Package: bugzilla
Version: 2.18.3-1
Severity: grave
Tags: sid etch security patch
The bugzilla package's postinst script uses temporary files in an unsafe
way which could be used to conduct symlink attacks against the root
user when the package is configured. This is because it uses a hardcoded
Package: gnome-vlc
Version: 0.8.1.svn20050314-1
Priority: serious
This dummy package is present in woody, sarge, etch and sid.
As this is a dummy transition-only package (for potato?), there
is no reason this this package should still exist in the distribution?
Notice that we currently only
Package: gvlc
Version: 0.8.1.svn20050314-1
Priority: serious
This dummy package is present in woody, sarge, etch and sid.
As this is a dummy transition-only package (for potato?), there
is no reason this this package should still exist in the distribution?
Notice that we currently only support
Package: krb4
Version: 1.2.2-11.2
Priority: serious
This source package includes kerberos4kth1, kerberos4kth-services,
kerberos4kth-user and kerberos4kth-x11. All these four packages
are dummy packages that were present in woody, sarge, etch and sid.
As these are dummy transition-only package
Package: koffice-i18n
Version: 1.3.5-2
Priority: serious
This source package includes koffice-i18n-zhcngb2312 and koffice-i18n-zhtwbig5.
These otwo packages are dummy packages that were present in sarge, etch
and sid but were not present in woody. As these are dummy transition-only
package
Package: libalgorithm-diff-ruby
Version: 0.4-3
Priority: serious
This dummy package is present in sarge, etch and sid.
As this is a dummy transition-only package (for woody?), there
does not seem to be any no reason why this package should still
exist in the distribution.
Notice that we
tags 324017 moreinfo unreproducible
thanks
On Fri, Aug 19, 2005 at 03:45:58PM -0400, Rick Friedman wrote:
Package: cron
Version: 3.0pl1-88
Severity: grave
Justification: renders package unusable
The cron daemon runs as normal until a cronjob starts up. Actually, I
don't even know if the
On Sat, Aug 20, 2005 at 07:28:25PM -0400, Rick Friedman wrote:
It certainly seems more than coincidental to me that your strace shows the
same seg fault that my strace shows... immediately after opening
crontabs/root.
Oh, and BTW, the only change in -88 that might affect cron's behaviour
is
On Sat, Aug 20, 2005 at 07:11:19PM -0400, Rick Friedman wrote:
Package: cron
Version: 3.0pl1-88
Followup-For: Bug #324017
Below is the output of strace when a cronjob should've started (I should
add that the job that was supposed to run was in root's crontab):
Not very useful. Although
On Sat, Aug 20, 2005 at 07:11:43PM -0500, Mike Hokenson wrote:
In -88, u-scontext is set to NULL if get_security_context() fails (i
think) and in free_user() there's a freecon() call on u-scontext but no
NULL check. Maybe that's where the problem is?
Your assessment looks quite correct.
On Sat, Aug 20, 2005 at 07:51:17PM -0500, Mike Hokenson wrote:
I just noticed I was building cron w/out selinux support. :P
Yes, I guessed as much :-)
Here's a backtrace of a -g:
(..)
Which still pretty much leads back to the same place...
Yes.
I'm not sure what your patch looks
On Sat, Aug 20, 2005 at 07:51:17PM -0500, Mike Hokenson wrote:
I'm not sure what your patch looks like, but just testing for a NULL
u-scontext didn't work, I had to do this:
Aggg.. you are right, I don't think clearly this late, the problem is that
u-scontext is undefined, that's why free()
On Sat, Aug 20, 2005 at 08:21:35PM -0500, Mike Hokenson wrote:
If it only contains the NULL pointer check, it won't (already tried), Rick
will probably be able to confirm this when he updates. I'm not familiar
with the mirroring system, do you think it'll appear shortly or is there a
place
reopen 323386
tags 323386 etch sarge
retitle 323386 kismet: Security vulnerabilities CAN-2005-2626 and CAN-2005-2627
present in sarge and etch
thanks
Dear maintainer, the version currently distributed of kismet in stable and
testing has several security issues. You should reopen a security
On Mon, Aug 22, 2005 at 02:46:23AM -0700, Steve Langasek wrote:
close 323386 2005.08.R1-1
thanks
This is incorrect. With the introduction of version tracking support in
the BTS, you should *not* use the reopen command on bugs that were
correctly closed in an upload.
There's no way I can
Package: avifile
Version: 1:0.7.43.20050224-1
Priority: serious
Justification: Section 2.3 Copyright considerations
The only copyright statement in the debian/copyright file says:
Copyright: GPL (see /usr/share/common-licenses/GPL)
and LGPL (see /usr/share/common-licenses/LGPL)
That's plain
Package: vlc
Version: 0.8.4-svn20050810-1
Priority: serious
Justification: Section 2.3 Copyright considerations
The vlc package contains multiple files whose copyright are not detailed
in debian/copyright. Moreover, many of these files do _not_ have
a license clarification on its header as
On Thu, Aug 25, 2005 at 02:58:51PM +0200, kabi wrote:
On 8/25/05, Javier Fernández-Sanguino Peña [EMAIL PROTECTED] wrote:
Package: avifile
Version: 1:0.7.43.20050224-1
Priority: serious
I really don't see any reason for this priority anyway
What are you talking about? This is a serious
On Fri, Aug 26, 2005 at 01:51:44PM +0200, kabi wrote:
Debian distributes _binaries_ and that's what your packages ship, binary
files with documentation. The documentation file debian/copyright is
mandatory for all packages and its contents are too. It is a way to
determine
what
a)
Package: mediamate
Version: 0.9.3.6-2
Priority: serious
Tags: patch
Since version 4.50-1 libphp-adodb no longer includes the PHP files under
/usr/share/adodb. They are included in /usr/share/php/adodb. Your package
uses the old location which means that the include of the Adodb libraries
will
On Sat, Jan 14, 2006 at 11:48:44AM -0500, Justin Pryzby wrote:
I intend to NMU a fix for this bug sponsored by Thomas Viehmann; the
attached patch simply drops the dependency on xlibs-dev, because there
is no actual direct dependency.
Please don't, I already uploaded an updated package.
Based on the comment made by Jim Paris to bug #338006 I've found that adding
the following line to nessusd.conf makes the client able to talk with the
server:
ssl_cipher_list = SSLv2:-LOW:-EXPORT:RC4+RSA
I'm going to add this to the default nessusd.conf to implemente a workaround
fix for
On Thu, Jan 19, 2006 at 12:11:55PM +0100, Wolfram Quester wrote:
Package: openuniverse
Version: 1.0beta3.1-2
Severity: grave
Justification: renders package unusable
Hi,
during the last update I got:
Preparing to replace openuniverse 1.0beta3.1-2 (using
tags 348841 pending
thanks
On Thu, Jan 19, 2006 at 12:11:55PM +0100, Wolfram Quester wrote:
Package: openuniverse
Version: 1.0beta3.1-2
That is not correct, the package you are installin is 1.0beta3.1-3
during the last update I got:
Preparing to replace
Package: apache
Version: 1.3.33-2
Priority: grave
Tags: security sid sarge
Hi, I've found unsafe uses of /tmp in some of Apache's scripts in the
source, one of this (check_forensic) is installed in Debian's apache-utils
package and IMHO should be fixed. They are rather low risk, but I have to
* added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
tcltags.sh so they use mktemp instead of insecure $$ construction to
create temporary files (CAN-2005-0069) (closes: #289560)
A few comments and questions regarding this entry:
- the scripts seem to be
On Tue, Jan 18, 2005 at 11:38:55PM +0100, Thomas Schmidt wrote:
Well, it seems that there are different opinions in this case - some
developers (you for example) say that system users should be removed
when the package is purged, some say that it is no problem if the
user is not deleted.
On Wed, Jan 19, 2005 at 10:24:20AM +0100, Martin Pitt wrote:
I read your patch, but I deliberately wrote my own very simple
version, because:
Martin, just to get things straight, my comments are not directed
towards you, but towards the vim maintainer.
- I wanted to avoid the tempfile race
I hope I'll find time next weekend for a new upload.
There's no hurry, take your time, these scripts have been in Debian for
ages. You can even wait until the next upstream version is released, no
sense in making two uploads to fix these.
Regards
Javier
--
To UNSUBSCRIBE, email to [EMAIL
reopen 290974
tags 290974 sarge
thanks
A few comments on this:
* (Thom May)
- Security fix - fix tempfile usage in check_forensic (Closes: #290974)
- Please help track this bugs in sarge by tagging them
- fmn.sh was not fixed. Even if not used in the Debian package I would
appreciate
Package: mysql-server
Version: 4.1.7-2
Priority: grave
Tags: experimental
Just a quick note to tell that there are several symlink vulnerabilities in
the experimental version of mysql-server which have been fixed in sid's.
This includes (but is not limited to) mysqlaccess (#291122), and
Package: openwebmail
Priority: grave
Version: 2.41-10
Tags: patch security
Openwebmail has multiple unsafe usages of temporary files (in /tmp) which
lead to race conditions and symlink attacks. There are actually a lot of
Perl scripts that, instead of using Perl's builtin File::Temp module use
severity 291658 normal
retitle 291658 nessus-plugins: Some NASL plugins in release 2.2.2a (and later)
are non-free
thanks
On Sat, Jan 22, 2005 at 08:26:39AM +0100, Florian Weimer wrote:
Upstream claims that large parts of nessus-plugins has never been
licensed under the GPL. The copyright
Package: razor
Version: 2.610-2
Severity: grave
Tags: security patch sid testing
The use done of files under /tmp by Razor for logging is unsafe and open to
symlink attacks. It would be best if Razor would use safely created
temporary files and directories to prevent a local installation from
On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote:
The yiff server, by default, will run as the root user, even though it
only requires privileges to access the audio devices (/dev/dsp and
/dev/mixer), no effort is make by the package to create an specific user
and run the server
tags 334616 patch
thanks
On Wed, Oct 19, 2005 at 12:58:10PM +0100, Phil Brooke wrote:
Those three points should fix the problem you've identified.
I wouldn't worry about the other two bugs you filed -- I should be able to
tidy those up within a few weeks (I hope!).
Attached is a patch
On Wed, Oct 19, 2005 at 11:09:58AM +0200, Moritz Muehlenhoff wrote:
Hi,
as the attack is based on overflowing buf1[] through crafted len values
taken from the packet header in BoGetDirection() and this function isn't
present in 2.3 Debian doesn't seem to vulnerable.
Yes, based on the source
On Fri, Oct 21, 2005 at 11:44:58AM +0200, Moritz Muehlenhoff wrote:
Hi,
while I agree that running yiff with lesser privileges is desirable
I can't see a RC security problem in this case. You can't crash
a system be reading from /dev, /proc or /sys, even reading from raw
hard disk devices
On Sun, Sep 25, 2005 at 01:09:38AM +0200, Erik Schanze wrote:
Hi!
Please find attached patch for Makefile-in to only process texi with
texi2html files that succeed.
So it build again.
Ok. I will apply it right away.
Additionaly there are many warnings during build and something is
Package: snort
Severity: critical
Version: 2.3.3-2
Justification: remote compromise
Well, I have just read both an X-force and a CERT alert related to Snort,
it seems that it is possible to make a preprocessor (bo) crash and run code
remotely through a single UDP traffic.
I'm still
Package: nvi
Version: 1.79-21
Priority: grave
Tags: security patch woody sid
Justification: local DoS
(Note: The bugs I talk about in this report have been present in Debian's
nvi for ages. Actually, OpenBSD provides an alternate 'recover'
implementation (attached) written in Perl that fixes most
On Mon, Mar 07, 2005 at 02:26:07PM +0100, Kaare Hviid wrote:
Package: cheops
Version: 0.61-11
Severity: serious
FTBFS in pbuilder and apparently all buildds:
gcc -g -O2 -Wall -DDEFAULT_PATH=\/usr/share/cheops\
-DLIB_PATH=\/usr/lib/cheops\ -I/usr/include/gtk-1.2 -I/usr/include/glib-1.2
tags 279483 patch pending
thanks
The attached patch should fix this, I'm making a NMU upload as this RC bug
has been over 4 months unanswered.
Regards
Javier
diff -Nru susv3-6/debian/changelog susv3-6.1/debian/changelog
--- susv3-6/debian/changelog2004-10-26 23:57:11.0 +0200
+++
tags 295554 patch
thanks
If I've understood the issue correctly the attached patch fixes this issue.
Regards
Javier
diff -Nru xinetd-2.3.13.old/debian/changelog xinetd-2.3.13/debian/changelog
--- xinetd-2.3.13.old/debian/changelog 2005-03-08 15:42:26.0 +0100
+++
On Tue, Mar 08, 2005 at 09:00:34AM -0500, Justin Pryzby wrote:
On Tue, Mar 08, 2005 at 10:22:54AM +0100, Javier Fernández-Sanguino Peña
wrote:
tags 279483 patch pending
thanks
The attached patch should fix this, I'm making a NMU upload as this RC bug
has been over 4 months
On Tue, Mar 08, 2005 at 11:06:28AM -0500, Justin Pryzby wrote:
Okay. FYI it appears that dh_clean was not called, as your patch
includes things I would not expect (and which were not present in the
other patch), such as DEBIAN/ and debian/files. I'm not familiar with
cdbs, so I'm not going
On Wed, Mar 16, 2005 at 01:21:34PM -0500, Justin Pryzby wrote:
I was able to upgrade then purge, then reinstall sid's new
checksecurity. So, I think it would be useful if you could make the
postinst set -x and reconfigure it to point out where the problem is.
That might work too, but I
Package: libpam-runtime
Version: 0.76-22
Priority: serious
Tags: security
It seems we are missing some of upstream releases (0.77 was released in
September 2002 and 0.78 was released in November 2004). Please package this
new release:
ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/
The
On Sat, Nov 19, 2005 at 03:46:23PM +, MJ Ray wrote:
I think the statistic is questionable, so there should be
verification/substantiation of the statistic, but I don't know
whether it's right or wrong. I think it's prejudging things to
delete the first paragraph as suggested.
I don't know
On Sat, Nov 19, 2005 at 06:03:13PM -0500, Filipus Klutiero wrote:
Hi Javier,
I'd like to be sure about which claim you refer to. The current claim is
the one that says that Debian *does* issue fixes for most problems under
48 hours, right? I'm asking since if I understand right the
I'm still working on this bug, the problem is that I don't get the latest
userland utilities to compile with the latest patch I provided too so until
I don't get around to fix this there will be no rsbac-admin packages in
Debian. This makes the kernel-patch package rather useless as RSBAC goes,
On Fri, Nov 10, 2006 at 03:22:33AM +0100, Ana Guerrero wrote:
Hola Javier,
It seems after some time stuck at the UploadQueue, it was removed.
Could you try to upload it again?
Done.
Javier
signature.asc
Description: Digital signature
There seems to be a problem with this upload, let's see if I can get it fixed
by the ftp-masters.
- Forwarded message from Debian Installer [EMAIL PROTECTED] -
From: Debian Installer [EMAIL PROTECTED]
Date: Thu, 09 Nov 2006 23:47:21 -0800
To: Javier Fernandez-Sanguino Pen~a [EMAIL
On Fri, Nov 10, 2006 at 04:08:32PM -0800, Steve Langasek wrote:
On Fri, Nov 10, 2006 at 03:46:33PM +0100, Javier Fernández-Sanguino Peña
wrote:
There seems to be a problem with this upload, let's see if I can get it
fixed by the ftp-masters.
Uh, how would the ftpmasters fix
2006/11/30, Alvaro Martinez Echevarria [EMAIL PROTECTED]:
--- Reason ---
RoM; license problems.
So this bug won't be fixed in Debian.
Well, let's think about this a little bit. According to what I
read in 270695, there's a problem with one specific catalog,
On Tue, Mar 28, 2006 at 07:20:24PM -0500, Justin Pryzby wrote:
Your cheops NMU ftbfs.
What's this? Where's the patch?
Javier
signature.asc
Description: Digital signature
Hi everyone,
I was reviewing the status of #238245 (Debian web site is licensed under the
OPL which is not considered DFSG-free) and see that there have been no
actions since October last year and no discussion at debian-www.
In summary: The web pages license content should be changed from the
On Thu, Apr 20, 2006 at 01:03:19AM +0200, Francesco Poli wrote:
I agree that the GNU GPL v2 would be a perfectly reasonable choice for
the Debian website.
Several other GPLv2-compatible licenses are good choices too, however.
I'd rather use a simpler license for text content it is more
On Thu, Apr 20, 2006 at 12:56:57AM +0200, Francesco Poli wrote:
I suggest using a BSD-style license. The attached license is such a
license. It is based on the FreeBSD documentation license [3] and
explicitely mentions translations. In our case (the website) the
'source
On Sat, Apr 22, 2006 at 01:22:53AM +0200, Javier Fernández-Sanguino Peña wrote:
On Thu, Apr 20, 2006 at 03:48:09PM -0700, Don Armstrong wrote:
Should we decide to change the license, we should either use the MIT
license if we don't want it to be copyleft, or the GPL if we do. A
custom
On Thu, Apr 20, 2006 at 03:48:09PM -0700, Don Armstrong wrote:
Should we decide to change the license, we should either use the MIT
license if we don't want it to be copyleft, or the GPL if we do. A
custom license is not something that we want to write, and especially
not without serious
On Sat, Apr 22, 2006 at 06:40:11AM -0700, Don Armstrong wrote:
The only change I made to it was substituting FreeBSD Documentation
Project for Debian Project.
You've sent two totally different licenses to the list so far; I was
refering specifically to the license which was attached to the
On Sat, Apr 22, 2006 at 04:47:53PM +0200, Florian Weimer wrote:
* Javier Fernández-Sanguino Peña:
Copyright 1997-2006 Software in the Public Interest, Inc. All rights
reserved.
Is this correct? Have all contributors assigned copyright to SPI?
Contributor assignment and the license
On Sun, Apr 23, 2006 at 11:57:00AM +0200, Francesco Poli wrote:
I think that a page very similar to
http://spohr.debian.org/~joeyh/testing-security.html
would help making the public aware of how things are going on for Debian
stable, from a security point of view.
The problem is, there is no
On Mon, Apr 24, 2006 at 09:54:11PM -0700, Don Armstrong wrote:
Here we basically have two choices.
Who's *we*? Have you talked to the security team or is this just wishful
thinking?
1. Certain people sign NDAs/agreements to get the early disclosure
information; in return they cannot
On Wed, Apr 26, 2006 at 06:33:12PM +0200, Ludovic Rousseau wrote:
Note that I am ready to NMU your package if you do not respond within one
week since the bug is RC.
Please go ahead.
Your prerm script can be removed now since the file
/etc/reader.conf.d/libetoken will not be created now
It
On Fri, Apr 28, 2006 at 08:12:43PM -0400, Aaron M. Ucko wrote:
The attached patch addresses both issues; could you please apply it,
or at least authorize an NMU?
Sure, go ahead and NMU. I've not been able to do so these weeks and might not
be able to through Debconf6.
Thanks for your help
On Sun, May 21, 2006 at 06:41:58PM +0200, Ludovic Rousseau wrote:
It is removed by postinst now. You could remove the removal and the call
to /usr/sbin/update-reader.conf once Debian Etch is out.
I also modified the Info.plist file.
- Only the first reader was used by pcscd because only
The latest OpenSSL version (0.9.8-6) does not seem to fix the problem with
Nessus, actually, it makes it work since now the workaround of using a
restricted set of ciphers no longer works either:
If you try to connect the Nessus client with the server you get this:
[26753] SSL_connect:
On Wed, Feb 15, 2006 at 12:09:43AM +1300, Matt Brown wrote:
Hi,
I have prepared a NMU patch to fix this bug as a part of the T S
portion of my NM application.
Thanks for doing this.
Additionally the running function never succeeded because portreserve
doesn't create a pid file. This is
On Thu, Feb 16, 2006 at 01:22:20AM +1300, Matt Brown wrote:
Hi Javier,
Hi there. I hope you don't mind me being a little bit picky, but I think it
helps you hone your skills :-)
* there's a buffer overflow if 'fname' is longer than 512 chars. buf should
*not* be of a static size
On Thu, Feb 16, 2006 at 09:52:24PM +1300, Matt Brown wrote:
On Wed, 2006-02-15 at 15:14 +0100, Javier Fernández-Sanguino Peña wrote:
The patch is now back down to the size/scope that I consider appropriate
for a NMU, I agree that the previous patch was getting a little unwieldy
and rough, my
On Fri, Feb 17, 2006 at 04:20:02PM +0100, Daniel Rodriguez Garcia wrote:
I have built a package that fixes the problem.
I include attached the source and binary files for the package.
It would have been best if you provided a patch against the current Debian
sources. The BTS should not be used
On Sat, Feb 18, 2006 at 02:47:33PM +1300, Matt Brown wrote:
I did however discover one minor bug that occurred when the stop target
of the init script was run twice in a row and resulted in some ugly
error output from trying to read the non-existant pidfile. The
functionality was still
On Sat, Feb 25, 2006 at 08:53:41PM +0100, Manolo Díaz wrote:
Hi,
After install the new package mozilla-thunderbird is still in English,
even removing .mozilla-thunderbird dir. Afteward, I've tried to remove
or reinstall the package with no success.
Yes, the prerm script is not correct, but
(Note: I missed Kurt's reply since he mailed the BTS but did not mail me
directly a copy...)
Hi, just a short message to let you guys know that the Nessus server -
client communication is working perfectly fine with OpenSSL version 0.9.8a-7.
Thanks!
Javier
signature.asc
Description: Digital
merge 356651 356807
thanks
On Tue, Mar 14, 2006 at 09:20:36AM +0100, Bastian Blank wrote:
There was an error while trying to autobuild your package:
Already reported, see 356651
Regards
Javier
signature.asc
Description: Digital signature
On Wed, Jun 21, 2006 at 05:15:07PM +0200, Pierre Morin wrote:
It doesn't seem to be a problem for other distros,
does it ?
Other distros ship non-free software and violate license conditions in free
software. And your point is?
Regards
Javier
signature.asc
Description: Digital signature
On Sun, Jul 02, 2006 at 12:17:47PM +0200, Julien Danjou wrote:
reopen 375404
thanks buddy, hit me five!
Hello,
It seems to be not fully fixed:
Yes, this is because Raphael fixed the shell script but did not fix the gpl.c
file, as this file will only regenerate if the COPYING file gets
severity 381726 normal
thanks
Demarc reported a security vulnerability to Snort through Bugtraq, this
security issue is actually a problem with the HTTP inspector module in
Snort which prevents it from detecting an attack against *Apache* web servers
(not others) because it doesn't take into
On Wed, Aug 16, 2006 at 12:37:44AM -0300, Margarita Manterola wrote:
I'll keep working on this, although I'm currently out of ideas.
I think your time should be better wasted on other packages' RCs right now,
as PaX (the kernel patch) is not even in etch so I don't think it's that much
of an
On Sat, Aug 12, 2006 at 11:42:05AM +0200, Julien Danjou wrote:
Package: samhain
Version: 2.2.0-2
Severity: serious
Hello,
There was a problem while autobuilding your package:
I cannot reproduce this issue and, moreover, it really looks like a GCC
issue:
sh_files.o: In function
On Sat, Aug 12, 2006 at 11:42:05AM +0200, Julien Danjou wrote:
Package: samhain
Version: 2.2.0-2
Severity: serious
Hello,
There was a problem while autobuilding your package:
Please also notice that I'm now building and uploading a new upstream version
(2.2.3) which (in its changelog)
On Thu, Aug 17, 2006 at 08:42:29PM +0200, Julien Danjou wrote:
Here is the full build log.
Umm.. I've noticed that you are building in a Xen kernel, is
'-fstack-protector' supported in that environment?
Could you try compiling some simple program with that gcc flag in your sbuild
environment?
severity 343487 grave
tags 343487 pending confirmed sid etch
reassign 343487 nessus
thanks
After debugging this issue in a system that Marc Haber set up for testing
I've found two different issues, one is a misconfiguration, the other is a
problem with the nessus package (the client)
-
On Wed, Dec 28, 2005 at 02:16:26AM -0800, Steve Langasek wrote:
The issue should be fixed by recompiling the client against a set of the
libraries, and should affect only the 2.2.5-3 version under i386. Notice,
also that the package has an undeclared dependency on libssl0.9.7 (the
binary
On Wed, Dec 28, 2005 at 11:31:11AM +0100, Javier Fernández-Sanguino Peña wrote:
* nessusd 2.2.5-3, the server, is linked against both 0.9.7 and
0.9.8
Just found out why this happened. The Nessus server gets compile against
both versions since libnasl depends on 0.9.7, I did not notice
On Wed, Dec 28, 2005 at 03:12:44AM -0800, Steve Langasek wrote:
Since there is no libssl097-dev any longer I guess I'll have to recompile
all
packages.
It should actually be possible to fix this with binNMUs on the autobuilders,
I think. I'll go ahead and queue those now.
Please
On Wed, Dec 28, 2005 at 02:54:17AM -0800, Steve Langasek wrote:
* nessusd 2.2.5-3, the server, is linked against both 0.9.7 and
0.9.8
Ok, I don't see this either:
$ ldd /tmp/nessus/usr/sbin/nessusd|grep ssl
libssl.so.0.9.8 = not found
$
Funny, it seems that ldd output varies
On Thu, Dec 29, 2005 at 11:17:41AM +0100, Marc Haber wrote:
The resulting packages naturally only depend on libssl0.9.7, and seem
to work fine. This might be a workaround.
Great, yes, this is a workaround. Unfortunately it's a *local* workaround.
Even if I can generate i386 packages compiled
FWIW, this bug causes the Nessus client to be unable to contact the server
(since they use server side certificates with OpenSSL) and is the root cause
of #343487. Please fix this bug as soon as possible or, otherwise, Nessus
users will not be able to use Nessus at all in sid/testing.
Thanks
On Tue, May 30, 2006 at 10:58:36AM +0200, Frederik Schüler wrote:
There was an error while trying to autobuild your package:
Yes, no arch seemed to build it, however:
configure.ac:44: error: m4_defn: undefined macro: _AC_LANG
autoconf/lang.m4:157: AC_LANG_POP is expanded from...
On Wed, May 31, 2006 at 02:43:02AM +0200, Javier Fernández-Sanguino Peña wrote:
From this it looks like AC_PROG_CC - AC_LANG_POP - _AC_LANG and
for some reason that macro is undefined. But samhain does not use that at
all, that's autoheader working here.
After debugging this issue, it seems
On Thu, Jun 01, 2006 at 03:43:44AM +0100, Christian Kujau wrote:
Q: is it possible to let packages just depend on libxyz rather than
libxyz-0.12? So, package libxyz-0.14 and libxyz-0.23 and -1.21 too
could Provides: libxyzI bet this is a FAQ but I still could
not find the
severity 370123 serious
merge 370123 369503
tag 369503 help upstream
thanks
I have forwarded this bug upstream as I have no idea how to fix
it myself. If any bug-squashing hunter can help with this bug I would
appreciate it.
Javier
- Forwarded message ---
From: Javier Fernández-Sanguino
tags 370808 upstream help
thanks
Hi Samhain support!
This is (again) the Debian maintainer of Samhain speaking. I wanted to notify
you of a bug recently submitted to the Debian Bug Tracking System: #370808
[1] it seems that the latest version of samhain cannot be built in amd64:
On Sun, Jun 11, 2006 at 09:42:28AM +0200, Andreas Barth wrote:
Package: euro-support-x
Version: 1.33
Severity: serious
Hi,
this package depends on the removed xfonts-base-transcoded.
When was this package removed? It still shows up in
On Sun, Jun 11, 2006 at 09:42:28AM +0200, Andreas Barth wrote:
this package depends on the removed xfonts-base-transcoded.
BTW, this package did not depend: on it, xfonts-base-transcoded was in the
Recommends: line so I don't see why this bug would qualify as serious.
In any case, a new package
On Sun, Jun 11, 2006 at 12:49:04PM -0700, Steve Langasek wrote:
When was this package removed? It still shows up in
http://packages.debian.org/unstable/x11/xfonts-base-transcoded
and is available in both sid and testing (in xorg-x11 6.9.0.dfsg.1-6)
It's been removed from unstable for a
On Mon, Jun 12, 2006 at 10:53:29AM +0200, Andreas Barth wrote:
* Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]) [060611 23:47]:
On Sun, Jun 11, 2006 at 09:42:28AM +0200, Andreas Barth wrote:
this package depends on the removed xfonts-base-transcoded.
BTW, this package did not depend
1 - 100 of 210 matches
Mail list logo