Hi,
> Your package still depends on the old, obsolete PCRE3[0] libraries
> (i.e. libpcre3-dev).
Thanks for the report. Indeed there's work ongoing upstream to fix this.
I'm monitoring this and we hope to get a working version well in time for
trixie.
Kind regards,
Thijs
Hi Chris,
On Thu, March 25, 2021 02:42, Chris Hofstaedtler wrote:
> Source: cpqarrayd
> Version: 2.3.6
> Severity: serious
>
> Linux upstream has removed the "cciss" driver in 4.14-rc1. cpqarrayd
> needs the cciss driver to function.
>
> I imagine we shouldn't ship software that did not work with
Package: rst2pdf
Version: 0.93-7
Severity: serious
Hi,
rst2pdf calls fc-match in findfonts.py, but does not list a dependency
on fontconfig. If you don't have it installed, building the document
will succeed but the document itself is empty.
Cheers,
Thijs
On Tue, April 21, 2020 18:02, Andrew Hodgson wrote:
> Thijs Kinkhorst wrote:
>>On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
>>> Package: src:mailman
>>> Version: 1:2.1.29-1
>>> Severity: serious
>>> Justification: Policy 2.2.1
>>>
>
Hi,
On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
> Package: src:mailman
> Version: 1:2.1.29-1
> Severity: serious
> Justification: Policy 2.2.1
>
> This package Depends/Build-Depends on python-dnspython which is an NBS
> cruft package. Please update your package to use python3-dnspython, w
On Wed, May 30, 2018 20:22, Michael Shuler wrote:
> On 05/30/2018 12:46 PM, Sebastian Andrzej Siewior wrote:
>>
>> I've read about this bug (and the other one) on d-devel. I uploaded
>> recently a new version of openssl to unstable (1.1.0h-3)which changes
>> the exit code of "openssl rehash" to zer
On Tue, May 29, 2018 23:08, Moritz Muehlenhoff wrote:
> On Sat, Oct 14, 2017 at 08:03:27AM +0200, Thijs Kinkhorst wrote:
>> Hi,
>>
>> On Thu, October 12, 2017 23:44, Sebastian Andrzej Siewior wrote:
>> > this is a remainder about the openssl transition [0]. We
>> I plan to release Mailman 2.1.26 along with a patch for older releases
>> to fix this issue on Feb 4, 2018. At that time, full details of the
>> vulnerability will be public.
I've reserved time on Sunday to in any case to sid when the fix is
released, and depending on the details/severity look
Hi Brian,
> Currently getting this error building the latest version - as in the
> Debian git package.
>
> Possibly this is because we depend on a package that needs updating -
> mostly likely mkdocs or jinja2 - but wonder which one? Maybe we should
> just update both anyway.
We're half a year o
forcemerge 838288 873505
thanks
On Wed, August 30, 2017 00:58, Pete Donnell wrote:
> Apologies, turns out that this is a duplicate of
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838288
>
> Applying the patch included there fixed it.
Thanks for the extra confirmation.
I've uploaded a fixe
Hi Thorsten,
On Sat, August 26, 2017 16:44, Thorsten Alteholz wrote:
> Hi,
>
> I just wanted to tell everybody that oysttyer just entered unstable.
>
> Thorsten
Thanks!
Do you think it would be useful if oysttyer would also provide a
transitional package ttytter, or should we remove ttytter wh
loses: #849626).
+
+ -- Thijs Kinkhorst Wed, 04 Jan 2017 16:31:03 +
+
libphp-swiftmailer (5.4.2-1) unstable; urgency=medium
* Imported Upstream version 5.4.2
diff -Nru libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE-2016-10074.patch libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE
ibphp-phpmailer (5.2.14+dfsg-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix regression in previous update: remove check for
+Sendmail binary, upstream commit ed4e7ce8.
+
+ -- Thijs Kinkhorst Mon, 02 Jan 2017 14:21:27 +
+
libphp-phpmailer (5.2.14+dfs
10045): apply commits
+4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
+
+ -- Thijs Kinkhorst Fri, 30 Dec 2016 11:22:28 +
+
libphp-phpmailer (5.2.14+dfsg-2) unstable; urgency=medium
* Team upload
diff -Nru libphp-phpmailer-5.2.14+dfsg/debian/patches/0002-Fix-CVE-2016-10033-CVE
On Mon, November 28, 2016 13:56, Scott Kitterman wrote:
> On Sun, 13 Nov 2016 18:31:48 +0100 Thijs Kinkhorst
> wrote:
>> Package: squirrelmail
>> Severity: serious
>>
>> SquirrelMail has been missing from Stretch for a while now and I intend
>> to leave it th
On Sat, November 19, 2016 07:25, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-mellon-dummy : Depends:
>> liblasso3-dev (>= 2.1.0) but it is not going to be installed
>> E: Unable to correct problems, you have held broken packa
On Sat, November 19, 2016 07:24, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-cas-dummy : Depends:
>> libssl-dev but it is not going to be installed
>> E: Unable to correct problems, you have held broken packages.
>> apt-get f
Package: squirrelmail
Severity: serious
SquirrelMail has been missing from Stretch for a while now and I intend
to leave it that way. This bug is to document this explicit choice (and
room for any concerns).
Upstream (of which I'm, at least on paper) part, has not made any new
release of Squirrel
close 828378 1.1-2
thanks
Hi Frederic,
> Severity: serious
> Setting up php5-lasso (2.5.0-3) ...
> /var/lib/dpkg/info/php5-lasso.postinst: 4: /var/lib/dpkg/info/php5-
> lasso.postinst: php5enmod: not found
> dpkg: error processing package php5-lasso (--configure):
> subprocess installed post-installation script retur
On Thu, January 14, 2016 15:49, Christoph Anton Mitterer wrote:
> You probably know about this already, but just in case not:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034679.html
Thanks for reporting.
The security team is indeed aware and a DSA is in preparation.
Cheers
Package: websvn
Severity: serious
I propose to remove websvn from Debian.
The package is unmaintained with last maintainer upload in 2011. There was also
no response to a security issues which I fixed in an NMU one year ago. I then
noticed and reported several packaging issues which have gone una
severity 785642 important
thanks
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
> I received a message from one of my list admins that he couldn't send a
> mail to his list. Investigating turned up the following in
> /var/log/mailman/error:
>
> May 17 15:32:20 2015 (981) Uncaught runner except
On Thu, May 21, 2015 20:20, Carlos Carvalho wrote:
> Package: squirrelmail
> Version: 2:1.4.23~svn20120406-2
> Severity: grave
>
> Below is a message that doesn't display in squirrelmail; Its single line
> doesn't appear. When clicking "reply" it appears quoted, as it should.
Thanks. I've committe
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
> Package: mailman
> Version: 1:2.1.18-2
> Severity: grave
> Justification: causes data loss
>
> Hi,
>
> I received a message from one of my list admins that he couldn't send a
> mail to his list. Investigating turned up the following in
> /var/log
Hi,
Since the last maintainer upload was well over three years ago and there have
been several unacknowledged NMU's since then, I've taken the liberty to upload
Markus' good work as-is to unstable to fix this security issue for jessie.
Cheers,
Thijs
signature.asc
Description: This is a digit
Hi,
> a test with piuparts revealed that your package uses files from
> /usr/share/doc in its maintainer scripts which is a violation of
> Policy 12.3: "Packages must not require the existence of any files in
> /usr/share/doc/ in order to function."
> cp: cannot stat '/usr/share/doc/mibrfcs/*':
On Thu, February 19, 2015 10:38, Florian Schlichting wrote:
> Newly released RFC 7465 [0] describes RC4 as being "on the verge of
> becoming practically exploitable" and consequently mandates that both
> servers and clients MUST NOT offer or negotiate an RC4 cipher suite, and
> indeed terminate the
On Fri, February 13, 2015 16:10, Joost van Baal-IliÄ wrote:
>> CVE-2014-4172
>
> php-cas problem, fixed in Debian's php-cas 1.3.3-1 and 1.3.1-4+deb7u1.
> Moodle ships with unchanged phpCAS 1.3.3, see
> moodle-2.7.5+dfsg/auth/cas/CAS/moodle_readme.txt Moodle can likely use the
> Debian-maintained
Hi,
> See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
> as part of syncing; given the low strength and size of MD4, and the
> relative ease of computing collisions/preimages, that makes librsync
> unsafe to use on untrusted data, such as when running a duplicity
> backup.
>
Hi,
I've NMU'ed websvn for this security issue with attached debdiff.
Cheers,
Thijs
websvn_nmudiff.debdiff
Description: Binary data
Package: websvn
Severity: serious
Tags: security patch
Hi,
James Clawson reported:
"Arbitrary files with a known path can be accessed in websvn by committing a
symlink to a repository and then downloading the file (using the download
link).
An attacker must have write access to the repo, and th
severity 772639 important
thanks
Hi Tomoo,
On Tue, December 9, 2014 14:40, Tomoo Nomura wrote:
> When login from squirrelmail to imap server, the server rejects the
> request due to "Unknown user or invalid password".
> The reason is that squirrelmail sents incorrect password to the server.
> Squ
severity 661020 normal
thanks
Hi,
> From what I see the remote file inclusion is limited to environments with
> register_globals being on though.
I've investigated this issue. The vast majority of the mentioned 'attacks'
evidently only possible through register_globals, and the one about
'create
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has
On Wed, October 15, 2014 16:30, Henrik Langos wrote:
> Hi Thijs,
>
> On 10/15/14 14:26, Thijs Kinkhorst wrote:
>> On Wed, October 15, 2014 14:07, Henrik Langos wrote:
>>> There is a simple one line patch available for dovecot 2.0.
>>> Maybe a similar way exists for
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
> There is a simple one line patch available for dovecot 2.0.
> Maybe a similar way exists for 1.2.
Do you have a pointer to this patch?
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscrib
This is CVE-2014-7206.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I've asked ftp-master to remove this package from sid in #764256.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Mon, September 29, 2014 13:33, Michael Meskes wrote:
> @security: Is this enough of a security problem to warrant a stable
> upload?
>
> The fix seems easy enough, just run pinky if $user is still empty.
On its own, I would not consider failure to lock the screen in specific
situations a high p
All,
> Thank you Paul, indeed it helped me, as I too ran into this issue in a
> fresh Jessie install. I didn't have to downgrade OpenSSH, however, just
> edit PermitRootLogin as you did.
So am I right to conclude that this bug actually concerns the change that
changes PermitRootLogin to without-
Hi,
The security team is working on an update which includes amongst others
the patch referenced in this bug.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: php-cas
Severity: serious
Tags: fixed-upstream
Hi Olivier,
php-cas 1.3.3 fixes security issue CVE-2014-4172: urlencode all tickets.
Can you please upgrade php-cas in Debian to this version?
thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subj
Op maandag 7 juli 2014 11:36:49 schreef Didier 'OdyX' Raboud:
> > b) Thankfully we don't need to consider the backup plan mentioned in
> >
> > a) since all we need is enabling sha256 support. Currently, Release
> > files include MD5+SHA1+SHA256. You'll find a tested patch attached.
> > (This means
severity 745408 important
tags 745408 moreinfo
thanks
Op maandag 21 april 2014 16:20:45 schreef bastien ROUCARIES:
> This source package contains the following files from the
> IETF under non-free license terms:
>
> doc/OpenPGP
This file only referances an IETF RFC, so I do not believe it is non
Hi Michael,
On Thu, June 12, 2014 13:52, Michael Vogt wrote:
> On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote:
>> > apt: no authentication checks for source packages
>>
>> The Debian security team has assigned CVE-2014-0478 to this issue.
>>
>>
Hi,
> apt: no authentication checks for source packages
The Debian security team has assigned CVE-2014-0478 to this issue.
APT developers: we should fix this in wheezy. Are you able to provide an
update for wheezy for this issue?
As for squeeze, if it's not too much extra work it would be great
severity 750682 normal
tags 750682 pending
thanks
On Thu, June 5, 2014 18:36, Filipus Klutiero wrote:
> Package: php5
> Version: 5.6.0~beta3+dfsg-2
> Severity: serious
>
> NEWS.Debian contains the following entry:
>> php5 (5.6.0~alpha1+dfsg-1) experimental; urgency=medium
>>
>> * THIS IS A DEVELOP
Package: moodle
Version: 2.6.2-1
Severity: serious
At the time of writing this, I am the single active maintainer on the
Moodle package in unstable/testing. The time I spend on the package
I can spend at work because we're using the package in its current
form as it is in unstable. It's however un
Hi Dan,
On Fri, May 2, 2014 04:02, Dan Poltawski wrote:
> On 2 May 2014 02:46, David Prévot wrote:
>> The embedded PHPExcel copy (#718585) embeds OLE (#487558) which is not
>> DFSG compliant (PHP-2.02)[1,2].
>
> We have removed this library in upstream in version 2.6:
>
> https://tracker.moodle.
Package: wordpress
Severity: serious
Tags: security fixed-upstream patch
Hi,
Wordpress 3.8.2 was released which fixes two security issues and several more
bugs.
http://wordpress.org/news/2014/04/wordpress-3-8-2/
CVE-2014-0165
Wordpress privilege escalation: prevent contributors from publishing
severity 743889 normal
thanks
Hi,
> We have code that checks some of the applications that need to be
> restarted, but it has a static list of packages to check and it's
> outdated. We're working on improving that list and providing an
> other update that will restart those services.
I do not b
Hi Frederic,
> > So indeed, it was "just" a compilation option bug...
> >
> > Do you think you can include this patch in next 2.4.0 ?
>
> Sure, I'll have it in the next upload and I'll see to get it included
> upstream.
Can you please upload it over the coming days? I got an email that my
package
On Mon, April 7, 2014 11:49, Thorsten Glaser wrote:
> Please remove the Depends: php5-json from php itself.
> PHP should not depend on any of its extensions; people
> can rather do that themselves. (Actually, this is an
> issue in every version that had this Depends.)
The dependency exists for tra
Hi,
CVE names have been assigned for these issues. The assignment is rather
complicated. If you fix both issues in one upload it's ok to just mention
that it addresses the 5 CVE's named below.
http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 - This CVE is for the lack of pro
On Mon, March 31, 2014 15:29, Norbert Preining wrote:
> Hi Michael,
>
> On Mon, 31 Mar 2014, Michael Biebl wrote:
>> can you try the attached bug script, you need to copy it to
>
> it works for me.
>
>> I chose to use Y as default, since /etc/fstab should not usually contain
>> password information
Package: zendframework
Severity: serious
Tags: security fixed-upstream patch
Hi,
Two new security advisories were published for the Zend Framework.
* ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*, DOMDocument::loadXML, and xml_parse
http://framework.zend.com/security
Hi Norbert,
On Mon, March 31, 2014 03:33, Norbert Preining wrote:
> Sending /etc/fstab without asking the user is not acceptable,
> as there might be passwords saved in there.
It would help the security team and anyone else not intimately involved
with this package if you could indicate more prec
Op dinsdag 18 februari 2014 20:30:28 schreef Werner Koch:
> On Tue, 18 Feb 2014 09:47, th...@debian.org said:
> > I do not object against this upload but would like to know if Werner
> > would approve of the patch. Werner?
>
> The patch is quite obvious. IIRC, it has also been posted to the BTS o
On Mon, February 17, 2014 19:43, Daniel Kahn Gillmor wrote:
> On 02/15/2014 01:07 PM, Dominic Hargreaves wrote:
>> Control: severity -1 critical
>> Justification: makes unrelated software on the system break
> [...]
>> On reflection, I'm upgrading the severity of this bug, since it's
>> blocking R
On Tue, January 14, 2014 16:40, Robert Bihlmeyer wrote:
> Package: moodle
> Version: 2.5.3-3
> Severity: serious
>
> Having libjs-yui-common and libjs-yui-common installed, an upgrade of
> moodle from 2.5.3-2 to -3 results in loss of a large number of files
> from these two packages.
>
> What I thi
Hoi Ivo,
On Fri, January 3, 2014 13:48, Ivo De Decker wrote:
> control: reopen 730104
> control: close 733963 2.5.3-3
>
> Hi Thijs,
>
> On Fri, Jan 03, 2014 at 12:19:41PM +0000, Thijs Kinkhorst wrote:
>> Changes:
>> moodle (2.5.3-3) unstable; urgency=medium
>&
On Fri, January 3, 2014 12:41, Leonardo Boselli wrote:
> Can you reopen it changing to "minor" and suggesting to change the error
> message ?
No, because it's an error message from apt, not from this package.
It is documented in the release notes on two different places, and in the
package descri
Version: 2.3-2
Hi,
This has been fixed in cpqarrayd 2.3-2 but I neglected to mention that in the
changelog.
Thijs
signature.asc
Description: This is a digitally signed message part.
On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
> Dear security team, please find attached the diff compared to the
> respective
> versions in stable(-security). Is it OK to upload them ?
Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
Thank you for your work on th
Package: percona-xtrabackup
Severity: serious
Tags: security fixed-upstream
Hi,
Upstream discovered and fixed use of a static IV in encrypting backups:
"A fixed initialization vector (constant string) was used while encrypting
the data. This opened the encrypted stream/data to plaintext attacks a
Package: dokuwiki
Version: 0.0.20130510a-2
Severity: serious
Hi,
dokuwiki fails to upgrade, and exits the upgrade with an error.
Turning set -x on in postinst, this is what happens:
+ [ -e /etc/apache2/conf.d/dokuwiki.conf ]
+ [ -d /etc/apache2/conf-available -a ! -e
/etc/apache2/conf-available
On Wed, October 16, 2013 15:56, Bill Allombert wrote:
> On Wed, Oct 16, 2013 at 12:09:42PM +0200, Thijs Kinkhorst wrote:
>> Hi Bill,
>>
>> > There are potentially 12000 systems affected.
>> >
>> > Now has I see it, you have two way to fix the problem:
&g
Hi Bill,
On Wed, October 16, 2013 11:19, Bill Allombert wrote:
> severity 725889 grave
> severity 726479 important
> found 725889 1.4.15-1
> quit
> On Wed, Oct 09, 2013 at 09:09:02PM +0200, Bill Allombert wrote:
>> /usr/bin/gpg --batch --no-options --no-default-keyring
>> --trust-model=always --ho
On Sat, April 6, 2013 12:45, Thijs Kinkhorst wrote:
> I'm seeking input from GnuPG upstream for their view on this case.
I have forwarded the issue. Upstream acknowledges the issue but does not
seem prepared to change the behaviour of the --verify command.
As described in #705536, I do n
Hi,
This is CVE-2013-4276. Please mention it in your changelog when fixing the
issue.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi Oleksandr,
Upstream has stopped supporting lcms-1 in 2009. Can you please start the
process to transition packages to lcms-2? See Moritz' mail above for
details.
thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
On Sun, July 28, 2013 11:33, Andreas Beckmann wrote:
> On 2013-07-28 09:46, Thijs Kinkhorst wrote:
>> The module has been integrated into Moodle proper since version 2.3. I'm
>> reassigning the bug to moodle-book and will request removal.
>
> Removal will be one thin
reassign 717992 moodle-book
thanks
On Sat, July 27, 2013 19:08, Andreas Beckmann wrote:
> /var/cache/apt/archives/moodle-book_1.6.3-2_all.deb (--unpack):
>trying to overwrite '/usr/share/moodle/mod/book/show.php', which is
> also in package moodle 2.5.1-1
The module has been integrated into M
dius (1.2.5-2.4) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix security issue in radius_get_vendor_attr()
+(CVE-2013-2220, closes: #714362)
+
+ -- Thijs Kinkhorst Thu, 25 Jul 2013 14:28:53 +0200
+
php-radius (1.2.5-2.3) unstable; urgency=high
* Non-maintainer upload.
only in p
On Sun, July 21, 2013 10:46, Norbert Preining wrote:
> Package: phpmyadmin
> Version: 4:4.0.4.1-1
> Severity: critical
> Justification: breaks unrelated software
>
> Hi,
>
> recently I realized that apache does not start anymore, doing the
> suggested configtest I get:
>
> $ env -i LANG=C PATH=/usr
Package: php-radius
Severity: serious
Tags: security patch
Hi,
A new upstream release of php-radius is available which fixes a security
issue. http://pecl.php.net/package-info.php?package=radius&version=1.2.7
The relevant patch is
https://github.com/LawnGnome/php-radius/commit/13c149b051f82b709e
Op maandag 3 juni 2013 00:53:16 schreef Stephen Kitt:
> Rest assured, it still supports K&R function definitions. This is a
> combination of failures... On Windows, errcode is typedef'ed as int;
> mingw-w64 added this recently. This combined with the K&R-style
> function declaration means gcc can't
severity 712744 normal
tags 712744 -security +moreinfo
thanks
Hi Samuel,
> gpg-agent could do prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) to protect user
> secrets from appearing in coredumps or being stolen using ptrace(), like
> ssh-agent does. Unfortunately it doesn't yet do this.
gpg-agent uses setr
severity 713973 important
thanks
On Mon, June 24, 2013 14:45, Dmitriy wrote:
> Package: phpmyadmin
> Version: 4:4.0.3-1
> Severity: grave
> Tags: upstream
> Justification: renders package unusable
>
> Dear Maintainer,
>
> When trying to submit the log in form using Iceweasel or Chromium I get
> fa
severity 708245 important
tags 708245 moreinfo
thanks
> The bug filer hasn't provided the requested info in over two weeks. If
> TopDir wasn't defined, how would that happen? Failure to update the config
> from an a version created by an even older release? User error? Something
> else?
>
> My bac
Package: drbd8-utils
Version: 8.3.13-2
Severity: serious
Hi,
drdb has a usage survey in which the software connects to a remote server.
Participation in this survey is controlled via the 'usage-count' option:
# Participate in DRBD's online usage counter at http://usage.drbd.org
# possilbe op
Hi,
Please find attached the diff for the NMU to oldstable-proposed-updates.
Cheers,
Thijs
dpkg-ruby_585448.debdiff
Description: Binary data
On Sat, June 1, 2013 18:38, Andrey Rahmatullin wrote:
> On Fri, May 31, 2013 at 08:37:24PM +0200, David Suárez wrote:
>> > i686-w64-mingw32-gcc -DHAVE_CONFIG_H -I. -I../../util -I.. -I..
>> -I../../include -I../../intl-g -Os -fno-omit-frame-pointer -Wall
>> -Wno-pointer-sign -MT regex.o -MD -M
Hi Ryan,
I think an upload to the next squeeze point update with this patch is in
order to prevent this upgrading problem. Are you willing/have time to
create such an upload?
I can make an NMU if you prefer that.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.o
Hi Laszlo,
What is the status of the ceph packages and this bug? It seems there are
problems building the release currently in unstable, but do you think that
a new version can be uploaded to address this? Would be great to see ceph
back in jessie.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to de
Package: nginx
Version: 1.2.1-2.2
Severity: serious
Tags: security patch
Hi,
A buffer overflow in the proxy_pass module has been reported by
Nginx upstream, and a patch made available. Please see:
http://www.openwall.com/lists/oss-security/2013/05/13/3
The issue is already fixed in the version i
On Mon, May 13, 2013 15:31, Walter Landry wrote:
> "Thijs Kinkhorst" wrote:
>> On Mon, May 13, 2013 13:01, Ondrej Sury wrote:
>>> OK, it's very much annoying (since the tarball is huge and the updated
>>> module won't hit PHP 5.5), but I will comply.
On Mon, May 13, 2013 13:01, Ondrej Sury wrote:
> OK, it's very much annoying (since the tarball is huge and the updated
> module won't hit PHP 5.5), but I will comply.
This seems like a paper exercise which I doubt is worth our efforts.
I seems extremely unlikely that the author of the software c
> fwiw, at a five day delay plus two days in unstable, the upload would
> theoretically be eligible to migrate the night before the release. The
> chances of that upload getting unblocked are practically nil unless the
> release is delayed for some reason.
Given that the maintainer is on LowThresh
retitle 704645 gpg --verify suggests entire file was verified, even if file
contains auxiliary data
thanks
Hi,
After some discussion I've come to the following description of this request
(submitters, please correct or augment where necessary):
"gpg --verify " returns a binary answer: has a val
Hi,
> I looked into it and after populating the database by hand and also fixing
> manually the initial issue [1]. It doesn't work anyway, the following
> errors appear:
> [Mon Apr 01 02:15:47 2013] [error] [client x.x.x.x] PHP Warning:
include(bookmarks.tpl.php): failed to open stream: No such
tags 704300 patch pending
thanks
On Mon, April 1, 2013 10:12, Ana Guerrero wrote:
> On Mon, Apr 01, 2013 at 10:06:48AM +0200, Thijs Kinkhorst wrote:
>> On Mon, April 1, 2013 09:59, Thijs Kinkhorst wrote:
>> > On Mon, April 1, 2013 09:55, Ana Guerrero wrote:
>> >>
severity 704300 important
thanks
Hi,
> Scuttle doesn't work in Wheezy, all you get are some lovely PHP messages:
> Strict Standards: Non-static method ServiceFactory::getServiceInstance()
> should not be called statically in /usr/share/scuttle/www/index.php on
line > 23
On a production system,
On Sat, March 16, 2013 22:35, Mike Hommey wrote:
> On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
>> > We can consider to put it into a DSA in which the text details how to
>> disable
>> > the options if they cause trouble. An alternative is to put it into
>> spu
>> > instead, whe
+0100
@@ -1,3 +1,10 @@
+gawk (1:4.0.1+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Change Depends back to Pre-Depends (closes: #702524).
+
+ -- Thijs Kinkhorst Sat, 16 Mar 2013 12:31:51 +0100
+
gawk (1:4.0.1+dfsg-2) unstable; urgency=low
* debian/control:
diff -Nru
Hi,
> | -Change Pre-Depends to Depends (OK now that base-files Pre-Depends: awk)
> This is not correct and needs to be reverted, since it means that gawk
> might be unpacked before its dependencies during upgrades. If the awk
> alternative is set to gawk, other packages which are unpacked in the
Op zaterdag 16 maart 2013 09:37:25 schreef Yves-Alexis Perez:
> On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
> > So, here are a few more info:
> > - 3.13 disabled SSL 2.0 by default
> > - 3.13 added a defense against the Rizzo and Duong attack, which is
> >
> > known to break applicatio
severity 703128 important
thanks
Op zaterdag 16 maart 2013 00:45:18 schreef Christoph Anton Mitterer:
> Marking this as important and security, as such ungracefull errors tend to
> be prone to attacks.
Rightly so. These issues indeed should be fixed to prevent any security issues
proactively, an
Verified that squeeze is not affected. Although it contains the same
php5-radius code, the version of PHP itself in squeeze does not trigger
the segfault.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.
1 - 100 of 736 matches
Mail list logo