a typo as upstream NEWS file indicates: Fixed versions:
4.0.37. Consequently, the above should be "before 4.0.37" and "4.0.37
and earlier" (or "before 4.0.38").
--
Tomas Hoger / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hey!
Fedora / Red Hat amanda packages maintainer pointed out that amfree is
a macro that does:
amfree(ptr) -- if allocated, release space and set ptr to NULL.
http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/trunk/common-src/amanda.h?revision=3457&view=markup#l461
which should make thi
Hi Mike!
What Witold reports is actually post-CVE-2010-3900 behavior. Does any
webkitgtk-based epiphany version offer any more protection than after
connect / fetch warning?
th.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Co
Hi!
Upstream changelog and announcement also mentions message.php:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h
So probably this one too:
http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1
HTH
--
Tomas Hog
ollowing bugs for the patch that is in preparation for Fedora
packages:
https://bugzilla.redhat.com/show_bug.cgi?id=470241
https://bugzilla.redhat.com/show_bug.cgi?id=475478
--
Tomas Hoger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi!
That one is Red Hat-specific, as was publicly stated here:
http://www.openwall.com/lists/oss-security/2008/12/04/2
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi Joop!
You probably wanted to use:
TMPFILE=`mktemp -t`
instead of
TMPFILE = 'mktemp -t'
in your patch for #496383, right?
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
use stdin
I noticed that following patch is used in all Fedora / Red Hat mgetty
packages for quite some time now:
http://cvs.fedoraproject.org/viewvc/rpms/mgetty/devel/mgetty-1.1.30-mktemp.patch?view=markup
(it can possibly benefit from few more Xes in file name template too ;)
HTH
--
Tomas Hoger
Hi Thijs!
Just out of curiosity, why bother with temp file and not use:
eval `ssh-agent -s` > /dev/null
? (I haven't checked the actual script, just the patch, so apologies
if I'm missing some important bits.)
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
w
ython/trunk/Modules/_hashopenssl.c?view=log
(last rev 64048)
http://svn.python.org/view/python/branches/release25-maint/Modules/_hashopenssl.c?view=log
(last rev 51333)
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
use in
Smarty_Compiler.class.php. Is the original report bogus or does HYIP
use some old or customized Smarty version? (Well, I guess you don't
know the real answer to this, just like me ;).
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe
ileges to
already existing tables using this flaw?
Thanks!
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: clamav-daemon
Version: 0.93~dfsg-volatile1
Severity: normal
Tags: patch
After installing clamav-daemon-0.93~dfsg-volatile1 running
/etc/init.d/clamav-daemon start fails to finish as clamd is now started in
the foreground.
Further investigations shows that initscript in 0.93 changed the w
ity checks (and many clients did not do that
properly), so the check was now moved directly to speex library.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi!
This is a duplicate of CVE-2008-1381. See references for CVE-2008-1381
for details.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi!
Upstream patch:
svn diff -r14431:14461
https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c
http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL
Hi!
Should be fixed in 0.8.6f, for patch see:
http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff;h=94baded6eff88e39c98b6e3572826f16f21ceec3
http://bugs.gentoo.org/show_bug.cgi?id=214277#c2
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
mentioned above, can cause regression for some users. Probably
trying to provide match_limit_recursion during pcre_exec call may be a
better start, with some ( ( 'ulimit -s' - stack_used_by_konqueror ) /
500) - some_constant ) guesswork.
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ached is a simple pcre-only reproducer. Should SEGV with arguments
~4100.
Default recursion limit assumed by pcre seems to be set way too high.
Rebuilding pcre with --with-match-limit-recursion set to lower value
avoids SEGVs.
--
Tomas Hoger
deb476419.sh
Description: application/shellscript
/giftopnm.c?revision=1&view=markup#l_1052
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
view=markup
which should address this problem.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tag 456770 + security
thanks
Hi!
New upstream version seems to address one security issue too:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
Hi!
This has been brought to our attention:
http://sourceforge.net/tracker/index.php?func=detail&aid=1849333&group_id=15494&atid=115494
Upstream author is looking into the issue and expects to release update
soon.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTE
does not seem to be run.
buttonpressed.sh in Debian package contains examples, which, when
uncommented by system administrator, can introduce this problem.
HTH
--
Tomas Hoger
in Fedora cpio packages.
Also note that cpio 2.9 seems to assume --absolute-filenames by default.
HTH
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
:
https://bugzilla.redhat.com/show_bug.cgi?id=327781#c5
Note: [EMAIL PROTECTED] was notified on 2007-10-23.
Updated DSA 1388-3 released on 2007-10-29.
--
Tomas Hoger
Red Hat Security Response Team
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
Hi!
CVE name CVE-2007-4558 was rejected on 2007-08-30 as duplicate of
previously assigned name CVE-2007-4134.
Please consider using name CVE-2007-4134 to avoid confusion.
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
merge 386334
thanks
Hi Ana!
On Fri, Jan 12, 2007 at 02:02:30PM +0100, Ana Guerrero wrote:
> You filed the bug
> #206843 "ktalkd does not work correctly when run under user nobody"
> some time ago, you can read the bug report at:
> http://bugs.debian.org/206843
I have not been using ktalkd for
On Tue, May 17, 2005 at 10:30:38PM -0400, Joey Hess wrote:
> Denis Barbier wrote:
> > See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
> > If different character sets are used by the locale categories, the
> > results achieved by an application utilising these categories are
>
Package: qmail-src
Version: 1.03-38
Severity: wishlist
Tags: patch
Hi Jon!
Please consider adding mfcheck (or similar) patch to debian-qmail. It's
short patch, which adds capability to check validity of envelope sender's
domain (DNS lookup). It's behavior is controlled by control file and
envir
Package: qmail
Version: 1.03-38
Severity: minor
Tags: patch
Hi Jon!
Due to incorrect communication of postinst script with debconf, it does not
matter what answer is provided for "qmail/start" debconf question, qmail is
not started anyway.
I attach patch with update of qmail.templates file and p
Package: openoffice.org-debian-files
Version: 1.1.3-8+1
Severity: minor
Hi!
Mailcap file /usr/lib/mime/packages/openoffice.org-debian-files contains
incorrect nametemplates for native (open|star)office file formats.
Templates are %.ext instead of %s.ext. Nametemplates for MS Office and
WordPerfe
tags 253153 patch
thanks
Package: alsaplayer-gtk
Version: 0.99.76-0.3
Severity: wishlist
Tags: patch
Hi!
I wanted to report this bug separatly for alsaplayer-gtk, but than I
noticed same report for alsaplayer-text, so adding more info to this bug
and not creating duplicate...
Request is simple:
Hi Denis!
Thanks for further information!
> See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
> If different character sets are used by the locale categories, the
> results achieved by an application utilising these categories are
> undefined.
Ok, it seems I'm entring "unde
Hi Denis!
Thanks for your reply!
On Sun, May 15, 2005 at 06:42:21PM +0200, Denis Barbier wrote:
[...]
> I cannot reproduce this behavior, I guess that you also set LANGUAGE to
> sk_SK. You can perform similar checks with 'cp --help', and normally
> you should see no differences between debconf
Package: debconf
Version: 1.4.30.13
Severity: minor
Hi!
I have following locale settings on my system:
LANG=sk_SK
LC_CTYPE="sk_SK"
LC_NUMERIC="sk_SK"
LC_TIME=C
LC_COLLATE=C
LC_MONETARY="sk_SK"
LC_MESSAGES=C
LC_PAPER="sk_SK"
LC_NAME="sk_SK"
LC_ADDRESS="sk_SK"
LC_TELEPHONE="sk_SK"
LC_MEASUREMENT="
Hi!
> I think it is an FTBFS bug. The following should generally work:
>
> apt-get source qmail
> cd qmail-*
> dpkg-buildpackage
>
> For qmail, this does not work because of the missing Build-Depends on
> groff-base and because of the missing users/groups.
> Those are needed to create 'qmail-s
Hi Andreas!
I'm not sure if this really is FTBFS bug. There is no official qmail binary
package in Debian, there's only qmail source package, from which qmail-src
package is built. build-qmail script from qmail-src package should be used
to build qmail binary package. Also note, that qmail-src
Hi Juergen!
Can you please take another look at this bug report once again? Your last
posting is nearly 10 months old and it states new version is ready, there's
only problem with PGP keys. Can you try to upload new version now, so
it'll have chance to get into Sarge?
If it helps, I can send yo
Package: bash3
Version: 3.0-12
Severity: minor
Hi!
I noticed following minor issue with bash3 run in vi-mode with colored PS1
prompt. When I type -/ (for search in history), cursor jumps few
characters back and starts to overwrite prompt. Sometimes also part of
previous command is printed.
Exa
reopen 289006 !
thanks
Hi Java-Package maintainers!
Bug #289006 is not resolved in 0.19 version. I've tested on system with
devfs and I got following error:
Checking free diskspace:/usr/bin/make-jpkg: line 34: [: 56%: integer
expression expected
/usr/bin/make-jpkg: line 37: [: 56%: integer exp
41 matches
Mail list logo