Bug#639916: spread: license wackiness
Ken Arromdee arrom...@rahul.net writes: Unlike the original BSD 4 clause license this adds or software that uses this software. If I interpret this broadly (all software that uses this software must display the sentence) it's non-free, since it imposes conditions on non-derived software that happens to use it. Even if I interpret it narrowly (all advertising materials mentioning software that uses this software, must display the sentence) it imposes conditions on advertising for non-derived software. But this does not break unrelated software as the code that uses it has to be inserted deliberately, making it no longer unrelated. In a way, this is a stronger restriction than the usual linking arguments pushed by the FSF, but it's not totally crazy. In some jurisdictions even copying a program into memory by an exec(3) call is an action for which you need the permission by the rights holder. Hendrik -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#423379: OpenSSL license violation
Package: kmymoney2 Version: 0.8.6-1 Severity: serious According to the copyright file kmymoney2 is being distributed under GPLv2. However, it depends on libgwenhywfar, which in turns is linked against OpenSSL. While libgwenhywfar contains an OpenSSL exception, kmymoney2 does not. So, please obtain an OpenSSL exception from upstream, fix bug #340573, or upload a version not linking against libgwenhywfar. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#403034: Deep MIME Nesting Content Filter Bypass
Package: clamav Version: 0.88.7-1 Severity: grave Tags: security While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the update introduces another flaw that lets viruses pass undetected. If a virus is nested deeper than the --max-mail-recursion limit, the file will pass and ClamAV's exit code indicates that the file was scanned properly. Again, details, PoC, and discussion can be found at http://www.quantenblog.net/security/virus-scanner-bypass. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401873: closed by Stephen Gran [EMAIL PROTECTED] (Bug#401873: fixed in clamav 0.90~rc2-1)
The bug is still present in 0.88.7. Files nested deeper than --max-mail-recursion are not scanned and there is no error returned (exit code is 0). When using clamscan I get a warning from libclamav, but the EICAR string still passes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401873: Unusual MIME Encoding Content Filter Bypass
Package: clamav Version: 0.88.6-1 Tags: security Severity: grave As reported in http://www.quantenblog.net/security/virus-scanner-bypass ClamAV passed an EICAR test file if the following conditions are met: 1. the EICAR file is encoded in Base64 including characters not in the standard alphabet (e.g. whitespaces) and 2. the part containing the EICAR file is nested within one or several levels of multipart/mixed content. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#325472: libaqhbci-qt-tools: uninstallable
Package: libaqhbci-qt-tools Severity: grave Justification: renders package unusable The following packages have unmet dependencies: libaqhbci-qt-tools: Depends: libaqbanking0 but it is not installable Depends: libaqhbci2 but it is not going to be installed Depends: libgwenhywfar17 (= 1.11.0) but it is not installable Depends: libktoblzcheck1 but it is not installable Depends: libofx1 but it is not installable Depends: libosp4 (= 1.5.1.0-1) but it is not installable E: Broken packages -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]