Actually it happened whether I used the intel driver or the
generic driver, framebuffer or not.
But I just re-installed and now it is fine. Weird.
Mark
On Sun, 24 Aug 2008, Brice Goglin wrote:
Mark Hedges wrote:
Package: xserver-xorg
Version: 1:7.3+15
Severity: grave
Justification:
Package: synce-kpm
Version: 0.11.1-1
Severity: grave
Justification: renders package unusable
After installing I started the program. It just sits around doing absolutely
nothing. ActiveSync Status says: Make sure Sync-Engine is running (No
hint as to how to make it running)
Connecting the
Mark Hedges wrote:
But I just re-installed and now it is fine. Weird.
What did you reinstall? The whole machine?
Can you send the corresponding config and log?
Brice
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Your message dated Mon, 25 Aug 2008 06:02:26 +
with message-id [EMAIL PROTECTED]
and subject line Bug#496421: fixed in vdr 1.6.0-6
has caused the Debian Bug report #496421,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means
Package: adolc
Version: 1.10.2-3
Severity: serious
There was an error while trying to autobuild your package:
Automatic build of adolc_1.10.2-3 on spontini by sbuild/sparc 99.99
Build started at 20080819-1358
[...]
** Using build dependencies supplied by package:
Build-Depends: debhelper
Package: libxml2
Followup-For: Bug #496125
Hello
Sorry for the me-too of this report, but I can confirm this bug on debian
etch running on a single processor ppc (G4) 32 bits platform.
It happens I also use the Gorilla theme, and the symptoms were exactly those
reported in message 39 of this bug
Hi
I can confirm that Comedi works on my amd64 computer with kernel 2.6.26. I
have tested it with Adlink PCI-9111 AD converter card, reading from it with
xoscope.
Please don't remove Comedi from Lenny.
Cheers
Gudjon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Mon, Aug 25, 2008 at 02:45:50AM +0200, W. Martin Borgert wrote:
From http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782#87, we have
these contributors not listed in your mail:
- Daniel Nylander
Swedish translation.
Translations being copyrightable works in their own right, their
reopen 496362
thanks
DBTS Done as the mass-opening of symlink attack in /tmp was wrong in this case.
Why wrong?
{
my $ent = shift;
if ($ent-head-mime_type eq 'message/rfc822') {
if ($DEBUG) {
unlink /tmp/spam.log.$$ if -e /tmp/spam.log.$$;
tags 496366 confirmed
thanks
Hi Charles,
What is the relevance of this bug for the releasability of the package?
Upstream is already at a much higher version number and I am not able to
solve the prolem by myself.
I've confirmed that the bug is indeed well-present: the script in question
Guus Sliepen wrote:
On Sun, Aug 24, 2008 at 10:39:12PM +0200, Raphael Champeimont (Almacha) wrote:
As the upstream website says Resources are Non Free. and the original
tar.gz does not contain information about copyright of graphics files
(at least I didn't find any), I was wondering if
Processing commands for [EMAIL PROTECTED]:
tags 496366 confirmed
Bug#496366: The possibility of attack with the help of symlinks in some Debian
packages
Tags were: help
Tags added: confirmed
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
As others, I had exactly the same error. Root couldn't write to the
mounted directory. See full details here:
http://thread.gmane.org/gmane.linux.debian.user/333162
client: nfs-common1:1.1.3-1
server: nfs-kernel-server 1:1.1.2-6
Confirmed:
At client, cat
Processing commands for [EMAIL PROTECTED]:
reopen 496362
Bug#496362: The possibility of attack with the help of symlinks in some Debian
packages
Bug reopened, originator not changed.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Package: zeroc-icee
Version: 1.2.0-5
Severity: serious
Tags: patch
The reorganization of zeroc-icee in unstable introduces a new bug:
Package: zeroc-icee
Architecture: all
Section: devel
-Depends: libicee-dev, libicee-java, icee-slice, icee-translators
+Depends: libicee-dev (=
Hi,
Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug mode. Besides, people tend to
reopen 496393
thanks
Hi,
Maybe I'm completely missing something, but the patch you added just seems to
make matters much worse. Perhaps I don't understand it, but you remove use of
the safe mktemp function and replace it with tempfiles based on PID? It
looks to me like this change just
Processing commands for [EMAIL PROTECTED]:
reopen 496393
Bug#496393: The possibility of attack with the help of symlinks in some Debian
packages
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Bug reopened,
Hi Rene,
Rene Engelhard wrote:
I so far thought mktemp was safe enough? (of course, we get
senddoc.mutt.number, but...
mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
which I agree should not be there, probably
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
severity 496404 important
Bug#496404: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `important' from `grave'
End of message, stopping
Package: libapache-mod-perl
Version: 1.29.0.4-2
Severity: grave
Justification: renders package unusable
Perl 5.8 has been removed. libapache-mod-perl depends on it and is now
uninstallable.
Perl 5.10 is present but the version of mod_perl available is
incompatible with it. There are many
Your message dated Mon, 25 Aug 2008 07:32:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#496394: fixed in qemu 0.9.1-6
has caused the Debian Bug report #496394,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This
Hello Dmitri, José Luis,
Dmitri,
thank you for your investigation work: your script revealed some weak
points inside scripts of the package wims. I made a new package to fix
these weaknesses, and will send a message about them to the upstream
developer.
José Luis,
please can you sponsor the new
Quoting Thomas Goirand ([EMAIL PROTECTED]):
I'm closing this bug. If you find that it still needs to be fixed, let
me know and reopen the bug.
But then set it to wishlist
This MBF is one of the worse I've ever seen.
signature.asc
Description: Digital signature
reassign 487016 freetype
forcemerge 487101 487016
thanks
As noted, this bug has been fixed in freetype; re-merging the clones.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu
Hi,
while preparing an NMU for xosd #495246 I tried to pick some of the low
hanging fruits and the diff got slightly big now.
So I'm asking if you'd like to get the whole patch with the following
changelog (debdiff attached) or only the bugfixes?
xosd (2.2.14-1.6) unstable; urgency=low
.
*
Processing commands for [EMAIL PROTECTED]:
reassign 487016 freetype
Bug#487016: ttf-fifthhorseman-dkg-handwriting: FTBFS: make: *** [dkg.ttf]
Segmentation fault
Bug reassigned from package `ttf-fifthhorseman-dkg-handwriting' to `freetype'.
forcemerge 487101 487016
Bug#487101: fontforge:
On Sat, Aug 23, 2008 at 07:50:17PM -0700, Steve Langasek wrote:
On Sat, Aug 23, 2008 at 08:14:10PM +0100, Jurij Smakov wrote:
It appears that pwlib-titan version currently in unstable got
miscompiled on sparc somehow, that's currently causing RC build
failures of gnugk (#478502, note
On 06:13 Mon 25 Aug , Rene Engelhard wrote:
RE Hi,
RE Dmitry E. Oboukhov wrote:
RE For example if a script uses in its work a temp file which is created
RE in /tmp directory, then every user can create symlink with the same
RE name in this directory in order to destroy or rewrite some
On Sun, Aug 24, 2008 at 12:19:46PM -0700, Steve Langasek wrote:
On Sun, Aug 24, 2008 at 07:00:56PM +0200, W. Martin Borgert wrote:
I ask hereby - and in private mails following this one - all
authors of the release notes to place their contribution to the
release notes under the GNU General
Thijs Kinkhorst wrote:
Hi,
Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug
Christian Perrier wrote:
Quoting Thomas Goirand ([EMAIL PROTECTED]):
I'm closing this bug. If you find that it still needs to be fixed, let
me know and reopen the bug.
But then set it to wishlist
This MBF is one of the worse I've ever seen.
I'm reopening the issue, as there is a
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
severity 496416 important
Bug#496416: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `important' from `grave'
End of message, stopping
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
fixed 492777 3.4.0.3-1
Bug#492777: v-sim-doc: Unsatisfiable Depends on libopenbabel2
Bug marked as fixed in version 3.4.0.3-1.
End of message, stopping processing here.
Please
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
tags 496367 pending
Bug#496367: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: pending
End of message, stopping
JL please can you sponsor the new package? The description file is at
JL ftp://debian.ofset.org/debian/pool/main/w/wims_3.62-15.dsc
$ dget ftp://debian.ofset.org/debian/pool/main/w/wims_3.62-15.dsc
dget: retrieving
ftp://debian.ofset.org/debian/pool/main/w/wims_3.62-15.dsc
curl: (67) Access
On Mon, Aug 25, 2008 at 09:01:49AM +0200, Raphael Champeimont (Almacha) wrote:
According to upstream it's just the music and sound effects that was taken
from
online resources, the graphics were created by upstream.
Ok, so as only sound and music are not free, it would be great if the
Hello Dmitri,
wget downloads the description file easily:
---8-
gk:/tmp$ LC_ALL=C wget
ftp://debian.ofset.org/debian/pool/main/w/wims_3.62-15.dsc
--2008-08-25 11:00:51--
ftp://debian.ofset.org/debian/pool/main/w/wims_3.62-15.dsc
=
Hi Dmitry,
Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit :
Package: rkhunter
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages
Your message dated Mon, 25 Aug 2008 10:14:24 +0100
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#496497: libapache-mod-perl: mod_perl not installable
-- perl 5.8 removed, not compatible with perl 5.10
has caused the Debian Bug report #496497,
regarding libapache-mod-perl: mod_perl
Package: mdadm
Version: 2.6.7-3
Severity: critical
Justification: breaks the whole system
Hi,
I've got a system setup with two physical disks, md-raid1 on top of those,
dm-crypt on top of that and lvm at the top.
The hardware is a SunFire v120 SPARC.
The system was originally installed with
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
severity 496368 normal
Bug#496368: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `normal' from `grave'
End of message, stopping
Without a clear explanation of exactly what problem might occur and with
clear signs that this bug was filed without due preparation, I've
downgraded it pending clarification of the precise problem.
--
Neil Williams
=
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
Your message dated Mon, 25 Aug 2008 11:21:24 +0200
with message-id [EMAIL PROTECTED]
and subject line Not a bug for us
has caused the Debian Bug report #496360,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means that you claim
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
forwarded 494227 http://xmlroff.org/ticket/99
Bug#494227: xmlroff: Segmentation fault xmlroff --backend cairo
Noted your statement that Bug has been forwarded to
Richard A Nelson [EMAIL PROTECTED] writes:
==12662== Invalid read of size 1
==12662==at 0x80778C8: (within /usr/sbin/cfagent)
==12662==by 0x8077A8A: (within /usr/sbin/cfagent)
==12662==by 0x807A48E: (within /usr/sbin/cfagent)
==12662==by 0x8053AC0: (within /usr/sbin/cfagent)
Am Montag, den 25.08.2008, 01:14 +0200 schrieb W. Martin Borgert:
On 2008-08-25 00:13, Thomas Viehmann wrote:
Unfortunately, Martin, it makes the Debian refcard look ugly.
Nonetheless, I believe moving from segfault to quirky output
warrants closing the RC bug here. As such, I'll upload in
On Monday 25 August 2008 18:17:03 Jurij Smakov wrote:
Both have built successfully on sparc [0,1] against the binNMU'd
version of libpt-1.11.2 (from pwlib-titan source)
Jurij,
Thanks for your debuging of this. Good news.
Mark
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
severity 492299 normal
close 492299
thanks
Hi Terry,
first, setting the right severity...
second, closing, as you failed to provide any useful info to debug and fix
this bug, which is probably already fixed anyway, as Debian is used on many
Thinkpads.
If the problem still occurs, after
Processing commands for [EMAIL PROTECTED]:
severity 492299 normal
Bug#492299: base: Thinkpad T61 locks up
Severity set to `normal' from `critical'
close 492299
Bug#492299: base: Thinkpad T61 locks up
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any
tags 496438 security confirmed
thanks
Hi,
There are indeed several occurances of insecure tempfile usage:
15:${EXTRA_AREC_OPT} ${1} |tee /tmp/v-recorder${2}-out
/dev/tty$[${2}+1]
18:${EXTRA_AREC_OPT} ${1} |tee /tmp/v-recorder${2}-out
/dev/ttyv$[${2}+1]
33:
Le jeudi 21 août 2008 à 16:14 +0200, Thijs Kinkhorst a écrit :
When grepping the sympa source for /tmp I find quite some occurances
of
other files directly in tmp with insecure filenames. It should be
checked
for each if that code is executed and whether or not they should be
moved
to
Processing commands for [EMAIL PROTECTED]:
tags 496438 security confirmed
Bug#496438: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: security, confirmed
thanks
Stopping processing here.
Please contact me if you need assistance.
Your message dated Mon, 25 Aug 2008 09:32:16 +
with message-id [EMAIL PROTECTED]
and subject line Bug#494062: fixed in libprelude 0.9.19-2
has caused the Debian Bug report #494062,
regarding libprelude_0.9.19-1(hppa/experimental): FTBFS: *** No rule to make
target `perl-makefile'
to be
Chris Lamb wrote:
Patch attached.
D'oh, it already had a patch; that was silly.
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
signature.asc
Description: PGP signature
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
tags 496480 + pending
Bug#496480: openoffice.org_1:3.0.0~ooo300m3-2(experimental/i386/demosthenes):
gcj-dbtool: command not found
Tags were: experimental
Tags added: pending
End of
On Mon, Aug 25, 2008 at 09:44:03AM +0200, Thijs Kinkhorst wrote:
reopen 496393
thanks
Hi,
Maybe I'm completely missing something, but the patch you added just seems to
make matters much worse. Perhaps I don't understand it, but you remove use of
the safe mktemp function and replace it
reopen 496360
thanks
Please do not close, if You want, change severity :)
user's files can be very important,
for example ~/.gnupg/*
if attacker creates symlink to its then your gpg's private key may be
corrupted.
On 09:24 Mon 25 Aug , Debian Bug Tracking System wrote:
DBTS
Processing commands for [EMAIL PROTECTED]:
reopen 496360
Bug#496360: The possibility of attack with the help of symlinks in some Debian
packages
Bug reopened, originator not changed.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Hi Marcos,
thanks for working on RC bugs!
Your comment on bts.turmzimmer.net regarding #495144 looks
interesting, but I'm not sure whether I entirely understand the
comment and its implications. For one, if the bug does not occur in
unstable, what happened to make it disappear?
Also, it
Processing commands for [EMAIL PROTECTED]:
reopen 496360
Bug#496360: The possibility of attack with the help of symlinks in some Debian
packages
Bug is already open, cannot reopen.
severity 496360 important
Bug#496360: The possibility of attack with the help of symlinks in some Debian
found 496361 1:2.4.1-6
notfound 496361 1:3.0.0~beta2-1
notfound 496361 2.0.4.dfsg.2-7etch5
tag 496361 + pending
thanks
Dmitry E. Oboukhov wrote:
#!/bin/sh
URI_ENCODE=`dirname $0`/uri-encode
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
[...]
Oops, I didn't see it
Processing commands for [EMAIL PROTECTED]:
found 496361 1:2.4.1-6
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
Bug marked as found in version 1:2.4.1-6.
notfound 496361 1:3.0.0~beta2-1
Bug#496361: The possibility of attack with the help of symlinks
reopen 496360
severity 496360 important
kthxbye
On Mon, Aug 25, 2008 at 11:21:24 +0200, Romain Beauxis wrote:
Hi !
Indeed, liguidsoap uses files under /tmp to write logs and dump audio data
during the live show.
We don't consider this as a bug, but as feature (tm).
This is
Your message dated Mon, 25 Aug 2008 10:17:09 +
with message-id [EMAIL PROTECTED]
and subject line Bug#494097: fixed in git-core 1:1.5.6.5-1
has caused the Debian Bug report #494097,
regarding git-core: stack-based buffer overflow in git-diff and git-grep
to be marked as done.
This means that
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
close 496361 1:3.0.0~beta2-1
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
'close' is deprecated; see
Processing commands for [EMAIL PROTECTED]:
tags 496324 +pending
Bug#496324: libglc-dev: dependencies missing
Tags were: confirmed
Tags added: pending
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian
Hi there,
On Monday 25 August 2008 11:19:58 you wrote:
Your comment on bts.turmzimmer.net regarding #495144 looks
interesting, but I'm not sure whether I entirely understand the
comment and its implications. For one, if the bug does not occur in
unstable, what happened to make it disappear?
Le lundi 25 août 2008 à 14:02 +0400, Dmitry E. Oboukhov a écrit :
On 11:09 Mon 25 Aug , Julien Valroff wrote:
JV Hi Dmitry,
JV Le dimanche 24 août 2008 à 22:05 +0400, Dmitry E. Oboukhov a écrit :
JV Package: rkhunter
JV Severity: grave
[...]
JV In some packages I've discovered scripts
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
notfixed 496361 1:2.4.1-7
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
Bug no longer marked as fixed in version 1:2.4.1-7.
End of
Hi,
Thijs Kinkhorst wrote:
Rene Engelhard wrote:
I so far thought mktemp was safe enough? (of course, we get
senddoc.mutt.number, but...
mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
echo $@ /tmp/log.obr.$$
echo $# /tmp/log.obr.$$
which I agree
On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote:
I think rkhunter is safe, given that the script does check that the file
in /tmp is a file (and not a symlink) before using it:
if [ $1 = --debug ]; then
if [ -e /tmp/rkhunter-debug ]; then
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
tags 496362 confirmed
Bug#496362: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed
End of message,
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
tags 496361 confirmed
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed
End of message,
Your message dated Mon, 25 Aug 2008 13:01:17 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#496375: The possibility of attack with the help of
symlinks in some Debian packages
has caused the Debian Bug report #496375,
regarding The possibility of attack with the help of
Your message dated Mon, 25 Aug 2008 10:32:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#496393: fixed in xcal 4.1-19
has caused the Debian Bug report #496393,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means
Your message dated Mon, 25 Aug 2008 10:32:07 +
with message-id [EMAIL PROTECTED]
and subject line Bug#496493: fixed in zeroc-icee 1.2.0-6
has caused the Debian Bug report #496493,
regarding zeroc-icee: unsatisfiable dep on libicee-java (= ${binary:Version})
to be marked as done.
This means
Your message dated Mon, 25 Aug 2008 10:32:04 +
with message-id [EMAIL PROTECTED]
and subject line Bug#495769: fixed in nufw 2.2.15-2
has caused the Debian Bug report #495769,
regarding libpam-nufw has rpath to insecure location
(/home/pollux/DEBIAN/NUFW/nufw-2.2.15/src/clients/lib/.libs)
to
severity 496401 wishlist
retitle 496401 please make debug code use safe tempfiles
thanks
Hi,
This is not a real issue. The files in question are only created when $debug
is set to one. Furthermore this $debug variable is hardcoded in the script
(not the general Postfix debugging
Processing commands for [EMAIL PROTECTED]:
severity 496401 wishlist
Bug#496401: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `wishlist' from `grave'
retitle 496401 please make debug code use safe tempfiles
Bug#496401: The possibility of attack
package rkhunter
reopen 496375
thanks
Le lundi 25 août 2008 à 12:52 +0200, Julien Cristau a écrit :
On Mon, Aug 25, 2008 at 11:09:02 +0200, Julien Valroff wrote:
I think rkhunter is safe, given that the script does check that the file
in /tmp is a file (and not a symlink) before using it:
Processing commands for [EMAIL PROTECTED]:
package rkhunter
Ignoring bugs not assigned to: rkhunter
reopen 496375
Bug#496375: The possibility of attack with the help of symlinks in some Debian
packages
Bug reopened, originator not changed.
thanks
Stopping processing here.
Please contact me
Trouble is that we then accumulate yet another Debian-only patch... Oh well.
Why wouldn't it be acceptable to upstream?
So something like
# test functionality of the compiler
javac_works='not present'
if test -n $JAVAC; then
javac_works='not functional'
#rm -rf /tmp/A.java
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
tags 496363 confirmed
Bug#496363: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed
End of message,
Yes, something like that would be better - the current approach leaves a
small but exploitable race condition. I have no opinion on whether the
race condition matters in practice, of course, but my gut says that the
extra effort to use safe coding practices is so small that it's probably
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
tags 496418 confirmed
Bug#496418: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed
End of message,
Your message dated Mon, 25 Aug 2008 12:20:43 +0100
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#496502: mdadm: Tries to start array at boot before
partitions is found.
has caused the Debian Bug report #496502,
regarding mdadm: Tries to start array at boot before partitions is
Package: network-manager
Version: 0.6.6-2
Severity: grave
Justification: renders package unusable
While tring to force the connection to an AP (Connect to other wireless
network) network-manager spilled the following in the logs without any
message or warning in the graphic interface:
Aug 25
Processing commands for [EMAIL PROTECTED]:
tags 496334 moreinfo
Bug#496334: mdadm segfault on --assemble --force with raid10
There were no tags set.
Tags added: moreinfo
severity 496334 important
Bug#496334: mdadm segfault on --assemble --force with raid10
Severity set to `important' from
Hi Dirk,
* Dirk Eddelbuettel [EMAIL PROTECTED] [2008-08-25 13:06]:
On 25 August 2008 at 04:11, Nico Golde wrote:
| * Dirk Eddelbuettel [EMAIL PROTECTED] [2008-08-25 03:07]:
[...]
| Right before /tmp/A.* are being used, they are being wiped. No symlink
| attack.
|
| Unless I hear
Your message dated Mon, 25 Aug 2008 13:14:40 +0200
with message-id [EMAIL PROTECTED]
and subject line no bug here
has caused the Debian Bug report #496408,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means that you claim that
tags 496334 moreinfo
severity 496334 important
thanks
Please provide an strace of the segfault.
--
.''`. martin f. krafft [EMAIL PROTECTED]
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian -
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
notforwarded 496422
Bug#496422: The possibility of attack with the help of symlinks in some Debian
packages
Removed annotation that Bug had been forwarded to
On 25 August 2008 at 13:19, Thijs Kinkhorst wrote:
| Trouble is that we then accumulate yet another Debian-only patch... Oh well.
|
| Why wouldn't it be acceptable to upstream?
I'll talk to them but mktemp is not universal, is it?
| So something like
|
| # test functionality of the
please recheck src-code
for example:
wims/src/Texgif/texgif.c
char *tmpdir=/tmp;
char *fontdir=/tmp;
char *headerfile=;
char *texstyle=;
char *outfile=/tmp/texgif.gif;
...
make grep /tmp for all sources :)
On 11:06 Mon 25 Aug , Georges Khaznadar wrote:
GK Hello Dmitri,
GK wget
On Monday 25 August 2008 13:36, Dirk Eddelbuettel wrote:
On 25 August 2008 at 13:19, Thijs Kinkhorst wrote:
| Trouble is that we then accumulate yet another Debian-only patch... Oh
| well.
|
| Why wouldn't it be acceptable to upstream?
I'll talk to them but mktemp is not universal, is it?
On Sun, Aug 24, 2008 at 11:50:06PM +0200, Thomas Viehmann wrote:
tags 491182 + patch pending
thanks
fwiw, see
http://invisible-island.net/byacc/CHANGES
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
pgprBNpfCVPkD.pgp
Description: PGP signature
severity 496367 normal
thanks
At 1219601128 time_t, Dmitry E. Oboukhov wrote:
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Since this is a poor buggy debug-script, I'm setting the severity to
normal. It won't affect anyone sane.
I've also pushed a
Processing commands for [EMAIL PROTECTED]:
severity 496367 normal
Bug#496367: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `normal' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
On 25 August 2008 at 13:44, Thijs Kinkhorst wrote:
| On Monday 25 August 2008 13:36, Dirk Eddelbuettel wrote:
| On 25 August 2008 at 13:19, Thijs Kinkhorst wrote:
| | Trouble is that we then accumulate yet another Debian-only patch... Oh
| | well.
| |
| | Why wouldn't it be acceptable to
1 - 100 of 252 matches
Mail list logo