Bruce Allen ha scritto:
Hi Everyone,
Hi Bruce, glad to read you :)
I agree with this criticism. If the user has included a '-M' option and
/usr/bin/mail does NOT exist, the script should NOT exit silently; it
should generate visible error messages explaining what is wrong.
Do you mean also
reopen 541192
retitle 541192 run.d/10mail exits silently if /usr/bin/mail is missing
severity 541192 minor
thanks
Bruce Allen ha scritto:
Why not something like this?
# Send mail if /usr/bin/mail exists or exit silently
[ -x /usr/bin/mail ] || (echo Your system does not have /usr/bin/mail.
tag 546350 moreinfo
thanks
Hi,
coleccionspam ha scritto:
Starting S.M.A.R.T. daemon: smartd failed!
invoke-rc.d: initscript smartmontools, action start failed.
dpkg: error al procesar smartmontools (--install):
el subproceso post-installation script devolvió el código de salida de
error 1
severity 546292 normal
tag 546292 moreinfo
thanks
Hi,
Olaf Foellinger ha scritto:
I cannot upload pictures from file system to my wordpress based blog. It
works neither in firefox nor in internet explorer.
Have you used /usr/share/doc/wordpress/examples/setup-mysql script to setup a
proper
Olaf Foellinger ha scritto:
it's a long time since I've setup the blog, back in 2004 on etch. Have the
script been available then? I think I haven't used it.
Probably yes, anyway:
mkdir -p /srv/www/wp-uploads/yourblogdomain.tld
chown -R root:www-data /srv/www/wp-uploads
chmod -R 0774
Hi,
Could you provide steps to reproduce the segfault please?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi,
Marek Grzybowski ha scritto:
Thanks for answer, its my reproduction :
Could you test these packages please?
http://sd6.iuculano.it/sec/nagios2/.tmp/
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Marek Grzybowski ha scritto:
Instalation Ok:
# dpkg -i *.deb
(Reading database ... 20978 files and directories currently installed.)
Preparing to replace nagios2-common 2.6-2+etch4 (using
nagios2-common_2.6-2+etch5~temp1_all.deb) ...
Stopping nagios2 monitoring daemon: nagios2.
Unpacking
Hi,
local screen lock bypass vulnerability in xscreensaver is not important enough
to get it fixed via regular security update in Debian stable and oldstable. It
does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release
Package: kdelibs,kde4libs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs and kde4libs.
CVE-2009-2702[0]:
| KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
Package: apache2.2-common
Version: 2.2.12-1
Severity: normal
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for apache2.
CVE-2009-3094[0]:
| The ap_proxy_ftp_handler function in
Package: rails
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for rails.
CVE-2009-3086[0]:
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x
| before 2.3.4, leaks information about the complexity of
) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed integer overflow in XMakeImage function in xwindow.c
+(Closes: #530946) (CVE-2009-1882)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 10 Sep 2009 19:08:13 +0200
+
graphicsmagick (1.3.5-5) unstable; urgency=high
* debian
Package: qt4-x11
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qt4-x11.
CVE-2009-2700[0]:
| src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not
| properly
Hi,
Tormod Volden ha scritto:
I have pushed what I think is a better solution here:
http://git.debian.org/?p=users/tormod-guest/dmraid.git;a=summary
Thanks for your work on dmraid.
* [f333bc0] dmraid-activate: Add support for nodmraid boot option
to disable dmraid even if fakeraid
Tormod Volden ha scritto:
If you boot from a live CD, or whatever (temporary or fix) boot disk
well, so probably we need another boot option to force dmraid -Z also if root
partition is not in a dmraid array. Removing that code will help live cd users,
but doesn't fix the original issue.
The
Package: libcap-ng
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
there is a new upstream release, 0.6.1, please update the Debian package.
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Package: libcap-ng
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
thanks for maintaining libcap-ng.
debcheck for smartmontools[1] warns me about a depends to libcap-ng0 which is
extra.
I think libcap-ng should have optional priority, why extra?
found 537856 5.38+svn2879-3
thanks
Hi Petr,
Petr Salinger ha scritto:
found 537856 5.38+svn2879-1
found 537856 5.38+svn2879-2
--
Hi,
two more problems with current snapshot.
1) The os_freebsd.cpp uses reallocf(), which is specific for *BSD libc.
See
Sheridan Hutchinson ha scritto:
I attach my syslog and mainlog from /var/log/exim4
Both look ok to me.
No they aren't, in your previous email you pasted:
Sep 4 12:12:56 localhost smartd[8830]: Executing test of
/usr/share/smartmontools/smartd-runner to root ...
Sep 4 12:12:56 localhost
Sheridan Hutchinson ha scritto:
I see. This is because the syslog I gave you was from my laptop where
I performed those two commands you asked last night (and it sent the
email) however previously I had pasted my a fragment from the syslog
on my desktop.
I pasted the syslog from the laptop
reopen 544940
tags 544940 unreproducible
thanks
Sheridan Hutchinson ha scritto:
New syslog and mainlog (exim4) attached. Looking at the mainlog it is
clear that the 'run-parts' command reaches exim4, it just seems that
for whatever reason the normal daemon just doesn't seem to reach exim.
Sheridan Hutchinson ha scritto:
#012/etc/smartmontools/run.d/10mail:#012exim: setgroups() failed:
Operation not permitted#012Can't send mail: sendmail process
failed#012
Sep 5 14:54:49 localhost smartd[31455]: Test of
/usr/share/smartmontools/smartd-runner to root: successful
Sep 5
Sheridan Hutchinson ha scritto:
2009/9/5 Giuseppe Iuculano giuse...@iuculano.it:
Are you using Selinux ?
Nope, stock kernel and have never configured anything to do with Selinux.
Have you /usr/sbin/check-selinux-installation ? If you have please run it.
Cheers,
Giuseppe.
signature.asc
Hi,
Sheridan Hutchinson ha scritto:
I installed mailutils, added the -M test switch and restarted smartmontools.
Again, I get a syslog and X11 notification, but no email. I've sent
email to root from other user accounts and they arrive just fine.
Could you paste the relevant syslog lines?
Hi,
Stuart Pook ha scritto:
I would like to be able to continue to specify by disks by their names
in /dev/disk/by-id. This avoids problems when I move the disks.
Yes, I already contacted upstream for that, I'm waiting for an answer.
Why does smartd (run as root!) refuse to use a
Sheridan Hutchinson ha scritto:
and I use the default devicescan in the smartd.conf so this should be
easily replicable by others if it's a problem with smartmontools
rather than specific to my machine configurations.
I really suspect it is a misconfiguration (on exim?) because I can't
Sheridan Hutchinson ha scritto:
Given that I can do all these things with exim4, it's difficult for me
to see how my exim4 configuration could be misconfigured, because all
my mail functions are being served reliably!
Ok, please:
echo test testsmart
run-parts --report --lsbsysinit
Sheridan Hutchinson ha scritto:
2009/9/4 Giuseppe Iuculano giuse...@iuculano.it:
Sheridan Hutchinson ha scritto:
Given that I can do all these things with exim4, it's difficult for me
to see how my exim4 configuration could be misconfigured, because all
my mail functions are being served
Sheridan Hutchinson ha scritto:
I do now indeed, get an email to root!!
It looks like you've cracked it man!?
No, I only more confused, that is the command smartd launch.
Please send me your syslog and exim logs.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi Stuart,
Stuart Pook ha scritto:
: root; sed -e 's/#.*//' -e '/^ *$/d' /etc/smartd.conf
/dev/disk/by-id/ata-ST3200822A_3LJ00N4L -n standby -a -S on -m root
/dev/disk/by-id/ata-WDC_WD6400AAKS-00A7B2_WD-WMASY2546840 -n standby -a -S on
-s (L/../../2/05|S/../.././05) -m root
: root; ls -l
Hi Petr,
Petr Salinger ha scritto:
please alter Build-Depends to use libcap-ng-dev only on linux
by using libcap-ng-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386]
Committed in the git repository, thanks.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi Guido,
Guido Günther ha scritto:
Package: wnpp
Severity: normal
I request an adopter for the smartmontools package.
I'd would be interested in maintaining smartmontools
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
Guido Günther ha scritto:
Great. Could you check with Florian cont...@marsmenschen.com
since he already did some work on this package? Maybe you both can
co-maintain it?
Sure. Florian, would you like co-maintain it?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: wnpp
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I request an adopter for the secpanel package.
The package description is:
SecPanel is a graphical user interface for managining
and running secure shell (ssh) and secure network copy
(scp) connections via OpenSSH.
Hi,
#540751 was fixed, so a binNMU of wxwidgets2.8 should fix this issue.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: squirrelmail
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squirrelmail.
CVE-2009-2964[0]:
| Multiple cross-site request forgery (CSRF) vulnerabilities in
| SquirrelMail
Package: buildbot
Version: 0.7.10p1-1,0.7.8-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for buildbot.
CVE-2009-2959[0]:
| Cross-site scripting (XSS) vulnerability in the waterfall web
retitle 543861 ITA: tcptraceroute -- traceroute implementation using TCP packets
owner 543861 !
thanks
Hi Daniel,
Daniel Baumann ha scritto:
I am orphaning tcptraceroute.
I use it regularly, I'd like to adopt it.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Martin Zobel-Helas ha scritto:
I would like to help here as well.
Sure, would be acceptable to you to maintain tcptraceroute in a git repository?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi,
Matthew Carroll ha scritto:
This upgrade broke all of our wordpress instances, as the config files for
each
site are sym-linked from /etc/wordpress to separate locations for each site.
Perhaps there is a better way of fixing this injection vulnerability that
still
allows sym-linked
Hi Aaron!
Aaron M. Ucko ha scritto:
Sorry to bother you again, but I'd appreciate it if you could make one
You are welcome. You didn't bother me at all!
-ps ax -o \tty,pid,ruser,args\/* linux */
+ps axk \tty,ruser,args\ -o \tty,pid,ruser,args\/* linux */
Seems fine, I
found 543224 3.2.6-0.1
tags 543224 patch
thanks
Hi,
after an upgrade from 3.2.1.1-0.1 to 3.2.6-0.1 this bug exists:
# LANG=C dpkg -l tinymce
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/
Package: ntop
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ntop.
CVE-2009-2732[0]:
| The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
| allows remote attackers to
tags 517969 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 23 Aug 2009 12:00:29 +0200.
The fix will be in the next upload.
=
Removed
Package: tinymce
Version: 3.2.1.1-0.1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
tinymce makes files in /usr/share writable by non-root (www-data). See policy
10.9.
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Package: wnpp
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since I no longer have the hardware necessary for testing this
package, I request an adopter for the toshset package.
The package description is:
Toshset is a command-line tool to allow access to much of the
Toshiba
Package: wnpp
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since I no longer have the hardware necessary for testing this
package, I request an adopter for the toshutils package.
The package description is:
This is a collection of utilities to control a Toshiba laptop. It
tags 542327 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 23 Aug 2009 17:27:19 +0200.
The fix will be in the next upload.
=
Fixed
tags 542256 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 23 Aug 2009 17:53:15 +0200.
The fix will be in the next upload.
=
debian
Package: neon27,neon26,neon
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for neon.
CVE-2009-2474[0]:
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' character in
reassign 542972 libdumbnet
thanks
Hi,
Lucas Nussbaum ha scritto:
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part:
gcc -g -O2 -Wall -Werror -lpthread -lpcap -ldumbnet -lnet -L/usr/lib
-I/usr/include -DLINUX -DDEBIAN -o arpon arpon.c
Aaron M. Ucko ha scritto:
Giuseppe Iuculano giuse...@iuculano.it writes:
I can't reproduce that, could you send me your full
/var/log/chkrootkit/log.today.raw please?
Attached. I suspect the bug is in the chkutmp executable itself
Yes, it should be. Could you compile the attacked
Package: libcompress-raw-bzip2-perl
Version: 2.020-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libcompress-raw-bzip2-perl.
CVE-2009-1884[0]:
| Off-by-one error in the
Hi Aaron,
Aaron M. Ucko ha scritto:
In addition, I've found that lines can run into each other:
! 116 25903 tty8 daemon --foreground --respawn --attempts=20
--delay=10 --name=8-_-_var_-_log_-_exim4_-_mainlog
Hi Michel,
Michel Meyers ha scritto:
Hello,
Gears is still failing, it complains about the following file missing:
wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/drag.gif
Might be a bug for tinymce actually as the file doesn't seem to be in there
at all.
I don't
Michel Meyers ha scritto:
On my system, I do find a reference to drag.gif in
/usr/share/wordpress/wp-admin/includes/manifest.php
You are right, I will fix that in the next revision. Thank for spotting it.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: curl
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for curl.
CVE-2009-2417[0]:
A vulnerability has been reported in cURL, which can be exploited by
malicious people to
Package: lintian
Version: 2.2.14
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
W: wordpress: embedded-javascript-library
usr/share/wordpress/wp-includes/js/swfobject.js
N:
N:This package contains an embedded copy of JavaScript libraries that are
N:now available in
tags 517969 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 16 Aug 2009 13:02:13 +0200.
The fix will be in the next upload.
=
debian
tags 541371 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 16 Aug 2009 13:43:58 +0200.
The fix will be in the next upload.
=
debian
Package: tinymce
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
please package the last tinymce version (3.2.5), wordpress needs it.
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Hi Ivan,
Ivan Warren ha scritto:
When an installation doesn't use or no longer has the default wordpress
administrative user, the database upgrade cannot be initiated because
the upgrade.php script checks if the current logged in user id is '1'
instead of checking whether the logged in user
Ivan Warren ha scritto:
Right... But I tried with current_user_can('level_10') and that seems
to work fine. Something like :
**
--- upgrade.php.orig2009-08-15 12:35:51.0 +0200
+++ upgrade.php 2009-08-15 12:27:25.0 +0200
@@ -21,6 +21,7 @@
$current_user =
tags 500295 +pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sat, 15 Aug 2009 19:19:02 +0200.
The fix will be in the next upload.
=
debian/wp
tags 504242 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 16 Aug 2009 00:15:34 +0200.
The fix will be in the next upload.
=
Do
Package: gnutls26
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnutls26.
CVE-2009-2730[0]:
| libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
| character in a domain
Package: asterisk
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for asterisk.
CVE-2009-2726[0]:
| The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34,
| 1.4.x before
tags 541060 +pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Tue, 11 Aug 2009 15:17:00 +0200.
The fix will be in the next upload.
=
Provide
tags 541060 +pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Tue, 11 Aug 2009 15:17:00 +0200.
The fix will be in the next upload.
=
Provide
Moritz Muehlenhoff ha scritto:
I'm leaving to HAR 2009 soon, I'll look into it, but it might take a couple
days.
Thijs sponsored the upload, thanks anyway!
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
clone 540060 -1
reassign -1 binutils
retitle -1 version script commands not handled correctly in sid/squeeze
severity -1 grave
thanks
Hi,
please see the testcase below
Cheers,
Giuseppe.
Giuseppe Iuculano ha scritto:
Giuseppe Iuculano ha scritto
Hi Moritz,
Moritz Muehlenhoff wrote:
On Mon, Jul 13, 2009 at 08:45:03AM +0200, Andrea De Iacovo wrote:
this is fixed in upstream version 2.8.1. please coordinate with the
security
team to prepare updates for the stable releases.
Wordpress 2.8.1 is going to be uploaded in sid in the
tags 538277 +pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sun, 9 Aug 2009 12:01:51 +0200.
The fix will be in the next upload.
=
Fix a typo
Package: zope3
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: zope2.10
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: python2.4-zodb
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: zope2.11
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: xemacs21
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xemacs21.
CVE-2009-2688[0]:
| Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when
| running on
It's likely that pgadmin3 should have been rebuilt after the latest wxwidgets2.8
upload.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
reassign 540060 pgadmin3
found 540060 1.10.0-1
thanks
Giuseppe Iuculano ha scritto:
It's likely that pgadmin3 should have been rebuilt after the latest
wxwidgets2.8
upload.
Yes, I confirm that, I rebuilt pgadmin3 and it works perfectly.
Cheers,
Giuseppe.
signature.asc
Description
Gerfried Fuchs ha scritto:
Beg your pardon, but that sounds rather like the ABI of wxwidgets2.8
has changed - and then it's not pgadmin3's job to fix it, rather the
library should bump its compatibility level, not?
Can this please get investigated properly? I don't object to a
scheduled
Ryan Niebur ha scritto:
since amd64 seems to be the only architecture with (known) problems,
No, unfortunately I was able to reproduce this issue on my i386 machine.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Giuseppe Iuculano ha scritto:
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
2.8.7.1-2 and
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
2.8.7.1-1
It seems that something changed in binutils, testcase:
squeeze, binutils
Package: strongswan
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for strongswan.
CVE-2009-2661[0]:
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before
| 4.2.17,
Package: camlimages
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for camlimages.
CVE-2009-2660[0]:
| Multiple integer overflows in CamlImages 2.2 might allow
| context-dependent attackers
retitle 486640 ITP: nmon -- performance monitoring tool for Linux
owner 486640 !
thanks
I will package it.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Bart Martens ha scritto:
Why not upload a new revision and so force users to update the Adobe Flash
Player ?
Do you mean uploads to oldstable-security, stable-security, testing-security,
and sid ?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4
/patch/CVE-2009-0179.patch: Fixed application crash when loading XM
+files. (CVE-2009-0179) (Closes: #476339)
+
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 05 Aug 2009 11:50:25 +0200
+
libmikmod (3.1.11-6) unstable; urgency=medium
* The Play a .mod on your ia64 today! release.
only
reassign 540034 drbd8
forcemerge 539218 540034
thanks
Hi,
Harald Dunkel ha scritto:
Package: dkms
Version: 2.0.22.0-1
Trying to install drbd8-source I get an error message from
dkms about missing kernel headers (see attachment). Of
course the kernel headers _are_ installed in the usual
retitle 539449 CVE-2009-2408: vulnerable to null character certificate spoofing
thanks
Hi,
this issue got a CVE id:
CVE-2009-2408[0]:
| Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly
| handle a '\0' character in a domain name in the subject's Common Name
| (CN) field of an
Kurt Roeckx ha scritto:
Looking at security-tracker, it seem this is also tracked as
CVE-2009-2408?
#539449 refers to CVE-2009-2408, fixed in the tracker, thanks.
Please also add openssl097 to the list of affected packages.
Added, thanks.
Should I prepare packages for stable and oldstable
Package: xulrunner
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xulrunner.
CVE-2009-2654[0]:
| Mozilla Firefox 3.5.1 and earlier allows remote attackers to spoof the
|
Package: nss
Version: 3.12.0-6
Severity: important
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for nss.
CVE-2009-2409[0]:
| The NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4
|
Package: openssl
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openssl.
CVE-2009-2409[0]:
| The NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4
| and 2.7.4;
Package: gnutls26
Version: 2.4.2-6+lenny1
Severity: important
Tags: security patch lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnutls26.
CVE-2009-2409[0]:
| The NSS library before 3.12.3, as used in Firefox;
Package: nss
Version: 3.12.0-6
Severity: serious
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for nss.
CVE-2009-2404[0]:
| Heap-based buffer overflow in a regular-expression parser in Mozilla
|
retitle 539934 CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities
fixed 539934 3.12.3-1
thanks
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for nss.
CVE-2009-2408[0]:
| Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly
| handle a '\0'
Hi,
this issue got a CVE (Common Vulnerabilities Exposures).
CVE-2009-1631[0]:
| The Mailer component in Evolution 2.26.1 and earlier uses
| world-readable permissions for the .evolution directory, and certain
| directories and files under .evolution/ related to local mail, which
| allows local
Yves-Alexis Perez ha scritto:
Fix is already in for unstable. testing will have it as soon as it's
built on mipsel.
Well, Could you say me in which version was fixed?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
501 - 600 of 963 matches
Mail list logo