Invest in the best way to get the hottest chicks in town
http://www.spentraks.com/
15 tips on mind blowing foreplay
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Give your girl the perfect present when she takes off your boxers.
http://www.Pleasuredromes.com/
Pink and perfect lips
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
If you do do anything, upload it to me, I will be very interested to see it.
AN ALLE FINANZINVESTOREN!
DIESE AKTIE WIRD DURCHSTARTEN!
FREITAG 20. APRIL STARTET DIE HAUSSE!
REALISIERTER KURSGEWINN VON 400%+ IN 5 TAGEN!
Symbol: G7Q.F
Company: COUNTY LINE ENERGY
5 Tages Kursziel: 0.95
Schlusskurs:
package: qpsmtpd
Please remove freecdb (no longer available) and suggest tinycdb.
Thank you for maintaining this package! This appears to be a perfect
drop-in replacement for qmail-smtpd which allows qmail/vpopmail to
continue to be used.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
package: jfsutils
severity: important
New upstream version 1.1.9 and 1.1.10 are available.
In particular, a stack buffer overflow in Is_Device_Mounted has been fixed.
Changes in 1.1.10 - 2005-10-19
* More stdio cleanup
* fsck was not recognizing the root filesystem as jfs
Changes in 1.1.9 -
package: trac
severity: wishlist
The following command should be automatically executed after a new
version replaces an older version:
trac-admin /path/to/projenv upgrade
This command will do nothing if the environment is already up-to-date so
it should be safe to always run after
package: libapache2-mod-fastcgi
A SEGV can happen in fcgi-fs_get_by_id() because fixups() passes a NULL
pointer to it.
Basically, mod_fastcgi.c:fixups() should verify r-filename is not NULL
before calling fcgi_util_fs_get_by_id(r-filename, uid, gid).
Here's the current
package: libapache2-mod-fastcgi
severity: wishlist
Please remove uneccessary dependencies for packages already provided by
apache2-common.
This will make it easier to track libapache2-mod-fastcgi/testing from Sarge.
Thanks!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
package: libapache2-mod-scgi
New upstream versions 1.8 and 1.9 are available.
Changes include:
1.9 (2005-12-13) r27717
* Make passfd.c work on 64-bit machines. Thanks to Dryice Liu.
* For Apache 2, set REQUEST_URI using the original request URI
(r-unparsed_uri may be different if there
package: pppoe
severity: grave
tags: security
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin. When the program is running setuid root, an
attacker could overwrite any file on the file system.
CVE-2004-0564: Roaring Penguin pppoe (rp-ppoe),
package: squid
When /tmp is mounted noexec, performing 'apt-get install squid' bombs.
To reproduce, simply mount /tmp with noexec then perform 'apt-get
install squid'.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
package: vpopmail-bin
Please replace freecdb with tinycdb. freecdb is marked for deletion.
Thanks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
package: tinycdb
A new upstream version 0.75 is available.
User-visible changes include:
- make cdb_make_put(CDB_PUT_REPLACE) to actually *remove*
all (was only first previously) matching records, by
rewriting the file.
- new mode CDB_PUT_REPLACE0, which zeroes out old duplicate
records
This problem exists in Debian's stable branch with apache2-mpm-worker
2.0.54.
It appears to have been fixed already in Ubuntu versions 4.10, 5.4, and
5.10.
From http://www.ubuntulinux.org/usn/usn-225-1
The problem can be corrected by upgrading the affected package to
version
package: shorewall
Thank you for maintaining shorewall. A new upstream bugfix release was
recently made available.
Problems Corrected in 3.0.2
1) A couple of typos in the one-interface sample configuration have
been corrected.
2) The 3.0.1 version of Shorewall was incompatible with old
package: postfix
A new upstream release (patch 6) is available for postfix 2.2.
CHANGES IN 2.2 PATCH LEVEL 6:
20050806
Workaround: accept(2) fails with EPROTO when the client
already disconnected (SunOS 5.5.1). File: sane_accept.c.
20050815
Workaround: old Solaris compilers can't link an
package: pound
version: 1.9.4-1
While using 'dpkg-source -x' and 'dpkg-buildpackage', I noticed that
CFLAGS changes to debian/rules file were completely ignored.
1. For some reason, CFLAGS always ended up '-g -O2' during the build no
matter what was specified in debian/rules.
2. Exporting
package: libapache2-mod-fcgid
Please consider adding 'upgrade' and 'failed-upgrade' case branches to:
debian/libapache2-mod-fcgid.prerm.
Also, this error message should probably say 'prerm' instead of 'postrm'
in the same file:
echo postrm called with unknown argument \`$1' 2
Thanks.
package: shorewall
version: 2.2.3-2
On 2005-07-30, the bogons file in version 2.2.6 was updated to reflect
recent IANA allocations.
Please backport the updated bogons file, /usr/share/shorewall/bogons, to
the stable branch.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
package: libapache2-mod-fcgid
SUMMARY: CFLAGS is getting dropped due to error in debian/rules.
This patch can be applied to debian/rules in version 1.05 to fix CFLAGS
getting discarded.
The patch puts CFLAGS inside MAKE_DEFS definition, and moves CFLAGS
definition above MAKE_DEFS.
---
Tatsuki Sugiura wrote:
Hello,
Thanks for information.
But..., this problem was solved in 1.06 by using CDBS.
I think, update for sarge isn't needed because it affects
on performance trivial... How about that you think?
BTW, I'v fixed #334011 by removing unnecessary dependency.
I'll ask
package: rails
severity: wishlist
Please consider suggesting mod_fcgid for use with rails.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
package: postfix
A newer upstream version 2.2.5 released on 19-July-2005 is available as
a small patch.
http://postfix.messinet.com/source/official/postfix-2.2-patch05.gz
Changes in 2.2 patch 5 include:
20050630
Portability: the connection caching code broke on LP64
systems (inherited from
package: libapache2-mod-fcgid
A new upstream version is available with the following changes:
Version 1.07 ( Nov 10, 2005 )
1. Configuration IPCConnectTimeout, IPCCommTimeout, BusyTimeout can be
overwritten in VirtualHost section
2. Add EXTRA_CFLAGS = -I$(builddir) in Makefile
3. Support
package: libapache2-mod-security
A new upstream stable version is available.
mod_security 1.9 contains the following changes since 1.8.7:
06/11/2005 1.9
--
* No changes since 1.9RC4.
03/11/2005 1.9RC4
-
* Warning messages emitted from chained rules are now
package: rdiff-backup
A new upstream version is available.
Changes in v1.0.2 (2005/10/24) include:
Fix for spurious security violation from --create-full-path (reported by
Mike Bydalek).
Fix for bug 14545 which was introduced in version 1.0.1: Quoting caused
a spurious security violation.
Sam Johnston wrote:
I don't recall this ever having been the case for the Debian package
(see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242066), but it
would be easy enough to verify - it's public information :)
Here were my comments on the issue back in August:
#242066: please enable
package: awstats
severity: grave
tags: security
Version 6.4-1.1 which fixed CAN-2005-152 on Sept 4, 2005 is still not
available in the stable branch as of October 28, 2005.
Running 'apt-get update apt-get upgrade' on Debian 3.1 does not yet
fix CAN-2005-152 which was fixed roughly 2 months
package: awstats
tags: security
The stable branch of awstats-6.4-1 still contains the security
vulnerability CAN-2005-1527 (arbitrary command injection).
I was under the impression fixes to security bugs such as CAN-2005-1527
would automatically be fixed in the stable branch by simply
package: geoip-bin
Thank you for maintaining geoip-bin.
A new upstream version is available with the following changes:
1.3.142005-9-7
* Check if byte, ushort, ulong, u16, u32 are defined in configure
script. Fixes compilation issue on FreeBSD systems.
* Check for Big Endian
package: libapache2-mod-fcgid
severity: wishlist
Thanks for maintaining this package.
Are the requirements for libc6 = 2.3.5 and locales = 2.3.5
necessary? Would = 2.3.2.ds1-22 be sufficient?
It would be great if the minimum requirement matched libc6 and locales
versions present in Sarge
package: pound
Pound v1.9.3 is primarily a bug-fix interim release.
Changes in this version:
- the user name will now appear correctly in the log entries if you use
one of the CLF variants and Basic Authentication
file: http://www.apsis.ch/pound/Pound-1.9.3.tgz
signed:
package: pound
It has been 35 days since this was reported and there has been no reponse.
Simply stated, pound cannot be used reliably without the fixes in the
upstream bugfix release if:
1. we want any Firefox users to utilize SSL
2. we want any IE users to download files
3. we want to
package: pound
This is to announce the release of Pound v1.9.2 (26-Sept-2005). This is
primarily a
bug-fix interim release.
Changes in this version:
- added a NoDaemon configuration directive. This replaces the existing
--disable-daemon flag for the autoconf script and allows you to decide
package: pound
severity: important
Fixes two important and unrelated problems: downloads with IE craps out
and Firefox 1.06 gets virtually hung using SSL
Changes in pound 1.9.1:
- fixed a serious problem with the polling code: it would mistakenly
identify a (read) HUP condition as a can't
this (a $ as format specifier) is an extension, there is nothing
in the standard against this. On the other hand, all the compilers I
have at hand accept this, so I think we might as well remove this contraint.
I think this can be reported as a bug.
FX
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
package: pound
An SSL problem exists with pound-1.9 when the client is Firefox 1.0.6.
This problem was described in the pound mailing list as:
It shows up as excruciating slowness when making multiple requests, i.e.,
a web page with images, where the secondary requests come in very slowly.
package: bastille
tags: security
A new upstream of Bastille, version 3.0.6, is available. The current
Debian package of Bastille is version 1.2.1.
Background: Version 3.0.2 was released in April 2005 and there have
been several minor releases thereafter.
The latest minor release, 3.0.6
package: sqlite3
Changelog for version 3.2.2
* Added the sqlite3_db_handle() API
* Added the sqlite3_get_autocommit() API
* Added a REGEXP operator to the parser. There is no function to
back up this operator in the standard build but users can add their own
using
package: trac
severity: important
tags: security
New upstream version 0.8.4 fixes a security problem where trac can be
tricked into uploading a file outside the environment directory.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
package: jfsutils
severity: important
Release 1.1.8 of jfsutils was made available on May 3, 2005.
Changes include:
- fsck should not bail out if reserved (but unused) inode 1 is bad
- code cleanup - remove unused variables, eliminate compiler warnings
- Added blocks parameter to jfs_mkfs to
package: pound
severity: important
tags: security
The current version of pound in Sarge (1.8.2) is a beta release with a buffer
overflow issue.
Pound 1.9 is the first non-beta release since Pound 1.8.
Changes in version 1.9:
- Added the VerifyList configuration flag (CA root certs + CRL)
- CRL
package: pound
severity: important
Pound 1.8.2 currently in Sarge is considered beta and contains numerous
bugs including a buffer overflow.
Please unfreeze pound to get much-needed bugfixes. New upstream
versions 1.8.5, 1.8.4, 1.8.3 are interim bugfix releases that fix all
known bugs and
package: subversion
New upstream version 1.2 is available with more than 50 new bugfixes.
Development of 1.1 branch is stopped. Changelog is as follows:
Version 1.2.0
(21 May 2005, from /branches/1.2.x)
http://svn.collab.net/repos/svn/tags/1.2.0
See the 1.2 release notes for a more verbose
package: gcc-3.4
New upstream version 3.4.4 fixes 163 bugs. List of problems fixed in
3.4.4 are at:
http://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVEDresolution=FIXEDtarget_milestone=3.4.4
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
package: shorewall
Version 2.2.5 is a minor bugfix release.
Problems corrected in version 2.2.5:
1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would
still be used if the kernel supported it.
2) A typo in the 'tunnel' script has been corrected (Thanks to Patrik
akira yamada / wrote:
On 2005/05/09, at 8:44, FX wrote:
With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in
uri/common.rb line 287 when the firewall (iptables) blocks outgoing
connection.
Please show me how to be able to re-produce the bug.
Thank you.
Here is one way
akira yamada / wrote:
On 2005/05/09, at 8:44, FX wrote:
With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in
uri/common.rb line 287 when the firewall (iptables) blocks outgoing
connection.
Please show me how to be able to re-produce the bug.
Thank you.
Akira,
If you cannot
package: ruby1.8
With version 1.8.2-5 on Sarge, I'm getting a segmentation fault in
uri/common.rb line 287 when the firewall (iptables) blocks outgoing
connection.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
package: geoip-bin
New upstream version available.
http://www.maxmind.com/download/geoip/api/c/GeoIP-1.3.10.tar.gz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
package: apache2
New upstream version 2.0.54 is available.
Couple security-related fixes include a bug where httpd processes can
stay alive after shutdown and permissions of created files in htdigest.
Changes with Apache 2.0.54
*) mod_cache: Add CacheIgnoreHeaders directive. PR 30399.
Matt Zimmerman wrote:
On Sat, Apr 16, 2005 at 05:29:19AM -0500, FX wrote:
package: syslog-ng
severity: important
tags: security
Log messages are getting dropped during HUP. This could allow certain
forms of attacks to perform activities without getting logged.
How long does syslog-ng
package: syslog-ng
The latest stable release of syslog-ng is 1.6.7.
Changes from 1.6.6 - 1.6.7 include:
* Fixed a memory leak and possible fd leak in spoof-source support.
* Fixed destination port byte order on little-endian machines,
triggered when a non-514 port was used.
* Added fedora-core
package: subversion
New upstream version 1.1.4 is available.
Changelog:
Version 1.1.4
(1 April 2005, from /branches/1.1.x)
http://svn.collab.net/repos/svn/tags/1.1.4
User-visible-changes:
- Client:
* fixed: win32 not ignoring versioned symlinks (issue #2173)
* fixed: 'svn merge' can cause
package: hdup
severity: important
tags: security
The ownership/permission information of directories/subdirectories are
getting lost when restoring from backup.
Unlike individual files within directories, the directories themselves
are not getting backed up. This results in files having proper
package: libfcgi-ruby1.8
severity: important
Thank you for maintaining this package.
Here is a patch to fix a 16K/request memory leak.
The folowing explanation and patch is from comp.lang.ruby, posted by Kirk
Haines.
8
Nutshell: The 0.8.5 version of the C
package: syslog-ng
New upstream version syslog-ng 1.6.6 released on 02/04/2005 fixes
possible loss of log messages during HUP. Seems to be primarily a
bugfix release.
Changelog since previous version:
2005-02-03 Balazs Scheidler [EMAIL PROTECTED]
* src/sources.c (do_read_line): added a
package: zorp
severity: important
Two new stable upstream versions available fix serious bugs including
segfaults, deadlocks, memory leaks, fd leaks, race conditions, etc.:
3.0 branch: version 3.0.3 (stable) released on 2005.01.06
2.1 branch: version 2.1.8 (stable) released on 2004.09.14
package: shorewall
New upstream version 2.2.2 is available.
Problems corrected in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
ranges (assuming that your iptables and kernel support ranges).
2) If A is a user-defined action and you have file
package: libfcgi-ruby1.8
severity: important
Clients breaking connection cause fastcgi process to terminate with
untrapped signal 6. This can be exploited in a denial of service attack
because the process won't respawn if it fails to live for more than 30
seconds.
The following solution was
package: tar
New upstream versions available: 1.15.1, 1.1.5, and 1.1.4.90.
Changes in 1.15.1 (2004-12-21):
Unpacking archives piped from standard input now works correctly. This
logic flaw was introduced in version 1.15 and has unfortunately passed
unnoticed the pretesting phase.
Changes in
package: siege
Two new upstream versions available: 2.60 final (2004-06-28) and 2.61
(2004-11-19).
Please consider updating the 2.60beta1currently in Debian with a newer
non-beta version. Thank you for maintaining siege.
Changelog:
2004/11/19 Jeff Fulmer
package: subversion
New upstream version 1.1.3 (14 Jan 2005) fixes the problem which
prevented 1.1.2 (20 Dec 2004) from getting packaged in Debian.
Since the changes in 1.1.2 (20 Dec 2004) include fixes for data
corruption, race condition, memory leak and more, I hope we can get this
into
63 matches
Mail list logo
