Package: mediatomb-daemon
Version: 0.12.1-4
Severity: grave
Tag: security
This is a regression of the bug that was fixed in #580120, but somehow the
patch applied got revert. Anyone can list and download all the file
accessible to the mediatomb user via the daemon web interface, which is
binded
On Tue, 2015-02-17 at 15:50 -0300, Felipe Sateler wrote:
On Tue, Feb 17, 2015 at 1:44 PM, Adrian Knoth a...@drcomp.erfurt.thur.de
wrote:
I am happy to upload, but I cannot commit to reviewing the packaging
on my own. If other members of the team help up reviewing the package,
I am willing
Processing commands for cont...@bugs.debian.org:
unarchive 580120
reopen 580120
Bug #580120 {Done: Alexander Reichle-Schmehl toli...@debian.org} [mediatomb]
mediatomb allows anyone to browse and export the whole filesystem
'reopen' may be inappropriate when a bug has been closed with a
Control: tags -1 + patch
Am Mittwoch, den 18.02.2015, 10:53 +0100 schrieb Fabian Greffrath:
But this is still not the cause of the crash, sigh! Patching the sample
to report 1 channel, it still crashes at the same location.
Phew, got it.
This time, it was a simple logical error in the lame
Processing control commands:
tags -1 + patch
Bug #778529 [lame] lame: fill_buffer_resample segmentation fault
Added tag(s) patch.
--
778529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Am Dienstag, den 17.02.2015, 11:19 +0100 schrieb Fabian Greffrath:
But, the sample at hand reports -251 channels. Adding ... ||
gfp-num_channels 0) to Maks' patch actually fixes the crash.
But this is still not the cause of the crash, sigh! Patching the sample
to report 1 channel, it still
Processing commands for cont...@bugs.debian.org:
unarchive 580120
Bug #580120 {Done: Alexander Reichle-Schmehl toli...@debian.org} [mediatomb]
mediatomb allows anyone to browse and export the whole filesystem
Unarchived Bug 580120
thanks
Stopping processing here.
Please contact me if you need
On Wed, Feb 18, 2015 at 4:22 PM, Andrew Kelley superjo...@gmail.com wrote:
Happy Groove Basin user :-)
Not a Debian user but still, I thought it would be nice to see a happy user
of a project packaged by the Multimedia Team.
:) Thanks for forwarding this.
--
Saludos,
Felipe Sateler
Happy Groove Basin user :-)
Not a Debian user but still, I thought it would be nice to see a happy user
of a project packaged by the Multimedia Team.
-- Forwarded message --
From: kevin folz kevinf...@gmail.com
Date: Wed, Feb 18, 2015 at 11:54 AM
Subject: Thank YOU! GrooveBasin
Source: pyliblo
Version: 0.9.2-1
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
Hi!
While working on Debian's “reproducible builds” effort [1], we have
noticed that pyliblo-utils had different dependencies in two different
builds [2].
In the first build it had:
Depends:
(oops, forgot to include tino, who might not be subscribed to p-m-m;
sorry for the noise)
On 02/17/2015 07:50 PM, Felipe Sateler wrote:
As for DDs: ales...@debian.org or umlae...@debian.org, we have even more
in the multimedia team.
I am happy to upload, but I cannot commit to reviewing the
On 02/17/2015 07:50 PM, Felipe Sateler wrote:
As for DDs: ales...@debian.org or umlae...@debian.org, we have even more
in the multimedia team.
I am happy to upload, but I cannot commit to reviewing the packaging
on my own. If other members of the team help up reviewing the package,
I am
Hi all,
I purged and installed the libavtools package. I do not see the
.conffile any longer.
$ pkg=libav-tools ; adequate $pkg ; dpkg-query -W -f='${Conffiles}\n'
$pkg | grep obsolete
$
$ dpkg -L libav-tools | grep avserver.conf
$
So it seems the conffile is no longer there.
--
mediatomb 0.12.1-7 is marked for autoremoval from testing on 2015-03-05
It is affected by these RC bugs:
580120: mediatomb: mediatomb allows anyone to browse and export the whole
filesystem
___
pkg-multimedia-maintainers mailing list
Am Donnerstag, den 19.02.2015, 07:21 +0100 schrieb Fabian Greffrath:
18446744073709407040 as size_t type, i.e. unlimited. And indeed
fread() returns 3967 bytes into the samples_read variable.
Unfortunately, these 3967 bytes have been written into the static int
array sample_buffer which was
glyr_1.0.8-1~exp1_i386.changes uploaded successfully to localhost
along with the files:
glyr_1.0.8-1~exp1.dsc
glyr_1.0.8.orig.tar.gz
glyr_1.0.8-1~exp1.debian.tar.xz
libglyr1_1.0.8-1~exp1_i386.deb
libglyr1-dbg_1.0.8-1~exp1_i386.deb
libglyr-dev_1.0.8-1~exp1_i386.deb
Processing control commands:
tags -1 + patch security
Bug #778703 [lame] lame: segmentation fault at get_audio.c:865
Added tag(s) security and patch.
--
778703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + patch security
Hi again Henri,
Am Mittwoch, den 18.02.2015, 20:59 +0200 schrieb Henri Salo:
I found another segmentation fault crash while fuzzing with AFL
http://lcamtuf.coredump.cx/afl/. For some reason I can't get full backtrace
with gdb.
now this is really only caused
Hi,
Nearly fullquote for reference:
Axel Beckert wrote on 6th of January 2015:
Debian FTP Masters wrote:
An exception was raised while processing the package:
Traceback (most recent call last):
File /srv/ftp-master.debian.org/dak/dak/process_policy.py, line 99, in
wrapper
Hi,
2015-02-17 14:18 GMT+01:00 hans.pe...@trash-mail.com:
Package:forked-daapd
Version: 22.0-1
When I try to connect the newest Itunes version 12.1 to my server with
forked-daapd on it, it shows that the library is empty. With previous
versions of Itunes that did not happen, so i think
On Wed, Feb 18, 2015 at 12:11:35PM +0100, Fabian Greffrath wrote:
Phew, got it.
Thank you for your comprehensive analysis. I have verified that the patch fixes
this issue. Should I report this to upstream bug tracker or does package
maintainer handle that? Bug tracker in sourceforge.net does not
mpv_0.8.0-1+ffmpeg.dsc has incorrect md5 checksum; deleting it
mpv_0.8.0-1+ffmpeg.debian.tar.xz has incorrect size; deleting it
mpv_0.8.0-1+ffmpeg_amd64.deb has incorrect size; deleting it
Greetings,
Your Debian queue daemon (running on host coccia.debian.org)
mpv_0.8.0-1_amd64.changes uploaded successfully to ftp-master.debian.org
along with the files:
mpv_0.8.0-1.dsc
mpv_0.8.0.orig.tar.gz
mpv_0.8.0-1.debian.tar.xz
mpv_0.8.0-1_amd64.deb
mpv-dbg_0.8.0-1_amd64.deb
libmpv1_0.8.0-1_amd64.deb
libmpv-dev_0.8.0-1_amd64.deb
mpv_0.8.0-1_amd64.changes uploaded successfully to localhost
along with the files:
mpv_0.8.0-1.dsc
mpv_0.8.0.orig.tar.gz
mpv_0.8.0-1.debian.tar.xz
mpv_0.8.0-1_amd64.deb
mpv-dbg_0.8.0-1_amd64.deb
libmpv1_0.8.0-1_amd64.deb
libmpv-dev_0.8.0-1_amd64.deb
libmpv-dbg_0.8.0-1_amd64.deb
Am Mittwoch, den 18.02.2015, 12:11 +0100 schrieb Fabian Greffrath:
This time, it was a simple logical error in the lame sources: The fake
sample rate of the fuzzed input file is 1631 kHz which lame tries to
sample down to 48 kHz in the process of encoding. The ratio between
input and
Processing commands for cont...@bugs.debian.org:
tags 778669 + security
Bug #778669 [mediatomb-daemon] mediatomb allows anyone to browse and export the
whole filesystem
Added tag(s) security.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
778669:
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Wed, 18 Feb 2015 15:12:55 +0100
Source: mpv
Binary: mpv mpv-dbg libmpv1 libmpv-dev libmpv-dbg
Architecture: source amd64
Version: 0.8.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
mpv_0.8.0-1+ffmpeg.dsc doesn't exist
mpv_0.8.0-1+ffmpeg.debian.tar.xz doesn't exist
mpv_0.8.0-1+ffmpeg_amd64.deb doesn't exist
mpv-dbg_0.8.0-1+ffmpeg_amd64.deb has incorrect size; deleting it
Due to the errors above, the .changes file couldn't be processed.
Please fix the problems for the upload
28 matches
Mail list logo
