to fix a client-triggerable server crash.
+Thanks to Poul Sander and Markus Koschany (Closes: #681812)
+
+ -- Simon McVittie s...@debian.org Fri, 14 Sep 2012 07:52:53 +0100
+
openarena (0.8.8-5) unstable; urgency=low
* Don't refuse to start a new openarena-server if there's a stale
diff
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
The ioquake3 engine has an option to auto-download missing maps, mods etc.
(PK3 files) from multiplayer servers. It is off by default, but many users
and mod communities encourage switching
disconnecting with TLS verification channels open
* Add patches from 0.16.3 to avoid triggering repeated capability discovery
in iChat (Closes: #687370, LP: #984132)
-- Simon McVittie s...@debian.org Fri, 14 Sep 2012 12:39:01 +0100
This contains the functional changes from upstream releases 0.16.2
upstream stable release 1.6.8
+- Revert part of 1.6.6 (do not check filesystem capabilities, only
+ setuid/setgid), fixing regressions in certain configurations of
+ gnome-keyring
+
+ -- Simon McVittie s...@debian.org Sat, 29 Sep 2012 13:25:50 +0100
+
+dbus (1.6.4-1) experimental; urgency
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package spice-gtk. It fixes a root security hole via GDBus
(#689155), by correctly sanitizing the environment in a setuid helper
before doing anything non-trivial.
This is
: #689070).
+- As per upstream 1.6.8, do not check filesystem capabilities for now,
+ only setuid/setgid, fixing regressions in certain configurations of
+ gnome-keyring
+
+ -- Simon McVittie s...@debian.org Thu, 04 Oct 2012 08:47:10 +0100
+
dbus (1.2.24-4+squeeze1) stable; urgency
in CFLAGS since darkplaces can be used
by nexuiz-server and quake-server, which are network-exposed, and its
makefile does not respect external CPPFLAGS
-- Simon McVittie s...@debian.org Fri, 12 Oct 2012 09:44:26 +0100
diffstat for darkplaces-0~20110628+svn11619 darkplaces-0~20110628
you want!
-- Simon McVittie s...@debian.org Fri, 19 Oct 2012 22:05:18 +0100
diffstat for libmikmod-3.1.12 libmikmod-3.1.12
changelog | 11
control|4
patches/0011-Disable-ALSA-by-default.patch
-terminal's default usage requires a
D-Bus session, and dbus-x11 is the recommended way to get one of those
(Closes: #691177; related to #631968)
* If unable to connect to D-Bus, warn before we exit 1 (Closes: #691178)
-- Simon McVittie s...@debian.org Wed, 24 Oct 2012 10:56:17 +0100
before we exit 1 (Closes: #691178)
- -- Michael Biebl bi...@debian.org Tue, 07 Aug 2012 00:27:53 +0200
+ -- Simon McVittie s...@debian.org Wed, 24 Oct 2012 10:56:17 +0100
gnome-terminal (3.4.1.1-1) unstable; urgency=low
diff -Nru gnome-terminal-3.4.1.1/debian/control gnome-terminal-3.4.1.1
credentials-passing
implementation on kFreeBSD too, making gnome-terminal and lightdm
work on kFreeBSD (Closes: #631968)
-- Simon McVittie s...@debian.org Wed, 24 Oct 2012 10:51:08 +0100
Debdiff attached. It basically just replaces all defined(__FreeBSD__)
cpp tests with defined
upstream release
- interoperates with iChat again (Closes: #693880)
- no longer crashes when you Join Room..., then close the dialog,
in Empathy (Closes: #693881)
-- Simon McVittie s...@debian.org Wed, 21 Nov 2012 13:30:35 +
Filtered diffstat, excluding regression tests
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
The upgrade from GLib 2.30 to 2.32 breaks ABI on most non-x86 32-bit
architectures (#674156). Specifically, the deprecated struct GStaticMutex,
and the deprecated structs GStaticRecMutex and
On 27/11/12 09:28, Julien Cristau wrote:
*sigh*
Yeah, I know. I don't think there is a good solution to this, and
mass-binNMUing seems like the least awful.
Here is a lengthy list of binNMUs. I would like these to be done on all
architectures [...] those
packages from this list that are
(Re-sending to a wider audience than mips@b.d.o, with more information and
a somewhat complete list of give-backs.)
ball.debian.org seems to be rather unhappy. My recent dbus upload failed
with this in the log:
../../dbus/dbus-transport.c: In function
'_dbus_transport_get_is_authenticated':
On 17/07/12 11:02, Laurent Bigonville wrote:
• Stop using deprecated telepathy-glib symbols. (Jonny)
With my upstream hat on, I'd have preferred this change not to be
committed to the upstream 5.12.x stable branch...
The other two changes described in NEWS are the parts of the diff that
touch
# Upload accepted on 2012-08-10
retitle 681864 unblock: telepathy-mission-control-5/1:5.12.1-2
thanks
On Tue, 17 Jul 2012 at 12:02:32 +0200, Laurent Bigonville wrote:
Fixes:
• Stop using deprecated telepathy-glib symbols. (Jonny)
This is not needed, but is reverted by the patch that Laurent
migration of
+Butterfly accounts to Haze after Butterfly has been uninstalled
+(Closes: #686835)
+ * Add patch from upstream stable release 5.12.2 to migrate the
+passwords of Butterfly accounts too
+
+ -- Simon McVittie s...@debian.org Thu, 06 Sep 2012 17:06:32 +0100
+
telepathy-mission
On Tue, 07 Sep 2010 at 04:12:15 +0200, Lionel Elie Mamane wrote:
On Mon, Apr 19, 2010 at 09:18:57AM +, Sascha Silbe wrote:
Keys created / imported / having passphrase changed with gpg-agent
2.0.14 cannot be decrypted (and thus used), preventing all gpg
operations. This has been fixed
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: freeze-exception
I've uploaded a delayed/14 NMU for alsa-lib, for
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589896 (crashes due to
unloading plugins that are still in use), by backporting a
)
+ * Tell dh_makeshlibs and dh_shlibdeps to look in the non-standard library
+directory
+ * Make distclean rather than clean to avoid garbage in the Debian diff when
+building twice (patch from Peter Eisentraut, Closes: #527971)
+
+ -- Simon McVittie s...@debian.org Sat, 09 Oct 2010 18:05:21
in stable.
unblock openarena/0.8.5-5
openarena (0.8.5-5) unstable; urgency=medium
* Add patch (already upstream as oax r239) to fix a crash if a non-client
object is damaged by a non-player source, e.g. setting off the Kamikaze
near a powerup (Closes: #599866)
-- Simon McVittie s
On Fri, 08 Oct 2010 at 10:01:07 +0100, Simon McVittie wrote:
I've uploaded a delayed/14 NMU for alsa-lib, for
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589896 (crashes due to
unloading plugins that are still in use), by backporting a patch from
upstream. Its diffstat looks like
On Wed, 20 Oct 2010 at 20:24:54 +0200, Julien Cristau wrote:
Sorry for the delay. The NMU diff looks reasonable to me, thanks. Let
me know when it lands and I'll unblock the package.
ACCEPTED. Please do:
unblock alsa-lib/1.0.23-2.1
Thanks for herding the release process forward,
S
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
libcompass-ruby is RC-buggy (doesn't work at all, according to the bug report),
has 13 popcon installations of its most popular package and was not in lenny.
The maintainer writes:
(in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Don,
lilypond in sid seems to fix several RC bugs [1] [2] [3], but has a rather
intimidating diffstat compared with the version in squeeze (a new upstream
version), and appears to have failed repeatedly on s390 (possibly not
lilypond's fault, it
On Sun, 14 Nov 2010 at 16:07:19 +, Hector Oron wrote:
Could you consider backporting the fix to unstable/testing?
I had a go at backporting the fixes that looked important. I haven't tested
this work-in-progress version yet, but it compiles...
Julien wrote:
Unblocking lilypond is not going to help until we can get it built on s390.
For the record, this seems to be http://bugs.debian.org/594629 - I'll see
whether I can reproduce that under emulation (hercules).
Having said that, how many people are going to be typesetting their music
Package: release.debian.org
Severity: normal
viewvc/1.0.9-1 fixes grave security bug #545779, but can't migrate to squeeze
because it would make gforge-plugin-scmsvn (from src:gforge) uninstallable.
This is because g-p-s still depends on the viewcvs transitional package,
which was already
Package: release.debian.org
Severity: wishlist
Tags: patch
On Thu, 12 Nov 2009 at 12:53:31 +, Simon McVittie wrote:
Sorry, I don't really know how the internals of wanna-build work, or how the
commands interact with them. After reading
http://release.debian.org/wanna-build.txt and
http
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
commit-tool suffers from serious Bug #557652. The maintainer reports that
gct is unmaintained upstream, and plans to remove the package from Debian
early next year; in the meantime, I
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
I don't think alien-arena should be in testing in its current state:
* has a security bug without maintainer response
* is very out of date with upstream
* is part of the xulrunner transition
On Sun, 06 Dec 2009 at 16:57:44 -0500, Michael Gilbert wrote:
On Sun, 6 Dec 2009 16:12:29 + Simon McVittie wrote:
I don't think alien-arena should be in testing in its current state:
* has a security bug without maintainer response
[...]
i've prepared a package for version 7.32, which
On Thu, 28 Jan 2010 at 12:50:24 +0100, Cyril Brulebois wrote:
FWIW, here are some FTBFSes I've reported lately, which look due to
this transition:
[...]
... and for those who care about FTBFSs, the binNMUs of pygtk are also all
failing (either due to #548211 or not waiting for python2.6-gobject
There will also be a Telepathy transition, but the Telepathy team
should know better
Empathy shouldn't be a problem for transitions as far as I can see. Some
libraries with questionable ABIs (libempathy and libempathy-gtk) have
been removed, but nothing in testing seems to depend on them
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
nel is an orphaned library with no reverse dependencies and an RC bug. Lubos
Novak and Michal Cihas have apparently done some work on updating to the latest
upstream version, so hopefully if it
)
+
+ -- Simon McVittie s...@debian.org Sat, 07 Aug 2010 00:04:45 +0100
+
openarena (0.8.5-2) unstable; urgency=low
[ Simon McVittie ]
diff --git a/debian/patches/0010-CL_MouseMove-some-sort-of-mouse-acceleration-tweak.patch b/debian/patches/0010-CL_MouseMove-some-sort-of-mouse-acceleration
On Sat, 07 Aug 2010 at 13:32:43 -0400, Adam D. Barratt wrote:
On Sat, August 7, 2010 12:50, Simon McVittie wrote:
Preferred: fix 0.8.5 and let it migrate
Please go ahead, and ping us once uploaded.
Uploaded, thanks. No changes since the diff I sent, other than `dch -r` and
medium urgency
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: freeze-exception
openarena and openarena-data don't seem to be migrating. They have a
versioned Depends/Breaks cycle, to ensure matching upstream versions without
a cyclic dependency, so I think
On Mon, 16 Aug 2010 at 20:10:37 +0200, Julien Cristau wrote:
Colin Walters has released dbus-glib 0.88, with a security fix for
system-bus
services that use dbus-glib (CVE 2010-1172,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753, Red Hat #585394,
LP #616517).
Please upload
it in a subdirectory.
+It turns out that OpenArena 0.8.1 and 0.8.5 aren't network-compatible.
+ * Depend on openarena-data (= 0.8.5-3~) which causes us to load the
+0.8.1-compatible game logic whenever the upstream version would use
+0.8.1's bytecode (Closes: #592965)
+
+ -- Simon McVittie s
retitle 593981 unblock: openarena/0.8.5-4 openarena-data/0.8.5-3
thanks
On Tue, 24 Aug 2010 at 20:08:49 +0100, Adam D. Barratt wrote:
Please go ahead, and let us know once the packages have been accepted.
Accepted, eventually... 300M binary packages are rather unwieldy :-(
Please consider:
On Mon, 16 Aug 2010 at 20:10:37 +0200, Julien Cristau wrote:
Can you give us the list of packages that need to be rebuilt against the
new dbus-glib?
I've looked through the packages that link dbus-glib. In addition to the
three I asked for before, please schedule upower:
nmu upower_0.9.5-1
On Mon, 06 Dec 2010 at 05:05:54 +0100, Guillem Jover wrote:
I guess the inetd se_v4mapped logical inversion fix and the “ping -w”
support, both from upstream 1.8, would be important to have.
My backport of making tcp/udp be v4-only already included the inversion fix
as part of the conflict
licenses into debian/copyright
-- Simon McVittie s...@debian.org Sun, 09 Jan 2011 01:14:19 +
debian/patches/0012-Do-not-check-for-unused-opie-library.patch
| 26 +++
debian/patches/0013-inetd-Change-protocol-semantics-in-inetd.conf.patch
| 77 ++
debian
On Tue, 11 Jan 2011 at 20:46:08 +, Adam D. Barratt wrote:
On Sun, 2011-01-09 at 01:29 +, Simon McVittie wrote:
I'd like RT permission for an NMU of inetutils to t-p-u.
Please go ahead; thanks for working on this.
Uploaded with the diff I cited, and ACCEPTED.
S
On Wed, 23 Feb 2011 at 13:52:35 -0800, Steve Langasek wrote:
we almost certainly will not be using the path which has been enabled
in glibc up to now, namely /lib/i486-linux-gnu.
I'd heard that, and was somewhat concerned about whether that'd block
multiarch for yet another release cycle; I'm
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
telepathy-gabble 0.13.0-1/amd64 was built against an experimental libgnutls26
(#629879). Please schedule:
nmu telepathy-gabble_0.13.0-1 . amd64 . -m rebuild to drop dependency from
(1.2.24-4+squeeze1) stable; urgency=low
+
+ * Update Vcs-* control fields to reflect the move to git
+ * Apply patch to fix upstream bug fd.o #38120, which is a local DoS for
+system services (Closes: #629938)
+
+ -- Simon McVittie s...@debian.org Tue, 14 Jun 2011 19:45:00 +0100
+
dbus (1.2.24-4
On Tue, 14 Jun 2011 at 20:02:26 +0100, Simon McVittie wrote:
+dbus (1.2.24-4+squeeze1) stable; urgency=low
+
+ * Update Vcs-* control fields to reflect the move to git
+ * Apply patch to fix upstream bug fd.o #38120, which is a local DoS for
+system services (Closes: #629938
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
gnome-shell doesn't build-depend on libmozjs-dev, but ends up linked against
libmozjs indirectly; when both libmozjs4d and libmozjs5d end up in the
gnome-shell process, it segfaults and
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
openarena/0.8.5-5+squeeze1 fixes #635733, proposed diff attached.
On Thu, 28 Jul 2011 at 14:11:47 +0100, Simon McVittie wrote:
ioquake3 1.36+svn1946-4 fixes a security vulnerability
On Fri, 29 Jul 2011 at 09:04:57 +0100, Adam D. Barratt wrote:
On Thu, 28 Jul 2011 14:27:47 +0100, Simon McVittie wrote:
openarena/0.8.5-5+squeeze1 fixes #635733, proposed diff attached.
Please go ahead; thanks.
I uploaded this a while ago; does it need manual intervention?
Thanks,
S
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
Please consider binNMUing gnome-shell in experimental (if that's something
the release team do):
nmu gnome-shell_3.0.2-3 . ALL . -m rebuild against libgjs0-libmozjs7d
1.29.0-2+b1
Thanks,
On 18/03/12 15:58, Adam D. Barratt wrote:
On Thu, 2012-03-08 at 14:12 +, Simon McVittie wrote:
* As a precaution, disable auto-downloading
Specifically, this not only disables auto-downloading but prevents users
from turning it back on should they so wish. I assume the logic here
On 24/03/12 16:53, Adam D. Barratt wrote:
Thanks for the explanation, and apologies for the delay in getting back
to you again; please feel free to go ahead with the upload.
Uploaded.
Thanks,
S
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of
below; debdiff attached; separated patch also attached, for better
legibility.
Regards,
S
tremulous (1.1.0-8~squeeze1) stable; urgency=low
* Stable update, incorporating a security fix from unstable
-- Simon McVittie s...@debian.org Thu, 29 Mar 2012 20:40:49 +0100
tremulous (1.1.0-8
On Thu, 29 Mar 2012 at 21:42:42 +0100, Simon McVittie wrote:
This update reduces attackers' ability to perform a reflected DoS attack by
sending spoofed UDP packets to multiple Tremulous servers, by rate-limiting
large responses to those packets. It's the same thing as DSA-2442-1 in
OpenArena
)
+
+ -- Simon McVittie s...@debian.org Sat, 03 Jan 2009 17:11:00 +
+
dietlibc (0.31-1.1) unstable; urgency=high
* Non-maintainer upload.
diff -u dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff
. bad password) (closes: #495199, severity important)
+ * Add patch from upstream to avoid assertion failure in libpurple if the
+user supplies an empty server parameter or one containing spaces
+(closes: #495201, severity important)
+ * Add myself to Uploaders
+
+ -- Simon McVittie [EMAIL
On 30/11/12 11:55, Niels Thykier wrote:
The packages have been selected based on the following criteria: *
The package had at least one RC bug without activity for the past
14 days.
...
Debian GNOME Maintainers
pkg-gnome-maintain...@lists.alioth.debian.org gnome-dvb-daemon
(U)
I have no
On 01/12/12 11:40, Julien Cristau wrote:
On Fri, Sep 14, 2012 at 11:02:00 +0100, Simon McVittie wrote:
unanimous feedback from users and the Games Team was that they
would prefer an are you sure? prompt when auto-downloading was
enabled.
Is the rest of the user interface generally
on openarena-server
(Closes: #695334)
-- Simon McVittie s...@debian.org Fri, 07 Dec 2012 09:40:17 +
diffstat for openarena-0.8.8 openarena-0.8.8
changelog | 13 +
openarena-dbg.preinst
On 29/12/12 17:55, Julien Cristau wrote:
- if possible, get a list of packages in squeeze that expose an
affected struct (gstreamer, glibmm, others?)
Ping. We need to make some progress here...
I'm still trying to construct this list. It's going to take a while.
On the positive side, it
On 30/11/12 12:51, Julien Cristau wrote:
Before rebuilding the world, I'd like to avoid breaking partial
upgrades.
Here is an attempt at a better list of packages via better choice of
regexps, with notes on methodology.
Sourceful uploads (multi-arch):
gstreamer0.10 (sourceful upload request:
) unstable; urgency=low
+
+ [ Sebastian Dröge ]
+ * debian/changelog:
++ Remove merge conflict marker (Closes: #660798).
+
+ [ Iain Lane ]
+ * debian/control:
++ Add Vcs- headers
+
+ [ Simon McVittie ]
+ * Non-maintainer upload
+ * Rebuild against GLib 2.32 (Closes: #697025
A simple rebuild (no source changes) on amd64 results in a swami GUI
executable that runs, but I have no idea how to test it, or indeed make
it do anything at all.
It appears to default to trying to exec jackd (which is only suggested,
and that only indirectly) and output via that; with the
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please consider:
unblock swami/2.0.0+svn389-2
This is one of the two sourceful uploads for #694525.
diffstat for swami-2.0.0+svn389 swami-2.0.0+svn389
changelog |7 +++
control
On 01/01/13 13:26, Julien Cristau wrote:
On Sun, Dec 30, 2012 at 23:28:13 +, Simon McVittie wrote:
I've only tested this fairly trivially (totem still plays
videos); I'll do some more testing before uploading if it becomes
necessary, but it'd be better if a maintainer could do proper
On 09/01/13 21:54, Michael Biebl wrote:
On 09.01.2013 22:29, Simon McVittie wrote:
As far as I can work out, bumping libgstreamer0.10-0's shlibs
would only help to achieve this if we additionally NMU a bunch of
packages to rebuild them against the new libgstreamer0.10-0 so
they get
On 12/01/13 16:59, Adam D. Barratt wrote:
On Thu, 2012-10-04 at 13:56 +0100, Simon McVittie wrote:
CVE-2012-3524 (#689070) is a local root privilege escalation vulnerability
...
it looks like applying the patches to unstable /
testing was happily uneventful in terms of any issues arising
On 12/01/13 17:29, Adam D. Barratt wrote:
On Sat, 2013-01-12 at 17:23 +, Simon McVittie wrote:
On 12/01/13 16:59, Adam D. Barratt wrote:
On Thu, 2012-10-04 at 13:56 +0100, Simon McVittie wrote:
CVE-2012-3524 (#689070) is a local root privilege escalation vulnerability
dbus_1.2.24-4
On 26/01/13 12:19, Julien Cristau wrote:
On Sun, Dec 30, 2012 at 22:56:52 +, Simon McVittie wrote:
ats-lang-anairiats_0.2.6-1 \
version mismatch (sid has 0.2.9-1, wheezy 0.2.3-1)
0.2.9-1 is OK, it was uploaded pretty recently.
0.2.3-1 needs a binNMU in wheezy, I think I asked
of *.gateway.messenger.live.com rather than
+the correct messenger.live.com (Closes: #699233)
- -- Michael Biebl bi...@debian.org Sun, 05 Aug 2012 20:38:11 +0200
+ -- Simon McVittie s...@debian.org Sat, 02 Feb 2013 12:49:46 +
empathy (3.4.2.3-1) unstable; urgency=low
diff -Nru
empathy-3.4.2.3/debian/patches
:15:32.0 +
@@ -1,3 +1,11 @@
+dbus-glib (0.100.1-1) unstable; urgency=high
+
+ * New upstream security release
+- fixes insufficient checking leading to authentication bypass in
+ pam_fprintd (CVE-2013-0292)
+
+ -- Simon McVittie s...@debian.org Fri, 15 Feb 2013 17:03:52 +
to authentication bypass in pam_fprintd (CVE-2013-0292)
+(Closes: #700638)
+
+ -- Simon McVittie s...@debian.org Fri, 15 Feb 2013 17:58:34 +
+
dbus-glib (0.88-2.1) unstable; urgency=high
* Non-maintainer upload.
only in patch2:
unchanged:
---
dbus-glib-0.88.orig/debian/patches/0001-CVE-2013
to fix the HTML documentation (Closes: #701623)
+- no source changes
+
+ -- Simon McVittie s...@debian.org Mon, 25 Feb 2013 12:58:58 +
ChangeLog| 124
config.guess | 49
config.sub
upstream
+- fixes a remotely-triggerable DoS (CVE-2013-1769, Closes: #702252)
+
+ -- Simon McVittie s...@debian.org Mon, 04 Mar 2013 15:10:21 +
+
telepathy-gabble (0.16.1-2) unstable; urgency=low
* Add patch from 0.16.2 to fix a potential use-after-free when
diff -Nrua
telepathy
certificates (Closes: #706094)
+
+ -- Simon McVittie s...@debian.org Wed, 24 Apr 2013 16:43:37 +0100
+
telepathy-idle (0.1.11-2) unstable; urgency=low
* debian/patches/Support-trailing-parameter-without-a-initial.patch:
diff -Nru telepathy-idle-0.1.11/debian/gbp.conf telepathy-idle-0.1.11/debian
google account vcard
+
+Origin: backport, commit:add79d54e, 3.8.2
+Backported-by: Simon McVittie s...@debian.org
+Bug-Debian: http://bugs.debian.org/706900
+---
+ libempathy-gtk/empathy-contact-widget.c | 11 +++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/libempathy-gtk/empathy-contact
On 22/05/13 22:14, Adam D. Barratt wrote:
On Sat, 2013-05-11 at 17:58 +0100, Adam D. Barratt wrote:
On Thu, 2013-04-25 at 12:47 +0100, Simon McVittie wrote:
The version of telepathy-idle in wheezy does not validate IRC servers'
SSL certificates when used with SSL (#706094, CVE ID requested
On 06/06/13 22:19, Adam D. Barratt wrote: On Thu, 2013-05-23 at 11:10
+0100, Simon McVittie wrote:
Cc pkg-telepathy-maintainers: could someone who uses telepathy-idle
regularly please pick this up?
Apparently the answer to that is no. :-(
Sorry, I've been holding off on this because
On Fri, 07 Jun 2013 at 09:38:02 +0100, Simon McVittie wrote:
Does the RT have any opinion on which of the possible resolutions would
be acceptable/preferred for stable?
In the absence of feedback, I've assumed that this one is likely
to be unacceptable:
* upload 0.1.16 to wheezy (~1k lines
On 16/06/13 19:11, Adam D. Barratt wrote: On Sun, 2013-06-16 at 14:10
+0100, Simon McVittie wrote:
Assuming my backport gets accepted into wheezy-backports, does the
attached debdiff look OK?
Yes, thanks.
Uploaded.
S
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
I'd like to update telepathy-gabble/wheezy to fix inability to connect
to Facebook XMPP chat, for which a fix is on its way to unstable
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
AT-SPI udebs were uploaded before all their dependencies had been made
available as udebs, so they have an unsatisfiable dependency on the full
version of libdbus-1-3. Please rebuild them,
Package: release.debian.org
Severity: normal
Could you please nudge nss-mdns into testing? It would normally have migrated
by now, but it has a transitional package on amd64 with a dependency that
can only be satisfied by having i386 as a foreign architecture.
This is similar to the situation
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
(I am not speaking for the GNOME maintainers, and I don't know
whether they are ready to start this transition.)
Various packages in GNOME 3.10 depend on clutter1.0 from experimental.
On Tue, 28 Jan 2014 at 12:17:51 +, Simon McVittie wrote:
Various packages in GNOME 3.10 depend on clutter1.0 from experimental. The
first step towards a new GNOME in unstable (or less painful installations
from experimental) seems to be to upgrade src:cogl
GNOME maintainers: do you want
On Sat, 08 Mar 2014 at 21:33:59 +0100, Emilio Pozuelo Monfort wrote:
Yet another GNOME transition; this time it's cogl's turn.
I assume this is the cogl 1.17/1.18 branch for GNOME 3.12, superseding my
earlier suggestion (#736920) of a cogl 1.16 transition (libcogl15,
corresponding to GNOME
On Sat, 08 Mar 2014 at 21:33:59 +0100, Emilio Pozuelo Monfort wrote:
is_affected = .depends ~ /libcogl12|libcogl-pango12|libcogl-gles2-12/ |
.depends ~ /libcogl20|libcogl-pango20|libcogl-gles2-20|libcogl-path20/;
The transition at https://release.debian.org/transitions/html/libcogl20.html
has
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
As described in the 'serious' bug I just filed against it, mp3gain
contains a 10ish-year-old embedded code copy of mpglib (originating from
src:mpg123, I think) with known buffer overflows
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
mp3gain, an implementation of ReplayGain volume normalization, contains
a very old modified version of mpglib, an MPEG audio decoder maintained
as part of mpg123.
Gustavo Grieco
On Wed, 19 Mar 2014 at 23:54:41 +, Simon McVittie wrote:
A proposed debdiff is attached.
Sorry, it wasn't. Here it is.
S
diffstat for mp3gain-1.5.2-r2 mp3gain-1.5.2-r2
changelog | 12 ++
patches/0011-CVE-2004-0805-layer2
On Thu, 20 Mar 2014 at 01:06:20 +0100, Cyril Brulebois wrote:
Simon McVittie s...@debian.org (2014-03-19):
A proposed debdiff is attached.
No it's not.
Sorry about that. I realised that just after I sent the message, and sent
a follow-up that does include it, which you might not have seen
reopen 742112
thanks
Cyril Brulebois wrote:
The following should do:
kibi@franck:~$ head -4 hints/kibi
# 2014-03-19
# RoM: #742112
remove mp3gain/1.5.2-r2-5
block mp3gain
Unfortunately, I hadn't spotted that it isn't a leaf package - easymp3gain
depends on it.
I see two
On 01/04/14 21:48, Adam D. Barratt wrote:
On Wed, 2014-03-19 at 23:54 +, Simon McVittie wrote:
mp3gain, an implementation of ReplayGain volume normalization, contains
a very old modified version of mpglib, an MPEG audio decoder maintained
as part of mpg123.
...
Please go ahead; thanks
+
+ * CVE-2014-3477: add patch to avoid a denial of service (failure to obtain
+bus name) in newly-activated system services that not all users are
+allowed to access
+
+ -- Simon McVittie s...@debian.org Fri, 06 Jun 2014 18:40:22 +0100
+
dbus (1.6.8-1+deb7u1) wheezy-security; urgency=high
On Tue, 10 Jun 2014 at 18:51:21 +0100, Simon McVittie wrote:
I still need to confirm the attached patch on a wheezy system, but
assuming it works and fixes the vulnerability, may I upload?
(Tested on wheezy; yes it works, yes it fixes the vulnerability.)
S
--
To UNSUBSCRIBE, email
On 12/06/14 19:46, Adam D. Barratt wrote:
On Tue, 10 Jun 2014 at 18:51:21 +0100, Simon McVittie wrote:
I still need to confirm the attached patch on a wheezy system, but
assuming it works and fixes the vulnerability, may I upload?
Please go ahead; thanks.
dbus/1.6.8-1+deb7u2 is now
1 - 100 of 664 matches
Mail list logo
