I've just uploaded ikiwiki 1.33.2 to TPU. This backports a security fix
for a bug that allows injection of arbitrary html by including it in
the page title.
--
see shy jo
signature.asc
Description: Digital signature
On Tue, Mar 20, 2007 at 11:42:14PM -0700, Russ Allbery wrote:
Steve Langasek [EMAIL PROTECTED] writes:
Can you explain how this is exploitable? In CVE-2006-2916, the
description is allows local users to gain root privileges by causing
setuid to fail. um... how is an unprivileged local
On Tue, Mar 20, 2007 at 07:13:17PM +, Mark Brown wrote:
On Fri, Mar 09, 2007 at 08:01:00PM +, Mark Brown wrote:
Recent versions of NIS have included support in ypbind for Network
Manager. This support currently causes ypbind to disable NIS client
functionality when Network Manager
On Tue, Mar 20, 2007 at 10:14:00PM +0100, Rene Engelhard wrote:
please unblock openoffice.org_2.0.4.dfsg.2-6. It fixes 3 security bugs,
makes our iceanimals known and contains a translation fix. Steve already
said it's ok, but the interdiff is attached.
$ grep-excuses openoffice.org
* Steve Langasek ([EMAIL PROTECTED]) wrote:
On Fri, Mar 09, 2007 at 01:37:14AM -0500, Eric Dorland wrote:
* Steve Langasek ([EMAIL PROTECTED]) wrote:
On Thu, Mar 08, 2007 at 04:28:30AM -0500, Eric Dorland wrote:
I have a few minor fixes in packages that are in unstable right now
that
On Tue, Mar 20, 2007 at 07:18:28PM -0700, Russ Allbery wrote:
openafs 1.4.2-6 has a security fix for CVE-2007-1507 (DSA-1271-1). The
CVE was assigned after the package was uploaded. It also contains fixes
for several other serious bugs that I would really like to get into etch.
Ideally, I
Santiago Ruano Rincón [EMAIL PROTECTED] writes:
Dear release team,
ssmtp 2.61-12 closes two [intl] bugs:
We are only allowing rc bug fixes in (see our last mail to dda).
Marc
--
BOFH #204:
Just pick up the phone and give modem connect sounds. Well you said
we should get more lines so we
Joey Hess [EMAIL PROTECTED] writes:
I've just uploaded ikiwiki 1.33.2 to TPU. This backports a security fix
for a bug that allows injection of arbitrary html by including it in
the page title.
Approved.
Marc
--
BOFH #250:
Program load too heavy for processor to lift.
pgpJfGrqLYZn9.pgp
On Wed, Mar 21, 2007, Steve Langasek wrote:
Unblocked, then; Sam, I'd still appreciate seeing the error message fixed
since we're updating the package anyway.
Okay, I'm building -9.
--
Sam.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
On Wednesday 21 March 2007 09:59, Petter Reinholdtsen wrote:
CC to debian-boot, in case there are protests from the d-i team. As
far as I know, discover-data is now only used by the X configuration
in the normal install, so it is not affecting debian-installer
directly any more.
No objection
I just uploaded a new version of discover-data into unstable. It add
X driver information for a new video card. Please allow it to
propagate into etch. This is the changelog:
discover-data (2.2007.03.21) unstable; urgency=low
* Update pci-devices.xml and pci.lst
from
Hi there,
people on this list told and showed me that my last smstools package was
buggy. Now i'm pretty sure it isn't anymore and therefore I'm asking for
unblocking of smstools, because the version currently in etch *is* buggy
(upgrade path is broken).
Best Regards
Patrick
--
in medias res
Below is a list of packages that I either maintain or co-maintain which I
would wish to see in etch. All of them:
* have the same upstream version in both testing and unstable;
* have a version in unstable for more than 10 days; and
* have no bug reports filed against them.
I
On Tue, 2007-03-20 at 14:27 -0700, Steve Langasek wrote:
On Tue, Mar 20, 2007 at 10:57:17AM -0400, Adam C Powell IV wrote:
Repeat request: as you make your last rounds of freeze exceptions,
please include illuminator. It has been ready for a month and a half,
including the removal of
Hi,
sorry, that I opened another thread. I didn't see that Mark opened one.
Marc 'HE' Brockschmidt' wrote:
Mark Purcell [EMAIL PROTECTED] writes:
It is requested that smstools (3.0.2-4) be allowed into etch; debconf
translations and bug fixes.
We are only allowing rc bug fixes in now, so
On Wed, 2007-03-21 at 07:55 -0400, Adam C Powell IV wrote:
On Tue, 2007-03-20 at 14:27 -0700, Steve Langasek wrote:
On Tue, Mar 20, 2007 at 10:57:17AM -0400, Adam C Powell IV wrote:
Repeat request: as you make your last rounds of freeze exceptions,
please include illuminator. It has been
On Monday 19 March 2007 01:59, Javier Fernández-Sanguino Peña wrote:
There's a very important section in the Release Notes with a FIXME:
Upgrade your kernel or userland first?
http://www.debian.org/releases/etch/i386/release-notes/ch-upgrading.en.
html#s-kernelorder
Based on #413458
On Wednesday 21 March 2007 16:42, Frans Pop wrote:
- apt-get install coreutils apt initrd-tools
Forgot to mention that this will remove aptitude, tasksel and base-config.
pgprImmNcTnGL.pgp
Description: PGP signature
On Wed, 2007-03-21 at 00:46 -0700, Steve Langasek wrote:
$ grep-excuses openoffice.org
openoffice.org (2.0.4.dfsg.2-5 to 2.0.4.dfsg.2-6)
Maintainer: Debian OpenOffice Team
Too young, only 0 of 2 days old
Not touching package, as requested by freeze (contact debian-release if
Hi,
Just the same day Britney removed this package from Testing, I
uploaded a NMU fixing the problem (see bug #397069 - It was
incorrectly tagged at a low priority, so it didn't get anybody's
attention). Its install base is not overwhelming but still not
despisable (popcon reports 126), and is
Laszlo Boszormenyi wrote:
Hi Release Team,
I have uploaded gradm2 2.1.9-3, which turns debconf messages to
README.Debian and NEWS.Debian . Well, just realised that NEWS.Debian is
not installed; but would it be acceptable for Etch? I would like to
upload -4 ofcourse which fixes the
Andrew Leach wrote:
Hi,
A new version of puppet is available, version 0.22.2. How much effort is
there in getting this into unstable?
Please file a wishlist bug against the package instead of asking the Release
Team about package versions which are not in unstable, TIA.
Cheers
Luk
--
Luk
I've just uploaded ikiwiki 1.33.3 to TPU. This backports a security fix
for a bug that allows injection of problimatic stylesheets and
javascript via the meta tag. The diff is a bit larger for this one than
for the last one..
--
see shy jo
signature.asc
Description: Digital signature
On Wed, Mar 21, 2007 at 01:46:28PM +0100, schönfeld / in-medias-res.com wrote:
sorry, that I opened another thread. I didn't see that Mark opened one.
Marc 'HE' Brockschmidt' wrote:
Mark Purcell [EMAIL PROTECTED] writes:
It is requested that smstools (3.0.2-4) be allowed into etch; debconf
Hi Joey,
On Wed, Mar 21, 2007 at 03:18:10PM -0400, Joey Hess wrote:
I've just uploaded ikiwiki 1.33.3 to TPU. This backports a security fix
for a bug that allows injection of problimatic stylesheets and
javascript via the meta tag. The diff is a bit larger for this one than
for the last one..
On Wed, Mar 21, 2007 at 04:42:15PM +0100, Frans Pop wrote:
However, users running with 2.6 kernels in Sarge and upgrading, might
encounter issues with udev (it does not support versions prior to
2.6.15 and sarge provided 2.6.8), as described in #325568 (Upgrade path
for udev needs
* Rafael Laboissiere [EMAIL PROTECTED] [2007-03-21 11:40]:
Below is a list of packages that I either maintain or co-maintain which I
would wish to see in etch. [snip]
I just realized that the release team is now only unblocking packages which
fix RC bugs. Please, forget my request and keep
On Wed, Mar 21, 2007 at 04:42:15PM +0100, Frans Pop wrote:
However, users running with 2.6 kernels in Sarge and upgrading, might
encounter issues with udev (it does not support versions prior to
2.6.15 and sarge provided 2.6.8), as described in #325568 (Upgrade path
for udev needs
On Wed, Mar 21, 2007 at 11:17:08PM +0100, Javier Fernández-Sanguino Peña wrote:
If aptitude is started after that, it will still try to remove quite a few
packages. Most of these are old and OK, but a few should possibly be
kept:
- openoffice.org
- openbsd-inetd
- pppoeconf
Ouch.
While debugging bug #415620, I discovered the need for more debugging
information reported by /usr/share/bug/discover1-data. I've just
uploaded a new version 2.2007.03.22 with an updated version of the
script reporting more information. Please allow this version to enter
etch.
This is the new
Hi,
On Tuesday 20 March 2007 19:48, Daniel Baumann wrote:
live-package as well as live-helper do require root privileges to build
images, Therefore, I don't think that your argument is an issue in the
real world:
* I assume that everyone who has the right to use root privileges does
On Wed, Mar 21, 2007 at 04:22:31PM -0700, Steve Langasek wrote:
And apt-get has different bugs (#410695), doesn't honor recommends, and
hasn't been what we've been recommending users use for upgrade testing for
the past months...
We can't flip-flop the recommended upgrade procedure every
On Wed, Mar 21, 2007 at 03:53:37AM -0400, Eric Dorland wrote:
Well don't the buildds and other tools always prefer a real package
over a Provides?
They'll do whatever apt-get does. Is it the case that apt-get always
prefers a real package? If so I have no problem unblocking this.
On Wed, Mar 21, 2007 at 09:04:00PM -0400, Roberto C. Sánchez wrote:
On Wed, Mar 21, 2007 at 04:22:31PM -0700, Steve Langasek wrote:
And apt-get has different bugs (#410695), doesn't honor recommends, and
hasn't been what we've been recommending users use for upgrade testing for
the past
On Wed, Mar 21, 2007 at 07:22:52PM -0700, Steve Langasek wrote:
Yes. The flip-flop in question is that aptitude has been the recommended
tool since the sarge release, and is the method that the release team has
encourage users to submit upgrade reports using, and it's now proposed to
change
On Mon, Mar 19, 2007 at 10:15:20AM +0100, Josselin Mouette wrote:
Le vendredi 16 mars 2007 à 04:53 -0700, Steve Langasek a écrit :
On Thu, Mar 15, 2007 at 09:29:48PM +0100, Josselin Mouette wrote:
could you please unblock eel2/2.14.3-5 ? The only change is a relaxation
of the
Daniel,
just to make sure that it is not fogotten: linux-modules-extra-2.6
2.6.18-7+etch1 is still hanging in t-p-u.
Yes, it's hanging there because the package is consistently failing to build
on mips with the following error:
dpkg-buildpackage: source version without epoch 2.6.18-7+etch1
On Wed, Mar 21, 2007 at 11:38:56PM -0700, Steve Langasek wrote:
See
http://buildd.debian.org/fetch.cgi?pkg=linux-modules-extra-2.6arch=mipsver=2.6.18-7+etch1stamp=1174363174
for a full build log (not that there's much more to it).
Correction,
38 matches
Mail list logo