Hello people,
Just for the record here, the eAccelerator upstream website lists the
following news item:
2005/07/11 - License Issue
Frank Alcantara is now speaking directly to Mr. Turck, the owner of
the copyright. We are making progress. Thanks for all people who have
helped us. We will
severity 325215 normal
close 325215 2:1.4.5-1
thanks
On Fri, 2005-08-26 at 18:16 -0300, Ezequiel Larrarte wrote:
Package: squirrelmail
Version: 2:1.4.4-6sarge1
Severity: grave
Justification: renders package unusable
Please, this is not a grave bug. That in some cases some attachments
don't
tags 348044 moreinfo
thanks
Hello Lewis,
Unable to install the process exits with sub-process error.
apt-get remove --purge ca-certificates and later re-installation also fails.
I have tried and can install the package here just fine. The
'sub-process error' is not the real error but an
Hello Pierre security team,
While this issue has been addressed in unstable before the holidays,
CVE-2005-3334 (multiple xss in flyspray) is still open in sarge. I've
taken the liberty to prepare a patch and updated packages.
In short:
Taken patch from sid(/upstream), updated it to match the
Hello Pierre,
On Mon, January 16, 2006 18:44, Pierre Habouzit wrote:
thanks a lot to have it sorted out !
should I prepare a security upload aimed to sarge ? or do the security
team will handle it ? I must say I'm not very used to security uploads
(this one beeing almost my first one).
I
On Tue, February 1, 2005 11:59, Thomas Nagel said:
Package: squirrelmail
Version: 1.4.4-1
Severity: serious
Information leakage is enabled by default via the newly added
/usr/share/squirrelmail/src/configtest.php Script which should be
disabled (or as a minimum a Deny line should be added
Hello,
I will upload a new release to correct the 'minor' and 'normal' bugs
soon.
Since the maintainer indicated he is working on the package and it is
still relevant, is it still necessary to keep this bug release critical
or can the severity be lowered?
Thijs
signature.asc
Description:
Hello,
On Thu, 29 Sep 2005, Moritz Muehlenhoff [EMAIL PROTECTED] wrote:
mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
the latest DSA upload that fixed several others:
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List of
On Wed, October 26, 2005 23:30, Moritz Muehlenhoff wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/ for
On Thu, October 27, 2005 11:26, Moritz Muehlenhoff wrote:
I assume you've prepared packages of 0.19.3?
This would address the SQL injection issue and the other XSS in
view_all_set as well, which are both not yet in the BTS.
Yes, I have.
Thijs
On Thu, October 27, 2005 14:56, Martin Schulze wrote:
I assume you've prepared packages of 0.19.3?
This would address the SQL injection issue and the other XSS in
view_all_set as well, which are both not yet in the BTS.
The latest issues have been assigned CVE-2005-333[6789], BTW.
Do you
with Moritz assertions that woody is most probably not
vulnerable.
regards
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
The included patches look fine and correlate to what I extracted from the
interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
The mantis bug is non-public, but according to the description it's
a cross-site-scripting
On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote:
| After these weaknesses were found and disclosed to the vendor
| nearly 80 days ago, several problems with unitialised variables
| were discovered that allow XSS, SQL injection and even remote
| execution of arbitrary PHP code, when
On Mon, 2005-10-31 at 17:22 +0100, Moritz Muehlenhoff wrote:
It's hard to tell, whether it's the same issue as #5959 is non-public, but at
least there are two different CVE mappings. (CVE-2005-2557 and CVE-2005-3337).
But it might very well be that the CVE description is wrong, as all these
On Mon, 24 Oct 2005 18:46:13 +0300, Faidon Liambotis [EMAIL PROTECTED]
writes:
upstream's SVN log shows several bugfixes, including memory leak
fixes. An update to the latest version will probably fix these
problems.
Actually, Debian already contains the most recent upstream release,
2.6.2,
On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote:
A new round of security issues in phpBB has been disclosed.
Hello people,
Here's an update on the current state of affairs of the issues fixed in
2.0.18.
UNSTABLE
Packages for 2.0.18 for sid are nearly ready, we only need some code to
, thank you for your report, I will check this out with
upstream to see what's going on here.
regards,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Hello,
Update: A new vulnerability has been discovered in squirrelmail. We'll
release one advisory for this one and the new one (to be announced soon).
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: squirrelmail
Version: 1.4.4-6
Severity: grave
Tags: security fixed-upstream sarge etch sid
[I've submitted this a couple of days ago but it never arrived in the
BTS for some reason]
A vulnerability has been discovered in the handling of the $_POST
variable in a specific part of
.
regards,
Thijs Kinkhorst
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tags 317739 +patch
thanks
Hey people,
I've prepared the attached patch with addresses this issue.
Jeroen, can you review? And shall we release an advisory about this or
wait for information from the phpbb-team?
Thijs
--- bbcode.php 2005-05-12 22:55:50.0 +0200
+++ bbcode.php.new
On Tue, July 12, 2005 12:28, Jeroen van Wolffelaar wrote:
It should really be tested on plain upstream 2.0.16 before reporting.
Can you try that? I'll then report it upstream and hopefully get a
response quickly.
I can confirm that it is reproducible on 2.0.16.
Thijs
--
To UNSUBSCRIBE,
And in debian rules:
# dh_shlibdeps -A
Please don't do this. You have incorrect/missing dependencies because
of this.
Thank you for your report. I will look into this tonight.
regards,
Thijs Kinkhorst
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
retitle 317739 XSS in phpbb2 (MS IE only) [CAN-2005-2161]
thanks
This is CAN-2005-2161.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
tags 317739 fixed-upstream
thanks
On Thu, 2005-07-14 at 09:16 +0200, Thijs Kinkhorst wrote:
This is CAN-2005-2161.
Upstream has released 2.0.17 with a patch for this vulnerability. I'll
prepare updated packages for our current Debian versions, and after that
we'll probably also upload 2.0.17
Hello Kurt, Thomas,
Since aspell-nl now has an RC bug (#319156) it might be the right time
to adopt the package?
regards,
Thijs
signature.asc
Description: OpenPGP digital signature
On Tue, 2005-10-11 at 22:58 +0200, Bastian Blank wrote:
Package: dutch
Version: 1:0.1e-39
Severity: serious
There was an error while trying to autobuild your package:
Thank you for your report.
Automatic build of dutch_1:0.1e-39 on debian01 by sbuild/s390 69
[...]
** Using build
Hello people,
Also, you need to make sure the package builds on a machine which is
offline, since requiring network access during a package build is a
serious problem -- although I haven't yet been able to check whether
that's the case here.
I can confirm that the package doesn't build
this is not
intended as an offence; it's part of my NM-process to fix an RC bug and
prepare an NMU for it.
regards,
Thijs Kinkhorst
diff -u libcgi-ssi-perl-0.88/debian/changelog libcgi-ssi-perl-0.88/debian/changelog
--- libcgi-ssi-perl-0.88/debian/changelog
+++ libcgi-ssi-perl-0.88/debian/changelog
retitle 242117 Should cabot be removed?
thanks
Hello all,
I propose to remove cabot from Debian for the following reasons:
* Has been orphaned for nearing four months now.
* Has never been part of stable or testing.
* Is not maintained upstream.
* Functionality is provided by caff from the
Hello,
Stefan Fritsch has prepared a QA upload that fixes this RC bug, and
awaits a sponsor. The packages can be found at this URL;
signature.asc
Description: This is a digitally signed message part
On Tue, 2005-11-22 at 10:22 +0100, Thijs Kinkhorst wrote:
Hello,
Stefan Fritsch has prepared a QA upload that fixes this RC bug, and
awaits a sponsor. The packages can be found at this URL:
The packages can be found at this URL:
http://tuco.sfritsch.de/~stf/squidguard/
bye,
Thijs
Richard Antony Burton [EMAIL PROTECTED] wrote:
Until recently this worked fine, but now I'm getting:
Connecting to master.debian.org via SMTP...
SMTP send failure: {'[EMAIL PROTECTED]': (550, 'relay not permitted')}
Don't you think this bug could be better solved by having master relay
mail
On Tue, 2005-11-22 at 12:59 +0100, Stefan Fritsch wrote:
There is also a possible license problem (a weird interpretation of GPL
on the upstream homepage). But maybe this can be ignored for the moment to
get rid of libdb4.1.
Let's take a look...
Jeroen van Wolffelaar [EMAIL PROTECTED]
/rules causing a FTBFS (Closes: #337996).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Wed, 23 Nov 2005 09:42:39 +0100
+
xine-lib (1.0.1-1.3) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- xine-lib-1.0.1.orig/src/input/input_cdda.c
+++ xine-lib-1.0.1/src/input
retitle 337391 libcgi-ssi-perl: requires net access to build
tags 337391 +pending
thanks
While the build-depends on netbase indeed solves this bug for networked
build hosts, the real problem was that 'make test' tried to access network
resources. I've disabled those tests that require network
Debian? Or is there still a need to keep it?
If you think it's right to remove it, please reassign this bug to
ftp.debian.org.
thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Hello Laurent,
Could you upgrade quickly? This bug is open for 29 days and involve
security problems...
Coincidentally we were already working on it, and the fix has been
uploaded to Debian last night.
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
On Tue, 2005-11-01 at 20:52 +0100, Thijs Kinkhorst wrote:
Packages for 2.0.18 for sid are nearly ready, we only need some code to
add a new database table. Jeroen is working on this, and will upload as
soon as this is fixed.
Packages for sid have been uploaded. CVE-names were not present
On Wed, November 30, 2005 18:02, Thijs Kinkhorst wrote:
CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities
- 1. error_msg parameter to usercp_register.php
- 2. forward_page parameter to login.php
- 3. list_cat parameter to search.php
- Only relevant when register_globals
variables to strings instead of arrays.
+~ CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities.
+(Closes: #336582, #336587, #335662)
+
+(Items marked with ~ are only a vulnerability when running with the
+heaviliy discouraged register_globals = off setting)
+
+ -- Thijs
.
+ * Only conditionally include debconf confmodule in postrm.
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Wed, 15 Nov 2006 23:10:41 +0100
+
yada (0.49) unstable; urgency=low
* debian/packages:
diff -Nru /tmp/vic5eorRM6/yada-0.49/debian/yada /tmp/AGMh1FzQ0r/yada-0.49/debian/yada
--- /tmp/vic5eorRM6
On Sun, November 19, 2006 11:37, Thomas Babut wrote:
3 security issues were fixed with the new version of phpMyAdmin 2.9.1.1.
All 3 issues affects all previous versions of phpMyAdmin. This also
applies to Sarge.
See this security announcements:
Hi,
I'd like to request the approval of uploading a new upstream version of
phpMyAdmin, 2.9.1.1. I'm skipping one upstream version here (Debian
currently has 2.8.0.3) since I deliberately did not upload the newer
upstream without a pressing reason.
Now a couple of security issues have surfaced
Hi all,
Just after releasing a DSA for phpMyAdmin, some new issues are reported.
Thomas Babut wrote:
3 security issues were fixed with the new version of phpMyAdmin 2.9.1.1.
All 3 issues affects all previous versions of phpMyAdmin. This also
applies to Sarge.
See this security
Thijs Kinkhorst wrote:
I'd like to request the approval of uploading a new upstream version of
phpMyAdmin, 2.9.1.1. I'm skipping one upstream version here (Debian
currently has 2.8.0.3)
That should be 2.9.0.3.
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
severity 398519 normal
tags 398519 unreproducible
thanks
Hi,
Unable to execute show procs [Access denied; you need the PROCESS privilege
for this operation]
Stack Trace:
at main::__ANON__(/usr/bin/mtop:560)
at main(/usr/bin/mtop:1193)
Thank you for your report against mtop. I've
| postgresql-client, since these
+are used in the package's postinst (Closes: #398635).
+ * Update FSF address in debian/*copyright.
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Thu, 30 Nov 2006 09:56:08 +0100
+
phpgroupware (0.9.16.011-2) unstable; urgency=low
* Fix Depends typo to read
It works fine on php 5.[01].x
But etch is going to ship with php 5.2. If phpgroupware is to be included
with etch, we'll need a phpgroupware package that's compatible with php 5.2.
While obviously suboptimal, the phpgroupware package could tighten its
dependencies to just php4 and work
tags 401614 moreinfo
thanks
Florian Weimer wrote:
Package: serendipity
Tags: security
Severity: grave
Version: 1.0.3-4
Version 1.0.4 fixes a directory traversal security bug. Please
mention the ID CVE-2006-6242 in your upload.
I'm not sure that it does. The changelog of that version is
severity 401614 normal
tags 401614 -moreinfo
thanks
Florian Weimer wrote:
Version 1.0.4 fixes a directory traversal security bug. Please
mention the ID CVE-2006-6242 in your upload.
If you want to apply a patch, this seems to be upstream trunk revision
1528, but it's better to check that
reopen 401045
severity 401045 important
retitle phpgroupware: Should regain support for PHP5
thanks
* Non-maintainer upload.
* Remove php5 as alternative, as phpgroupware is incompatible with php5.2.
Closes: #401045
Good to see that this is at least fixed in some way (rather than
On Wed, 2006-04-05 at 19:45 +0200, Erich Schubert wrote:
Hi,
There's of course the question whether it should be removed altogether
since it's orphaned, but that's a different one, and I don't see a
pressing reason for that (there are a handful of users and no bugs).
A couple of
reopen 263358
thanks
On Wed, 2006-04-05 at 14:04 -0400, Justin Pryzby wrote:
As it stands, this package will move to testing. Do you really want
that to happen? I think an RC bug about don't move to sarge should
remain RC even after sarge released, unless someone agreeing to
maintain the
libmysqlclient14-dev no longer exists in unstable; you have to move to
version 15.
As noted in #357069, you just need to remove the build dependency since
it's unneeded.
Thijs
signature.asc
Description: This is a digitally signed message part
On Wed, April 5, 2006 23:20, Erich Schubert wrote:
Hi,
Erich, will you request removal from unstable, or do you want me to do
I had someone who mentioned interest in maintaining minit once, I think
this year, and way past I had orphaned it. I'll ask him if he still wants
to become the new
On Sun, 2006-04-30 at 21:31 +0200, Stefan Fritsch wrote:
Unspecified vulnerability in phpBB allows remote authenticated users
with Administration Panel access to execute arbitrary PHP code via
crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature
values, possibly involving the
Hello Jose Carlos,
On Wed, 26 Apr 2006 18:24:09 -0300, you wrote:
I have one sponsor, Im solving another bugs before send him webalizer.
I will send this package tomorrow.
Did you make any progress on this? I'd prefer if you uploaded the new
webalizer version quickly than if it takes longer
Hello,
I'll make the valgrind dependency architecture dependent. I'll
have to do some reading to figure out how to do that.
Here's a patch.
Thijs
--- poker-network-1.0.19.orig/debian/control 2006-05-15 14:26:52.0 +0200
+++ poker-network-1.0.19/debian/control 2006-05-15
On Mon, 2006-05-15 at 08:31 +0200, Jeroen van Wolffelaar wrote:
On Wed, May 03, 2006 at 10:56:33AM +0200, Thijs Kinkhorst wrote:
Thanks for the report. While I think that people who are admin can
already do a lot of damage and should hence be considered trusted,
executing php code is a step
tags 365533 pending
thanks
On Thu, 2006-05-18 at 05:21 +0200, Moritz Muehlenhoff wrote:
W.r.t. unstable, I will look into that very soon, we'll need to be
upgrading to a new upstream aswell. I'll check whether that can be done
in the short term, if not, I'll prepare a patched package.
Hello,
Thanks for your report.
On Sun, 2006-03-05 at 16:34 +0100, Jochen Topf wrote:
There are several security fixes in squirrel mail 1.4.6 which came out
23 February 2006.
Yes, indeed. There are bugs filed about that. I'm already working on
packages that fix those issues, it's taken a
On Mon, 2006-03-06 at 18:40 +0100, Jochen Topf wrote:
On Mon, Mar 06, 2006 at 06:10:19PM +0100, Thijs Kinkhorst wrote:
But the stable version 1.4.4 hasn't changed since
August of last year.
There has been an update of the stable version in Sarge 3.1r1 in
December. If you've
Hello all,
I've prepared updated packages for these bugs for oldstable, stable and
unstable. Please find those packages here:
http://www.a-eskwadraat.nl/~kink/squirrelmail/
The unstable packages are awaiting review and upload by Jeroen. Testing
will be updated within a few days after the
On Tue, May 10, 2005 14:55, Ulf Harnhammar wrote:
Protecting against this type of attack is much more complicated than
this. As Jeroen noted, HTML entities are interpreted, so you have to
protect against things like jav#97;script:. Some browsers allow varying
amounts of whitespace inside
Please note that the rar package, by the same upstream author,
contains such permission. So it should not be a problem to get the same
statement for unrar.
Thijs
signature.asc
Description: OpenPGP digital signature
Hello Anthony,
I suspect this is because upstream is now on 2.5. The package in woody
now is quite worthless as is; maybe the stable release manager would
accept a woody update?
woody cannot be updated anymore now sarge is released. I guess there are
no options left other than to close this
We're working on this. An updated package for sarge / etch / sid has
been prepared and will be tested.
Backporting to woody is not trivial (the code is more than 4 years old),
but we'll do a best effort.
The patches have been applied or backported for both
stable/testing/unstable (same
Hello Moritz,
Thanks for your report. We were given notice about this but couldn't
reproduce the mentioned bug in our current phpbb2 Debian versions.
On Tue, June 28, 2005 11:16, Moritz Muehlenhoff wrote:
[Cc:ing security@ as Sarge is affected as well]
Can you clarify: have you verified that
Hello Florent,
debian/squirrelmail-locales/usr/share/squirrelmail/locale/ja_JP/LC_MESSAGES/mini.po:6:
nplurals = 1...
debian/squirrelmail-locales/usr/share/squirrelmail/locale/ja_JP/LC_MESSAGES/mini.po:46:
...but some messages have 2 plural forms
msgfmt: found 1 fatal error
Hello Ross,
There was a problem while autobuilding your package:
I'm planning to NMU this RC bug in a few days following the supplied patch
by Denis Barbier, in order to unblock the new gettext upload in a timely
manner. Let me know if there's any reason not to.
Thijs
tags 387183 upstream help
thanks
Hello Michael,
On Tue, September 12, 2006 21:37, Michael Hanke wrote:
I'm packaging a DICOM - NIfTI converter which uses the CTN library. I
had to discover that the converter does not work on AMD64 machine, while
everything is ok on i386.
Thanks for your
reopen 385889
severity normal
thanks
I've NMUed for this bug (fixing the bug to use versioning instead of the
fixed tag, to ease tracking through testing); here's the changelog:
phpmyadmin (4:2.8.2-0.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix issue with
Hello,
Hi,
After upgrade to 2.1.8-3 version the /etc/init.d/script fails
and mail processing seems to stop.
/etc/init.d/mailman: line 47: log_daemon_msg: command not found
invoke-rc.d: initscript mailman, action start failed.
Thanks for your report... this has to do with the new lsb
-maintainer upload for release-critical bug.
+ * Repackage upstream source to drop sourceless junit.3.8.1.jar;
+it's not needed since the package build-depends on Debian's
+junit already. Note this in debian/copyright.
+(Closes: #388535).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Fri
On Tue, 2006-06-27 at 10:02 +0200, Pierre Habouzit wrote:
Le lun 26 juin 2006 21:53, Petr Vandrovec a écrit :
Maybe it could be default for tar's POSIX mode, but I have no idea
why GNU mode behavior should be changed in any way.
I second that. it's now completely unpossible to do basic
On Tue, 2006-06-27 at 13:00 +0100, Neil Williams wrote:
It's not so much packages already in the archive, it's every package
that is being prepared to be uploaded.
Lintian *always* fails for all packages that I build on a system with
the updated tar. None of those packages failed prior to
For example, who can say who is the copyright holder for
img/icons/clear.gif and what are its
conditions of use ?
Well, the one who committed it to CVS should definitely have checked,
and documented, if an icon is covered by copyright. If someone just took
a bunch of icons off the web
Hello all,
In other words, if distributing the jar 'svn-javahl.jar', the package
should be named 'libsvn-javahl-java'. Though I can't help but wondering
about the value of the javahl part of the package name.
I really doubt that this issue is release critical. I've looked through this
file:
Hello Paul,
On Tue, 2006-07-25 at 16:01 +0200, Paul J Stevens wrote:
I've just released dbmail-2.1.7 and have uploaded i386 and amd64
packages to my deb repo. The packages are lintian clean, and I'm quite
happy with their state. All that remains tbd are some debconf cleanups.
I've taken a
+(CVE-2006-3320, Closes: #377299).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Fri, 28 Jul 2006 14:42:47 +0200
+
sitebar (3.2.6-7) unstable; urgency=low
* Updated maintainer field to reference my shiny new debian.org address
only in patch2:
unchanged:
--- sitebar-3.2.6.orig/command.php
Hello Matt,
Upon further investigation this seems to be just one symptom of a larger
problem. PHPwiki is being very inefficient in its use of memory.
I don't think is is release critical - there's quite some applications
in Debian that use a lot of memory and they aren't removed from the
--- quiteinsanegimpplugin-0.3/debian/changelog
+++ quiteinsanegimpplugin-0.3/debian/changelog
@@ -1,3 +1,10 @@
+quiteinsanegimpplugin (0.3-6.1) unstable; urgency=high
+
+ * Non-maintainer upload for RC bug.
+ * Fix FTBFS: doesn't recognize autoconf 2.60 (Closes: #379830).
+
+ -- Thijs Kinkhorst [EMAIL
retitle 376442 phpqladmin: many cross site scripting problems
tags 376442 +upstream
thanks
Hello,
CVE-2006-3301: Multiple cross-site scripting (XSS) vulnerabilities in
phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary
web script or HTML via the domain parameter in (1)
Hello Iñaki,
This software is licensed under GPL but it links against openssl that
is incompatible with the license.
Since you have ITA'd the package, are you working on this?
It should be compiled without ssl support.
Asking the upstream author for an exception would be even better.
close 360726 4:2.6.2-3sarge1
thanks
Hello All,
I've checked out all open CVE's with respect to sarge. All are already
fixed in sid. I've prepared a package that fixes the ones that are
relevant. See the breakdown here:
CVE-2005-3621 CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4
Hello Andreas,
This means that (unmodified) copies of pgapack may not be sold at cost
more than the medium it is shipped on, and worse, we are not allowed
to charge anything for modified versions.
Are you working on this?
Please move pgapack to the non-free component.
Or even better,
severity 377692 important
thanks
Upon further investigation this seems to be just one symptom of a larger
problem. PHPwiki is being very inefficient in its use of memory.
I don't think is is release critical - there's quite some applications
in Debian that use a lot of memory and they
close 382228 4:2.8.0.2-1
thanks
Hello,
Thanks for your report.
http://www.securityfocus.com/bid/17142/references
This is CVE-2006-1258. Sid contains a version 2.8.0.2 so can
considered to be fixed.
Recently I judged sarge not to be vulnerable, and can't reproduce the
issue on sarge with the
).
+ * French by Gregory Colpart (Closes: #382792).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Mon, 14 Aug 2006 17:07:07 +0200
+
webalizer (2.01.10-30) unstable; urgency=low
* Added dpatch support, changed and ordered old changes to dpatch.
diff -u webalizer-2.01.10/debian/control webalizer
severity 373963 normal
thanks
Hello Bill,
You've set this bug to grave severity without any explanation, please
don't do that. I've reviewed this bug and don't see why the fact that
some specific feature is broken would make the package unusable at
all. I'm reverting it for now - please provide
Hello Stefan,
according to secunia [1], this has been fixed in 4.4.3, not in 4.4.2
[1] http://secunia.com/advisories/19599
I've verified that the bug is indeed marked as fixed in the 4.4.3
changelog of PHP.
However, phpinfo() is a debug tool. I don't know why you would want to
use it on a
CVE-2006-1387: TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows
remote authenticated users with edit rights to cause a denial of service
(infinite recursion leading to CPU and memory consumption) via INCLUDE
by URL statements that form a loop, such as a page that includes
itself.
I
for more information see http://gallery.menalto.com/2.1.2_release
We can read there that it will only affect installations where the
storage directory is web-accessible which is strongly discouraged by
upstream. So I thought we would be safe, however it seems that the
package doesn't follow
Hello all,
fidogate:
* Has had a security issue reported;
* Has a number of policy violations;
* Has been orphaned for two months;
* Has 4 popcon installs with 1 vote;
* Is a couple of versions behind upstream;
* Is a gateway for Fidonet, does that even exist anymore nowadays?
In my opinion,
Hello,
CVE-2006-2885: Multiple cross-site scripting (XSS) vulnerabilities in
CVE-2006-2886: view.php in KnowledgeTree Open Source 3.0.3 and earlier
Let's remove knowledgetree from testing:
* Has two security issues;
* Has an open request for adoption since a couple of months but no takers;
*
yes... as i said i'm willing to accept the blame for it and a fixed
version is already in unstable. we'll probably need to mass bugfile
the other ~25 packages in question to make sure they do things
the new Right Way.
Since the fixed package has been uploaded, I think this RC bug must be
tags 160579 +patch
thanks
Hello Slashcode maintainer,
On Wed, 11 Sep 2002 22:31:39 +0200, Joey Schulze wrote:
Please investigate, correspond with upstream and fix this bug.
We're now nearly four years later and there's been zero action. So I
decided to take a look at this package and found the
On Mon, 2006-08-21 at 16:22 +0200, Eric Van Buggenhaut wrote:
I looked for the first for several hours but didn't find it, looks
like you're more apt at maintaining that package than I am. So, yes,
adopt it if you feel so.
Thanks for your response. I'm not interested in adopting it - I'm
1 - 100 of 727 matches
Mail list logo