Package: electrum
Version: 3.1.3-1~bpo9+1
Severity: important
Dear Maintainer,
Having the fact that all versions of Electrum older than 3.3.3 are vulnerable
to a phishing attack (https://github.com/spesmilo/electrum/issues/4968 also
warning on http://electrum.org), where malicious servers ask u
Package: lightdm-gtk-greeter
Version: 2.0.2-1
Severity: normal
Dear Maintainer,
* What led up to the situation?
At the login screen users type their username, then press 'tab' to advance
to the password field.
The cursor appears and keyboard input is accepted; users start to type their
Package: cryptsetup
Version: 2:1.7.3-4
Severity: important
Dear Maintainer,
cryptsetup on my system doesn't close properly encrypted disks on
reboot/shutdown, reporting '(busy)' message several times until failing.
I have this problem since moved from jessie to stretch a year ago and the
probl
On Thu, Sep 27, 2012 at 10:43:57PM +0400, Michael Tokarev wrote:
> On 27.09.2012 22:28, Jan Kiszka wrote:
> []
> >> --- a/hw/intel-hda.c
> >> +++ b/hw/intel-hda.c
> >> @@ -1107,6 +1107,9 @@ static void intel_hda_reset(DeviceState *dev)
> >> DeviceState *qdev;
> >> HDACodecDevice *cdev;
>
On Sun, 18 Oct 2009 23:36:11 + Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the midori package:
>
> #551513: new upstream version 0.2.0
>
> It has been closed by Ryan Niebur
thanks for the insanely fast response ti
reopen 550379
severity 550379 wishlist
thanks
On Sun, 18 Oct 2009 23:50:04 +0100 Ben Hutchings wrote:
> On Sun, 2009-10-18 at 18:18 -0400, Michael S Gilbert wrote:
> [...]
> > in one sentence, my request is for the linux-2.6 and linux-kbuild-2.6
> > *source* packages to be mer
maybe there is also some confusion due to my use of the term "kbuild
binary packages". i am referring to the linux-kbuild-$(uname -r)
binary packages when i say that, not the plain old kbuild binary/source
package.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
wit
On Sun, 18 Oct 2009 21:56:57 +0200 maximilian attems wrote:
> On Sun, Oct 18, 2009 at 03:40:02PM -0400, Michael S Gilbert wrote:
> > > # explanation given by maintainer
> > > close 550379
> >
> > there is no explanation in the bug logs. the close
> # explanation given by maintainer
> close 550379
there is no explanation in the bug logs. the closest thing to an
explanation is:
This is not possible for other reasons.
where the 'other reasons' are never explained. if someone can state
these reasons, i would be content to give this up i
package: midori
version: 0.1.10-1
severity: wishlist
hi,
there is a new upstream version of midori. it would be great if you
have the time to prepare a new debian package. thanks!
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Tr
On Sat, 17 Oct 2009 10:51:21 + Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the xfce4-mcs-manager package:
>
> #502925: xfce4-mcs-manager: new fonts are not available until all terminals
> closed
>
> It has been clo
Package: dopewars
Version: 1.5.12-2
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for dopewars.
CVE-2009-3591[0]:
| Dopewars 1.5.12 allows remote attackers to cause a denial of service
| (segmentation fault) via a REQUESTJET messag
reopen 550441
thanks
On Sat, 10 Oct 2009 22:24:31 +0200 Mehdi Dogguy wrote:
> AFAICS, the version of advi currently in unstable/testing (1.6.0-14+b1)
> is not affected since it was built with the latest (fixed) version of
> camlimages.
the specific flaw is being tracked with bug #550440, which sh
On Sat, 10 Oct 2009 12:28:15 +0200 Stéphane Glondu wrote:
> Michael S Gilbert a écrit :
> > advi statically links to camlimages, which makes security updates very
> > complicated. please update advi to dynamically link to camlimages.
> > thanks.
>
> Unfortunately, t
On Sat, 10 Oct 2009 07:10:51 +0200 Christian Perrier wrote:
> Version: 3.4.2-1
>
> Quoting Michael S Gilbert (michael.s.gilb...@gmail.com):
> > package: samba
> > version: 3.0.24-6
> > severity: serious
> > tags: security , patch
> >
> > hi,
>
package: ffmpeg
version: 0.cvs20060823-8
severity: serious
tags: security
hi,
ffmpeg has been found to be vulnerable to many crashers [0],[1]. this
may enable remote compromise of a system.
please coordinate with upstream and the security team to push out
updates for these issues.
mike
[0] ht
package: advi
version: 1.6.0-14+b1
severity: important
tags: security
hi,
advi statically links to camlimages, which makes security updates very
complicated. please update advi to dynamically link to camlimages.
thanks.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.
On Sat, Oct 10, 2009 at 12:17 AM, Micah Cowan wrote:
> Michael S Gilbert wrote:
>> package: wget
>> version: 1.12-1
>> severity: important
>> tags: security
>>
>> hi,
>>
>> wget implements a forked version of libntlm. in order to provide
&g
Package: advi
Version: 1.6.0-12
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for camlimages. advi statically links to camlimages, so any
issues in that package are also applicable to advi. There were already
updates to camlimages f
package: cntlm
version: 0.35.1-5
severity: important
tags: security
hi,
cntlm implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for cntlm to
link to the existing li
package: wget
version: 1.12-1
severity: important
tags: security
hi,
wget implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for wget to
link to the existing libntlm
package: curl
version: 7.19.5-1.1
severity: important
tags: security
hi,
curl implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for curl to
link to the existing lib
On Sat, 10 Oct 2009 03:03:06 +0200 Bastian Blank wrote:
> On Fri, Oct 09, 2009 at 05:49:13PM -0400, Michael Gilbert wrote:
> > > On Fri, Oct 09, 2009 at 02:04:20PM -0400, Michael Gilbert wrote:
> > >> the linux-kbuild-2.6 source package includes portions of code from the
> > >> linux-2.6 source pa
Package: openexr6
Version: 1.6.1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for openexr6.
CVE-2009-1720[0]:
| Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow
| context-dependent attackers to cause a denial of service
package: samba
version: 3.0.24-6
severity: serious
tags: security , patch
hi,
the following CVEs were issued for samba.
CVE-2009-2906 [0]:
| smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4
| before 3.4.2 allows remote authenticated users to cause a denial of service
package: samba
version: 3.0.24-6
severity: important
tags: security
hi,
CVE-2009-2813 has been issued for samba and from the text [0], it
appears to be mac-specific; however, there is not enough information
to confirm or negate this. i have submitting a bug upstream
requesting assistance [1]. y
package: cupsys
version: 1.2.7-4
severity: serious
tags: security
hi,
cups may be affected by a security issue in its usb backend [0]. the
advisories state that this affects mac os x, but it is unclear if
other os'es are affected. i've submitted a bug upstream requesting
more info [1]. you can
package: xscreensaver
version: 5.10-2
severity: normal
according to the xscreensaver readme, sonar has been rewritten using
opengl. in order to prevent potential problems and other badness for
non-gl users, it should be moved to the xscreensaver-gl package. thanks.
mike
--
To UNSUBSCRIBE, em
reopen 520882
notfixed 520882 1:9-9-1
thanks
oops, i goofed up due to cross-posting by another bug submitter. this
one likely still exists.
submitter, if you can find the time to check on this bug, that would be
very helpful.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.d
On Tue, 15 Sep 2009 22:51:57 -0400 Michael S Gilbert wrote:
> On Tue, 15 Sep 2009 19:17:43 -0700 Daniel Schepler wrote:
> > The 1:9-8-2 version of the driver worked fine on the same machine.
also, this may be related to bug #542735 [0]. can you try:
$ sudo aticonfig --acpi-service
On Tue, 15 Sep 2009 19:17:43 -0700 Daniel Schepler wrote:
> The 1:9-8-2 version of the driver worked fine on the same machine.
what is the output of 'lsmod | grep fglrx' and 'sudo modprobe fglrx'?
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "un
On Tue, 15 Sep 2009 14:23:42 +0800 Paul Harris wrote:
> 2009/9/15 Patrick Matthäi
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Paul Harris schrieb:
> > > as stated here:
> > >
> > >
> > http://support.amd.com/us/gpudownload/linux/Legacy/Pages/radeon_linux.aspx?type=2.4.2&produ
hi,
i would be willing to adopt mathwar and amphetamine. i'm not a dd, but
do have some packaging experience. i would need a mentor to do uploads
for me.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@l
package: xfs
version: 1:1.0.8-4
severity: serious
the latest xfs update is currently uninstallable on unstable. the error is:
Setting up xfs (1:1.0.8-4) ...
Installing new version of config file /etc/init.d/xfs ...
usermod: user debian-xfs is currently logged in
dpkg: error processing xf
package: xfce4-clipman
severity: serious
version: 2:1.1.0-2
hello,
both xfce4-clipman and xfce4-clipman-plugin install the file
'/usr/share/applications/xfce4-clipman-plugin.desktop', which causes
xfce4-clipman's installation to fail:
Unpacking xfce4-clipman (from .../xfce4-clipman_2%3a1.1.0-2
Hi,
A new lenny release is coming soon and there are some open security
issues in poppler that I have fixed. Attached is the debdiff of the
changes.
The package can be found on mentors.debian.net:
- URL: http://mentors.debian.net/debian/pool/main/p/poppler
- Source repository: deb-src http://men
package: xscreensaver-gl
version: 5.05-3
severity: normal
hello, on my system there is no dialog drawn when unlocking gl screensavers;
however it is still possible to enter the password and unlock the screen; there
will just be no visual feedback. this works fine for the non-gl screensavers.
package: kvm
version: 85+dfsg-4
severity: important
tags: security
hello,
since kvm embeds qemu it makes security updates/tracking more difficult,
troublesome, and potentially more prone to error/omission. i understand that
kvm is somewhat of a divergence from qemu, but if it is possible, plea
hello,
was any of the above information useful? anything else i can provide?
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Thu, 13 Aug 2009 23:51:40 +0200 Moritz Muehlenhoff wrote:
> On Mon, May 18, 2009 at 12:06:58PM -0400, Michael S. Gilbert wrote:
> > Package: linux-2.6
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following CVE (Common Vuln
On Wed, 12 Aug 2009 00:35:53 +0200, Sandro Tosi wrote:
> Hi Michael,
>
> On Wed, Aug 12, 2009 at 00:25, Michael S.
> Gilbert wrote:
> > package: python-matplotlib
> > severity: wishlist
> >
> > a new version of matplotlib has been released in the last few days
package: python-matplotlib
severity: wishlist
a new version of matplotlib has been released in the last few days [0].
this is a request for this to be packaged for debian. thanks!
[0] http://matplotlib.sourceforge.net/_static/CHANGELOG
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lis
severity 532689 important
thanks
denial-of-services are not serious. this should probably be fixed
with CVE-2009-0642 which is actually serious. please coordinate with
the security team to prepare updates for the stable releases on these.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@
reassign 540862 libxerces2-java
thanks
this appears to be a flaw in the xerces xml parser. see previous
discussion and pdf.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Tue, 11 Aug 2009 11:47:50 +0200, Alexander Sack wrote:
> On Mon, Aug 10, 2009 at 07:47:29PM -0400, Michael S Gilbert wrote:
> > Package: xulrunner
> > Version: 1.9.1.1-2
> > Severity: grave
> > Tags: security
> >
> > Hi,
> > the following CV
On Mon, 10 Aug 2009 23:01:36 -0500, Peter Samuelson wrote:
>
> > CVE-2009-2663[0]:
> > | libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
> > | 3.5.x before 3.5.2 and other products, allows context-dependent
> > | attackers to cause a denial of service (memory corruption and
>
Package: xulrunner
Version: 1.9.1.1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.
CVE-2009-2663[0]:
| libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
| 3.5.x before 3.5.2 and other products, allows
package: xulrunner
severity: important
tags: security
hello, it seems that xulrunner embeds the libvorbis library in its
source code. this is bad since it makes security updates much more
difficult and troublesome. please modify the package to use the
system libvorbis. thank you.
--
To UNSU
Package: libvorbis
Version: 1.1.2.dfsg-1.4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libvorbis.
CVE-2009-2663[0]:
| libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
| 3.5.x before 3.5.2 and other products, a
package: apt-file
severity: minor
since apt-file can now be run as non-root, it no longer needs to say
that is a requirement in its postinst script.
i.e. change the text "You need to run 'apt-file update' as root to
update the cache" to "You need to run 'apt-file update' to update the
cache."
package: websvn
severity: normal
hello, trying to look at the blame for large files in websvn is
excruciatingly slow. for example, try to see the blame for:
http://svn.debian.org/wsvn/secure-testing/data/CVE/list
i waited over two hours and the page still had not generated the blame.
thanks for
On Mon, 10 Aug 2009 07:58:33 +0200, Yves-Alexis Perez wrote:
> On dim, 2009-08-09 at 23:22 -0400, Michael S Gilbert wrote:
> > yes, it is xfdesktop. removed 'Desktop', ran 'xfdesktop' and it was
> > back. i straced xfdesktop, but there was no reference to &
>> i guess i'll just deal with the broken system as is...
>
> I'm sure Don welcomes constructive criticism ;)
ok, i'll put together a constructive bug report when i have the chance.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
On Mon, 10 Aug 2009 08:24:06 -0500, Gunnar Wolf wrote:
> Michael S. Gilbert dijo [Sun, Aug 09, 2009 at 11:58:04PM -0400]:
> > > I tried testgem downloaded from
> > > http://bugs.gentoo.org/show_bug.cgi?id=278566.
> > >
> > > % sudo gem install testgem
package: apache2
version: 2.2.3-4+etch6
severity: important
tags: security
it has been dislosed that apache (and potentially other web servers)
can be used to port scan behind a firewall. i don't think this issue
issue too severe, but a firewall bypass nevertheless is probably not a
good thing.
On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
> > maybe it's just me, but dealing with issues in multiple releases with
> > the debian bts is non-obvious and a major pain. is the "*right*" way
> > to do this documented somewhere?
>
> http://wiki.debian.org/BugsVersionTracking maybe helps
On Mon, 10 Aug 2009 08:17:44 +0200, sean finney wrote:
> hi michael,
>
> On Sun, Aug 09, 2009 at 10:57:09PM -0400, Michael S. Gilbert wrote:
> > maybe it's just me, but dealing with issues in multiple releases with
> > the debian bts is non-obvious and a major pain. i
On Sun, 09 Aug 2009 17:01:38 +0900 Daigo Moriwaki wrote:
> Hello Michael,
>
> Michael S. Gilbert wrote:
> >> In Debian, executables from gems install into a particular directory
> >> specific to
> >> RubyGems such as /var/lib/gems/{1.8|1.9.0}/bin instead of
On Sun, 9 Aug 2009 11:00:50 +0200 Sylvain Le Gall wrote:
> Hello,
>
> On Sat, Aug 08, 2009 at 11:01:45PM -0400, Michael S. Gilbert wrote:
> > reopen 535909
> > fixed 535909 1:3.0.1-3
> > thanks
> >
> > > This bug has been solved with 1:3.0.1-2 before t
On Sun, Aug 9, 2009 at 3:10 PM, Yves-Alexis Perez wrote:
> I don't know how to find the culprit, but knowing if it's xfdesktop is
> easy. Just remove Desktop/ and restart xfdesktop. Maybe stracing it, and
> you'll be sure.
yes, it is xfdesktop. removed 'Desktop', ran 'xfdesktop' and it was
back.
On Sun, 9 Aug 2009 21:02:36 -0500 Raphael Geissert wrote:
> On Sunday 09 August 2009 01:13:42 Michael S. Gilbert wrote:
> >
> > hello, it has been disclosed that php is vulnerable to a buffer
> > over-read in versions befor 5.2.10. see:
>
> You already reported it as
On Sun, 09 Aug 2009 15:34:18 +0900 Daigo Moriwaki wrote:
> Hello Michael,
>
> Michael S. Gilbert wrote:
> > package: rubygems1.9
> > version: 1.3.1
> > tags: security
> > severity: serious
> >
> > hello, it has been disclosed thet a specially craft
package: php5
version: 5.2.0-8+etch13
severity: important
tags: security
hello, it has been disclosed that php is vulnerable to a buffer
over-read in versions befor 5.2.10. see:
http://secunia.com/advisories/35441/
http://www.vupen.com/english/advisories/2009/1632
--
To UNSUBSCRIBE, email to
package: rubygems1.9
version: 1.3.1
tags: security
severity: serious
hello, it has been disclosed thet a specially crafted gem archive could
be used to overwrite system files. confirmed for 1.3.x, but older
versions may also be affected. please check and help the security
team prepare updates fo
package: initscripts
severity: important
tags: security
hello, mandriva issued the following advisory [0],[1],[2] for
initscripts. supposedly part of the user's wireless key is logged. i
don't use WPA, so i can't verify this on debian, but it is worth checking.
[0] http://www.mandriva.com/en/sec
the 2.8.1 fix is incomplete, and is now claimed fixed in 2.8.3. see:
http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
http://core.trac.wordpress.org/changeset/11765
http://core.trac.wordpress.org/changeset/11766
http://core.trac.wordpress.org/changeset/11768
http://core.
package: php5
version: 5.3.0
severity: important
tags: security , patch
it has been disclosed that php is potentially vulnerable to an
'open_basedir' bypass [0]. the advisory says that only 5.3.0 is
affected, but it would be useful to check that older versions
are safe.
[0]
http://securityreason.
package: php5
version: 5.2.0-8+etch13
severity: serious
tags: security , patch
it has been disclosed that php is potentially vulnerable to remote
memory dislosure [0]. patches are available for 5.2.10 and 5.3.0, but
older versions are likely affected (as well as php4). please check and
coordinat
On Sat, 8 Aug 2009 06:17:01 +0200 Yves-Alexis Perez wrote:
> On Fri, 7 Aug 2009 20:43:16 -0400
> Michael S Gilbert wrote:
>
> > i reported this upstream [0], but they were unable to reproduce.
> > perhaps this is an issue specifically with the debian package?
>
> A
reopen 535909
fixed 535909 1:3.0.1-3
thanks
> This bug has been solved with 1:3.0.1-2 before the bug was opened.
thanks for the update. please coordinate with the security team to
prepare updates for the stable releases.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
w
package: xfdesktop4
version: 4.6.1-1
severity: normal
hello,
as of the xfce 4.6 transition to untsable, there is a 'Desktop'
directory created
in the user's home folder by default, which always reappears shortly after
deletion (this did not occur in 4.4 and earlier). i personally always set the
tag 524806 patch
thanks
derived from ubuntu's 0.5.1 patch, here is a patch set for etch's
0.4.5. i am fairly certain all of these CVEs are addressed in this one.
note vulnerable code not present in etch for CVE-2009-0755/1188.
please test; i've done some basic testing with existing pdfs on my
s
[0] http://www.wired.com/threatlevel/2009/07/kaminsky/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
package: openssl
version: 0.9.8
severity: important
tags: security
it has been disclosed that ssl applications can be tricked via
inauthentic certificates containing null characters [0]. i have not
personally checked whether openssl is affected by this, but since this
is newly disclosed, it is ver
oops, the previous reportbug output was for the kvm instance without
"-usb -usbdevice tablet". the following is for the kvm instance with
that option enabled:
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
/var/lib/x11/X.md5sum does not exist.
X server symlink status:
lrwxrwxrw
On 7/31/09, Julien Cristau wrote:
> kthxbye
>
> please file bugs with reportbug, so essential information is not missing
> from your reports.
>
> thanks,
> Julien
what do you want to know?
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
/var/lib/x11/X.md5sum does not exist.
X se
package: xserver-xorg-input-evdev
version: 1:2.2.3-1
severity: important
hello, i recently upgraded unstable on one of my kvm instances and
subsequently lost support for mousewheel scroll.
xserver-xorg-input-evdev was among the packages upgraded, and is my
best guess for the problematic package (o
while this bug is still open, would it make sense to disable the gcc
option/optimization/bug/flaw that allows this vulnerability to exist?
the "-fno-delete-null-pointer-checks" flag will completely disable
this option kernel-wide [1].
obviously there is a tradeoff here. the null pointer optimizat
package: htmldoc
version: 1.8.27-2
severity: serious
tags: security , patch
hello, a security advisory has been issued for htmldoc [0]. patches
available from gentoo [1]. please coordinate with the security team to
prepare updates for the stable releases. thank you.
[0] http://secunia.com/advi
package: mediawiki
version: 1:1.15.0-1
severity: serious
tags: security
hello, multiple vulnerabilies have been fixed in upstream mediawiki
1.15.1 (these problems did not exist before 1.14.0, so lenny/etch are
not vulnerable) [0]. please update unstable to this version. thanks.
[0]
http://lists.w
package: libio-socket-ssl-perl
version: 1.01-1
severity: serious
tags: security , patch
a security issue has been fixed in the latest upstream version of
libio-socket-ssl-perl [0]. see patch [1]. please coordinate with the
security team to prepare updates for the stable releases. thank you.
[0
package: moonlight-plugin-mozilla
version: 1.0.1-3
severity: important
hello, i just tried out the moonlight plugin, but it doesn't appear to
work out of the box. steps to reproduce:
1. $ sudo apt-get install moonlight-plugin-mozilla
2. $ iceweasel http://research.microsoft.com/tuva
3. observe e
package: dbus
version: 1.2.16-1
severity: grave
hello, dbus is currently uninstallable on sid; erroring with the
following message:
chown: cannot access `/usr/lib/dbus-1.0/dbus-daemon-launch-help': No
such file or directory
this can be fixed with a 'mkdir -p':
$ sudo mkdir -p /usr/lib/dbu
forwarded 537104 https://bugzilla.mozilla.org/show_bug.cgi?id=504237
thanks
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
package: iceweasel
version: 3.5
severity: critical
tags: security
hello, a remote shellcode injection has been disclosed for firefox [0],
[1]. the advisory says that version 3.5 has been verified as
vulnerable, but older versions are very likely susseptable as well. i
have not checked.
this is c
package: mysql-dfsg-5.0
version: 5.0.32-7etch8
severity: important
tags: security
hello, it has been disclosed that mysql has a post-authentication
format string vulnerability [1]. according to that message, affected
versions are claimed to be 5.0.45 and older, which would mean that lenny
and sid
package: wordpress
version: 2.0.10-1etch3
severity: serious
tags: security
an advisory, CORE-2009-0515, has been issued for wordpress. there are issues
with unchecked privilidges and many potential information disclosures. see [1].
this is fixed in upstream version 2.8.1. please coordinate wit
reopen 535488
reopen 535489
thanks
On Sat, 11 Jul 2009 17:20:46 +0200 Martin Pitt wrote:
> Hello Michael,
>
> Michael S. Gilbert [2009-07-02 12:35 -0400]:
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for cups.
> >
Package: apache2
Version: 2.2.3-4+etch6
Severity: serious
Tags: security , patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for apache2.
CVE-2009-1890[0]:
| The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
| module in the Apache HTTP Server befo
i probably should have asked whether you think that this issue warrants
a DSA, would be good for an SPU, or whether you think it is
unimportant. if this can be considered unimportant, then yes, i agree
the bug should be closed, but if there do need to be stable updates,
then i think that the bug s
On Fri, 10 Jul 2009 10:26:22 -0500, Raphael Geissert wrote:
> close 535888
> found 535888 5.2.6.dfsg.1-1+lenny3
> found 535888 5.2.9.dfsg.1-4
> fixed 535888 5.3.0-1
> thanks
>
> On Friday 10 July 2009 10:14:08 Michael S. Gilbert wrote:
> > reopen 535888
> > fixed
reopen 535888
fixed 535888 5.2.10.dfsg.1-2
thanks
thanks for fixing this issue! reopening to continue tracking in
etch/lenny, which haven't been fixed yet.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@
On Mon, 6 Jul 2009 21:44:44 +0200 Thijs Kinkhorst wrote:
> > version 1:1.5.2-5 that I released to unstable is suitable for stable
> > aswell. Prior to this bugfix unstable and stable both contained
> > version 1:1.5.2-4. Attached is a patch with the fix. Do you want me to
> > build it for stable as
package: camlimages
version: 2.20-8
severity: serious
tags: security
hello,
camlimages is vulnerable to several integer overflows [1]. this has
not yet been fixed upstream, but has been addressed by redhat [2].
[1] http://www.ocert.org/advisories/ocert-2009-009.html
[2] https://bugzilla.redhat.
package: rails
version: 1.1.6-3
severity: serious
tags: security
hello,
it has been found that rails is vulnerable to a password bypass [1]. this will
be
fixed in upstream version 2.3.3.
[1]
http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
--
To
package: php5
version: 5.2.0-8+etch13
severity: important
tags: security
hello,
php has is vulnerable to segfaulting on certain corrupted jpegs [1].
this is likely fixed in 5.3.0 since the commit to svn was made on May
28, but i haven't check the code to determine whether this is the case
or not.
Package: phpmyadmin
Version: 4:2.9.1.1-10
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for phpmyadmin.
CVE-2009-2284[0]:
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
| allows remote attackers to inject arbi
package: apache2
severity: important
version: 2.2.3-4+etch6
tags: security
apache2 in etch is vulnerable to an override vulnerability in .htaccess
[1].
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=44262
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a sub
package: clamav
version: 0.90.1dfsg-4etch16
severity: important
tags: security
hello,
clamav is vulnerable to several scanner bypass vulnerabilities [1].
note that the upstream version also appears to address some other
security-related issues as well:
* libclamav: detect and handle archives hi
package: xscreensaver
version: 4.24-5
severity: important
tags: security
xscreensaver is vulnerable to a local information disclosure
vulnerability [1].
[1] http://isowarez.de/xscreensaver.txt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscrib
1 - 100 of 254 matches
Mail list logo
