On Tue, Nov 06, 2018 at 02:02:06PM +0100, Arturo Borrero Gonzalez wrote:
> Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290
>
> Hopefully next upstream release will contain a fix.
Hi,
Thanks Arturo.
After some more testing, it seems the bug would be less severe than it
Package: iptables
Version: 1.8.1-2
Severity: grave
Tags: security
Justification: breaks rules, inserts pass-all rules
X-Debbugs-Cc: t...@security.debian.org,
secure-testing-t...@lists.alioth.debian.org
Hi,
The debian package for iptables now transparently converts inserted
rules to nftables,
tags 897465 - moreinfo unreproducible
severity 897465 normal
thanks
Hi Lucas,
I cannot reproduce this FTBFS here (in pbuilder), nor in a porter box.
However, I just uploaded sagan-1.1.8-2, where a build-dep was missing.
These issues may be related (though I don't see how). Can you test again
On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > Hi
> >
> > The patch is upstream:
> > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> >
> >
> > Thanks,
> > Vicky
On 11/18/2016 01:46 AM, Hon Ching(Vicky) Lo wrote:
> On Thu, 2016-11-17 at 14:18 -0500, Hon Ching(Vicky) Lo wrote:
>> The patch that supports OpenSSL 1.1 (backward-compatible) is upstream:
>> https://sourceforge.net/p/trousers/trousers/ci/05411ea68746acbaf4e69295be50b9a47cddb2fd/
>>
>>
>> Vicky
>
On 03/24/2016 09:38 AM, Yves-Alexis Perez wrote:
> control: affects -1 suricata
> On jeu., 2016-03-24 at 07:20 +0100, Florian Weimer wrote:
>> * Hilko Bengen:
>>
>>>
>>> the original report may not have been 100% clear on this, but the bug is
>>> the main cause of a vulnerability in Suricata (a
On 01/06/2016 11:49 AM, Thijs Kinkhorst wrote:
> Package: websvn
> Severity: serious
>
> I propose to remove websvn from Debian.
>
> The package is unmaintained with last maintainer upload in 2011. There was
> also
> no response to a security issues which I fixed in an NMU one year ago. I then
On Mon, Feb 09, 2015 at 10:42:26PM +0100, Arturo Borrero Gonzalez wrote:
On 9 February 2015 at 15:05, Pierre Chifflier pol...@debian.org wrote:
This bug is solved by the next (pending) uploading, to be validated by
the release team.
I have a some questions:
* How this could happen
tags 772551 + pending
block 772551 by 777042
thanks
Hi,
This bug is solved by the next (pending) uploading, to be validated by
the release team.
The two bug reports for the unblock requests are:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777040 (libhtp)
severity 772685 normal
thanks
Hi,
While it's true the packaging is late (mainly due to the fact that
upstream completely changed the relation with libee/liblogorm, and that
the released versions did not compile because the autotools files were
broken), the severity of this bug is absolutely not
severity 767690 normal
tags 767690 + unreproducible moreinfo
thanks
Hi,
I tried for a few days to reproduce the bug on different hosts, without
any luck. I'm therefore lowering the severity to normal, until having
more information.
Preparing to unpack .../trousers_0.3.13-2_amd64.deb ...
Hi Alexandr,
Bug #736309:
libnetfilter-queue-{dev, dbg}: unhandled symlink to directory conversion:
/usr/share/doc/PACKAGE
is marked as serious, and is causing several packages (in my cast,
suricata and nfqueue-bindings) to be scheduled for autoremove.
Do you plan to upload a fixed version ?
On Tue, Aug 20, 2013 at 03:23:33PM +0200, gregor herrmann wrote:
On Mon, 12 Aug 2013 16:46:41 +0200, Dominic Hargreaves wrote:
This bug still appears to exist in unstable, and since glibc 2.16 is
now in unstable, should probably be upgraded. It also blocks the perl
5.18 transition which
Sorry for the late reply. This seems to have fallen through the cracks
and I'm currently catching up with old mail.
I think this doesn't warrant a DSA, but could you fix this through
a stable point update?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
On Sat, Nov 17, 2012 at 03:00:04PM +0100, Yves-Alexis Perez wrote:
On sam., 2012-11-17 at 11:30 +0100, Pierre Chifflier wrote:
Hi Security Team,
I'm forwarding this email to ask for review on the correction for
CVE-2012-0698 in stable (other versions are not affected).
Hey
(CVE-2012-0698)
+Closes: #692649
+
+ -- Pierre Chifflier pol...@debian.org Thu, 08 Nov 2012 22:08:58 +0100
+
trousers (0.3.5-2) unstable; urgency=low
* QA upload.
diff -Nru trousers-0.3.5/debian/patches/04-security-cve-2012-0698.patch trousers-0.3.5/debian/patches/04-security-cve-2012-0698
On Tue, Oct 30, 2012 at 06:21:07PM +0100, Moritz Muehlenhoff wrote:
On Sun, Oct 21, 2012 at 10:57:38PM +0200, Arthur de Jong wrote:
On Tue, 2012-10-02 at 14:37 +0200, Moritz Muehlenhoff wrote:
Please see the thread starting at
http://www.openwall.com/lists/oss-security/2012/09/07/2
for
Hi,
I have merged the patch from Alban Browaeys (thanks to him for writing
it) in version 0.6.6-2, just uploaded a few moments ago.
Thanks,
Pierre
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
tags 666330 + moreinfo unreproducible
severity 666330 normal
thanks
On Fri, Mar 30, 2012 at 11:21:15AM +0200, Lucas Nussbaum wrote:
Source: suricata
Version: 1.2.1-1
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20120330 qa-ftbfs qa-ftbfs-buildarch
retitle 652756 sslsniff: does not build with boost 1.48
severity 652756 normal
thanks
Hi,
This was caused by the temporary upload of boost-dev defaulting to 1.48,
which was reverted to 1.46 (so not affecting the current version anymore).
I'm keeping the bug open to track the compatibility with
On Mon, Oct 17, 2011 at 01:20:53PM +0200, Ralf Treinen wrote:
Package: libopenscap0,libopenscap1
Version: libopenscap0/0.7.3-1
Version: libopenscap1/0.8.0-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Date: 2011-10-17
Architecture: amd64
Distribution: sid
On Mon, Oct 17, 2011 at 02:39:52PM +0200, Julien Cristau wrote:
On Mon, Oct 17, 2011 at 14:13:03 +0200, Pierre Chifflier wrote:
On Mon, Oct 17, 2011 at 01:20:53PM +0200, Ralf Treinen wrote:
Package: libopenscap0,libopenscap1
Version: libopenscap0/0.7.3-1
Version: libopenscap1/0.8.0-1
+
+Author: Pierre Chifflier
+Description: Fix build error with -Werror=format-security hardening flag.
+
+diff -ruN bash-4.1.orig/print_cmd.c bash-4.1/print_cmd.c
+--- bash-4.1.orig/print_cmd.c 2009-09-16 21:32:26.0 +0200
bash-4.1/print_cmd.c 2011-09-16 11:38:40.0 +0200
+@@ -1374,7
On Sun, Jun 05, 2011 at 02:49:30PM +0200, Jakub Wilk wrote:
severity 629280 serious
tags 629280 + patch
unarchive 580503
found 580503 2.8.4-1
thanks
* Vangelis Koukis vkou...@cslab.ece.ntua.gr, 2011-06-05, 13:22:
python-nfqueue only provides packages for Python v2.7, so one
cannot import
On 04/26/2011 11:33 PM, Michael Biebl wrote:
Hi Pierre,
I've prepared an NMU and uploaded it to DELAYED/7. The changelog reads:
pgdesigner (1.2.17-2.1) unstable; urgency=low
* Non-maintainer upload.
* Drop dependency on gambas2-gb-qt-kde and gambas2-gb-qt-kde-html.
See
Hi,
pgdesigner is actually uninstallable due to the removal of
gambas2-gb-qt-kde and gambas2-gb-qt-kde-html (See #620646).
After some discussions with the gambas maintainer (#620646) and
upstream, it seems there is no solution since upstream is not really
willing to port gambas to Qt4 [1]
On 01/10/2011 12:06 PM, Julien Cristau wrote:
user release.debian@packages.debian.org
usertag 609336 squeeze-will-remove
kthxbye
On Sun, Jan 9, 2011 at 01:13:56 +0800, Paolo Scarabelli wrote:
Package: pgdesigner
Version: 1.2.17-1
Severity: grave
--- Please enter the report below
On 12/01/2010 10:48 PM, Adam D. Barratt wrote:
I've just had a quick look at your t-p-u upload for suricata. Without
getting too far in to checking the patches themselves, one thing that I
noticed is that the diff adds nine new patches to debian/patches but
debian/patches/series is only eight
Hi,
Suricata 1.0.2 was released after the freeze, and it fixes several
bugs (exactly, half a dozen TCP evasions).
See http://www.packetstan.com/2010/09/suricata-tcp-evasions.html
The git commits are more or less exactly the fixes, so I am proposing to unblock
suricata 1.0.2 since porting the
On Tue, Aug 17, 2010 at 09:51:13PM +0200, Luca Bruno wrote:
Adam D. Barratt scrisse:
This has been tagged pending for a few weeks; are you planning on
uploading the fix in the near future?
I marked this as pending, as I was ready to NMU.
Original maintainer said he would have taken care
On Tue, Jun 15, 2010 at 08:19:39PM +0200, Luca Bruno wrote:
Hi,
attached a patch for this. If Pierre doesn't step up in the meantime,
I'll do a deferred NMU in a couple of days.
No high priority, as the internal copy of scapy shouldn't be currently
in use.
Hi Luca,
Thanks for the patch.
On Sat, May 15, 2010 at 10:02:09PM +0200, Kurt Roeckx wrote:
Source: xtables-addons
Version: 1.26-1
Severity: serious
[...]
/usr/bin/make -C extensions clean
make[1]: Entering directory
`/build/buildd-xtables-addons_1.26-1-i386-Fgk0n0/xtables-addons-1.26/extensions'
rm -rf .libs
On Sun, May 16, 2010 at 11:40:52AM +0200, Kurt Roeckx wrote:
On Sun, May 16, 2010 at 09:31:56AM +0200, Pierre Chifflier wrote:
On Sat, May 15, 2010 at 10:02:09PM +0200, Kurt Roeckx wrote:
Source: xtables-addons
Version: 1.26-1
Severity: serious
[...]
/usr/bin/make -C
Hi.
I've just done an NMU for the DELAYED-2 queue of this fix.
Pierre, are you still interested in this package? I ask this because there's
another patch in other bug report. I'd be happy to be the (a)
(Co-)Maintainer if it's ok to you.
Hi Marco,
Thanks for the upload (and patch).
On Sun, Feb 28, 2010 at 06:48:27PM -0300, Gustavo Franco wrote:
Hi Pierre,
I understand you may be busy, but Jakub wrote a patch for this bug.
You've submitted without acknowledging the work. Thank you both for
contributing to Debian!
Oh, that was not my intention.
Sorry, and thank you
Hi Lucas,
It seems the problem is on your buildd:
[~] uname -a
Linux piche2 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64
GNU/Linux
[~] apt-cache policy libpreludedb0
libpreludedb0:
Installed: 1.0.0~rc1-1
Candidate: 1.0.0~rc1-1
Version table:
*** 1.0.0~rc1-1 0
500
On Sun, Feb 21, 2010 at 11:57:52AM +0100, Stefano Zacchiroli wrote:
On Sun, Feb 21, 2010 at 11:39:43AM +0100, Martin Pitt wrote:
It's not a question of how many versions are supported in a current
release, since on upgrades people will have more than one major
version installed. But since
Hi all,
I'm adding David (pgTAP author) in CC: of this discussion.
David: this is about finding if binaries (pg_prove and pg_tapgen) should
be stored in /usr/bin (if it is common to all postgresql versions) or in
/usr/lib/postgresql/*/bin if it is version-specific.
The complete discussion can be
On Mon, Jan 04, 2010 at 11:12:16AM +0100, Modesto Alexandre wrote:
Package: xtables-addons-source
Version: 1.19-3
Severity: grave
Justification: renders package unusable
After apt-get upgrade on my debian testing, i have this message :
iptables: match ipp2p has version libxtables.so.2,
On Sun, Oct 25, 2009 at 12:05:46PM +0100, Michael Prokop wrote:
Package: xtables-addons-source
Version: 1.19-1
Severity: grave
Justification: renders package unusable
Note: choosing severity grave as I think it renders the package
unusable, please feel free to downgrade if you think that
severity 548752 important
thanks
On Mon, Sep 28, 2009 at 11:50:22AM -0400, David Gibson wrote:
Package: glpi
Version: 0.72.2-1
Severity: grave
Justification: renders package unusable
When upgrading to from 0.72-1 to 0.72.2-1, I'm prompted to let
dbconfig-common update the database. If I
On Fri, Aug 14, 2009 at 11:01:53PM +0100, peter green wrote:
tags 529841 +patch
thanks
Patch is attached (gzipped because of size) , the changes are
* fixed mysql build-depends
* fixed gnutls detection in configure.ac (the existing detection
system seemed to rely on a autotools template
On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
Pierre,
The bug in download.php is still there in lenny, why did you close
the bug?
Hi James,
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
Additionally, this injection does not work here:
On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote:
Hi Pierre,
Pierre Chifflier ha scritto:
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
This doesn't imply that 1.01 isn't affected.
I fully agree, but you should quote correctly :
--8
Package: pyqt4-dev-tools
Version: 4.4.4-5
Severity: grave
Justification: pyuic4 does not work anymore
Hi,
After upgrading pyqt4-dev-tools (and python-qt4 etc.) from
4.4.4-4 to 4.4.4-5 (which should be a minor upgrade),
pyuic4 stopped working.
Error:
pyuic4 -o auth_ui.py auth.ui
An
On Wed, Jan 28, 2009 at 08:04:20PM +0100, Andreas Henriksson wrote:
Hello!
I had a really quick look and there seems to be several issues.
Next after parsing the command line options, the server forks and kills
off the parent (in wzdftpd/wzd_main.c line 402). This leaves no room for
severity 512660 normal
tags 512660 +wontfix
thanks
On Thu, Jan 22, 2009 at 05:33:59PM +0100, root wrote:
Package: ocsinventory-server
Version: 1.01-6
Severity: grave
Justification: renders package unusable
After installing ocsinventory-server, it doesn't work, because while the
database
Hi,
These two updates occurs after a discussion with websvn upstream, to
validate the corrections. Security problem is described at:
http://www.gulftech.org/?node=researcharticle_id=00132-10202008
(I haven't found any related CVE, but a Secunia advisory:
http://secunia.com/advisories/32338/
)
On Sun, Nov 09, 2008 at 12:39:10AM +0100, Philipp Kern wrote:
On Fri, Nov 07, 2008 at 11:13:57AM +0100, Pierre Chifflier wrote:
Please allow glpi 0.68.2-1etch0.2 (etch) and 0.70.2-2 (testing) updates,
They close a RC bug by updating a file to a version covered by a
DFSG-free license (CC-SA
severity 504374 normal
tag 504374 +upstream
thanks
Hi,
I'm downgrading bug severity according to
http://www.debian.org/Bugs/Developer#severities
The bug, even if annoying, does not introduce security problems or
render the application unusable. Please, do not raise severity without
reasons, it
On Mon, Nov 03, 2008 at 12:40:26PM +0100, Thijs Kinkhorst wrote:
Hi,
It seems that the following are upstream's handling of the issue. I
haven't checked them out in detail yet so can't vouch for their
completeness.
Thanks for the links. It seems indeed that there is some activity on the
On Fri, Oct 24, 2008 at 10:27:09PM +0200, Florian Weimer wrote:
* Luca Bruno:
A full disclosure bulletin has been posted today, reporting various
security vulnerabilities in websvn.
Thanks, I'm not sure if the source is in our public monitoring.
The remote code execution should only
severity 501882 normal
retitle 501882 pgsnap: relative path does not work
thanks
Indeed, pgsnap does not actually work with relative paths. I'm
contacting upstream about that.
I consider this more as a lack of documentation (which I will fix
shortly) than a critical bug, so I'm setting the
reassign 502134 python-matplotlib
retitle 502134 matplotlib: undefined symbol: __gxx_personality_v0
thanks
Reassigning bug, since it is not related to NuLog, and easily reproduced
on a clean Lenny install:
# aptitude install python-matplotlib
$ python
Python 2.5.2 (r252:60911, Sep 29 2008,
On Wed, Aug 27, 2008 at 04:10:06PM +0200, Thijs Kinkhorst wrote:
Hi Pierre,
This RC bug has now been open for two weeks. I'm uploading an NMU to the
delayed-5 queue according to the attached patch. I hope this helps to keep
websvn in good shape in lenny.
Hi Thijs,
I'm merging your
Package: python-sepolgen
Version: 1.0.11-3
Severity: grave
Justification: renders package unusable
Hi,
Package python-sepolgen should create a module named differently, since
the dash (-) is forbidden in Python modules names.
[~] python
Python 2.5.2 (r252:60911, May 28 2008, 19:19:25)
[GCC
On Sat, Apr 26, 2008 at 02:23:08AM +0200, Lucas Nussbaum wrote:
severity 477020 serious
thanks
At first, I thought the build failure was caused by gcc 4.3, so I
downgraded the severity. The real cause was a missing build dependency
on pkg-config.
I'm uploading a fixed package.
Regards,
On Tue, Apr 15, 2008 at 12:06:57PM +0200, Adeodato Simó wrote:
clone 476173 -1
retitle -1 nuauth-utils: needs rebuid on each python transition
severity -1 important
thanks
Can you explain to me why you reopen this bug, while the package has
been re-uploaded ? The new package _is_ linked to
reassign 465085 libprelude
tags 465085 +pending
thanks
The problem is caused by the libgnutls transition: libprelude is build
against libgnutls13 (2.0.4), while the new prelude-manager is build
against libgnutls26 (2.2.1).
I'll upload a new libprelude package to trigger the rebuild (it fixes
the
tag 449197 +pending
thanks
Package is ready for upload, just waiting for ftp-master to be repaired.
Regards,
Pierre
On Sun, Nov 04, 2007 at 01:02:20AM +0100, Bastian Blank wrote:
Package: nuapplet
Version: 2.0-1
Severity: serious
There was an error while trying to autobuild your package:
On Thu, Oct 11, 2007 at 01:27:17AM +0200, Nico Golde wrote:
Package: wzdftpd
Version: 0.5.2-1.1sarge2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for wzdftpd.
CVE-2007-5300[0]:
| Off-by-one error in the do_login_loop
On Sun, Sep 09, 2007 at 10:39:34PM +0300, Nick Shaforostoff wrote:
is it so hard to upload fixed vesrion of a package?
Bug is currently under resolution.
Sorry for the delay.
Pierre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Fri, Aug 10, 2007 at 10:50:29AM +0200, Michael Ablassmeier wrote:
found 427973 2.2.3-1
thanks
hi,
nuauth and nuauth-extra *still* have conflicting files:
Unpacking nuauth-extra (from .../nuauth-extra_2.2.3-1_amd64.deb) ...
dpkg: error processing
severity 429344 wishlist
tags 429344 +upstream
thanks
GLPI does actually not use PHPMailer, it only includes a patched copy
(so the bug is not RC). As explained in the previous mail, a change is
in progress in the upstream release.
Regards,
Pierre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
tag 429192 +pending
tag 429344 +pending
thanks
The problem has been discussed with upstream. Actually, the library is
not used, so GLPI is not really vulnerable.
A new version has been released including the fix, and has been uploaded
to my sponsor (it will be uploaded ASAP).
A discussion is in
On Tue, Mar 27, 2007 at 07:09:42PM +0200, Marc Dequènes wrote:
Package: wzdftpd-mod-avahi
Version: 0.8.1-1
Severity: serious
Coin,
wzdftpd start, then crash 2s later with the following message:
wzdftpd: libwzd_avahi.c:182: publish_reply: Assertion `g == ctx-group'
failed.
Pan,
On Thu, Dec 14, 2006 at 03:45:27PM +0100, Frederik Reiß wrote:
It looks like that /var/run/wzdftpd/ is not created or deleted during or
after the package installation. After creating /var/run/wzdftpd/ manualy
everything works fine.
Thanks for your help. I'll fix this in the next upload,
On Tue, Jul 04, 2006 at 02:30:10PM +0200, Julien Danjou wrote:
Hello,
The fix for DSA-1006-1 on wzdftpd broke dependencies as explained in bug
report #372531.
We would like to see this bug fixed in the next stable point-release.
Would it be possible to the security team to fix this
tags 372531 sarge
found 372531 0.5.2-1.1sarge1
notfound 372531 0.7.2-2
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
69 matches
Mail list logo