Processing commands for cont...@bugs.debian.org:
> retitle 926764 spip: CVE-2019-11071: arbitrary code execution by any
> identified visitor
Bug #926764 [src:spip] spip: arbitrary code execution by any identified visitor
Changed Bug title to 'spip: CVE-2019-11071: arbitrary code execution by any
This also prevents i386 version from being built, which in turn blocks using
newer 32-bit Wine which now depends on faudio.
Please re-upload the package with build-depends for cmake, and you can as well
use the newest version: 19.04.
Regards,
Hillel Lubman.
I see that Synaptic cannot be opened.
I believe the correct way is
synaptic-pkexec
Regards
Package: src:ruby-guard
Version: 2.15.0-2
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules build-indep
dh build-indep --buildsystem=ruby
Package: src:ruby-vcr
Version: 4.0.0-1
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules binary-indep
dh binary-indep --buildsystem=ruby
Package: src:faudio
Version: 19.02-1
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in sid but it failed:
[...]
debian/rules binary-arch
dh binary-arch
dh_update_autotools_config
Control: tag -1 pending
Hello,
Bug #857208 in socklog reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Control: tag -1 pending
Hello,
Bug #834089 in socklog reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
Processing control commands:
> tag -1 pending
Bug #857208 [src:socklog] socklog: building with -A doesn't put the changelog
in usr/share/doc/socklog-run/changelog.Debian.gz
Ignoring request to alter tags of bug #857208 to the same tags previously set
--
857208:
Processing control commands:
> tag -1 pending
Bug #834089 [socklog-run] runit: breaks users of runit: ln: failed to create
symbolic link '/etc/service/bcron-sched': No such file or directory
Ignoring request to alter tags of bug #834089 to the same tags previously set
--
834089:
Your message dated Wed, 10 Apr 2019 21:20:31 +
with message-id
and subject line Bug#926801: fixed in wpa 2:2.7+git20190128+0c1e29f-4
has caused the Debian Bug report #926801,
regarding src:wpa: multiples vulnerabilities in SAE and EAP-pwd code in wpa
to be marked as done.
This means that you
Processing commands for cont...@bugs.debian.org:
> found 926801 2:2.7+git20190128+0c1e29f-3
Bug #926801 [src:wpa] src:wpa: multiples vulnerabilities in SAE and EAP-pwd
code in wpa
Marked as found in versions wpa/2:2.7+git20190128+0c1e29f-3.
> thanks
Stopping processing here.
Please contact me
Processing commands for cont...@bugs.debian.org:
> tags 926801 + upstream
Bug #926801 [src:wpa] src:wpa: multiples vulnerabilities in SAE and EAP-pwd
code in wpa
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
926801:
Your message dated Wed, 10 Apr 2019 18:00:11 +
with message-id
and subject line Bug#921969: fixed in gpac 0.7.1+dfsg1-2
has caused the Debian Bug report #921969,
regarding CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763
to be marked as done.
This means that you claim that the
Your message dated Wed, 10 Apr 2019 18:00:11 +
with message-id
and subject line Bug#892526: fixed in gpac 0.7.1+dfsg1-2
has caused the Debian Bug report #892526,
regarding gpac: CVE-2018-7752: Stack buffer overflow in av_parsers.c
to be marked as done.
This means that you claim that the
Processing control commands:
> reassign -1 debian-installer
Bug #926795 [di-netboot-assistant] di-netboot-assistant: Unable to install
Debian Buster amd64 from d-i n-a at 2019-04-10 generated boot-file
Bug reassigned from package 'di-netboot-assistant' to 'debian-installer'.
No longer marked as
Your message dated Wed, 10 Apr 2019 16:37:30 +
with message-id
and subject line Bug#924291: fixed in netrek-client-cow 3.3.1-4
has caused the Debian Bug report #924291,
regarding netrek-client-cow: build can loop indefinitely on failure
to be marked as done.
This means that you claim that
Your message dated Wed, 10 Apr 2019 16:03:44 +
with message-id
and subject line Bug#923866: fixed in aptly 1.3.0+ds1-2.1
has caused the Debian Bug report #923866,
regarding aptly: unable to delete local repositories
to be marked as done.
This means that you claim that the problem has been
Package: src:ipywidgets
Version: 6.0.0-3
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules build-indep
dh build-indep --with
Package: src:wpa
Severity: grave
Tags: security
Justification: user security hole
Hi,
multiple vulnerabilities were discovered in wpa:
CVE-2019-9494 [cache attack against SAE]
CVE-2019-9495 [cache attack against EAP-pwd]
CVE-2019-9496 [SAE confirm missing state validation in hostapd/AP]
Hey,
> That's basically kdepimlibs, as cyrus-imapd is not in testing and kmymoney
is already fixed in experimental and just needs an upload to sid.
> kdepimlibs may not be easy though as disabling libical will probably disable
some libs that may be used by rdeps. Someone needs to look at
Hi Stephen,
I looked into why it runs mkkey and couldn't figure out much. Let me
write down what I know:
* It generates an RSA public/private key pair.
* The public key is installed to /usr/share/doc.
* The private key is used in some other way during the build (the
comments talk about
Hi Helmut,
Le 10/04/2019 13:59, Markus Koschany a écrit :
Am 10.04.19 um 06:33 schrieb Helmut Grohne:
On Sun, Mar 24, 2019 at 01:09:06PM +, Debian Bug Tracking System
wrote:
* Fix infinite loop patch. Really (Closes: #924291)
As much as I hate to say this, it still loops. You can see
Please take into account that upstream is completely against applying
that patch:
https://github.com/plougher/squashfs-tools/issues/60
On Tue, 09 Apr 2019 at 23:39:31 +0200, Guilhem Moulin wrote:
> AFAICT this worked this time because the socket was *only* marked as
> ready for writing after the first select() call. Only during the second
> call was there some data to be read:
>
>> select(8, [3], [3], NULL, {tv_sec=180,
would it work with the latest upstream version?
if you care to test...
http://phd-sid.ethz.ch/debian/bashburn/
3.1.0
non-alsa users (for example debian gnu/kfreebsd) might be happy
to have it anyways. but i agree, it should work with both.
Hello Helmut,
Am 10.04.19 um 06:33 schrieb Helmut Grohne:
> Control: reopen -1
>
> Hi Markus,
>
> On Sun, Mar 24, 2019 at 01:09:06PM +, Debian Bug Tracking System wrote:
>>* Fix infinite loop patch. Really (Closes: #924291)
>
> As much as I hate to say this, it still loops. You can see
Hi Ivo,
On Wed, Apr 10, 2019 at 2:35 PM Ivo De Decker wrote:
>
> Hi,
>
> On Wed, Apr 10, 2019 at 10:24:25AM +0300, Sergei Golovan wrote:
> > The problem with the package is that it doesn't link to a specific
> > mysql or mariadb client library, but searches for it in runtime by
> > name and
On Wed, Apr 10, 2019 at 01:35:42PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, Apr 08, 2019 at 03:56:18PM -0400, John Brooks wrote:
> > Any progress on fixing this in Jessie?
>
> See: https://bugs.debian.org/926389#33
>
> The Non-maintainer upload is pending in the delayed queue so it
Hi,
On Mon, Apr 08, 2019 at 03:56:18PM -0400, John Brooks wrote:
> Any progress on fixing this in Jessie?
See: https://bugs.debian.org/926389#33
The Non-maintainer upload is pending in the delayed queue so it still
could be overriden by a maintainer upload and will reach otherwise
unstable in
Hi,
On Wed, Apr 10, 2019 at 10:24:25AM +0300, Sergei Golovan wrote:
> The problem with the package is that it doesn't link to a specific
> mysql or mariadb client library, but searches for it in runtime by
> name and loads it dynamically. So we can't use the shlibdeps mechanism
> to construct the
Package: src:gauche-c-wrapper
Version: 0.6.1-10
Severity: serious
Tags: ftbfs patch
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules build-arch
dh build-arch
Hi,
My mail about the issue in tar should have gone to 926722, not 926698.
Ivo
On Wed, Apr 10, 2019 at 12:10:16PM +0200, Ivo De Decker wrote:
> Hi,
>
> On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote:
> > On 2019-04-09 11:44, Andreas Beckmann wrote:
> > > 0m17.9s ERROR: WARN:
Hi,
On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote:
> On 2019-04-09 11:44, Andreas Beckmann wrote:
> > 0m17.9s ERROR: WARN: Broken symlinks:
> > /etc/rmt -> /usr/sbin/rmt (tar)
> >
> > 0m22.0s ERROR: FAIL: After purging files have disappeared:
> > /usr/sbin/rmt ->
Processing control commands:
> tags -1 patch
Bug #926698 [cpio] cpio: prerm deletes /usr/sbin/rmt in --merged-usr environment
Added tag(s) patch.
--
926698: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926698
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 patch
On Tue, Apr 09, 2019 at 06:05:00PM +0200, Andreas Beckmann wrote:
> On 2019-04-09 11:44, Andreas Beckmann wrote:
> > 0m17.9s ERROR: WARN: Broken symlinks:
> > /etc/rmt -> /usr/sbin/rmt (tar)
> >
> > 0m22.0s ERROR: FAIL: After purging files have disappeared:
> >
Hi Lucas,
On Wed, Apr 10, 2019 at 09:06:48AM +0200, Lucas Nussbaum wrote:
> My understanding:
> - ruby-fakeweb is a key package because ruby-thor build-depends on it
> - ruby-fakeweb is unmaintained upstream
> - ruby-thor doesn't actually need fakeweb
> + newer upstream releases use webmock
Control: tag -1 pending
On Tue, 02 Apr 2019 22:22:29 +0200 Andreas Beckmann wrote:
> Package: mininet
> Version: 2.2.2-4
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed your package is no longer
> installable in sid.
Processing control commands:
> tag -1 pending
Bug #926279 [mininet] mininet: switch from cgroup-bin to cgroup-tools
Added tag(s) pending.
--
926279: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926279
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processing commands for cont...@bugs.debian.org:
> reassign 926538 installation-reports
Bug #926538 [installation-reports installer] Package: installation-reports
Warning: Unknown package 'installer'
Bug reassigned from package 'installation-reports installer' to
'installation-reports'.
Ignoring
On 10.04.19 10:29, Adrian Bunk wrote:
> On Wed, Apr 10, 2019 at 10:11:29AM +0200, Matthias Klose wrote:
>> Package: src:llvm-toolchain-7
>> Version: 1:7.0.1-8
>> Severity: serious
>> Tags: sid buster
>>
>> underlinked clang libraries on armel cause build failures,
>
> Static libraries are not
Your message dated Wed, 10 Apr 2019 08:49:14 +
with message-id
and subject line Bug#926746: fixed in libbluray 1:1.1.1-2
has caused the Debian Bug report #926746,
regarding libbluray: ftbfs during arch:all only build
to be marked as done.
This means that you claim that the problem has been
On Wed, Apr 10, 2019 at 10:11:29AM +0200, Matthias Klose wrote:
> Package: src:llvm-toolchain-7
> Version: 1:7.0.1-8
> Severity: serious
> Tags: sid buster
>
> underlinked clang libraries on armel cause build failures,
Static libraries are not linked.
> as seen at
>
Le 09/04/2019 à 22:14, Santiago Vila a écrit :
> On Tue, Apr 09, 2019 at 09:31:07PM +0200, Xavier wrote:
>
>>> NB, it's been already reported upstream that the number of iterations
>>> this implementation chooses in not adequate:
>>> https://github.com/indutny/miller-rabin/issues/9
>>
>> I think
Package: src:llvm-toolchain-7
Version: 1:7.0.1-8
Severity: serious
Tags: sid buster
underlinked clang libraries on armel cause build failures, as seen at
https://buildd.debian.org/status/package.php?p=creduce
/usr/bin/ld:
/usr/lib/llvm-7/lib/libclangFrontend.a(SerializedDiagnosticReader.cpp.o):
Processing commands for cont...@bugs.debian.org:
> limit source spip
Limiting to bugs with field 'source' containing at least one of 'spip'
Limit currently set to 'source':'spip'
> tags 926764 + pending
Bug #926764 [src:spip] spip: arbitrary code execution by any identified visitor
Added tag(s)
Hi!
The problem with the package is that it doesn't link to a specific
mysql or mariadb client library, but searches for it in runtime by
name and loads it dynamically. So we can't use the shlibdeps mechanism
to construct the dependencies list as usual.
I'd suggest to add another alternative
Package: arctica-greeter-theme-debian-futureprototype
Version: 0.99.1.3-1~bpo9+1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is not
installable in stretch-backports:
The following packages have unmet
My understanding:
- ruby-fakeweb is a key package because ruby-thor build-depends on it
- ruby-fakeweb is unmaintained upstream
- ruby-thor doesn't actually need fakeweb
+ newer upstream releases use webmock instead:
Source: spip
Version: 3.2.3-1
Severity: grave
Tags: upstream security fixed-upstream
Control: fixed -1 3.2.4-1
Control: found -1 3.1.4-4~deb9u1
Control: found -1 3.1.4-4
Hi
Filling a bug in Debian BTS to have a tracking reference (ideally
though this will recieve a CVE):
Processing control commands:
> fixed -1 3.2.4-1
Bug #926764 [src:spip] spip: arbitrary code execution by any identified visitor
The source 'spip' and version '3.2.4-1' do not appear to match any binary
packages
Marked as fixed in versions spip/3.2.4-1.
> found -1 3.1.4-4~deb9u1
Bug #926764
52 matches
Mail list logo
