9ab256a406df1ea2a243c24a 26406 devel optional python-ldtp_0.7.0-2_all.deb 8c71c85937b1b54d07fd2d4767b3 86260 devel optional ldtp_0.7.0-2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF1zCs+C5cwEsrK54RAt9RAJ9A3itcWsI2a2SFh0OI5HIxBi7YmgCg2zzd kBizHtNeSrOIiO/rjOixE48= =+zQQ -END PGP SIGNATURE- ---End Message---
Bug#397032: zinf: Fails to start with X error
This bug is related to the composite extension shown in the xorg.conf.. Bug should probably moved over there. -- Kristian Kvilekval [EMAIL PROTECTED] http://www.cs.ucsb.edu/~kris w:805-893-2526 h:504-9756 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409702: marked as done (cheops-ng: Program cheops-agent immediately segfaults)
Your message dated Sat, 17 Feb 2007 17:47:02 + with message-id [EMAIL PROTECTED] and subject line Bug#409702: fixed in cheops-ng 0.2.3-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: cheops-ng Version: 0.2.3-3 Severity: grave Justification: renders package unusable Immediately after invoking the program cheops-agent it segfaults: init_osscan(): Initalizing Speicherzugriffsfehler -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages cheops-ng depends on: ii gdk-imlib11 1.9.14-32 imaging library for use with gtk ii imlib11 1.9.14-32 Imlib is an imaging library for X ii libadns1 1.4-0.1Asynchronous-capable DNS client li ii libart2 1.4.2-35 The GNOME canvas widget - runtime ii libaudiofile0 0.2.6-6Open-source version of SGI's audio ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries ii libdb33.2.9+dfsg-0.1 Berkeley v3 Database Libraries [ru ii libesd-alsa0 [libesd0]0.2.36-3 Enlightened Sound Daemon (ALSA) - ii libglib1.21.2.10-17 The GLib library of C routines ii libgnome321.4.2-35 The GNOME libraries ii libgnomesupport0 1.4.2-35 The GNOME libraries (Support libra ii libgnomeui32 1.4.2-35 The GNOME libraries (User Interfac ii libgtk1.2 1.2.10-18 The GIMP Toolkit set of widgets fo ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii libpng12-01.2.15~beta5-1 PNG library - runtime ii libsm61:1.0.1-3 X11 Session Management library ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii libtiff4 3.8.2-7Tag Image File Format (TIFF) libra ii libungif4g4.1.4-4shared library for GIF images ii libx11-6 2:1.0.3-5 X11 client-side library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxi61:1.0.1-4 X11 Input extension library ii libxml1 1:1.8.17-14GNOME XML library ii nmap 4.20-1 The Network Mapper ii zlib1g1:1.2.3-13 compression library - runtime cheops-ng recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: cheops-ng Source-Version: 0.2.3-4 We believe that the bug you reported is fixed in the latest version of cheops-ng, which is due to be installed in the Debian FTP archive: cheops-ng_0.2.3-4.diff.gz to pool/main/c/cheops-ng/cheops-ng_0.2.3-4.diff.gz cheops-ng_0.2.3-4.dsc to pool/main/c/cheops-ng/cheops-ng_0.2.3-4.dsc cheops-ng_0.2.3-4_i386.deb to pool/main/c/cheops-ng/cheops-ng_0.2.3-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Javier Fernandez-Sanguino Pen~a [EMAIL PROTECTED] (supplier of updated cheops-ng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 17 Feb 2007 15:08:48 +0100 Source: cheops-ng Binary: cheops-ng Architecture: source i386 Version: 0.2.3-4 Distribution: unstable Urgency: low Maintainer: Javier Fernandez-Sanguino Pen~a [EMAIL PROTECTED] Changed-By: Javier Fernandez-Sanguino Pen~a [EMAIL PROTECTED] Description: cheops-ng - Network swiss army knife Closes: 409702 Changes: cheops-ng (0.2.3-4) unstable; urgency=low . * Use patch provided by Nico Golde to prevent SEGFAULT in AMD64 systems (Closes: #409702) Files: c6d4ff36b2c4209f72fb2d33ade0613d 872 net optional cheops-ng_0.2.3-4.dsc b3448ed0393b453d8d522493a5b4f4e5 31583 net optional
Bug#410204: linux-image-2.6.18-4-amd64: Data corruption on dm-crypt+XFS
On Fri, Feb 16, 2007 at 05:31:34PM -0800, Steve Langasek wrote: I'm told that dmcrypt+XFS has never worked in the upstream kernel or in Debian, so this is essentially an unsupported configuration. But you've filed this bug as critical with the justification that it causes serious data loss. Did you lose data as a result of this bug? Could you explain the process by which that happened? It's my impression that this combination is so unreliable that it will oops before you really have a chance to try to use it for storing data, so you can't really lose any data if you can't put it there in the first place. Yes, I did lose data (though fortunately only test data). But you are correct in that this happened quite early, before I really had a chance to start to use it seriously. I copied data to an XFS filesystem in a crypted partition, and I think I got a few gigabytes copied before the oops. After that I googled and figured out the rest, I didn't test if there really was some data loss (didn't ever mount the partition again). Based on the status as a known-buggy and unsupported config I think this bug should be downgraded to non-RC status for etch, but I'd like to be sure first that I understand the impact of any real-world risk of data loss. No objection to that. Though it of course would have been be very helpful if something somewhere (eg. the kernel at mount time) notified me that the config is unsupported. Sami signature.asc Description: Digital signature
Bug#384454: closed by Alberto Gonzalez Iniesta [EMAIL PROTECTED] (Bug#384454: fixed in linux-ftpd 0.17-20sarge2)
Dear Maintainer, Yes, the bug in the patch was mine: meant to check the return status of setgid(getegid()) but somehow managed to mis-type that into setgid(geteuid()). Stupid mistake. Shame on me. Now, linux-ftpd_0.17-20sarge2.diff.gz was dated September 2006 as per your latest closure message http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454;msg=44 (or maybe 20 Nov 2006 as per http://www.debian.org/security/2006/dsa-1217 or 13 Nov 2006 as the date on current http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz ) and contains the wrong patch. So this seems fixed in etch 0.17-23 since 25 Nov 2006, but not yet in sarge (==stable) 0.17-20sarge2. Please fix for sarge also. Thanks, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#410946: another idea
* martin f. krafft: Why don't we simply drop a script into /etc/cron.hourly which sleeps for up to 60 minutes and then calls debsecan, We do exactly this for bfk-backup-client. In my experience, the sleep processes in the process list can be somewhat confusing. And I believe packages shouldn't create gratuitous process table entries. using /etc/default/debsecan to determine the suite? Yeah, but it's not that simple, see #398199. Some configuration file syntax is needed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#410946: another idea
* Frank Küster: I don't know Florians opinion about this, and he has the saying here. But if you ask me, unless there's a particular reason why you choose this bug (which I didn't read so far), I think it is a bad example for your famous talk. NMU work should be concentrated on RC bugs which are hard to fix or which have not been addressed properly in the past. A bug that is two days old and already lead to a fruitful discussion between the submitter and the maintainer does not need to be fixed in an NMU. I slightly puzzled by Martin's approach, too. The problem with this bug is that by its nature, its resolution *requires* a new configuration file, and therefore defining some syntax for it. I certainly don't object to anyone providing suggestions or patches, but I don't see why this has to lead to something which inherently is an unreviewed NMU. Frankly, I'm somewhat pissed that I've spent a couple of minutes on writing this message, instead of working on the bug itself.
Bug#408530: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
clone 408530 -1 -2
reassign -1 asterisk-chan-capi
retitle -1 asterisk-chan-capi: Need a mutex for calls to capi_{cmsg,message}2str
reassign -2 linux-2.6
retitle -2 linux-2.6: capi_{cmsg,message}2str not thread-safe; vulnerable to
buffer overflow
block -1 with 408530
tags -2 upstream
forwarded -2 http://bugzilla.kernel.org/show_bug.cgi?id=8028
thanks
This function and capi_message2str are not thread-safe either; nor can
they be made so without the use of TSS for their buffers. chan_capi
will need to use a mutex to prevent collision between concurrent uses of
these functions. I don't know what can be done in the kernel. The
buffer overflow could conceivably be due to two concurrent calls to
these functions rather than a single message.
Ben.
--
Ben Hutchings
It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
Processed: Re: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Processing commands for [EMAIL PROTECTED]:
clone 408530 -1 -2
Bug#408530: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Bug 408530 cloned as bugs 411293-411294.
reassign -1 asterisk-chan-capi
Bug#411293: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Bug reassigned from package `libcapi20-3' to `asterisk-chan-capi'.
retitle -1 asterisk-chan-capi: Need a mutex for calls to
capi_{cmsg,message}2str
Bug#411293: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Changed Bug title.
reassign -2 linux-2.6
Bug#411294: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Bug reassigned from package `libcapi20-3' to `linux-2.6'.
retitle -2 linux-2.6: capi_{cmsg,message}2str not thread-safe; vulnerable to
buffer overflow
Bug#411294: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Changed Bug title.
block -1 with 408530
Bug#411293: asterisk-chan-capi: Need a mutex for calls to
capi_{cmsg,message}2str
Was not blocked by any bugs.
Blocking bugs of 411293 added: 408530
tags -2 upstream
Bug#411294: linux-2.6: capi_{cmsg,message}2str not thread-safe; vulnerable to
buffer overflow
Tags were: security
Tags added: upstream
forwarded -2 http://bugzilla.kernel.org/show_bug.cgi?id=8028
Bug#411294: linux-2.6: capi_{cmsg,message}2str not thread-safe; vulnerable to
buffer overflow
Noted your statement that Bug has been forwarded to
http://bugzilla.kernel.org/show_bug.cgi?id=8028.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#384454: closed by Alberto Gonzalez Iniesta [EMAIL PROTECTED] (Bug#384454: fixed in linux-ftpd 0.17-20sarge2)
On Sun, Feb 18, 2007 at 07:24:16AM +1100, Paul Szabo wrote: Dear Maintainer, Yes, the bug in the patch was mine: meant to check the return status of setgid(getegid()) but somehow managed to mis-type that into setgid(geteuid()). Stupid mistake. Shame on me. Now, linux-ftpd_0.17-20sarge2.diff.gz was dated September 2006 as per your latest closure message http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454;msg=44 (or maybe 20 Nov 2006 as per http://www.debian.org/security/2006/dsa-1217 or 13 Nov 2006 as the date on current http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz ) and contains the wrong patch. So this seems fixed in etch 0.17-23 since 25 Nov 2006, but not yet in sarge (==stable) 0.17-20sarge2. Please fix for sarge also. I sent the fix to the security team, but they decided to ignore it. I wasn't in the mood to fight with them... Feel free to contact them at [EMAIL PROTECTED] You can Cc me if you want. Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
Processed: Re: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
Processing commands for [EMAIL PROTECTED]: tags 408530 patch Bug#408530: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408530: libcapi20-3: buffer overflow in printbuf called from capi_cmsg2str
tags 408530 patch
thanks
Patch for isdnutils:
diff -u isdnutils-3.9.20060704/debian/rules isdnutils-3.9.20060704/debian/rules
--- isdnutils-3.9.20060704/debian/rules
+++ isdnutils-3.9.20060704/debian/rules
@@ -388,6 +388,7 @@
ppp-2.4.4b1 \
vbox-little-endian \
toplevel-make \
+ capi20-msg2str-safety \
ifeq ($(distribution),Ubuntu)
debian_patches += no-imake
only in patch2:
unchanged:
--- isdnutils-3.9.20060704.orig/debian/patches/capi20-msg2str-safety.dpatch
+++ isdnutils-3.9.20060704/debian/patches/capi20-msg2str-safety.dpatch
@@ -0,0 +1,58 @@
+#! /bin/sh -e
+
+# DP: Prevent buffer overflow in capi20_{cmsg,message}2str.
+# DP: Add warning that they are not thread-safe.
+
+dir=
+if [ $# -eq 3 -a $2 = '-d' ]; then
+pdir=-d $3
+dir=$3/
+elif [ $# -ne 1 ]; then
+echo 2 usage: `basename $0`: -patch|-unpatch [-d srcdir]
+exit 1
+fi
+case $1 in
+-patch)
+patch $pdir -f --no-backup-if-mismatch -p0 $0
+;;
+-unpatch)
+patch $pdir -f --no-backup-if-mismatch -R -p0 $0
+;;
+*)
+ echo 2 usage: `basename $0`: -patch|-unpatch [-d srcdir]
+exit 1
+esac
+exit 0
+
+--- capi20/capiutils.h~2005-03-08 07:26:47.0 +
capi20/capiutils.h 2007-02-17 20:22:48.0 +
+@@ -308,6 +308,10 @@
+ #define capi20_cmd2strcapi_cmd2str
+ char *capi_cmd2str(_cbyte cmd, _cbyte subcmd);
+
++/*
++ * WARNING: The following two functions use a single static buffer and
++ * are not thread-safe.
++ */
+ #define capi20_cmsg2str capi_cmsg2str
+ char *capi_cmsg2str(_cmsg * cmsg);
+
+--- capi20/convert.c~ 2005-05-09 09:23:01.0 +0100
capi20/convert.c 2007-02-17 20:34:17.0 +
+@@ -894,10 +894,14 @@
+ static void bufprint(char *fmt,...)
+ {
+ va_list f;
++ size_t space = buf + sizeof(buf) - p, len;
+ va_start(f, fmt);
+- vsprintf(p, fmt, f);
++ len = vsnprintf(p, space, fmt, f);
+ va_end(f);
+- p += strlen(p);
++ if (len space - 1)
++ p += len;
++ else
++ p += space - 1;
+ }
+
+ static void printstructlen(_cbyte * m, unsigned len)
-- END --
I can't test this in place because I don't know how to construct a
message that would overflow the buffer. However, the following test
program:
-- BEGIN --
static char buf[8192];
static char *p = 0;
#include stdio.h
#include stdarg.h
static void bufprint(char *fmt,...)
{
va_list f;
size_t space = buf + sizeof(buf) - p, len;
va_start(f, fmt);
len = vsnprintf(p, space, fmt, f);
va_end(f);
if (len space - 1)
p += len;
else
p += space - 1;
}
int main(void)
{
int i;
p = buf;
p[0] = 0;
for (i = 0; i != 10; ++i)
{
bufprint(%4096s, foo);
bufprint(%4096s, bar?);
}
puts(buf);
}
-- END --
shows that output is truncated after the last character that will fit in
the buffer (r in this case) as intended.
Ben.
--
Ben Hutchings
It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
Bug#411293: asterisk-chan-capi: Need a mutex for calls to capi_{cmsg,message}2str
tags 411293 +patch
thanks
Patch for asterisk-chan-capi:
diff -u asterisk-chan-capi-0.7.1/debian/patches/00list
asterisk-chan-capi-0.7.1/debian/patches/00list
--- asterisk-chan-capi-0.7.1/debian/patches/00list
+++ asterisk-chan-capi-0.7.1/debian/patches/00list
@@ -1,0 +2 @@
+02_capi-msg2str-mutex
only in patch2:
unchanged:
--- asterisk-chan-capi-0.7.1.orig/debian/patches/02_capi-msg2str-mutex.dpatch
+++ asterisk-chan-capi-0.7.1/debian/patches/02_capi-msg2str-mutex.dpatch
@@ -0,0 +1,58 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02_capi-msg2str-mutex.dpatch by Ben Hutchings [EMAIL PROTECTED]
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Protect calls to capi20_{cmsg,message}2str and use of their
+## DP: buffer with a mutex.
+
[EMAIL PROTECTED]@
+--- asterisk-chan-capi-0.7.0/chan_capi.c~ 2006-10-08 13:38:27.0
+
asterisk-chan-capi-0.7.0/chan_capi.c 2007-02-17 22:26:32.0
+
+@@ -167,6 +167,8 @@
+ * 4. cc_mutex_lock(messagenumber_lock);
+ * 5. cc_mutex_lock(usecnt_lock);
+ * 6. cc_mutex_lock(capi_put_lock);
++ * 7. cc_mutex_lock(capi_msg2str_lock);
++ * 8. cc_mutex_lock(verbose_lock);
+ *
+ *
+ * ** the PBX will call the callback functions with
+@@ -180,6 +182,7 @@
+ AST_MUTEX_DEFINE_STATIC(usecnt_lock);
+ AST_MUTEX_DEFINE_STATIC(iflock);
+ AST_MUTEX_DEFINE_STATIC(capi_put_lock);
++AST_MUTEX_DEFINE_STATIC(capi_msg2str_lock);
+ AST_MUTEX_DEFINE_STATIC(verbose_lock);
+
+ static int capi_capability = AST_FORMAT_ALAW;
+@@ -402,6 +405,7 @@
+ return -1;
+ }
+
++ cc_mutex_lock(capi_msg2str_lock);
+ if (error) {
+ cc_log(LOG_ERROR, CAPI error sending %s (NCCI=%#x) (error=%#x
%s)\n,
+ capi_cmsg2str(CMSG), (unsigned int)HEADER_CID(CMSG),
+@@ -415,6 +419,7 @@
+ cc_verbose(4, 1, %s\n, capi_cmsg2str(CMSG));
+ }
+ }
++ cc_mutex_unlock(capi_msg2str_lock);
+
+ return error;
+ }
+@@ -3972,12 +3977,14 @@
+ unsigned short wInfo = 0x;
+ struct capi_pvt *i = find_interface_by_plci(PLCI);
+
++ cc_mutex_lock(capi_msg2str_lock);
+ if ((wCmd == CAPI_P_IND(DATA_B3)) ||
+ (wCmd == CAPI_P_CONF(DATA_B3))) {
+ cc_verbose(7, 1, %s\n, capi_cmsg2str(CMSG));
+ } else {
+ cc_verbose(4, 1, %s\n, capi_cmsg2str(CMSG));
+ }
++ cc_mutex_unlock(capi_msg2str_lock);
+
+ if (i != NULL)
+ cc_mutex_lock(i-lock);
-- END --
Unfortunately I have no suitable hardware with which to test this
package; therefore this is untested except that it builds cleanly.
Ben.
--
Ben Hutchings
It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
Processed: Re: asterisk-chan-capi: Need a mutex for calls to capi_{cmsg,message}2str
Processing commands for [EMAIL PROTECTED]:
tags 411293 +patch
Bug#411293: asterisk-chan-capi: Need a mutex for calls to
capi_{cmsg,message}2str
Tags were: security
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Merge f2py bugs
Processing commands for [EMAIL PROTECTED]: reassign 411049 python-numpy Bug#411049: python-numpy-dev: file conflict with python-numpy Bug reassigned from package `python-numpy-dev' to `python-numpy'. merge 411005 411049 410944 Bug#410944: python-numpy: trying to overwrite `/usr/lib/python2.4/site-packages/numpy/f2py/src/fortranobject.h' Bug#411005: File clash in python-numpy and python-numpy-dev Bug#411049: python-numpy-dev: file conflict with python-numpy Merged 410944 411005 411049. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405461: jabber does not allow ssl connections
found 405461 1.4.3-3 thanks Hi, This seems to be caused by using libssl0.9.8 instead of 0.9.7. The amd64 version 1.4.3-3 was build after we changed to 0.9.8 so it's linked to libssl0.9.8. So this should be affecting version 1.4.3-3 on amd64 too. It will also cause problems if we ever need to do a security upload. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411301: gaim DNS children die when gaim-otr is installed
Package: gaim-otr Version: 3.0.0+cvs20060530-3 Severity: grave Justification: renders package unusable After installing gaim-otr, when gaim is started it pops up a dialog box titled GStreamer Failure and with contents GStreamer failed to initialize In the console I started gaim from, several lines that looks like = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** = print out, and then one new line is printed about every 18 seconds. In the buddy list window, each messaging service is off-line and has an error message to the effect of disconnected: ... unable to send request to resolver process or disconnected: Couldn't connect to host When I run gaim in debug mode (gaim -d), the following is in the output: = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21220, there are now 1 children. dns: DNS child 21220 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21221, there are now 1 children. dns: DNS child 21221 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process = When I remove gaim-otr, gaim works properly. Without gaim-otr installed, the same section in debug mode looks like: = dns: Created new DNS child 21274, there are now 1 children. dns: Successfully sent DNS request to child 21274 dns: Created new DNS child 21275, there are now 2 children. dns: Successfully sent DNS request to child 21275 = -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-amd64-smp Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gaim-otr depends on: ii gaim1:2.0.0+beta5-10 multi-protocol instant messaging c ii libc6 2.3.6.ds1-12 GNU C Library: Shared libraries ii libgcrypt11 1.2.3-2 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2library for common error values an ii libotr2 3.0.0-2 Off-the-Record Messaging library gaim-otr recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: jabber does not allow ssl connections
Processing commands for [EMAIL PROTECTED]: found 405461 1.4.3-3 Bug#405461: jabber 1.4.3-3.1 does not allow ssl connections Bug marked as found in version 1.4.3-3. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: mozilla-plugin-vlc: Non-existent vlcintf.xpt file!
Processing commands for [EMAIL PROTECTED]: found 403022 0.8.6-svn20061012.debian-4 Bug#403022: Non-existent vlcintf.xpt file! Bug marked as found in version 0.8.6-svn20061012.debian-4. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403022: mozilla-plugin-vlc: Non-existent vlcintf.xpt file!
found 403022 0.8.6-svn20061012.debian-4 thanks The file doesn't exist, so I'm tagging this as affecting this version. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411293: asterisk-chan-capi: Need a mutex for calls to capi_{cmsg,message}2str
Let's try that again with accurate function and directory names:
diff -u asterisk-chan-capi-0.7.1/debian/patches/00list
asterisk-chan-capi-0.7.1/debian/patches/00list
--- asterisk-chan-capi-0.7.1/debian/patches/00list
+++ asterisk-chan-capi-0.7.1/debian/patches/00list
@@ -1,0 +2 @@
+02_capi-cmsg2str-mutex
only in patch2:
unchanged:
--- asterisk-chan-capi-0.7.1.orig/debian/patches/02_capi-cmsg2str-mutex.dpatch
+++ asterisk-chan-capi-0.7.1/debian/patches/02_capi-cmsg2str-mutex.dpatch
@@ -0,0 +1,57 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02_capi-msg2str-mutex.dpatch by Ben Hutchings [EMAIL PROTECTED]
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Protect calls to capi_cmsg2str and use of its buffer with a mutex.
+
[EMAIL PROTECTED]@
+--- asterisk-chan-capi-0.7.1/chan_capi.c~ 2006-10-08 13:38:27.0
+
asterisk-chan-capi-0.7.1/chan_capi.c 2007-02-17 22:26:32.0
+
+@@ -167,6 +167,8 @@
+ * 4. cc_mutex_lock(messagenumber_lock);
+ * 5. cc_mutex_lock(usecnt_lock);
+ * 6. cc_mutex_lock(capi_put_lock);
++ * 7. cc_mutex_lock(capi_cmsg2str_lock);
++ * 8. cc_mutex_lock(verbose_lock);
+ *
+ *
+ * ** the PBX will call the callback functions with
+@@ -180,6 +182,7 @@
+ AST_MUTEX_DEFINE_STATIC(usecnt_lock);
+ AST_MUTEX_DEFINE_STATIC(iflock);
+ AST_MUTEX_DEFINE_STATIC(capi_put_lock);
++AST_MUTEX_DEFINE_STATIC(capi_cmsg2str_lock);
+ AST_MUTEX_DEFINE_STATIC(verbose_lock);
+
+ static int capi_capability = AST_FORMAT_ALAW;
+@@ -402,6 +405,7 @@
+ return -1;
+ }
+
++ cc_mutex_lock(capi_cmsg2str_lock);
+ if (error) {
+ cc_log(LOG_ERROR, CAPI error sending %s (NCCI=%#x) (error=%#x
%s)\n,
+ capi_cmsg2str(CMSG), (unsigned int)HEADER_CID(CMSG),
+@@ -415,6 +419,7 @@
+ cc_verbose(4, 1, %s\n, capi_cmsg2str(CMSG));
+ }
+ }
++ cc_mutex_unlock(capi_cmsg2str_lock);
+
+ return error;
+ }
+@@ -3972,12 +3977,14 @@
+ unsigned short wInfo = 0x;
+ struct capi_pvt *i = find_interface_by_plci(PLCI);
+
++ cc_mutex_lock(capi_cmsg2str_lock);
+ if ((wCmd == CAPI_P_IND(DATA_B3)) ||
+ (wCmd == CAPI_P_CONF(DATA_B3))) {
+ cc_verbose(7, 1, %s\n, capi_cmsg2str(CMSG));
+ } else {
+ cc_verbose(4, 1, %s\n, capi_cmsg2str(CMSG));
+ }
++ cc_mutex_unlock(capi_cmsg2str_lock);
+
+ if (i != NULL)
+ cc_mutex_lock(i-lock);
-- END --
--
Ben Hutchings
It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
Bug#403062: scala: FTBFS: b-dep on gcj-4.0 which is not available anymore
close 403062 2.3.2-1 thanks Hi, It seems you didn't include the changelog from the NMU, so the bts thinks this wasn't fixed. You seem to have made the same change in 2.3.2-1 so I'm marking it as fixed in that version. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411301: marked as forwarded (gaim DNS children die when gaim-otr is installed)
Your message dated Sun, 18 Feb 2007 00:48:26 +0100 with message-id [EMAIL PROTECTED] has caused the Debian Bug report #411301, regarding gaim DNS children die when gaim-otr is installed to be marked as having been forwarded to the upstream software author(s) . (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- tags 411301 upstream help thanks This bug looks a lot like #404590. I think upstream is working on a fix. Michael: do you happen to have 'combined' contacts, as in #404590? Ian and OTR people, FYI, if this bug isn't fixed ASAP, gaim-otr will unfortunately likely be removed from Debian 4.0 (etch) because of the severity of this bug... HTH T-Bone On 2/18/07, Michael Berg [EMAIL PROTECTED] wrote: Package: gaim-otr Version: 3.0.0+cvs20060530-3 Severity: grave Justification: renders package unusable After installing gaim-otr, when gaim is started it pops up a dialog box titled GStreamer Failure and with contents GStreamer failed to initialize In the console I started gaim from, several lines that looks like = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** = print out, and then one new line is printed about every 18 seconds. In the buddy list window, each messaging service is off-line and has an error message to the effect of disconnected: ... unable to send request to resolver process or disconnected: Couldn't connect to host When I run gaim in debug mode (gaim -d), the following is in the output: = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21220, there are now 1 children. dns: DNS child 21220 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21221, there are now 1 children. dns: DNS child 21221 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process = When I remove gaim-otr, gaim works properly. Without gaim-otr installed, the same section in debug mode looks like: = dns: Created new DNS child 21274, there are now 1 children. dns: Successfully sent DNS request to child 21274 dns: Created new DNS child 21275, there are now 2 children. dns: Successfully sent DNS request to child 21275 = -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-amd64-smp Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gaim-otr depends on: ii gaim1:2.0.0+beta5-10 multi-protocol instant messaging c ii libc6 2.3.6.ds1-12 GNU C Library: Shared libraries ii libgcrypt11 1.2.3-2 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2library for common error values an ii libotr2 3.0.0-2 Off-the-Record Messaging library gaim-otr recommends no packages. -- no debconf information -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ ---End Message---
Processed: Re: Bug#411301: gaim DNS children die when gaim-otr is installed
Processing commands for [EMAIL PROTECTED]: tags 411301 upstream help Bug#411301: gaim DNS children die when gaim-otr is installed There were no tags set. Tags added: upstream, help thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411305: running alsa-utils at boot breaks sound configuration
Package: alsa-utils Version: 1.0.13-2 Severity: grave Justification: renders package unusable After upgrade of linux-sound-base (1.0.13-4) and alsa-base (1.0.13-4) alsa-utils is no longer working. Actually is completely messes up the sound system. Steps to reproduce the error: 1) Clean all sound configuration: dpkg --purge --force-all libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils 2) Install from scratch: apt-get install libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils 3) Restore mixer settings (unmute volume and pcm) 4) Login. Sound is working 5) Restart the system. You receive notification that all sound and mixer settings are saved. 6) When the system comes up again aumix produceses a long list of errors indication that sound card could not be found in which case no restoring of sound and mixer setting was possible. 7) Login and discovere that all indication of a working alsa sound system are gone. 8) Clean up again: dpkg --purge --force-all libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils 9) Install from scratch again but this time don't include alsa-utils: apt-get install libasound2 libasound2-plugins linux-sound-base alsa-base 10) Restore mixer settings 11) Login. sound is working. 12) Restart the system. You receive notification that all sound and mixer settings are saved. 13) When the system comes up again you receive notification that all sound and mixer settings are saved. 14) Login. This time alsa sound system is working properly. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: scala: FTBFS: b-dep on gcj-4.0 which is not available anymore
Processing commands for [EMAIL PROTECTED]: close 403062 2.3.2-1 Bug#403062: scala: FTBFS: b-dep on gcj-4.0 which is not available anymore 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 2.3.2-1, send any further explanations to Lucas Nussbaum [EMAIL PROTECTED] thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: [Pkg-alsa-devel] Bug#411305: running alsa-utils at boot breaks sound configuration
Processing commands for [EMAIL PROTECTED]: severity 411305 normal Bug#411305: running alsa-utils at boot breaks sound configuration Severity set to `normal' from `grave' stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411305: [Pkg-alsa-devel] Bug#411305: running alsa-utils at boot breaks sound configuration
severity 411305 normal stop On Sun, 18 Feb 2007 the mental interface of Michael Rasmussen told: Package: alsa-utils Version: 1.0.13-2 Severity: grave Not really, read [1] Justification: renders package unusable After upgrade of linux-sound-base (1.0.13-4) and alsa-base (1.0.13-4) alsa-utils is no longer working. Actually is completely messes up the sound system. Steps to reproduce the error: 1) Clean all sound configuration: dpkg --purge --force-all libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils done 2) Install from scratch: apt-get install libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils done 3) Restore mixer settings (unmute volume and pcm) via alsactl store 4) Login. Sound is working yes 5) Restart the system. You receive notification that all sound and mixer settings are saved. yes 6) When the system comes up again aumix produceses a long list of errors indication that sound card could not be found in which case no restoring of sound and mixer setting was possible. no! Could you please provide the complete dmesg? Here: $ dpkg -l | egrep (alsa|sound) ii alsa-base 1.0.13-4 ii alsa-oss1.0.12-1 ii alsa-utils 1.0.13-2 ii libasound2 1.0.13-1 ii libasound2-plugins 1.0.13-3 ii linux-sound-base1.0.13-4 .. 7) Login and discovere that all indication of a working alsa sound system are gone. Works fine here listening to Joe Satriani with my $ cat /proc/asound/cards 0 [Live ]: EMU10K1 - SB PCI512 [CT4790] SB PCI512 [CT4790] (rev.8, serial:0x80231102) at 0xac00, irq 11 8) Clean up again: dpkg --purge --force-all libasound2 libasound2-plugins linux-sound-base alsa-base alsa-utils Doesn't matter on my system 9) Install from scratch again but this time don't include alsa-utils: apt-get install libasound2 libasound2-plugins linux-sound-base alsa-base Doesn't matter on my system So please tell us which kernel (sound driver - lsmod | grep snd) you're using. Your platform (cat /proc/version) would be nice to know. For an first approach: install alsa-utils 1.0.13-2 again, delete /var/lib/alsa/asound.state and do /etc/init.d/alsa-utils restart. I am waiting for the results ;) Elimar [1] http://www.debian.org/Bugs/Developer#severities -- Never make anything simple and efficient when a way can be found to make it complex and wonderful ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411301: marked as forwarded (gaim DNS children die when gaim-otr is installed)
Your message dated Sat, 17 Feb 2007 20:38:22 -0500 with message-id [EMAIL PROTECTED] has caused the Debian Bug report #411301, regarding gaim DNS children die when gaim-otr is installed to be marked as having been forwarded to the upstream software author(s) Thibaut VARENE [EMAIL PROTECTED]. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- On Sun, Feb 18, 2007 at 12:48:26AM +0100, Thibaut VARENE wrote: tags 411301 upstream help thanks This bug looks a lot like #404590. I think upstream is working on a fix. Michael: do you happen to have 'combined' contacts, as in #404590? I don't think this looks like #404590 at all. That bug has to do with multiple conversations being assigned to the same window (something new in gaim 2 beta, and somewhat of a security problem in and of itself). Here, Michael is reporting that gaim doesn't start up at all! This can't be a widespread problem, though, since we'd definitely have heard about it by now. Is anyone else running Debian amd64 (x86_64) that can test this? Michael, what other gaim plugins do you have installed? Can you send me the entire output of gaim -d? Ian and OTR people, FYI, if this bug isn't fixed ASAP, gaim-otr will unfortunately likely be removed from Debian 4.0 (etch) because of the severity of this bug... What version of gaim is etch going to have? gaim-otr still works great with the last release (1.5), but is apparently having some issues with the rapidly changing gaim 2 betas. - Ian HTH T-Bone On 2/18/07, Michael Berg [EMAIL PROTECTED] wrote: Package: gaim-otr Version: 3.0.0+cvs20060530-3 Severity: grave Justification: renders package unusable After installing gaim-otr, when gaim is started it pops up a dialog box titled GStreamer Failure and with contents GStreamer failed to initialize In the console I started gaim from, several lines that looks like = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** = print out, and then one new line is printed about every 18 seconds. In the buddy list window, each messaging service is off-line and has an error message to the effect of disconnected: ... unable to send request to resolver process or disconnected: Couldn't connect to host When I run gaim in debug mode (gaim -d), the following is in the output: = *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21220, there are now 1 children. dns: DNS child 21220 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process *** glibc detected *** free(): invalid pointer: 0x005f9fd8 *** dns: Created new DNS child 21221, there are now 1 children. dns: DNS child 21221 no longer exists dnsquery: Unable to send request to resolver process proxy: Connection attempt failed: Unable to send request to resolver process = When I remove gaim-otr, gaim works properly. Without gaim-otr installed, the same section in debug mode looks like: = dns: Created new DNS child 21274, there are now 1 children. dns: Successfully sent DNS request to child 21274 dns: Created new DNS child 21275, there are now 2 children. dns: Successfully sent DNS request to child 21275 = -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-amd64-smp Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gaim-otr depends on: ii gaim1:2.0.0+beta5-10 multi-protocol instant messaging c ii libc6 2.3.6.ds1-12 GNU C Library: Shared libraries ii libgcrypt11 1.2.3-2 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2library for common error values an ii libotr2 3.0.0-2 Off-the-Record Messaging library gaim-otr recommends no packages. -- no debconf information -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ ---End Message---
Processed: reopening 410850
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 reopen 410850 [EMAIL PROTECTED] Bug#410850: CVE-2006-6980: magnatune shell escapes 'reopen' is deprecated when a bug has been closed with a version; use 'found' or 'submitter' as appropriate instead. Bug reopened, originator set to [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability
Processing commands for [EMAIL PROTECTED]: tags 411192 pending Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability Tags were: fixed-upstream patch security Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411192: CVE-2007-0981: serious cookie-stealing vulnerability
tags 411192 pending thanks * Kees Cook ([EMAIL PROTECTED]) wrote: Package: iceweasel Version: 2.0.0.1+dfsg-2 Severity: grave Tags: security, fixed-upstream, patch http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 says: Mozilla based browsers allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=370445 Upstream patch: https://bugzilla.mozilla.org/attachment.cgi?id=255252 Thanks, patch is applied and I will try to roll out a build tonight. -- Eric Dorland [EMAIL PROTECTED] ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6 signature.asc Description: Digital signature
Bug#410948: Reopen
reopen 410948 severity 410948 minor thanks Steve Langasek a écrit : On Fri, Feb 16, 2007 at 04:05:17AM -0500, Filipus Klutiero wrote: [...] Again, this is an effort to keep the government from claiming *more* rights over the software than what's permitted by the usual license, not to prevent the government from exercising rights that are granted to everyone else. To make it clear, I believed you when you first stated this. But re-reading the license, it's still not how I interpret what's written. Well, there's room for greater clarity here; there usually is with license texts. If you feel strongly about this wording needing to be improved, you can reopen the bug at a lower severity, but I wouldn't give you very good odds of getting the license changed given that citing government regs in your license is usually a good indication of an institutional mentality that loves boilerplate. OK, thank you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Reopen
Processing commands for [EMAIL PROTECTED]: reopen 410948 Bug#410948: license issues with des.tcl Bug reopened, originator not changed. severity 410948 minor Bug#410948: license issues with des.tcl Severity set to `minor' from `serious' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#408741: espeak 1.19-2
Hi, On Mon, Feb 05, 2007 at 12:26:00PM -0800, Steve Langasek wrote: On Mon, Feb 05, 2007 at 07:46:34PM +0100, Samuel Thibault wrote: Steve Langasek, le Sun 04 Feb 2007 15:05:37 -0800, a écrit : I am raising the severity of 408741 to 'grave', which is the correct severity for such a bug. I don't understand this: IIUC the package never worked for these archs. So wouldn't it be OK to upload a 1.16 with big-endian archs disabled? Yes. But currently, there is a grave bug in testing for these archs. Do either of you have plans for a t-p-u upload to drop the big-endian archs for espeak? Should I plan to NMU? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Processed: closing 395858
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 # this works better close 395858 0.56-1.1 Bug#395858: libfile-homedir-perl: FTBFS: tests failed 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 0.56-1.1, send any further explanations to Julien Danjou [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#410204: linux-image-2.6.18-4-amd64: Data corruption on dm-crypt+XFS
Processing commands for [EMAIL PROTECTED]: severity 410204 important Bug#410204: linux-image-2.6.18-4-amd64: Data corruption on dm-crypt+XFS Severity set to `important' from `critical' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
