Bug#880220: should not install a globally valid trust anchor

Package: leap-archive-keyring Version: 2016.03.08 Severity: normal This package installs a keyring in /etc/apt/trusted.gpg.d which is great as it allows people to easily install LEAP applications by leveraging the trust path already in Debian. It does, however, mean that LEAP could, in theory,

Bug#871657: dch: please add --sru option

After reviewing this patch for inspiration in implementing a --lts option (#762715), I believe I have found it to be slightly incomplete. Those two chunks, in particular, probably do not yield the warning you would have expected: @@ -430,7 +433,7 @@ if (defined $opt_level) { if (defined

Bug#879239: RFP: sigal -- Simple Static Gallery Generator

Package: wnpp Severity: wishlist * Package name: sigal Version : 1.3.0 Upstream Author : Simon Conseil * URL : http://sigal.saimon.org/ * License : Expat Programming Lang: Python Description : Simple Static Gallery Generator Sigal

Bug#879125: ITP: python-requests-file -- File transport adapter for Requests

Control: tags -1 +pending Control: forwarded -1 https://github.com/dashea/requests-file/issues/10 Uploaded this to NEW and notified the upstream of possible collaboration. signature.asc Description: PGP signature

Bug#879125: ITP: python-requests-file -- File transport adapter for Requests

Package: wnpp Severity: wishlist Owner: Antoine Beaupre <anar...@debian.org> * Package name: python-requests-file Version : 2017-04-28 Upstream Author : David Shea * URL : https://pypi.python.org/pypi/requests-file * License : Apache 2.0 Programmin

Bug#878425: it's all text will stop working in Firefox 57

Package: xul-ext-itsalltext Version: 1.9.2-2 Severity: normal Tags: upstream Once Firefox 57 hits the archive, this extension will completely stop working, as it relies on the older XUL API. It also cannot be ported to the new web-ext API cleanly, as it is a fundamental shift in the way it works:

Bug#844317: Bug#845542: include font-size extensions

On Thu, Nov 24, 2016 at 01:50:37PM +0100, martin f krafft wrote: > Package: rxvt-unicode > Version: 9.22-1+b1 > Severity: wishlist > > Please include this extension in the package: > > https://github.com/majutsushi/urxvt-font-size > Dear Maintainer, > > As you may have known archlinux wiki

Bug#877530: show history of debian developers / maintainers / members statistics

Package: nm.debian.org Severity: wishlist Hi! Following recent changes in the nm.debian.org site, there seems to have been somewhat of a surge in the number of new "emeritus" developers, presumably because the site makes it easier for people to confirm their inactive status. Similarly, the

Bug#861772: RFS: writeroom-mode/3.6.1-1 [ITP]

On Wed, May 17, 2017 at 10:47:00AM -0400, Nicholas D Steeves wrote: > Control: tag -1 +moreinfo > > Tagging as moreinfo while investigating a potential trademark > infringement issue. I will untag when this has been resolved. Any update here? Can you clarify the trademark issue and what's

Bug#877030: ITP: pat -- Winlink client with basic messaging capabilities

Package: wnpp Severity: wishlist Owner: Antoine Beaupre <anar...@debian.org> * Package name: pat Version : 0.3.0 Upstream Author : Martin Hebnes Pedersen <martin.h.peder...@gmail.com> * URL : http://getpat.io/ * License : MIT (Expat) Programm

Bug#876413: new upstream version available

Package: python-feedparser Version: 5.1.3-3 Severity: wishlist Even though upstream is not very active, there *is* a new release available (5.2.1) which is not included into Debian: https://github.com/kurtmckee/feedparser/blob/develop/NEWS#L14 Unfortunately, it seems the newer version from the

Bug#876383: ITP: safeeyes -- Protect your eyes from eye strain using this simple and beautiful, yet extensible break reminder

Package: wnpp Severity: wishlist Owner: Antoine Beaupre <anar...@debian.org> * Package name: safeeyes Version : 1.2.2 Upstream Author : slgobin...@gmail.com * URL : http://slgobinath.github.io/SafeEyes/ * License : GPL-3 Programming Lang: Python Descr

Bug#873955: RFP: selfspy -- log everything you do on the computer, for statistics/fun etc.

On Fri, Sep 01, 2017 at 03:29:06PM +0100, Chris Lamb wrote: > Package: wnpp > Severity: wishlist > > * Package name: selfspy > * URL : https://github.com/gurgeh/selfspy > Upstream Author : David Fendrich (@gurgeh) > * License : GPLv3 > > Selfspy continuously monitors

Bug#824382: feed2imap: script to export OPML from configuration

Control: forwarded -1 https://github.com/feed2imap/feed2imap/pull/22 Control: tags -1 +patch On Sun, May 15, 2016 at 04:20:28PM +0800, Paul Wise wrote: > Package: feed2imap > Version: 1.2.5-1 > Severity: wishlist > File: /usr/bin/feed2imap-opmlexport > > rss2email has an option to export OPML

Bug#826014: feed2imap: cache.rb:84:in `load': incompatible marshal file format (can't be read) (TypeError)

Control: forward -1 https://github.com/feed2imap/feed2imap/issues/12 Control: tags -1 +patch On Wed, Jun 29, 2016 at 04:44:27PM +0200, Matteo Calorio wrote: > Hello, any news about that? Thanks, Matteo This is not on load, but there's an upstream bug for the write part:

Bug#456819: feed2imap: Please support setting IMAP server info once, not per-feed

On Tue, Dec 18, 2007 at 12:24:08AM -0800, Josh Triplett wrote: > Package: feed2imap > Version: 0.9.2-1 > Severity: wishlist > > I want to subscribe to various feeds, with all items going to the same > IMAP server. Please allow setting the IMAP server once, not per-feed. Not sure this is a very

Bug#866821: libdbd-mysql-perl: CVE-2017-10789

On Mon, Aug 28, 2017 at 02:53:12PM +0200, Guido Günther wrote: > While a patch for this was upstream in 4.042 (around > b6be72f321e920419bdc5c86998d9b9cb26c6791) upstream reverted _all_ > changes of back to 4.041. That's right, like #866818... I've backported the patch to wheezy, but this is

Bug#866818: libdbd-mysql-perl: CVE-2017-10788

On Mon, Aug 28, 2017 at 02:56:36PM +0200, Guido Günther wrote: > I've pinged upstream again why the patch is still pending: > > https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-325342844 After reviewing the original advisory and the suggested patch, I have opened that PR in:

Bug#873508: parsing horst source code fails on s390x and ppc64el

Source: sparse Version: 0.5.0-4 Severity: important Since I uploaded the new version of horst (5.0, from 4.2), sparse now fails to parse its source code on some architecture. The buildds report problems with s390x and ppc64el:

Bug#871055: RFP: gr-gsm -- Gnuradio blocks and tools for receiving GSM transmissions

On Wed, Aug 09, 2017 at 11:01:57PM +0200, Petter Reinholdtsen wrote: > > A few minutes ago I concluded that the packaging cleanup might be good > enough for the ftpmasters to accept it, and uploaded it for NEW > processing. > > These are the lintian issues I am unsure how to handle: > > W:

Bug#871268: ITP: vmtouch -- Portable file system cache diagnostics and control

In case the FTP masters are reviewing this looking for more information, know that I have helped with the packaging and also reviewed the licensing information upstream. There are some details of that work in the upstream issue here: https://github.com/hoytech/vmtouch/issues/47 I think this is

Bug#873088: git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976)

Package: git-annex X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for git-annex. CVE-2017-12976[0]: | git-annex before 6.20170818 allows remote attackers to execute | arbitrary

Bug#873036: new upstream release (0.19.3) required for magic-wormhole

Source: txtorcon Version: 0.18.0 Severity: normal Hi! I would like to get help to see the latest version of txtorcon (0.19.3) arrive in the archive. It is necessary to make tor support work properly in magic-wormhole, and I suspect in other applications. For example, wormhole requires the

Bug#870082: maim: diff for NMU version 5.4.68-1.1

I have made another delayed NMU for the 5.4.68 release, because the latest slop upload breaks it as well... A. diff -Nru maim-5.4.64/CMakeLists.txt maim-5.4.68/CMakeLists.txt --- maim-5.4.64/CMakeLists.txt 2017-07-20 10:05:29.0 -0400 +++ maim-5.4.68/CMakeLists.txt 2017-08-15

Bug#873015: RM: gnome-web-photo -- ROM; RC bug, unmaintained, alternatives exist

Package: ftp.debian.org Severity: normal gnome-web-photo is a tool to "create snapshot images and print web pages from the command line". Two years ago, I migrated this from Ubuntu into Debian and made myself maintainer, mostly to scratch my own itch: I was using the Shutter screenshot tool and

Bug#872649: install bash completions

Package: gitsome Version: 0.7.0-1 Severity: wishlist gitsome is designed to work even without the xonsh shell. there's a bash completion file in scripts/gh_complete.sh which can be installed in /usr/share/bash-completion/completions/. this would give regular shell users the POWAR of gitsome

Bug#871937: stretch-pu: package monkeysign/2.2.3

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi, I am working on a new release of Monkeysign, which I'd like to upload in Debian. If it would be just me, I would tag the current HEAD with 2.2.4, considering the changes are

Bug#870321: disabled proxies hide working proxies

Package: squid-deb-proxy-client Version: 0.8.9 Severity: normal Tags: patch Hi! I must admit: I have a broken setup. So maybe this could be argued as "garbage in, garbage out". But hear me out before you discard this one. :) In my home network, I did some tests to setup apt-cacher-ng on my

Bug#870102: automatically update schroots

Package: sbuild Version: 0.73.0-4 Severity: wishlist Tags: patch It would be nice if sbuild automatically updated the configured schroots. As things stand now, a configured schroot will slowly rot down to a point where new builds will have to download a bunch of base packages at each run, if

Bug#869627: maim -s fails

Hi! Thanks for your bug report! It looks like newer versions of slop are not backwards compatible with maim. Boo. :) I prepared a NMU to fix this, available here: https://people.debian.org/~anarcat/debian/sid/ Let me know if it works for you then I'll upload the fix to the main archive! A.

Bug#819533: maim: please make the description clearer

Control: tags -1 +patch On Wed, Mar 30, 2016 at 04:39:28PM +, Patrick O'Doherty wrote: > Thanks for the feedback folks. I'm planning to address this as follows: > > * package slop - this is in progress at the moment > * cut a new release of maim with both an updated description and also a >

Bug#869987: document (and enable?) the automatic purge of downloaded packages (APT::Periodic::AutocleanInterval)

Package: unattended-upgrades Version: 0.93.1+nmu1 Severity: normal Tags: patch Hi, In the past week, my filesystem finally filled up due to 6GB of archives in /var/cache/apt/archives. I identified unattended-upgrades as the cause of this problem, as it didn't purge old packages (hello texlive!)

Bug#867718: CVE-2017-11108

For what it's worth, I can reproduce this in stretch by rebuilding with ASAN (-lasan -fsanitize=address -fno-omit-frame-pointer). I can also reproduce this in wheezy by running it in valgrind: $ valgrind /usr/sbin/tcpdump -ntr poc ==26648== Memcheck, a memory error detector ==26648== Copyright

Bug#858373: help needed to complete regression fix for apache2 Bug#858373

Hi, (Sorry for the large CC list, but I am hoping to get a broad approval of the next changes for this in order to avoid previous mistakes. ;) In particular, I'd be very grateful for some input by Stefan considering his knowledge of the Apache codebase and how ... exotic this problems is.) As I

Bug#858373: apache2: segfaults upon recieving bad request when using worker/event mpm and cgid errordoc

Hi! First, thank you very much for the detailed bug report, very useful! Responses inline. On Tue, Mar 21, 2017 at 11:56:40AM -0500, Brian Kroth wrote: > Package: apache2.2-common > Version: 2.2.22-13+deb7u8 > Severity: normal > Tags: security > > Dear Maintainer, > > We have some websites

Bug#867986: [Pkg-ipsec-tools-devel] Bug#867986: CVE-2016-10396

On Tue, Jul 18, 2017 at 01:53:09PM -0400, Noah Meyerhans wrote: > Control: tags -1 + pending patch > > On Mon, Jul 10, 2017 at 11:18:35PM +0200, Moritz Muehlenhoff wrote: > > > > Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396 > > > > I believe that the attached

Bug#812609: tracker.debian.org: wrong versioned links for security versions

Package: tracker.debian.org Followup-For: Bug #812609 Same issue here. I always end up going to the packages.debian.org site to find the .dsc link... -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture:

Bug#868728: cups requires do lpadmin configuration to share printers

Package: cups Version: 2.2.1-8 Severity: normal Hi! When trying to share my printers with my roommates through the CUPS web interface, I quickly found the "Share printers connected to this system" button and clicked it. And lo and behold, other Linux (and probably Mac, haven't tried) computers

Bug#867477: poppler: CVE-2017-9865 stack-based overflow leading to denial-of-service

Package: poppler X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security patch upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=100774 Hi, the following vulnerability was published for poppler. CVE-2017-9865[0]: | The

Bug#867461: jessie-pu: package ca-certificates/20141019+deb8u3

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu The ca-certificates package in jessie is still vulnerable to #858539, that is it still ships the WoSign and StartCom certificates which have been marked as blacklisted after october

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Fri, May 19, 2017 at 10:46:35AM -0500, Michael Shuler wrote: > On 05/19/2017 10:07 AM, Chris Lamb wrote: > > I've uploaded ca-certificates 20161130+nmu1 to DELAYED/5: > > > > ca-certificates (20161130+nmu1) unstable; urgency=medium > > > > * Non-maintainer upload. > > * Add

Bug#863897: sudo: Further issue in parsing /proc/[pid]/stat when process name contains newline

On Mon, Jun 05, 2017 at 06:32:11AM +0200, Salvatore Bonaccorso wrote: > Hi! > > On Sun, Jun 04, 2017 at 08:35:05PM +0200, Salvatore Bonaccorso wrote: > > Hi Bdale > > > > Since time is pressing a bit for the release of stretch, any problem > > in if I would prepare a NMU for both stretch

Bug#845938: pulseaudio: bt headset: a2dp sink is not selectable - only hsp/hfp works

Package: pulseaudio Version: 10.0-1 Followup-For: Bug #845938 This is still an issue in Debian stretch: the gdm3 package runs pulseaudio, which takes over the bluetooth device and makes it impossible for regular users to connect to their bluetooth device using the hifi A2DP sink. See #805414 for

Bug#805414: gdm3: disable pulseaudio to prevent capturing A2DP sink on session start

On Sat, Jun 24, 2017 at 02:10:26AM +0200, Aurelien Jacobs wrote: > Package: gdm3 > Version: 3.22.3-3 > Followup-For: Bug #805414 > > The workaround from https://wiki.debian.org/BluetoothUser/a2dp used to > work, but starting with gdm3 3.22.3-2, it is not enough anymore. > I found out that I now

Bug#866792: irssi profile should be in complain mode

Package: apparmor-profiles-extra Version: 1.11 Severity: normal The apparmor profile for irssi is way too restrictive. A first failure, in my use case, is restricting logs to be in ~/irclogs. While this *is* the upstream default, it seems rather unusual to enforce this in apparmor. A more common

Bug#866790: postfix rules yield error and fail

Package: apparmor Version: 2.11.0-3 Severity: grave Right now, in debian stretch, any apparmor command will yield: $ sudo aa-disable usr.bin.irssi ERROR: Include file /etc/apparmor.d/program-chunks/postfix-common not found ... if apparmor-profiles is installed. This, obviously, is an error in

Bug#866786: unlock all crypto devices in cryptroot-unlock (remote SSH-based unlocking)

Package: cryptsetup Version: 2:1.7.3-4 Severity: wishlist I have multiple crypto partitions I need to unlock when the machine starts up. I use the dropbear-initramfs hack to unlock those remotely. Unfortunately, the current implementation in "cryptroot-unlock" doesn't seem to handle multiple

Bug#853248: docker.io: cannot be purged (at least not on first try)

Control: tags -1 +unreproducible Control: fixed -1 1.13.1~ds1-2 I cannot reproduce this here. Can you provide a step-by-step procedure to reproduce this on a clean system? A. signature.asc Description: PGP signature

Bug#855208: [pkg-go] Bug#855208: docker still broken

Control: fixed -1 1.0.0~rc2+git20170201.1 On Fri, Feb 24, 2017 at 10:39:00PM +0100, Vincent Bernat wrote: > ❦ 24 février 2017 12:34 -0800, Norbert Kiesel  : > > > What else can I do to get docker working again? > > You can install the one from experimental. It works fine

Bug#856645: docker.io: can't install in sid: docker.io 1.11 depends on runc which breaks docker < 1.12

Control: fixed -1 1.13.1~ds1-2 On Fri, Mar 03, 2017 at 11:11:36AM +0200, Dov Feldstern wrote: > Current versions of docker.io and runc conflict; docker.io depends on runc, > but: > > runc : Breaks: docker.io (< 1.12) but 1.11.2~ds1-6 is to be installed I believe this is now fixed: I

Bug#865975: docker.io breaks (bridged) network for VMs

Control: tags -1 +moreinfo On Mon, Jun 26, 2017 at 11:16:56AM +0200, Roland Kammerer wrote: > Package: docker.io > Version: 1.13.1~ds1-2 > Severity: critical > Tags: upstream > Justification: breaks unrelated software > > Dear Maintainer, > > * What led up to the situation? > Any docker command

Bug#864377: docker.io: Failure to install (cannot start daemon)

Control: notfound -1 1.13.1~ds1-2 Control: tags -1 unreproducible On Fri, Jun 09, 2017 at 04:28:41PM -0300, Antonio Terceiro wrote: > On Wed, 07 Jun 2017 14:19:16 -0400 Robbie Harwood > wrote: > > Package: docker.io > > Version: 1.13.1~ds1-2 > > Severity: grave > >

Bug#853258: docker.io: uses sleep to query user in maintainer script

Control: fixed -1 1.13.1~ds1-2 On Mon, Jan 30, 2017 at 09:31:38PM +0100, Dominik George wrote: > One of the maintainer scripts asks the user whether it is ok to “nuke” > docker containers using a message followed by a sleep. Where? I don't see such a sleep here: root@marcos:~# dpkg -l docker.io

Bug#858402: hangs on install when trying to start

Control: fixed -1 1.13.1~ds1-2 Just tested the sid package in stretch and it installs fine so I guess this is solved now. A. signature.asc Description: PGP signature

Bug#856552: progress on Kiwix RFPs?

On Thu, Mar 02, 2017 at 08:00:33PM +0100, Emmanuel Engelhart wrote: > Debian developer Vasudev/Copyninja > (uid=vasudev,ou=users,dc=debian,dc=org) has already volunteered to > work on this RFP. One time implemented this package should IMO be > maintained within the DebianEdu team. Any progress

Bug#763321: Kiwix - An offline wikipedia reader

On Sat, Sep 19, 2015 at 02:31:48PM +0200, Emmanuel Engelhart wrote: > On 02.09.2015 11:23, Elena ``of Valhalla'' wrote: > > X-Debbugs-Cc: debian-edu-pkg-t...@lists.alioth.debian.org, > > 1o5g4...@gmail.com > > > > What about packaging just kiwix-serve? > > It shouldn't depend on xulrunner, and

Bug#861541: jessie-pu: package kedpm/1.0

Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu A security issue came up in kedpm as shipped in stable (CVE-2017-8296, #860817). It was marked "no-dsa" by the security team, to be fixed in the next point release. This is

Bug#861278: release-notes: mention kedpm is dead

Package: release-notes Severity: wishlist I filed a removal request for kedpm (#861277) and that should be mentioned in the release notes, along with the fpm2 removal: https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages A possible

Bug#861277: RM: kedpm -- ROM; inactive upstream, unmaintained, security issues

Package: ftp.debian.org Severity: normal I am one of the last maintainers of the kedpm package, and I am not using it anymore. Recently, a security issue was found in the package (#860817), and I feel there may be more - I haven't deeply audited the source code myself. Or if I did, it was a long

Bug#855225: kodi: CVE-2017-5982: Unrestricted file download

affects 85225 xbmc package xbmc found 85225 2:11.0~git20120510.82388d5-1 thanks I can confirm this affects both jessie-backports and wheezy. I've been able to access random files on my Kodi install using:

Bug#861177: ship company-go.el as elpa-company-go

Package: gocode Version: 20150303-3+b1 Severity: wishlist Please ship a elpa-company-go binary package. This would be equivalent to the following MELPA package: https://melpa.org/#/company-go It depends on the upstream "go-mode" which was downstreamed recently here:

Bug#861176: RFP: elpa-go-mode -- Emacs mode for the Go programming language

Package: wnpp Severity: wishlist * Package name: elpa-go-mode Version : 1.5.0 Upstream Author : Dominik Honnef * URL : https://github.com/dominikh/go-mode.el * License : BSD-3-clause Programming Lang: Elisp Description : Emacs mode

Bug#861174: RFP: elpa-elpy -- Emacs Python Development Environment

Package: wnpp Severity: wishlist * Package name: elpa-elpy Version : 1.14.1 Upstream Author : Jorgen Schäfer * URL : https://github.com/jorgenschaefer/elpy * License : GPL-3+ Programming Lang: Elisp Description : Emacs Python Development Environment

Bug#861128: RFP: elpa-markdown-toc -- Generate a TOC in markdown file with Emacs

Package: wnpp Severity: wishlist * Package name: elpa-markdown-toc Version : 0.1.2 Upstream Author : Antoine R. Dumont * URL : https://github.com/ardumont/markdown-toc/ * License : GPL-3+ Programming Lang: Elisp Description : Generate a TOC in markdown

Bug#861127: RFP: elpa-multiple-cursors -- Multiple cursors for emacs.

Package: wnpp Severity: wishlist * Package name: elpa-multiple-cursors Version : 1.4.0 Upstream Author : Magnar Sveen * URL : https://github.com/magnars/multiple-cursors.el * License : GPL-3+ Programming Lang: Elisp Description : Multiple cursors for

Bug#861125: RFP: elpa-writegood-mode -- Minor mode for Emacs to improve English writing

Package: wnpp Severity: wishlist * Package name: elpa-writegood-mode Version : 2.0.2 Upstream Author : Benjamin Beckwith * URL : http://bnbeckwith.com/code/writegood-mode.html * License : GPL-3+ Programming Lang: Elisp Description : Minor mode for Emacs

Bug#861124: RFP: elpa-writeroom-mode -- distraction-free writing for Emacs

Package: wnpp Severity: wishlist * Package name: elpa-writeroom-mode Version : 3.6.1 Upstream Author : Joost Kremers * URL : https://github.com/joostkremers/writeroom-mode * License : 3-clause BSD? Programming Lang: Elisp

Bug#861106: emacs25 uses SHA-1 to pin untrusted X509 certificates

Package: emacs25 Version: 25.1+1-3+b1 Severity: normal I'm getting this when running emacs -q after adding adding the Marmalade repo (https://marmalade-repo.org/packages/): https://paste.anarc.at/snaps/snap-2017.04.24-12.53.11.png This is after running package-list-packages with the Marmalade

Bug#860920: manpages.debian.org support (dman)

Package: debian-goodies Version: 0.69 Severity: wishlist Tags: patch Hi! We have been working hard on restoring the manpages.debian.org service in the last months. It's now reliable and complete, yet you need a web browser to use it. The neat thing is: manpages.debian.org also ships actual

Bug#851885: Please add pseudopackage `manpages.debian.org'

On Thu, Mar 23, 2017 at 09:43:00AM -0500, Don Armstrong wrote: > On Thu, 23 Mar 2017, Michael Stapelberg wrote: > > Sorry for the late reply. > > > > The description looks good to me. > > Cool. > > > I don’t have a set of bugs to re-assign. I’m not sure whether the BTS was > > ever used for

Bug#851885: Please add pseudopackage `manpages.debian.org'

On Thu, Mar 23, 2017 at 02:55:51PM +, Ian Jackson wrote: > Michael Stapelberg writes ("Re: Bug#851885: Please add pseudopackage > `manpages.debian.org'"): > > Oh, I m not planning to create any bugs. I m working with GitHub. iwj@ > > wanted > > this pseudo-package to be created, and I agreed

Bug#860842: silently exits on first run

Package: redshift-gtk Version: 1.9.1-4 Severity: normal I have recommended this tool to a friend that has this problem of using the computer too late at night (bad boy, go to sleep! ;). When we did the first setup, my friend naturally clicked on the Redshift icon in the application menus, and

Bug#860841: gtk-redshift should hook into existing running process

Package: redshift-gtk Version: 1.11-1 Severity: wishlist If the systemd service is enabled (and works, see #827098) then a user wanting GUI visbility on whatever redshift is doing might naturally start the graphical application he/she sees in the menus. In this case, both applications get into a

Bug#845989: [Pkg-privacy-maintainers] Bug#845989: marked as done (browser can't be downloaded because of invalid SSL certificate)

On Sun, Nov 27, 2016 at 12:36:05PM -0500, Antoine Beaupré wrote: > On 2016-11-27 11:16:11, Holger Levsen wrote: > > On Sun, Nov 27, 2016 at 10:39:16AM -0500, Antoine Beaupré wrote: > >> > … you've been attacked. > >> I beg to disagree. I doubt that M. Kshevetskiy has been, in this case, > >>

Bug#860579: ITP: grammalecte -- grammatical corrector for libreoffice and firefox

Package: wnpp Severity: wishlist Owner: Antoine Beaupre <anar...@debian.org> * Package name: grammalecte Version : 0.5.15 Upstream Author : Olivier R. (olivier /at/ grammalecte /dot/ net) * URL : https://www.dicollecte.org/grammalecte/ * License :

Bug#760947: systemd: Does not start consoles configured in /etc/inittab

Control: tag -1 +patch On Mon, Apr 17, 2017 at 09:19:07AM -0400, Antoine Beaupre wrote: > On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote: > > Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit : > > > /etc/inittab is a sysvinit specific config file, w

Bug#699744: nagios3-cgi: prompting due to modified conffiles which were not modified by the user: /etc/nagios3/stylesheets/outages.css

On Sat, Apr 06, 2013 at 09:29:25AM +0200, Joost van Baal-Ilić wrote: > Hi, > > I agree with Andreas Beckmann it would be useful if a remark could be > added to the release notes. I can apply a patch soon. Below snippets > from previous discussion summarize the relevant parts I believe. >

Bug#706772: dpkg --set-selections ignores available packages never installed or removed by dpkg

Control: tags -1 +moreinfo On Sat, May 04, 2013 at 02:24:01PM -0700, Jonathan Nieder wrote: > Guillem Jover wrote: > > > Ah, much better indeed, thanks Jonathan. > > Thanks for the quick review. Here's the same change in patch form, > with two tweaks: > > - s/machine

Bug#760947: systemd: Does not start consoles configured in /etc/inittab

On Sun, Jun 07, 2015 at 08:32:54AM +0200, Samuel Thibault wrote: > Michael Biebl, le Sun 07 Jun 2015 01:41:59 +0200, a écrit : > > /etc/inittab is a sysvinit specific config file, which systemd won't > > read. This is not going to change. > > > > If you have custom changes to /etc/inittab, those

Bug#859136: CVE-2016-1566: XSS vulnerability in file browser

Package: guacamole-client X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: normal Tags: security Version: 0.9.9+dfsg-1 Hi, the following vulnerability was published for guacamole. CVE-2016-1566[0]: | Cross-site scripting (XSS) vulnerability in the

Bug#859135: CVE-2016-10127: XXE attack via crafted SAML XML request or response

Package: python-pysaml2 X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: normal Tags: security Hi, the following vulnerability was published for python-pysaml2. CVE-2016-10127[0]: | PySAML2 allows remote attackers to conduct XML external entity (XXE)

Bug#859123: automate import of DLAs and DSAs in www.debian.org

Package: www.debian.org Severity: normal According to carnil in a discussion on the debian-lts@ mailing list, DLAs and DSAs are manually imported in the website: https://lists.debian.org/debian-lts/2017/03/msg00200.html The process looks something like: cd webwml/english/security

Bug#859122: about 500 DLAs missing from the website

Package: www.debian.org Severity: normal Hi! First, thanks for doing the work of importing DLAs and DSAs in the website, it is greatly appreciated. However, during a discussion on the debian-lts@ mailing list, we have noticed that DLAs since squeeze LTS support was terminated have not been

Bug#858768: apparmor: CVE-2017-6507

Control: found -1 2.7.103-4 Control: notfound -1 2.9.0-3 Here's some more information about that security issue that I could gleam from testing and other sources. To reproduce this in wheezy, you first need to install apparmor: apt-get install apparmor apparmor-profiles sed -i -e

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Mon, Mar 27, 2017 at 10:39:17AM -0400, Antoine Beaupre wrote: > On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote: > > Thanks for the report, Chris. > > Any timeline for this deployment? Do you need help with patching this > in? Actually, I'm not sure I under

Bug#843722: (no subject)

On Tue, Jan 03, 2017 at 01:16:45PM -0600, Michael Shuler wrote: > On 01/01/2017 12:40 PM, Thomas Lange wrote: > > There's still no fix. Do you need help for a fix? > > If you have a patch idea, that would be great! Apologies for the delay > in getting something together to reproduce and test a

Bug#858539: ca-certificates: Contains untrusted StartCom and WoSign certificates

On Thu, Mar 23, 2017 at 09:25:42AM -0500, Michael Shuler wrote: > Thanks for the report, Chris. Any timeline for this deployment? Do you need help with patching this in? A. signature.asc Description: PGP signature

Bug#858402: hangs on install when trying to start

Package: docker.io Version: 1.11.2~ds1-6 Severity: grave I tried to install docker.io in Debian stretch (I know, it's banned, but I figured I'd try my luck) and it completely hangs apt-get install: $ LANG=C sudo dpkg --configure -a Setting up docker.io (1.11.2~ds1-6) ... addgroup: The group

Bug#707178: update on the stressant and breakin packages

Hi all, As those monitoring this bug report may have noticed, I have closed the WNPP bug for the packaging of the "Breakin" tool into Debian. In its place, I have uploaded the "Stressant" package which is a "simple stress testing and burn-in tool". To quote the package description further:

Bug#857942: --log-brief breaks --log-file output

Package: stress-ng Version: 0.07.24-1 Severity: normal I am using stress-ng to build a larger automated stress-testing tool. Therefore, I don't need the "info" prefixes in the generated logfile, so I tried using --log-brief to remove those. By defualt, the logfile works fine: $ stress-ng

Bug#718301: RFP: fedora-liveusb-creator, Cross-platform tool for installing live operating systems on to USB flash drives.

Note that fedorahosted.org closed down on march 1st. The tool is now called "MediaWriter", but is still quite Fedora-specific: https://github.com/MartinBriza/MediaWriter/ See also their usage instructions here: https://fedoraproject.org/wiki/How_to_create_and_use_Live_USB A. -- Never

Bug#776424: [kgb-maintainers] Bug#776424: can be crashed by some network traffic

On Sun, Feb 08, 2015 at 06:01:14PM +, Damyan Ivanov wrote: > -=| Joey Hess, 27.01.2015 18:00:11 -0400 |=- > > Source: kgb-bot > > Version: 1.33-2 > > Severity: important > > Tags: security > > > > 2015.01.19 18:08:39: Listening on http://0.0.0.0:?session=KGB > > 2015.01.19 18:08:43:

Bug#766397: Bug#766395: emacs/gnus: Uses s_client to for SSL.

On Sun, Feb 21, 2016 at 01:47:45PM +1100, Lars Ingebrigtsen wrote: > Kurt Roeckx writes: > > > From what I understand, it is (or was) possible to configure > > things in such a way that it uses s_client to set up SSL, even > > when it's configured to use gnutls. You should never

Bug#816063: emacs24: TLS certificate validation is silently broken

tags -1 -unreproducible I can reproduce issues with certification verification in Emacs 24.5+1-8 in Debian Stretch. As documented here: https://glyph.twistedmatrix.com/2015/11/editor-malware.html The following script will yield an error: (let ((bad-hosts (cl-loop for bad in

Bug#855595: unblock: atheme-services/7.2.9

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package atheme-services There is a security issue that was fixed in the upstream 7.2.8 package (#855588), which introduced a new security issue, which was fixed in the 7.2.9

Bug#855588: memory leak could lead to Denial Of Service

Package: atheme-services Version: 7.2.7 Severity: grave Tags: security Upstream changelog says: This is a security release closing a memory leak that could be exploited by attackers to potentially cause a denial of service. Release 7.2.7 is affected; older releases are

Bug#854703: disappears and never returns?

Package: pcscd Version: 1.8.20-1 Severity: grave Since I upgraded from 1.8.19-1 to 1.8.20-1 (or maybe it is because of scdaemon 2.1.18, unclear), I cannot reliably use pcscd for multiple days. After a while, the pcscd daemon just disappears, and then scdaemon cannot talk to it anymore: fév 09

Bug#854653: encourage users to generate strong passwords

Package: debian-installer Severity: wishlist After reflecting for a few days about password generation and writing an [article][1] about it, I was told the debian-installer may be a good place to encourage people to set strong passwords. In the d-i, we set one or three critically important

Bug#854616: scdaemon cannot access yubikey using ccid driver without pcscd

Package: scdaemon Version: 2.1.18-3 Severity: grave In Bug#854005, I have described a distinct issue I have experience with my Yubikey since the upgrade of the GnuPG suite from 2.1.17 to 2.1.18, and in the case of pcscd, from 1.8.19-1 to 1.8.20-1. I am not sure what exactly is going on here.

Bug#854005: [pkg-gnupg-maint] Bug#854005: ssh-agent no longer works

On Fri, Feb 03, 2017 at 09:40:35AM +0900, NIIBE Yutaka wrote: > Hello, > > Thanks to dkg to explicitly CC me. > > On Thu 2017-02-02 17:54:26 -0500, Wouter Verhelst wrote: > > Since a recent upgrade, gnupg-agent no longer finds the authentication > > (SSH) key on my OpenPGP smartcard: > > > >

<    1   2   3   4   5   6   >