Your message dated Fri, 10 Aug 2012 06:03:21 +
with message-id e1szijd-00060h...@franck.debian.org
and subject line Bug#684426: fixed in owncloud 4.0.5debian2-2
has caused the Debian Bug report #684426,
regarding [owncloud] Users can overwrite read-only shared files owned by other
users via
Package: ruby-actionpack-3.2
Severity: grave
Tags: security
Justification: user security hole
Please see
CVE-2012-3465
http://www.openwall.com/lists/oss-security/2012/08/09/9
CVE-2012-3464
http://www.openwall.com/lists/oss-security/2012/08/09/10
CVE-2012-3463
Package: qpid-cpp
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.openwall.com/lists/oss-security/2012/08/09/6
Since we're in freeze, please fix this with an isolated patch.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Hi,
On 09/08/12 18:09, Hilmar Preusse wrote:
Benjamin Mako Hill provided a patch, which probably solves the
problem. I've uploaded new packages here, do you have a chance to
test if they do?
http://wagner.debian.org/~hilmar-guest/rubber/
derivations built for me with the patched package.
Package: condor
Version: 7.8.1~dfsg.1-1~nd12.04+1
Severity: grave
Justification: renders package unusable
Hi!
when I try to install condor on a machine where the condor user already exists
(either
because the machine uses LDAP authentication and condor user is in
LDAP or because I am just
Hi Joey,
lacking any answer from you I NMUed to DELAYED/10.
Hope you like this
Andreas.
On Mon, Aug 06, 2012 at 12:08:34PM +0200, Andreas Tille wrote:
Hi Joey,
following the advise to look into RC bugs before reading Bits from DPL
I stumbled over this one. Could you give any reason
Processing commands for cont...@bugs.debian.org:
#
# bts-link upstream status pull for source package gnome-keyring
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#
user bts-link-upstr...@lists.alioth.debian.org
Setting user to
Package: wheezy
Version: Wheezy
Severity: serious
Justification: required
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
Network File services hung up the fresh Wheezy startup.
* What exactly did you do (or not do)
Package: libjs-wax
Version: 5.0.1+ds1-1
Justification: renders package unusable
Severity: grave
Dear Maintainer,
Upon trying to use wax.leaf.js the browser reports html4 is not
defined from wax.leaf.js:842.
The html4 object which it mentions is provided by the html4 package
within google-caja.
Package: libggi
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) -
Processing commands for cont...@bugs.debian.org:
severity 684423 grave
Bug #684423 [live-tools] live-tools: Broken link ( /usr/sbin/update-initramfs
- ../bin/live-update-initramfs )
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need
The following hook can be used to work around this bug.
$ cat config/hooks/fix-update-initramfs.chroot
#!/bin/sh
set -eu
ln
-sf ../../bin/live-update-initramfs /usr/sbin/update-initramfs
--
Sam Morris s...@robots.org.uk
--
To UNSUBSCRIBE,
You could also try with another local user account on that machine, to
rule out that it is due to specific settings in your home directory.
I created a new UNIX user, new email address and new PGP key
... snip ...
Therefore, it appears to be good for a completely clean user account
That's
Package: puppet-lint
Version: 0.1.13-1
Severity: serious
Tags: sid wheezy
Hi,
it seems that puppet-lint is not working with ruby1.9.1 which is the
default version in wheezy.
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be
deprecated in the future, use
Package: gksu-polkit
Severity: grave
Tags: security
Justification: user security hole
I just noticed that this never made it to the BTS:
http://www.openwall.com/lists/oss-security/2011/03/15/8
It was assiged CVE-2011-0703
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Mon, Jul 23, 2012 at 10:45:30PM +0200, Andreas Beckmann wrote:
found 682574 live-utils/3.0.3-1
You surely meant live-tools/3.0.3-1 here, right?
Which makes live-tools/3.0.3-1 in Wheezy RC-buggy?
--
Bruce Schneier can read and understand Perl programs.
--
To UNSUBSCRIBE, email to
On 08/10/2012 01:58 PM, Evgeni Golov wrote:
Thank you *so* much for breaking stuff, again.
you should work on your attitude. of course i don't break things on
purpose. besides, it's sid. you should know that.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
Processing commands for cont...@bugs.debian.org:
affects 681960 - wheezy unstable
Bug #681960 {Done: Scott Kitterman sc...@kitterman.com} [clamav-freshclam]
clamav-freshclam: removes directories that were installed by another package:
/var/{lib, log}/clamav/
Removed indication that 681960
On Thu, 09 Aug 2012 17:37:01 +0200, gregor herrmann wrote:
I'm no python expert and only did the NMU upload for
nautilus-image-manipulator recently, but I have found that e.g.
google-apps-manager does [1,2] for python2.6 'compatibility':
[1]:
Hi,
On 10.08.2012 02:04, Gunnar Wolf wrote:
Hi Felix,
Thanks for the report - I also am not sure of the action to take, so I'm
asking the rest of
the team for input here. Looking at the source, I see quite often the mention
of:
c = @http.connection_for @uri
where @uri is often
On Mon, 30 Jul 2012 09:24:39 -0300, gustavo panizzo gfa wrote:
i cannot reproduce this bug using piuparts
Me neither, with piuparts 0.45.
Log attached, the piuparts call should be sufficiently similar to
what Andreas used.
Cheers,
gregor
--
.''`. Homepage: http://info.comodo.priv.at/ -
Hi Gregor
(Adding python-distutils-ex...@packages.debian.org to recipients)
On Fri, Aug 10, 2012 at 03:35:31PM +0200, gregor herrmann wrote:
But:
The error
| WARNING: the following files are not recognized by DistUtilsExtra.auto:
| Traceback (most recent call last):
| File setup.py,
Processing commands for cont...@bugs.debian.org:
close 683151
Bug #683151 [telepathy-mission-control-5] telepathy-mission-control-5: Random
crashes due to access to freed memory
Marked Bug as done
thanks
Stopping processing here.
Please contact me if you need assistance.
--
683151:
On Fri, 10 Aug 2012 15:52:43 +0200, Salvatore Bonaccorso wrote:
What I do not yet understand, is why it still uses python2.6 for both
packages: at least nautilus-image-manipulator depends on python, which
now defaults to 2.7, so some other dependencies brings in python2.6?
In the chroot when
Package: accountsservice
Version: 0.6.21-6
Severity: serious
In an attempt to rebuild your package, a simple dget -x fails:
dget -qx
http://cdn.debian.net/debian/pool/main/a/accountsservice/accountsservice_0.6.21-6.dsc
2012-08-10 16:18:07
Processing commands for cont...@bugs.debian.org:
forwarded 680806 http://rt.cpan.org/Public/Bug/Display.html?id=78891
Bug #680806 [src:libio-async-loop-glib-perl] libio-async-loop-glib-perl: FTBFS:
tests failed
Set Bug forwarded-to-address to
Hi,
On Fri, Aug 10, 2012 at 10:30:36AM +0200, Tiziano Zito wrote:
Package: condor
Version: 7.8.1~dfsg.1-1~nd12.04+1
Where does this version come from?
Debian has 7.8.1~dfsg.1-2 in Wheezy and Sid.
when I try to install condor on a machine where the condor user already
exists (either
Processing commands for cont...@bugs.debian.org:
forwarded 680790 http://rt.cpan.org/Public/Bug/Display.html?id=78892
Bug #680790 [src:libio-async-loop-epoll-perl] libio-async-loop-epoll-perl:
FTBFS: tests failed
Set Bug forwarded-to-address to
1) I've forwarded both bug reports upstream now.
2) Both packages have no reverse (build) dependencies and a low
popcon, so removing them from wheezy would be no desaster.
Cheers,
gregor
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian
On Fri, Aug 10, 2012 at 05:41:21PM +0200, Evgeni Golov wrote:
Hi,
On Fri, Aug 10, 2012 at 10:30:36AM +0200, Tiziano Zito wrote:
Package: condor
Version: 7.8.1~dfsg.1-1~nd12.04+1
Where does this version come from?
Debian has 7.8.1~dfsg.1-2 in Wheezy and Sid.
It seems to come from
clone 684454 -1
reassign -1 ruby-activesupport-3.2
retitle -1 ruby-activesupport-3.2: CVE-2012-3464
thanks
Moritz Muehlenhoff escreveu isso aí:
Package: ruby-actionpack-3.2
Severity: grave
Tags: security
Justification: user security hole
Please see
CVE-2012-3465
Processing commands for cont...@bugs.debian.org:
clone 684454 -1
Bug #684454 [ruby-actionpack-3.2] ruby-actionpack-3.2: CVE-2012-3463 /
CVE-2012-3464 / CVE-2012-3465
Bug 684454 cloned as bug 684517
reassign -1 ruby-activesupport-3.2
Bug #684517 [ruby-actionpack-3.2] ruby-actionpack-3.2:
Processing commands for cont...@bugs.debian.org:
severity 682034 grave
Bug #682034 [src:python2.7] Add Breaks 2:7.3.547-4 for
vim-{nox,gtk,gnome,athena}
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
682034:
On Tuesday, July 24, 2012 06:52:13 AM James McCoy wrote:
On Wed, Jul 18, 2012 at 09:35:28AM +0200, Jakub Wilk wrote:
Plan B
==
In any order:
- Fix vim build not to link config.c into the binary. (I attached a
proposed patch.)
I've uploaded Vim 2:7.3.547-4.
- Fix python2.7
Your message dated Fri, 10 Aug 2012 17:32:14 +
with message-id e1szt4i-0003je...@franck.debian.org
and subject line Bug#684454: fixed in ruby-actionpack-3.2 3.2.6-4
has caused the Debian Bug report #684454,
regarding ruby-actionpack-3.2: CVE-2012-3463 / CVE-2012-3464 / CVE-2012-3465
to be
Your message dated Fri, 10 Aug 2012 17:47:10 +
with message-id e1sztik-0004kk...@franck.debian.org
and subject line Bug#684517: fixed in ruby-activesupport-3.2 3.2.6-4
has caused the Debian Bug report #684517,
regarding ruby-activesupport-3.2: CVE-2012-3464
to be marked as done.
This means
Package: condor
Version: 7.8.1~dfsg.1-1~nd12.04+1
Where does this version come from?
Debian has 7.8.1~dfsg.1-2 in Wheezy and Sid.
It seems to come from http://neuro.debian.net and to be a backport of
7.8.1~dfsg.1-1.
Sorry for not mentioning it, I quickly checked on two different
Here is a short summary what has happened so far.
- I built mediathekview-3.0.0 successfully on Sid
- Now i am trying to improve the package and i am doing some
tests
- I am in contact with the upstream developer of mediathekview
who is responsive and helpful.
-
Hi,
On Fri, Aug 10, 2012 at 08:07:28PM +0200, Tiziano Zito wrote:
Package: condor
Version: 7.8.1~dfsg.1-1~nd12.04+1
Where does this version come from?
Debian has 7.8.1~dfsg.1-2 in Wheezy and Sid.
It seems to come from http://neuro.debian.net and to be a backport of
Hi,
I'm tempted to close that bug as WONTFIX.
The original issue is IMHO that the post-install script is modifying
nut.conf in the version present in squeeze (see #684392).
I see no easy way (not involving a dirty hack[0]) to fix this.
Moreover it's very unlikely that the user has NOT modified
Package: openssl
Version: 0.9.8o-4squeeze13
Severity: grave
Tags: security
Justification: user security hole
openssl in squeeze (at least up to 0.9.8o-4squeeze13) is vulnerable to
CVE-2011-5095 [1]. For reference you might have a look at [2] - the problem
seems to be that fips/dh/fips_dh_key.c
Your message dated Fri, 10 Aug 2012 19:32:09 +
with message-id e1szuwl-0008eh...@franck.debian.org
and subject line Bug#680814: fixed in conduit 0.3.17-1.1
has caused the Debian Bug report #680814,
regarding conduit: FTBFS: unable to parse es/conduit.xml
to be marked as done.
This means that
Package: elfutils
Version: 0.153-1
Severity: serious
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
Due to a slight thinko (I assume), your build-arch/build-indep split
leads elfutils to FTBFS with the new dpkg-buildpackage, which calls
build-arch
Processing commands for cont...@bugs.debian.org:
# breaks upgrades from squeeze
severity 658702 serious
Bug #658702 [libxml-sax-perl] libxml-sax-perl: update-perl-sax-parsers
sometimes fails when called from old-prerm during squeeze-wheezy update
Severity set to 'serious' from 'normal'
thanks
Processing commands for cont...@bugs.debian.org:
# no, ignore me, the new prerm script does not have this problem
severity 658702 normal
Bug #658702 [libxml-sax-perl] libxml-sax-perl: update-perl-sax-parsers
sometimes fails when called from old-prerm during squeeze-wheezy update
Severity set
On Fri, Aug 10, 2012 at 01:34:39PM -0600, Adam Conrad wrote:
Package: elfutils
Version: 0.153-1
Severity: serious
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
Due to a slight thinko (I assume), your build-arch/build-indep split
leads
On Fri, Aug 10, 2012 at 09:12:14PM +0200, Arne Wichmann wrote:
Package: openssl
Version: 0.9.8o-4squeeze13
Severity: grave
Tags: security
Justification: user security hole
openssl in squeeze (at least up to 0.9.8o-4squeeze13) is vulnerable to
CVE-2011-5095 [1]. For reference you might
tag 683288 pending
thanks
On 30.07.2012 16:55, Yves-Alexis Perez wrote:
For Wheezy, please fix this with an isolated fix instead of updating to a
new upstream release (since the freeze is in effect)
Fixed in git.
Tom
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with
Package: cde
Version: 0.1-1
Severity: serious
In a recent local rebuild, your package failed to build in a wheezy build
environment:
Making all in tests
make[4]: Entering directory `/root/build/cde/cde-0.1/strace-4.6/tests'
make[4]: Nothing to be done for `all'.
make[4]: Leaving directory
Your message dated Fri, 10 Aug 2012 21:02:46 +
with message-id e1szwm2-0008tf...@franck.debian.org
and subject line Bug#684423: fixed in live-tools 3.0.8-1
has caused the Debian Bug report #684423,
regarding live-tools: Broken link ( /usr/sbin/update-initramfs -
../bin/live-update-initramfs )
Your message dated Fri, 10 Aug 2012 21:03:03 +
with message-id e1szwmj-6q...@franck.debian.org
and subject line Bug#684456: fixed in qpid-cpp 0.16-7
has caused the Debian Bug report #684456,
regarding qpid-cpp: CVE-2012-3467
to be marked as done.
This means that you claim that the problem
Package: librdf-trineshortcuts-perl
Version: 0.104-1
Severity: serious
Please see the below email from the upstream developer. Given this, I
suppose this package shouldn't make it to Wheezy when it is stable. If I'm
wrong, please feel free to close.
Cheers,
Kjetil
-- Forwarded
Source: hyperestraier
Version: 1.4.13-7
Severity: serious
Justification: fails to build from source
Hi,
hyperestraier FTBFS on s390.
https://buildd.debian.org/status/fetch.php?pkg=hyperestraierarch=s390xver=1.4.13-7stamp=1343612759
-
./estcmd: INFO: [325:220]: search: 0 hits
./estcmd:
OK, I recently received a sysfs-fix.diff, which looks correct to me.
I've fixed the problem in a different way though, on git.sf.net. My
patches are larger, but they should waste less CPU time. The second one
fixes a potential bug in the parser. I'll also make this the 0.8.1
release. Hope that
Processing commands for cont...@bugs.debian.org:
#
# bts-link upstream status pull for source package gnome-keyring
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#
user bts-link-upstr...@lists.alioth.debian.org
Setting user to
severity 684531 important
tags 684531 +more-info
thanks
I just built it fine using cowbuilder in up-to-date amd64 wheezy and sid
environments... so I guess this failure is somehow specific to your
setup... full build log and build-depends versioning information would
be of help. meanwhile, since
Processing commands for cont...@bugs.debian.org:
severity 684531 important
Bug #684531 [cde] FTBFS: unknown type name bool
Severity set to 'important' from 'serious'
tags 684531 +more-info
Unknown tag/s: more-info.
Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid
Ian Jackson ijack...@chiark.greenend.org.uk writes:
I'm calling for votes on the following proposal. There are
three options - two positive versions, and FD. In summary
A. Do not overrule release team. It is too late for automation.
B. Do not overrule release team. Defer to them on
Package: clementine
Version: 1.0.1+dfsg-2+b1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
Clementine is no longer starting.
running clementine at the command line returns the following error
clementine: error while loading shared libraries: libGLEW.so.1.5: cannot
On Tue, Aug 07, 2012 at 06:03:17PM +0100, Ian Jackson wrote:
I'm calling for votes on the following proposal. There are
three options - two positive versions, and FD. In summary
A. Do not overrule release team. It is too late for automation.
B. Do not overrule release team. Defer to
60 matches
Mail list logo