Processing commands for cont...@bugs.debian.org:
retitle 780772 drupal7: SA-CORE-2015-001: Access bypass and open redirect
Bug #780772 {Done: Salvatore Bonaccorso car...@debian.org} [drupal7]
[drupal7] Security update for drupla7 drupal6
Changed Bug title to 'drupal7: SA-CORE-2015-001: Access
Processing commands for cont...@bugs.debian.org:
# Decided to revert and document it in the Release-notes
tags 779048 - jessie
Bug #779048 {Done: Ondřej Surý ond...@debian.org} [src:libjpeg-turbo]
libjpeg-turbo: Migration of jpeg-progs from Wheezy to Jessie
Removed tag(s) jessie.
notfound
close 780772 7.32-1+deb8u2
found 780772 7.14-1
tags 780772 + upstream fixed-upstream
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processing commands for cont...@bugs.debian.org:
close 780772 7.32-1+deb8u2
Bug #780772 [drupal7] [drupal7] Security update for drupla7 drupal6
Marked as fixed in versions drupal7/7.32-1+deb8u2.
Bug #780772 [drupal7] [drupal7] Security update for drupla7 drupal6
Marked Bug as done
found
Package: drupal7
Version: 7.32-1+deb8u1
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
--- Please enter the report below this line. ---
Hi!
https://www.drupal.org/drupal-7.35 says:
Drupal 7.35 and Drupal 6.35, maintenance releases which contain fixes
On Fri, 2015-03-20 at 00:46 +0100, Vincent Lefevre wrote:
Unfortunately, some admins want to stick with Debian's default config
(even when this config has a well-known security vulnerability[*]).
Well to be honest, apart from the fact that many people may not consider
AcceptEnv as security
On 2015-03-19 23:44:00 +0100, Christoph Anton Mitterer wrote:
On Thu, 2015-03-19 at 23:37 +0100, Vincent Lefevre wrote:
BTW, it's also annoying that the user can no longer pass env variables
(e.g. the charset) to the remote side for machines where the admin
just uses Debian's default.
But
On 2015-03-20 00:09:48 +0100, Christoph Anton Mitterer wrote:
On Thu, 2015-03-19 at 23:58 +0100, Vincent Lefevre wrote:
But at least the user could use non-standard (thus unused by the
system) variables to pass information to the remote side (in my case,
I used LC_CHARMAP). After this
On 2015-03-19 19:02:14 +, Colin Watson wrote:
On Thu, Mar 19, 2015 at 07:18:38PM +0100, Christoph Anton Mitterer wrote:
and/or
- the migration been managed via e.g. debconf (and the user been
interactively asked)
Absolutely not. This is not a reasonable question to ask most users
On Thu, 2015-03-19 at 23:37 +0100, Vincent Lefevre wrote:
BTW, it's also annoying that the user can no longer pass env variables
(e.g. the charset) to the remote side for machines where the admin
just uses Debian's default.
But that was the case before either, at least except those matching
On Thu, 2015-03-19 at 23:58 +0100, Vincent Lefevre wrote:
But at least the user could use non-standard (thus unused by the
system) variables to pass information to the remote side (in my case,
I used LC_CHARMAP). After this change only the standard variables can
be passed, but one shouldn't
On 2015-03-19 16:31:22 +, Colin Watson wrote:
What did the file look like before this upgrade?
I've attached the file with some settings hidden (the AllowUsers line
was at least modified, as I just put local users).
--
Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/
100%
On Thu, 2015-03-19 at 19:02 +, Colin Watson wrote:
Please read the original report in which Vincent explicitly said that he
had made local changes to that file.
Ah, I thought you'd also update modified files.
Absolutely not. This is not a reasonable question to ask most users and
I'm
Hello,
Alright, I have patch here that should finally fix initial nut
installation when PID1 is systemd.
I did some initial testing and it seems to work. But I still really
ENOTIME ATM. Could somebody have a 2nd pair of eyes on this?
I'll made the upload if the patch is OK.
Cheers,
Laurent
Processing commands for cont...@bugs.debian.org:
severity 689266 important
Bug #689266 [grub-pc] grub-pc: graphics mode sends VGA signal out of range on
ATI Rage 128 Pro Ultra TR
Severity set to 'important' from 'serious'
thanks
Stopping processing here.
Please contact me if you need
Control: tags -1 important
On Wed, 25 Feb 2015 15:38:18 -0500 Lennart Sorensen
lsore...@csclub.uwaterloo.ca wrote:
The biggest change between grub 1.99 and 2.00 that I think could be an
issue is that it started reading EDID data from the monitor and using
that to try and select the mode to
On Wed, Mar 18, 2015 at 11:03:26PM +0100, Cyril Brulebois wrote:
Hi,
Christian Perrier bubu...@debian.org (2015-01-26):
partman-target (94) unstable; urgency=medium
.
[ Steve McIntyre ]
* Don't add entries for random USB media to /etc/fstab, they're not
useful. Closes: #761815
(Adding Ansgar to the loop since he already commented on this bug
report.)
Steve McIntyre st...@einval.com (2015-03-19):
Maybe we've got a misunderstanding here. The change is only expected
to stop *other* USB devices from showing up in /etc/fstab. If you're
installing using /dev/sda as a
Processing commands for cont...@bugs.debian.org:
found 780751 2.6.7-5
Bug #780751 {Done: Jo Shields jo.shie...@xamarin.com} [src:mono] mono:
CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
Marked as found in versions mono/2.6.7-5.
thanks
Stopping processing here.
Please contact me if you need
Your message dated Thu, 19 Mar 2015 12:50:07 +
with message-id e1yyztn-0007sq...@franck.debian.org
and subject line Bug#780751: fixed in mono 2.6.7-5.1+deb6u1
has caused the Debian Bug report #780751,
regarding mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
to be marked as done.
This means
Processing commands for cont...@bugs.debian.org:
found 780751 2.10.8.1-8
Bug #780751 {Done: Jo Shields jo.shie...@xamarin.com} [src:mono] mono:
CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
Marked as found in versions mono/2.10.8.1-8.
thanks
Stopping processing here.
Please contact me if you need
Your message dated Thu, 19 Mar 2015 11:38:19 +
with message-id e1yyymj-00035s...@franck.debian.org
and subject line Bug#780751: fixed in mono 3.2.8+dfsg-10
has caused the Debian Bug report #780751,
regarding mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
to be marked as done.
This means that
On Thu, Mar 19, 2015 at 01:23:26PM +0100, Cyril Brulebois wrote:
(Adding Ansgar to the loop since he already commented on this bug
report.)
Steve McIntyre st...@einval.com (2015-03-19):
Maybe we've got a misunderstanding here. The change is only expected
to stop *other* USB devices from showing
Source: xerces-c
Version: 3.1.1-1
Severity: grave
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for xerces-c.
CVE-2015-0252[0]:
Apache Xerces-C XML Parser Crashes on Malformed Input
If you fix the vulnerability please also make sure to include the
On 2015-03-20 01:44:06 +0100, Christoph Anton Mitterer wrote:
On Fri, 2015-03-20 at 00:46 +0100, Vincent Lefevre wrote:
The fact is that Debian doesn't use non-standard LC_* variables.
People may run *any* software, including their own homebrewed stuff.
So, it's even easier: when the admin
Processing commands for cont...@bugs.debian.org:
forcemerge 780255 780299
Bug #780255 [kmod] openconnect: kmod update from version 18 to 20 breaks
openconnect
Bug #780256 [kmod] Stopped auto-loading tun module
Bug #780295 [kmod] linux-image-3.19.0-trunk-amd64: net bridge devices no longer
On Fri, 2015-03-20 at 03:06 +0100, Vincent Lefevre wrote:
So, it's even easier: when the admin installs some software using,
say, LC_ALLOW_ARBITRARY_ACCESS, he can change the sshd config to
disallow this variable.
Sorry, but this is a highly disturbing and simply plain wrong approach
to
Processing commands for cont...@bugs.debian.org:
# fixed versions missing?
fixed 780143 2.5.2-4
Bug #780143 [libfreetype6] libfreetype6_2.5.2-3 makes some fonts unusable
Marked as fixed in versions freetype/2.5.2-4.
End of message, stopping processing here.
Please contact me if you need
Control: tags -1 + patch
On Wed, 11 Mar 2015 12:02:19 +0100 Jakub Wilk jw...@debian.org wrote:
Package: udev
Version: 215-12
Usertags: serious
After I upgraded kmod to 20-1, the udev init script fails to create some
static nodes:
| unparseable line (c! /dev/cpu/microcode 0600 - - -
Processing control commands:
tags -1 + patch
Bug #780263 [udev] udev doesn't create all static nodes with kmod 20
Added tag(s) patch.
--
780263: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780263
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE,
Processing control commands:
tags -1 + patch
Bug #780263 [udev] udev doesn't create all static nodes with kmod 20
Ignoring request to alter tags of bug #780263 to the same tags previously set
--
780263: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780263
Debian Bug Tracking System
Contact
Am 03.03.2015 um 16:48 schrieb Christian Seiler:
Am 2015-03-03 16:26, schrieb Michael Biebl:
I did a couple more reboots and did indeed run into the problem, that
systemd-sysctl.service was started after syslog.socket, so I got the
missed XXX messages again.
Adding the
Processing commands for cont...@bugs.debian.org:
tags 762700 + patch
Bug #762700 [systemd] systemd: journald fails to forward some messages to syslog
Added tag(s) patch.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
762700:
Processing commands for cont...@bugs.debian.org:
severity 780263 serious
Bug #780263 [udev] /etc/init.d/udev: doesn't create all static nodes
Severity set to 'serious' from 'normal'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780263:
Processing commands for cont...@bugs.debian.org:
retitle 780263 udev doesn't create all static nodes with kmod 20
Bug #780263 [udev] /etc/init.d/udev: doesn't create all static nodes
Changed Bug title to 'udev doesn't create all static nodes with kmod 20' from
'/etc/init.d/udev: doesn't create
On 19/03/15 17:14, intrigeri wrote:
0. anonym confirms that a package built with this patch applied fixes
the problem for him on current Jessie
Your patch does the trick.
Cheers!
signature.asc
Description: OpenPGP digital signature
On Thu, 2015-03-19 at 16:31 +, Colin Watson wrote:
What did the file look like before this upgrade?
He probably had the Debian default which was then auto-migrated?
In general I think that old systems *SHOULD* actually be kept up to date
and that it's good to have them migrated.
AFAICS,
Package: firefox
Version: gcc
Severity: critical
Tags: lfs
Justification: breaks unrelated software
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
Your message dated Thu, 19 Mar 2015 20:40:05 +0100
with message-id 87twxgojxm@deep-thought.43-1.org
and subject line Re: firefox: coredump
has caused the Debian Bug report #780810,
regarding firefox: coredump
to be marked as done.
This means that you claim that the problem has been dealt
Your message dated Thu, 19 Mar 2015 19:31:12 +
with message-id 1426793472.26892.6.ca...@adam-barratt.org.uk
and subject line Re: Bug#780813: gcc-4.7:
has caused the Debian Bug report #780813,
regarding gcc-4.7: i.pratikdhan...@gmail.com
to be marked as done.
This means that you claim that the
I hope you don't mind me commenting again on a Debian bug report, but
this problem occurs across distributions and I think my comments may be
of some relevance to Debian users too.
I'm even more convinced the problem seen by some (not all) of the users
commenting in this thread is due to a bug in
On Thu, Mar 19, 2015 at 02:48:32PM +, Serge Hallyn wrote:
Hi,
when I try to build tomcat7 from source on a jessie host, I get several
test failures. One of the test output files is attached - I'm afraid I
have no idea how to read this. Can anyone explain what's actually broken?
Hi
Quoting Miguel Landaeta (nomad...@debian.org):
On Thu, Mar 19, 2015 at 02:48:32PM +, Serge Hallyn wrote:
Hi,
when I try to build tomcat7 from source on a jessie host, I get several
test failures. One of the test output files is attached - I'm afraid I
have no idea how to read
On 19.03.2015 18:36, Miguel Landaeta wrote:
[...]
I think nobody has researched yet what's this bug about but we are
already aware of it and we are tracking it on #780519.
What I don't understand is why this went undetected for such a long
time. I mean there were numerous rebuilds so why does
Processing control commands:
Severity 780207 serious
Bug #780207 [mdadm] default read error timeouts: drives dropped regularly +
data loss on array re-build
Ignoring request to change severity of Bug 780207 to the same value.
Severity 780162 serious
Bug #780162 [smartmontools] default timeouts
Processing control commands:
Severity 780207 serious
Bug #780207 [mdadm] default read error timeouts: drives dropped regularly +
data loss on array re-build
Severity set to 'serious' from 'important'
Severity 780162 serious
Bug #780162 [smartmontools] default timeouts causing data loss
Control: Severity 780207 serious
Control: Severity 780162 serious
I've thought about the serverity some more, and conclueded I'll do an
attempt setting severity back to serious:
The affected user base is very large (with regular non-raid drives).
An occasional read/or write error can happen
On Thu, Mar 19, 2015 at 07:27:44PM +0100, Gilles Mocellin wrote:
Package: openssh-server
Version: 1:6.7p1-4
Followup-For: Bug #780797
Dear Maintainer,
Here is a diff of /etc/ssh/sshd_config file between before and after upgrade :
This is fine, but I understand the default case. I was
Package: openssh-server
Version: 1:6.7p1-4
Followup-For: Bug #780797
Dear Maintainer,
Here is a diff of /etc/ssh/sshd_config file between before and after upgrade :
--- tmp/sshd_config 2015-03-19 19:21:34.594597904 +0100
+++ /etc/ssh/sshd_config2015-03-19 19:21:53.168870855 +0100
@@
On Thu, Mar 19, 2015 at 07:18:38PM +0100, Christoph Anton Mitterer wrote:
On Thu, 2015-03-19 at 16:31 +, Colin Watson wrote:
What did the file look like before this upgrade?
He probably had the Debian default which was then auto-migrated?
Please read the original report in which Vincent
Package: gcc-4.7
Version: 4.7.2-5
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
Your message dated Thu, 19 Mar 2015 21:58:31 +0100
with message-id 550b3877@cyconet.org
and subject line FIxed
has caused the Debian Bug report #779838,
regarding nagios-plugins-contrib: FTBFS when patching
to be marked as done.
This means that you claim that the problem has been dealt with.
We have somewhat heterogeneous compute cluster with about 10 nodes running
debian testing with systemd, however the 4 main file servers are all running
debian wheezy. Most of the systems are running nfs v3, though we have a couple
testing nfs v4. NFS is largely just working for us.
I vaguely
Le 19/03/2015 19:02, Markus Koschany a écrit :
What I don't understand is why this went undetected for such a long
time. I mean there were numerous rebuilds so why does the test suite
fail in Jessie and even stable now?
I bet this was caused by the recent update of openjdk-7 (7u75). Could
Processing commands for cont...@bugs.debian.org:
retitle 766475 Connection to TLS-enabled servers is broken: '_ssl._SSLSocket'
object has no attribute 'issuer'
Bug #766475 [python-xmpp] Connection to TLS-enabled servers is broken: Error in
SSLSocket
Changed Bug title to 'Connection to
Package: openssh-server
Version: 1:6.7p1-4
Severity: serious
I made local changes to the /etc/ssh/sshd_config file, and the
openssh-server modified this file, breaking my configuration.
I now have:
AcceptEnv LANG LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES
Processing control commands:
severity -1 serious
Bug #766475 [python-xmpp] Error '_ssl._SSLSocket' object has no attribute
'issuer'
Severity set to 'serious' from 'normal'
retitle -1 Connection to TLS-enabled servers is broken: Error in SSLSocket
Bug #766475 [python-xmpp] Error
Processing control commands:
severity -1 serious
Bug #766475 [python-xmpp] Connection to TLS-enabled servers is broken: Error in
SSLSocket
Ignoring request to change severity of Bug 766475 to the same value.
retitle -1 Connection to TLS-enabled servers is broken: Error in SSLSocket
Bug #766475
Hi,
intrigeri wrote (19 Mar 2015 15:30:15 GMT) :
I'll try to come up with a minimal patch that satisfies the freeze
policy (introducing the quilt machinery is definitely not an option at
this stage of the freeze). And then I'll prepare a NMU.
I intend to NMU with the attached patch applied in
Processing commands for cont...@bugs.debian.org:
retitle 780162 default timeouts cause data loss or
Bug #780162 [smartmontools] default timeouts causing data loss
Changed Bug title to 'default timeouts cause data loss or' from 'default
timeouts causing data loss'
corruption (silent controller
Processing commands for cont...@bugs.debian.org:
retitle 780162 default timeouts cause data loss or corruption (silent
controller resets)
Bug #780162 [smartmontools] default timeouts cause data loss or
Changed Bug title to 'default timeouts cause data loss or corruption (silent
controller
Control: severity -1 serious
Control: retitle -1 Connection to TLS-enabled servers is broken: Error in
SSLSocket
Hi,
anonym wrote (19 Mar 2015 11:03:49 GMT) :
Next, here's a small test case to for triggering the bug:
import xmpp
xmpp.Client(jabber.ccc.de).connect()
This bug seems
On Thu, Mar 19, 2015 at 05:05:44PM +0100, Vincent Lefevre wrote:
I made local changes to the /etc/ssh/sshd_config file, and the
openssh-server modified this file, breaking my configuration.
I now have:
AcceptEnv LANG LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION
LC_MEASUREMENT
63 matches
Mail list logo