Package: libpam-ssh
Version: 1.91.0-5
Severity: critical
A long time ago (circa 1998 or so) I looked at pam-ssh project and
noticied several problems with it. And since it's now in Debian,
the same problems applies to Debian too.
Here's one.
in pam_sm_authenticate() routine, pam_ssh saves
Justin Pryzby wrote:
On Thu, Mar 24, 2005 at 03:55:06PM +0300, Michael Tokarev wrote:
Package: libpam-ssh
Version: 1.91.0-5
Severity: critical
A long time ago (circa 1998 or so) I looked at pam-ssh project and
noticied several problems with it. And since it's now in Debian,
the same problems
A small followup with additional comments.
Justin Pryzby wrote:
[]
It seems that your request can be easily satisfied by using the
reentrant versions of these functions, like getpwnam_r. I'm including
a test file I've been playing with, which indicates that a patch, if
necessary, would be
zze-Beta Testeur LABROSSE A ext RD-CSRD-GRE wrote:
Hi,
I'd read your posts to the bug, and now I wonder what to do. I Add an
url to a patch[1] that seems to reduce number of call to getpwnam(), and
improve the behaviour of all the module. Please tell me if the patch fix
problems you're talking
The last mdadm change -- 1.9.0-2.1 -- did NOT fix the bug,
but made the situation worse.
rcS.d/S04mdadm-raid is now the FIRST thing the system is
doing when booting. At that stage, /proc is not mounted
(it is mounted later), and in mdadm-raid bootscript, there's
the following code:
if [
Blah. It should Depends: on adduser (or is it Pre-Depends? adduser
is only used in postinst script.)
Also, the same postinst script references getent. While it's a part
of libc6, on which we already depends on, for other libc variations
it might not be the case. For example, libc6-udeb does
Santiago Vila wrote:
On Tue, 14 Nov 2006, Lucas Nussbaum wrote:
[]
Michael, this is just a missing dependency on adduser, which is needed
because adduser is not Essential: yes. Here is a patch:
Yup. I already replied to the original report a few minutes after I received
it. Should I add Cc:
Package: apache
Version: 1.3.33-6sarge1
Severity: grave
When upgrading apache (or dpkg-reconfiguring it), ServerName directive
is set to some value (defaults to `localhost'). Before upgrade the
configuration was perfectly valid, with ServerName taken from hostname
apache is running on. After
Debian Bug Tracking System wrote:
Processing commands for cont...@bugs.debian.org:
severity 570245 grave
Bug #570245 [qemu-kvm] qemu-kvm: kvm exits with unhandled vm exit: 0x11
Severity set to 'grave' from 'important'
Stefen, can you please, this and next time you merely
increases severity,
Christophe, can you please try 0.12 qemu-kvm
packages from my site, http://www.corpit.ru/debian/tls/kvm/
and see if these fixes your problem?
This bug is difficult to reproduce, upstream says
it's fixed long ago, and it also seems to affect
only Intel machines, but I only have AMD CPUs here.
The
Stefan Fritsch wrote:
On Mon, 1 Mar 2010, Michael Tokarev wrote:
Stefen, can you please, this and next time you merely
increases severity, give at least some hint about your
justification?
I thought from the original report it was obvious that this makes kvm
unusable, therefore this bug
tags 570245 + pending
thanks
Christophe Benz wrote:
Hi,
Your package corrects the bug (0.12.3).
Thank you for testing Christophe.
(And still does not work with 0.11.1+dfsg-1, with the same conditions).
I'm preparing 0.12.3 for real, since we now have
all the necessary dependencies in
severity 570245 important
thanks
I'm lowering severity of this from grave back to important
since the issue were quite infrequent and only reproduceable
on a few systems.
Thanks.
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
tags 573280 + pending
thanks
Bastian Blank wrote:
Package: qemu-kvm
Version: 0.12.3+dfsg-3
Severity: grave
qemu-kvm fails to install:
| Unpacking qemu-kvm (from .../qemu-kvm_0.12.3+dfsg-3_amd64.deb) ...
| No packages found matching kvm.
| dpkg: error processing
Stefano Zacchiroli wrote:
Dear maintainer,
I've prepared an NMU for qemu-kvm (versioned as 0.11.0+dfsg-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
It's fixed in git on collab-maint for quite some time ago,
in `mjt-changes' branch, by
Adrian Irving-Beer wrote:
Package: qemu-kvm
Version: 0.11.1+dfsg-1
Severity: serious
Justification: Policy 3.5
In Debian bug #566028, I reported that the latest version of qemu-system
had an unstated dependency on libgssapi_krb5.so.2. It seems that
qemu-kvm now has the same dependency
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Never mind. I checked the Debian packages page, looked at the readme and
discovered my error. I had assumed that qemu-kvm added kvm to the qemu
package when in fact it replaces it, but also requires a different
command to start.
Can you elaborate
Harald, are you sure the problem you have here is due
to mdadm change and not your new kernel change or even
fstab change?
The thing is that the NMU in question did not change any
stuff in mdadm related to booting. The issue you have
is that after the array gets assembled, it isn't handled
by
Jamie Thompson wrote:
Package: mdadm
Version: 3.0-2
Severity: normal
I upgraded grub and mdadm this afternoon, and whilst the process appeared
successful,
after rebooting the system would not come up - my mirrored root device was seemingly
gone.
Attempting to start it from the mdadm
Jan Christoph Nordholz wrote:
Hi Michael,
(the following holds for both autofs v4 and v5)
usually the daemon creates these directories on startup and removes
them on exit. If you do not want that to happen, it suffices to
mark the directory as u-w:
] r...@apocatequil:/etc# grep ^/misc
Jan Christoph Nordholz wrote:
Hi,
As I mentioned before, the ONLY way to stop it from
removing the top-level dir is to chattr+i it.
ah, autofs4 indeed removes the directory even without write permission
(v5 doesn't), I thought I'd checked that, too. But this behaviour has
been around for
Ondřej Surý wrote:
Well,
I am not going to argue whether this is grave security bug or not. But
I didn't want to mark it as grave. In fact, I did something wrong
while submitting the bug, so it ended up with wrong (or no) severity.
It's definitely a security-related issue.
please note that
Package: autofs
Version: 4.1.4+debian-2.1
Severity: grave
When the automount daemon exits, it removes the top-level mountpoint
directory. For example, when auto.master contains
/net /etc/auto/net
and the /net dir exists before startup, on shutdown corresponding
automount process does right
Thadeu Lima de Souza Cascardo wrote:
Hello, folks.
Hello.
Thank you for bringing this issue up again.
While udns has no entered etch or lenny, we should reconsider that
situation in the case of squeeze. Some software in Debian depends or may
be improved while depending on udns.
tags 594478 + pending
thanks
26.08.2010 13:31, Moritz Muehlenhoff wrote:
Package: qemu-kvm
Severity: grave
Tags: security
Justification: user security hole
This has been assigned CVE-2010-2784. Please see here for
references and a patch:
20.09.2010 14:58, Harald Staub wrote:
Package: qemu-kvm
Version: 0.12.5+dfsg-3
Severity: grave
I started some testing of the version of qemu-kvm of squeeze. I do this
on a lenny box, with a sid kernel (linux-image-2.6.32-5-amd64 2.6.32-23)
and backports of qemu-kvm and libvirt (0.8.3-1).
26.01.2011 00:25, Moritz Muehlenhoff wrote:
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
Yes, I've seen this even before CVE ID were assigned.
The impact is not entirely
On 26.01.2011 11:25, Julien Cristau wrote:
On Wed, Jan 26, 2011 at 08:56:06 +0300, Michael Tokarev wrote:
Second, this is an intended behavour. Emty vnc password
meant to be no authentication, not a lockdown. When you
start it without specifying a password it lets everyone
in.
Intended
Please excuse me for late reply - I missed your email initially somehow.
28.01.2011 00:59, Moritz Mühlenhoff wrote:
[]
Thanks for the verbose explanation. I've updated the Debian
Security Tracker.
While we're at it; could you please also look into
Package: locales
Version: 2.11.2-6
Severity: critical
Tags: l10n
There's a bug in et_EE.UTF-8 locale definition causing some latin
chars to be treated as non-letters. These are at least in range
t..y inclusive, i.e. [t-y]. Like this:
$ echo $LANG
et_EE.UTF-8
$ echo s | grep '[a-z]'
s
$
Ok, after discussing on #debian-devel and some more thinking,
even if it's 02:23 here already... I now see the problem
isn't in locales package actually, and it should affect
other locales too.
The prob is that people used to use [a-z] to mean all 26
latin chars, while various locales have them
reassign 600310 cron
retitle 600310 cron uses regexps that return wrong results depending on locale
severity 600310 serious
thanks
Ok, as stated in two previous emails, it's problem in cron, not in
glibc/locales. Sadly, but... ;) And the severity isn't critical
but serious (makes cron to not
Package: qemu-kvm
Version: 0.12.5+dfsg-4
Severity: serious
qemu-kvm source includes generated file,
roms/seabios/src/acpi-dsdt.hex, which is
a result of compilation by iasl. The
source for this file is included too,
in acpi-dsdt.dsl, but upstream makefile
does not even have a rule that checks
if
tags 618644 + pending
thanks
17.03.2011 10:20, Cyril Brulebois wrote:
Source: busybox
Version: 1:1.18.3-1
Severity: serious
Justification: FTBFS
Hi,
your package no longer builds on kfreebsd-*. Not sure what to quote,
since it explodes quite badly. :D
Yes I've seen this once it were
18.03.2011 19:38, Hector Oron пишет:
Package: qemu
Version: 0.14.0+dfsg-5
Severity: serious
Justification: FTBFS
User: debian-...@lists.debian.org
Hello,
Your package fails to build from source on armel build daemons:
CCx86_64-softmmu/translate.o
virtual memory exhausted:
First of all, big, LARGE Thank you Loïc, for the great work
you've done about this bug.
Somehow I haven't received earlier messages for #621137 even
when I'm subscribed, or else I'd reply sooner.
I wanted to get rid of that patch completely, together with
CONFIG_STANDALONE_SHELL busybox config
tag 627448 + confimed upstream patch pending
found 627448 0.12.5+dfsg-5+squeeze1
found 627448 0.14.0+dfsg-1~tls
thanks
20.05.2011 21:33, Moritz Muehlenhoff wrote:
Package: qemu-kvm
Severity: grave
Tags: security
Hi,
the following security issue was reported in qemu-kvm:
CVE-2011-1751:
tag 627448 - patch pending
thanks
20.05.2011 22:33, Michael Tokarev wrote:
CVE-2011-1751:
http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html
http://patchwork.ozlabs.org/patch/96331/
I wanted to sort it out yesterday when I saw the bugreport
and the CVE assignment
the
+no_hotplug attribute when handling hot-unplug request from guest.
+(closes: #627448)
+
+ -- Michael Tokarev m...@tls.msk.ru Sat, 21 May 2011 10:45:52 +0400
+
qemu-kvm (0.12.5+dfsg-5+squeeze1) stable-security; urgency=high
* fix CVE-2011-0011: Setting VNC password to empty string
@@ -6,7 +30,7
31.05.2011 10:59, Harald Staub пишет:
When patching KVM hosts, our preferred way is to live migrate the VMs to
another host temporarily.
I see that the fix for squeeze needed some backporting work. In
particular, it introduces a no_hotplug property.
That propery is internal for the device
tags 604604 + moreinfo
thanks
23.11.2010 01:20, Jakub Wilk wrote:
Package: qemu-kvm
Version: 0.13.0+dfsg-2
Severity: grave
Justification: renders package unusable
After 0.12.5+dfsg-5 - 0.13.0+dfsg-2 upgrade kvm doesn't start anymore.
I get an error immediately:
$ kvm
kvm: vm entry
tags 604604 - moreinfo
tags 604604 + confirmed upstream patch
reassign 604604 linux-image-2.6.32-5-i686 2.6.32-27
severity 604604 normal
thanks
23.11.2010 01:20, Jakub Wilk wrote:
Package: qemu-kvm
Version: 0.13.0+dfsg-2
Severity: grave
Justification: renders package unusable
After
After several years of silence I'm about to release
a new version of udns, with just one bugfix and a change
from sequentional queue IDs for queries to random, using
a simple pseudo-random number generator by Bob Jenkins.
This affects queueIDs _only_, not source port, because
by design udns uses
Replying to an old email from more than a year ago.
I'm about to release a new version of udns, and
thought I'd put some missing dots under is and
address the concerns...
I'm quoting whole thing just to show context, I have
a question for only one point below, with a few short
comments.
tags 605800 + unreproducible
quit
03.12.2010 19:20, Gustavo Moreno wrote:
Package: KVM
Version: 1:0.12.5+dfsg-5
Severity: grave
After upgrading, any KVM virtual machine crashes when it try to start,
althought Qemu machines work fine. AQEMU gui doesn't crash.
I'm runnuing a amd64 kernel,
03.12.2010 23:08, Gustavo Moreno wrote:
Please, excuse my fault about lack of information and misclassification,
also for my mistakes with English. This is my first bug report! I marked
it as serious because I understood that would be a problem that could
affect a lot of users, making their
reassign 605800 linux-2.6 2.6.32-28
severity 605800 normal
merge 604956 605800
thanks
04.12.2010 00:01, Gustavo Moreno wrote:
I've already got a precompiled 64 bit kernel on this machine, namely.
linux-image-2.6.32-5-amd64 version:2.6.32-28
linux-headers-2.6.32-5-amd64
Package: extlinux
Version: 2:4.02+dfsg-7
Severity: serious
Tags: squeeze
extlinux-update script quietly overwrites /etc/default/extlinux file
on each invocation. The file in question, according to the Policy,
is a configuration file, so the local changes made to this file should
be preserved. I
19.12.2010 14:31, Daniel Baumann wrote:
On 12/19/2010 12:25 PM, Michael Tokarev wrote:
extlinux-update script quietly overwrites /etc/default/extlinux file
on each invocation. The file in question, according to the Policy,
is a configuration file, so the local changes made to this file should
tags 646984 + confirmed upstream patch pending
thanks
On 29.10.2011 03:38, Axel Beckert wrote:
Package: busybox-syslogd
Version: 1:1.19.2-1
Version: 1:1.19.2-3
Severity: grave
Justification: Makes package (nearly) unusable
Hi,
since 1:1.19.2-1, line breaks, date, hostname, log entry
Package: network-manager
Version: 0.9.0-2
Severity: critical
Having this network configuration (/etc/network/interfaces):
- cut -
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.88.2
netmask 255.255.255.0
gateway 192.168.88.4
bridge-ports eth0
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: serious
Tags: patch security squeeze upstream sid
There is a buffer overflow in handling of network
packets transmitted from guest to qemu/kvm process
in e1000 emulated device. A malicious guest running
on a virtual machine with
On 28.01.2012 03:04, Matt Kraai wrote:
Hi,
I've attached a patch that should fix this problem to this message.
It's based on the patch used to fix this problem in unstable, which
doesn't apply cleanly to the stable version. I wasn't sure what do to
about the patch headers, so I left them
Package: libspice-protocol-dev
Version: 0.10.1-1
Severity: grave
Tags: sid
The new upstream version of spice-protocol introduced a new
dependent library - xinerama. When building a package which
depends on libspice-protocol-dev, pkg-config does not work:
$ pkg-config --cflags spice-protocol
More info about this matter.
We've seen this already with previously introduced very
similar (and also unsatisfied) dependencies, see #637189
for that. Now the same repeats again.
Upstream commit cc71891a02dea95f2a65c943c634d3a043c9c394
added this to configure.ac:
+if test x$have_xinerama =
tags 658853 + confirmed pending
thanks
On 06.02.2012 16:48, Antonio Terceiro wrote:
Package: qemu-kvm
Version: 1.0+dfsg-7
Severity: serious
qemu-kvm depends on ipxe, which in turn breaks all qemu-kvm versions up to the
one in sid.
Yes, it was me who requested that ipxe-qemu package should
The same is obviously true the other way around:
on a 32bit x86 userspace it was possible to compile
64bit binaries using -m64. Now this is broken in
exactly the same way as it is for -m32 on 64bits.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
Package: libspice-server-dev
Version: 0.8.2-1
Severity: grave
In pkg-config file of libspice-server-dev, pixman-1 (= 0.17.7) is
specified as required, yet it is not marked as such in the
libspice-server-dev package control file. This means that
installed libspice-server-dev package is unusable
09.08.2011 14:26, Michael Tokarev wrote:
[]
There are other dependencies too, like alsa openssl xrandr etc,
but I haven't checked these.
See also
http://cgit.freedesktop.org/spice/spice/commit/?h=0.8id=54c660470a5aea19f799c5574cc0d4a707696712
--
this is actually a bugfix, -- spice .pc file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
16.08.2011 11:28, Liang Guo wrote:
Hi, Kilian,
I've uploaded new spice 0.8.2-2 to mentors.d.n, it can be get with:
dget -x http://mentors.debian.net/debian/pool/main/s/spice/spice_0.8.2-2.dsc
This update have following changes:
* Add
16.08.2011 11:50, Liang Guo wrote:
Hi, Michael,
On Wed, Aug 10, 2011 at 5:49 AM, Michael Tokarev m...@tls.msk.ru wrote:
09.08.2011 14:26, Michael Tokarev wrote:
[]
There are other dependencies too, like alsa openssl xrandr etc,
but I haven't checked these.
See also
http
17.08.2011 00:46, Julien Cristau wrote:
Even with Requires.private you'll need the corresponding -dev packages
in Depends, because pkg-config will look for them for --cflags, just not
--libs.
You're right, it complains without libpixman-1-dev too, just as before.
It looks like it may be
17.08.2011 01:24, Julien Cristau wrote:
On Wed, Aug 17, 2011 at 00:59:36 +0400, Michael Tokarev wrote:
17.08.2011 00:46, Julien Cristau wrote:
Even with Requires.private you'll need the corresponding -dev packages
in Depends, because pkg-config will look for them for --cflags, just
17.08.2011 12:16, Liang Guo wrote:
On Wed, Aug 17, 2011 at 5:33 AM, Michael Tokarev m...@tls.msk.ru wrote:
We'll need to list all the rest in build-depends too, and update
it every time upstream will pick something else as needlessly as
it is now. In particular, currently it's libssl-dev
Package: qemu-kvm
Version: 0.14.1+dfsg-2, 0.12.5+dfsg-5+squeeze4
Severity: serious
Tags: patch security squeeze upstream sid
qemu-kvm in squeeze and sid has an issue described in CVE-2011-2212.
Due to a programming error, it is possible for a rogue guest to
access and overwrite host process
11.07.2011 12:10, Roland Stigge wrote:
Hi,
the latest libowfat-dev has the same file /usr/include/cdb.h as
libcdb-dev. Will add a Conflicts: libcdb-dev for now.
Actually it's interesting situation. Both libraries provide
the same functionality indeed (I mean the cdb part of it, --
I
Package: qemu-kvm
Version: 0.12.5+dfsg-5
Severity: serious
Tags: patch squeeze sid upstream security
qemu-kvm does not clear list of supplementary groups
when processing -runas argument which supposed to tell
it to drop as much privileges as possible.
See https://bugs.launchpad.net/bugs/807893
27.07.2011 00:52, Moritz Muehlenhoff wrote:
Package: udhcpc
Severity: grave
Tags: security
Dear Busybox maintainers,
it was discovered that busybox's udhcpc is also affected by
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Interesting.
How about checking various IP
30.07.2011 01:06, Ralf Jung wrote:
Machine: HP Compaq 615
Processor: AMD Athlon(tm)X2 DualCore QL-66
Memory: 4 GiB
Partitions:
Device Boot Start End Blocks Id System
/dev/sda1 *2048 1228761438976 83 Linux
/dev/sda2 12288 131071999
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze3
Severity: grave
Tags: upstream security squeeze sid
The virtio_queue_notify() function checks that the virtqueue number is
less than the maximum number of virtqueues. A signed comparison is used
but the virtqueue number could be negative if a
29.06.2011 00:31, Michael Tokarev wrote:
Additional information:
http://patchwork.ozlabs.org/patch/94604/ (upstream patch)
https://bugzilla.redhat.com/show_bug.cgi?id=717399
The problem affects both sqeeze and sid versions. It is present in
lenny too, but that one is hopeless (we should
Source: id3v2
Version: 0.1.12-2
Severity: serious
Here's the complete listing of .orig.tar.gz as of version 0.1.12:
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:29 id3v2-0.1.12/
-rw-r--r-- nagilo/nagilo 19552 2010-03-27 02:28 id3v2-0.1.12/list.o
-rw-r--r-- nagilo/nagilo 6012 2010-03-27 02:26
[Cc'ing Volker Ruppert, hopefully using the right address.
Initial message can be found at http://bugs.debian.org/654823 ]
On 06.01.2012 02:23, Michael Tokarev wrote:
Package: vgabios
Version: 0.7a-1
Severity: grave
Severity is grave since it affects most users, while the problem
itself
I'm Cc'ing the relevant bug# so others may see this information.
Hopefully you wont object -- the bug is public for a long time.
On 05.10.2011 16:04, Nico Golde wrote:
Hi,
* Nico Golde n...@ngolde.de [2011-10-05 11:21]:
* Michael Tokarev m...@tls.msk.ru [2011-10-05 10:34]:
On 05.10.2011 02:42
On 05.10.2011 22:53, pille wrote:
In this case there is very little I can do. I have done multiple
squeeze installs with RAID, and upgrades, and I have not seen this
problem. Unless you can reproduce this bug, I cannot do anything but
keep this report open.
i've just reproduced such a
tags 645976 + upstream pending
thanks
On 20.10.2011 08:00, Peter Eisentraut wrote:
Package: qemu-kvm
Version: 0.14.1+dfsg-4
[]
Error: pa check failed
This is fixed upstream:
commit 20fa53ece42bec6ce5db801bead125277b26ab8a
Author: Marc-Antoine Perennou marc-anto...@perennou.com
Date: Fri
On 23.10.2011 01:49, Stefan Lippers-Hollmann wrote:
Package: busybox
Version: 1:1.19.2-1
Severity: grave
Justification: Breaks system booting using initramfs-tools in non-trivial
ways.
Tags: patch
X-Debbugs-CC: Debian kernel team debian-ker...@lists.debian.org
Hi
Initramfs images
severity 646285 grave
merge 646284 646285
thanks
On 23.10.2011 01:56, Andre Tomt wrote:
Package: busybox
Version: 1:1.19.2-1
Severity: critical
Justification: breaks the whole system
It seems $PATH handling has stopped working, breaking initramfs-tools making
the system unbootable.
Um. I almost missed this mail since it is dated 2 months ago...
On 12.08.2011 10:31, Jörgen tegner wrote:
Hi,
can you write down the steps required to get back to a bootable system?
You'll have to boot from a cd-rom or using other alternative way,
eg, using an installation CD-rom, or some
Source: qemu
Severity: serious
Tags: patch upstream pending
There's a long-standing bug in qemu's vmdk format handling, which may
lead to data corruption when using vmdk-format images. It is fixed
by upstream commit b1649fae49a899a222c3ac53c5009dd6f23349e1 .
Original thread:
Source: qemu
Severity: serious
Tags: upstream patch pending security
When guest does not enable large packet receiving from the qemu-emulated
e1000 device, and a large packet is received from the network, qemu will
happily transfer whole thing to guest, causing a guest buffer overflow.
This is
21.12.2012 17:06, Abou Al Montacir wrote:
On Thu, 2012-12-20 at 23:08 +0100, Bastian Blank wrote:
On Thu, Dec 20, 2012 at 10:42:41PM +0100, Abou Al Montacir wrote:
Can you please test the attached patch
How does it implement stream padding?
Hi Bastian,
As it is implemented, it will
Package: libldns1
Version: 1.6.13-1~bpo60+1
Severity: grave
Justification: breaks other package(s)
After updating unbound, which is linked with libldns1, from the
version in squeeze-backports to the one in wheezy, the daemon
does not start:
Starting recursive DNS server: unbound
Source: roxterm
Version: 2.6.5-1
Severity: grave
Tags: security
When trying to click on an URL inside the roxterm window that contains
a single quote ('), the resulting command sent to the shell includes
this quote and is interpreted by the shell, for example:
http://example.com/quote'here
Control: severity -1 normal
Control: tags -1 - security
29.12.2012 15:49, Michael Tokarev wrote:
Source: roxterm
Version: 2.6.5-1
Severity: grave
Tags: security
When trying to click on an URL inside the roxterm window that contains
a single quote ('), the resulting command sent to the shell
Control: reopen -1
Control: retitle -1 potential guest-side buffer overflow caused by e1000 device
emulation and large incoming packets - CVE-2012-6075
Control: tags -1 + patch pending upstream
There is another half of the same issue. Current patch/fix which
has been applied is about the case
01.01.2013 06:32, Jonathan Nieder wrote:
Package: qemu-system
Version: 1.3.0+dfsg-1~exp1
Severity: serious
Justification: failed upgrade
From today's upgrade:
| Preparing to replace qemu-system 1.3.0+dfsg-1~exp1 (using
.../qemu-system_1.3.0+dfsg-1~exp3_amd64.deb) ...
| Unpacking replacement
11.01.2013 20:42, Graham wrote:
Hi,
Though I'm currently not using md, I have done so in the past, and it
has always worked well for me. I saw this bug report and thought that
I might try to reproduce it. Here's what I did:
That's basically the steps I used too, more or less, when trying to
I'm sorry this took too long. I was very busy last ~3 weeks.
Now I looked at it all, and have a few comments. I'm not sure
there's a need to respin/resend this patch, if you agree I'll
take care of it myself. Comments are inline.
On 02.10.2012 17:20, Miquel van Smoorenburg wrote:
Package:
On 21.10.2012 13:46, Michael Tokarev wrote:
So, finally, this whole stop case - I'd write it like this:
stop)
sync # XXX it can be a bad idea to sync here?
# check if there are ANY arrays, and stop any ongoing sync_actions
wait=
for sf in /sys/block/md* ; do
[ -d $sf
Control: tags -1 unreproducible moreinfo
On 06.11.2012 15:40, Teodor wrote:
Package: qemu
Version: 0.12.5+dfsg-3squeeze2
Severity: serious
Hi,
I've just had a system crash a few seconds after I removed 'libaio1
package (declared orphan by deborphan).
What kind of crash? Crash of what,
On 06.11.2012 17:02, Teodor MICU wrote:
2012/11/6 Michael Tokarev m...@tls.msk.ru:
On 06.11.2012 15:40, Teodor wrote:
I've just had a system crash a few seconds after I removed 'libaio1
package (declared orphan by deborphan).
What kind of crash? Crash of what, exactly? What you were
On 06.11.2012 17:39, Teodor MICU wrote:
2012/11/6 Michael Tokarev m...@tls.msk.ru:
So, can you start it again when libaio1 is NOT installed?
Yes, I was able to start the VMs again after the libaio1 removal. I'm
not sure about the full Xen system -- I can't test now.
In this case you really
tags 677254 + upstream pending
forwarded 677254 https://bugs.busybox.net/show_bug.cgi?id=5300
thanks
On 12.06.2012 21:19, Samuel Thibault wrote:
Christoph Egger, le Tue 12 Jun 2012 18:19:03 +0200, a écrit :
Your package failed to build on the kfreebsd-* buildds:
LD procps/built-in.o
On 01.06.2012 16:23, Michael Tokarev wrote:
On 01.06.2012 16:15, Dmitry Smirnov wrote:
Hi Michael and William
Dmitrijs called off his NMU and expressed his interest to join our team
while I updated repository with more changes.
I'm doing some last-minute changes too, which we discussed
On 01.06.2012 18:42, Dmitry Smirnov wrote:
Hi Michael,
Dmitry, your two changes, both marked as fixing #674391,
are wrong and needs revered.
First, a small thing, the kmod change,
c6ac061e12208cdf32291223b27caeefec6ce241.
Here's the changelog difference from it:
[Dmitry Smirnov]
-
Lucas, can you please verify the new release
actually fixes the bug you reported? We made
some changes in attempt to fix this issue, but
Dmitry says it still fails to build, and I can't
reproduce it locally.
Thank you!
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
On 03.06.2012 13:43, Thijs Kinkhorst wrote:
Hi all,
Reading the bug about CVE-2011-2716, I think the only question left is this:
So, in all cases the variable is enclosed in double quotes.
Yes this look secure. What about the udeb script?
On 03.06.2012 15:29, Thijs Kinkhorst wrote:
[]
Good! Will you ensure that 1.20 ends up in wheezy?
Yes I very much like to have at least this version
in wheezy.
Thanks,
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: openbios-ppc
Version: 1.0+svn1047-1
Severity: serious
The package fails to build from source, on either squeeze or wheezy.
This is because of wrong code in config/scripts/switch-arch:
select_prefix()
{
for TARGET in ${1}-linux-gnu- ${1}-linux- ${1}-elf- ${1}-eabi-
do
if
1 - 100 of 352 matches
Mail list logo