Bug#382789: Better documentation for the Dublin Core

Package: libxml-rss-perl Version: 1.05-1 It would be nice if the 'date' element of the dc element for the item of an RSS 1.0 feed could be added to the documentation of $rss->add_item() $rss->add_item (title=>$title, link=>$link, dc=>{ subject=>$subject, creator=>$creator, date=>$date }

Bug#383362: New libc breaks GnuPG

Package: libc6 Version: 2.3.6-16 (and newer) When I install a libc6 that is compiled with GCC 4.1 instead of 4.0 gnupg (1.4.5-1) doesn't want to work anymore. 'gnupg --clearsign < file' gets a segmentation fault. Compiling 2.3.6-16 with GCC 4.0 again makes the problem go away. 2.3.6-19 still cau

Bug#392002: gui-apt-key: [INTL:ru] Russian program translation

tags 392002 pending tags 392002 upstream thanks Yuri Kozlov wrote: > A file with russian program translation is attached. Thanks, it'll be released together with 0.2. Regards, Joey -- All language designers are arrogant. Goes with the territory... -- Larry Wall Please always

Bug#394229: gui-apt-key: Please inform the user about the name of the binary

Alexander Schmehl wrote: > Package: gui-apt-key > Version: 0.1-3 > Severity: wishlist > > Hi! > > Thanks for writing and packaging gui-apt-key; that's really a usefull > tool. However may I suggest, to tell the user how the binary is called? > > I needed a couple of seconds (and an "dpkg -L gui

Bug#394232: gui-apt-key: Please let the user verify the fingerprint before adding the key

Alexander Schmehl wrote: > Package: gui-apt-key > Version: 0.1-3 > Severity: wishlist > > Hi! > > Wouldn't it be a good feature when adding a new key to show the user the > fingerprint of the key to be added and asking him to verify it before > really adding the key? Is the fingerprint provided

Bug#394251: gui-apt-key: Please add a desktop file

Alexander Schmehl wrote: > PS: Forgot a small "nice to have" in the > gui-apt-key-desktop-icon.patch: If you like the icon, you should add an > 32 bit xpm version of it too, and add it to the menu file. Sorry, I can > create a new patch if you like the icon. Please provide the icon to include.

Bug#387089: Confirmation

severity 387089 serious thanks Raising the severity since I've been beaten by this a second time when this mail goes through (on a second host, though) and because it'll hit all other admins who have installed custom certificates that don't come from the ca-certificates package (e.g. the debconf c

Bug#394763: [INTL:pt] Portuguese translation for gui-apt-key package

tags 394763 pending thanks Rui Branco wrote: > Package: gui-apt-key > Version: > Tags: l10n, patch > Severity: wishlist > > Portuguese (pt) translation for gui-apt-key's debconf messages > by Miguel Figueiredo . > Feel free to use it. Cool. Added. will be part of 0.2. Regards, Joey

Bug#633038: sysklogd: /run transition: Please switch to /run/sendsigs.omit.d

Roger Leigh wrote: > On Thu, Jul 07, 2011 at 11:36:57PM +0100, Roger Leigh wrote: > > Source: sysklogd > > Version: 1.5-6.1 > > Severity: important > > > > Your package is currently using/lib/init/rw/sendsigs.omit.d > > which is now deprecated and pending removal. Please update your > > package t

Bug#284752: Seems fixed

Seems to be fixed in 1.13.5-1 and before. Regards Joey -- In the beginning was the word, and the word was content-type: text/plain Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubs

Bug#283839: Seems fixed

This problem seems to be fixed in 1.13.5-1 and the version before as well. Regards Joey -- In the beginning was the word, and the word was content-type: text/plain Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.deb

Bug#773585: php-elisp: Wrong indention of function arguments in subsequent lines

Hi Ola! Ola Lundqvist wrote: > Hi > > Please try drupal mode or any other of the variants. How? > I think the command is enable-(mode name) In interactive mode M-x shows: Possible completions are: enable-command enable-flow-control enable-theme Regards Joey -- In the beginning was

Bug#437213: klogd hangs when run inside vservers

Matthew Darwin wrote: > Package: klogd > Version: 1.5-1 > Severity: normal > > > When upgrading from 1.4.1-20 to 1.5-1 inside a vserver, klogd fails to > start it just hangs. Could you run strace on it, and/or provide me proper (i.e.root) access to such a vserver? Regards, Joey -

Bug#438494: Security bug in gforge-plugin-scmcvs

Moritz Muehlenhoff wrote: > Roland Mas wrote: > > [Cc:ing bug discoverer and Alioth admins] > > > > Bernhard R. Link <[EMAIL PROTECTED]> found a remote shell code > > injection vulnerability bug in the CVS browsing interface of Gforge, > > as used on Alioth and packaged in gforge-plugin-scmcvs. A

Bug#435521: closed by Mark Purcell <[EMAIL PROTECTED]> (Re: Asterisk SIP DOS Vulnerability)

Faidon Liambotis wrote: > Granted, we have a very very bad record as maintainers of supporting > this security-wise but I think we can try to change that. I certainly > will try my best to provide you with patched versions to upload. > I haven't discuss this with the rest of the team yet but I thin

Bug#279120: sysklogd: syslogd not responding to SIGHUP (possibly during heavy system load)

Guyang Mao wrote: > Package: sysklogd > Version: 1.4.1-15 > Severity: important > > It appears that while the init script for sysklogd is correct in sending > signal 1 > (SIGHUP) to the syslogd daemon, syslogd can reach a state while the logs are > being > rotated (with massive CPU and disk usag

Bug#63392: sysklogd: Syslogd "-- MARK --" messages do not respond to time zone changes

reassign 63392 libc6 retitle 63392 ctime() doesn't respond to time zone changes in running program thanks Benjamin Tyger Sunshine-Hill wrote: > I noticed that, after a time zone change (using tzconfig), mark messages > (but not any other messages) are printed ith the previous time zone, up > until

Bug#149659: results from running gdb

Hi Christoph, Christoph Heine wrote: > Tried a selfbuild syslogd with debugging symbols and ran gdb on it, Thanks a lot. > -- snip -- > > Successful select, descriptor count = 1, Activity on: 7 > Message from UNIX socket: #7 > > Program received signal SIGSEGV, Segmentation fault. > main (argc

Bug#178000: When syslog-ng is restarted, some daemons stop logging

Martin Schulze wrote: > DEFFONTAINES Vincent wrote: > > After syslog-ng restart, the following daemons stop logging : > > - klogd (this bug was already reported in bug #129819) > > - spamd (part of spamassassin) I am using version 2.43, which is not > > included in

Bug#308580: (no subject)

Ari Pollak wrote: > ok, so I figured out that this only happens when printk is disabled in > the kernel. Still, klogd shouldn't hog the CPU when that happens. You can disable printk() in the kernel? WTF? What's the log message when klogd is starting? Does /proc/kmsg exist? Regards, Jo

Bug#308580: (no subject)

Ari Pollak wrote: > Martin Schulze wrote: > > You can disable printk() in the kernel? WTF? > > > > What's the log message when klogd is starting? > > > > Does /proc/kmsg exist? > > CONFIG_PRINTK=y Uff! > Yes, you can disable printk, and that ha

Bug#419337: Manpage update for Etch ?

Charles Plessy wrote: > Dear Joey, > > A friend of mine just ran in the problem of understanding why /etc/motd > was overwritten on a fresh Etch system. Do you think that it would be > suitable to include the manpage in a point release ? No. However, I'm not the stable release manager anymore an

Bug#2883: syslogd mysteriously stops logging to tty8

Martin Schulze wrote: > > My syslog.conf contains: > > > > # I like to have messages displayed on the console, but only on a virtual > > # console I usually leave idle. > > kern.*;user.*;local2.*;auth.*;daemon.*;mail.*;news.crit; > > news.err;news.notic

Bug#427367: vlc should support spaces in filenames

Package: vlc Version: 0.8.6.a.debian-6 vlc seems to be unable to play a video file (Xvid codec) when the filename contains spaces. (wtf? btw.) Example: http://www.meebey.net/temp/Tech%20Talk:%20Linus%20Torvalds%20on%20git.avi vlc will say "nothing to play" Renaming this file into git.avi helps

Bug#427367: vlc should support spaces in filenames

retitle 427367 vlc should support colons in filenames thanks Martin Schulze wrote: > Package: vlc > Version: 0.8.6.a.debian-6 > > vlc seems to be unable to play a video file (Xvid codec) when > the filename contains spaces. (wtf? btw.) > > Example: > > http://www.

Bug#422587: Broken English in /etc/init.d/glibc.sh

Package: libc6 Version: 2.5-5 Severity: minor # This script is existed for detecting depreciated kernel version to # check glibc incompatibility. This should read "This script exists for..." or "This script does exist for..." or if you need the past tense "This script existed for..." (however, th

Bug#423368: iSCSI cannot be installed

Package: open-iscsi Version: 2.0.730-1 Severity: serious The installation of open-iscsi leads to: honey:~# date Fri May 11 11:58:48 CEST 2007 honey:~# apt-get update Get:1 http://ftp.de.debian.org etch Release.gpg [378B] Hit http://ftp.de.debian.org etch Release

Bug#462969: manpages: proc(5) incorrectly states /proc/meminfo values are in bytes

tags upstream tags pending tags patch thanks Michael Schurter wrote: > >>From proc(5) /proc/meminfo section: > It is in the same format as free(1), except in bytes rather than > KB. > > >>From cat /proc/meminfo: > MemTotal: 1027480 kB > > I propose simply removing the clause ',

Bug#462636: fix

tags 462636 patch tags 462636 pending tags 462636 upstream thanks Michael, I've applied the attached patch. I'd be glad if you would accept it for the next release as well. Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee Please always Cc to me when r

Bug#348072: qsort/bsearch should use more robust example code

Falk Hueffner wrote: > Here's a patch for the remaining issue. > > diff -Nurp manpages-2.39/man3/bsearch.3 manpages-2.39.hacked/man3/bsearch.3 > --- manpages-2.39/man3/bsearch.3 2006-08-03 15:57:30.0 +0200 > +++ manpages-2.39.hacked/man3/bsearch.3 2006-10-01 13:54:59.0

Bug#348072: qsort: wrong claim about strcmp being suitable as "compar" argument

Falk Hueffner wrote: > "Michael Kerrisk" <[EMAIL PROTECTED]> writes: > > > I have fixed this in the upstream 2.21 release by including a small > > example that demonstrates how strcmp() should be used (like in the > > page you refer to). > > Thanks for your quick reply. Just another minor suggest

Bug#348072: qsort/bsearch should use more robust example code

Oh, btw. thanks anyway! Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#348072: qsort: wrong claim about strcmp being suitable as "compar" argument

Falk Hueffner wrote: > Martin Schulze <[EMAIL PROTECTED]> writes: > > > Falk Hueffner wrote: > >> Just another minor suggestion, the example code uses: > >> > >> qsort(months, nr_of_months, sizeof(struct mi), compmi); > >>

Bug#333871: improved(?) description of nsswitch.conf semantics

Vincent McIntyre wrote: > *** Please type your report below this line *** > Hi > > The nsswitch.conf(5) manpage does not explain how to override some fields in > /etc/passwd, with the "compat" option. In fact I could not easily find any > reference to the "full +/- semantics" mentioned in the page.

Bug#149554: manpages: resolv.conf manpage is misleading

Andrew Ferrier wrote: > Package: manpages > Version: 1.39-1.1 > Severity: minor > > The manpage for resolv.conf contains the following phrase: > > On a normally configured system this file should not be > necessary. The only name server to be queried will be on the > local machine. > > Surely th

Bug#236671: manpages: missing ioctl values in ioctl_list(2)

Francesco Potorti` wrote: > A note at the beginning of ioctl_list(2) says to write to > [EMAIL PROTECTED] to signal missing values, but I got this from my > mailer: > > [EMAIL PROTECTED] > Connection refused: > retry timeout exceeded Hmm, hasn't changed in the meantime, will apply the

Bug#405694: inet6 option in /etc/resolv.conf causes problems for a lot of programs

Aurelien Jarno wrote: > > Adding 'options inet6' in /etc/resolv.conf will cause many programs to > > crash or misbehave. The documentation currently contains (reformated): > > > > inet6 sets RES_USE_INET6 in _res.options. This has the effect > > of trying a query before an A query

Bug#435018: manpages-dev: typos in chdir(2) and vfork(2)

Julien Cristau wrote: > Package: manpages-dev > Version: 2.61-1 > Severity: minor > > Hi, there is a typo in the chdir description: > .BR chdir () > changes the current working directory pf the calling process to the > directory specified in > .IR path . > > "pf" should be "of". Seems to be fixe

Bug#405694: inet6 option in /etc/resolv.conf causes problems for a lot of programs

Justin Pryzby wrote: > On Wed, Jan 30, 2008 at 07:27:17PM +0100, Martin Schulze wrote: > > > --- man5/resolv.conf.5 30 Jan 2008 17:44:56 - 1.22 > > +++ man5/resolv.conf.5 30 Jan 2008 18:25:32 - > > @@ -189,6 +189,8 @@ This has the effect of tr

Bug#463824: Overzealous change

Package: procps Version: 3.2.7-6 Severity: minor Tags: patch The most recently uploaded version contains the following change to the conffile /etc/sysctl.conf: -# Uncomment the next line to enable TCP/IP SYN cookies +# Uncomment the next line to enable TCP.IP SYN cookies

Bug#464141: Write hfaxd's pid

Package: hylafax-server Version: 4.3.1-7 Severity: wishlist It would be nice if hylafax would store its process id (in /var/run preferably) so that one can monitor this service with arbitrary monitor software. At the moment no hylafax server stores its process id somewhere. With current start-st

Bug#438179: Processed: destruction of round-robin functionality is fucking up our mirrors and making Debian suck for many people, hence fixing this is a release-critical "wish"

Josip Rodin wrote: > > (Please Cc: any responses.) > > On Mon, Dec 17, 2007 at 03:10:24PM +1000, Anthony Towns wrote: > > Interesting that it got somewhat more balanced. > > It looks like an effect of the weekend ending - more machines in the > respective netblocks waking up? I checked again a f

Bug#438179: Processed: destruction of round-robin functionality is fucking up our mirrors and making Debian suck for many people, hence fixing this is a release-critical "wish"

Josip Rodin wrote: > On Mon, Dec 17, 2007 at 01:15:10PM -0500, Noah Meyerhans wrote: > > > > If it were possible, (temporarily) adding a securty.d.o mirror in the > > > > 0.0.0.0 - 127.255.255.255 range would be helpful [...] > > > > Obviously finding a host that can deal with 13.53 MB/s of sustain

Bug#438179: Processed: destruction of round-robin functionality is fucking up our mirrors and making Debian suck for many people, hence fixing this is a release-critical "wish"

Josip Rodin wrote: > On Tue, Dec 18, 2007 at 03:31:13PM +0100, Martin Schulze wrote: > > > > > > If it were possible, (temporarily) adding a securty.d.o mirror in > > > > > > the > > > > > > 0.0.0.0 - 127.255.255.255 range would be helpful

Bug#506515: Please stop distributing pthread_* manpages

Package: glibc-doc Version: 2.7-16 Please remove the following manpages from the glibc-doc distribution: . pthread_attr_destroy(3) . pthread_attr_getdetachstate(3) . pthread_attr_getscope(3) . pthread_attr_init(3) . pthread_attr_setdetachstate(3) . pthread_attr_setschedpol

Bug#506515: Please stop distributing pthread_* manpages

Martin Schulze wrote: > Package: glibc-doc > Version: 2.7-16 > > Please remove the following manpages from the glibc-doc distribution: Here are some more that cause conflicts: . pthread_attr_getschedpolicy(3) . pthread_attr_getschedparam(3) . pthread_attr_sets

Bug#506479: manpages-dev: tries to overwrite /usr/share/man/man3/pthread_attr_setschedpolicy.3.gz from glibc-doc

Michael Kerrisk wrote: > Just for debian's info: you definitely want the man-pages page. The > pthreads pages that I have been recently adding to man-pages are far > better than the ancient glibc pages. Ack. I've opened Bug#506515 requesting this. Regards, Joey -- No question is too

Bug#506515: Please stop distributing pthread_* manpages

Martin Schulze wrote: > Martin Schulze wrote: > > Package: glibc-doc > > Version: 2.7-16 > > > > Please remove the following manpages from the glibc-doc distribution: > > Here are some more that cause conflicts: > > . pthread_attr_getschedpolicy(

Bug#511617: Domain grabbed...

Package: kdetv Version: 0.8.9-1 The description says: Homepage http://www.kdetv.org However, this address points to a domain reseller. Please remove the reference from the package. Regards, Joey -- No question is too silly to ask, but, of course, some are too silly to answer. --

Bug#368060: packaging for etch ok -

Here are packages that I would upload if you don't object. http://people.debian.org/~joey/NMU/thuban/ Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Con

Bug#374577: mimms: patch to fix many buffer overflows vulnerability

Anon Sricharoenchai wrote: > Package: mimms > Version: 0.0.9-1 > Severity: grave > Justification: user security hole > Tags: security patch > > According to the patch attached in this report, it has many possible buffer > overflows. > For example, > - memcpy(buf, data, length) without bounding the

Bug#324466: Please differentiate

severity 324466 normal tags 324466 +help +moreinfo quit Please find out why some files require different behaviour and others do not. It does not make sense to switch the code forward and backward every time the other type of dbf files appear. Regards, Joey -- Testing? What's that? If

Bug#351834: nl_langinfo(3) lacks precondition

Michael Kerrisk wrote: > > In order to have nl_langinfo(3) return the proper information > > it is required to call setlocale (TYPE, "") first, which isn't > > mentioned in the manpage of nl_langinfo(3). Please add. > > Joey, > > is nl_langinfo(3) somehow different here from a host of > other fu

Bug#364977: manpages-dev: clone.2 needs updating

Michael Kerrisk wrote: > Hi Justin, > > > > > > Yes. I mean, if you open a report and immedaitely tag it > > > > "upstream" means that the bug is not in the Debian .diff.gz, and the > > > > version indicates what version the bug was found in. > > > > > > Oh -- thanks for the education. I had

Bug#365357: In etch the manpage of umount in spanish is different that the same manpage in english

reassign 365357 manpages-es thanks David M wrote: > Package: manpages-es > Version: 1.55-4 > Package: manpages > Version: 2.22-1 > > The options explained in Spanish : > umount -a [-nrv] [-t tipofsv] > umount [-nrv] dispositivo | dir [...] > The options explained in English: > umount -a [-dflnrv]

Bug#351996: manpages-dev: toupper & such should reference towupper & such

Michael Kerrisk wrote: > > Michael Kerrisk, le Wed 05 Apr 2006 23:13:29 +0200, a écrit : > > > From an upstream point of view, I don't want to make these > > > changes at this time. The reason is that the w* pages in > > > question do not yet exist. I have added text to the > > > HOWTOHELP docume

Bug#366004: bash completion for cdcd

Package: cdcd Severity: wishlist Hi, attached please find a simple function for bash completion for the cdcd command. I'd be glad if it would be added to future versions. License is GPLv2 or higher, same as for cdcd itself. Regards, Joey -- It's practically impossible to look at a p

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) Are you going to update the package in sid as well? Or should the package propagate via stable-security? Regards, Joey --

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) > > Very Short summary: > > * bufferoverflow in C code > * remotely exploitable > * CVE has been requested by micah > * Untested pa

Bug#365680: CGIIRC vulnerability (Bug#365680)

Mario 'BitKoenig' Holbe wrote: > > Elrond wrote: > > > I _might_ be able to test, wether the package still works > > Please let us know. > > Tests are done. Everything seems to work well. > > > Update prepared. > > Go on :) > Please make sure you did also add 50_client-c_bufferoverflow_fix to >

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > On Sun, May 07, 2006 at 09:16:35AM +0200, Martin Schulze wrote: > [...] > > If an update enters stable-security and the version in testing ist the > > same as in stable, then the new version propagates into testing. If, > > additionally, the version in un

Bug#368202: sarge: dia: CVE-2006-2480 and CVE-2006-2453: format string vulnerability

Roland Stigge wrote: > Hi, > > besides the upload to unstable, I've backported the upstream patch for > #368202. See attachment. > > Feel free to upload if appropriate. We don't consider it approriate unless you provide us with an attack vector, i.e. automatic processing of files from untrusted

Bug#370668: Spelling errors in tmpreaper

Package: tmpreaper Version: 1.6.6 Severity: minor /usr/share/doc/tmpreaper/README.security.gz: - Now let is sit, suspended, for x days. Tmpreaper then removes the + Now let it sit, suspended, for x days. Tmpreaper then removes the - limit it to a certian smaller class of victim programs, b

Bug#326606: sendfile: receive fails to bounce

Ulli Horlacher wrote: > > > However, receive reacts like this: > > > > > > $ receive -ba [EMAIL PROTECTED] > > > %receive-Warning: file [EMAIL PROTECTED] not found > > Bug in the receive man-page (*). > > The correct syntax is: receive -ab [EMAIL PROTECTED] > > (The argument for option -b must

Bug#372172: CVE-2006-2230: Denial of service in xine-ui

@@ -1,3 +1,12 @@ +xine-ui (0.99.3-1sarge1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Corrected call to report() and printf() to fix format string +vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, +CVE-2006-2230] + + -- Martin Schulze

Bug#372719: regression in FreeType security fix for DSA-1095

Hi! Steve Langasek wrote: > As mentioned earlier this month, a regression was found in the freetype > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to crash > with division-by-zero errors. I've prepared a maintainer upload to fix > this regression using the patch from bug #373

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Mon, Jun 26, 2006 at 08:36:07AM +0100, Steve Kemp wrote: > > On Sun, Jun 25, 2006 at 03:09:51PM -0700, Steve Langasek wrote: > > > > As mentioned earlier this month, a regression was found in the freetype > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applica

Bug#375617: Patch

Attached is a patch that simply changes the pathname. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always Cc to me when replying to me on the lists. diff -u -p -Nr --exclude CVS orig/spread-3.17.2/session.c spread-3.17.2/sess

Bug#356939: "Security" fix for shadow in sarge (#356939)

Christian Perrier wrote: > As a consequence, I hereby ask the security team to DROP the processing > of the 4.0.3-31sarge6 version you have. As you wish, packages deleted. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always C

Bug#366682: CVE-2006-2162: Buffer overflow in nagios

02/debian/changelog @@ -1,3 +1,11 @@ +nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Add overflow protection for Content-Length [cgi/getcgi.c, +debian/patches/9_CVE-2006-2162.dpatch] + + -- Martin Schulze <[EMAIL P

Bug#366682: CVE-2006-2162: Buffer overflow in nagios

Hi Sean! Sean Finney wrote: > On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote: > > > - crafting a simple "user-agent" that can illustrate the vulnerability > > > by sending a negative or 0 value for content length to a nagios cgi > > >

Bug#366927: CVE-2006-2247: Information leak in webcalendar

, CVE-2006-2247] + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 12 May 2006 08:10:15 +0200 + webcalendar (0.9.45-4sarge3) stable-security; urgency=high * Fixed multiple security vulnerabilities only in patch2: unchanged: --- webcalendar-0.9.45.orig/includes/user.php +++ webcalendar-0.9.

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

How can the diricons and config parameters be exploited? From a quick glance I can't find an open associated with $DirIcons. I assume $SiteConfig leads to an open() call. Charles Fry wrote: > Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl >

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Hendrik Weimer wrote: > Martin Schulze <[EMAIL PROTECTED]> writes: > > > How can the diricons and config parameters be exploited? From a quick > > glance I can't find an open associated with $DirIcons. > > The diricons issue is a XSS vulnerability. It has

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Hendrik Weimer wrote: > Martin Schulze <[EMAIL PROTECTED]> writes: > > > Umh... but since the query_string is already sanitised globally > > how can XSS still happen? Was the sanitising not sucessful? > > AFAICS the query_string is not being decoded first. Therefor

Bug#366683: CVE-2006-2162: Buffer overflow in nagios

Sean Finney wrote: > On Fri, May 12, 2006 at 06:24:21AM +0200, Martin Schulze wrote: > > Please let me know the version in sid that will have this problem > > fixed once you know it. > > for nagios 1.x: 1.4-1 (or 2:1.4-1, since there's an epoch i guess) > for nagios 2

Bug#296340: lynx: patch to fix CVE-2004-1617

Alec Berryman wrote: > Package: lynx > Version: 2.8.5-2sarge1 > Followup-For: Bug #296340 > > Attached is a patch from OpenBSD to fix CVE-2004-1617. It has been > reformatted as a dpatch. After applying the patch and rebuilding, pages > like http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.

Bug#365940: Files for a Quagga DSA (RIPD unauthenticated route injection)

Christian Hammers wrote: > Attached you will find a diff that can be used to make a DSA for the > recent Quagga security bug. Thanks a lot for preparing the update. Please also mention CVE-2006-2223 CVE-2006-2224 in the unstable changelog when you're doing the next upload anyway. Regards,

Bug#296340: lynx: patch to fix CVE-2004-1617

Thomas Dickey wrote: > > > reformatted as a dpatch. After applying the patch and rebuilding, pages > > > like http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html no > > > longer causes lynx to exhaust memory and crash. > > > > > > Patch obtained from: > > > ftp://ftp.openbsd.org/pub/OpenBS

Bug#351834: nl_langinfo(3) lacks precondition

Michael Kerrisk wrote: > > > is nl_langinfo(3) somehow different here from a host of > > > other functions whose behaviour depends on setlocale(). > > > E.g., strptime(3), printf(3), etc, most of which do not > > > explicitly mention the need to call setlocale()? > > > > Not sure about the other f

Bug#367272: FreeTalk should allow users to overwrite system defaults

Package: freetalk Version: 0.5-2 Currently, freetalk loads a lot of files upon startup. One of them is beep.scm. However, some users may prefer the client not to beep upon each and every message. You guessed it, I am among those. However,.freetalk/freetalk.scm is loaded before init.scm, the sy

Bug#359042: freeradius: dpatch for CVE-2006-1354: "EAP-MSCHAPv2 vulnerability"

Alec Berryman wrote: > Package: freeradius > Followup-For: Bug #359042 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Attached dpatch is reformatted from revision 1.11 of > src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c. > > The fix applies and compiles, but I have not do

Bug#364443: CVE-2006-2237

Thomas Kaehn wrote: > Hi, > > will CVE-2006-2237 be fixed in Sarge? I can't see a DSA yet and the > problem is not listed as a non-vulnarability. I was working on this already. Regards, Joey -- The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin Please always Cc to

Bug#374296: Changing default Accept: list

Package: w3m Version: 0.5.1-4 Severity: wishlist Disclaimer: I'm not totally sure this would be a proper fix. When I try to view http://www.debian.org/events/2006/0624-froscon content negotiation is in place. w3m requests a file of type text/*. However, text/calendar and text/html are available

Bug#374296: Changing default Accept: list

Martin Schulze wrote: > It may be a good idea to adjust the default accept_media setting (which > will result in the Accept: HTTP header) a little bit: > > - accept_media text/*, image/*, application/*, message/*, audio/* > + accept_media text/html, text/plain, text/comma-separat

Bug#374388: Changing default Accept: list

Package: lynx Version: 2.8.5-2sarge2 Severity: wishlist When I try to view http://www.debian.org/events/2006/0624-froscon content negotiation is in place. Lynx requests a file of type text/html, [..], text/*. However, text/calendar and text/html are available on www.debian.org and Apache seems to

Bug#373913: [EMAIL PROTECTED]: CVE-2006-3081 assigned to MySQL str_to_date() DoS]

FYI Regards, Joey - Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> - == Name: CVE-2006-3081 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 Reference: BUGTRAQ:20060614 MySQL D

Bug#379829: manpages: regex(7) is practically unreadable - offer of rewrite

Paul LeoNerd Evans wrote: > I have been using regexps for about 4 years now, and even I can't > understand regex(7). > > I therefore propose a rewrite, to be much longer, a much gentler > introduction for people who don't understand them, to include plenty of > examples to illustrate, and general

Bug#379297: epoll_ctl manual error

Frank van Viegen wrote: > Package: manpages-dev > Version: 2.34-1 > > The epoll_ctl(2) man page states: > > ERRORS > EBADF epfd is not a valid file descriptor. > > However, based upon actual kernel (2.6.11-9-em64t-p4-smp) behaviour it > should probably read: > > ERRORS > EBADF fd

Bug#372285: makecontext(3)

Hi Michael, here's a small addition to makecontext(3) based on Helmut's comment in : Index: man3/makecontext.3 === RCS file: /var/cvs/debian/manpages/man3/makecontext.3,v retrieving revision 1.1.1.8 dif

Bug#372285: makecontext(3)

Michael Kerrisk wrote: > > Please apply it either directly or adjusted for your needs. > > I haven't taken this as is, but have done a few rewrites in the > page including adding some text that mentions that these > arguments are 'int'. Great. Thanks and welcome back. Regards, Joey --

Bug#380054: CVE-2006-2898: Denial of service in Asterisk

Package: asterisk Version: 1.2.10.dfsg-1 Severity: grave Tags: security patch A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause au crash of the Asterisk server. The patch used for s

Bug#380054: CVE-2006-2898: Denial of service in Asterisk

Mark Purcell wrote: > On Thursday 27 July 2006 07:34, Martin Schulze wrote: > > The patch used for security is attached. > > Thanks Joey, > > In asterisk 1.2.10 half of that patch is already applied upstream. > > I have applied the other half and am in the process of

Bug#378544: Undefined macros in manpages

Justin Pryzby wrote: > > Thanks for your report. Fixes, as described below, will appear in upstream > > 2.37. Cool! > > > results: line dismissed > > > fix: .B instead of .Fd > > > > Not correct; no change. (Is the Debian page different from my upstream, > > perhaps?) > Indeed it is: > http:

Bug#380152: missing raid456 modules

maximilian attems wrote: > severity 380152 serious > stop > > an boot failure is RC. True, but not a boot-failure in a kernel which is not part of the release. Hence, madducks downgrade was fine. > 2.6.18 linux-image package are under preparation. > 2.6.17 or higher will be used for Etch, > curr

Bug#377299: sitebar: CVE-2006-3320: cross-site scripting

Thijs Kinkhorst wrote: > > > CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php > > in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary > > web script or HTML via the command parameter." > > I've already fixed this by NMU in unstable. I've also prepared a

Bug#380273: DHCP server exits unexpectedly on DHCPOFFER with specific client-identifier

I have assigned CVE-2006-3122 to this issue. Eloy, please let us know which version in sid fixes the problem when you upload a package. Andrew, is it ok when we credit you in the advisory for discovery? Andrew Steets wrote: > There is a bug in ISC DHCP server version 2 that causes the server to

Bug#371076: cfs SIGSEGV

Please use CVE-2006-3123 for this issue. Gerrit, please mention it in the proper changelog entry when you're uploading the next package anyway. Regards, Joey -- This is GNU/Linux Country. On a quiet night, you can hear Windows reboot. Please always Cc to me when replying to me on the

Bug#381333: Please consider adding fstyp

Package: moreutils Version: 0.15 Severity: wishlist Hi Joey, please consider adding alias fstyp - identify filesystem to the morutils package. Regards, Joey -- WARNING: Do not execute! This call violates patent DE10108564. http://www.elug.de/projekte/paten

Bug#381378: CVE-2006-3913: arbitrary code execution in freeciv

Stefan Fritsch wrote: > Package: freeciv > Severity: grave > Tags: security > Justification: user security hole > > CVE-2006-3913: > "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul > 2006 and earlier, allows remote attackers to cause a denial of service > (crash) and possibly e

<    1   2   3   4   5   6   >