> If you want your comments on a bug to be sent to the maintainer and
> recorded in the bug's web-visible record, please send your message to the
> bug address (in this case 684691@) and not just the special control@
> address. In particular, when reopening a bug please send the justification
>
On Wednesday 31 May 2017 03:00 AM, Brian May wrote:
> Raphael Hertzog writes:
>
>> Is that actually true? linaro_django_xmlrpc seems to be listed in
>> INSTALLED_APPS, no?
>>
>> Do you have any idea why it would give this error?
>
> I note that linaro_django_xmlrpc is
Your message dated Wed, 31 May 2017 01:02:13 +
with message-id
and subject line Bug#862806: fixed in shadow 1:4.2-3+deb8u4
has caused the Debian Bug report #862806,
regarding /bin/su: Regression from CVE-2017-2616 fix: killing su does not kill
subprocess
Your message dated Wed, 31 May 2017 01:02:10 +
with message-id
and subject line Bug#863212: fixed in puppet 3.7.2-4+deb8u1
has caused the Debian Bug report #863212,
regarding puppet: CVE-2017-2295: unsafe YAML deserialization
to be marked as done.
This
Your message dated Wed, 31 May 2017 01:02:08 +
with message-id
and subject line Bug#860567: fixed in fop 1:1.1.dfsg2-1+deb8u1
has caused the Debian Bug report #860567,
regarding fop: CVE-2017-5661: information disclosure vulnerability
to be marked as done.
On Thu, 04 May 2017 at 22:16:32 +0200, Daniel Reichelt wrote:
> unarchive 779556
> reopen 779556
> found 779556 1.0.28-1
Hi,
If you want your comments on a bug to be sent to the maintainer and
recorded in the bug's web-visible record, please send your message to the
bug address (in this case
* Julien Cristau (jcris...@debian.org) wrote:
[snip]
> > OK, I like this plan. We should get the naming right going forward
> > though for the libengine-pkcs11-openssl1.1 package. Is that how other
> > packages are handling naming when they depend on a particular version
> > of openssl?
> >
> I'm
On 05/30/2017 09:39 AM, Ondřej Surý wrote:
> Hi Julien,
>
> do you perhaps have a full apt log? I am interested in
> opendnssec-common package installation log.
Hello Ondrej,
Is this what you're looking for ?
Regards,
Julien
Log started: 2017-05-29 16:17:07
(Reading database ... 57736 files
While they are still broken, shouldn't the same changes be made to
$subject binary package:
diff -Nru fusionforge-6.0.4+20160504/debian/control
fusionforge-6.0.4+20160504/debian/control
--- fusionforge-6.0.4+20160504/debian/control 2017-01-01 07:59:40.0
-0800
+++
Processing commands for cont...@bugs.debian.org:
> # only affects version in backports
> fixed 863705 xapian-core/1.4.1-1
Bug #863705 [libxapian30] aptitude: symbol lookup error: aptitude: undefined
symbol:
Marked as fixed in versions xapian-core/1.4.1-1.
> thanks
Stopping processing here.
So if I understand the issue correctly, it's that libxapian30 in
unstable is built with the new C++ ABI while libxapian30 in backports
was built with the old C++ ABI, so really should have been libxapian30v4
or something (not sure if there's a reverse convention to the v5
suffix)?
Sorry for not
Hi Matt, hi all,
does somebody have a test case for the vulnerability?
After trying fruitlessly to adapt the code from version 2.2 to
our 1.7, I managed to bring the old code change to our even
older version. But I have no idea, whether it is any good, other
that it compiles. But without test
On Tue, May 30, 2017 at 09:18:39PM +, Bdale Garbee wrote:
> Source: sudo
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Tue, 30 May 2017 14:41:58 -0600
> Source: sudo
> Binary: sudo sudo-ldap
> Architecture: source amd64
> Version: 1.8.20p1-1
> Distribution:
Raphael Hertzog writes:
> Is that actually true? linaro_django_xmlrpc seems to be listed in
> INSTALLED_APPS, no?
>
> Do you have any idea why it would give this error?
I note that linaro_django_xmlrpc is towards the end of
INSTALLED_APPS. Maybe it did not get loaded?
Maybe
Your message dated Tue, 30 May 2017 21:18:39 +
with message-id
and subject line Bug#863731: fixed in sudo 1.8.20p1-1
has caused the Debian Bug report #863731,
regarding sudo: CVE-2017-1000367: Potential overwrite of arbitrary files
to be marked as done.
Processing control commands:
> clone -1 -2
Bug #863705 [libxapian30] aptitude: symbol lookup error: aptitude: undefined
symbol:
Bug 863705 cloned as bug 863745
> reassign -2 libstdc++6 6.3.0-18
Bug #863745 [libxapian30] aptitude: symbol lookup error: aptitude: undefined
symbol:
Bug reassigned
Control: clone -1 -2
Control: reassign -2 libstdc++6 6.3.0-18
Control: retitle -2 libstdc++6: Add versioned Breaks against
libxapian30/1.4.1-1~bpo8+1
Control: severity -2 serious
Hi,
Sven Joachim wrote:
> >> > aptitude: symbol lookup error: aptitude: undefined symbol:
> >>
On 2017-05-30 22:51 +0200, Axel Beckert wrote:
> Sven Joachim wrote:
>> Control: reassign -1 libxapian30 1.4.1-1~bpo8+1
>
> I wouldn't be so quick with reassigning.
>
>> > aptitude: symbol lookup error: aptitude: undefined symbol:
>>
Control: severity -1 important
Control: tag -1 confirmed
Hi Ansgar,
Ansgar Burchardt wrote:
> Severity: serious
I disagree with severity.
> SixXS will shutdown on 2017-06-06[1].
Yes, well-known and already discussed (on IRC IIRC) by us package
maintainers.
> Unless there are other tunnel
Processing control commands:
> severity -1 important
Bug #863720 [src:aiccu] aiccu: SixXS will shutdown on 2017-06-06
Severity set to 'important' from 'serious'
> tag -1 confirmed
Bug #863720 [src:aiccu] aiccu: SixXS will shutdown on 2017-06-06
Added tag(s) confirmed.
--
863720:
Your message dated Tue, 30 May 2017 21:03:43 +
with message-id
and subject line Bug#863686: fixed in freemat 4.2+dfsg1-4
has caused the Debian Bug report #863686,
regarding freemat: fails to start with llvm error
to be marked as done.
This means that you
Hi Sven,
Sven Joachim wrote:
> Control: reassign -1 libxapian30 1.4.1-1~bpo8+1
I wouldn't be so quick with reassigning.
> > aptitude: symbol lookup error: aptitude: undefined symbol:
> > _ZNK6Xapian8Database14postlist_beginERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
>
> This
Package: libllvm-4.0-ocaml-dev,libllvm-5.0-ocaml-dev
Version: libllvm-4.0-ocaml-dev/1:4.0.1~+rc1-1
Version: libllvm-5.0-ocaml-dev/1:5.0~svn301421-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Date: 2017-05-30
Architecture: amd64
Distribution: sid
Hi,
automatic
Package: python-clang-4.0,python-clang-5.0
Version: python-clang-4.0/1:4.0.1~+rc1-1
Version: python-clang-5.0/1:5.0~svn301421-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Date: 2017-05-30
Architecture: amd64
Distribution: sid
Hi,
automatic installation tests of
Hi
On Wed, May 31, 2017 at 12:52:42AM +0800, Kan-Ru Chen wrote:
> Package: src:mupdf
> Followup-For: Bug #863545
>
> I believe CVE-2016-8728 does not affect all versions of mupdf in
> Debian as the vulnerable code was introduced in version 1.10
Looks right, since there is no forceapha, and thus
Processing commands for cont...@bugs.debian.org:
> severity 863686 grave
Bug #863686 [freemat] freemat: fails to start with llvm error
Severity set to 'grave' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
863686:
Hi Stuart,
thank you for this bugreport and catching this serious problem!
It is really necessary to add some simple tests into this package
to catch such kind of failures. I should really orphan it, as I do
not use it at all now...
Anton
On Sun 2017-05-28 15:14:24 -0400, Daniel Kahn Gillmor wrote:
> On Sun 2017-05-28 19:54:33 +0200, Ivo De Decker wrote:
>> If this bug can be fixed by removing runit-init, the removal of the other
>> packages isn't necessary, but please note that this would need to happen very
>> soon.
>
> fwiw, i'm
Package: src:mupdf
Followup-For: Bug #863545
I believe CVE-2016-8728 does not affect all versions of mupdf in
Debian as the vulnerable code was introduced in version 1.10
Kanru
-- System Information:
Debian Release: 9.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64
Processing commands for cont...@bugs.debian.org:
> found 863673 2.2.5+dfsg-0.1
Bug #863673 {Done: Michael Stapelberg } [freeradius]
CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
Marked as found in versions freeradius/2.2.5+dfsg-0.1.
> thanks
Stopping
On Tuesday 30 May 2017 08:39 PM, Raphael Hertzog wrote:
> On Tue, 30 May 2017, Senthil Kumaran S wrote:
>> I tested the new version ie., test2 and got a traceback as shown here -
>> File "/usr/lib/python2.7/dist-packages/django/db/migrations/state.py",
>> line 249, in __init__
>> raise
Processing commands for cont...@bugs.debian.org:
> found 863673 2.1.12+dfsg-1
Bug #863673 {Done: Michael Stapelberg } [freeradius]
CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
Marked as found in versions freeradius/2.1.12+dfsg-1.
> thanks
Stopping
Your message dated Tue, 30 May 2017 16:03:54 +
with message-id
and subject line Bug#861536: fixed in runit 2.1.2-9.1
has caused the Debian Bug report #861536,
regarding runit-init: Cannot reboot or shutdown after installing (or removing)
the package.
to
Your message dated Tue, 30 May 2017 16:03:47 +
with message-id
and subject line Bug#863673: fixed in freeradius 3.0.12+dfsg-5
has caused the Debian Bug report #863673,
regarding CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
to be marked as
Upstream confirmed that my patch fixes the issue, so I uploaded it to
unstable.
See also
https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
security-team, can you take care of applying the patch to stable and
oldstable please? Thank
Processing commands for cont...@bugs.debian.org:
> fixed 863731 1.8.10p3-1+deb8u4
Bug #863731 [src:sudo] sudo: CVE-2017-1000367: Potential overwrite of arbitrary
files
The source 'sudo' and version '1.8.10p3-1+deb8u4' do not appear to match any
binary packages
Marked as fixed in versions
Source: sudo
Version: 1.8.10p3-1
Severity: grave
Tags: security upstream patch fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for sudo.
CVE-2017-1000367[0]:
Potential overwrite of arbitrary files
If you fix the vulnerability please also make sure
Hi,
On Tue, 30 May 2017, Senthil Kumaran S wrote:
> I tested the new version ie., test2 and got a traceback as shown here -
> File "/usr/lib/python2.7/dist-packages/django/db/migrations/state.py",
> line 249, in __init__
> raise ValueError("\n".join(error.msg for error in errors))
>
Processing commands for cont...@bugs.debian.org:
> found 854884 4:4.14.3-3
Bug #854884 [baloo4] baloo: is this obsoleted by src:baloo-kf5?
Marked as found in versions baloo/4:4.14.3-3.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
854884:
On 05/30/2017 03:38 PM, Dominik George wrote:
> Hi,
>
>> In this case the head command might not be in the path Sympa is seeing.
>> Could you please test if
>> `/usr/bin/head ...` works for you?
>
> Yes, it does.
>
> -nik
>
OK, thanks a lot. I'll adjust the default settings for the
Hi,
> In this case the head command might not be in the path Sympa is seeing. Could
> you please test if
> `/usr/bin/head ...` works for you?
Yes, it does.
-nik
--
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
On 30/05/2017 06:45, Stuart Prescott wrote:
Starting a fresh installation of freemat fails:
$ freemat
: CommandLine Error: Option 'x86-machine-combiner' registered more than once!
LLVM ERROR: inconsistency in registered CommandLine options
I see the same here.
A no-change rebuild with
Package: kdenlive-data
Version: 17.04.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it
On Tuesday 30 May 2017 06:09 PM, Senthil Kumaran S wrote:
> I tested the new version ie., test2 and got a traceback as shown here -
> http://paste.debian.net/952939/
When combined with the attached patch for lava-server the migration
works fine as seen here - http://paste.debian.net/952953/
Package: python-ncclient-doc
Version: 0.5.3-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to 'sid' fails
because it tries to
On Tuesday 30 May 2017 05:15 PM, Raphael Hertzog wrote:
> Thanks, can you try again with another test version ?
> $ dget
> https://people.debian.org/~hertzog/packages/python-django_1.10.7-2~test2_amd64.changes
> (test2 now, no longer test1)
I tested the new version ie., test2 and got a
On 05/30/2017 07:16 AM, Eric Dorland wrote:
> * Julien Cristau (jcris...@debian.org) wrote:
>> On 05/29/2017 03:15 AM, Eric Dorland wrote:
>>> * Julien Cristau (jcris...@debian.org) wrote:
On Mon, May 22, 2017 at 03:42:57 +, Eric Dorland wrote:
> tag 846548 pending
> thanks
Agreed. It may be in our future to opensource the server implementation but
at that point we can stand up a repo for ourselves. Would you be open to
resubmitting in such a scenario?
Pim
On May 30, 2017 14:09, "Ansgar Burchardt" wrote:
> Source: aiccu
> Version: 20070115-17
>
Source: aiccu
Version: 20070115-17
Severity: serious
SixXS will shutdown on 2017-06-06[1]. Unless there are other tunnel
providers used with aiccu, it seems useless to include in stretch.
>From a quick glance at [2], SixXS is the only provider using AYIYA and
TIC which is what I believe aiccu
Your message dated Tue, 30 May 2017 11:53:00 +
with message-id
and subject line Bug#863691: Removed package(s) from unstable
has caused the Debian Bug report #857884,
regarding python-jsonpointer: this is a duplicate of python-json-pointer
to be marked as
On Tue, 30 May 2017, Senthil Kumaran S wrote:
> I tested the patch with lava-server, which ended up with a traceback as
> seen here - http://paste.debian.net/952276/
Thanks, can you try again with another test version ?
$ dget
Package: libgrpc++1
Version: 1.3.2-0.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package causes unowned
library symlinks after installation.
>From the attached log (scroll to the bottom...):
UNOWNED SYMLINK
Il giorno mar, 30/05/2017 alle 11.15 +0200, Sven Joachim ha scritto:
[...]
> This happens because libxapian30 from jessie-backports is not compatible
> with libstdc++6 from unstable (and should not have been uploaded to
> jessie-backports in the first place, or under a different package name).
>
Your message dated Tue, 30 May 2017 09:48:33 +
with message-id
and subject line Bug#863699: fixed in boinc 7.6.33+dfsg-12
has caused the Debian Bug report #863699,
regarding boinc-client-fglrx: should be removed, fglrx is dead
to be marked as done.
This
Processing control commands:
> tags -1 pending
Bug #863699 [boinc-client-fglrx] boinc-client-fglrx: should be removed, fglrx
is dead
Added tag(s) pending.
--
863699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
control: tags -1 pending
>I think the boinc-client-fglrx binary package should be dropped. fglrx
thanks! uploaded
G.
Processing commands for cont...@bugs.debian.org:
> fixed 860072 1.10.16-1
Bug #860072 [src:botan1.10] botan1.10: CVE-2017-2801: Incorrect comparison in
X.509 DN strings
Marked as fixed in versions botan1.10/1.10.16-1.
> fixed 863481 1.6.0-1~exp1
Bug #863481 {Done: Ross Gammon
Processing commands for cont...@bugs.debian.org:
> found 863515 375.20-1
Bug #863515 {Done: Luca Boccassi }
[src:nvidia-graphics-drivers] CVE-2017-0350 CVE-2017-0351 CVE-2017-0352
Marked as found in versions nvidia-graphics-drivers/375.20-1.
> thanks
Stopping processing
Processing control commands:
> reassign -1 libxapian30 1.4.1-1~bpo8+1
Bug #863705 [aptitude] aptitude: symbol lookup error: aptitude: undefined
symbol:
Bug reassigned from package 'aptitude' to 'libxapian30'.
No longer marked as found in versions aptitude/0.8.7-1.
Ignoring request to alter fixed
Control: reassign -1 libxapian30 1.4.1-1~bpo8+1
On 2017-05-30 10:22 +0200, Leandro Noferini wrote:
> Package: aptitude
> Version: 0.8.7-1
> Severity: grave
> Justification: renders package unusable
>
> Buongiorno,
>
> I upgraded aptitude some minutes from stable to testing (for the new version
Your message dated Tue, 30 May 2017 09:19:10 +
with message-id
and subject line Bug#863669: fixed in seqan2 2.3.1+dfsg-3.1
has caused the Debian Bug report #863669,
regarding seqan-apps: broken symlink on i386: /usr/bin/splazers ->
Hello Colin!
>I have a package for 2.0.5 that works in current testing, but it was too
>late to get it uploaded because of the freeze and the changes are too
>invasive for an exception.
>I will upload it after the release. However I think there are still a
>couple of minor bugs when it is used
On 30/05/17 09:27, Gianfranco Costamagna wrote:
> unfortunately the same testing as yesterday gave me a really different
> output, the table
> after deleting the .config/cqrlog directory aren't created anymore, the
> package breaks with a sql
> exception, so I'm leaving the package and this bug
Andreas Tille wrote:
> > Is that permission to bump it from DELAYED/5 to DELAYED/0?
>
> Yes. There is no point in letting a simple to fix bug open longer than
> needed.
[…]
> Thanks a lot (I possibly need to re-read dcut manual ...)
Well, FYI...
$ dcut reschedule
On Tue, May 30, 2017 at 09:32:23AM +0100, Chris Lamb wrote:
>
> Is that permission to bump it from DELAYED/5 to DELAYED/0?
Yes. There is no point in letting a simple to fix bug open longer than
needed.
> It's quite trivial with dcut; let me know. :)
:-)
Thanks a lot (I possibly need to
On 05/30/2017 10:35 AM, Dominik George wrote:
> Hi,
>
>> The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian
>> package,
>> so this hasn't changed?
>
> Confirmed.
>
>>
>> What are the permissions of the cookie file?
>
> 640 owned by sympa:sympa
>
> I have placed debugging
Hi all,
re. https://bugs.debian.org/861515, since we haven't got any reply from
upstream for almost a month
(https://github.com/gruntjs/grunt-contrib-copy/issues/291), I have updated
node-grunt-contrib-copy to simply skip the failing test:
On 05/30/2017 09:37 AM, Dominik George wrote:
> Package: sympa
> Version: 6.2.16~dfsg-3
> Severity: grave
> Justification: renders package unusable
>
> SYMPA suddenly refuses to start with:
>
> May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter
> has changed. You may
Source: simple-tpm-pk11
Version: 0.06-1
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
simple-tpm-pk11 fails to build from source in
Package: aptitude
Version: 0.8.7-1
Severity: grave
Justification: renders package unusable
Buongiorno,
I upgraded aptitude some minutes from stable to testing (for the new version
that will arrive soon) but it gives me this error:
root@nasone:~# aptitude
aptitude: symbol lookup error:
Hi,
>The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian
>package,
>so this hasn't changed?
Confirmed.
>
>What are the permissions of the cookie file?
640 owned by sympa:sympa
I have placed debugging prints into Conf.pm and found that $current is empty
right at the
Hi Andreas,
> thanks a lot - feel free to skip DELAYED for Debian Med packages in
> future.
Is that permission to bump it from DELAYED/5 to DELAYED/0?
It's quite trivial with dcut; let me know. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org /
Hi Chris,
thanks a lot - feel free to skip DELAYED for Debian Med packages in
future. I've commited your changes to Git (BTW, any DD has commit
permissions so you could do so yourself in case you might have used
gbp).
Kind regards
Andreas.
On Tue, May 30, 2017 at 09:09:36AM +0100,
control: tags 848430 -patch -pending
control: tags 863644 -patch -pending
Hello Petr and Maintainers,
unfortunately the same testing as yesterday gave me a really different output,
the table
after deleting the .config/cqrlog directory aren't created anymore, the package
breaks with a sql
Processing control commands:
> tags 848430 -patch -pending
Bug #848430 [cqrlog] cqrlog: Should Depends/Recommends the metapackage
default-mysql-*
Removed tag(s) patch.
Bug #848430 [cqrlog] cqrlog: Should Depends/Recommends the metapackage
default-mysql-*
Removed tag(s) pending.
> tags 863644
tags 863669 + pending patch
thanks
I've uploaded seqan2 2.3.1+dfsg-3.1 to DELAYED/5:
seqan2 (2.3.1+dfsg-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix broken /usr/bin/splazers symlink on 32-bit architectures.
(Closes: #863669)
The full debdiff is attached.
Processing commands for cont...@bugs.debian.org:
> tags 863669 + pending patch
Bug #863669 [seqan-apps] seqan-apps: broken symlink on i386: /usr/bin/splazers
-> ../lib/seqan/bin/splazers
Added tag(s) patch and pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Hi Julien,
do you perhaps have a full apt log? I am interested in
opendnssec-common package installation log.
Cheers,
--
Ondřej Surý
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast
Package: sympa
Version: 6.2.16~dfsg-3
Severity: grave
Justification: renders package unusable
SYMPA suddenly refuses to start with:
May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter
has changed. You may have severe inconsitencies into password storage. Restore
severity 863652 normal
thanks
Am 29.05.2017 um 21:25 schrieb gregory bahde:
> Package: system-config-lvm
> Version: 1.1.18-3
> Severity: critical
> Justification: causes serious data loss
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
Processing commands for cont...@bugs.debian.org:
> severity 863652 normal
Bug #863652 [system-config-lvm] system-config-lvm: crash on stretch, python gtk
bug?
Severity set to 'normal' from 'critical'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
863652:
Control: tag -1 pending
Hi,
I see the fix is applied in git. Please get it uploaded ASAP s.t. it is
included the stretch release (planned to happen June 18). Recovering
from "wrong" conffile migrations will be much harder if they already
happened.
Please upload even if you cannot fix the other
Processing control commands:
> tag -1 pending
Bug #801564 [squid] squid: prompting due to modified conffiles which were not
modified by the user: /etc/squid/squid.conf
Added tag(s) pending.
--
801564: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801564
Debian Bug Tracking System
Contact
forwarded 863445 https://dev.gajim.org/gajim/gajim/issues/8378
close 863445 0.16.6-1.1
thanks
Processing commands for cont...@bugs.debian.org:
> forwarded 863445 https://dev.gajim.org/gajim/gajim/issues/8378
Bug #863445 [gajim] gajim: CVE-2016-10376: possible to remote extract
plain-text from encrypted sessions
Bug #863698 [gajim] CVE-2016-10376
Set Bug forwarded-to-address to
Package: boinc-client-fglrx
Version: 7.6.33+dfsg-11
Severity: serious
Hi,
I think the boinc-client-fglrx binary package should be dropped. fglrx
is dead upstream (the old versions lack support for curent kernels and Xorg).
The driver is not in Debian/non-free any more (so it won't be in stretch)
Binary files 'test_deref/0015-0001' and 'test_deref/0011-0001' from test folder
0.0.4 cause a problem.
Solution could be to threat these tests as the same tests from the 0.0.3 test
folder:
https://gitlab.com/gbenson/libi8x/blob/master/tests/valid/test-corpus.c#L64-79
With these changes, package
On Tue, May 30, 2017 at 08:49:18AM +0200, Guido Günther wrote:
> Package: gajim
> X-Debbugs-CC: t...@security.debian.org
> secure-testing-t...@lists.alioth.debian.org
> Severity: grave
> Tags: security
> Version: 0.16-1
>
> Hi,
>
> the following vulnerability was published for gajim.
>
>
Processing commands for cont...@bugs.debian.org:
> forcemerge 863698 863445
Bug #863698 [gajim] CVE-2016-10376
Bug #863445 {Done: deba...@debian.org (W. Martin Borgert)} [gajim] gajim:
CVE-2016-10376: possible to remote extract plain-text from encrypted sessions
Unset Bug forwarded-to-address
Processing commands for cont...@bugs.debian.org:
> notfound 863698 gaim/0.16.6-1.1
Bug #863698 [gajim] CVE-2016-10376
The source gaim and version 0.16.6-1.1 do not appear to match any binary
packages
Ignoring request to alter found versions of bug #863698 to the same values
previously set
>
Processing commands for cont...@bugs.debian.org:
> notfound 863698 gajim/0.16.6-1.1
Bug #863698 [gajim] CVE-2016-10376
Ignoring request to alter found versions of bug #863698 to the same values
previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Package: gajim
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Version: 0.16-1
Hi,
the following vulnerability was published for gajim.
CVE-2016-10376[0]:
| Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote
|
Package: src:python-jsonpointer
Followup-For: Bug #857884
Thanks, I have filed a RM bug against ftp.debian.org [0].
Christopher Hoskin
[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863691
On Monday 29 May 2017 08:54 PM, Raphael Hertzog wrote:
> On Mon, 29 May 2017, Raphael Hertzog wrote:
>> Updated patches attached, I missed to update some tests to account
>> for the move of the detect_soft_applied() method.
>
> Third set of patches, this time the package builds fine at least.
>
control: owner -1 !
I prepared a patch for this issue and emailed the FreeRADIUS security team
asking for review. I’ll upload the patch once they confirm its
effectiveness.
On Mon, May 29, 2017 at 11:16 PM, Guido Günther wrote:
> Package: freeradius
> Version: 3.0.12+dfsg-4
>
Processing control commands:
> owner -1 !
Bug #863673 [freeradius] CVE-2017-9148: FreeRADIUS TLS resumption
authentication bypass
Owner recorded as Michael Stapelberg .
--
863673: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863673
Debian Bug Tracking System
Contact
Processing commands for cont...@bugs.debian.org:
> severity 862530 important
Bug #862530 [aoetools] aoetools: provide a systemd service to allow proper
shutdown of AoE mounts
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
severity 862530 important
thanks
Christoph Biedl wrote...
> (At least) AoE devices are handled properly if mounted with the _netdev
> mount option. This applies to swap-over-AoE, too. Also, mounting these
> through /etc/fstab works in jessie only if _netdev is provided as a
> mount option as
On Monday 29 May 2017 08:54 PM, Raphael Hertzog wrote:
> On Mon, 29 May 2017, Raphael Hertzog wrote:
>> Updated patches attached, I missed to update some tests to account
>> for the move of the detect_soft_applied() method.
>
> Third set of patches, this time the package builds fine at least.
>
99 matches
Mail list logo