Hi,
> Your package still depends on the old, obsolete PCRE3[0] libraries
> (i.e. libpcre3-dev).
Thanks for the report. Indeed there's work ongoing upstream to fix this.
I'm monitoring this and we hope to get a working version well in time for
trixie.
Kind regards,
Thijs
Hi Chris,
On Thu, March 25, 2021 02:42, Chris Hofstaedtler wrote:
> Source: cpqarrayd
> Version: 2.3.6
> Severity: serious
>
> Linux upstream has removed the "cciss" driver in 4.14-rc1. cpqarrayd
> needs the cciss driver to function.
>
> I imagine we shouldn't ship software that did not work with
Package: rst2pdf
Version: 0.93-7
Severity: serious
Hi,
rst2pdf calls fc-match in findfonts.py, but does not list a dependency
on fontconfig. If you don't have it installed, building the document
will succeed but the document itself is empty.
Cheers,
Thijs
On Tue, April 21, 2020 18:02, Andrew Hodgson wrote:
> Thijs Kinkhorst wrote:
>>On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
>>> Package: src:mailman
>>> Version: 1:2.1.29-1
>>> Severity: serious
>>> Justification: Policy 2.2.1
>>>
>
Hi,
On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
> Package: src:mailman
> Version: 1:2.1.29-1
> Severity: serious
> Justification: Policy 2.2.1
>
> This package Depends/Build-Depends on python-dnspython which is an NBS
> cruft package. Please update your package to use python3-dnspython,
On Wed, May 30, 2018 20:22, Michael Shuler wrote:
> On 05/30/2018 12:46 PM, Sebastian Andrzej Siewior wrote:
>>
>> I've read about this bug (and the other one) on d-devel. I uploaded
>> recently a new version of openssl to unstable (1.1.0h-3)which changes
>> the exit code of "openssl rehash" to
On Tue, May 29, 2018 23:08, Moritz Muehlenhoff wrote:
> On Sat, Oct 14, 2017 at 08:03:27AM +0200, Thijs Kinkhorst wrote:
>> Hi,
>>
>> On Thu, October 12, 2017 23:44, Sebastian Andrzej Siewior wrote:
>> > this is a remainder about the openssl transition [0]. We
>> I plan to release Mailman 2.1.26 along with a patch for older releases
>> to fix this issue on Feb 4, 2018. At that time, full details of the
>> vulnerability will be public.
I've reserved time on Sunday to in any case to sid when the fix is
released, and depending on the details/severity look
Hi Brian,
> Currently getting this error building the latest version - as in the
> Debian git package.
>
> Possibly this is because we depend on a package that needs updating -
> mostly likely mkdocs or jinja2 - but wonder which one? Maybe we should
> just update both anyway.
We're half a year
forcemerge 838288 873505
thanks
On Wed, August 30, 2017 00:58, Pete Donnell wrote:
> Apologies, turns out that this is a duplicate of
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838288
>
> Applying the patch included there fixed it.
Thanks for the extra confirmation.
I've uploaded a
Hi Thorsten,
On Sat, August 26, 2017 16:44, Thorsten Alteholz wrote:
> Hi,
>
> I just wanted to tell everybody that oysttyer just entered unstable.
>
> Thorsten
Thanks!
Do you think it would be useful if oysttyer would also provide a
transitional package ttytter, or should we remove ttytter
: #849626).
+
+ -- Thijs Kinkhorst <th...@debian.org> Wed, 04 Jan 2017 16:31:03 +
+
libphp-swiftmailer (5.4.2-1) unstable; urgency=medium
* Imported Upstream version 5.4.2
diff -Nru libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE-2016-10074.patch libphp-swiftmailer-5.4.2/debian/p
-phpmailer (5.2.14+dfsg-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix regression in previous update: remove check for
+Sendmail binary, upstream commit ed4e7ce8.
+
+ -- Thijs Kinkhorst <th...@debian.org> Mon, 02 Jan 2017 14:21:27 +
+
libphp-php
): apply commits
+4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
+
+ -- Thijs Kinkhorst <th...@debian.org> Fri, 30 Dec 2016 11:22:28 +
+
libphp-phpmailer (5.2.14+dfsg-2) unstable; urgency=medium
* Team upload
diff -Nru libphp-phpmailer-5.2.14+dfsg/debian/patches/0002-F
On Mon, November 28, 2016 13:56, Scott Kitterman wrote:
> On Sun, 13 Nov 2016 18:31:48 +0100 Thijs Kinkhorst <th...@debian.org>
> wrote:
>> Package: squirrelmail
>> Severity: serious
>>
>> SquirrelMail has been missing from Stretch for a while now and I inte
On Sat, November 19, 2016 07:25, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-mellon-dummy : Depends:
>> liblasso3-dev (>= 2.1.0) but it is not going to be installed
>> E: Unable to correct problems, you have held broken
On Sat, November 19, 2016 07:24, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-cas-dummy : Depends:
>> libssl-dev but it is not going to be installed
>> E: Unable to correct problems, you have held broken packages.
>> apt-get
Package: squirrelmail
Severity: serious
SquirrelMail has been missing from Stretch for a while now and I intend
to leave it that way. This bug is to document this explicit choice (and
room for any concerns).
Upstream (of which I'm, at least on paper) part, has not made any new
release of
close 828378 1.1-2
thanks
Hi Frederic,
> Severity: serious
> Setting up php5-lasso (2.5.0-3) ...
> /var/lib/dpkg/info/php5-lasso.postinst: 4: /var/lib/dpkg/info/php5-
> lasso.postinst: php5enmod: not found
> dpkg: error processing package php5-lasso (--configure):
> subprocess installed post-installation script
On Thu, January 14, 2016 15:49, Christoph Anton Mitterer wrote:
> You probably know about this already, but just in case not:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034679.html
Thanks for reporting.
The security team is indeed aware and a DSA is in preparation.
Package: websvn
Severity: serious
I propose to remove websvn from Debian.
The package is unmaintained with last maintainer upload in 2011. There was also
no response to a security issues which I fixed in an NMU one year ago. I then
noticed and reported several packaging issues which have gone
severity 785642 important
thanks
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
I received a message from one of my list admins that he couldn't send a
mail to his list. Investigating turned up the following in
/var/log/mailman/error:
May 17 15:32:20 2015 (981) Uncaught runner exception:
On Thu, May 21, 2015 20:20, Carlos Carvalho wrote:
Package: squirrelmail
Version: 2:1.4.23~svn20120406-2
Severity: grave
Below is a message that doesn't display in squirrelmail; Its single line
doesn't appear. When clicking reply it appears quoted, as it should.
Thanks. I've committed a fix
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
Package: mailman
Version: 1:2.1.18-2
Severity: grave
Justification: causes data loss
Hi,
I received a message from one of my list admins that he couldn't send a
mail to his list. Investigating turned up the following in
Hi,
Since the last maintainer upload was well over three years ago and there have
been several unacknowledged NMU's since then, I've taken the liberty to upload
Markus' good work as-is to unstable to fix this security issue for jessie.
Cheers,
Thijs
signature.asc
Description: This is a
Hi,
a test with piuparts revealed that your package uses files from
/usr/share/doc in its maintainer scripts which is a violation of
Policy 12.3: Packages must not require the existence of any files in
/usr/share/doc/ in order to function.
cp: cannot stat '/usr/share/doc/mibrfcs/*': No
On Thu, February 19, 2015 10:38, Florian Schlichting wrote:
Newly released RFC 7465 [0] describes RC4 as being on the verge of
becoming practically exploitable and consequently mandates that both
servers and clients MUST NOT offer or negotiate an RC4 cipher suite, and
indeed terminate the TLS
On Fri, February 13, 2015 16:10, Joost van Baal-IliÄ wrote:
CVE-2014-4172
php-cas problem, fixed in Debian's php-cas 1.3.3-1 and 1.3.1-4+deb7u1.
Moodle ships with unchanged phpCAS 1.3.3, see
moodle-2.7.5+dfsg/auth/cas/CAS/moodle_readme.txt Moodle can likely use the
Debian-maintained
Hi,
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to use on untrusted data, such as when running a duplicity
backup.
The
Hi,
I've NMU'ed websvn for this security issue with attached debdiff.
Cheers,
Thijs
websvn_nmudiff.debdiff
Description: Binary data
Package: websvn
Severity: serious
Tags: security patch
Hi,
James Clawson reported:
Arbitrary files with a known path can be accessed in websvn by committing a
symlink to a repository and then downloading the file (using the download
link).
An attacker must have write access to the repo, and
severity 772639 important
thanks
Hi Tomoo,
On Tue, December 9, 2014 14:40, Tomoo Nomura wrote:
When login from squirrelmail to imap server, the server rejects the
request due to Unknown user or invalid password.
The reason is that squirrelmail sents incorrect password to the server.
severity 661020 normal
thanks
Hi,
From what I see the remote file inclusion is limited to environments with
register_globals being on though.
I've investigated this issue. The vast majority of the mentioned 'attacks'
evidently only possible through register_globals, and the one about
'create'
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
There is a simple one line patch available for dovecot 2.0.
Maybe a similar way exists for 1.2.
Do you have a pointer to this patch?
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe.
On Wed, October 15, 2014 16:30, Henrik Langos wrote:
Hi Thijs,
On 10/15/14 14:26, Thijs Kinkhorst wrote:
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
There is a simple one line patch available for dovecot 2.0.
Maybe a similar way exists for 1.2.
Do you have a pointer to this patch
This is CVE-2014-7206.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
I've asked ftp-master to remove this package from sid in #764256.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Mon, September 29, 2014 13:33, Michael Meskes wrote:
@security: Is this enough of a security problem to warrant a stable
upload?
The fix seems easy enough, just run pinky if $user is still empty.
On its own, I would not consider failure to lock the screen in specific
situations a high
All,
Thank you Paul, indeed it helped me, as I too ran into this issue in a
fresh Jessie install. I didn't have to downgrade OpenSSH, however, just
edit PermitRootLogin as you did.
So am I right to conclude that this bug actually concerns the change that
changes PermitRootLogin to
Hi,
The security team is working on an update which includes amongst others
the patch referenced in this bug.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: php-cas
Severity: serious
Tags: fixed-upstream
Hi Olivier,
php-cas 1.3.3 fixes security issue CVE-2014-4172: urlencode all tickets.
Can you please upgrade php-cas in Debian to this version?
thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
Op maandag 7 juli 2014 11:36:49 schreef Didier 'OdyX' Raboud:
b) Thankfully we don't need to consider the backup plan mentioned in
a) since all we need is enabling sha256 support. Currently, Release
files include MD5+SHA1+SHA256. You'll find a tested patch attached.
(This means a whole
severity 745408 important
tags 745408 moreinfo
thanks
Op maandag 21 april 2014 16:20:45 schreef bastien ROUCARIES:
This source package contains the following files from the
IETF under non-free license terms:
doc/OpenPGP
This file only referances an IETF RFC, so I do not believe it is
Hi,
apt: no authentication checks for source packages
The Debian security team has assigned CVE-2014-0478 to this issue.
APT developers: we should fix this in wheezy. Are you able to provide an
update for wheezy for this issue?
As for squeeze, if it's not too much extra work it would be great
Hi Michael,
On Thu, June 12, 2014 13:52, Michael Vogt wrote:
On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote:
apt: no authentication checks for source packages
The Debian security team has assigned CVE-2014-0478 to this issue.
APT developers: we should fix this in wheezy
severity 750682 normal
tags 750682 pending
thanks
On Thu, June 5, 2014 18:36, Filipus Klutiero wrote:
Package: php5
Version: 5.6.0~beta3+dfsg-2
Severity: serious
NEWS.Debian contains the following entry:
php5 (5.6.0~alpha1+dfsg-1) experimental; urgency=medium
* THIS IS A DEVELOPMENT
Package: moodle
Version: 2.6.2-1
Severity: serious
At the time of writing this, I am the single active maintainer on the
Moodle package in unstable/testing. The time I spend on the package
I can spend at work because we're using the package in its current
form as it is in unstable. It's however
Hi Dan,
On Fri, May 2, 2014 04:02, Dan Poltawski wrote:
On 2 May 2014 02:46, David Prévot taf...@debian.org wrote:
The embedded PHPExcel copy (#718585) embeds OLE (#487558) which is not
DFSG compliant (PHP-2.02)[1,2].
We have removed this library in upstream in version 2.6:
Package: wordpress
Severity: serious
Tags: security fixed-upstream patch
Hi,
Wordpress 3.8.2 was released which fixes two security issues and several more
bugs.
http://wordpress.org/news/2014/04/wordpress-3-8-2/
CVE-2014-0165
Wordpress privilege escalation: prevent contributors from
Hi Frederic,
So indeed, it was just a compilation option bug...
Do you think you can include this patch in next 2.4.0 ?
Sure, I'll have it in the next upload and I'll see to get it included
upstream.
Can you please upload it over the coming days? I got an email that my
package
severity 743889 normal
thanks
Hi,
We have code that checks some of the applications that need to be
restarted, but it has a static list of packages to check and it's
outdated. We're working on improving that list and providing an
other update that will restart those services.
I do not
On Mon, April 7, 2014 11:49, Thorsten Glaser wrote:
Please remove the Depends: php5-json from php itself.
PHP should not depend on any of its extensions; people
can rather do that themselves. (Actually, this is an
issue in every version that had this Depends.)
The dependency exists for
Hi,
CVE names have been assigned for these issues. The assignment is rather
complicated. If you fix both issues in one upload it's ok to just mention
that it addresses the 5 CVE's named below.
http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 - This CVE is for the lack of
Hi Norbert,
On Mon, March 31, 2014 03:33, Norbert Preining wrote:
Sending /etc/fstab without asking the user is not acceptable,
as there might be passwords saved in there.
It would help the security team and anyone else not intimately involved
with this package if you could indicate more
Package: zendframework
Severity: serious
Tags: security fixed-upstream patch
Hi,
Two new security advisories were published for the Zend Framework.
* ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*, DOMDocument::loadXML, and xml_parse
On Mon, March 31, 2014 15:29, Norbert Preining wrote:
Hi Michael,
On Mon, 31 Mar 2014, Michael Biebl wrote:
can you try the attached bug script, you need to copy it to
it works for me.
I chose to use Y as default, since /etc/fstab should not usually contain
password information.
I think
Op dinsdag 18 februari 2014 20:30:28 schreef Werner Koch:
On Tue, 18 Feb 2014 09:47, th...@debian.org said:
I do not object against this upload but would like to know if Werner
would approve of the patch. Werner?
The patch is quite obvious. IIRC, it has also been posted to the BTS or
the
On Mon, February 17, 2014 19:43, Daniel Kahn Gillmor wrote:
On 02/15/2014 01:07 PM, Dominic Hargreaves wrote:
Control: severity -1 critical
Justification: makes unrelated software on the system break
[...]
On reflection, I'm upgrading the severity of this bug, since it's
blocking RC (FTBFS)
On Tue, January 14, 2014 16:40, Robert Bihlmeyer wrote:
Package: moodle
Version: 2.5.3-3
Severity: serious
Having libjs-yui-common and libjs-yui-common installed, an upgrade of
moodle from 2.5.3-2 to -3 results in loss of a large number of files
from these two packages.
What I think
On Fri, January 3, 2014 12:41, Leonardo Boselli wrote:
Can you reopen it changing to minor and suggesting to change the error
message ?
No, because it's an error message from apt, not from this package.
It is documented in the release notes on two different places, and in the
package
Hoi Ivo,
On Fri, January 3, 2014 13:48, Ivo De Decker wrote:
control: reopen 730104
control: close 733963 2.5.3-3
Hi Thijs,
On Fri, Jan 03, 2014 at 12:19:41PM +, Thijs Kinkhorst wrote:
Changes:
moodle (2.5.3-3) unstable; urgency=medium
.
* Drop unused libjs-yui dependency
Version: 2.3-2
Hi,
This has been fixed in cpqarrayd 2.3-2 but I neglected to mention that in the
changelog.
Thijs
signature.asc
Description: This is a digitally signed message part.
On Fri, November 29, 2013 10:01, Raphael Hertzog wrote:
Dear security team, please find attached the diff compared to the
respective
versions in stable(-security). Is it OK to upload them ?
Yes, this is OK (ruby1.8 needs to be built with -sa, ruby1.9.1 without).
Thank you for your work on
Package: percona-xtrabackup
Severity: serious
Tags: security fixed-upstream
Hi,
Upstream discovered and fixed use of a static IV in encrypting backups:
A fixed initialization vector (constant string) was used while encrypting
the data. This opened the encrypted stream/data to plaintext attacks
Package: dokuwiki
Version: 0.0.20130510a-2
Severity: serious
Hi,
dokuwiki fails to upgrade, and exits the upgrade with an error.
Turning set -x on in postinst, this is what happens:
+ [ -e /etc/apache2/conf.d/dokuwiki.conf ]
+ [ -d /etc/apache2/conf-available -a ! -e
Hi Bill,
On Wed, October 16, 2013 11:19, Bill Allombert wrote:
severity 725889 grave
severity 726479 important
found 725889 1.4.15-1
quit
On Wed, Oct 09, 2013 at 09:09:02PM +0200, Bill Allombert wrote:
/usr/bin/gpg --batch --no-options --no-default-keyring
--trust-model=always --homedir
On Wed, October 16, 2013 15:56, Bill Allombert wrote:
On Wed, Oct 16, 2013 at 12:09:42PM +0200, Thijs Kinkhorst wrote:
Hi Bill,
There are potentially 12000 systems affected.
Now has I see it, you have two way to fix the problem:
Either apply the patch Werner send (GIT
On Sat, April 6, 2013 12:45, Thijs Kinkhorst wrote:
I'm seeking input from GnuPG upstream for their view on this case.
I have forwarded the issue. Upstream acknowledges the issue but does not
seem prepared to change the behaviour of the --verify command.
As described in #705536, I do not think
Hi,
This is CVE-2013-4276. Please mention it in your changelog when fixing the
issue.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi Oleksandr,
Upstream has stopped supporting lcms-1 in 2009. Can you please start the
process to transition packages to lcms-2? See Moritz' mail above for
details.
thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
reassign 717992 moodle-book
thanks
On Sat, July 27, 2013 19:08, Andreas Beckmann wrote:
/var/cache/apt/archives/moodle-book_1.6.3-2_all.deb (--unpack):
trying to overwrite '/usr/share/moodle/mod/book/show.php', which is
also in package moodle 2.5.1-1
The module has been integrated into
On Sun, July 28, 2013 11:33, Andreas Beckmann wrote:
On 2013-07-28 09:46, Thijs Kinkhorst wrote:
The module has been integrated into Moodle proper since version 2.3. I'm
reassigning the bug to moodle-book and will request removal.
Removal will be one thing, but moodle needs to add Breaks
: #714362)
+
+ -- Thijs Kinkhorst th...@debian.org Thu, 25 Jul 2013 14:28:53 +0200
+
php-radius (1.2.5-2.3) unstable; urgency=high
* Non-maintainer upload.
only in patch2:
unchanged:
--- php-radius-1.2.5.orig/radius-1.2.5/radlib.c
+++ php-radius-1.2.5/radius-1.2.5/radlib.c
@@ -898,15 +898,24
On Sun, July 21, 2013 10:46, Norbert Preining wrote:
Package: phpmyadmin
Version: 4:4.0.4.1-1
Severity: critical
Justification: breaks unrelated software
Hi,
recently I realized that apache does not start anymore, doing the
suggested configtest I get:
$ env -i LANG=C
Package: php-radius
Severity: serious
Tags: security patch
Hi,
A new upstream release of php-radius is available which fixes a security
issue. http://pecl.php.net/package-info.php?package=radiusversion=1.2.7
The relevant patch is
severity 712744 normal
tags 712744 -security +moreinfo
thanks
Hi Samuel,
gpg-agent could do prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) to protect user
secrets from appearing in coredumps or being stolen using ptrace(), like
ssh-agent does. Unfortunately it doesn't yet do this.
gpg-agent uses
Op maandag 3 juni 2013 00:53:16 schreef Stephen Kitt:
Rest assured, it still supports KR function definitions. This is a
combination of failures... On Windows, errcode is typedef'ed as int;
mingw-w64 added this recently. This combined with the KR-style
function declaration means gcc can't
severity 713973 important
thanks
On Mon, June 24, 2013 14:45, Dmitriy wrote:
Package: phpmyadmin
Version: 4:4.0.3-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
When trying to submit the log in form using Iceweasel or Chromium I get
fatal
severity 708245 important
tags 708245 moreinfo
thanks
The bug filer hasn't provided the requested info in over two weeks. If
TopDir wasn't defined, how would that happen? Failure to update the config
from an a version created by an even older release? User error? Something
else?
My backuppc
Package: drbd8-utils
Version: 8.3.13-2
Severity: serious
Hi,
drdb has a usage survey in which the software connects to a remote server.
Participation in this survey is controlled via the 'usage-count' option:
# Participate in DRBD's online usage counter at http://usage.drbd.org
# possilbe
Hi,
Please find attached the diff for the NMU to oldstable-proposed-updates.
Cheers,
Thijs
dpkg-ruby_585448.debdiff
Description: Binary data
On Sat, June 1, 2013 18:38, Andrey Rahmatullin wrote:
On Fri, May 31, 2013 at 08:37:24PM +0200, David Suárez wrote:
i686-w64-mingw32-gcc -DHAVE_CONFIG_H -I. -I../../util -I.. -I..
-I../../include -I../../intl-g -Os -fno-omit-frame-pointer -Wall
-Wno-pointer-sign -MT regex.o -MD -MP -MF
Hi Laszlo,
What is the status of the ceph packages and this bug? It seems there are
problems building the release currently in unstable, but do you think that
a new version can be uploaded to address this? Would be great to see ceph
back in jessie.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Hi Ryan,
I think an upload to the next squeeze point update with this patch is in
order to prevent this upgrading problem. Are you willing/have time to
create such an upload?
I can make an NMU if you prefer that.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
On Mon, May 13, 2013 13:01, Ondrej Sury wrote:
OK, it's very much annoying (since the tarball is huge and the updated
module won't hit PHP 5.5), but I will comply.
This seems like a paper exercise which I doubt is worth our efforts.
I seems extremely unlikely that the author of the software
On Mon, May 13, 2013 15:31, Walter Landry wrote:
Thijs Kinkhorst th...@debian.org wrote:
On Mon, May 13, 2013 13:01, Ondrej Sury wrote:
OK, it's very much annoying (since the tarball is huge and the updated
module won't hit PHP 5.5), but I will comply.
This seems like a paper exercise which
Package: nginx
Version: 1.2.1-2.2
Severity: serious
Tags: security patch
Hi,
A buffer overflow in the proxy_pass module has been reported by
Nginx upstream, and a patch made available. Please see:
http://www.openwall.com/lists/oss-security/2013/05/13/3
The issue is already fixed in the version
fwiw, at a five day delay plus two days in unstable, the upload would
theoretically be eligible to migrate the night before the release. The
chances of that upload getting unblocked are practically nil unless the
release is delayed for some reason.
Given that the maintainer is on
retitle 704645 gpg --verify suggests entire file was verified, even if file
contains auxiliary data
thanks
Hi,
After some discussion I've come to the following description of this request
(submitters, please correct or augment where necessary):
gpg --verify filename returns a binary answer:
Hi,
I looked into it and after populating the database by hand and also fixing
manually the initial issue [1]. It doesn't work anyway, the following
errors appear:
[Mon Apr 01 02:15:47 2013] [error] [client x.x.x.x] PHP Warning:
include(bookmarks.tpl.php): failed to open stream: No such
severity 704300 important
thanks
Hi,
Scuttle doesn't work in Wheezy, all you get are some lovely PHP messages:
Strict Standards: Non-static method ServiceFactory::getServiceInstance()
should not be called statically in /usr/share/scuttle/www/index.php on
line 23
On a production system,
tags 704300 patch pending
thanks
On Mon, April 1, 2013 10:12, Ana Guerrero wrote:
On Mon, Apr 01, 2013 at 10:06:48AM +0200, Thijs Kinkhorst wrote:
On Mon, April 1, 2013 09:59, Thijs Kinkhorst wrote:
On Mon, April 1, 2013 09:55, Ana Guerrero wrote:
On Mon, Apr 01, 2013 at 09:41:54AM +0200
On Sat, March 16, 2013 22:35, Mike Hommey wrote:
On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
We can consider to put it into a DSA in which the text details how to
disable
the options if they cause trouble. An alternative is to put it into
spu
instead, where it may be
severity 703128 important
thanks
Op zaterdag 16 maart 2013 00:45:18 schreef Christoph Anton Mitterer:
Marking this as important and security, as such ungracefull errors tend to
be prone to attacks.
Rightly so. These issues indeed should be fixed to prevent any security issues
proactively, and
Op zaterdag 16 maart 2013 09:37:25 schreef Yves-Alexis Perez:
On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
So, here are a few more info:
- 3.13 disabled SSL 2.0 by default
- 3.13 added a defense against the Rizzo and Duong attack, which is
known to break applications. It can
Hi,
| -Change Pre-Depends to Depends (OK now that base-files Pre-Depends: awk)
This is not correct and needs to be reverted, since it means that gawk
might be unpacked before its dependencies during upgrades. If the awk
alternative is set to gawk, other packages which are unpacked in the
@@ -1,3 +1,10 @@
+gawk (1:4.0.1+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Change Depends back to Pre-Depends (closes: #702524).
+
+ -- Thijs Kinkhorst th...@debian.org Sat, 16 Mar 2013 12:31:51 +0100
+
gawk (1:4.0.1+dfsg-2) unstable; urgency=low
* debian/control:
diff
Verified that squeeze is not affected. Although it contains the same
php5-radius code, the version of PHP itself in squeeze does not trigger
the segfault.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
1 - 100 of 727 matches
Mail list logo