Package: horde3
Version: 3.1-1
Severity: grave
After last upgrade, when user logged in, in the left columns:
A fatal error has occurred
Horde_Block_turba_tree_menu non trovato.
[line 232 of /usr/share/horde3/services/portal/sidebar.php]
Details (also in Horde's logfile):
object(pear_error)(8) {
Package: dokuwiki
Version: 0.0.20060309-5
Severity: grave
Justification: user security hole
From: http://secunia.com/advisories/21819/
Description:
rgod has discovered a vulnerability in DokuWiki, which can be exploited by
malicious people to compromise a vulnerable system.
Input passed to
Package: rkhunter
Version: 1.2.8-4
Severity: grave
# rkhunter --update
Running updater...
/usr/bin/rkhunter: line 4994: /rkhunter/scripts/check_update.sh: No such
file or directory
Ready.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500,
Hi Dominique,
Dominique Brazziel ha scritto:
I just saw this update and put it on and, while there is no segfault,
the IRQ totals are way off, 0 is reported many times when it shouldn't
be:
Please open a new bug and report it.
Giuseppe.
signature.asc
Description: OpenPGP digital
copy shipped with
+dokuwiki (SA32559) (Closes: #504682)
+
+ -- Giuseppe Iuculano [EMAIL PROTECTED] Sat, 08 Nov 2008 09:48:34 +0100
+
dokuwiki (0.0.20080505-3) unstable; urgency=high
* High-urgency upload for RC bug fixing.
diff -u dokuwiki-0.0.20080505/debian/patches/series dokuwiki
Package: trac
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for trac.
SA32652[1]
Description:
Some vulnerabilities have been reported in Trac, which can be
exploited by malicious people to cause a
Hi,
[EMAIL PROTECTED] ha scritto:
i think this is the changeset
http://trac.edgewall.org/changeset/7658/branches/0.11-stable
i'll get into this to upload a new package.
2) An unspecified error when processing wiki markup can be exploited
to cause a DoS.
See also
Package: iceweasel
Version: 3.0.3-3
Severity: critical
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Firefox 3.
SA32713[1]
Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be
Package: iceweasel
Version: 2.0.0.17-0etch1
Severity: critical
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Firefox 2:
SA32693[1]
Description:
Some vulnerabilities have been reported in Mozilla Firefox, which can be
Package: icedove
Severity: critical
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Thunderbird:
SA32715[1]
Description:
Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by
Package: iceape
Severity: critical
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for SeaMonkey:
SA32714[1]
Description:
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious
Package: verlihub
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
An exploit[0] has been published for verlihub:
Verlihub does not sanitize user input passed to the shell via its
trigger
mechanism. Furthermore, the Verlihub daemon can optionally be
11:27 sil_aiahbgbgaaaj
brw---1 root root 254, 1 Aug 30 11:27 sil_aiahbgbgaaaj1
brw---1 root root 254, 2 Aug 30 11:27 sil_aiahbgbgaaaj5
Giuseppe Iuculano
signature.asc
Description: OpenPGP digital signature
Frans Pop ha scritto:
But another possibility is that you are just not following the correct
procedure. Support for dmraid is far from perfect and things will *only*
work if you follow the documented procedure.
How did you do the partitioning? Did you *exactly* follow the instructions
that
Frans Pop ha scritto:
Unfortunately these don't help very much. What I think we need here is a
full debug log for partman to see what was running at the time of the
OOM. I suspect you somehow get into a loop.
Please make sure you have started your ssh sessions _before_ starting
partman
block 497723 by 491794
thanks
Hi,
Thomas Viehmann wrote:
license is not DFSG-free (see bug #491794).
new freemat package is ready, but I prefer to wait #491794 resolution.
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Frans Pop ha scritto:
Giuseppe: if you want to work around this bug to test dmraid support, you
can do so by changing /lib/partman/active_partition/25divider/choices
before you start partman: just make that script 'exit 0'.
This would allow you to provide further details on the p in created
, which use device mapper. Libparted was
+naming new partition nodes incorrectly, and not setting the UUIDs for
+dmraid device nodes. (Closes: #497110)
+ * debian/patches/parted-dmraid.dpatch: Make sure that partition nodes for
+dmraid devices are probed
+
+ -- Giuseppe Iuculano [EMAIL
Otavio Salvador ha scritto:
Yes. That is a great news. Sad that Ubuntu hasn't communicated with us
to get this fixed on Debian. I'll take a look and prepare a parted
upload with it.
I merged all relative dmraid Ubuntu changes in:
devmapper
os-prober
parted
partman-auto
partman-base
Frans Pop ha scritto:
On Saturday 06 September 2008, Frans Pop wrote:
At first glance the patch also needs some cleanup. The .gitignore
changes look like they are just noise and the actual changes are not
really consistent regarding whitespace for example.
Here's a cleaned-up version.
+++ partman-base-125+nmu1/debian/changelog 2008-09-06 16:56:57.0
+0200
@@ -1,3 +1,10 @@
+partman-base (125+nmu1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * init.d/parted: Set the sataraid flag for dmraid arrays.
+
+ -- Giuseppe Iuculano [EMAIL PROTECTED] Sat, 06 Sep 2008
.
+ * Merge from Ubuntu: debian/patches/parted-dmraid.dpatch: Patch to educate
+libparted about dmraid arrays, which use device mapper. Libparted was
+naming new partition nodes incorrectly, and not setting the UUIDs for
+dmraid device nodes. (Closes: #497110)
+
+ -- Giuseppe Iuculano [EMAIL
Ubuntu: debian/patches/parted-dmraid.dpatch: Patch to educate
+libparted about dmraid arrays, which use device mapper. Libparted was
+naming new partition nodes incorrectly, and not setting the UUIDs for
+dmraid device nodes. (Closes: #497110)
+
+ -- Giuseppe Iuculano [EMAIL PROTECTED
.
+
+ -- Giuseppe Iuculano [EMAIL PROTECTED] Sat, 06 Sep 2008 18:23:55 +0200
+
partman-auto (81) unstable; urgency=low
[ Jérémy Bobbio ]
diff -Nru partman-auto-81/lib/auto-shared.sh
partman-auto-81+nmu1/lib/auto-shared.sh
--- partman-auto-81/lib/auto-shared.sh 2008-08-25 21:01:13.0 +0200
Frans Pop ha scritto:
changes merged for Lenny. This means the following actions are needed:
- get an OK for the change in devicemapper from maintainer and RT
- get an OK for the change in parted from RT (and maybe check that the
patch will also get accepted upstream?)
- get updated
Frans Pop ha scritto:
On Sunday 07 September 2008, Frans Pop wrote:
I've done some testing using Giuseppe's businesscard image in
VirtualBox ...
I was very surprised that you don't actually need BIOS support for dmraid.
Apparently it really only scans the harddisks for some specific
Giuseppe Iuculano ha scritto:
I'm working on this, but it is not very simple for me.
Approximately dmraid -rD generates three files, from this we can extrapolate
metadata, and with a hex editor we can add the fake signature to the
qemu/virtualbox drive
Ok,this procedure seems to work for me
unblock 497110 by 498838
thanks
Hi,
Bastian Blank ha scritto:
Please explain. I'm currently not able to oversee the consequences.
Bastian
# blkid
/dev/mapper/sil_aiahbgbgaaaj5: TYPE=swap
/dev/mapper/sil_aiahbgbgaaaj1: UUID=4f4ac281-bb5d-4c34-9437-65df0c203bbb
TYPE=ext3
/dev/hda1:
Asier ha scritto:
Thu Sep 18 23:09:34 2008: A maintenance shell will now be started. CONTROL-D
will terminate this shell and resume system boot. (warning).
Thu Sep 18 23:09:34 2008: Give root password for maintenance
Thu Sep 18 23:09:34 2008: (or type Control-D to continue):
Please, at this
Giuseppe Iuculano ha scritto:
Asier ha scritto:
Thu Sep 18 23:09:34 2008: A maintenance shell will now be started. CONTROL-D
will terminate this shell and resume system boot. (warning).
Thu Sep 18 23:09:34 2008: Give root password for maintenance
Thu Sep 18 23:09:34 2008: (or type Control
severity 499060 normal
tags 499060 wontfix
retitle 499060 udev rule doesn't work without initramfs
thanks
Asier ha scritto:
The same problem. The RAID array isn't detected :(
As you know, from dmraid 1.0.0.rc14-3 we use an udev rule to allow dmraid arrays
to be brought up in the event that
Asier ha scritto:
El Viernes, 19 de Septiembre de 2008, escribió:
As you know, from dmraid 1.0.0.rc14-3 we use an udev rule to allow dmraid
arrays to be brought up in the event that the member disks of an array
are present. This udev rule runs /sbin/dmraid-activate to activate only
arrays
tags 499060 moreinfo
thanks
Asier ha scritto:
The problem... remains, attached /etc/udev/rules.d/85_dmraid.rules and the
boot loog :-(
I need some debug logs.
Extract the attached .tar.gz, and you have a dmraid-debug directory
cd dmraid-debug
cp -a sbin/* /sbin/
cp -a 85_dmraid.rules
Asier ha scritto:
Here they go.
Looks like there's a problem with /usr/bin/basename not present before a full
mount of the filesystem?
Right, another deb for testing:
http://sd6.iuculano.it/dmraid-testing/dmraid_1.0.0.rc14-4~unreleased3_amd64.deb
Make sure that after .deb installation
tags 499060 = pending
thanks
Asier ha scritto:
Magic words: fixed!
RAID array now is detected and the /dev/mapper/ entry is created.
Thanks for your support
Greets
Great! :)
Giuseppe
signature.asc
Description: OpenPGP digital signature
Frans Pop ha scritto:
I've not tested os-prober functionality for dmraid.
Tested, unfortunately root is empty:
# This entry automatically added by the Debian installer for an existing
# linux installation on /dev/mapper/sil_aiahbgbgaaaj1.
title Debian GNU/Linux, kernel 2.6.26-1-686
Giuseppe Iuculano ha scritto:
Tested, unfortunately root is empty:
Hi,
attached debdiff fixes the root detection, can you review it please?
Giuseppe
diff -Nru grub-installer-1.34/debian/changelog
grub-installer-1.35/debian/changelog
--- grub-installer-1.34/debian/changelog2008-09-22
Chris ha scritto:
I have Intel raid 10, it worked fine up until now, and after this
removal of patch
07_isw-raid10-nested.dpatch
my system fails to boot. dmraid -l does not show intel raid 10
support. I tracked it down to this.
Sorry, but that patch was removed because it breaks some
tags 500883 moreinfo
thanks
Peter Leipold ha scritto:
After the upgrade the boot stops at waiting for the root filesystem. I get a
busybox prompt. I figured out what to type to continue booting up:
$ modprobe dm-mirror
$ dmraid -ay
$ exit
I need some debug logs.
Extract the attached
Hi Peter,
Peter ha scritto:
I now suspect the ENV{ID_FS_USAGE}==raid option in udev rules file. How
should udev supposed to know if a disk is raid? Maybe I should rename
something to this raid? See below my raid settings:
udevadm info --query=all --name=sda
udevadm info --query=all
Peter ha scritto:
This 2nd partition is one of my raid1 volume, containing the root filesystem.
I see ID_FS_USAGE is not raid as it should. Do I have a screwed raid
setup? :) Do you know how could I change that ID_FS_USAGE?
ID_FS_USAGE on sdaX isn't important. The real problem is that
Peter ha scritto:
Ok, thanks! This is then an udev issue, so I should search there (already
Can you elaborate please? Why this is an udev issue and not a bug in your
controller/bios ?
found some bug-reports where udev incorrectly read device metadata for raid
devices),
Can you link them
severity 500883 normal
thanks
Peter ha scritto:
Well, it can of course be a controller bug. I'm not that familiar with these
issues.
I was only thinking it to be an udev bug because as I've read these fakeraid
cards are hard to support under linux because of their proprietary bios
Len Sorensen ha scritto:
I do not consider this closed. You are wrong. Please reopen until it
is fixed. I was actually considering marking it RC for Lenny.
Hi,
I understand your point of view, but this bug is marked as Fixed in version
procinfo/1:2.0.208-1. This is correct and this remain
Len Sorensen ha scritto:
Well if it isn't being accepted into Lenny, then that doesn't help and
most likely Lenny will end up with no procinfo at all.
Wouldn't it be better to make a procinfo 18-3 with the simple fix which
is much more likely to be accepted into Lenny and then get the new
tags 552417 moreinfo
thanks
Hi,
Doug Baldwin ha scritto:
Originally installed Lenny using network installation CD,
followed prompts for RAID-1. Recently upgraded to Squeeze.
All works with 2.6.26. However, system fails to boot with
2.6.30. Error message is: Unable to mount vg00 volume
Package: squidguard
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for squidguard.
CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass
Hi,
Helge Kreutzmann ha scritto:
clone 546212 -1
found -1 4:3.5.10.dfsg.1-0lenny2
severity -1 serious
thanks
- Forwarded message from Giuseppe Iuculano iucul...@debian.org -
...
Debian Security Advisory DSA-1916-1 secur...@debian.org
http://www.debian.org
Package: openldap
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openldap.
CVE-2009-3767[0]:
| libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not
| properly
Package: mutt
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mutt.
CVE-2009-3766[0]:
| mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the
| domain name in the
Package: wireshark
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3829[0]:
| Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows
| remote attackers
Package: snort
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for snort.
CVE-2009-3641[0]:
| Snort before 2.8.5.1, when the -v option is enabled, allows remote
| attackers to cause a
Package: qemu
Version: 0.10.6-1
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qemu.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU
Package: kvm
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU 0.10.6 and earlier might
@@
+libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
+via crafted files (Closes: #552534)
+
+ -- Giuseppe Iuculano iucul...@debian.org Mon, 09 Nov 2009 21:19:11 +0100
Package: shibboleth-sp2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for shibboleth-sp2.
CVE-2009-3300[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity
|
tags 554618 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 10 Nov 2009 17:52:03 +0100.
The fix will be in the next upload.
=
Build
Hi,
Quanah Gibson-Mount wrote:
Also, if Debian's still supporting anything based on OL 2.3, I have a clean
patch for this issue for it as well.
Could you send the patch for OL 2.3 please?
Thanks in advance,
Giuseppe
signature.asc
Description: OpenPGP digital signature
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 10 Nov 2009 19:09:45 +0100
+
openldap (2.4.17-2
Package: msmtp
Version: 1.4.9-1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for msmtp.
CVE-2009-3942[0]:
| Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not
| properly handle a '\0'
Package: mpop
Version: 1.0.5-1etch1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mpop.
CVE-2009-3941[0]:
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not
|
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
+(Closes: #570737)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 02 Mar 2010 14:57:17 +0100
+
sudo (1.7.2p1-1) unstable; urgency=low
* new upstream version
only
Package: pulseaudio
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Dan Rosenberg discovered an insecure temporary file creation in pulseadio.
Please see:
https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008
Upstream patch:
block 581265 by 583826
thanks
On 05/18/2010 10:21 PM, Moritz Muehlenhoff wrote:
The situation has changed a bit: Chromium might still be part of Squeeze.
Guiseppe is currently checking with upstream on the feasibility of a
upstream support lifetime suitable for the lifetime of Squeeze.
Hi Timo,
On 06/25/2010 05:41 PM, Timo Juhani Lindfors wrote:
version 5.0.375.70~r48679-2 seems to start on openmoko!
I can use the menus but trying to load any page results in a dialog
that shows an error message that can not be copypasted. It says
something about The following page(s) have
On 06/25/2010 06:50 PM, Timo Juhani Lindfors wrote:
Giuseppe Iuculano giuse...@iuculano.it writes:
Could you try version 5.0.375.86~r49890-1 when it will be available in
armel please?
Sure but the blx instructions in libv8 will still be a problem, right?
Yes, please open a bug against
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ciao Giacomo,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2010-1448[0]:
| Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR
| Cross
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows
Package: lxr
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr.
CVE-2010-1625[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
| before 0.9.7 allows remote
Well, since the problem is somewhere in Quesoglc, I built a version of glc
with
debug symbols, to see where exactly the error is. And surprise, that version
worked. The locally rebuilt package without debug symbols also works. Not sure
what exactly is the problem, maybe libglc0 was built on
Since openjdk-6-jdk was available before on those arches, I hoped it
will come back. Do you think it won't?
It wasn't available, protobuf was built in those archs because you had
openjdk-6-jdk in Build-Depends-Indep instead of Build-Depends
Cheers,
Giuseppe.
signature.asc
Description:
+1,11 @@
+protobuf (2.3.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Build-depends on on default-jdk and set JAVA_HOME to
+/usr/lib/jvm/default-java (Closes: #587732)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat, 10 Jul 2010 18:37:19 +0200
+
protobuf (2.3.0-2) unstable
Hi Iustin,
On 07/10/2010 08:39 PM, Iustin Pop wrote:
I was planning to revert the move of the openjdk-6 from b-d-i to b-d, as
an alternative to depend on default-jdk. The move was done simply to
have 'jar' available during the build time for a few optional unittests
which need it.
I think
On 07/11/2010 01:51 AM, Iustin Pop wrote:
I'm not sure I understand what you mean. The jdk is *not* used during
the binary build, except for unittests (if present). The jdk *is* used
during the indep build, for the java part. What do you see here as an
abuse?
Sorry, let me rephrase a bit.
On 07/11/2010 11:45 AM, Julien Cristau wrote:
On Sun, Jul 11, 2010 at 09:05:49 +0200, Giuseppe Iuculano wrote:
If you put openjdk-6 in b-d-i, protobuf can't be built on those archs
that hasn't openjdk-6, and imho this can be considered an FTBFS even if
the binary build works.
No, it can't
On 07/11/2010 12:27 PM, Julien Cristau wrote:
Because there's no requirement anywhere that says arch:all packages need
to be buildable on all architectures.
The binary target must be all that is necessary for the user to build
the binary package(s) produced from this source package.
So I think
On 07/11/2010 12:55 PM, Iustin Pop wrote:
Giuseppe, you didn't answer my other question. Can you confirm the
package builds fine and the java parts work with gcj?
Yes I can.
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
Package: sendmail
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for sendmail.
CVE-2009-4565[0]:
| sendmail before 8.14.4 does not properly handle a '\0' character in a
| Common Name (CN)
Il 16/01/2010 11:08, Goswin von Brederlow ha scritto:
That usualy means one of the libraries can not be found.
What does
ldd i586-jdk/bin/unpack200
$ ldd i586-jdk/bin/unpack200
not a dynamic executable
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
@@
+dokuwiki (0.0.20090214b-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Check against cross-site request forgeries (CSRF)
+ * Fixed multiple vulnerabilities in ACL plugin (Closes: #565406)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 17 Jan 2010 14:47:41 +0100
Hi,
sorry for late reply.
Il 18/01/2010 10:00, Goswin von Brederlow ha scritto:
That is a bit odd. I do see /lib/ld-linux.so.2 and /usr/bin/ldd in
ia32-libs:ia64 so that should work.
What kind of ia64 CPU do you have? Is it old enough to still have the
i386 emulation hardware? Newer ia64
tags 562353 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 23 Jan 2010 12:52:24 +0100.
The fix will be in the next upload.
=
Removed
) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix two denial-of-service vulnerabilities: CVE-2009-3560 and CVE-2009-3720.
+(Closes: #560912)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 24 Jan 2010 12:48:21 +0100
+
python2.5 (2.5.4-3) unstable; urgency=low
Package: openoffice.org
Version: 1:3.1.1-14
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
$ soffice
Error while mapping shared library sections:
pand:$OOO_BASE_DIR/program/cairocanvas.uno.so: No such file or directory.
Error while mapping shared library sections:
�[�
:
Hi,
Il 25/01/2010 12:27, Rene Engelhard ha scritto:
Do you have some security features enabled somewhere?
No,
What I also would try is ro check your .rdb files, maybe
this is an other symptom of #566189/#566062/#565667...
After removing /var/spool/openoffice/uno_packages/cache/* I've:
$
fixed 566829 1:3.2.0~rc3-1
thanks
Il 25/01/2010 12:29, Rene Engelhard ha scritto:
Oh, and please try with 3.2, too - though I don't see why this
should matter, but.. - as that will be squeezes version if everthing
goes OK (note downgrades will be tricky, so so might want to save
your user
Il 25/01/2010 13:23, Rene Engelhard ha scritto:
What I forgot here: please send us
/var/lib/openoffice/basis3.1/program/services.rdb
Attached.
Cheers,
Giuseppe.
services.rdb
Description: Binary data
signature.asc
Description: OpenPGP digital signature
Package: kdelibs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: kde4libs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kde4libs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: firefox-sage
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for firefox-sage.
CVE-2009-4102[0]:
| Sage 1.4.3 and earlier extension for Firefox performs certain
| operations with
tags 560241 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 14 Dec 2009 12:18:12 +0100.
The fix will be in the next upload.
=
Adeed
Il 28/05/2010 14:35, Wilfried Goesgens ha scritto:
If you've got a system 'grown' across time (which is pretty usual for
debian installations) theres no reason why libicu36-dev shouldn't be
there. This box has been running etch and lenny without reinstall for
example
You need to run deborphan
On 01/06/10 05:55, paul.sz...@sydney.edu.au wrote:
Dear Kartik,
I don't think this bug is correct for recoll. recoll only 'suggests'
ghostscript and don't use code from ghostscript. Filing bug at 'gs
package seems right.
I'm slightly puzzled by your mass-bug filing. Why you opened bugs
Package: mysql-dfsg-5.1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mysql-dfsg-5.1.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files
Package: mysql-dfsg-5.0
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mysql-dfsg-5.0.
CVE-2010-1626[0]:
| MySQL before 5.1.46 allows local users to delete the data and index
| files
Package: gnustep-base
Version: 1.19.3-3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnustep-base.
CVE-2010-1620[0]:
| Integer overflow in the load_iface function in Tools/gdomap.c
Package: gnustep-base
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnustep-base.
CVE-2010-1457[0]:
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
| users to
Package: ghostscript
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ghostscript.
CVE-2010-1628[0]:
| Ghostscript 8.64, 8.70, and possibly other versions allows
| context-dependent
Package: phpgroupware
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for phpgroupware.
CVE-2010-0404[0]:
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before
| 0.9.16.016
Package: phpgroupware
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for phpgroupware.
CVE-2010-0403[0]:
| Directory traversal vulnerability in about.php in phpGroupWare (phpgw)
| before
1 - 100 of 388 matches
Mail list logo
