Bug#860375: wmaker: Cannot start multiple terminal instances

Package: wmaker Version: 0.95.7-8 After updating the wmaker package from 0.95.2-1, I can no longer start multiple xterms from the same appicon on the dock. I'm using the configuration described in the Window Maker FAQ at . Other terminal emulators have the

Bug#772578: Missing keyboard modules i2c_designware_*

Steve McIntyre st...@einval.com writes: We'll need to make sure that the same set of modules are included in the initramfs generated on the installed system, of course... This doesn't seem to be the case. I just did a fresh install of Debian 8.1 on an Asus X205TA, and the resulting initramfs

Bug#795908: Missing hashes for firmware-8.1.0-amd64-i386-netinst.iso

Package: cdimage.debian.org Tags: security Dear Maintainers, the directory http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/8.1.0/multi-arch/iso-cd/ contains a multiarch installation image including non-free firmware (firmware-8.1.0-amd64-i386-netinst.iso), but no

Bug#778896: [amd64] Please enable CONFIG_ACPI_I2C_OPREGION

Package: src:linux Version: 3.19-1~exp1 The config flag CONFIG_ACPI_I2C_OPREGION is needed for battery status on various Bay Trail notebooks [1]. It depends on CONFIG_I2c=y, while the Debian package has it set to m. Hendrik [1] https://bugzilla.kernel.org/show_bug.cgi?id=69011. -- To

Bug#773835: Please enable modules for RT5640 sound devices

Package: linux-image-3.16.0-4-amd64 Version: 3.16.7-2 I have an Asus X205TA (Intel Atom Z3735F) Bay Trail notebook and its on-board sound device is not detected. Apparently, it uses a Realtek RT5640 chip, but the relevant kernel modules (snd-soc-sst-baytrail-pcm, snd-soc-sst-byt-rt5640-mach,

Bug#772578: Missing keyboard modules i2c_designware_*

Package: initramfs-tools Version: 0.116 I just got an ASUS X205TA notebook, which requires the i2c_designware_core and i2c_designware_platform modules to be loaded for the keyboard to work. The module gets correctly loaded when booting up, but it's not present in the initramfs. As a result, I had

Bug#772581: grub-install: Does not work on mixed mode EFI systems

Package: grub-efi-ia32 Version: 2.02-beta2-15 I just got an ASUS X205TA notebook, which has a Bay Trail 64-bit CPU and requires a 32-bit UEFI (no BIOS legacy mode). After installation, I tried to get a bootable system via grub-install --target i386-efi: | Installing for i386-efi platform. | |

Bug#767273: context-gnuplot: missing metapost file

Package: context-modules Version: 20140528-1 The file metapost/context/third/gnuplot/mp-gnuplot.mp is present in the source package but does not get installed to /usr/share/texmf, making the gnuplot module unusable. It looks like this file used to be provided by the context package, but this

Bug#761636: RFS: raceintospace/1.1+dfsg1-1 [ITP]

: debian/patches/physfscompat.patch Copyright: 2004-2014 Andrey Korotaev unc...@gmail.com 2001-2011 Ryan C. Gordon and others 2014 Hendrik Weimer hend...@enyo.de License: GPL-2 and Zlib Yes, that's GPL-2 and not GPL-2+ here. Hendrik -- To UNSUBSCRIBE, email to debian-bugs

Bug#748321: ITP: raceintospace -- free software version of the Liftoff! board game

) +{ +return PHYSFS_write(handle, buffer, 1, len); +} + +/* Compatibility wrapper around PHYSFS_getPrefDir, essentially a backport + from PhysFS upstream, with minor modifications by Hendrik Weimer + hend...@enyo.de. The PhysFS license text is reproduced below. + + Copyright (c) 2001-2011 Ryan C

Bug#692728: Possible GPL violation: Geogebra

Bruce Perens br...@perens.com writes: Internationalization files are derivative works if they internationalize strings that were created by someone else. And if those strings were part of an original GPL work there is potentially a license violation. But if they were created by the same

Bug#692728: Possible GPL violation: Geogebra

Bruce Perens br...@perens.com writes: On 01/29/2014 09:57 AM, Hendrik Weimer wrote: If *all* languages are equally stored in a separate file, then removing this file will stop the program from working. Another file could be substituted for it, one created using a clean-room process so

Bug#692728: Possible GPL violation: Geogebra

Sylvestre Ledru sylves...@debian.org writes: From it last few releases, geogebra is released under GPL with a non commercial clause. Besides the fact that it seems invalid, it also ships Jlatexmath (which I co maintain) which is published under the GPL v2. If the program is a derived work

Bug#696436: Upstream patch

Tags: patch This appears to be upstream bug #944077, reported at https://bugs.launchpad.net/inkscape/+bug/944077. A patch for 0.48 can be found at http://bazaar.launchpad.net/~inkscape.dev/inkscape/RELEASE_0_48_BRANCH/diff/9906. Hendrik -- To UNSUBSCRIBE, email to

Bug#651662: vlc: missing mailcap entry for Ogg video

Package: vlc Version: 1.1.12-3 Severity: normal Tags: patch Hello, VLC does not add a mailcap entry for video/ogg, making it very inconvenient to share patent-unencumbered video files. Please see the attached patch for a fix. Hendrik --- debian/vlc.mime.orig 2011-12-10 20:17:14.0 -0500

Bug#639916: spread: license wackiness

Ken Arromdee arrom...@rahul.net writes: Unlike the original BSD 4 clause license this adds or software that uses this software. If I interpret this broadly (all software that uses this software must display the sentence) it's non-free, since it imposes conditions on non-derived software

Bug#571005: Way to reproduce

Hi, I've also been hit by this bug. I can perfectly reproduce it by bringing down the network connection. Killing the sshfs process helps, however, while the process touching the mount point does not react on a SIGKILL. Hendrik -- To UNSUBSCRIBE, email to

Bug#500589: Present in 2.6.28 as well

Hi, I have the same issure here on a Dell Inspiron 1525, using 2.6.28-1 from sid. Output of alsa-info.sh is at http://www.alsa-project.org/db/?f=0c23c8209d5d4ebccbccd6b4a8048ba3f38a1903 HTH, Hendrik -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of

Bug#514271: New upstream version available

Package: libquantum Version: 0.2.4-2 Severity: wishlist Hi, first of all thanks a lot for your efforts in packaging libquantum. I just received a request from a user for updated Debian packages, which I would hereby like to pass onto you. The latest version of libquantum (1.1.0) can be found at

Bug#478789: Possible fix

Hi, I just grabbed the 0.5.0 tarball, removed the bin/ and music/ directories, and compressed it again with lzma. Result: a 255 MB archive. For comparison, nexuiz-data is 323 MB, so this shouldn't be a problem. HTH, Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of

Bug#503128: Improve LAPACK support

Package: maxima-share Version: 5.16.3-1 Severity: wishlist Currently, the LAPACK integration in Maxima is far from optimal. First of all, one has to run load(lapack) once as root as the first call starts a compilation of the libs and requires write access to files in /usr/share. Second, this

Bug#423503: Liberation Font License revisited

, they are within their rights to do it the way they did.' This should make this license acceptable for Debian, right? Best regards, Hendrik Weimer [1] http://www.mail-archive.com/[EMAIL PROTECTED]/msg36584.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=253774#c7 -- *** OS Reviews: Free and Open Source

Bug#423379: OpenSSL license violation

Package: kmymoney2 Version: 0.8.6-1 Severity: serious According to the copyright file kmymoney2 is being distributed under GPLv2. However, it depends on libgwenhywfar, which in turns is linked against OpenSSL. While libgwenhywfar contains an OpenSSL exception, kmymoney2 does not. So, please

Bug#403034: Deep MIME Nesting Content Filter Bypass

Stephen Gran [EMAIL PROTECTED] writes: We could return OverNesteded.MIME as the virus name, I suppose, but I have had plenty of complaints over the years about the various block max settings, so I'm not sure this is always the right thing to do either. We could change clamscan's exit code,

Bug#403034: Deep MIME Nesting Content Filter Bypass

Package: clamav Version: 0.88.7-1 Severity: grave Tags: security While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the update introduces another flaw that lets viruses pass undetected. If a virus is nested deeper than the --max-mail-recursion limit, the file will pass and

Bug#401873: closed by Stephen Gran [EMAIL PROTECTED] (Bug#401873: fixed in clamav 0.90~rc2-1)

The bug is still present in 0.88.7. Files nested deeper than --max-mail-recursion are not scanned and there is no error returned (exit code is 0). When using clamscan I get a warning from libclamav, but the EICAR string still passes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject

Bug#401873: Unusual MIME Encoding Content Filter Bypass

Package: clamav Version: 0.88.6-1 Tags: security Severity: grave As reported in http://www.quantenblog.net/security/virus-scanner-bypass ClamAV passed an EICAR test file if the following conditions are met: 1. the EICAR file is encoded in Base64 including characters not in the standard

Bug#401874: Multipart Nesting Denial of Service

Package: clamav Version: 0.88.6-1 Tags: security Severity: important As reported in http://www.quantenblog.net/security/virus-scanner-bypass ClamAV contains a denial of service vulnerability when fed with a mail containing a large number of multipart layers. This is due to a recursion-based

Bug#374609: usermin-chfn: Root Shell Denial of Service

Package: usermin-chfn Version: 1.110-3 Tags: security As pointed out in http://www.osreviews.net/reviews/admin/usermin it is possible to disable the login shell of the root account by calling save.cgi with an empty value for the shell. The problem is that the command is expanded to `chsh -s foo`,

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Martin Schulze [EMAIL PROTECTED] writes: How can the diricons and config parameters be exploited? From a quick glance I can't find an open associated with $DirIcons. The diricons issue is a XSS vulnerability. It has nothing to do with the two other holes (which lead to arbitrary code

Bug#365909: Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Martin Schulze [EMAIL PROTECTED] writes: Umh... but since the query_string is already sanitised globally how can XSS still happen? Was the sanitising not sucessful? AFAICS the query_string is not being decoded first. Therefore, a '' encoded as %3E will slip through. Version 6.5-2 contains the

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Charles Fry [EMAIL PROTECTED] writes: as mentioned in http://www.osreviews.net/reviews/comm/awstats, the same type of XSS vulnerability also exists with the 'diricons' parameter. In this case, Debian is affected, too. As Eldy already explained (earlier in this bug report), the entire query

Bug#365910: [Pkg-awstats-devel] Bug#365910: AWStats: Malicious config file shell code injection

Charles Fry [EMAIL PROTECTED] writes: In this case, this report doesn't appear to be an actual security vulnerability. The configuration file needs to be placed in /etc/awstats, /usr/local/etc/awstats, /etc, or /etc/opt/awstats. This can not be done without having root access (nor can the

Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability exists also with the 'diricons' parameter

Charles Fry [EMAIL PROTECTED] writes: Any final comments on anything I'm missing before moving forward with this patch? Seems fine to me. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#365910: AWStats: Malicious config file shell code injection

Package: awstats Version: 6.5-1 Severity: important Tags: security Source: http://www.osreviews.net/reviews/comm/awstats | Arbitrary code can be executed by uploading a specially crafted | configuration file if an attacker can put a file on the server with | chosen file name and content (e.g. by

Bug#365909: AWStats: Shell code injection via 'migrate'

Package: awstats Version: 6.5-1 Severity: important Tags: security Source: http://www.osreviews.net/reviews/comm/awstats | If the update of the stats via web front-end is allowed, a remote | attacker can execute arbitrary code on the server using a specially | crafted request involving the

Bug#364443: Vulnerability exists also with the 'diricons' parameter

Hello, as mentioned in http://www.osreviews.net/reviews/comm/awstats, the same type of XSS vulnerability also exists with the 'diricons' parameter. In this case, Debian is affected, too. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact

Bug#360559: openvpn: CVE-2006-1629?

Geoff Crompton [EMAIL PROTECTED] writes: Package: openvpn Version: 2.0-1sarge2 Followup-For: Bug #360559 Is this the same as CVE-2006-1629? Yes, it is. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#359138: firefox: Firefox crashes on http://en.wikipedia.org/wiki/Dash

Eric Dorland [EMAIL PROTECTED] writes: That bugzilla bug goes on about SIL graphite pango modules, which I'm not familiar with. Do you have those installed? I have now found the source of the problem. I had a previous version of libcairo installed under /usr/local/lib, which I had totally

Bug#360559: Remote root exploit against connected clients

Package: openvpn Version: 2.0.5-1 Severity: important Tags: security As described in http://www.osreviews.net/reviews/security/openvpn OpenVPN contains a security hole that allows a malicious VPN server to take over connected clients. OpenVPN allows to push environment variables to a client via

Bug#360560: Timing attacks using OProfile

Package: oprofile Version: 0.9.1-9 Tags: security As described in http://www.osreviews.net/reviews/devel/oprofile OProfile allows unprivileged users to profile all code on a system. This makes cryptographic services vulnerable to timing attacks (e.g. compromise of secret keys). -- To

Bug#360560: Timing attacks using OProfile

Al Stone [EMAIL PROTECTED] writes: I could be completely wrong. Would it be possible for you to send me a demonstration of this scenario? Suppose a server performs password checking by strncmp(user_supplied_password, password_stored_in_database, size). Now strncmp does its comparison by

Bug#359138: firefox: Firefox crashes on http://en.wikipedia.org/wiki/Dash

Package: firefox Version: 1.5.dfsg+1.5.0.1-4 Severity: important Trying to access http://en.wikipedia.org/wiki/Dash always brings up a segfault. gdb output, however the address is different each time: [Thread -1252717648 (LWP 6282) exited] Program received signal SIGSEGV, Segmentation fault.

Bug#260362: prj2make-sharp requires libmono-dev

Hi, I just stumbled over this bug, which is also present in 0.95-1.2. The problem is that pkg-config searches for a file named mono.cs, which is included in the libmono-dev package. After installing the package the Error running pkg-config message goes away and a Makefile is created. HTH,