Bug#924843: Any chance for some target fix for msxpertsuite

Hi Filippo, as far as I understood Debian Release team your last fix is not accepted for Buster. Do you plan to fix this in a testing-proposed-updates upload following release policy or will we see Buster without msxpertsuite? Kind regards Andreas. -- http://fam-tille.de

Bug#922669: sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection)

Source: sqlalchemy Version: 1.2.18+ds1 Followup-For: Bug #922669 I've confirmed that 1.2.18+ds1 is affected despite the description at [1]. Upstream has a patch for the 1.2 series at [2]. A debdiff including the patch is attached. It builds and the tests pass. However, the fix requires removing

Bug#923986: marked as done (ruby-pygments.rb: FTBFS randomly ("\#!\/usr\/bin\/ruby<\/span>/> was expected to be =~ "))

Your message dated Mon, 06 May 2019 01:33:26 + with message-id and subject line Bug#923986: fixed in ruby-pygments.rb 1.2.0-3 has caused the Debian Bug report #923986, regarding ruby-pygments.rb: FTBFS randomly ("\#!\/usr\/bin\/ruby<\/span>/> was expected to be =~ ") to be marked as done.

Bug#928415: fixed in firefox-esr 60.6.2esr-1

Thanks for the quick turn-around! Any idea when this will show up in Stable? -Russ

Bug#928454: marked as done (perl6-zef's p6c mirror URLs are outdated)

Your message dated Mon, 06 May 2019 02:34:31 + with message-id and subject line Bug#928454: fixed in perl6-zef 0.6.2-2 has caused the Debian Bug report #928454, regarding perl6-zef's p6c mirror URLs are outdated to be marked as done. This means that you claim that the problem has been dealt

Bug#928495: nzbget: Gui missing all graphical elements due to missing symlink

Package: nzbget Version: 21.0+dfsg-1 Severity: serious Tags: patch Justification: 908427 Dear Maintainer, The following symlinks are missing from this release: /usr/share/nzbget/webui/lib/bootstrap.min.js -> ../../../javascript/twitter- bootstrap/js/bootstrap.min.js

Bug#923986: marked as pending in ruby-pygments.rb

Control: tag -1 pending Hello, Bug #923986 in ruby-pygments.rb reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at:

Processed: Bug#923986 marked as pending in ruby-pygments.rb

Processing control commands: > tag -1 pending Bug #923986 [src:ruby-pygments.rb] ruby-pygments.rb: FTBFS randomly ("\#!\/usr\/bin\/ruby<\/span>/> was expected to be =~ ") Added tag(s) pending. -- 923986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923986 Debian Bug Tracking System Contact

Bug#928415: disabling javascript

Attached is a snapshot of the banner, as it appears on all versions of Firefox I use that have disabled add-ons. This is on debian stable, 60.6.1esr-1~deb9u1. Are you running this version? Do you have add-ons installed? If so, you should probably submit a separate bug, either to mozilla or

Bug#928415: studies

> installing the STUDIES "hotfix" from Mozilla by hand on each one is not > feasible. Not to mention, this requires that other features of Firefox's 'phone home' framework are turned on, which 'studies' uses. For example, in the GUI, the 'studies' option is under: "Allow Firefox to send

Bug#928415: firefox-esr: Bugzilla 1548973 All extensions disabled due to expiration of intermediate signing cert

Package: firefox-esr Version: 60.6.1esr-1~deb9u1 Followup-For: Bug #928415 Dear Maintainer, What is Debian's recommendation for users and administrators dealing with this major snafu? I've got a bunch of Debian Stable boxes with Firefox-esr and installing the STUDIES "hotfix" from Mozilla by

Bug#928415: disabling javascript

There is no such banner - at least not in current Debian Stable. On Sun, May 5, 2019 at 2:06 AM Brad Barnett wrote: > While I agree an unknown disabling of plugins, not just noscript (there > are others like noscript) is a security concern... > > There is a big, yellow banner that appears and

Processed: Re: hyantesite: test failures on most architectures

Processing control commands: > found -1 1.3.0-1.1 Bug #888733 [src:hyantesite] hyantesite FTBFS on most architectures: test failures Marked as found in versions hyantesite/1.3.0-1.1. > retitle -1 hyantesite: test failures on most architectures Bug #888733 [src:hyantesite] hyantesite FTBFS on

Bug#888733: hyantesite: test failures on most architectures

Control: found -1 1.3.0-1.1 Control: retitle -1 hyantesite: test failures on most architectures At least on i386, this *isn't* just -0 vs +0 and last-digit rounding errors: in test 'family' (which applies a cone smoother to a regularly spaced set of spikes), centre points drop from highest to

Processed: Re: scilab: FTBFS on all

Processing control commands: > tags -1 moreinfo Bug #926180 [src:scilab] scilab: FTBFS on all Added tag(s) moreinfo. -- 926180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926180 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#926180: scilab: FTBFS on all

Control: tags -1 moreinfo I don't see this in a DIST=sid cowbuilder --build scilab_6.0.1-9.dsc --binary-indep build: has it been fixed (the -8 to -9 changelog suggests not), or does my setup allow enough graphics access to not have it? If the bug does still exist, can someone affected try

Bug#928415: studies

On Sun, 5 May 2019 03:00:04 -0400 Brad Barnett wrote: > > > installing the STUDIES "hotfix" from Mozilla by hand on each one is not > > feasible. > > Not to mention, this requires that other features of Firefox's 'phone > home' framework are turned on, which 'studies' uses. For example, in

Bug#926215: dune-pdelab: FTBFS with gcc 8.3

Version: 2.6~20180302-1 On Sun, May 05, 2019 at 09:41:21AM +0100, Rebecca N. Palmer wrote: > Control: tags -1 moreinfo > > It works for me, in both sid and buster cowbuilder chroots. Same here, just tried in both buster and sid, using sbuild. So, I'm closing the bug. [ Ansgar: If you still can

Bug#926215: marked as done (dune-pdelab: testpk fails with assertion failure)

Your message dated Sun, 5 May 2019 16:05:38 +0200 with message-id <20190505140538.gzqt3pf7rqsmz7fp@nucold> and subject line Re: dune-pdelab: FTBFS with gcc 8.3 has caused the Debian Bug report #926215, regarding dune-pdelab: testpk fails with assertion failure to be marked as done. This means

Bug#928417: Bug#928415,#928417: [firefox] All extensions are disabled

Thanks for the tip, Alexis! Installing the Debian-packaged plugins does the trick - hands down the easiest way to work around this bug.

Bug#928415: firefox-esr: All extensions are disabled

Surprised more people do not clearly see how [badly] this could be used as an attack vector. Tracking individuals by subtle transient modulation etc. More appalling is that the Tor Browser is also affected. Nothing should every be updated or changed unless the user gives a command. External

Bug#928415: Possibly helpful follow-up

Alexis Murzeau wrote: > See here: https://news.ycombinator.com/item?id=19826903 Which instructs people to install https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi For me at least, that download resulted in a file

Bug#928415: marked as done (firefox-esr: Bugzilla 1548973 All extensions disabled due to expiration of intermediate signing cert)

Your message dated Sun, 05 May 2019 20:51:26 + with message-id and subject line Bug#928415: fixed in firefox-esr 60.6.2esr-1 has caused the Debian Bug report #928415, regarding firefox-esr: Bugzilla 1548973 All extensions disabled due to expiration of intermediate signing cert to be marked

Bug#928417: studies disabled in debian

On Sat, 04 May 2019 14:42:28 -0300 Niv Sardi wrote: > mozilla is roling out a fix > https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/ > that said they are using the 'studies' infrastructure to do so, and > they seem to be disabled in the debian

Bug#926952: sa-exim: Unbuildable/uninstallable in sid

lördag 4 maj 2019 kl. 12:47:18 CEST skrev Magnus Holmgren: > söndag 21 april 2019 kl. 19:55:10 CEST skrev Magnus Holmgren: > > But now that I look closer, it looks like the "spool format error" message > > is only triggered by malformed header files, and Thomas in https:// > >

Bug#927943: libxmlada: FTBFS with unicode-data >= 12.0.0

Good morning, Nicolas, I think your suggestion[*] is the best option. It's too late to do a more ideal fix but the alternative is nearly all Ada packages (if not all?) being autoRM'd. Unless Ludovic thinks otherwise (in the next day or so, given the short timescales), I'd get on with it.

Bug#926215: dune-pdelab: FTBFS with gcc 8.3

Control: tags -1 moreinfo It works for me, in both sid and buster cowbuilder chroots. Has it been fixed (the version of dune-pdelab hasn't changed, but the bug may have been elsewhere), or is it hardware/setup dependent?

Processed: Re: dune-pdelab: FTBFS with gcc 8.3

Processing control commands: > tags -1 moreinfo Bug #926215 [src:dune-pdelab] dune-pdelab: testpk fails with assertion failure Added tag(s) moreinfo. -- 926215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#927722: fixed in ipset 6.38-1.1

Control: reopen -1 Hi, On Thu, May 02, 2019 at 10:18:33AM +, Cyril de Bourgues wrote: >* Non maintainer upload. >* use dpkg-maintscript-helper rm_conffile to clean up old bash-completion > file in /etc (Closes: #927722). You added dpkg-maintscript-helper rm_conffile conffile

Processed: Re: Bug#927722: fixed in ipset 6.38-1.1

Processing control commands: > reopen -1 Bug #927722 {Done: Cyril de Bourgues } [ipset] ipset: postinst unconditionally deletes conffile 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No

Processed: forcibly merging 928417 928470

Processing commands for cont...@bugs.debian.org: > forcemerge 928417 928470 Bug #928417 [firefox] [firefox] All extensions are disabled Bug #928470 [firefox] armagedd-on-2.0 workaround? Set Bug forwarded-to-address to 'https://bugzilla.mozilla.org/show_bug.cgi?id=1548973'. Added tag(s) upstream.

Processed: Re: Bug#928440: dhcpcd5: DHCPv6: Potential read overflow with D6_OPTION_PD_EXCLUDE

Processing control commands: > retitle -1 dhcpcd5: CVE-2019-11766: DHCPv6: Potential read overflow with > D6_OPTION_PD_EXCLUDE Bug #928440 [dhcpcd5] dhcpcd5: DHCPv6: Potential read overflow with D6_OPTION_PD_EXCLUDE Changed Bug title to 'dhcpcd5: CVE-2019-11766: DHCPv6: Potential read overflow

Bug#928440: dhcpcd5: DHCPv6: Potential read overflow with D6_OPTION_PD_EXCLUDE

Control: retitle -1 dhcpcd5: CVE-2019-11766: DHCPv6: Potential read overflow with D6_OPTION_PD_EXCLUDE Hi, On Sat, May 04, 2019 at 08:08:38PM +0200, Timo Sigurdsson wrote: > Package: dhcpcd5 > Version: 7.1.0-1 > Severity: serious > Tags: security upstream fixed-upstream > > Dear Maintainer, >

Processed: Re: heaptrack: test failures

Processing control commands: > found -1 1.1.0+20180922.gitf752536-4 Bug #914978 [src:heaptrack] heaptrack: FTBFS with various test failures Marked as found in versions heaptrack/1.1.0+20180922.gitf752536-4. > retitle -1 heaptrack: test failures Bug #914978 [src:heaptrack] heaptrack: FTBFS with

Bug#914978: heaptrack: test failures

Control: found -1 1.1.0+20180922.gitf752536-4 Control: retitle -1 heaptrack: test failures Control: severity -1 important In unstable, this is not an FTBFS because the affected tests are disabled. I don't know enough about this package to say whether it's still a bug at all, and if so of what

Bug#928470: armagedd-on-2.0 workaround?

Package: firefox Version: 66.0.1-1 Severity: grave Hi, severity grave since disabling security plugins makes the system more vulnerable. Please lower if you disagree. As you might have noticed from press and social media, all firefoxes (including the installations on my desktop machines from

Bug#926091: marked as done (imagemagick: CVE-2019-10650: heap-buffer-overflow in WriteTIFFImage of coders/tiff.c)

Your message dated Sun, 05 May 2019 18:47:20 + with message-id and subject line Bug#926091: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u7 has caused the Debian Bug report #926091, regarding imagemagick: CVE-2019-10650: heap-buffer-overflow in WriteTIFFImage of coders/tiff.c to be marked as

Bug#927978: marked as done (gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing)

Your message dated Sun, 05 May 2019 18:47:08 + with message-id and subject line Bug#927978: fixed in gst-plugins-base1.0 1.10.4-1+deb9u1 has caused the Debian Bug report #927978, regarding gst-plugins-base1.0: CVE-2019-9928: Buffer overflow in RTSP parsing to be marked as done. This means

Bug#921355: marked as done (libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c)

Your message dated Sun, 05 May 2019 18:47:43 + with message-id and subject line Bug#921355: fixed in libpng1.6 1.6.28-1+deb9u1 has caused the Debian Bug report #921355, regarding libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c to be marked as done. This means that you

Bug#925395: marked as done (imagemagick: CVE-2019-9956)

Your message dated Sun, 05 May 2019 18:47:20 + with message-id and subject line Bug#925395: fixed in imagemagick 8:6.9.7.4+dfsg-11+deb9u7 has caused the Debian Bug report #925395, regarding imagemagick: CVE-2019-9956 to be marked as done. This means that you claim that the problem has been

Bug#920997: marked as done (slurm-llnl: CVE-2019-6438)

Your message dated Sun, 05 May 2019 18:47:53 + with message-id and subject line Bug#920997: fixed in slurm-llnl 16.05.9-1+deb9u3 has caused the Debian Bug report #920997, regarding slurm-llnl: CVE-2019-6438 to be marked as done. This means that you claim that the problem has been dealt with.

Processed: Re: hyantesite: test failures on most architectures

Processing control commands: > tags -1 upstream Bug #888733 [src:hyantesite] hyantesite: test failures on most architectures Added tag(s) upstream. -- 888733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888733 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#888733: hyantesite: test failures on most architectures

Control: tags -1 upstream (probably - I haven't actually tried) The missing centre points (0 instead of max at distance=0) are probably due to rounding error in the great circle distance (src/hyantes_run.c:80): equal coordinates should give tmp=acos(1)=0, but rounding error might make it

Bug#928417: hotfix-update-xpi-intermedi...@mozilla.com-1.0.2-signed.xpi

hotfix-update-xpi-intermedi...@mozilla.com-1.0.2-signed.xpi does not work with Firefox-ESR in Stretch. Does anyone know anything about it? Thanks...

Bug#926091: marked as done (imagemagick: CVE-2019-10650: heap-buffer-overflow in WriteTIFFImage of coders/tiff.c)

Your message dated Sun, 05 May 2019 15:50:31 + with message-id and subject line Bug#926091: fixed in imagemagick 8:6.9.10.23+dfsg-2.1 has caused the Debian Bug report #926091, regarding imagemagick: CVE-2019-10650: heap-buffer-overflow in WriteTIFFImage of coders/tiff.c to be marked as done.

Bug#925395: marked as done (imagemagick: CVE-2019-9956)

Your message dated Sun, 05 May 2019 15:50:31 + with message-id and subject line Bug#925395: fixed in imagemagick 8:6.9.10.23+dfsg-2.1 has caused the Debian Bug report #925395, regarding imagemagick: CVE-2019-9956 to be marked as done. This means that you claim that the problem has been dealt

Bug#927808: gmsh: FTBFS in buster (/usr/include/occt/Standard_Version.hxx cannot be read)

I agree that this is probably fixed in unstable, but as we're in freeze and unstable has a new upstream version, that won't fix it in buster. The fix was probably removing the line -DOCC_INC:STRING="/usr/include/occt" \ from debian/rules (commit 3556b0a, but please don't include the

Processed: Bug#927432 marked as pending in capistrano

Processing control commands: > tag -1 pending Bug #927432 [src:capistrano] capistrano: FTBFS randomly (failing tests) Added tag(s) pending. -- 927432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927432 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#927432: marked as pending in capistrano

Control: tag -1 pending Hello, Bug #927432 in capistrano reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at:

Bug#927432: marked as done (capistrano: FTBFS randomly (failing tests))

Your message dated Sun, 05 May 2019 16:18:26 + with message-id and subject line Bug#927432: fixed in capistrano 3.11.0-3 has caused the Debian Bug report #927432, regarding capistrano: FTBFS randomly (failing tests) to be marked as done. This means that you claim that the problem has been

Bug#919216: lrslib: Tree truncated at depth -1 on i386

As a fixed version is now in unstable and testing, I suggest closing this bug.

Processed: Re: octave: missing licenses

Processing control commands: > found -1 4.4.1-5 Bug #926047 [octave] missing licenses Marked as found in versions octave/4.4.1-5. -- 926047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926047 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#926047: octave: missing licenses

Control: found -1 4.4.1-5 The /etc/fonts/* issue (but not the out-of-date year) also applies to testing/unstable. As they appear to be an already-unused embedded copy from fonts-freefont (GPL-3 + font exception), and are the .otf not the preferred source .sfd, it may be best to repack the

Bug#888733: hyantesite: test failures on most architectures

However, the "obvious" fix seems to break ra_pareto, for unknown reasons. It's not this change that breaks ra_pareto: it was _already_ totally broken on i386 (all-0s output). Not using the name 'tmp' for two different variables gives some nonzero output: --- a/src/hyantes.c +++

Bug#928488: pyspf-milter fails to start on minmal system

Package: pyspf-milter Version: 2.9.0-3 Severity: serious Justification: Policy 3.5 # /usr/bin/pyspf-milter Traceback (most recent call last): File "/usr/bin/pyspf-milter", line 6, in from pkg_resources import load_entry_point ModuleNotFoundError: No module named 'pkg_resources' Missing

Bug#928470: marked as done (armagedd-on-2.0 workaround?)

Your message dated Sun, 05 May 2019 22:06:37 + with message-id and subject line Bug#928417: fixed in firefox 66.0.4-1 has caused the Debian Bug report #928417, regarding armagedd-on-2.0 workaround? to be marked as done. This means that you claim that the problem has been dealt with. If this

Bug#928417: marked as done ([firefox] All extensions are disabled)

Your message dated Sun, 05 May 2019 22:06:37 + with message-id and subject line Bug#928417: fixed in firefox 66.0.4-1 has caused the Debian Bug report #928417, regarding [firefox] All extensions are disabled to be marked as done. This means that you claim that the problem has been dealt

Bug#927993: xinit: Cannot load NVIDIA drivers, doesn't connect to X server. No screens found.

Control: -1 tags moreinfo Hi Sebastian, Could you send the output of: dpkg -l '*nouveau*'? Probably the X server output would also be useful. That should be the output of xinit/startx if you use it directly, otherwise check ~/.local/xorg/ or /var/log/. Ross

Bug#928427: marked as done (nageru: FTBFS in experimental: nageru/pbo_frame_allocator.h:36:8: error: ‘bmusb::FrameAllocator::Frame PBOFrameAllocator::create_frame(size_t, size_t, size_t)’ marked ‘over

Your message dated Mon, 06 May 2019 00:18:29 + with message-id and subject line Bug#928427: fixed in nageru 1.8.6-2 has caused the Debian Bug report #928427, regarding nageru: FTBFS in experimental: nageru/pbo_frame_allocator.h:36:8: error: ‘bmusb::FrameAllocator::Frame