Processing commands for cont...@bugs.debian.org:
> severity 510560 important
Bug#510560: rtorrent: Patch to resolve bug #506748 leads to crashes
Bug#512082: rtorrent: Command fi.filename_last not available in this version of
rTorrent.
Severity set to `important' from `grave'
> thanks
Stopping pr
Processing commands for cont...@bugs.debian.org:
> severity 506748 important
Bug#506748: crash rtorrent by scgi-interface (function: 'fi.get_filename_last')
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
Hi Steffen
I'll upload a new package when built.
Can the package be built using etch as that is what I have on mu main
Debian development machine? I know that I got restrictions on some other
package lately.
Best regards,
// Ola
On Thu, Jan 29, 2009 at 05:30:24PM -0500, Steffen Joeris wrote:
>
Processing commands for cont...@bugs.debian.org:
> # Fri Jan 30 07:03:19 UTC 2009
> # Tagging as pending bugs that are closed by packages in NEW
> # http://ftp-master.debian.org/new.html
> #
> # Source package in NEW: linux-modules-contrib-2.6
> tags 513022 + pending
Bug#513022: Possible security
Your message dated Fri, 30 Jan 2009 08:00:11 +0100
with message-id <20090130070011.ga11...@inguza.net>
and subject line Re: [Debian] Re: Bug#513310: vzctl fails to set capabilities,
and subsequently fails to start any VE
has caused the Debian Bug report #513310,
regarding vzctl fails to set capab
Dear Ben,
Thanks.
IE_CF_PARM EID_STRUCT Octet data structure in "mlme.h" will change to unsigned
char too.
-Original Message-
From: Ben Hutchings [mailto:b...@decadent.org.uk]
Sent: Monday, January 26, 2009 2:34 AM
To: 513...@bugs.debian.org
Cc: rt2400-de...@lists.sourceforge.net; Dennis
On Fri, 2009-01-30 at 11:12 +0900, Atsuhito Kohda wrote:
> Hi Drew,
>
> On Tue, 27 Jan 2009 15:19:37 +1100, Drew Parsons wrote:
>
> > While it's good to see that MathML support is improved (such that we
> > don't need these fonts for that purpose), I'd like to heartily give my
> > support for kee
Your message dated Fri, 30 Jan 2009 02:47:03 +
with message-id
and subject line Bug#513446: fixed in duplicity 0.5.06-1
has caused the Debian Bug report #513446,
regarding duplicity 0.5.02-2 does not install with python 2.5 :
incompatibbilities with other packages
to be marked as done.
This
Hi Drew,
On Tue, 27 Jan 2009 15:19:37 +1100, Drew Parsons wrote:
> While it's good to see that MathML support is improved (such that we
> don't need these fonts for that purpose), I'd like to heartily give my
> support for keeping this font package in working order!
Thanks, but it depends heavil
On Thu, Jan 29, 2009 at 11:34 PM, Miguel Landaeta wrote:
> On Thu, Jan 29, 2009 at 9:51 PM, LI Daobing (李道兵) wrote:
>> I make a mistake in memory management, check the following commit please:
>> http://github.com/lidaobing/chmsee/commit/4b60d2268b4efef1a882c521d86352f22c517f6a
>>
>> it should no
Ola Lundqvist writes:
> If you could try this fix out it would be really great.
> A built package for amd64 is available at:
> http://apt.inguza.org/vzctl/
Ah. I am on amd64, and that is an i386 package without source.
Anyway, I grabbed the source, manually applied the patch and downgraded
the
Package: root-system
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in
xrootd/src/xrootd/src/XrdCrypto/XrdCryptosslX509Req.cc:
bool XrdCryptosslX509Req::Verify()
{
[...]
return X509_REQ_verify(creq,X509_REQ_get
Package: libnet-bittorrent-libbt-tracker-perl
Version: 0.0.19+p4.2296-1
Severity: grave
Justification: renders package unusable
Trying to execute a perl file containing the line:
use Net::BitTorrent::LibBT::Tracker;
produces the error:
Can't load '/usr/lib/perl5/auto/Net/BitTorrent/LibBT/Tracker/
Package: newpki-lib
Severity: serious
Tags: security
Hi,
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in src/PKI_CSR.cpp:
if(X509_REQ_verify(m_csr, m_pubKeyCsr) < 0)
{
NEWPKIerr(CRYPTO_ERROR_TXT, ERROR_ABORT);
Package: wvstreams
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in crypto/wvx509.cc:
int verify_result = X509_REQ_verify(certreq, pk);
if (verify_result == 0)
{
debug(WvLog::Warning, "Self si
Package: isakmpd
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in x509.c:
if (X509_verify(cert, key) == -1) {
log_print("x509_cert_validate: self-signed cert is bad");
retu
Processing commands for cont...@bugs.debian.org:
> severity 513504 important
Bug#513504: flash-kernel should handle LVM roots better
Severity set to `important' from `critical'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
severity 513504 important
thanks
* Paul Jakma [2009-01-29 17:45]:
> Package: flash-kernel
> Version: 2.12
> Severity: critical
Thinking about this some more, I realized that this situation must be
quite rare. d-i generates a /etc/fstab in the form of /dev/mapper/...
so in order to end up with a
Package: xvnc4viewer
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vnc4.
CVE-2008-4770[0]:
| The CMsgReader::readRect function in the VNC Viewer component in
| RealVNC VNC Free Edition 4.0 th
I did a QA upload to the delayed queue based based on my prepared NMU.
Besides fixing this bug it sets the maintainer to the Debian QA Group,
bumps the Standards-Version, uses debhelper 7 and fixes some lintian
warnings. It will hit unstable in a about week
Carsten
--
To UNSUBSCRIBE, email to
Your message dated Thu, 29 Jan 2009 21:47:03 +
with message-id
and subject line Bug#513022: fixed in linux-modules-contrib-2.6 2.6.26-3
has caused the Debian Bug report #513022,
regarding Possible security flaw in ad-hoc probe request processing
to be marked as done.
This means that you clai
Package: ruby1.9
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in ext/openssl/ossl_ocsp.c:
result = OCSP_basic_verify(bs, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn(
Processing commands for cont...@bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.26etch1
> tags 513022 + pending
Bug#513022: Possible security flaw in ad-hoc probe request processing
Tags were: security upstream
Tags added: pending
>
End of message, stopping pro
Processing commands for cont...@bugs.debian.org:
> severity 513488 important
Bug#513488: debootstrap: version in Lenny needs to be able to bootstrap Squeeze
Severity set to `important' from `grave'
>
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug
Hi,
This works for me, see comments below!
On Thu, 29 Jan 2009, Martin Michlmayr wrote:
maks, can you comment on this patch. I've attached the full hook
for context. Maybe you'll find other cases that need to be handled
in a special way.
Index: initramfs-tools/hooks/flash_kernel_set_root
Hi.
On Mon, Jan 26, 2009 at 12:55:45AM +0100, Jan L?bbe wrote:
> Upstream marked the mentioned #1744 as a duplicate of
> http://intellinuxwireless.org/bugzilla/show_bug.cgi?id=1703
> which has been closed (and marked verified) in 228.57.2.23.
The problem with 228.57.2.23 is that it contains on
On Thu, Jan 29, 2009 at 07:31:00PM +0100, Andreas Metzler wrote:
> I am not sure this is serious. Douglas' bug applies to X509 v1 CA certs,
> which afaiui are rare.
> http://news.gmane.org/find-root.php?message_id=%3c20090110155632.10ba0626%40nmav%2deee%3e
> Gnutls is documented to not trust this
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id
and subject line Bug#512082: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #512082,
regarding rtorrent: Patch to resolve bug #506748 leads to crashes
to be marked as done.
This means that you claim that the problem
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id
and subject line Bug#510560: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #510560,
regarding rtorrent: Patch to resolve bug #506748 leads to crashes
to be marked as done.
This means that you claim that the problem
Your message dated Thu, 29 Jan 2009 20:32:12 +
with message-id
and subject line Bug#429137: fixed in modxslt 2005072700-3
has caused the Debian Bug report #429137,
regarding please update/request removal of your package
to be marked as done.
This means that you claim that the problem has bee
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id
and subject line Bug#512082: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #512082,
regarding rtorrent: Command fi.filename_last not available in this version of
rTorrent.
to be marked as done.
This means that you
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id
and subject line Bug#510560: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #510560,
regarding rtorrent: Command fi.filename_last not available in this version of
rTorrent.
to be marked as done.
This means that you
Processing commands for cont...@bugs.debian.org:
> retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
> overflows
Bug#507587: CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
Changed Bug title to `CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple
buffer overflo
retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
overflows
thanks
Hi
There is an additional CVE about buffer overflows.
CVE-2009-0323[0]:
| Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0
| and 11.0 allow remote attackers to execute arbitrary code vi
Processing commands for cont...@bugs.debian.org:
> retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
Bug#507587: CVE-2008-5282,CVE-2008-6005: multiple buffer overflows
Changed Bug title to `CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple
buffer' from `CVE-2008-5282,CVE
Package: phpicalendar
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for phpicalendar.
CVE-2008-5840[0]:
| PHP iCalendar 2.24 and earlier allows remote attackers to bypass
| authentication by setting t
Package: newpki-client
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this:
src/DlgShowLog.cpp: if(!LOG_ENTRY_verify(lValue, (EVP_PKEY
*)m_EntityCert.GetPublicKey()))
LOG_ENTRY_verify() is a function from libnewpki
Processing commands for cont...@bugs.debian.org:
> # Testing is affected as well
> found 513418 1.8.3-5
Bug#513418: gnumeric: CVE-2009-0318 untrusted search path vulnerability in
GObject wrapper
Bug marked as found in version 1.8.3-5.
> thanks
Stopping processing here.
Please contact me if you
Package: newpki-server
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this:
src/EntityLog.cpp: if(!LOG_ENTRY_verify(log, (EVP_PKEY
*)m_CaCert.GetPublicKey()))
LOG_ENTRY_verify() is a function from libnewpki that do
Processing commands for cont...@bugs.debian.org:
> forwarded 513418 http://bugzilla.gnome.org/show_bug.cgi?id=569648
Bug#513418: gnumeric: CVE-2009-0318 untrusted search path vulnerability in
GObject wrapper
Noted your statement that Bug has been forwarded to
http://bugzilla.gnome.org/show_bug.c
On 2009-01-29 Steve Langasek wrote:
> Hi Andreas,
> > is this the issue that is also being discussed in
> > http://news.gmane.org/find-root.php?message_id=%3c49654581.3020505%40anl.gov%3e
> > or is it the original submitter a different one than Douglas E.
> > Engert?
> That looks to be the same
* Paul Jakma [2009-01-29 17:45]:
> A workaround, according to tbm, would be to have flash-kernel
> canonicalise LVM devices to their /dev/mapper/... form - I gather.
It's not a workaround; it's the proper solution.
maks, can you comment on this patch. I've attached the full hook for
context. M
Package: flash-kernel
Version: 2.12
Severity: critical
Justification: breaks the whole system
LVM roots are not handled well. If one specifies an LVM root in
/etc/fstab in the form of /dev/vg/lv (e.g. /dev/VG-n2100/root_lv)
then the system will fail to boot. Instead, one must use the
/dev/mapp
Hi Daniel
If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/
// Ola
On Thu, Jan 29, 2009 at 07:57:54PM +0300, Kir Kolyshkin wrote:
> I'm not really sure but maybe this one can help:
>
> http://git.openvz.org/?p=vzctl;a
I'm not really sure but maybe this one can help:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?
If that does not work I need straces from both working and non-working
versions.
Ola Lundqvist wrote:
This was already correcte
Hi Kir and Daniel
When I started to backport this fix, I realized that this fix was
already backported to the version running.
This means that we have some other problem that has been fixed in the
3.0.23 version available in experimental.
Best regards,
// Ola
On Thu, Jan 29, 2009 at 10:01:43AM
This was already corrected in
vzctl (3.0.22-9) unstable; urgency=low
* Correction of capability problem on some platforms. Closes: #482974.
-- Ola Lundqvist Sat, 7 Jun 2008 19:26:21 +0200
Do you have any other idéa?
// Ola
On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
>
On Thu, Jan 29, 2009 at 09:17:26AM +0100, Bastian Blank wrote:
> On Thu, Jan 29, 2009 at 02:26:56AM +, Ben Hutchings wrote:
> > This ought to be fixable by a binNMU, but linux-modules-contrib-2.6 is
> > not binNMU-safe. And rebuilding it properly in unstable will add new
> > binary packages fo
Thanks for sending detailed information, it helps a lot. Here is the
problem. You don’t have a session manager installed, so the X11 startup
scripts choose to run x-window-manager.
ii metacity [x-window-man 1:2.22.0-2A lightweight GTK2 based Window Ma
ii twm [x-window-manager] 1:1.0.
Processing commands for cont...@bugs.debian.org:
> retitle 513488 debootstrap: version in Lenny needs to be able to bootstrap
> Squeeze
Bug#513488: version in Lenny needs to be able to bootstrap Squeeze
Changed Bug title to `debootstrap: version in Lenny needs to be able to
bootstrap Squeeze' fr
Package: debootstrap
Version: 1.0.10
Severity: grave
debootstrap does not yet allow to bootstrap a squeeze chroot, this needs
to be fixed before Lenny is released as DSA (and other people) need to be
able to create porter/security/... chroots.
-- System Information:
Debian Release: 5.0
APT pr
Le jeudi 29 janvier 2009 à 13:44 +, Jenny Barna a écrit :
> Today I did an apt-get update and apt-get upgrade which appeared to hang. I
> rebooted
> and I can login via ssh but not via the console. It's a Sun with ILOM and if
> the console is redirected one gets the same broken result. The ini
Package: gdm
Version: 2.20.7-4
Severity: grave
Justification: renders package unusable
Today I did an apt-get update and apt-get upgrade which appeared to hang. I
rebooted
and I can login via ssh but not via the console. It's a Sun with ILOM and if
the console is redirected one gets the same bro
Your message dated Thu, 29 Jan 2009 13:39:45 +0100
with message-id <20090129123944.gd6...@koocotte.org>
and subject line No bug
has caused the Debian Bug report #495683,
regarding sshguard: Current implementation skip any other iptables rules
to be marked as done.
This means that you claim that t
On Tue, Jan 13, 2009 at 01:30:19PM +0100, Andreas Henriksson wrote:
> Maybe I'm missing something obvious because I haven't looked any closer
> at this, but to me the debian sshguard bug report #495683 seems bogus!
>
> AFAIK the default action of a "non-builtin" chain (the ones you create
> yours
Your message dated Thu, 29 Jan 2009 11:02:05 +
with message-id
and subject line Bug#510585: fixed in netatalk 2.0.4~beta2-4.1
has caused the Debian Bug report #510585,
regarding CVE-2008-5718: arbitrary command execution in papd in netatalk
to be marked as done.
This means that you claim tha
Processing commands for cont...@bugs.debian.org:
> forwarded 511519
> http://sourceforge.net/tracker/index.php?func=detail&aid=2545158&group_id=73194&atid=537053
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Noted your statement that Bug has been forwarded to
http://
Processing commands for cont...@bugs.debian.org:
> tag 511519 + pending
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Tags were: security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system admi
Stepan Golosunov wrote:
> The new xine with xdg-screensaver prevents xscreensaver from locking
> the screen. But it does not prevent the same screen from beeing
> blanked (old xine did). I don't think proposed patches in #511248 are
> going to fix that.
Right, so I guess we need to do "xset s off"
tag 511519 + pending
thanks
Some bugs are closed in revision 30225
by Damyan Ivanov (dmn)
Commit message:
add security_croak-in-do_verify-too.patch making do_verify() croak on
error the same way varify() already does. Document that verify() and
do_verify() croak on errors.
Closes: #511519. Thank
Processing commands for cont...@bugs.debian.org:
> severity 513384 grave
Bug#513384: xserver-xorg-core: server crash in CopyKeyClass when pressing
special keys
Severity set to `grave' from `serious'
> severity 513407 grave
Bug#513407: xserver-xorg-core: pressing a multimedia key crashes the X se
On Thu, Jan 29, 2009 at 02:55:20 +, Steve Cotton wrote:
> I've spent a while looking at what runs what, and realised that it will be
> quite time consuming for someone not familiar with your package to extact
> a test case.
>
> Would it be possible for you to isolate the gsf-scan bit;
.c and .
Hi Daniel
Thanks a lot for your information. I'll backport the fix today, upload
and request unblock to the debian release team.
Best regards,
// Ola
Quoting Daniel Pittman :
Kir Kolyshkin writes:
This is caused by newer kernel headers (in this case on a build system
that was used to b
On Thu, Jan 29, 2009 at 09:39:57AM +0100, Pierre Chifflier wrote:
> This is right, the first process forks and exits (so it does not get the
> return code). Suggestions accepted for a better way.
Do the complete initialization (all things needed to pass the "no options left
but kill ourself") firs
Hi Ben
I assume you're aware of the RC bug #512839 introduced by your NMU (and in
testing) xine-ui/0.99.5+cvs20070914-2.1 ? Looks like the fork()ing of
xdg-screensaver needs a little more thought.
Regards
Jon
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subje
Hey *,
On Wed, 28 Jan 2009 23:12:16 +0100 Nico Golde wrote:
> CVE-2009-0317[0]:
> | Untrusted search path vulnerability in the Python language bindings
> | for Nautilus (nautilus-python) allows local users to execute arbitrary
> | code via a Trojan horse Python file in the current working directo
On Wed, Jan 28, 2009 at 08:04:20PM +0100, Andreas Henriksson wrote:
> Hello!
>
> I had a really quick look and there seems to be several issues.
>
> Next after parsing the command line options, the server forks and kills
> off the parent (in wzdftpd/wzd_main.c line 402). This leaves no room for
>
Kir Kolyshkin writes:
> This is caused by newer kernel headers (in this case on a build system
> that was used to build this vzctl package), and is fixed in
> vzctl-3.0.23. See the following git commit:
vzctl 3.0.23-2 is available in experimental, so I have installed it and
tested it on my machi
On Thu, Jan 29, 2009 at 02:26:56AM +, Ben Hutchings wrote:
> This ought to be fixable by a binNMU, but linux-modules-contrib-2.6 is
> not binNMU-safe. And rebuilding it properly in unstable will add new
> binary packages for the vserver flavour. Perhaps a testing-security
> upload is in order
69 matches
Mail list logo