On Sun, Jan 18, 2015 at 10:24:30AM +, Ben Hutchings wrote:
Source: oss4
Version: 4.2-build2006-2
Severity: critical
Tags: security
In kernel/drv/oss_usb/oss_usb.c:
OSS maintainers,
did you forward this upstream?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Mon, 26 Jan 2015 01:01:03 +0100, Axel Beckert wrote:
$ dpkg-divert --list *ack*
local diversion of /usr/bin/ack-grep to /usr/bin/ack
^
... which backs my assumption that a _local_ diversion (i.e. none made
by a package) is the cause.
That's my interpretation as well.
I tend to
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
* The potential invalid writes in modules/services_discovery/sap.c and
modules/access/ftp.c were not fixed as I did not provide a
trigger. Note, that the code looks very similar to the confirmed bug
in
Hi Moritz,
On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote:
On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
Package: fex
Version: 20140917-1
Severity: serious
Tags: security patch upstream pending confirmed jessie
As upstream has released a new
Hi Michael,
Control: tags -1 pending
2015-01-19 7:17 GMT+01:00 Michael Gilbert mgilb...@debian.org:
package: libv8-3.14
version: 3.14.5.8-8
severity: grave
tags: security
Hi, the security team has decided that this package will not receive
security support for jessie. This has already
Your message dated Mon, 26 Jan 2015 12:48:24 +
with message-id e1yfj5c-0002lp...@franck.debian.org
and subject line Bug#776079: fixed in tkrplot 0.0.23-3
has caused the Debian Bug report #776079,
regarding tkrplot: FTBFS in unstable - fatal error: tk.h: No such file or
directory
to be marked
On Mon, Jan 26, 2015 at 01:41:54PM +0100, Kilian Krause wrote:
Hi Moritz,
On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote:
On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
Package: fex
Version: 20140917-1
Severity: serious
Tags: security patch
Package: mpdscribble
Version: 0.22-5
Severity: grave
Justification: renders package unusable
With default configuration the service tries to create its pidfile in
folder '/var/run/mpdscribble', but such a folder is not created by
installation script, nor it persists to system reboot. This cause
* Moritz Mühlenhoff j...@inutil.org [150126 13:45]:
On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
AFAICT there is no publicly available patch, and upstream is more or
less dead.
Redmine's patched redcloth3 looks very different from the current
redcloth 4.x
On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote:
AFAICT there is no publicly available patch, and upstream is more or
less dead.
Redmine's patched redcloth3 looks very different from the current
redcloth 4.x sources, so I have my doubts if forward porting this
is
On 23 January 2015 at 17:17, James Cowgill wrote:
| Source: tkrplot
| Version: 0.0.23-2
| Severity: serious
| Tags: sid
|
| Hi,
|
| tkrplot seems to FTBFS in unstable (but not in jessie) with the error:
| gcc -std=gnu99 -I/usr/share/R/include -DNDEBUG -I/usr/include/tcl8.6
Control: severity -1 important
Control: clone -1 -2
Control: retitle -2 Installation manual should warn about the use of LVM
partition types
Control: reassign -2 installation-guide
On Sun, Jan 18, 2015 at 04:24:43PM +, Steve McIntyre wrote:
On Wed, Nov 19, 2014 at 03:36:19PM -0600, Drake
Processing commands for cont...@bugs.debian.org:
package resolvconf
Limiting to bugs with field 'package' containing at least one of 'resolvconf'
Limit currently set to 'package':'resolvconf'
tags 775356 pending
Bug #775356 [resolvconf] resolvconf: bashisms in
Your message dated Mon, 26 Jan 2015 15:48:28 +
with message-id e1yflts-he...@franck.debian.org
and subject line Bug#774918: fixed in cups-pdf 2.6.1-15
has caused the Debian Bug report #774918,
regarding cups-pdf: copyright file missing after upgrade (policy 12.5)
to be marked as done.
Processing control commands:
severity -1 important
Bug #768897 [partman-lvm] quietly very aggressive WRT existing LVM-typed
partitions
Severity set to 'important' from 'critical'
clone -1 -2
Bug #768897 [partman-lvm] quietly very aggressive WRT existing LVM-typed
partitions
Bug 768897 cloned
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
* The potential invalid writes in modules/services_discovery/sap.c and
modules/access/ftp.c were not fixed as I did not provide a
trigger. Note, that the code looks very
Your message dated Mon, 26 Jan 2015 15:22:05 +
with message-id e1yflul-0005zh...@franck.debian.org
and subject line Bug#775888: fixed in virtualbox 4.3.18-dfsg-2
has caused the Debian Bug report #775888,
regarding virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595
Package: fglrx-driver
Version: 1:14.12-1
Severity: critical
Justification: breaks the whole system
Dear Fglrx Maintainers,
When this package is installed the system boots to a completely hung state
with a solid cursor in the upper left hand corner. The hang leaves the system
unaccessible
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the jessie version? Cheers, Moritz
Moritz,
For unstable, I've pushed
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the jessie version?
Hi,
How about lowering the severity of this bug?
I just received this:
fusionforge 5.3.2+20141104-3 is marked for autoremoval from testing on
2015-03-02
It (build-)depends on packages with these RC bugs:
775588: darcs: Missing copyright information
Cheers!
Sylvain
--
To
On Mon, Jan 26, 2015 at 01:42:51PM -0500, Michael Gilbert wrote:
package: src:samba
version: 2:4.1.13+dfsg-4
severity: serious
The latest upload failed to build on the mips buildd:
https://buildd.debian.org/status/package.php?p=samba
See the comment in the build log:
21:17:20 runner
The page https://mariadb.com/kb/en/security/ has updated and includes
info about these latest CVEs.
It seems most issues were fixed in 5.5.41/10.0.16.
One was for 5.5.39/10.0.13.
10.0.16 hasn't been yet released, but I'll expect it is released soon
and I will try to be as fast as possible in
Processing commands for cont...@bugs.debian.org:
tags 772076 + moreinfo
Bug #772076 [icedove] confirm certificate exception dialog keeps re-appearing
Added tag(s) moreinfo.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
772076:
On Mon, Jan 26, 2015 at 12:25:07AM +0100, Helmut Grohne wrote:
Package: wv
Version: 1.2.9-4+b1
Severity: serious
Justification: policy 12.3 footnote 2
Tags: patch
wv contains a symlink /usr/share/doc/wv which points to libwv-1.2-4. Its
dependency on libwv-1.2-4 is unversioned though which
Your message dated Mon, 26 Jan 2015 18:33:26 +
with message-id e1yfotw-0004uc...@franck.debian.org
and subject line Bug#745835: fixed in lynx-cur 2.8.9dev4-1
has caused the Debian Bug report #745835,
regarding lynx-cur: certificate revocation is not checked
to be marked as done.
This means
Your message dated Mon, 26 Jan 2015 18:33:26 +
with message-id e1yfotw-0004uc...@franck.debian.org
and subject line Bug#745835: fixed in lynx-cur 2.8.9dev4-1
has caused the Debian Bug report #745835,
regarding lynx-cur: can connect to site with expired certificate
to be marked as done.
This
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote:
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote:
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
* The potential invalid writes in modules/services_discovery/sap.c and
modules/access/ftp.c were not
Control: tags -1 upstream fixed-upstream
Control: retitle -1 mariadb-10.0: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381
CVE-2015-0432 CVE-2014-6568 CVE-2015-0374
Hi Otto,
On Fri, Jan 23, 2015 at 08:46:46AM +0200, Otto Kekäläinen wrote:
I started to search information about this 2 days ago, but so
Processing control commands:
tags -1 upstream fixed-upstream
Bug #775882 [src:mariadb-10.0] mariadb-10.0: affected by CVEs of the Oracle
Patch Update for January 2015?
Added tag(s) upstream and fixed-upstream.
retitle -1 mariadb-10.0: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381
CVE-2015-0432
On Sat, Dec 20, 2014 at 9:02 AM, Michael Gilbert wrote:
if [ -L /etc/X11/app-defaults/XScreenSaver ]; then
if [ $(readlink /etc/X11/app-defaults/XScreenSaver) =
XScreenSaver-nogl -o \
$(readlink /etc/X11/app-defaults/XScreenSaver) =
XScreenSaver-gl]; then
On Mon, Jan 26, 2015 at 09:07:19PM +0530, Ritesh Raj Sarraf wrote:
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
In the past someone from upstream posted the upstream commits to the
bug log, maybe you can contact them for more information so that we
can merge the isolated fixes into the
Hi,
Le 21/01/2015 14:23, David Prévot a écrit :
Le 19/01/2015 13:34, Daniel Beyer a écrit :
I'm not 100% sure if it really fixes the problem, since I'm not able to
reproduce those errors on my local system (neither local, nor with
pbuilder sid/jessie).
Same here, even within sbuild.
package: src:samba
version: 2:4.1.13+dfsg-4
severity: serious
Hi,
The latest upload failed to build on the mips buildd:
https://buildd.debian.org/status/package.php?p=samba
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe.
Your message dated Mon, 26 Jan 2015 21:19:54 +
with message-id e1yfr4c-0007vg...@franck.debian.org
and subject line Bug#776253: fixed in wv 1.2.9-4.1
has caused the Debian Bug report #776253,
regarding dependency on libwv-1.2-4 too weak
to be marked as done.
This means that you claim that the
Processing control commands:
found -1 2.25.2-4.1
Bug #775350 {Done: Jonathan Wiltshire j...@debian.org} [libblkid-dev]
libblkid-dev: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
Marked as found in versions util-linux/2.25.2-4.1; no longer marked as fixed in
versions
Followup-For: Bug #775350
Control: found -1 2.25.2-4.1
maintscript has a wrong path (and version):
-symlink_to_dir /usr/share/doc/libblkid-dev /usr/share/doc/libblkid 2.25.2-4
+symlink_to_dir /usr/share/doc/libblkid-dev /usr/share/doc/libblkid1 2.25.2-4.2~
Andreas
--
To UNSUBSCRIBE, email
Package: dleyna-server
Version: 0.4.0-1
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
* What led up to the situation?
Sporadically, when watching video, typically using Totem. Any video.
This did not happen until about a month ago (on testing, keeping up
Hi shirish शिरीष,
On Dienstag, 27. Januar 2015, shirish शिरीष wrote:
Also Micha Lee made a new 0.1.9 release around 4 days back so guessing
the new one would be the best.
I'm well aware - just not sure whether I think 0.1.9 is the best for jessie or
0.1.7 plus the new signing key and the
Hi Otto,
On Mon, Jan 26, 2015 at 09:03:28PM +0200, Otto Kekäläinen wrote:
The page https://mariadb.com/kb/en/security/ has updated and includes
info about these latest CVEs.
It seems most issues were fixed in 5.5.41/10.0.16.
One was for 5.5.39/10.0.13.
10.0.16 hasn't been yet released,
encrypted usb drive
Reply-To:
X-Operating-System: Linux ks3353085.kimsufi.com 3.8.13--grs-ipv6-64
X-Debian-Version: 7.8
On Wed, 21 Jan 2015 08:48:53 + Martin Zobel-Helas
zo...@debian.org wrote:
Hi,
could this be related to #773250?
Try adding xhci-pc to your initrd.
Cheers,
Source: phabricator
Version: 0~git20141130-1
Severity: serious
Justification: Policy 10.7.3
Dear Maintainer,
phabricator's postinst script uses bin/config to unconditionally set
configuration parameters to the package/debconf defaults. This happens
on both reinstall and upgrade and overwrites
Processing commands for cont...@bugs.debian.org:
severity 776246 important
Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242)
Severity set to 'important' from 'grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
776246:
Hi,
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to use on untrusted data, such as when running a duplicity
backup.
The
Your message dated Mon, 26 Jan 2015 10:33:25 +
with message-id e1yfgyz-0004st...@franck.debian.org
and subject line Bug#774645: fixed in libevent 1.4.13-stable-1+deb6u1
has caused the Debian Bug report #774645,
regarding libevent: CVE-2014-6272: potential heap overflow in
buffer/bufferevent
On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote:
Package: fex
Version: 20140917-1
Severity: serious
Tags: security patch upstream pending confirmed jessie
As upstream has released a new version of the fex package which closes a
security issue and there is no CVE assigned,
Processing commands for cont...@bugs.debian.org:
found 775871 0.1.7-1~bpo70+1
Bug #775871 [torbrowser-launcher] torbrowser-launcher: TorBrowser Bundle
signing key changed
Marked as found in versions torbrowser-launcher/0.1.7-1~bpo70+1.
End of message, stopping processing here.
Please contact
Processing commands for cont...@bugs.debian.org:
severity 776039 grave
Bug #776039 [grep] grep: CVE-2015-1345: heap buffer overrun
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
776039:
Processing control commands:
affects -1 + php-kdyby-console
Bug #776330 [php-kdyby-console] php-kdyby-console: uninstallable in sid:
php-symfony-console (= 2.5) is not available anywhere
Added indication that 776330 affects php-kdyby-console
--
776330:
Package: php-kdyby-console
Version: 2.3.0-1
Severity: grave
Tags: sid
Justification: renders package unusable
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + php-kdyby-console
Hi,
during a test with piuparts I noticed your package is no longer
installable in sid:
The
FWIW, I reinstalled another laptop with jessie rc1, and adding a printer
in GNOME fails due to the same problem. If it matters, the printer is a
HP LaserJet P2055DN.
/Simon
pgpY3UL5QA0o2.pgp
Description: OpenPGP digital signatur
Hi all,
I just came across this bug myself. Once, twice, thrice then I
investigated what the issue might be. Went to the cache and compared
the sha256sum of the file downloaded with the one given at the tor
project. Saw that it matched, then concluded then it's the small
python egg which might be
52 matches
Mail list logo
