Hello
the following CVE (Common Vulnerabilities Exposures) id was
published for links2 some time ago.
CVE-2008-3329[0]:
| Unspecified vulnerability in Links before 2.1, when only proxies is
| enabled, has unknown impact and attack vectors related to providing
| URLs to external programs.
Le mardi 29 juillet 2008 à 14:50 +0200, Marc 'HE' Brockschmidt a écrit :
Josselin Mouette [EMAIL PROTECTED] writes:
I'd like to see gtk+2.0 2.12.11-3 allowed in lenny. It was uploaded
before the freeze but needs manual unblocking because of the udeb.
Unblocked.
ISTR that it was actually
[Philipp Kern]
There is a bug in the testing migration scripts that do bogus hint
overrides when two hint files contain active hints for a source
package.
It will be fixed by tomorrow's britney run.
Right. Do not seem to have worked, as far as I can tell from
Hi Gürkan,
* Gürkan Sengün [EMAIL PROTECTED] [2008-08-08 10:38]:
[...]
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
[1]
http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
the link mentioned at [1] is Not Found
The pump version in testing has IMO a RC bug that will stop it from
resolving the bootpc/udp service if netbase is not already installed.
The following is the interdiff betbeen the version in testing and
0.8.24-4
interdiff -zp1 pump_0.8.24-2.1.diff.gz pump_0.8.24-4.diff.gz
diff -u
Hi Charles,
В Fri, 08 Aug 2008 14:25:41 +0900, Charles Plessy написа:
I just figured out that a new upstream release of gnustep-base was
uploaded the 17th of July,
FWIW, this is strictly a bugfix release, and I believe it is our
intention to ask for a freeze exception after we fix #489279
The bzip2 version in testing has a bug in bzdiff. The $tmp variable is
not double quoted. It may be possible to craft a TMPDIR environment
variable to inject a commad like rm\ /* when line #62, /bin/rm -f
$tmp;; is executed, but I haven't tested it yet. At least, it doesn't
work if TMPDIR has
Hi.
I received this from the debian security team:
Hi,
the security issue was published for wdiff some time ago.
| wdiff uses tmpnam(buf) to generate a temporary file, and fopen(buf, w+)
that
| name, which is vulnerable to the usual symlink attack. It should use one of
| the tmpnam
Hi Santiago,
* Santiago Vila [EMAIL PROTECTED] [2008-08-08 12:44]:
[...]
For further information:
[0]
http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
I'd like to upload a new wdiff for stable fixing this bug, if it's not
too late to do so. Just to be
It fixes #493883 with a one-line change
--
Francesco P. Lovergine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Please allow djvulibre-3.5 3.5.20-10 into lenny.
Explanation:
Previous versions had minor dependency issues that caused an attempt
to do a minimal (no-graphics, server) installation that included image
processing tools that used the DjVu library to pull in substantial
hunks of X. So this fix
Hello,
Please could you make a freeze exception for planet-venus 0~bzr95-2 as this
version makes a simple change to fix a release candidate bug, #484716:
Changlog entry:
planet-venus (0~bzr95-2) unstable; urgency=medium
* Added debian/README.source for upstream source information.
*
On Donnerstag, 7. August 2008, Luk Claes wrote:
Christoph Haas wrote:
On Donnerstag, 7. August 2008, Luk Claes wrote:
Christoph Haas wrote:
please allow pdns 2.9.21.1-1 into Lenny. It's fixing a
security-related problem registered as CVE-2008-3337 (see the
upstream's notification
On Fri, Aug 8, 2008 at 15:17:28 +0200, Christoph Haas wrote:
Unfortunately the existing pdns_2.9.21.1.orig.tar.gz tarball in Debian is
now incorrect. Although it's a minor issue. Do I have any other chance
than introducing an epoch? Can someone be bribed to remove the -1 upload?
On Thu, Aug 07, 2008 at 07:50:45PM +0200, Luk Claes wrote:
Does this mean that doom-package is supposed to be
replaced by game-data-packager? If so please file a
removal bug for the former and I'll unblock the latter
:-)
Yup that's right: done (and actioned by ftpmaster in under
10
Josselin Mouette wrote:
Le mardi 29 juillet 2008 à 14:50 +0200, Marc 'HE' Brockschmidt a écrit :
Josselin Mouette [EMAIL PROTECTED] writes:
I'd like to see gtk+2.0 2.12.11-3 allowed in lenny. It was uploaded
before the freeze but needs manual unblocking because of the udeb.
Unblocked.
ISTR
Hi release team,
I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.6.99+svn6496-1, unstable has
4.6.99+svn6580-1 (uploaded a week before the freeze), and I'm
currently uploading 4.6.99+svn6582-1 to unstable with the following
changelog entry:
Hi release team,
I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.6.99+svn6496-1, unstable has
4.6.99+svn6580-1 (uploaded a week before the freeze), and I'm
currently uploading 4.6.99+svn6582-1 to unstable with the following
changelog entry:
Changelog as follows with proper additional comments.
* Modified proftpd.conf template to fix AuthOrder syntax.
* Removed supefluous comments in model templates.
These are non essential changes to predefined templates
just to avoid complaints about a wrong syntax and
jcc has moved to using openjdk but old dep waits on the sun jdk are
still present on a number of architectures. Please remove them.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
monotone 0.38-1 is currently in testing. monotone 0.40-7 has been in unstable
for 10 days and fixes #455646, #473252, #474280, #476155, #484749, #490417,
#491361 and #494333. Three of these bugs are release-critical.
It is not a big problem for us if monotone is not on alpha or ia64; the release
On Fri, Aug 8, 2008 at 10:16 AM, Ludovic Brenta
[EMAIL PROTECTED] wrote:
monotone 0.38-1 is currently in testing. monotone 0.40-7 has been in unstable
for 10 days and fixes #455646, #473252, #474280, #476155, #484749, #490417,
#491361 and #494333. Three of these bugs are release-critical.
I
On Fri, Aug 08, 2008 at 02:17:14PM -0300, Otavio Salvador wrote:
Adeodato Simó [EMAIL PROTECTED] writes:
Any news on this one? I'll do some more d-i testing on multipath next
week and it would be great if I could do this from daily builds.
Yes, you can do it, I'll manage the
Hi!
cyrus-sasl2-heimdal has received a freeze exception [0], but it won't
migrate to testing because it was built against heimdal 1.2.dfsg.1-2.
There's apparently a freeze exception for heimdal 1.2.dfsg.1-1 which is
invalidated by the newer upload. The newer version doesn't seem to
introduce any
Hi everybody,
At the moment, three near-identical source packages called
libdb4.2-ruby, libdb4.3-ruby, and libdb4.4-ruby are in Lenny. A
replacement for them, libdb-ruby, is on its way there; this sure is an
unwanted situation. To clean up, I see two possibilities:
(1) Remove libdb4.[2-4]-ruby
Hi,
please binNMU apache2-mpm-itk to build against apache2-src 2.2.9-7.
Thanks.
Cheers,
Stefan
signature.asc
Description: This is a digitally signed message part.
On Fri, Aug 08, 2008 at 06:15:01PM +0100, peter green wrote:
jcc has moved to using openjdk but old dep waits on the sun jdk are
still present on a number of architectures. Please remove them.
Dep-waited on openjdk-6-jdk instead (on hppa, ia64, s390 and arm).
Kind regards,
Philipp Kern
On Fri, Aug 08, 2008 at 10:03:41PM +0200, Stefan Fritsch wrote:
please binNMU apache2-mpm-itk to build against apache2-src 2.2.9-7.
Thanks.
binNMUs scheduled and dep-waited.
Kind regards,
Philipp Kern
signature.asc
Description: Digital signature
* Fabian Fagerholm [Fri, 08 Aug 2008 21:54:30 +0300]:
Hi!
Hello,
cyrus-sasl2-heimdal has received a freeze exception [0], but it won't
migrate to testing because it was built against heimdal 1.2.dfsg.1-2.
There's apparently a freeze exception for heimdal 1.2.dfsg.1-1 which is
invalidated
my test results for pdftk (which has the same version in both lenny and sid)
build in sid: builds sucessfully
build in lenny: FTBFS
build in lenny with sids gcj-4.2, gcj-4.2-base, gij-4.2, libgcj8-1,
libgcj8-1-awt, libgcj8-dev, libgcj8-jar (that is all packages from the
gcj-4.2 source package
Aníbal Monsalve Salazar wrote:
The pump version in testing has IMO a RC bug that will stop it from
resolving the bootpc/udp service if netbase is not already installed.
unblocked
Cheers
Luk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
Noah Slater wrote:
Hello,
Please could you make a freeze exception for planet-venus 0~bzr95-2 as this
version makes a simple change to fix a release candidate bug, #484716:
unblocked
Cheers
Luk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Jon Dowland wrote:
On Thu, Aug 07, 2008 at 07:50:45PM +0200, Luk Claes wrote:
Does this mean that doom-package is supposed to be
replaced by game-data-packager? If so please file a
removal bug for the former and I'll unblock the latter
:-)
Yup that's right: done (and actioned by ftpmaster
Roland Mas wrote:
Hi release team,
I would like to request a freeze exception for the gforge package.
Version currently in lenny is 4.6.99+svn6496-1, unstable has
4.6.99+svn6580-1 (uploaded a week before the freeze), and I'm
currently uploading 4.6.99+svn6582-1 to unstable with the following
Luca Capello wrote:
Hi there!
A small update now that all the RC bugs in Common Lisp packages have
been solved (and at least ten days passed since the lenny freeze).
I'm here asking for freeze exceptions for only four packages:
common-lisp-controller, ECL and CLISP and cedilla.
Francesco P. Lovergine wrote:
Changelog as follows with proper additional comments.
unblocked
Cheers
Luk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
Pygopherd 2.0.18.2 has been uploaded to sid. It fixes rc bug #475376 by
correctly removing a non-free RFC from the source package. That is the
only difference from 2.0.18.1, already in lenny.
I had tried to fix that prior to the freeze, but made a typo. I've
verified this version is
John Goerzen wrote:
Hi,
Pygopherd 2.0.18.2 has been uploaded to sid. It fixes rc bug #475376 by
correctly removing a non-free RFC from the source package. That is the
only difference from 2.0.18.1, already in lenny.
I had tried to fix that prior to the freeze, but made a typo. I've
verified
On Sat, Aug 09, 2008 at 12:03:25AM +0200, Luk Claes wrote:
Michael Schutte wrote:
Hi everybody,
At the moment, three near-identical source packages called
libdb4.2-ruby, libdb4.3-ruby, and libdb4.4-ruby are in Lenny. A
replacement for them, libdb-ruby, is on its way there; this sure is an
On Fri, Aug 08, 2008 at 11:16:50AM +0200, Petter Reinholdtsen wrote:
[Philipp Kern]
There is a bug in the testing migration scripts that do bogus hint
overrides when two hint files contain active hints for a source
package.
It will be fixed by tomorrow's britney run.
Right. Do not seem
On Thu, 2008-08-07 at 17:34 +0200, Luk Claes wrote:
Adam C Powell IV wrote:
On Wed, 2008-08-06 at 17:57 +0200, Luk Claes wrote:
On Mon, Aug 04, 2008 at 12:23:53PM -0400, Adam C Powell IV wrote:
On Thu, 2008-07-31 at 20:08 +0200, Luk Claes wrote:
Adam C Powell IV wrote:
Greetings,
I
Le Fri, Aug 08, 2008 at 09:49:20AM +, Yavor Doganov a écrit :
В Fri, 08 Aug 2008 14:25:41 +0900, Charles Plessy написа:
I just figured out that a new upstream release of gnustep-base was
uploaded the 17th of July,
FWIW, this is strictly a bugfix release, and I believe it is our
On 08/08/08 at 16:34 -0600, dann frazier wrote:
libdb-ruby given back, though note that it's not guarenteed to get built as
keeping the buildd running is more important (ruby1.9 has some nasty
issues)...
I believe that most ruby packages have been disabling on the hppa
buildds since
Hi,
Please unblock chasen package.
I fixed license issue in chasen 2.4.4-1, was uploaded at 2008-07-23,
2.4.4-2 includes a fix for man page, and now 0 bugs :)
So it qualifies for lenny, I think.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
Hi
owl-dms has only a few users according to popcon[0] and is vulnerable to a few
security issues[1]. The question is whether it would be better to remove it
from lenny and maybe give it one more release cycle to improve and age a bit.
It would also shift some workload away from the security
On 8/5/08, Adeodato Simó [EMAIL PROTECTED] wrote:
* Paul Hardy [Tue, 05 Aug 2008 08:27:00 -0700]:
Can I upload a new version of .orig.tar.gz with all of the changes
...
Ok.
Can I wait until Friday to give a few days for any other problems to
be spotted and corrected in the package
Luk Claes wrote:
John Goerzen wrote:
Hi,
Pygopherd 2.0.18.2 has been uploaded to sid. It fixes rc bug #475376 by
correctly removing a non-free RFC from the source package. That is the
only difference from 2.0.18.1, already in lenny.
I had tried to fix that prior to the freeze, but made a
Hi.
I just came back from a month of vacation and missed the freeze (which
was expected). I prepared for this by uploading a subversion
snapshot of brltty since it was about to release soon and the
changes were pretty important for lenny (unicode support).
Now brltty got a few cosmetic fixes
On Fri, Aug 08, 2008 at 07:38:49PM +0200, Matthias Rieber wrote:
Hello,
are there any plans to update the skas patch to be usable in lenny? The
current patch seems to be still the old one for etch (2.6.18).
I've used the lenny kernel 2.6.22 with
49 matches
Mail list logo