Re: CVE-2011-1521 and CVE-2011-3389 - fixed packet
begin quotation from Michael Gilbert (in jmfpp-2t...@gated-at.bofh.it): On Fri, Sep 21, 2012 at 11:40 AM, Arne Wichmann wrote: Ok, I just created one more fixed version of python2.6 for my own use. Whoever is interested can find it at [1] for the time being. If anybody has comments or improvements I am also interested. Would you mind attaching a debdiff so we can see what you did? If your changes look reasonable, I may be willing to work with you to sponsor a stable-proposed update: http://www.debian.org/releases/proposed-updates Attached. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (a...@linux.de) reverted: --- python2.6-2.6.6/.pbuilderrc +++ python2.6-2.6.6.orig/.pbuilderrc @@ -1,163 +0,0 @@ -# Idea stolen at https://wiki.ubuntu.com/PbuilderHowto -# Enhanced to support experimental, backports and oldstable. -# Does not build with non-free by default anymore. - -unset CCACHEDIR - -# DIST NONFREE ARCH CUSTOM should be added to env_keep in your sudoers config. -OLDSTABLE=lenny -OLDSTABLE_ARCHIVED=false -STABLE=squeeze -TESTING=wheezy -UNSTABLE=sid - -# Codenames for Debian suites according to their alias. Update these when -# needed. -UNSTABLE_CODENAME=unstable -TESTING_CODENAME=testing -STABLE_CODENAME=stable -OLDSTABLE_CODENAME=oldstable - - -# List of Debian suites. -DEBIAN_SUITES=($UNSTABLE_CODENAME $TESTING_CODENAME $STABLE_CODENAME $OLDSTABLE_CODENAME -$UNSTABLE $TESTING $STABLE $OLDSTABLE experimental) - -# List of Ubuntu suites. Update these when needed. -UBUNTU_SUITES=(jaunty intrepid hardy gutsy lucid maverick) - -# Mirrors to use. Update these to your preferred mirror. -DEBIAN_MIRROR=ftp2.de.debian.org -UBUNTU_MIRROR=debian.netcologne.de - -# Use Cowbuilder -PDEBUILD_PBUILDER=cowbuilder - -# Optionally use the changelog of a package to determine the suite to use if -# none set. -if [ -z ${DIST} ] [ -r debian/changelog ]; then -DIST=$(dpkg-parsechangelog | awk '/^Distribution: / {print $2}') -fi - -# Optionally set a default distribution if none is used. Note that you can set -# your own default (i.e. ${DIST:=unstable}). -: ${DIST:=stable} - -# Optionally change Debian codenames in $DIST to their aliases. -case $DIST in -$UNSTABLE_CODENAME|UNRELEASED) -DIST=$UNSTABLE -;; - $TESTING_CODENAME|$TESTING_CODENAME-proposed-updates|$TESTING_CODENAME-security) -DIST=$TESTING -;; - $STABLE_CODENAME|$STABLE_CODENAME-proposed-updates|$STABLE_CODENAME-security) -DIST=$STABLE -;; - $OLDSTABLE_CODENAME|$OLDSTABLE_CODENAME-proposed-updates|$OLDSTABLE_CODENAME-security) -DIST=$OLDSTABLE -esac - -# Optionally set the architecture to the host architecture if none set. Note -# that you can set your own default (i.e. ${ARCH:=i386}). -: ${ARCH:=$(dpkg --print-architecture)} - -DEBOOTSTRAPOPTS=( -'--variant=buildd' -) - - -NAME=$DIST -if [ -n ${ARCH} ]; then -NAME=$NAME-$ARCH -DEBOOTSTRAPOPTS=(--arch $ARCH ${DEBOOTSTRAPOPTS[@]}) -fi -if [ -n ${NONFREE} ]; then -NAME=$NAME-nonfree -fi - -#CUSTOM allows to create chroots per customer, or for whatever you need it -if [ -n ${CUSTOM} ]; then -NAME=$NAME-$CUSTOM -fi - -BASETGZ=/var/cache/pbuilder/$NAME-base.tgz -BASEPATH=/var/cache/pbuilder/$NAME-base.cow -BUILDRESULT=/tmp/ -BUILDPLACE=/var/cache/pbuilder/build/ - -if $(echo ${DEBIAN_SUITES[@]} | grep -q ${DIST%-backports}); then -COMPONENTS=main -if [ -n ${NONFREE} ]; then -COMPONENTS=$COMPONENTS contrib non-free -fi -DEBOOTSTRAPOPTS=( -'--keyring' '/usr/share/keyrings/debian-archive-keyring.gpg' -${DEBOOTSTRAPOPTS[@]} -) - -case $DIST in -$OLDSTABLE) -if [ $OLDSTABLE_ARCHIVED = true ]; then -MIRRORSITE=http://archive.debian.org/debian/; -else -MIRRORSITE=http://$DEBIAN_MIRROR/debian/; -fi -;; -experimental) -if [ -z $OTHERMIRROR ]; then -OTHERMIRROR=deb http://$DEBIAN_MIRROR/debian experimental $COMPONENTS -else -OTHERMIRROR=deb http://$DEBIAN_MIRROR/debian experimental $COMPONENTS | ${OTHERMIRROR} -fi -;; -*-backports) -if [ -z $OTHERMIRROR ]; then -OTHERMIRROR=deb http://debian.netcologne.de/debian-backports/ $DIST $COMPONENTS -else -OTHERMIRROR=deb http://debian.netcologne.de/debian-backports/ $DIST $COMPONENTS | ${OTHERMIRROR} -fi -EXTRAPACKAGES=$EXTRAPACKAGES debian-backports-keyring -;; -esac - -elif $(echo ${UBUNTU_SUITES[@]} | grep -q ${DIST%-backports}); then -# Ubuntu configuration -MIRRORSITE=http://$UBUNTU_MIRROR/ubuntu/; -COMPONENTS=main universe -if [ -n ${NONFREE} ]; then
Re: CVE-2011-1521 and CVE-2011-3389 - fixed packet
On Mon, Sep 24, 2012 at 4:27 AM, Arne Wichmann wrote: begin quotation from Michael Gilbert (in jmfpp-2t...@gated-at.bofh.it): On Fri, Sep 21, 2012 at 11:40 AM, Arne Wichmann wrote: Ok, I just created one more fixed version of python2.6 for my own use. Whoever is interested can find it at [1] for the time being. If anybody has comments or improvements I am also interested. Would you mind attaching a debdiff so we can see what you did? If your changes look reasonable, I may be willing to work with you to sponsor a stable-proposed update: http://www.debian.org/releases/proposed-updates Attached. Thanks for your work on this. There are a couple easily correctable issues. One is that the debdiff is backwards. Second, its better to use cve numbers to name the patches rather than commit ids. Third, the distribution should be stable-proposed-updates rather than stable, and there should only be one new entry in the changelog, and the version should be +squeeze1. Finally, there are some other unfixed python2.6 issues. Would you mind taking a look at those? It would be good to include them all in a new update: http://security-tracker.debian.org/tracker/source-package/python2.6 Thanks again! Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMmOqRrK-g9gmLndxmxXxkYO3zwaDCis_hSvo2=n77...@mail.gmail.com
Re: [SECURITY] [DSA 2550-1] asterisk security update
On Wed, Sep 19, 2012 at 12:07:15PM +0200, Michael Kozma wrote: Le 19/09/2012 12:00, Cyril Brulebois a écrit : Michael, that should be “chan_sip” apparently? Yes, sorry, but i have the same issue than Herman : monitoring*CLI module load chan_sip Unable to load module chan_sip Command 'module load chan_sip' failed. [Sep 19 12:05:21] WARNING[2245]: loader.c:435 load_dynamic_module: Error loading module 'chan_sip': /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: sip_pvt_lock_full [Sep 19 12:05:21] WARNING[2245]: loader.c:801 load_resource: Module 'chan_sip' could not be loaded. Please test/report, whether the packages located at http://people.debian.org/~jmm/ fix the problem for you. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120924172550.GA7130@pisco.westfalen.local
Re: [SECURITY] [DSA 2550-1] asterisk security update
Le 24/09/2012 19:25, Moritz Mühlenhoff a écrit : On Wed, Sep 19, 2012 at 12:07:15PM +0200, Michael Kozma wrote: Le 19/09/2012 12:00, Cyril Brulebois a écrit : Michael, that should be “chan_sip” apparently? Yes, sorry, but i have the same issue than Herman : monitoring*CLI module load chan_sip Unable to load module chan_sip Command 'module load chan_sip' failed. [Sep 19 12:05:21] WARNING[2245]: loader.c:435 load_dynamic_module: Error loading module 'chan_sip': /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: sip_pvt_lock_full [Sep 19 12:05:21] WARNING[2245]: loader.c:801 load_resource: Module 'chan_sip' could not be loaded. Please test/report, whether the packages located at http://people.debian.org/~jmm/ fix the problem for you. Cheers, Moritz Hello, I have a 403 error when i try to download files :/ Thx -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5060b6a7.9050...@kozma.fr
Re: CVE-2011-1521 and CVE-2011-3389 - fixed packet
On Mon, 2012-09-24 at 12:39 -0400, Michael Gilbert wrote: the distribution should be stable-proposed-updates rather than stable, stable's fine. (As would be proposed-updates and squeeze.) Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1348520749.6724.17.ca...@jacala.jungle.funky-badger.org
Re: [SECURITY] [DSA 2550-1] asterisk security update
On Mon, Sep 24, 2012 at 09:38:15PM +0200, Michael Kozma wrote: Le 24/09/2012 19:25, Moritz Mühlenhoff a écrit : On Wed, Sep 19, 2012 at 12:07:15PM +0200, Michael Kozma wrote: Le 19/09/2012 12:00, Cyril Brulebois a écrit : Michael, that should be “chan_sip” apparently? Yes, sorry, but i have the same issue than Herman : monitoring*CLI module load chan_sip Unable to load module chan_sip Command 'module load chan_sip' failed. [Sep 19 12:05:21] WARNING[2245]: loader.c:435 load_dynamic_module: Error loading module 'chan_sip': /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: sip_pvt_lock_full [Sep 19 12:05:21] WARNING[2245]: loader.c:801 load_resource: Module 'chan_sip' could not be loaded. Please test/report, whether the packages located at http://people.debian.org/~jmm/ fix the problem for you. Cheers, Moritz Hello, I have a 403 error when i try to download files :/ Fixed. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120924223656.ga26...@inutil.org