Processing commands for cont...@bugs.debian.org:
> # http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
> tags 862611 + security
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) security.
> severity 862611 serious
Bug #862611 [deluge-webui]
On Sat, May 6, 2017 at 2:20 PM, Michael Stapelberg
wrote:
>
>
> On Tue, May 2, 2017 at 10:23 AM, Michael Hudson-Doyle <
> michael.hud...@canonical.com> wrote:
>
>> On 2 May 2017 at 19:23, Michael Stapelberg wrote:
>>
>>> Sorry for the late reply,
tags 858178 + patch
thanks
This is correctly diagnosing a buffer which is to small.
The length of data written to the buffer is always constant,
(20 bytes more than the length of the buffer), and not under
user control, so there is probably not a security problem here.
A patch, to increase the
Your message dated Mon, 15 May 2017 06:18:33 +
with message-id
and subject line Bug#862542: fixed in reprozip 1.0.9-3
has caused the Debian Bug report #862542,
regarding reprozip: File conflict: trying to overwrite '/usr/bin/reprozip',
which is also in
On May 15, 2017 06:06, "Val Markovic" wrote:
[Sending you a copy of my response on the bug since I forgot to cc you.]
-- Forwarded message --
From: Val Markovic
Date: Sun, May 14, 2017 at 9:57 PM
Subject: Re: Package broken
To:
Lumin, on sam. 13 mai 2017 05:59:24 +, wrote:
> > This was documented in NEWS.Debian.gz. Having to use "--compiler-options
> > -fPIC" was however not documented in NEW.Debian.gz, at least that should
> > be done.
>
> Well, what do you think we can to to deal with this bug?
I Cc-ed gcc, llvm
Hi
I requested a CVE via cveform.mitre.org for this issue.
Regards,
Salvatore
Processing control commands:
> forwarded -1 https://bitbucket.org/wooster/biplist/issues/8
Bug #860656 [src:python-biplist] python-biplist: FTBFS on i386: dh_auto_test:
pybuild --test --test-nose -i python{version} -p 2.7 returned exit code 13
Set Bug forwarded-to-address to
Control: forwarded -1 https://bitbucket.org/wooster/biplist/issues/8
Since the plist format stores the length of the integer, storing a long
should always return a long:
0001 # of bytes is 2^, big-endian bytes
https://en.wikipedia.org/wiki/Property_list#Mac_OS_X
On python3 this does
control: found -1 1.926
control: found -1 1.818+deb8u2
control: Severity -1 serious
thanks
--
cheers,
Holger
signature.asc
Description: Digital signature
Processing control commands:
> found -1 1.926
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Marked as found in versions debian-edu-config/1.926.
> found -1 1.818+deb8u2
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4
control: tags -1 + pending
# a fix is in git already, though improvements have been discussed on irc
# ;tl;dr: we're on it.
--
cheers,
Holger
signature.asc
Description: Digital signature
Processing control commands:
> tags -1 + pending
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Added tag(s) pending.
--
862652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862652
Debian Bug Tracking System
Contact
Hi
I requested a CVE for this issue via cveform.mitre.org
Regards,
Salvatore
Your message dated Mon, 15 May 2017 09:05:01 +
with message-id
and subject line Bug#861483: fixed in ycmd 0+20161219+git486b809-2
has caused the Debian Bug report #861483,
regarding ycmd: FTBFS against libclang with versioned symbols
to be marked as done.
Your message dated Mon, 15 May 2017 09:04:26 +
with message-id
and subject line Bug#861836: fixed in ntirpc 1.4.4-1
has caused the Debian Bug report #861836,
regarding ntirpc: CVE-2017-8779
to be marked as done.
This means that you claim that the problem
Your message dated Mon, 15 May 2017 09:04:17 +
with message-id
and subject line Bug#861755: fixed in libpll 0.3.0-1
has caused the Debian Bug report #861755,
regarding libpll: FTBFS on x86: AVX target specific option mismatch
to be marked as done.
This
@doko GCC-5 may be removed from unstable when CUDA 9.0
is uploaded. See below.
(Maybe doko is already in some of these lists.)
> The problem is the move of some parts of the toolchain to pie by
> default, without updating the whole toolchain. Whenever not using only
> gcc for building object
Processing commands for cont...@bugs.debian.org:
> severity 862652 serious
Bug #862652 [debian-edu-config] debian-edu-config: wrong exim4 configuration
breaks SMTP server security
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.
Please contact me if you need
Your message dated Mon, 15 May 2017 10:19:28 +
with message-id
and subject line Bug#845102: fixed in ogamesim 20130107-3
has caused the Debian Bug report #845102,
regarding ogamesim: FTBFS when built with dpkg-buildpackage -A
(dpkg-genbuildinfo error)
to
Your message dated Mon, 15 May 2017 11:48:37 +
with message-id
and subject line Bug#861987: fixed in flightcrew 0.7.2+dfsg-9
has caused the Debian Bug report #861987,
regarding flightcrew: insecure use of /tmp
to be marked as done.
This means that you
(please keep me in CC)
On Sat, 13 May 2017 06:16:44 +0200 franckr wrote:
> Hi Arturo,
>
> I cannot help for kernel, however, and you probably already know it:
> Several bios updates became available since 10/04/2007 version.
> Did you consider them ? (ie checking release
Your message dated Mon, 15 May 2017 12:04:53 +
with message-id
and subject line Bug#860169: fixed in glue 0.13-1
has caused the Debian Bug report #860169,
regarding glue-sprite: Inconsistent dependencies
to be marked as done.
This means that you claim
Processing commands for cont...@bugs.debian.org:
> tags 861593 + pending
Bug #861593 [postfix-cdb] postfix-cdb: Broken after upgrade from jessie
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
861593:
Your message dated Mon, 15 May 2017 15:23:02 +0100
with message-id <1494858182.29474.29.ca...@decadent.org.uk>
and subject line Re: Bug#862605: Missing ondemand CPU governor.
has caused the Debian Bug report #862605,
regarding Missing ondemand CPU governor.
to be marked as done.
This means that
Processing commands for cont...@bugs.debian.org:
> notfound 862605 3.16.39-1+deb8u2
Bug #862605 [linux-image-3.16.0-4-amd64] Missing ondemand CPU governor.
No longer marked as found in versions linux/3.16.39-1+deb8u2.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Processing control commands:
> retitle -1 menu-cache: CVE-2017-8933: socket may be blocked by another user
Bug #862570 {Done: Andriy Grytsenko } [libmenu-cache3]
libmenu-cache: menu-cached socket may be blocked by another user.
Changed Bug title to 'menu-cache: CVE-2017-8933:
Control: retitle -1 pcmanfm: CVE-2017-8934: single instance socket may be
blocked by another user
This issue has been assigned CVE-2017-8934.
Regards,
Salvatore
Control: retitle -1 menu-cache: CVE-2017-8933: socket may be blocked by another
user
Hi
This issue has been assigned CVE-2017-8933.
Regards,
Salvatore
Processing commands for cont...@bugs.debian.org:
> forcemerge 861074 862656
Bug #861074 {Done: Jonas Meurer } [cryptsetup] cryptsetup:
cryptroot-hook doesn't honor initramfs-tools' (>= 0.129) logic for resume
devices
Bug #862656 [cryptsetup] cryptsetup: WARNING: failed to
Processing control commands:
> retitle -1 pcmanfm: CVE-2017-8934: single instance socket may be blocked by
> another user
Bug #862571 {Done: Andriy Grytsenko } [pcmanfm] pcmanfm:
single instance socket may be blocked by another user.
Changed Bug title to 'pcmanfm:
Your message dated Mon, 15 May 2017 16:48:44 +
with message-id
and subject line Bug#862652: fixed in debian-edu-config 1.927
has caused the Debian Bug report #862652,
regarding debian-edu-config: wrong exim4 configuration breaks SMTP server
security
to be
On 15.05.2017 02:06, Lumin wrote:
> @doko GCC-5 may be removed from unstable when CUDA 9.0
> is uploaded. See below.
[I'd like to reach gcc-5 5.5 reach snapshot.debian.org, which will be around
June/July. Then we can remove it].
> (Maybe doko is already in some of these lists.)
>
>> The problem
I have packaged up latest upstream version (1.0.0) here:
https://github.com/Valloric/dirty.js
I've tested it out locally (using upstream's tutorial) on latest
stretch RC with nodejs v4.8.2 and it's working fine. I'll look for a
sponsor on debian-mentors to do a NMU.
Hi,
> deluge-webui: directory traversal attack vulnerability
I think this is fixed in:
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable=41acade01ae88f7b7bbdba308a0886771aa582fd
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org /
Hi,
The latest upstream version is 1.1.0, which is a bug fix release.
Check here:
https://github.com/felixge/node-dirty/commit/6285fce15d3bc76bc288259ed2a095cd2936e218
On Mon, May 15, 2017 at 7:03 PM Val Markovic wrote:
> I have packaged up latest upstream version (1.0.0)
Processing commands for cont...@bugs.debian.org:
> forcemerge 849357 856322
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Bug #856322 [kernel-package] kernel-package: 4.10 kernel - kernel_headers
package not building. File
Processing commands for cont...@bugs.debian.org:
> severity 849357 serious
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Severity set to 'serious' from 'normal'
> tags 849357 + patch
Bug #849357 [kernel-package]
CVE requested via https://cveform.mitre.org/
Regards,
Salvatore
Processing commands for cont...@bugs.debian.org:
> submitter 852998 !
Bug #852998 {Done: "Adam D. Barratt" }
[release.debian.org] jessie-pu: package dropbear/2014.65-1
Changed Bug submitter to 'guil...@debian.org' from 'Guilhem Moulin
'.
>
Processing control commands:
> reopen -1
Bug #855324 {Done: Markus Koschany } [pdfsam] pdfsam fails to
start
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer
Control: reopen -1
Hi,
just updated a machine from jessie -> stretch and stuck with the problem that
pdfsam fails to start. The problem is that existing ~/.pdfsam/config.xml need to
be changed too.
I'd propose to write a NEWS entry to inform people and tell them what to do.
Best,
Philip
Processing control commands:
> found -1 3.0.0-5
Bug #862689 [src:flightgear] flightgear: CVE-2017-8921
Marked as found in versions flightgear/3.0.0-5.
--
862689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Package: src:imagemagick
Version: 8:6.9.7.4+dfsg-7
Severity: serious
The latest imagemagick upload has been built by the arch:all build
daemon, but has later been rejected by dak:
On 2017-05-15 15:48, Debian FTP Masters wrote:
> imagemagick-6-doc_6.9.7.4+dfsg-7_all.deb: Built-Using refers to
Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5
Hi,
the following vulnerability was published for flightgear.
CVE-2017-8921[0]:
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user
Processing commands for cont...@bugs.debian.org:
> forcemerge 849357 848066
Bug #849357 [kernel-package] kernel-package: make-kpkg kernel_headers fails for
linux 4.10-rc1; missing REPORTING-BUGS
Bug #856322 [kernel-package] kernel-package: 4.10 kernel - kernel_headers
package not building. File
Processing commands for cont...@bugs.debian.org:
> tags 862611 + upstream fixed-upstream
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) fixed-upstream and upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
On Sun, May 14, 2017 at 06:13:28PM (+0100), Chris Lamb wrote:
> Hi,
>
> I just ACCEPTed python-ncclient from NEW but noticed it was missing
> attribution in debian/copyright for at least
>
> examples/csr1000v_example.py
> ncclient/transport/ssh.py
> setup.py
>
> (This is not exhaustive
Thanks for pointing that out!
But it hasn't been git-tagged, it failed the build on Travis, and it's only
a couple of commits from 1.0.0 so it might make more sense to just go with
1.0.0.
On Mon, May 15, 2017 at 11:34 AM, Marcos Marado
wrote:
> Hi,
>
> The latest
Your message dated Mon, 15 May 2017 21:08:08 +
with message-id
and subject line Bug#859805: fixed in postfix 3.1.4-5
has caused the Debian Bug report #859805,
regarding postfix-ldap: unsupported dictionary type: ldap after upgrade
to be marked as done.
Your message dated Mon, 15 May 2017 21:08:29 +
with message-id
and subject line Bug#852750: fixed in readline 7.0-3
has caused the Debian Bug report #852750,
regarding libreadline7: readline() interferes with blocked SIGALRM
to be marked as done.
This
Your message dated Mon, 15 May 2017 21:08:08 +
with message-id
and subject line Bug#861593: fixed in postfix 3.1.4-5
has caused the Debian Bug report #861593,
regarding postfix-cdb: Broken after upgrade from jessie
to be marked as done.
This means that
Control: tags -1 confirmed
Am 15.05.2017 um 00:01 schrieb Nikolaus Rath:
> Package: xarchiver
> Version: 1:0.5.4-1+deb8u1
> Severity: critical
> Justification: causes serious data loss
>
> As far as I can tell, using xarchiver to add additional files to a
> .tar.xz file will destroy the existing
Processing control commands:
> tags -1 confirmed
Bug #862593 [xarchiver] xarchiver: Adding files to .tar.xz deletes existing
content
Added tag(s) confirmed.
--
862593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
>> That means, the "build your whole application with clang-3.8"
>> advise is temporary and specific to CUDA 8.0. Before uploading
>> CUDA 9.0 to unstable/experimental, we can change the default
>> compiler back to GCC. And backporting CUDA 9.0 to stretch
>> will eliminate the compiler trouble.
>
Your message dated Mon, 15 May 2017 21:52:57 +
with message-id
and subject line Bug#862568: fixed in python-ncclient 0.5.3-2
has caused the Debian Bug report #862568,
regarding python-ncclient: Incomplete debian/copyright?
to be marked as done.
This means
Your message dated Mon, 15 May 2017 22:04:37 +
with message-id
and subject line Bug#862690: fixed in imagemagick 8:6.9.7.4+dfsg-8
has caused the Debian Bug report #862690,
regarding imagemagick: Built-Using field with binary version
to be marked as done.
Hi. I said:
> This failure is the same I reported in Bug #850282, and it should be
> fixed in version 1.1.1+dfsg1-4.
>
> Let's hope that britney takes this closing-with-version message
> as an indication that version 1.1.1+dfsg1-4 should propagate to testing.
>
> If this does not happen
Your message dated Tue, 16 May 2017 00:33:53 +
with message-id
and subject line Bug#862611: fixed in deluge 1.3.13+git20161130.48cedf63-3
has caused the Debian Bug report #862611,
regarding deluge-webui: directory traversal attack vulnerability
to be
On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote:
> >> Package: golang-github-gosexy-gettext-dev
> > vorlon, can we file for removal of this package? It wasn’t touched since
> > 2013 and has no rdepends.
> Done: https://bugs.debian.org/862612
Thanks for filing, 100% agreed.
Your message dated Mon, 15 May 2017 22:35:17 +
with message-id
and subject line Bug#861771: fixed in nodm 0.13-1.3
has caused the Debian Bug report #861771,
regarding Fails to install: postinst script returned error exit status 1
to be marked as done.
tag 862611 pending
thanks
Date: Mon May 15 20:09:36 2017 -0400
Author: Andrew Starr-Bochicchio
Commit ID: 3d1b3b4500f155a25bc2e5e92ae56437fa728041
Commit URL:
https://anonscm.debian.org/cgit/collab-maint/deluge.git;a=commitdiff;h=3d1b3b4500f155a25bc2e5e92ae56437fa728041
Processing commands for cont...@bugs.debian.org:
> tag 862611 pending
Bug #862611 [deluge-webui] deluge-webui: directory traversal attack
vulnerability
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862611:
OK, so talking to pabs@ on debian-mentors, seems like a good approach
to take here is to do NMU uploads to unstable and stable. I'm happy to
do the work there (short of uploading, since I can't).
Second part: Marcos, do you use this package on stable, testing or
unstable? Also note that dirty.js
Package: node-brace-expansion
Version: 1.1.6-1
Severity: serious
Tags: security
There is a regular expression denial of service issue in
node-brace-expansion <= 1.1.6. More details available here:
https://nodesecurity.io/advisories/338
--
bye,
pabs
https://wiki.debian.org/PaulWise
Your message dated Tue, 16 May 2017 05:05:58 +
with message-id
and subject line Bug#860608: fixed in golang-github-gosexy-gettext
0~git20130221-2
has caused the Debian Bug report #860608,
regarding golang: FTBFS: Go version is "go1.6.1", ignoring -next
Processing commands for cont...@bugs.debian.org:
> reopen 860608
Bug #860608 {Done: Steve Langasek } [src:golang] golang:
FTBFS: Go version is "go1.6.1", ignoring -next /<>/api/next.txt
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions
On Mon, May 15, 2017 at 03:17:03PM -0700, Steve Langasek wrote:
> On Mon, May 15, 2017 at 08:56:08AM +0200, Michael Stapelberg wrote:
> > >> Package: golang-github-gosexy-gettext-dev
> > > vorlon, can we file for removal of this package? It wasn’t touched since
> > > 2013 and has no rdepends.
>
68 matches
Mail list logo