Andreas Tille dijo [Fri, Feb 23, 2024 at 03:22:27PM +0100]:
> HI Andrius,
>
> Am Fri, Feb 23, 2024 at 09:29:27AM +0200 schrieb Andrius Merkys:
> > > ModuleNotFoundError: No module named 'imp'
> >
> > I had a similar problem. I worked it around by depending on
> > python3-zombie-imp, the original
I am adding a Recommends: on zerofree and will soon upload (and close
thus bug). Michael: I understand your point, but given this is a
design decision from our upstream author, I prefer adding a Cc: to
Lars and ask him to consider switching from zerofree over to fstim,
maybe he has reasons not to.
Package: impressive
Version: 0.13.1-1
Followup-For: Bug #1047864
Checking the online documentation of Pillow (the fork of PIL that Debian ships),
the ANTIALIAS method has been renamed as LANCZOS:
https://pillow.readthedocs.io/en/stable/releasenotes/2.7.0.html
Antialias renamed to
Package: impressive
Version: 0.13.1-1
Severity: grave
Justification: renders package unusable
Hello again,
I have stumbled upon a new bug that affects impressive :-(
When starting up, I see the logo screen, but immediately afterwards, impressive
crashes with the following:
$ impressive
Package: telegram-purple
Version: 1.4.3-3+b1
Severity: grave
Justification: renders package unusable
For several days already, I have been unable to connect to Telegram
via Bitlbee (which uses libpurple). The log for the Bitlbee server
shows:
18:40:00 @root | telegram - Logging in: Logged in
tags 1031364 + upstream,forwarded,patch
thanks
I have reported this bug to the upstream author as issue #69:
https://gitlab.com/larswirzenius/vmdb2/-/issues/69
And proposed a simplistic patch as merge request #106:
https://gitlab.com/larswirzenius/vmdb2/-/merge_requests/106
Just for
tags 985336 + pending
thanks
I have uploaded a fixed package as a NMU to the 7-day-delayed queue,
and submitted MR #4 in Salsa.
signature.asc
Description: PGP signature
: 2021-03-11
Origin: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
Forwarded: not-needed
Author: Gunnar Wolf
Description: Fix a buffer overflow in ean_laeding_zeroes
This vulnerability is tracked as CVE-2021-27799. The patch was backported
from the devel git tree
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,11 @@
debirf (0.39) UNRELEASED; urgency=medium
+ [ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
+ [ Gunnar Wolf ]
+ * switch from /updates to -security (Closes: #969938)
+
-- Ondřej Nový Mon, 01 Oct 2018 10:36:19 +0200
user debian-rele...@lists.debian.org
usertags -1 + bsp-2021-03-latinoamerica
thank you
user debian-rele...@lists.debian.org
usertags -1 + bsp-2021-03-latinoamerica
thank you
tags 956083 + patch,pending
thanks
Hello Tina!
I have prepared a _very_ simple patch for this issue that lacks
elegance, but I think solves the problem: As it is invoked before the
data rotation, it will notify via stderr and exit before destroying
past data:
diff --git a/autopostgresqlbackup
tags 973467 - patch
tags 973467 + confirmed upstream
severity 973467 important
thanks
Hello Ryutaroh,
As you said here, the workaround is not a fix, as it would make vmdb2
produce images unable to boot on amd64 - So I'm removing the "patch"
tag. I am also adding the tags "confirmed" and
Hi,
Just a heads-up: git-hub v2.x.x has been ported to Python3, around one
month ago. Please update the package!
https://github.com/sociomantic-tsunami/git-hub/blob/v2.x.x/relnotes/python3-migration.md
Thanks,
signature.asc
Description: PGP signature
tags 958606 + patch
thanks
The patch for this, given bitlbee already depends on debhelper, is
straightforward; I am inlining it here:
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
Maintainer: Wilmer van der Gaast
Uploaders: Jelmer Vernooij
Standards-Version:
tags 958606 + ftbfs pending
tags 942954 + ftbfs pending
thanks
I will be NMUing in some minutes bitlbee to the 3-day delayed queue
due to the two mentioned bugs, as they cause the package to FTBFS (and
are quite trivial to fix).
The patch for 942954 was sent several months ago by Matthias Klose;
he php-fpm
maintainers to work constructively to find a suitable way to describe
the needed dependencies so that php-fpm can be installed in a
containerized system without a full init system.
For fullness of references, the bug report tracking the conflict
between the systemctl and php-fpm packages i
Hello world,
Dmitry Smirnov Tue, 14 Jul 2020 18:04:45 +1000:
> Not yet, unfortunately. Sorry for inconvenience. I'm going to seek
> CTTE advise on #959174...
I am joining the conversation as an individual (so I'm not wearing any
tech-ctte hat yet), prompted by this. Do note that this has _not
tags 961377 + pending
thanks
I have uploaded the fix and mailed the Stable Release Managers, this
should be fixed soon.
Thanks!
Thorsten Glaser dijo [Fri, Jul 03, 2020 at 04:28:37PM +]:
> Gunnar Wolf, Sun, 24 May 2020 16:03:04 -0500:
>
> >I will try to build+test+upload this in the next couple of days.
>
> $ rmadison -u qa raspi3-firmware
> raspi3-firmware | 1.20161123-2 | stretch/non-
tags 961377 + confirmed,pending
thanks
Thorsten Glaser dijo [Sat, May 23, 2020 at 08:55:01PM +0200]:
> Package: raspi3-firmware
> Version: 1.20190215-1+deb10u3
> Severity: critical
> Tags: patch buster
> Justification: breaks the whole system
>
> /etc/kernel/postinst.d/z50-raspi3-firmware in
Lars Wirzenius dijo [Thu, Nov 28, 2019 at 11:27:54AM +0200]:
> Thanks, I've applied the changes and pushed them to git.liw.fi and
> gitlab.
Thanks for your prompt attention, Lars!
I am about to board a plane, but will try to work on this bug later
today. Lars, do you want to tag a release? Or
Package: drupal7
Version: 7.52-2+deb9u8
Severity: grave
Tags: security upstream
Justification: user security hole
Drupal security advisory SA-CORE-2019-007 was issued today:
https://www.drupal.org/SA-CORE-2019-007
It refers to the following advisory in a bundled third-party library:
Didier 'OdyX' Raboud dijo [Mon, Feb 25, 2019 at 02:58:09PM +0100]:
> === Resolution ===
>
> The Technical Committee resolves to decline to override the debootstrap
> maintainers.
>
> Furthermore, using its §6.1.5 "Offering advice" power, the Technical
> Committee considers that the desirable
Didier 'OdyX' Raboud dijo [Sat, Feb 02, 2019 at 03:38:01PM +0100]:
> Le samedi, 2 février 2019, 14.48:22 h CET Ian Jackson a écrit :
> > Ping ?
>
> Thank for the ping.
>
> Gunnar and myself have started working on a draft, the latest version of
> which
> is available at
>
>
Ansgar Burchardt dijo [Wed, Dec 05, 2018 at 08:17:56AM +0100]:
> The Reproducible Builds project was so kind to help and now runs one
> build in a non-merged-/usr and a second build in a merged-/usr
> environment. Packages that hardcode the path to utilities, but would
> pick up the wrong one in
Svante Signell dijo [Wed, Dec 05, 2018 at 02:03:19PM +0100]:
> > If we keep merged-/usr as default then we can /recommend/ people to
> > install usrmerge to switch to merged-/usr; reducing the difference
> > between newly-installed and existing setups is a good idea IMHO. I
> > think I filed a
Adam Borowski dijo [Mon, Dec 03, 2018 at 12:36:29AM +0100]:
> (...)
> So, let's enumerate possible outcomes:
>
> 1. no usrmerge
> 1a. no moves at all (no effort needed!)
> 1b. moves via some dh_usrmove tool, until /bin is empty
> 2. supporting both merged-usr and unmerged-usr
> 3. mandatory
I have applied the patch mentioned above¹ to the aegisub packaging,
and fixed *this portion of* the FTBFS. Unfortunately, aegisub still
fails to build - From my build log:
g++ -MMD -MP -Wdate-time -D_FORTIFY_SOURCE=2
-I/home/gwolf/vcs/build-area/aegisub-3.2.2+dfsg/src/ -I..
Salvatore Bonaccorso dijo [Mon, Apr 23, 2018 at 08:53:38PM +0200]:
> The following vulnerability was published for drupal7.
>
> CVE-2018-7602[0]:
> SA-CORE-2018-004
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your
Salvatore Bonaccorso dijo [Thu, Feb 22, 2018 at 08:46:30PM +0100]:
> There was a new Drupal security advisory at
>
> https://www.drupal.org/sa-core-2018-001
>
> where several issues affect as well drupal7.
>
> * JavaScript cross-site scripting prevention is incomplete - Critical -
>Drupal
Jérémy Lal dijo [Tue, Oct 03, 2017 at 07:46:43PM +0200]:
> It might be a good idea to make policy more explicit about downloads during
> build.
I completely agree. This led me to look at #813471 ("network access to
the loopback device should be allowed"), and... Well, it seems to set
the stage to
Pirate Praveen dijo [Tue, Oct 03, 2017 at 12:12:54PM +0530]:
> > I am completely with Sean here; I read the following messages, and am
> > happy a better resolution was found. But, FWIW, I'll support Sean's
> > interpretation - Contrib and non-free are *not* places where we can
> > happily breach
Sean Whitton dijo [Sat, Sep 30, 2017 at 12:10:54PM -0700]:
> > The whole purpose of having contrib and non-free is to host packages
> > that can't be in main, either permanently or temporarily. I fail to
> > see how it is against the spirit.
>
> To my mind, at least, the purpose of contrib and
Raphael Hertzog dijo [Thu, Jun 22, 2017 at 10:55:59AM +0200]:
> Hello Gunnar,
Hello Raphael,
Thanks a lot for your great, invaluable help on LTS!
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of drupal7:
>
Package: ruby-gruff
Version: 0.6.0-1
Followup-For: Bug #841133
This bug does not only happen at build time, it makes Gruff completely
unusable :-(
$ irb
>> require 'gruff'
=> true
>> g=Gruff::Bar.new '100x100'
/usr/lib/ruby/vendor_ruby/gruff/base.rb:968: [BUG] Segmentation fault at
Source: jqueryui
Version: 1.10.1+dfsg
Severity: serious
Justification: Policy 2.3
The package's debian/copyright mentions all of the contents as being
licensed udner "GPL-2 or MIT", but they are exclusively licensed under
the MIT:
$ grep -ri 'gnu' . --exclude-dir=debian
Binary file
tag 821482 + confirmed upstream patch pending
thanks
Hi,
I'm contacting pkg-php-maint as recommendad by Ondřej's original mass
bug filing, hopefully avoiding the removal of Drupal7 from Debian.
As it is now, at version 7.43, Drupal7 is *not* PHP7-clean, and it is
documented with bugs in the
Already under way :) I have already prepared 7.32-1+deb8u5 including
this fix, it's waiting for approval by the stable security team. I
have also uploaded 7.39-1~bpo8+1 to jessie-backports.
As for SA-CORE-2015-002, it was fixed in 7.32-1+deb8u4, which is
currently part of jessie-security (and
Hi,
Your report strikes me as quite weird, as I recently did the same
without any trouble. Does your Apache installation allow for
directives to be specified via .htcaccess? (look for AllowOverride
in your Apache configurations)
You mention:
Tried everything under the sun:
modified
tags 747736 + unreproducible
thanks
Hi,
I have attempted to build this package on a clean chroot, and found no
problem (and thus would like to confirm with you whether this RC bug
report can be closed).
What I found in your failure build log is that all of the failing
tests I checked mention:
Holger Levsen dijo [Mon, Jun 09, 2014 at 01:20:13PM +0200]:
Hi Gunnar,
will you also ask for the removal of imsniff from stable and oldstable?
As long as there is still a final oldstable pointrelease scheduled, I think
this makes sense.
Right... It is a useless package. I did not think
Package: imsniff
Version: 0.04-6
Severity: grave
Justification: renders package unusable
In March 2013, Microsoft dropped support for the MSN chat
protocol. This package deals only with this protocol, which is no
longer used.
I will be filing a request for package removal given this package has
Salvatore Bonaccorso dijo [Wed, May 21, 2014 at 07:18:46AM +0200]:
the following vulnerabilities were published for collabtive.
CVE-2014-3246[0]:
| SQL injection vulnerability in Collabtive 1.2 allows remote
| authenticated users to execute arbitrary SQL commands via the folder
| parameter
Hi,
I will try to contact upstream to fix this bug ASAP. I cannot,
however, find the files you mention in tinymce:
$ apt-get source tinymce
$ cd tinymce-3.4.8+dfsg-0
$ find . -name jsval.js
$ find . -name mycalendar.js
$ find . -name window.js
How did you find them to be a part of tinymce?
Gunnar Wolf dijo [Sat, Apr 12, 2014 at 10:44:52AM -0500]:
(...)
I *do* see some other minified javascripts in the same directory:
prototype.php includes Prototype 1.6.0.3 (we currently ship 1.7.1),
although I don't understand why it has a PHP header...
(...)
OK, and I see in debian/copyright
Daniel Pocock dijo [Thu, Apr 10, 2014 at 12:40:27PM +0200]:
Hi Gunnar,
I just saw your comment on this bug from February 18
Personally, I don't think it is enough to say that a package is not
using some artifacts from the source tarball - while it is a technically
valid argument, it would
FWIW, this list might prove useful, and also point at libraries not
yet packaged:
drupal7$ for js in $(find . -name *.min.js); do
js=$(basename $js)
echo -n $js ⇒
found=$(apt-file search $js|cut -f 1 -d :|grep -v ^drupal7)
if [
reopen 730960
tags 730960 + pending
thanks
David Suárez dijo [Fri, Mar 14, 2014 at 07:29:52PM +0100]:
Maybe I miss something, but on current unstable version (0.6.5-7), we have:
Vcs-Browser: http://git.debian.org/?p=pkg-ruby-extras/ruby-bdb.git;a=summary
Homepage:
Source: ruby-bdb
Version: 0.6.6-1
Severity: serious
Justification: FTBFS on amd64
Attempting to build this package on AMD64, I got the following
results:
88
/usr/bin/install -c -m 0755 bdb.so ./.gem.20140313-22704-1exw4lh
make[1]:
Hi Bastien,
I am still not finished fixing this bug (and have not yet tested if my
changes will work fine as they are), but would like your
(+ftpmasters') input on whether what I'm doing is enough — I hope to
avoid needing to repackage upstream's sources. Please refer to my
commit in the Drupal7
Jérémy Bobbio dijo [Mon, Sep 02, 2013 at 09:08:35AM +0200]:
(...)
Oh crap… my bad.
gettext 3.0 dropped support for Ruby 1.8. But given this is still our
default interpreter, its reverse dependencies are likely to fail.
Given the following:
(...)
Trying to re-introduce compatibility with
Adam D. Barratt dijo [Tue, Jun 04, 2013 at 09:03:01PM +0100]:
On Mon, 2013-06-03 at 18:49 -0500, Gunnar Wolf wrote:
Grr, I'm doing this all backward: I first got a patch (via github),
then uploaded 1.4-1, fixing this problem, and without mentioning the
bug :-/ and finally file the bug
Package: dh-make-drupal
Version: 1.3-1
Severity: grave
Tags: upstream patch
Justification: renders package unusable
Grr, I'm doing this all backward: I first got a patch (via github),
then uploaded 1.4-1, fixing this problem, and without mentioning the
bug :-/ and finally file the bug.
Anyway,
Felipe dijo [Tue, Mar 26, 2013 at 12:26:59AM -0300]:
When using Google Chrome (I cannot assure you that it only occours with
it), more often surfing on Google+, the system freezes, but the mouse
pointer keeps working. When I close the notebook screen, it goes to
suspend, but when I power it
Ingo Juergensmann dijo [Thu, Feb 14, 2013 at 08:15:01AM +0100]:
the last Debian security updates like #696342 and #698334 fixed the
reported issues by applying the appropriate patches, but
unfortunately they missed the patch that turns off the prominent
warning to the end user running his/her
Luigi Gangitano dijo [Thu, Feb 14, 2013 at 04:51:04PM +0100]:
I'm sorry for being a little out-of-service lately. I wish to
apologize, but at the same time confirm that I'm always following
and keeping track of all the issues. Regarding this specific issue,
I'm in favor of removing the
Package: drupal7
Version: 7.14-1.3
Hi,
Steven, thanks for your observing eyes ;-)
I have uploaded Drupal7 7.14-1.3 fixing this specific vulnerability,
but yes, I agree with your suggestion - I am not the Drupal maintainer
(although I have done several security uploads lately), but it clearly
Michael Stapelberg dijo [Thu, Dec 06, 2012 at 10:22:00AM +0100]:
On Mon, 16 Jan 2012 21:20:07 +0100
Lucas Nussbaum lu...@debian.org wrote:
Dear release team, at some point before the wheezy release, we need to
decide what to do with Ruby 1.9.X on ia64. It has been broken for
months, and
than myself can comment on the topic.
From 3cc9a76d07f7557d09c690033ce763cacbbfabe6 Mon Sep 17 00:00:00 2001
From: Gunnar Wolf gw...@gwolf.org
Date: Fri, 19 Oct 2012 13:01:46 -0500
Subject: [PATCH] Incorporated the fix for SA-CORE-2012-003 (the full diff
between 7.15 and 7.16)
---
includes
tags 690817 + pending
thanks
Uploaded to Delayed/7.
Thanks,
signature.asc
Description: Digital signature
Daniel Pocock dijo [Sun, Aug 19, 2012 at 10:43:59PM +0200]:
I've been looking at the issue of installing both drupal6 and drupal7
packages simultaneously during migration (e.g. to migrate one site at a
time if there are several sites)
The only obvious issue that sticks out is that both new
I agree with Felix, starting a local https server would be the best
way - but it implies IMO too much overhead, and would bloat
build-dependencies (and thus probably scare the release team from
accepting this into Wheezy), so I'm uploading with the patch I
prepared.
Thanks,
--
To UNSUBSCRIBE,
Felix Geyer dijo [Thu, Aug 09, 2012 at 09:50:42PM +0200]:
Source: ruby-net-http-persistent
Version: 2.7-1
Severity: serious
Tags: sid, wheezy
Justification: fails to build from source
This package requires internet connectivity for its test suite
to pass. Package builds should not rely on
/debian/changelog
@@ -1,3 +1,10 @@
+gimp-resynthesizer (0.16-2.1) unstable; urgency=low
+
+ * Non-maintainer upload
+ * Install debian/copyright (Clsoes: #683939)
+
+ -- Gunnar Wolf gw...@debian.org Sun, 05 Aug 2012 15:42:36 -0500
+
gimp-resynthesizer (0.16-2) unstable; urgency=low
Ugh, narrowly beat to it :)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
I have just uploaded a NMU for shoes regarding #683031. The patch is
very simple, just commenting out the code that requires and mangles
Rubygems structure - I included it as 04_dont_require_rubygems
in debian/patches, and am inlining it here for completeness.
Index:
unblock 676125 by 676248
thanks
I reimplemented dh-make-drupal's option parsing so it no longer
requires ruby-commandline.
signature.asc
Description: Digital signature
Package: ruby-commandline
Version: 0.7.10-13
Severity: grave
Justification: renders package unusable
CommandLine::Application fails to work under Ruby 1.9.1, which is now
the default Ruby version in Debian. This makes any application built
on 1.9.1 die silently:
$ cat app2.rb
require
block 676125 by 676248
thanks
Hi,
This bug is caused by CommandLine::Application not working under Ruby
1.9.1. I'm looking into the problem, and have reported it as #676248.
Thanks,
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Thomas Goirand dijo [Sat, Apr 21, 2012 at 01:54:18AM +0800]:
Hi Gunnar!
Have they promised to continue to maintain it for 4 more years? Because
that's what should happen if you want to continue having drupal6 in
Wheezy...
Right... I do not think they will continue for four years — Version 5
Lucas Nussbaum dijo [Thu, Mar 22, 2012 at 05:52:47PM +0100]:
During a rebuild of all packages in sid, your package failed to build on
amd64.
Hi,
This failure is caused by the OpenSSL 1.0.0h → 1.0.1 upgrade. I have
not taken a deeper look into this, but when installing a pre-1.0.1
libssl1.0.0
Luk Claes dijo [Sun, Apr 08, 2012 at 06:23:02PM +0200]:
Package: drupal6
Version: 6.22-1
Severity: serious
Hi
There is drupal6 and drupal7 in unstable/testing. Having both in the
upcoming release would be a PITA security wise. Is there a reason
why drupal6 is still in the archive or
reassign 665266 ruby-pdf-reader 1.0.0-1
thanks
As of 1.0.0-1, ruby-pdf-reader build-depends on ruby-rc4, but as it
does not depend on it, it fails to run.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
tags 661993 + upstream, help, confirmed
Hi,
Although the impact of this security bug is not too high (as a series
of conditions should be present, which are usually not there), it is a
real bug with real implications. I am tempted to downgrade it, as it
is only dangerous in very specific
tags 652802 + unreproducible
thanks
I have rebuilt the package under AMD64, using cowbuilder, and could
not reproduce the failure. Your report mentions some permission
problems regarding /var/lib/sbuild - Can you verify whether it was a
problem in your side?
--
To UNSUBSCRIBE, email to
reassign 653582 ruby1.9.1
retitle 653582 Segfaults when running ruby-hpricot's test suite
thanks
Hi,
I do not have access to IA64 hardware, but this smells much like a bug
in Ruby itself, in which ruby-hpricot's tests trip. I think the proper
course is to report this to the upstream bugtracker,
Hi,
I am the package's sponsor (and should have checked for this
dependency :-/ ). I have applied your NMU to the package's VCS, and am
uploading it to the archive. Gastón, I guess you (as the maintainer)
will not object!
Thanks,
signature.asc
Description: Digital signature
Hi,
You sent a patch to this bug report and said you'd be uploading a NMU
- Several weeks ago. So, I'm uploading the patched package.
Thanks!
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Moritz Mühlenhoff dijo [Tue, Nov 22, 2011 at 09:47:28PM +0100]:
Hi Gunnar,
this doesn't warrant a DSA, but it would be appreciated if you
fix this through a point update:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Uploaded to DELAYED/3, mail sent to
severity 646939 serious
reassign 646939 src:cherokee
merge 649050 646939
thanks
Nobuhiro Iwamatsu dijo [Thu, Nov 17, 2011 at 02:28:53PM +0900]:
Source: cherokee
Version: 1.2.101-1
Severity: serious
Justification: fails to build from source
Hi,
This bug has already been reported, but it was
Package: cherokee
Version: 1.2.100-1
Severity: grave
Tags: security
Justification: user security hole
CVE issue CVE-2011-2190 points out that the temporary admin password
generation function is seeded by the time and PID, which allows an
attacker to brute-force it. Yes, in production systems
Yesterday I uploaded Cherokee version 1.2.101-1. Please confirm if it
is still failing to build.
Thanks,
signature.asc
Description: Digital signature
Ralf Treinen dijo [Fri, Oct 07, 2011 at 05:43:18PM +0200]:
This dependency is calculated at package build time:
Package: libeventmachine-ruby
Architecture: all
Depends: libeventmachine-ruby1.8 (= ${source:Version}),
libeventmachine-ruby1.8 ( ${source:Version}.1~), ${misc:Depends}
Package: sshmenu-gnome
Version: 3.18-1
Severity: grave
Justification: renders package unusable
As of ruby-gnome2 1.0.0-1, many of its generated binary packages were
dropped as they were deprecated upstream. The list of dropped packages
includes libgnome2-ruby, libgconf2-ruby and
gregor herrmann dijo [Fri, Sep 23, 2011 at 04:42:54PM +0200]:
tags 635448 + patch
tags 635448 + pending
thanks
Dear maintainer,
I've prepared an NMU for collabtive (versioned as 0.7-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
severity 625775 normal
tags 625775 + pending
thanks
Hi,
I'm downgrading this bug's severity to normal, as JQuery license
allows for not shipping source (dual-licensed GPL and MIT). I am also
updating our git tree to depend on libjs-jquery (and using it instead
of shipping a local convenience
tags 625775 + upstream
thanks
I'm downgrading this bug's severity to normal, as JQuery license
allows for not shipping source (dual-licensed GPL and MIT).
Sorry, but that bug is still serious, because: DFSG §2 requires us to
have the source code present. The FTP Team doesn't consider
tags 621436 +confirmed
thanks
First of all, sorry for not acting on this bug earlier, it completely
slipped below my radar :(
Urgh... Even with your patch applied, it still FTBFSes:
VERSION of BDB is Berkeley DB 5.1.25: (January 28,
FWIW, upstream has acknowledged the easy part of this bug report and
incorporated the mentioned patch for the next release (1.2.2; upstream
SVN revision 6367), however, I'm not tagging this as 'pending' or
'patch' as the yummy part of it (that is, the test for secure requests
failure on MIPS) is
tags 615563 + upstream, forwarded
thanks
Hi,
This report is about two separate defets - One of them is trivially
patchable, and one of them requires help from upstream. They have been
sumbitted separately:
http://code.google.com/p/cherokee/issues/detail?id=1150
Philipp Kern dijo [Thu, Feb 24, 2011 at 12:03:30PM +0100]:
Package: cherokee
Version: 1.0.20-1
Severity: serious
Ya fail. Ya causing admin grief.
(...)
As entertaining as this is, thou shalt not loop in such ways.
Grr, that is Not Nice™. What's worse, it had worked so far,
Reinhard Tartler dijo [Wed, Feb 23, 2011 at 09:27:23AM +0100]:
tags 612482 + patch
thanks
Hi Gunnar,
I've prepared an NMU for cherokee (versioned as 1.0.20-1.1). I didn't
upload it yet because of #612558, which I'm unsure how to deal
with. Could you please have a look at it?
Hi
Julien Cristau dijo [Thu, Feb 24, 2011 at 06:09:07PM +0100]:
I'm sorry for the long time without paying attention to this bug -
I'll work on it today. It looks sadly too trivial to be meaningful,
but hey - There must be some reasoning on why I put that line you are
removing! I promise to
Philipp Kern dijo [Tue, Feb 08, 2011 at 07:32:42PM +0100]:
Package: cherokee
Version: 1.0.20-1
Severity: serious
Ya fail. Ya causing admin grief.
(...)
As entertaining as this is, thou shalt not loop in such ways.
Grr, that is Not Nice™. What's worse, it had worked so far, I have not
Mehdi Dogguy dijo [Mon, Dec 27, 2010 at 08:27:39PM +0100]:
Gunnar: my suggestion is to go ahead and do the upload. The packaging
is in collab-maint, after all, so presumably Adam expects
collaboration :-)
Meh… So, this is my intent to NMU. I'll upload tomorrow to delayed/0 if no
one
Steve M. Robbins dijo [Mon, Dec 13, 2010 at 10:25:41PM -0600]:
Do you happen to have access to git.debian.org? If you do, can you
apply your patch? The procedure is basically,
(...)
Done. Thanks!
OK, are one of you going to make the upload to close this bug
before squeeze?
As it
tags 603048 + pending
thanks
Adam Majer dijo [Mon, Nov 15, 2010 at 01:53:48PM -0600]:
Asking the administrator to make the log files mode 0666 would make
them vulnerable to modification or erasure by any system user. Even
given that many of Rails' users are not Unix-savvy, this should
Package: rails
Version: 2.3.5-1.1
Severity: serious
Tags: security patch
Justification: 4
When spawning a process on a Rails by any user that is not the logfile
owner, the following IMHO dangerous advice is given:
Rails Error: Unable to access log file. Please ensure that
gregor herrmann dijo [Mon, Nov 08, 2010 at 09:37:38PM +0100]:
tags 601979 + patch
tags 601979 + pending
thanks
Dear maintainer,
I've prepared an NMU for cherokee (versioned as 1.0.8-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Hi!
Don't
1 - 100 of 289 matches
Mail list logo
