tags 594369 +pending
thanks
Hi,
The following change has been committed for this bug, and so the
fix will be in the next upload.
===
Changeset [429] by camrdale, 2010-08-27 06:14:14 + (Fri, 27 Aug 2010)
Update for ABI change
I should be able to fix this tomorrow. If you need it sooner than
that, please let me know.
Thanks,
Cameron
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
tags 574198 +pending
thanks
Hi,
The following change has been committed for this bug, and so the
fix will be in the next upload.
===
Changeset [417] by camrdale, 2010-03-20 19:24:29 + (Sat, 20 Mar 2010)
Fix piuparts
tags 516708 +pending
thanks
Hi,
The following change has been committed for this bug, and so the
fix will be in the next upload.
===
Changeset [419] by camrdale, 2010-03-20 21:53:15 + (Sat, 20 Mar 2010)
Fix endless
tags 516708 +pending
thanks
Hi,
The following change has been committed for this bug, and so the
fix will be in the next upload.
===
Changeset [420] by camrdale, 2010-03-20 22:00:22 + (Sat, 20 Mar 2010)
Fix endless
On Sun, Jan 24, 2010 at 4:49 PM, Kees Cook k...@debian.org wrote:
I've filed a removal request:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566760
I don't think this warrants a removal request.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
Sorry for the previous email, I clicked Send by mistake.
On Sun, Jan 24, 2010 at 3:53 AM, Sylvain Beucler b...@beuc.net wrote:
Any progress on that RC issue?
I have made some progress since it was made RC in October, but the bug
is more complicated than I first though. I will continue to work
Package: apticron
Version: 1.1.27
Severity: serious
Justification: Policy 10.7.3: local changes must be preserved during a package
upgrade
The postinst script generates errors when it greps through my modified
/etc/cron.d/apticron file. All I did was to comment out the cron entry
like below, as
Package: transmission
Version: 1.33-2
Severity: grave
Justification: causes non-serious data loss
I just experienced this bug, which has been reported upstream, and so I
decided to report it here for other Debian users to see.
See: http://trac.transmissionbt.com/ticket/1305
Also:
Package: kcheckgmail
Version: 0.5.7.4-1
Severity: grave
I've tried on a couple of different machines now, one that uses kcheckgmail
compiled from source, the other is using the Debian package, and both fail to
login saying that the login procedure has changed.
Thanks,
Cameron
--- System
tags 479378 moreinfo
thanks
On 5/4/08, Juhapekka Tolvanen [EMAIL PROTECTED] wrote:
I try remember to include enough scripts and config files with this
bugreport. A file called firewall is a shell script, that is run during
boot process.
Unfortunately the most important file is the log file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: python-debian
Version: 0.1.8
Severity: serious
Justification: violates policy 7.2 regarding Recommends
In trying to use python-debian in one of my packages, I am going to have to also
depend on python-apt, since python-debian only suggests
On 10/16/07, Josselin Mouette [EMAIL PROTECTED] wrote:
First of all, bittornado failed to upgrade. I think this was either
caused by a prerm failure or an unpack failure, leading in the end to
have only bittornado 0.3.18-3 installed. So there's probably a bug in
bittornado. It would be nice if
There were a few reports like this s while back that were
python-support related, so I'm thinking of reassigning this to the
python-support package. Just to be sure, could you let me know the
output of this command:
locate -e BitTornado | sed -e 's#/[^/]*$##' | sort -u
It should show some
reassign 446730 python-support
thanks
On 10/15/07, Lionel Elie Mamane [EMAIL PROTECTED] wrote:
On Mon, Oct 15, 2007 at 12:39:37PM -0700, Cameron Dale wrote:
could you let me know the output of this command:
locate -e BitTornado | sed -e 's#/[^/]*$##' | sort -u
[EMAIL PROTECTED]:~$ locate
tag 416405 unreproducible
severity 416405 normal
thanks
On 4/3/07, Mike Martin [EMAIL PROTECTED] wrote:
I had to move this machine today. Upon reboot, torrentflux came up
without a hitch and is working the way I would expect. It went
straight to the update settings page when I logged in as the
Sorry for the delay Mike, I'll try and find some time work on this
more this weekend. Until then, read below ...
On 3/27/07, Mike Martin [EMAIL PROTECTED] wrote:
Does this message appear in the browser? Are there any other error
messages in log files, perhaps in the webserver logs or mysql
On 3/27/07, Nicolas Aupetit [EMAIL PROTECTED] wrote:
I obtain the same message after a crash of my machine,
when the tf_log table is in use.
After the reboot, this MySQL table is marked as used,
and is obviously unavailable.
I must repair this table with :
[EMAIL PROTECTED] mysql
mysql use
Hi Mike,
On 3/27/07, root [EMAIL PROTECTED] wrote:
Package: torrentflux
Version: 2.1-4
Severity: grave
Justification: renders package unusable
Upon login, torrentflux reports:
TorrentFlux Login
Warning: Invalid argument supplied for foreach() in
/usr/share/php/adodb/adodb-lib.inc.php on
severity 403661 normal
tags 403661 unreproducible
thanks
On 12/19/06, Remi Vanicat [EMAIL PROTECTED] wrote:
2006/12/19, Micah Anderson [EMAIL PROTECTED]:
I just created a sid chroot and attempted to install torrentflux, I did
not encounter this problem.
I tried a few different failure
On 12/18/06, Remi Vanicat [EMAIL PROTECTED] wrote:
$ DEBCONF_DEBUG=developer dpkg --configure --pending
Setting up torrentflux (2.1-7) ...
debconf (developer): frontend started
debconf (developer): frontend running, package name is torrentflux
debconf (developer): starting
FYI, I will probably try and upload this on Thursday (Dec. 14th), in
the hopes of eventually getting included back into Etch. Unless of
course there are any more problems that come up, or problems pointed
out with the fixes I have here.
Thanks,
Cameron
--
To UNSUBSCRIBE, email to [EMAIL
I've prepared an updated fix for this (and other) problems. I split
the previous patch into 2, and created 2 other new ones to fix other
problems. All 4 are attached, and my repository contains the updated
packages. Here's a description of the patches:
11_missed_security_fixes.dpatch:
This
forwarded 400582 http://www.torrentflux.com/contact.php
thanks
Thanks for the additional info Stefan, I've forwarded this information
to upstream. Unfortunately I have no time right now, so it will be a
couple of days before I get to this. One question though (below).
On 12/4/06, Stefan Fritsch
On 12/4/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
The metaInfo.php issue doesn't seem to be fixed in 2.2
To be clear, I would like to point out that the more serious remote
command execution using metaInfo.php IS fixed in 2.2.
However, the local privilege escalation is present in 2.2 by a
Hi Micah,
Thanks for doing this. Unfortunately, I think one of these reports is
a duplicate, and some are inaccurate as they don't apply to version
2.2. I don't know how these work, but if you can update them you may
want to make some changes. See my notes below.
On 12/6/06, Micah Anderson
On 12/6/06, Cameron Dale [EMAIL PROTECTED] wrote:
On 12/4/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
The metaInfo.php issue doesn't seem to be fixed in 2.2
To be clear, I would like to point out that the more serious remote
command execution using metaInfo.php IS fixed in 2.2.
Sorry
On 12/6/06, Cameron Dale [EMAIL PROTECTED] wrote:
==
Name: CVE-2006-6331
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6331
Reference:
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582
On 12/4/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
In index.php and dir.php, urldecode() is called after the htmlentities
escaping is done by getRequestVar(). This allows to bypass the
escaping. In dir.php this could be used for a XSS. Replace $dir by
htmlentities($dir) in the error message. Or
Unless there are any more problems found with the fix I created, I'm
going to try and get this uploaded by Monday the 4th so I can start
working on the soon-to-be-released new upstream version.
Cameron
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On 11/29/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
I didn't have time yet to look at it thoroughly (or test it), but
AFAICS you now check the file for existance before passing it to the
shell. This should convert the remote command execution vuln into a
local priviledge escalation. A local
On 11/29/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
I didn't have time yet to look at it thoroughly (or test it), but
AFAICS you now check the file for existance before passing it to the
shell. This should convert the remote command execution vuln into a
local priviledge escalation. A local
tags 400582 + pending
thanks
On 11/27/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
I was able to exploit the problem mentioned above to execute shell
commands. $cfg[enable_file_priority] must be false.
Ahh, that's why I couldn't get it to work. Looking at it now it seems
obvious, but then
retitle 399169 torrentflux: create/delete/overwrite arbitrary files
tags 399169 + pending
thanks
Thanks for the report Stefan, your vigilance is much appreciated.
Unfortunately the report from secunia is poorly titled, and some of it
doesn't apply to the Debian package, so I'll include some
is in the works. Should be available soon.
On Wednesday 22 November 2006 09:31, Cameron Dale wrote:
On 11/18/06, Stefan Fritsch [EMAIL PROTECTED] wrote:
1) Input passed to the kill parameter in index.php is not
properly sanitised before being used as the command line argument
to the kill command
tags 399174 + pending
thanks
On 11/19/06, Steve Langasek [EMAIL PROTECTED] wrote:
That bug submitter was misguided. the phpapi virtual package is not
intended for use by apps written in php; please use the packages 'php4'
and/or 'php5' for this,
Thanks for the help Steve. I decided to go
Hi Steve,
I'm currently in the process of adopting this package, so I'm still a
little unfamiliar with it. Please bear with me.
On 11/18/06, Steve Langasek [EMAIL PROTECTED] wrote:
On Sat, Nov 18, 2006 at 10:14:49AM +, Richard Burton wrote:
The following packages have unmet dependencies.
severity 398537 wishlist
tags 398537 wontfix
thanks
On 11/14/06, Lucas Nussbaum [EMAIL PROTECTED] wrote:
During a piuparts run over all the packages in etch, I ran into a
problem with your package:
Unfortunately, torrentflux is not intended to be installed unattended
in the manner that
Package: torrentflux
Version: 2.1-4
Severity: grave
Tags: security, confirmed, pending
Justification: user security hole
Thanks to Stefan Fritsch for bringing this to my attention.
A fix has been prepared and will be uploaded shortly.
From http://www.securityfocus.com/bid/20771 :
TorrentFlux
tags 395099 + pending
thanks
Thanks again for the report. I've updated the code using patches based
on the beta release from the next upstream upgrade. This should be
uploaded very soon.
Cameron
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
: bittornado
Section: net
Priority: optional
Maintainer: Micah Anderson [EMAIL PROTECTED]
Uploaders: Cameron Dale [EMAIL PROTECTED]
Build-Depends: dpatch, debhelper (= 5.0.37.2)
Build-Depends-Indep: python-dev, python-support (= 0.4.2), docbook-to-man
Standards-Version: 3.7.2
Package: bittornado
Architecture
), then bittornado (a while ago), then python2.4
(recently)? If that's the case you might try uninstalling/reinstalling
bittornado to see if it solves your problem. As Micah asked, the
output of dpkg -l python* might be helpful. Also, perhaps the output
of locate -e BitTornado.
Cameron Dale
--
To UNSUBSCRIBE
of bittornado. Let me know if the stable/sarge one does
work for you.
--
Cameron Dale
[EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
Attached are the patches I have prepared that backports the fixes of
these vulnerabilities to the version in sarge (4.52-1).
--
Cameron Dale
signature.asc
Description: Digital signature
Attached is a patch I have prepared that backports the fix of this
vulnerability to the version in sarge (4.52-1).
--
Cameron Dale
diff -Nur libphp-adodb-4.52/build-tree/adodb/adodb-pager.inc.php
libphp-adodb-4.52.new/build-tree/adodb/adodb-pager.inc.php
--- libphp-adodb-4.52/build-tree/adodb
Attached are the patches I have prepared that backports the fixes of
these vulnerabilities to the version in sarge (4.52-1).
They're really attached this time.
--
Cameron Dale
diff -Nur libphp-adodb-4.52/build-tree/adodb/server.php
libphp-adodb-4.52.new/build-tree/adodb/server.php
--- libphp
(4.52-1).
Sorry.
--
Cameron Dale
[EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
Package: libphp-adodb
Version: 4.72-0.1
Severity: grave
Tags: security
Justification: user security hole
Another vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0806
See also:
http://www.securityfocus.com/archive/1/archive/1/425393/100/0/threaded
Is fixed in 4.72:
48 matches
Mail list logo
