Package: libspice-server-dev
Version: 0.8.2-1
Severity: grave
In pkg-config file of libspice-server-dev, pixman-1 (= 0.17.7) is
specified as required, yet it is not marked as such in the
libspice-server-dev package control file. This means that
installed libspice-server-dev package is unusable
09.08.2011 14:26, Michael Tokarev wrote:
[]
There are other dependencies too, like alsa openssl xrandr etc,
but I haven't checked these.
See also
http://cgit.freedesktop.org/spice/spice/commit/?h=0.8id=54c660470a5aea19f799c5574cc0d4a707696712
--
this is actually a bugfix, -- spice .pc file
30.07.2011 01:06, Ralf Jung wrote:
Machine: HP Compaq 615
Processor: AMD Athlon(tm)X2 DualCore QL-66
Memory: 4 GiB
Partitions:
Device Boot Start End Blocks Id System
/dev/sda1 *2048 1228761438976 83 Linux
/dev/sda2 12288 131071999
27.07.2011 00:52, Moritz Muehlenhoff wrote:
Package: udhcpc
Severity: grave
Tags: security
Dear Busybox maintainers,
it was discovered that busybox's udhcpc is also affected by
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Interesting.
How about checking various IP
Package: qemu-kvm
Version: 0.12.5+dfsg-5
Severity: serious
Tags: patch squeeze sid upstream security
qemu-kvm does not clear list of supplementary groups
when processing -runas argument which supposed to tell
it to drop as much privileges as possible.
See https://bugs.launchpad.net/bugs/807893
11.07.2011 12:10, Roland Stigge wrote:
Hi,
the latest libowfat-dev has the same file /usr/include/cdb.h as
libcdb-dev. Will add a Conflicts: libcdb-dev for now.
Actually it's interesting situation. Both libraries provide
the same functionality indeed (I mean the cdb part of it, --
I
Package: qemu-kvm
Version: 0.14.1+dfsg-2, 0.12.5+dfsg-5+squeeze4
Severity: serious
Tags: patch security squeeze upstream sid
qemu-kvm in squeeze and sid has an issue described in CVE-2011-2212.
Due to a programming error, it is possible for a rogue guest to
access and overwrite host process
29.06.2011 00:31, Michael Tokarev wrote:
Additional information:
http://patchwork.ozlabs.org/patch/94604/ (upstream patch)
https://bugzilla.redhat.com/show_bug.cgi?id=717399
The problem affects both sqeeze and sid versions. It is present in
lenny too, but that one is hopeless (we should
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze3
Severity: grave
Tags: upstream security squeeze sid
The virtio_queue_notify() function checks that the virtqueue number is
less than the maximum number of virtqueues. A signed comparison is used
but the virtqueue number could be negative if a
31.05.2011 10:59, Harald Staub пишет:
When patching KVM hosts, our preferred way is to live migrate the VMs to
another host temporarily.
I see that the fix for squeeze needed some backporting work. In
particular, it introduces a no_hotplug property.
That propery is internal for the device
tag 627448 - patch pending
thanks
20.05.2011 22:33, Michael Tokarev wrote:
CVE-2011-1751:
http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html
http://patchwork.ozlabs.org/patch/96331/
I wanted to sort it out yesterday when I saw the bugreport
and the CVE assignment
the
+no_hotplug attribute when handling hot-unplug request from guest.
+(closes: #627448)
+
+ -- Michael Tokarev m...@tls.msk.ru Sat, 21 May 2011 10:45:52 +0400
+
qemu-kvm (0.12.5+dfsg-5+squeeze1) stable-security; urgency=high
* fix CVE-2011-0011: Setting VNC password to empty string
@@ -6,7 +30,7
tag 627448 + confimed upstream patch pending
found 627448 0.12.5+dfsg-5+squeeze1
found 627448 0.14.0+dfsg-1~tls
thanks
20.05.2011 21:33, Moritz Muehlenhoff wrote:
Package: qemu-kvm
Severity: grave
Tags: security
Hi,
the following security issue was reported in qemu-kvm:
CVE-2011-1751:
First of all, big, LARGE Thank you Loïc, for the great work
you've done about this bug.
Somehow I haven't received earlier messages for #621137 even
when I'm subscribed, or else I'd reply sooner.
I wanted to get rid of that patch completely, together with
CONFIG_STANDALONE_SHELL busybox config
18.03.2011 19:38, Hector Oron пишет:
Package: qemu
Version: 0.14.0+dfsg-5
Severity: serious
Justification: FTBFS
User: debian-...@lists.debian.org
Hello,
Your package fails to build from source on armel build daemons:
CCx86_64-softmmu/translate.o
virtual memory exhausted:
tags 618644 + pending
thanks
17.03.2011 10:20, Cyril Brulebois wrote:
Source: busybox
Version: 1:1.18.3-1
Severity: serious
Justification: FTBFS
Hi,
your package no longer builds on kfreebsd-*. Not sure what to quote,
since it explodes quite badly. :D
Yes I've seen this once it were
Please excuse me for late reply - I missed your email initially somehow.
28.01.2011 00:59, Moritz Mühlenhoff wrote:
[]
Thanks for the verbose explanation. I've updated the Debian
Security Tracker.
While we're at it; could you please also look into
On 26.01.2011 11:25, Julien Cristau wrote:
On Wed, Jan 26, 2011 at 08:56:06 +0300, Michael Tokarev wrote:
Second, this is an intended behavour. Emty vnc password
meant to be no authentication, not a lockdown. When you
start it without specifying a password it lets everyone
in.
Intended
26.01.2011 00:25, Moritz Muehlenhoff wrote:
Package: kvm
Severity: grave
Tags: security
Please see the following entry in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
Yes, I've seen this even before CVE ID were assigned.
The impact is not entirely
Package: extlinux
Version: 2:4.02+dfsg-7
Severity: serious
Tags: squeeze
extlinux-update script quietly overwrites /etc/default/extlinux file
on each invocation. The file in question, according to the Policy,
is a configuration file, so the local changes made to this file should
be preserved. I
19.12.2010 14:31, Daniel Baumann wrote:
On 12/19/2010 12:25 PM, Michael Tokarev wrote:
extlinux-update script quietly overwrites /etc/default/extlinux file
on each invocation. The file in question, according to the Policy,
is a configuration file, so the local changes made to this file should
tags 605800 + unreproducible
quit
03.12.2010 19:20, Gustavo Moreno wrote:
Package: KVM
Version: 1:0.12.5+dfsg-5
Severity: grave
After upgrading, any KVM virtual machine crashes when it try to start,
althought Qemu machines work fine. AQEMU gui doesn't crash.
I'm runnuing a amd64 kernel,
03.12.2010 23:08, Gustavo Moreno wrote:
Please, excuse my fault about lack of information and misclassification,
also for my mistakes with English. This is my first bug report! I marked
it as serious because I understood that would be a problem that could
affect a lot of users, making their
reassign 605800 linux-2.6 2.6.32-28
severity 605800 normal
merge 604956 605800
thanks
04.12.2010 00:01, Gustavo Moreno wrote:
I've already got a precompiled 64 bit kernel on this machine, namely.
linux-image-2.6.32-5-amd64 version:2.6.32-28
linux-headers-2.6.32-5-amd64
After several years of silence I'm about to release
a new version of udns, with just one bugfix and a change
from sequentional queue IDs for queries to random, using
a simple pseudo-random number generator by Bob Jenkins.
This affects queueIDs _only_, not source port, because
by design udns uses
Replying to an old email from more than a year ago.
I'm about to release a new version of udns, and
thought I'd put some missing dots under is and
address the concerns...
I'm quoting whole thing just to show context, I have
a question for only one point below, with a few short
comments.
tags 604604 + moreinfo
thanks
23.11.2010 01:20, Jakub Wilk wrote:
Package: qemu-kvm
Version: 0.13.0+dfsg-2
Severity: grave
Justification: renders package unusable
After 0.12.5+dfsg-5 - 0.13.0+dfsg-2 upgrade kvm doesn't start anymore.
I get an error immediately:
$ kvm
kvm: vm entry
tags 604604 - moreinfo
tags 604604 + confirmed upstream patch
reassign 604604 linux-image-2.6.32-5-i686 2.6.32-27
severity 604604 normal
thanks
23.11.2010 01:20, Jakub Wilk wrote:
Package: qemu-kvm
Version: 0.13.0+dfsg-2
Severity: grave
Justification: renders package unusable
After
Package: qemu-kvm
Version: 0.12.5+dfsg-4
Severity: serious
qemu-kvm source includes generated file,
roms/seabios/src/acpi-dsdt.hex, which is
a result of compilation by iasl. The
source for this file is included too,
in acpi-dsdt.dsl, but upstream makefile
does not even have a rule that checks
if
reassign 600310 cron
retitle 600310 cron uses regexps that return wrong results depending on locale
severity 600310 serious
thanks
Ok, as stated in two previous emails, it's problem in cron, not in
glibc/locales. Sadly, but... ;) And the severity isn't critical
but serious (makes cron to not
Package: locales
Version: 2.11.2-6
Severity: critical
Tags: l10n
There's a bug in et_EE.UTF-8 locale definition causing some latin
chars to be treated as non-letters. These are at least in range
t..y inclusive, i.e. [t-y]. Like this:
$ echo $LANG
et_EE.UTF-8
$ echo s | grep '[a-z]'
s
$
Ok, after discussing on #debian-devel and some more thinking,
even if it's 02:23 here already... I now see the problem
isn't in locales package actually, and it should affect
other locales too.
The prob is that people used to use [a-z] to mean all 26
latin chars, while various locales have them
20.09.2010 14:58, Harald Staub wrote:
Package: qemu-kvm
Version: 0.12.5+dfsg-3
Severity: grave
I started some testing of the version of qemu-kvm of squeeze. I do this
on a lenny box, with a sid kernel (linux-image-2.6.32-5-amd64 2.6.32-23)
and backports of qemu-kvm and libvirt (0.8.3-1).
tags 594478 + pending
thanks
26.08.2010 13:31, Moritz Muehlenhoff wrote:
Package: qemu-kvm
Severity: grave
Tags: security
Justification: user security hole
This has been assigned CVE-2010-2784. Please see here for
references and a patch:
tags 573280 + pending
thanks
Bastian Blank wrote:
Package: qemu-kvm
Version: 0.12.3+dfsg-3
Severity: grave
qemu-kvm fails to install:
| Unpacking qemu-kvm (from .../qemu-kvm_0.12.3+dfsg-3_amd64.deb) ...
| No packages found matching kvm.
| dpkg: error processing
severity 570245 important
thanks
I'm lowering severity of this from grave back to important
since the issue were quite infrequent and only reproduceable
on a few systems.
Thanks.
/mjt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
tags 570245 + pending
thanks
Christophe Benz wrote:
Hi,
Your package corrects the bug (0.12.3).
Thank you for testing Christophe.
(And still does not work with 0.11.1+dfsg-1, with the same conditions).
I'm preparing 0.12.3 for real, since we now have
all the necessary dependencies in
Debian Bug Tracking System wrote:
Processing commands for cont...@bugs.debian.org:
severity 570245 grave
Bug #570245 [qemu-kvm] qemu-kvm: kvm exits with unhandled vm exit: 0x11
Severity set to 'grave' from 'important'
Stefen, can you please, this and next time you merely
increases severity,
Christophe, can you please try 0.12 qemu-kvm
packages from my site, http://www.corpit.ru/debian/tls/kvm/
and see if these fixes your problem?
This bug is difficult to reproduce, upstream says
it's fixed long ago, and it also seems to affect
only Intel machines, but I only have AMD CPUs here.
The
Stefan Fritsch wrote:
On Mon, 1 Mar 2010, Michael Tokarev wrote:
Stefen, can you please, this and next time you merely
increases severity, give at least some hint about your
justification?
I thought from the original report it was obvious that this makes kvm
unusable, therefore this bug
Adrian Irving-Beer wrote:
Package: qemu-kvm
Version: 0.11.1+dfsg-1
Severity: serious
Justification: Policy 3.5
In Debian bug #566028, I reported that the latest version of qemu-system
had an unstated dependency on libgssapi_krb5.so.2. It seems that
qemu-kvm now has the same dependency
Stefano Zacchiroli wrote:
Dear maintainer,
I've prepared an NMU for qemu-kvm (versioned as 0.11.0+dfsg-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
It's fixed in git on collab-maint for quite some time ago,
in `mjt-changes' branch, by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Never mind. I checked the Debian packages page, looked at the readme and
discovered my error. I had assumed that qemu-kvm added kvm to the qemu
package when in fact it replaces it, but also requires a different
command to start.
Can you elaborate
Jamie Thompson wrote:
Package: mdadm
Version: 3.0-2
Severity: normal
I upgraded grub and mdadm this afternoon, and whilst the process appeared
successful,
after rebooting the system would not come up - my mirrored root device was seemingly
gone.
Attempting to start it from the mdadm
Harald, are you sure the problem you have here is due
to mdadm change and not your new kernel change or even
fstab change?
The thing is that the NMU in question did not change any
stuff in mdadm related to booting. The issue you have
is that after the array gets assembled, it isn't handled
by
Jan Christoph Nordholz wrote:
Hi Michael,
(the following holds for both autofs v4 and v5)
usually the daemon creates these directories on startup and removes
them on exit. If you do not want that to happen, it suffices to
mark the directory as u-w:
] r...@apocatequil:/etc# grep ^/misc
Jan Christoph Nordholz wrote:
Hi,
As I mentioned before, the ONLY way to stop it from
removing the top-level dir is to chattr+i it.
ah, autofs4 indeed removes the directory even without write permission
(v5 doesn't), I thought I'd checked that, too. But this behaviour has
been around for
Thadeu Lima de Souza Cascardo wrote:
Hello, folks.
Hello.
Thank you for bringing this issue up again.
While udns has no entered etch or lenny, we should reconsider that
situation in the case of squeeze. Some software in Debian depends or may
be improved while depending on udns.
Package: autofs
Version: 4.1.4+debian-2.1
Severity: grave
When the automount daemon exits, it removes the top-level mountpoint
directory. For example, when auto.master contains
/net /etc/auto/net
and the /net dir exists before startup, on shutdown corresponding
automount process does right
Ondřej Surý wrote:
Well,
I am not going to argue whether this is grave security bug or not. But
I didn't want to mark it as grave. In fact, I did something wrong
while submitting the bug, so it ended up with wrong (or no) severity.
It's definitely a security-related issue.
please note that
Blah. It should Depends: on adduser (or is it Pre-Depends? adduser
is only used in postinst script.)
Also, the same postinst script references getent. While it's a part
of libc6, on which we already depends on, for other libc variations
it might not be the case. For example, libc6-udeb does
Santiago Vila wrote:
On Tue, 14 Nov 2006, Lucas Nussbaum wrote:
[]
Michael, this is just a missing dependency on adduser, which is needed
because adduser is not Essential: yes. Here is a patch:
Yup. I already replied to the original report a few minutes after I received
it. Should I add Cc:
Package: apache
Version: 1.3.33-6sarge1
Severity: grave
When upgrading apache (or dpkg-reconfiguring it), ServerName directive
is set to some value (defaults to `localhost'). Before upgrade the
configuration was perfectly valid, with ServerName taken from hostname
apache is running on. After
The last mdadm change -- 1.9.0-2.1 -- did NOT fix the bug,
but made the situation worse.
rcS.d/S04mdadm-raid is now the FIRST thing the system is
doing when booting. At that stage, /proc is not mounted
(it is mounted later), and in mdadm-raid bootscript, there's
the following code:
if [
zze-Beta Testeur LABROSSE A ext RD-CSRD-GRE wrote:
Hi,
I'd read your posts to the bug, and now I wonder what to do. I Add an
url to a patch[1] that seems to reduce number of call to getpwnam(), and
improve the behaviour of all the module. Please tell me if the patch fix
problems you're talking
Package: libpam-ssh
Version: 1.91.0-5
Severity: critical
A long time ago (circa 1998 or so) I looked at pam-ssh project and
noticied several problems with it. And since it's now in Debian,
the same problems applies to Debian too.
Here's one.
in pam_sm_authenticate() routine, pam_ssh saves
Justin Pryzby wrote:
On Thu, Mar 24, 2005 at 03:55:06PM +0300, Michael Tokarev wrote:
Package: libpam-ssh
Version: 1.91.0-5
Severity: critical
A long time ago (circa 1998 or so) I looked at pam-ssh project and
noticied several problems with it. And since it's now in Debian,
the same problems
A small followup with additional comments.
Justin Pryzby wrote:
[]
It seems that your request can be easily satisfied by using the
reentrant versions of these functions, like getpwnam_r. I'm including
a test file I've been playing with, which indicates that a patch, if
necessary, would be
301 - 358 of 358 matches
Mail list logo
