Bug#925919: Info received (RFT: linux with fix for VMware regression)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Kernel Team If you wish to submit further information on this problem, please send it to 925...@bugs.debian.org. Please do not send mail to ow...@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 925919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925919 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
RFT: linux with fix for VMware regression
I've uploaded a new version of linux to: https://people.debian.org/~benh/packages/jessie-security/ which I believe will fix this regression (bug #925919). Please let me know whether it works for you. I only included the amd64 linux-image package and sources there, but can add i386 linux-image packages if needed. Ben. -- Ben Hutchings Design a system any fool can use, and only a fool will want to use it. signature.asc Description: This is a digitally signed message part
Re: jessie-updates gone
On Fri, 2019-03-29 at 11:13 +0100, Pierre Fourès wrote: > The way I understand it, but I asked for clarification and > confirmation in my previous message [1], is that all « updates » goes > into -proposed-updates/, but the one who need to be quickly applied > into the distribution (but aren't security updates) are duplicated > from -proposed-updates/ into -updates/. Theses are the updates who > can't wait and must be applied between the point releases. Then, when > point releases occurs, all packages in -proposed-updates/ moves into > the stable repository of the distribution. They are automatically > removed from -proposed-updates/. This isn't true for the -updates/ > repository as it requires manual pruning. Nonetheless, all packages > in > -updates/ went into the stable repository (from the -proposed-updates > they originated from) when the point-release occurred. So nothing is > lost. But is that right ? Yes - see https://lists.debian.org/debian-devel-announce/2011/03/msg000 10.html , linked from every post to the debian-stable-announce list. (There will probably be a better URL somewhere on release.d.o once someone finds sufficient tuits to actually make it.) The removal of packages from p-u after adding them to stable is part of the actions performed by ftp-master during the point release (easily done as the package sets are the same). Technically, it is possible for an update from -updates / p-u to not be included in a point release, but that will usually be due to a regression being found before the point release, and in such cases there will likely be a follow-up update. Regards, Adam
[SECURITY] [DLA 1737-1] pdns security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: pdns Version: 3.4.1-4+deb8u9 CVE ID : CVE-2019-3871 Debian Bug : 924966 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response. Only installations using the pdns-backend-remote package are affected. For Debian 8 "Jessie", this problem has been fixed in version 3.4.1-4+deb8u9. We recommend that you upgrade your pdns packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlyeKOoACgkQj/HLbo2J BZ/wWwgAiWPZFOh+OXBitp36ySi4OnkDolH9vz1iOPqk6zF8LU8M4PHrbmD2ORjr pT/PrLHlTkEdPAZeD4vdDEO71CSwIDCCm5j6JAYrBhxTt5waFwFm0VBEUb9cl6Z2 lTXyTiYzXRbnDway8Nb7wS5JHOVbTDf5vQ8ZnP7c3dTvhP4khFoPpTG7W4V4t/Kq T5X9yvnnmvM6n4nfzX8OdsTp3MPMw2uNECeYlksZKg/ER25bVTBLYWqPAodpiOmS uQDgzSPqv5MkprxZy8sZXw4XrxGlgi/yMJzh5he9UbPBKijrJXV/jfBBkI4uucJZ VgDmhGWd4iTdqR8tLFERHmAjItYWVQ== =Hhny -END PGP SIGNATURE-
Re: DLAs in the website: some updates and issues
Hi,
On 18/03/2019 15:56, Sylvain Beucler wrote:
> On Thu, Mar 07, 2019 at 08:02:18PM +0100, Laura Arjona Reina wrote:
>> El 5/3/19 a las 16:07, Markus Koschany escribió:
>>> thank your for your work on our website. Ideally we would like to make
>>> the whole process fully automatic without the need for any manual
>>> interaction.
>> This is being discussed in #859123: automate import of DLAs and DSAs in
>> www.debian.org
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
>>
>> In particular, I think this message from Lev Lamberov is relevant:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123#20
>>
>>> Can you tell us more about the current work flow of our DSA
>>> announcements on the front page?
>> DSAs are manually imported by a web team member or a security team
>> member, using the parse_advisory.pl script.
>>
>>> Does someone from the webteam reviews
>>> the generation by hand?
>> Usually yes, but also, as it is noted in Lev's message, I think the
>> format of DSA is more standard.
> I had a look at parse-dla.pl / parse-advisory.pl, and let's face it:
> it's a bunch of ad-hoc regexps that happen to work. Most of the times.
>
> I couldn't find a satisfying way to fix the trailing
> recurring bug.
FYI I tracked down the difference ("For the (old)stable" vs. "For Debian
X") and adapted the regexp.
This confirms DLA formatting is on par with DSA's, the conversion script
is just fragile.
>>> I'm sure we can improve the current parse-dla.pl
>>> script and fix those markup bugs. We also thought about downloading the
>>> announcements from https://lists.debian.org/debian-lts-announce/ and
>>> then create the DLA on the web page automatically. Is this a viable plan?
>>>
>> I don't know.
>>
>> I guess that if the security team does not that already it's probably
>> because of a reason (or maybe because nobody in the web team could find
>> the time+skills+motivation needed to make it possible...).
> So the core issue is taking a text mail and automagically generate a
> HTML equivalent.
>
> Lev suggested 4 months ago that LTS and DebSec work on a common
> mark-up format. We could attempt to switch to MarkDown, but from
> experience it breaks easily, especially wrt newlines.
>
> Alternatively, a simple answer would be to keep the headers parsing
> (Package/Version/CVE ID/Debian Bug) but import the free-form
> description text verbatim as a monospace block (such as ).
> i.e. stop coping with ul/li, just auto-link https://... bits.
>
> I don't suggest merely linking the list archives, since AFAIU there is
> demand for advisories translations (if there isn't, though, a link
> would be enough IMHO).
>
> What do you think?
>
> Cheers!
> Sylvain
Accepted pdns 3.4.1-4+deb8u9 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2019 13:27:30 + Source: pdns Binary: pdns-server pdns-server-dbg pdns-backend-pipe pdns-backend-ldap pdns-backend-geo pdns-backend-mysql pdns-backend-pgsql pdns-backend-sqlite3 pdns-backend-lua pdns-backend-lmdb pdns-backend-remote pdns-backend-mydns Architecture: source amd64 Version: 3.4.1-4+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian PowerDNS Maintainers Changed-By: Sylvain Beucler Description: pdns-backend-geo - geo backend for PowerDNS pdns-backend-ldap - LDAP backend for PowerDNS pdns-backend-lmdb - lmdb backend for PowerDNS pdns-backend-lua - Lua backend for PowerDNS pdns-backend-mydns - MyDNS compatibility backend for PowerDNS pdns-backend-mysql - generic MySQL backend for PowerDNS pdns-backend-pgsql - generic PostgreSQL backend for PowerDNS pdns-backend-pipe - pipe/coprocess backend for PowerDNS pdns-backend-remote - remote backend for PowerDNS pdns-backend-sqlite3 - sqlite 3 backend for PowerDNS pdns-server - extremely powerful and versatile nameserver pdns-server-dbg - debugging symbols for PowerDNS Changes: pdns (3.4.1-4+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2019-3871, rebasing upstream's fix for 4.0.6: an insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response. Checksums-Sha1: fe9ba7366c6f0d0fb210e3d2f05d18a7a314aaca 2812 pdns_3.4.1-4+deb8u9.dsc fd9754bb66e4ad7434b1dd0ff21fb48de6578967 53628 pdns_3.4.1-4+deb8u9.debian.tar.xz f09e38dbdf09c1c3b838458a51d0fc7b252a4453 1598900 pdns-server_3.4.1-4+deb8u9_amd64.deb 2ebdb50c9ccdf71ed065b3d00d0ec16065b599e7 33114800 pdns-server-dbg_3.4.1-4+deb8u9_amd64.deb 43effb35157afb74ae9b346a36dcaebdfb63f7da 53408 pdns-backend-pipe_3.4.1-4+deb8u9_amd64.deb 7af6fe82003b769513b0efc9b045dbc239ff2645 256406 pdns-backend-ldap_3.4.1-4+deb8u9_amd64.deb 0226bd09a00ca6559344b843745cafb028a62f8d 63242 pdns-backend-geo_3.4.1-4+deb8u9_amd64.deb 9b55d79e75ad973158231aff55d94979566c71c0 45748 pdns-backend-mysql_3.4.1-4+deb8u9_amd64.deb 9c404ade4b404d9afa5d486e8a53dfcdc02a4c6a 46062 pdns-backend-pgsql_3.4.1-4+deb8u9_amd64.deb ac426bf45a27ededfe5f9d84b67422a1c3641e1a 38492 pdns-backend-sqlite3_3.4.1-4+deb8u9_amd64.deb 3ba52dd7a891ea2b732b5d5848bf56e659af54cf 60334 pdns-backend-lua_3.4.1-4+deb8u9_amd64.deb 2a8962ac6d84db864fd1bcc6eea8dfd0554e579e 41524 pdns-backend-lmdb_3.4.1-4+deb8u9_amd64.deb 699be6bec674104697a544af35fb994ffaf77bde 147278 pdns-backend-remote_3.4.1-4+deb8u9_amd64.deb b95e23c9efb3d8f1010f4dcc679bbda9cb6594fc 41098 pdns-backend-mydns_3.4.1-4+deb8u9_amd64.deb Checksums-Sha256: 675cc51be4a552cf922953b5071ded8f042ec7b4fe6cf9328d98695f2412440c 2812 pdns_3.4.1-4+deb8u9.dsc 375996e723e17d394bef6b31c9798545a3284345019b947077dd78902b30ab5d 53628 pdns_3.4.1-4+deb8u9.debian.tar.xz 22cc64adbddfb491224926f59da151a7f6dcd8ea82b3e08d495f8d2a63576e79 1598900 pdns-server_3.4.1-4+deb8u9_amd64.deb b9c1c8ad290f7ee72a15a3fbd436e6de0fdba3bbe88ac7d71d53037ab3350e6f 33114800 pdns-server-dbg_3.4.1-4+deb8u9_amd64.deb 7f13d13dfaf407dcf647557dd4c5046ee3130f7952f2bbf2e061193a9a8694c7 53408 pdns-backend-pipe_3.4.1-4+deb8u9_amd64.deb 97c7909116151f46207a2f68cf88ad0a040d81e37709a6cd31296bf37df07d62 256406 pdns-backend-ldap_3.4.1-4+deb8u9_amd64.deb 4c29dc409b17ea36366ddf445525992839ce776154551a25d91f7d4ea412a476 63242 pdns-backend-geo_3.4.1-4+deb8u9_amd64.deb 86135f26ed34af0f5ecff547a412d2d58e4e07f248606019d7874acbebb43c49 45748 pdns-backend-mysql_3.4.1-4+deb8u9_amd64.deb cc19edd06d99a86baa1cea150c64dd35148953f33dbac3d1be813b8ba29cc500 46062 pdns-backend-pgsql_3.4.1-4+deb8u9_amd64.deb 07fb683cd5bf1eb794f3c94a32cbdc82304b165738719519e83959510ac02444 38492 pdns-backend-sqlite3_3.4.1-4+deb8u9_amd64.deb 7bd24640d6dfc22182f0a1aa9b9b43bd65d206da706a1beee891c13ac0faf61f 60334 pdns-backend-lua_3.4.1-4+deb8u9_amd64.deb 5db00dc3418b2e816c75bc3ecc4f0fc0459ca73f1a54cd07f809f9c450c2e9cb 41524 pdns-backend-lmdb_3.4.1-4+deb8u9_amd64.deb 52a2ecc13492e5af24de4ffc20b1614387bb2f2b8bf6799240969e1da255a6ee 147278 pdns-backend-remote_3.4.1-4+deb8u9_amd64.deb 870f4c06142288f3246ca1f5e94ddefbd70234a5733ca37d8fc8b1e047ec0ba0 41098 pdns-backend-mydns_3.4.1-4+deb8u9_amd64.deb Files: 552d4c7af012e548374a6c269fa74a03 2812 net extra pdns_3.4.1-4+deb8u9.dsc 6c0d0b44deb1a91457b2ca434b6939af 53628 net extra pdns_3.4.1-4+deb8u9.debian.tar.xz cb3c9bcc9ccbfd9f59d9c3dc17fe1216 1598900 net extra pdns-server_3.4.1-4+deb8u9_amd64.deb 3700a63717c474a9fc90d0e3fed2f204 33114800 debug extra
Accepted dovecot 1:2.2.13-12~deb8u6 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2019 12:38:40 +0100 Source: dovecot Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg Architecture: source amd64 Version: 1:2.2.13-12~deb8u6 Distribution: jessie-security Urgency: high Maintainer: Dovecot Maintainers Changed-By: Markus Koschany Description: dovecot-core - secure POP3/IMAP server - core files dovecot-dbg - secure POP3/IMAP server - debug symbols dovecot-dev - secure POP3/IMAP server - header files dovecot-gssapi - secure POP3/IMAP server - GSSAPI support dovecot-imapd - secure POP3/IMAP server - IMAP daemon dovecot-ldap - secure POP3/IMAP server - LDAP support dovecot-lmtpd - secure POP3/IMAP server - LMTP server dovecot-lucene - secure POP3/IMAP server - Lucene support dovecot-managesieved - secure POP3/IMAP server - ManageSieve server dovecot-mysql - secure POP3/IMAP server - MySQL support dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support dovecot-pop3d - secure POP3/IMAP server - POP3 daemon dovecot-sieve - secure POP3/IMAP server - Sieve filters support dovecot-solr - secure POP3/IMAP server - Solr support dovecot-sqlite - secure POP3/IMAP server - SQLite support Changes: dovecot (1:2.2.13-12~deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2019-7524: A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS plugins are affected. Checksums-Sha1: 671d615fc906e3b2b437a9d07879ebe822f07129 3486 dovecot_2.2.13-12~deb8u6.dsc 1ee43174691f3f7b3c312054ea68d3d1eb77f30f 746764 dovecot_2.2.13-12~deb8u6.debian.tar.xz a4da44c4c32bbaef07dab55e2ab10df0cfdbfe52 2668162 dovecot-core_2.2.13-12~deb8u6_amd64.deb 7e1f0eb50bd25b5333bd3241069f3439b827d028 751070 dovecot-dev_2.2.13-12~deb8u6_amd64.deb a0951c4a50f5c7680fbd533e40132c862517609f 647734 dovecot-imapd_2.2.13-12~deb8u6_amd64.deb 9fb931c03ee8ee6a830f41d38063a05071998d7f 551014 dovecot-pop3d_2.2.13-12~deb8u6_amd64.deb d27fe9820196e8b056d45dd3a4d6a883d7f61f70 542868 dovecot-lmtpd_2.2.13-12~deb8u6_amd64.deb 45f368053807cb6781ce115a0e8b39072965385c 569904 dovecot-managesieved_2.2.13-12~deb8u6_amd64.deb 6d601038e3331189730d4a943ffabc75539f3436 534392 dovecot-pgsql_2.2.13-12~deb8u6_amd64.deb d746008cb63ae19bbefea8cc08e97bccd595acd9 532048 dovecot-mysql_2.2.13-12~deb8u6_amd64.deb 9f5245d5605db2b1e1afba91a643cd28e2630ad3 530254 dovecot-sqlite_2.2.13-12~deb8u6_amd64.deb a632d55856baf8ed79bab629a0442c8a4342137c 545338 dovecot-ldap_2.2.13-12~deb8u6_amd64.deb 7dfadc3c2bcdbd470d98421e03d68a4d14acc369 531424 dovecot-gssapi_2.2.13-12~deb8u6_amd64.deb 70308ea9baf710aa76b780caa84ab2d3625dbc09 768150 dovecot-sieve_2.2.13-12~deb8u6_amd64.deb d7d238a2301e79fe96d620a5e9c06a861042dd09 542300 dovecot-solr_2.2.13-12~deb8u6_amd64.deb 21d369266c65514e54dbf5cd2a89d5ed742b8cb3 549384 dovecot-lucene_2.2.13-12~deb8u6_amd64.deb 42795c40313844a9c445a4d50716e6d663edde7d 6736276 dovecot-dbg_2.2.13-12~deb8u6_amd64.deb Checksums-Sha256: 526f2488ef91d7a9758911f56df19e3d85ebf25d6f3de8f2235e948bf21e7016 3486 dovecot_2.2.13-12~deb8u6.dsc 4242f321c55f8b83ec2e2d5ea56fdd48175698909c939363647781daa47369bf 746764 dovecot_2.2.13-12~deb8u6.debian.tar.xz d542577f461786fa4dd9f846725ba64fcef5d196d5ad65ec8a77017d4d6ae714 2668162 dovecot-core_2.2.13-12~deb8u6_amd64.deb 7ac98470dfa96a5eb5faebfda40d4f5c1a1ea388a2a6c302a5adb43faeebcf02 751070 dovecot-dev_2.2.13-12~deb8u6_amd64.deb ca6973a3798f1d8b85d29a852ab4057bce15a58a3c51dd0acc29feb731dbf55c 647734 dovecot-imapd_2.2.13-12~deb8u6_amd64.deb b1999508b538bf41baa69b069f8be3d0b9ec6be0f0a161fb0e61d6662f193809 551014 dovecot-pop3d_2.2.13-12~deb8u6_amd64.deb d7ced09d70f09b4c61d7b791b1a92da68e597981c90bbfe441a9e9e90487feb7 542868 dovecot-lmtpd_2.2.13-12~deb8u6_amd64.deb 5e0474d2e33da9e11342d683acf07815cc36d8e3574b744461f201bd73ecaddc 569904 dovecot-managesieved_2.2.13-12~deb8u6_amd64.deb 4b34ccd97ceaa29ba1336440fec8a324ec831a941db98f985ed1d9937780a656 534392 dovecot-pgsql_2.2.13-12~deb8u6_amd64.deb f41b46bfa7aaf8e996a073112313d3eafc9ef44f4bb568ad2a621aa6690d5b07 532048 dovecot-mysql_2.2.13-12~deb8u6_amd64.deb b1bb7fd3bfa933c2651b0de1d6f42780564420c06af60b452ca42da5ec2a0bc6 530254 dovecot-sqlite_2.2.13-12~deb8u6_amd64.deb 21ae81c8773a3d6240921d393824ce5d3f917fdccfbfa71cfc8c6cd76f349141 545338 dovecot-ldap_2.2.13-12~deb8u6_amd64.deb 2431f1cc364c4eb4e4728c55543433d8b76a5a3bd92bf9a252eda71f9007f404 531424
Re: jessie-updates gone
On 27.03.19 11:20, Bernie Elbourn wrote: I am very grateful for all the work done here. You are all heroes! Can I gently ask if we can just blank the stretch-updates archive next time round please. Otherwise every stable machine out there now will need a change. Am 27.03.19 um 12:50 schrieb Matus UHLAR - fantomas: That's what I meant too. I probably should have emphasized that. If it is possible to wiz up a blank jessie-updates this will save me visiting a bunch of systems throwing apt errors in next few days. I wonder if it wasn't blank already. All of its contents was supposed to be moved to jessie main archive with last point release and no content should be there after that. On 27/03/2019 13:33, Markus Koschany wrote: So the idea is to readd the empty jessie-updates directory to avoid apt errors when updating? Jörg is this possible? On 27.03.19 14:02, Emilio Pozuelo Monfort wrote: Yes, I talked to them earlier today and they agreed to bringing it back to avoid these problems on users that have jessie-updates on their sources.list. and when is this expected to happen? jessie-proposed-updates could also be brought back, though that's not enabled by default upon installation so it should be less problematic if it stays removed (though some people may have it so it wouldn't hurt to bring it back as well). I agree although I don't use it neither. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: jessie-updates gone
Le ven. 29 mars 2019 à 10:11, Matus UHLAR - fantomas a écrit : > > >>On 27.03.19 11:20, Bernie Elbourn wrote: > >>>If it is possible to wiz up a blank jessie-updates this will save me > >>>visiting a bunch of systems throwing apt errors in next few days. > > >On 2019-03-27 11:50, Matus UHLAR - fantomas wrote: > >>I wonder if it wasn't blank already. All of its contents was > >>supposed to be > >>moved to jessie main archive with last point release and no content > >>should > >>be there after that. > > On 27.03.19 13:52, Adam D. Barratt wrote: > >Packages aren't moved from -updates to (old)stable, they're moved from > >p-u. Packages only get removed from -updates following manual action > >from a Release Team member. > > so, as I understand it, packages like clamav, spamassassin and others that > are in -updates may not get to main archive with a point release? > > Is there anything other needed to get them in? > > iirc, the -updates (formerly called volatile) was created to contain > packages that really need updates during distribution lifecycle, just like > antiviruses, spam filters and alike. > > They should not be lost. > The way I understand it, but I asked for clarification and confirmation in my previous message [1], is that all « updates » goes into -proposed-updates/, but the one who need to be quickly applied into the distribution (but aren't security updates) are duplicated from -proposed-updates/ into -updates/. Theses are the updates who can't wait and must be applied between the point releases. Then, when point releases occurs, all packages in -proposed-updates/ moves into the stable repository of the distribution. They are automatically removed from -proposed-updates/. This isn't true for the -updates/ repository as it requires manual pruning. Nonetheless, all packages in -updates/ went into the stable repository (from the -proposed-updates they originated from) when the point-release occurred. So nothing is lost. But is that right ? Pierre. [1] https://lists.debian.org/debian-lts/2019/03/msg00142.html
Re: Kernel 3.16.0-8-amd64 on vmware : corrupted page table
There is already a report in the BTS about this as well. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925918 smime.p7s Description: S/MIME Cryptographic Signature
Re: Kernel 3.16.0-8-amd64 on vmware : corrupted page table
Am 29.03.19 um 10:41 schrieb Bernhard Schmidt: Hi, > > sorry for not setting References correctly, I wasn't subscribed until now. > > We're hitting the same issue. Sometimes we see a backtrace in various > places, most of the times the machine just hangs (the cursor stops > blinking and it doesn't respond anymore). > > Rebooting into -7 seems to fix it. > > We're also on VMware ESXi 6.7. I don't think we have physical systems > with Jessie left, so I can't tell whether it only affects VMware. Attached the syslog of a machine that threw a lot of kernel Oops and broke the filesystem, but somehow still managed to write the log. We have some machines that are successfully running this kernel version on the same VMware infrastructure. Does not seem to be related to 1 vCPU vs. 2 vCPU. Bernhard syslog.gz Description: application/gzip smime.p7s Description: S/MIME Cryptographic Signature
Re: Kernel 3.16.0-8-amd64 on vmware : corrupted page table
Hi, sorry for not setting References correctly, I wasn't subscribed until now. We're hitting the same issue. Sometimes we see a backtrace in various places, most of the times the machine just hangs (the cursor stops blinking and it doesn't respond anymore). Rebooting into -7 seems to fix it. We're also on VMware ESXi 6.7. I don't think we have physical systems with Jessie left, so I can't tell whether it only affects VMware. Best Regards, Bernhard -- Bernhard Schmidt Netzbetrieb / IPv6 / DNSSEC Leibniz-Rechenzentrum Leibniz Supercomputing Centre Boltzmannstr. 1 D-85748 Garching b. Muenchen Tel: +49 89 35831-7885 E-Mail/Jabber: bernhard.schm...@lrz.de
Re: LTS packages changelogs on packages.d.o / metadata.ftp-master.d.o
Hi On Friday 29 March 2019 03:03 PM, Matus UHLAR - fantomas wrote: > Hello, > > trying to look at changelog of packages in LTS, it's not available on links > from packages.debian.org that point to metadata.ftp-master.d.o > > e.g. > https://packages.debian.org/jessie/linux-support-3.16.0-6 > https://packages.debian.org/jessie/linux-support-3.16.0-7 > https://packages.debian.org/jessie/linux-support-3.16.0-8 > all point to: > https://metadata.ftp-master.debian.org/changelogs/main/l/linux/linux_3.16.64-1_changelog > > > which does not exist. > can I find those changelogs in an easy way (without installing those > packages)? >From above packages.d.o pages click on the `Developer Information` link on the right side. It will take you to the new package tracker. From there you can find it. for eg: > https://packages.debian.org/jessie/linux-support-3.16.0-6 https://tracker.debian.org/media/packages/l/linux/changelog-3.16.64-1 --abhijith
LTS packages changelogs on packages.d.o / metadata.ftp-master.d.o
Hello, trying to look at changelog of packages in LTS, it's not available on links from packages.debian.org that point to metadata.ftp-master.d.o e.g. https://packages.debian.org/jessie/linux-support-3.16.0-6 https://packages.debian.org/jessie/linux-support-3.16.0-7 https://packages.debian.org/jessie/linux-support-3.16.0-8 all point to: https://metadata.ftp-master.debian.org/changelogs/main/l/linux/linux_3.16.64-1_changelog which does not exist. can I find those changelogs in an easy way (without installing those packages)? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton
Re: jessie-updates gone
On 27.03.19 11:20, Bernie Elbourn wrote: If it is possible to wiz up a blank jessie-updates this will save me visiting a bunch of systems throwing apt errors in next few days. On 2019-03-27 11:50, Matus UHLAR - fantomas wrote: I wonder if it wasn't blank already. All of its contents was supposed to be moved to jessie main archive with last point release and no content should be there after that. On 27.03.19 13:52, Adam D. Barratt wrote: Packages aren't moved from -updates to (old)stable, they're moved from p-u. Packages only get removed from -updates following manual action from a Release Team member. so, as I understand it, packages like clamav, spamassassin and others that are in -updates may not get to main archive with a point release? Is there anything other needed to get them in? iirc, the -updates (formerly called volatile) was created to contain packages that really need updates during distribution lifecycle, just like antiviruses, spam filters and alike. They should not be lost. In the case of jessie, it appears there was still at least an old kernel package in there. luckily, nothing important. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor.
[SECURITY] [DLA 1735-1] ruby2.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: ruby2.1 Version: 2.1.5-2+deb8u7 CVE ID : CVE-2019-8320 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Several vulnerabilities have been discovered in rubygems embedded in ruby2.1, the interpreted scripting language. CVE-2019-8320 A Directory Traversal issue was discovered in RubyGems. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. CVE-2019-8322 The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur. CVE-2019-8324 A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. CVE-2019-8325 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) For Debian 8 "Jessie", these problems have been fixed in version 2.1.5-2+deb8u7. We recommend that you upgrade your ruby2.1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlyd3OkACgkQhj1N8u2c KO9pWg//Yvg20jnHfxPngvtSWiKe2l+MyZIQjvu//wxeWuJEQJ73XNDcdkZKYxUJ 1M+qupJuiLwB2joS9qf1FvgSWjIpApKZdfMNSBokOYOm3FEOmj4gOI0w/uBr+p2z +uUyUWP7Jp+AZlN0HRqDFd3YQWn96goL45hPNtCAiSQPBjNfYIpYVNZDh2A67QdR 2gPkbhPhYjTBmKIzFoWeHwXImp0fQfKGC75A/KFROuibzQLa3Ukz8qJuUiBvga9I zO9aKz7Azeinz1vA53uwdwvw2Oo8a/4SsDOspxbOx2xa2xCWhPEz3A2c2YEbnvV7 PYfWi+qZLBaRXszYxDMNamlHtOc/d5jTlUWNdkmJ3HiJCz7YRIVIDi30iRqUdvEx 4IbcIV2AoomKilk4LTubVLLsllE3ie4+QQDpMtTJU1qo3bJeUQSlbvMstcKpT8HC G7kMQd1PS32ZwuitU2ZLDoIKPNVmLLSyM67QKr40sqkY5QsYIdR0d1sT2x+xon9g B5WlL0ff4/9+pc70MwUdXAof2G+Zr03J/LPLkN0f1gwA2C5HjvmMrfyJu0lLizQj jPLopub0sQBXR7DmxExmxjPD0tdeRLOByDytiwW0xJSel0qdDEbDi4qKJoF0RAYY Wj3AeUnsFzvb69OepMo84M6KXLmNmjERJ/5AN8RgS2FVfvxRYQw= =Y7hz -END PGP SIGNATURE-
Kernel 3.16.0-8-amd64 on vmware : corrupted page table
Hi, Our Debian 8 servers have picked up the kernel security update linux-image-3.16.0-8-amd64 . Soon after reboot, problems started to appear, mainly various process crashes with messages like : Mar 28 11:07:35 server123 kernel: [16203.774877] java: Corrupted page table at address d58184a0 Processes become zombies or virtual machines start to grab all the CPU they can (and become unresponsive). It only affects our virtual machines, which are all on VMWare. We have a few hardware servers and no problems so far on that. Does anybody experiences something similar? We have configured Grub to boot on 3.16.0-7 while we investigate. Regards, -- Jérémie Pierson
Accepted ruby2.1 2.1.5-2+deb8u7 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2019 11:56:38 +0530 Source: ruby2.1 Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk Architecture: source amd64 all Version: 2.1.5-2+deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Antonio Terceiro Changed-By: Abhijith PA Description: libruby2.1 - Libraries necessary to run Ruby 2.1 ruby2.1- Interpreter of object-oriented scripting language Ruby ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1 ruby2.1-doc - Documentation for Ruby 2.1 ruby2.1-tcltk - Ruby/Tk for Ruby 2.1 Changes: ruby2.1 (2.1.5-2+deb8u7) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2019-8320, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325 Checksums-Sha1: 383c71d28a7c97003e0abe2e74fe442f9c4422ad 2480 ruby2.1_2.1.5-2+deb8u7.dsc 4c70a84f0e88f553235b3e0c2619c193251d4652 8026484 ruby2.1_2.1.5.orig.tar.xz 65ce512bc9f924d6c7714a8eada4deecffb73cb6 123168 ruby2.1_2.1.5-2+deb8u7.debian.tar.xz 6160ddc2f50d48e2e74b42f6f94285d84f2445b4 276750 ruby2.1_2.1.5-2+deb8u7_amd64.deb b8d636a23b9625303b5ca252af0ddf0635445774 3285906 libruby2.1_2.1.5-2+deb8u7_amd64.deb 972f83fd0d00a41252846d4b0cb36db21def3240 1103048 ruby2.1-dev_2.1.5-2+deb8u7_amd64.deb 5172ef0b2282f6c4596b8b23975f721bbef936f0 3406126 ruby2.1-doc_2.1.5-2+deb8u7_all.deb 678bf69650d4ebbd4e56afc3dea052b80973ff44 478814 ruby2.1-tcltk_2.1.5-2+deb8u7_amd64.deb Checksums-Sha256: bd0d18d04858417c37ffe0cd57428aaf1c9e2e996f7589413d4f745971c9f5d4 2480 ruby2.1_2.1.5-2+deb8u7.dsc 0f8d9b15b38ee8b9a59dd9504404789cd8941da2c3ea079535e24f95e0f7ddc1 8026484 ruby2.1_2.1.5.orig.tar.xz 01523e68e0a2e4925f67ebd73cfd707a91308f79dbce333abdeba4992a6a8bef 123168 ruby2.1_2.1.5-2+deb8u7.debian.tar.xz 73eff9d901c7a45ce54637734bf15e3c3ac986decbab6bae683df92873b8c139 276750 ruby2.1_2.1.5-2+deb8u7_amd64.deb 0dc78dd314e6d2988cbfe2328f3ba1f353c098137dc2cd4df974e1b46280bf4a 3285906 libruby2.1_2.1.5-2+deb8u7_amd64.deb 3127bfa6988516e78719892625d22e88eb634240e91aba68022b1799167873e3 1103048 ruby2.1-dev_2.1.5-2+deb8u7_amd64.deb e85a75058962419de5d5c42929b2f70f657a8cf5185ff66c62afa58626301803 3406126 ruby2.1-doc_2.1.5-2+deb8u7_all.deb e50f88d2fa9dc374ea2818abccb338630d5e6a3e2d04d5a23984261fd71137c5 478814 ruby2.1-tcltk_2.1.5-2+deb8u7_amd64.deb Files: 1949d27c8dce138a69aa96dd6519b077 2480 ruby extra ruby2.1_2.1.5-2+deb8u7.dsc 1fe7f8fe73a3deba9363f391c1083e94 8026484 ruby extra ruby2.1_2.1.5.orig.tar.xz be53e941f660daff5d10888c8ab3686b 123168 ruby extra ruby2.1_2.1.5-2+deb8u7.debian.tar.xz 76a2165d65721fe47681c549fe56b128 276750 ruby extra ruby2.1_2.1.5-2+deb8u7_amd64.deb 788bd2a20deae25be2d64fc99803821a 3285906 libs extra libruby2.1_2.1.5-2+deb8u7_amd64.deb 098dae382c612acb22abe7206da8be57 1103048 ruby extra ruby2.1-dev_2.1.5-2+deb8u7_amd64.deb a48611f6858eb03088fec38e1f8d1aac 3406126 doc extra ruby2.1-doc_2.1.5-2+deb8u7_all.deb 09cdb0cc878b5375158a1c81596d6d79 478814 ruby extra ruby2.1-tcltk_2.1.5-2+deb8u7_amd64.deb -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlydyvEUHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO8c8Q/+M1djtYdD3xEkr89+b4RuqDkV3maV Gy33ai9rQifmkApgQgio2AsSSOAaAeB/tEDSgubI4A0pumQUxVbIFblsfvnC2ekK 5XwTyz7WWe6lKd7cKig6WiucN5OSzbsOrNZUdqYJwZT57WasJChnA1AP49GEfyzt hlLBLhsqqpfxQX1xa1h5DCtxg7FZyMSCogIerTVLuTqVrnwJxwGXBpKZE6lVwApY Xjin7p3msy/+nmSREVS8TXi97EBIt0El/pi8IU4G49ycANMtv8J6uHu3Ium6vKNi Pg7Rmc4f4E10d0QnFK2W360AHE9eDdshuqy9Y5YtIia017n8O0/7DCr9JM8uu+LQ vQv6kMZWLYEHjuFG/SMgktez/pPHGl1Aopq4DpvmZ8htn5nDFZhtQ9rmHl2tU2PR Jmnz3igEviBbEXl235WY9SlVV074tceF/W9hGenAQtHttDupr28XyF0h9Ahj5ksB m+q3w/jb4V45aKY8yj/dK8IK+Lt31giOELZxjVxgwcNGTK0VlWFQkkNDwKuiEEfn m9oSaLWPi4DK9c23iJXM7Bn0I+YnbRW0FN6Q6FxIhQZ1uri2rBNFnFEg6N6fxgWW yHUQ0d3gTa0L6rE9FR6T0QEQYbUwK8fz5dds7QRnLeyC7C2CBTyUwEOtNCXhBOl3 e34QQ3y6Ou2uMZI= =IyOw -END PGP SIGNATURE-
