package: midori
version: 0.1.10-1
severity: wishlist
hi,
there is a new upstream version of midori. it would be great if you
have the time to prepare a new debian package. thanks!
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
# explanation given by maintainer
close 550379
there is no explanation in the bug logs. the closest thing to an
explanation is:
This is not possible for other reasons.
where the 'other reasons' are never explained. if someone can state
these reasons, i would be content to give this up if
On Sun, 18 Oct 2009 21:56:57 +0200 maximilian attems wrote:
On Sun, Oct 18, 2009 at 03:40:02PM -0400, Michael S Gilbert wrote:
# explanation given by maintainer
close 550379
there is no explanation in the bug logs. the closest thing to an
explanation
maybe there is also some confusion due to my use of the term kbuild
binary packages. i am referring to the linux-kbuild-$(uname -r)
binary packages when i say that, not the plain old kbuild binary/source
package.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with
reopen 550379
severity 550379 wishlist
thanks
On Sun, 18 Oct 2009 23:50:04 +0100 Ben Hutchings wrote:
On Sun, 2009-10-18 at 18:18 -0400, Michael S Gilbert wrote:
[...]
in one sentence, my request is for the linux-2.6 and linux-kbuild-2.6
*source* packages to be merged (they are both
On Sun, 18 Oct 2009 23:36:11 + Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the midori package:
#551513: new upstream version 0.2.0
It has been closed by Ryan Niebur
thanks for the insanely fast response time!
On Sat, 17 Oct 2009 10:51:21 + Debian Bug Tracking System wrote:
This is an automatic notification regarding your Bug report
which was filed against the xfce4-mcs-manager package:
#502925: xfce4-mcs-manager: new fonts are not available until all terminals
closed
It has been closed by
Package: dopewars
Version: 1.5.12-2
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for dopewars.
CVE-2009-3591[0]:
| Dopewars 1.5.12 allows remote attackers to cause a denial of service
| (segmentation fault) via a REQUESTJET
On Sat, 10 Oct 2009 12:28:15 +0200 Stéphane Glondu wrote:
Michael S Gilbert a écrit :
advi statically links to camlimages, which makes security updates very
complicated. please update advi to dynamically link to camlimages.
thanks.
Unfortunately, this is not possible without making
reopen 550441
thanks
On Sat, 10 Oct 2009 22:24:31 +0200 Mehdi Dogguy wrote:
AFAICS, the version of advi currently in unstable/testing (1.6.0-14+b1)
is not affected since it was built with the latest (fixed) version of
camlimages.
the specific flaw is being tracked with bug #550440, which
package: samba
version: 3.0.24-6
severity: important
tags: security
hi,
CVE-2009-2813 has been issued for samba and from the text [0], it
appears to be mac-specific; however, there is not enough information
to confirm or negate this. i have submitting a bug upstream
requesting assistance [1].
package: samba
version: 3.0.24-6
severity: serious
tags: security , patch
hi,
the following CVEs were issued for samba.
CVE-2009-2906 [0]:
| smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4
| before 3.4.2 allows remote authenticated users to cause a denial of
Package: openexr6
Version: 1.6.1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openexr6.
CVE-2009-1720[0]:
| Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow
| context-dependent attackers to cause a denial of service
On Sat, 10 Oct 2009 03:03:06 +0200 Bastian Blank wrote:
On Fri, Oct 09, 2009 at 05:49:13PM -0400, Michael Gilbert wrote:
On Fri, Oct 09, 2009 at 02:04:20PM -0400, Michael Gilbert wrote:
the linux-kbuild-2.6 source package includes portions of code from the
linux-2.6 source package (i.e.
package: curl
version: 7.19.5-1.1
severity: important
tags: security
hi,
curl implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for curl to
link to the existing
package: wget
version: 1.12-1
severity: important
tags: security
hi,
wget implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for wget to
link to the existing
package: cntlm
version: 0.35.1-5
severity: important
tags: security
hi,
cntlm implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security team), it would be very desirable (if possible) for cntlm to
link to the existing
Package: advi
Version: 1.6.0-12
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for camlimages. advi statically links to camlimages, so any
issues in that package are also applicable to advi. There were already
updates to camlimages
On Sat, Oct 10, 2009 at 12:17 AM, Micah Cowan wrote:
Michael S Gilbert wrote:
package: wget
version: 1.12-1
severity: important
tags: security
hi,
wget implements a forked version of libntlm. in order to provide
timely security support (and to reduce some of the burden on the
security
package: advi
version: 1.6.0-14+b1
severity: important
tags: security
hi,
advi statically links to camlimages, which makes security updates very
complicated. please update advi to dynamically link to camlimages.
thanks.
mike
--
To UNSUBSCRIBE, email to
package: ffmpeg
version: 0.cvs20060823-8
severity: serious
tags: security
hi,
ffmpeg has been found to be vulnerable to many crashers [0],[1]. this
may enable remote compromise of a system.
please coordinate with upstream and the security team to push out
updates for these issues.
mike
[0]
On Sat, 10 Oct 2009 07:10:51 +0200 Christian Perrier wrote:
Version: 3.4.2-1
Quoting Michael S Gilbert (michael.s.gilb...@gmail.com):
package: samba
version: 3.0.24-6
severity: serious
tags: security , patch
hi,
the following CVEs were issued for samba.
Fixed in 3.4.2
package: cupsys
version: 1.2.7-4
severity: serious
tags: security
hi,
cups may be affected by a security issue in its usb backend [0]. the
advisories state that this affects mac os x, but it is unclear if
other os'es are affected. i've submitted a bug upstream requesting
more info [1]. you
package: xscreensaver
version: 5.10-2
severity: normal
according to the xscreensaver readme, sonar has been rewritten using
opengl. in order to prevent potential problems and other badness for
non-gl users, it should be moved to the xscreensaver-gl package. thanks.
mike
--
To UNSUBSCRIBE,
On Tue, 15 Sep 2009 14:23:42 +0800 Paul Harris wrote:
2009/9/15 Patrick Matthäi pmatth...@debian.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Harris schrieb:
as stated here:
On Tue, 15 Sep 2009 19:17:43 -0700 Daniel Schepler wrote:
The 1:9-8-2 version of the driver worked fine on the same machine.
what is the output of 'lsmod | grep fglrx' and 'sudo modprobe fglrx'?
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
On Tue, 15 Sep 2009 22:51:57 -0400 Michael S Gilbert wrote:
On Tue, 15 Sep 2009 19:17:43 -0700 Daniel Schepler wrote:
The 1:9-8-2 version of the driver worked fine on the same machine.
also, this may be related to bug #542735 [0]. can you try:
$ sudo aticonfig --acpi-services=off
[0
reopen 520882
notfixed 520882 1:9-9-1
thanks
oops, i goofed up due to cross-posting by another bug submitter. this
one likely still exists.
submitter, if you can find the time to check on this bug, that would be
very helpful.
mike
--
To UNSUBSCRIBE, email to
hi,
i would be willing to adopt mathwar and amphetamine. i'm not a dd, but
do have some packaging experience. i would need a mentor to do uploads
for me.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
package: xfs
version: 1:1.0.8-4
severity: serious
the latest xfs update is currently uninstallable on unstable. the error is:
Setting up xfs (1:1.0.8-4) ...
Installing new version of config file /etc/init.d/xfs ...
usermod: user debian-xfs is currently logged in
dpkg: error processing
package: xfce4-clipman
severity: serious
version: 2:1.1.0-2
hello,
both xfce4-clipman and xfce4-clipman-plugin install the file
'/usr/share/applications/xfce4-clipman-plugin.desktop', which causes
xfce4-clipman's installation to fail:
Unpacking xfce4-clipman (from
Hi,
A new lenny release is coming soon and there are some open security
issues in poppler that I have fixed. Attached is the debdiff of the
changes.
The package can be found on mentors.debian.net:
- URL: http://mentors.debian.net/debian/pool/main/p/poppler
- Source repository: deb-src
package: xscreensaver-gl
version: 5.05-3
severity: normal
hello, on my system there is no dialog drawn when unlocking gl screensavers;
however it is still possible to enter the password and unlock the screen; there
will just be no visual feedback. this works fine for the non-gl screensavers.
package: kvm
version: 85+dfsg-4
severity: important
tags: security
hello,
since kvm embeds qemu it makes security updates/tracking more difficult,
troublesome, and potentially more prone to error/omission. i understand that
kvm is somewhat of a divergence from qemu, but if it is possible,
hello,
was any of the above information useful? anything else i can provide?
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thu, 13 Aug 2009 23:51:40 +0200 Moritz Muehlenhoff wrote:
On Mon, May 18, 2009 at 12:06:58PM -0400, Michael S. Gilbert wrote:
Package: linux-2.6
Severity: important
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for linux-2.6
On Mon, 10 Aug 2009 23:01:36 -0500, Peter Samuelson wrote:
CVE-2009-2663[0]:
| libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
| 3.5.x before 3.5.2 and other products, allows context-dependent
| attackers to cause a denial of service (memory corruption and
|
On Tue, 11 Aug 2009 11:47:50 +0200, Alexander Sack wrote:
On Mon, Aug 10, 2009 at 07:47:29PM -0400, Michael S Gilbert wrote:
Package: xulrunner
Version: 1.9.1.1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published
reassign 540862 libxerces2-java
thanks
this appears to be a flaw in the xerces xml parser. see previous
discussion and pdf.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
severity 532689 important
thanks
denial-of-services are not serious. this should probably be fixed
with CVE-2009-0642 which is actually serious. please coordinate with
the security team to prepare updates for the stable releases on these.
--
To UNSUBSCRIBE, email to
package: python-matplotlib
severity: wishlist
a new version of matplotlib has been released in the last few days [0].
this is a request for this to be packaged for debian. thanks!
[0] http://matplotlib.sourceforge.net/_static/CHANGELOG
--
To UNSUBSCRIBE, email to
On Wed, 12 Aug 2009 00:35:53 +0200, Sandro Tosi wrote:
Hi Michael,
On Wed, Aug 12, 2009 at 00:25, Michael S.
Gilbertmichael.s.gilb...@gmail.com wrote:
package: python-matplotlib
severity: wishlist
a new version of matplotlib has been released in the last few days [0].
this is a
On Mon, 10 Aug 2009 08:17:44 +0200, sean finney wrote:
hi michael,
On Sun, Aug 09, 2009 at 10:57:09PM -0400, Michael S. Gilbert wrote:
maybe it's just me, but dealing with issues in multiple releases with
the debian bts is non-obvious and a major pain. is the *right* way
to do
On Mon, 10 Aug 2009 18:05:57 +0200, Nico Golde wrote:
maybe it's just me, but dealing with issues in multiple releases with
the debian bts is non-obvious and a major pain. is the *right* way
to do this documented somewhere?
http://wiki.debian.org/BugsVersionTracking maybe helps you.
package: apache2
version: 2.2.3-4+etch6
severity: important
tags: security
it has been dislosed that apache (and potentially other web servers)
can be used to port scan behind a firewall. i don't think this issue
issue too severe, but a firewall bypass nevertheless is probably not a
good thing.
On Mon, 10 Aug 2009 08:24:06 -0500, Gunnar Wolf wrote:
Michael S. Gilbert dijo [Sun, Aug 09, 2009 at 11:58:04PM -0400]:
I tried testgem downloaded from
http://bugs.gentoo.org/show_bug.cgi?id=278566.
% sudo gem install testgem-0.0.1.gem
Successfully installed testgem-0.0.1
1
i guess i'll just deal with the broken system as is...
I'm sure Don welcomes constructive criticism ;)
ok, i'll put together a constructive bug report when i have the chance.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
On Mon, 10 Aug 2009 07:58:33 +0200, Yves-Alexis Perez wrote:
On dim, 2009-08-09 at 23:22 -0400, Michael S Gilbert wrote:
yes, it is xfdesktop. removed 'Desktop', ran 'xfdesktop' and it was
back. i straced xfdesktop, but there was no reference to 'Desktop'.
would it be useful to attach
package: websvn
severity: normal
hello, trying to look at the blame for large files in websvn is
excruciatingly slow. for example, try to see the blame for:
http://svn.debian.org/wsvn/secure-testing/data/CVE/list
i waited over two hours and the page still had not generated the blame.
thanks
package: apt-file
severity: minor
since apt-file can now be run as non-root, it no longer needs to say
that is a requirement in its postinst script.
i.e. change the text You need to run 'apt-file update' as root to
update the cache to You need to run 'apt-file update' to update the
cache.
--
Package: libvorbis
Version: 1.1.2.dfsg-1.4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libvorbis.
CVE-2009-2663[0]:
| libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
| 3.5.x before 3.5.2 and other products,
package: xulrunner
severity: important
tags: security
hello, it seems that xulrunner embeds the libvorbis library in its
source code. this is bad since it makes security updates much more
difficult and troublesome. please modify the package to use the
system libvorbis. thank you.
--
To
Package: xulrunner
Version: 1.9.1.1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xulrunner.
CVE-2009-2663[0]:
| libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and
| 3.5.x before 3.5.2 and other products, allows
package: rubygems1.9
version: 1.3.1
tags: security
severity: serious
hello, it has been disclosed thet a specially crafted gem archive could
be used to overwrite system files. confirmed for 1.3.x, but older
versions may also be affected. please check and help the security
team prepare updates
package: php5
version: 5.2.0-8+etch13
severity: important
tags: security
hello, it has been disclosed that php is vulnerable to a buffer
over-read in versions befor 5.2.10. see:
http://secunia.com/advisories/35441/
http://www.vupen.com/english/advisories/2009/1632
--
To UNSUBSCRIBE, email
On Sun, 09 Aug 2009 15:34:18 +0900 Daigo Moriwaki wrote:
Hello Michael,
Michael S. Gilbert wrote:
package: rubygems1.9
version: 1.3.1
tags: security
severity: serious
hello, it has been disclosed thet a specially crafted gem archive could
be used to overwrite system files
On Sun, 9 Aug 2009 21:02:36 -0500 Raphael Geissert wrote:
On Sunday 09 August 2009 01:13:42 Michael S. Gilbert wrote:
hello, it has been disclosed that php is vulnerable to a buffer
over-read in versions befor 5.2.10. see:
You already reported it as #535888, there's no need to report
On Sun, Aug 9, 2009 at 3:10 PM, Yves-Alexis Perez wrote:
I don't know how to find the culprit, but knowing if it's xfdesktop is
easy. Just remove Desktop/ and restart xfdesktop. Maybe stracing it, and
you'll be sure.
yes, it is xfdesktop. removed 'Desktop', ran 'xfdesktop' and it was
back. i
On Sun, 9 Aug 2009 11:00:50 +0200 Sylvain Le Gall wrote:
Hello,
On Sat, Aug 08, 2009 at 11:01:45PM -0400, Michael S. Gilbert wrote:
reopen 535909
fixed 535909 1:3.0.1-3
thanks
This bug has been solved with 1:3.0.1-2 before the bug was opened.
thanks for the update. please
On Sun, 09 Aug 2009 17:01:38 +0900 Daigo Moriwaki wrote:
Hello Michael,
Michael S. Gilbert wrote:
In Debian, executables from gems install into a particular directory
specific to
RubyGems such as /var/lib/gems/{1.8|1.9.0}/bin instead of the system
directory
/usr/bin. There should
reopen 535909
fixed 535909 1:3.0.1-3
thanks
This bug has been solved with 1:3.0.1-2 before the bug was opened.
thanks for the update. please coordinate with the security team to
prepare updates for the stable releases.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
On Sat, 8 Aug 2009 06:17:01 +0200 Yves-Alexis Perez wrote:
On Fri, 7 Aug 2009 20:43:16 -0400
Michael S Gilbert michael.s.gilb...@gmail.com wrote:
i reported this upstream [0], but they were unable to reproduce.
perhaps this is an issue specifically with the debian package?
Are you sure
package: php5
version: 5.2.0-8+etch13
severity: serious
tags: security , patch
it has been disclosed that php is potentially vulnerable to remote
memory dislosure [0]. patches are available for 5.2.10 and 5.3.0, but
older versions are likely affected (as well as php4). please check and
package: php5
version: 5.3.0
severity: important
tags: security , patch
it has been disclosed that php is potentially vulnerable to an
'open_basedir' bypass [0]. the advisory says that only 5.3.0 is
affected, but it would be useful to check that older versions
are safe.
[0]
the 2.8.1 fix is incomplete, and is now claimed fixed in 2.8.3. see:
http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
http://core.trac.wordpress.org/changeset/11765
http://core.trac.wordpress.org/changeset/11766
http://core.trac.wordpress.org/changeset/11768
package: initscripts
severity: important
tags: security
hello, mandriva issued the following advisory [0],[1],[2] for
initscripts. supposedly part of the user's wireless key is logged. i
don't use WPA, so i can't verify this on debian, but it is worth checking.
[0]
package: xfdesktop4
version: 4.6.1-1
severity: normal
hello,
as of the xfce 4.6 transition to untsable, there is a 'Desktop'
directory created
in the user's home folder by default, which always reappears shortly after
deletion (this did not occur in 4.4 and earlier). i personally always set the
tag 524806 patch
thanks
derived from ubuntu's 0.5.1 patch, here is a patch set for etch's
0.4.5. i am fairly certain all of these CVEs are addressed in this one.
note vulnerable code not present in etch for CVE-2009-0755/1188.
please test; i've done some basic testing with existing pdfs on my
package: xserver-xorg-input-evdev
version: 1:2.2.3-1
severity: important
hello, i recently upgraded unstable on one of my kvm instances and
subsequently lost support for mousewheel scroll.
xserver-xorg-input-evdev was among the packages upgraded, and is my
best guess for the problematic package
On 7/31/09, Julien Cristau wrote:
kthxbye
please file bugs with reportbug, so essential information is not missing
from your reports.
thanks,
Julien
what do you want to know?
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
/var/lib/x11/X.md5sum does not exist.
X server
oops, the previous reportbug output was for the kvm instance without
-usb -usbdevice tablet. the following is for the kvm instance with
that option enabled:
-- Package-specific info:
/var/lib/x11/X.roster does not exist.
/var/lib/x11/X.md5sum does not exist.
X server symlink status:
lrwxrwxrwx
package: openssl
version: 0.9.8
severity: important
tags: security
it has been disclosed that ssl applications can be tricked via
inauthentic certificates containing null characters [0]. i have not
personally checked whether openssl is affected by this, but since this
is newly disclosed, it is
[0] http://www.wired.com/threatlevel/2009/07/kaminsky/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
package: libio-socket-ssl-perl
version: 1.01-1
severity: serious
tags: security , patch
a security issue has been fixed in the latest upstream version of
libio-socket-ssl-perl [0]. see patch [1]. please coordinate with the
security team to prepare updates for the stable releases. thank you.
package: mediawiki
version: 1:1.15.0-1
severity: serious
tags: security
hello, multiple vulnerabilies have been fixed in upstream mediawiki
1.15.1 (these problems did not exist before 1.14.0, so lenny/etch are
not vulnerable) [0]. please update unstable to this version. thanks.
[0]
package: htmldoc
version: 1.8.27-2
severity: serious
tags: security , patch
hello, a security advisory has been issued for htmldoc [0]. patches
available from gentoo [1]. please coordinate with the security team to
prepare updates for the stable releases. thank you.
[0]
while this bug is still open, would it make sense to disable the gcc
option/optimization/bug/flaw that allows this vulnerability to exist?
the -fno-delete-null-pointer-checks flag will completely disable
this option kernel-wide [1].
obviously there is a tradeoff here. the null pointer
package: moonlight-plugin-mozilla
version: 1.0.1-3
severity: important
hello, i just tried out the moonlight plugin, but it doesn't appear to
work out of the box. steps to reproduce:
1. $ sudo apt-get install moonlight-plugin-mozilla
2. $ iceweasel http://research.microsoft.com/tuva
3. observe
package: dbus
version: 1.2.16-1
severity: grave
hello, dbus is currently uninstallable on sid; erroring with the
following message:
chown: cannot access `/usr/lib/dbus-1.0/dbus-daemon-launch-help': No
such file or directory
this can be fixed with a 'mkdir -p':
$ sudo mkdir -p
package: iceweasel
version: 3.5
severity: critical
tags: security
hello, a remote shellcode injection has been disclosed for firefox [0],
[1]. the advisory says that version 3.5 has been verified as
vulnerable, but older versions are very likely susseptable as well. i
have not checked.
this is
forwarded 537104 https://bugzilla.mozilla.org/show_bug.cgi?id=504237
thanks
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: apache2
Version: 2.2.3-4+etch6
Severity: serious
Tags: security , patch
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for apache2.
CVE-2009-1890[0]:
| The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
| module in the Apache HTTP Server
reopen 535488
reopen 535489
thanks
On Sat, 11 Jul 2009 17:20:46 +0200 Martin Pitt wrote:
Hello Michael,
Michael S. Gilbert [2009-07-02 12:35 -0400]:
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for cups.
CVE-2009-0791[0]:
| Multiple integer
package: wordpress
version: 2.0.10-1etch3
severity: serious
tags: security
an advisory, CORE-2009-0515, has been issued for wordpress. there are issues
with unchecked privilidges and many potential information disclosures. see [1].
this is fixed in upstream version 2.8.1. please coordinate
package: mysql-dfsg-5.0
version: 5.0.32-7etch8
severity: important
tags: security
hello, it has been disclosed that mysql has a post-authentication
format string vulnerability [1]. according to that message, affected
versions are claimed to be 5.0.45 and older, which would mean that lenny
and
reopen 535888
fixed 535888 5.2.10.dfsg.1-2
thanks
thanks for fixing this issue! reopening to continue tracking in
etch/lenny, which haven't been fixed yet.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Fri, 10 Jul 2009 10:26:22 -0500, Raphael Geissert wrote:
close 535888
found 535888 5.2.6.dfsg.1-1+lenny3
found 535888 5.2.9.dfsg.1-4
fixed 535888 5.3.0-1
thanks
On Friday 10 July 2009 10:14:08 Michael S. Gilbert wrote:
reopen 535888
fixed 535888 5.2.10.dfsg.1-2
thanks
thanks
i probably should have asked whether you think that this issue warrants
a DSA, would be good for an SPU, or whether you think it is
unimportant. if this can be considered unimportant, then yes, i agree
the bug should be closed, but if there do need to be stable updates,
then i think that the bug
On Mon, 6 Jul 2009 21:44:44 +0200 Thijs Kinkhorst wrote:
version 1:1.5.2-5 that I released to unstable is suitable for stable
aswell. Prior to this bugfix unstable and stable both contained
version 1:1.5.2-4. Attached is a patch with the fix. Do you want me to
build it for stable aswell?
fixed 534497 3.6.8-1
thanks
version in unstable is fixed
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
forwarded 532520
http://lists.gnu.org/archive/html/lynx-dev/2009-07/msg0.html
thanks
it looks like the lynx situation for this issue isn't so simple.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
from some of the upstream discussion, it looks like libbsd provides an
arc4random cryptographically secure PRNG, which lynx prefers when
available. an appropriate fix for this issue thus would be to depend on
libbsd0 and make sure lynx makes use of its arc4random.
mike
--
To UNSUBSCRIBE,
package: xscreensaver
version: 4.24-5
severity: important
tags: security
xscreensaver is vulnerable to a local information disclosure
vulnerability [1].
[1] http://isowarez.de/xscreensaver.txt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
package: clamav
version: 0.90.1dfsg-4etch16
severity: important
tags: security
hello,
clamav is vulnerable to several scanner bypass vulnerabilities [1].
note that the upstream version also appears to address some other
security-related issues as well:
* libclamav: detect and handle archives
package: apache2
severity: important
version: 2.2.3-4+etch6
tags: security
apache2 in etch is vulnerable to an override vulnerability in .htaccess
[1].
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=44262
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Package: phpmyadmin
Version: 4:2.9.1.1-10
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for phpmyadmin.
CVE-2009-2284[0]:
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
| allows remote attackers to inject
package: php5
version: 5.2.0-8+etch13
severity: important
tags: security
hello,
php has is vulnerable to segfaulting on certain corrupted jpegs [1].
this is likely fixed in 5.3.0 since the commit to svn was made on May
28, but i haven't check the code to determine whether this is the case
or
package: rails
version: 1.1.6-3
severity: serious
tags: security
hello,
it has been found that rails is vulnerable to a password bypass [1]. this will
be
fixed in upstream version 2.3.3.
[1]
http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
--
To
package: camlimages
version: 2.20-8
severity: serious
tags: security
hello,
camlimages is vulnerable to several integer overflows [1]. this has
not yet been fixed upstream, but has been addressed by redhat [2].
[1] http://www.ocert.org/advisories/ocert-2009-009.html
[2]
reopen 534973
fixed 534973 1:1.5.2-5
thanks
hello,
please assist the security team to prepare updates for this issue in
the stable releases. thank you.
mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
1 - 100 of 231 matches
Mail list logo