On Sun, 2016-12-18 at 18:15 +0100, koopa wrote:
> numpy.oldnumeric has been removed in 1.9 release so castle-combat does not
> start
> https://docs.scipy.org/doc/numpy-dev/release.html#numpy-1-9-0-release-notes
>
> so castle-combat does not start
>
Thanks for pointing this out.
castle-combat
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
Monkey webserver fails to drop supplemental groups when lowering privileges.
This allows any local user on the system to read any fine that root's
supplemental
groups can access. Monkey does perform
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
The Monkey webserver retains RUID/RGID root so that it can regain root as
needed to perform privileged operations. Unfortunately, monkey does not drop
RUID/RGID root before executing CGI scripts.
Thanks for the bug report on apt-watch. It should be straightforward to fix.
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/19/2011 07:08 PM, Michael Biebl wrote:
Hi John,
as you might have noticed, the GNOME 3 transition is now ongoing in unstable.
Could you please upload apt-watch 0.4.0 from experimental to unstable now as
otherwise apt-watch will block this
Package: masqmail
Version: 0.2.21-4
Severity: critical
Tags: security
Justification: root security hole
Reporting publicly since this has already been disclosed on the masqmail list.
In src/log.c there are two logging functions that use this logic:
uid_t saved_uid;
saved_uid =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/01/2011 04:00 PM, Dominic Hargreaves wrote:
Source: libfinance-quotehist-perl
Version: 1.16-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)
This package FTBFS with a clean sid chroot:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
fixed 612914 1.14-1+squeeze1
thanks
The fixed version of libfinance-quotehist-perl has been accepted into
stable-proposed-updates and will be included in the next stable release.
The patch applied is:
diff --git a/debian/rules b/debian/rules
index
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/29/2011 04:05 AM, Moritz Mühlenhoff wrote:
Hi,
* Moritz Mühlenhoff muehlenh...@univention.de [2011-02-14 10:27:55 CET]:
Am Montag 14 Februar 2011 04:24:35 schrieb John Lightsey:
Yes, I can reproduce the FTBFS with 1.14. This was corrected
On 02/11/2011 08:28 AM, Moritz Muehlenhoff wrote:
Hi John,
I've tried to rebuild java-imaging-utilities for Univention Corporate Server,
a Debian derived distribution based on Debian stable (currently Lenny, our
next
release will be based on Squeeze).
libfinance-quotehist-perl fails to
tag 612914 squeeze
thanks
Yes, I can reproduce the FTBFS with 1.14. This was corrected upstream
with 1.16 which is already in testing and unstable. The newer version
doesn't include adjusted prices in any tests since Yahoo changes these
periodically.
--
To UNSUBSCRIBE, email to
tags 594353 + pending
thanks
I'll upload a new version tonight without -Werror in CXXFLAGS. The
package builds fine aside from the deprecation warnings.
Thanks for your bug report.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Package: xen-tools
Version: 3.9-4
Severity: grave
Tags: security
Justification: user security hole
I'm tagging this security, though common best practices would suggest that
access
to the Dom0 should be severely restricted to begin with.
When xen-create-image is used to create a file based
On Sun, 2009-09-27 at 15:48 +0200, Luca Falavigna wrote:
I was looking at castle-combat trying to see if it can be ported to
python-numpy because python-numeric* packages have been removed.
This is not a trivial task because some things have changed and it
crashes every now and then, with
This shouldn't be tagged as a grave security issue. The symlink tests
in Apache are trivial to overcome with timing attacks and the Apache
documentation explicitly states that the symlink tests should not be
considered a security restriction.
tags 431324 + pending
thanks
I isolated the problem with apt-watch yesterday and I'll have a new
version uploaded this evening with the fix.
John
signature.asc
Description: This is a digitally signed message part
tags 409523 + patch
thanks
According to the changelog in libgpewidget-0.114 gpe/render.h was
removed because it was considered obsolete and unused.
Simply deleting the #include directive from main.c allows gpe-edit to
compile and run properly.
Patch attached.
John
diff -Nur
According to the changelog in libgpewidget-0.114 gpe/render.h was
removed because it was considered obsolete and unused.
Simply deleting the #include directive from main.c allows gpe-julia to
compile and run properly.
Patch attached.
John
diff -Nur gpe-julia-0.0.6.orig/main.c
On Tue, 2006-06-20 at 20:07 +0200, Karl Bartel wrote:
I just uploaded a new release. The code worked out quite different
than in the patch, because I wanted to add a Sound on/off switch
without adding an additional conditional around each line where a
sound is played. This bug should be
tags 340070 + patch
thanks
pri_set_error and pri_set_message in libpri.h from libpri-dev have
changed since this version of yate was released. Updating yate to a
newer upstream would likely fix the FTBFS error. Barring that, the
attached dpatch gets the yate package compiling again in its
tags 336840 + patch
thanks
Reordering the call to glutInit in orbit.c fixes this error.
John
diff -ur space-orbit-1.01.orig/src/orbit.c space-orbit-1.01/src/orbit.c
--- space-orbit-1.01.orig/src/orbit.c 2005-12-13 18:22:35.0 -0600
+++ space-orbit-1.01/src/orbit.c 2005-12-13
On Mon, 2005-09-12 at 12:52 -0700, Matt Kraai wrote:
xmms-goom fails to build because it clobbers the PIC register ebx in
an asm statement:
Sorry for taking so long to address this issue. I was originally
thinking I'd just fix the sections of assembly code with the obvious
pushl...popl, then
22 matches
Mail list logo