Package: nm.debian.org
Severity: normal
Tags: security
Cross site scripting bugs with possible security impact on nm.debian.org:
https://nm.debian.org/public/person/%3Cbody%20onload=alert%28%27XSS%27%29%3E
https://nm.debian.org/public/process/%3Cbody%20onload=alert%28%27XSS%27%29%3E
Thanks for l
Hi again,
it's two years later - I'm not sure whether or not this site has yet
been upgraded to the new codebase Christoph (Myon) referred to. But it
looks like there are still/again SQL injection issues present:
https://nm.debian.org/nmstatus.php?email='
I'm sending this in a public bug report
Package: apache2.2-common
Version: 2.2.9-10+lenny9
Severity: wishlist
Tags: security
The default SSL configuration found on lenny (and - without having
checked - I think on squeeze and sid, too) is to use this cipher suite:
SSLCipherSuite HIGH:MEDIUM:!ADH
Lenny's openssl 0.9.8g-15+lenny11 makes
Package: flashplugin-nonfree
Version: 1:2.8.1
As per Adobe security advisory APSB10-16 [1] Flash player 10.1.82.76 is
available, fixing several critical security issues (as usual):
> This update resolves a memory corruption vulnerability that could lead to
> code execution (CVE-2010-0209).
> Th
Package: sudo
Version: 1.6.9p17-2+lenny1
Severity: important
When invoking sudo with -u, passing an invalid (or valid but not
matching/existing) UID value, it segfaults.
r...@pepper:~# sudo -u \#-1
Segmentation fault
r...@pepper:~#
Please ensure this is not a security issue.
Kernel: Linux 2.6
The patch by Daniel J Blueman should fix this:
> https://bugs.launchpad.net/ubuntu/+source/microcode.ctl/+bug/569488/comments/4
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: medusa
Version: 1.5-1
Severity: wishlist
Medusa 2.0 is available at http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz
(released in February)
Changelog:
http://www.foofus.net/jmk/tmp/ChangeLog
Release Announcement:
http://www.securityfocus.com/archive/101/509569
It would be nice to hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Norman,
Norman Messtorff schrieb:
> thank you for the feedback!
...thanks for yours!
> I've worked the most stuff of upstream's .deb and there are one minor
> and one critical bug which I want to be fixed in the next weeks. Then
> I'll contact
Package: taxbird
Version: 0.14-1
Severity: normal
(Probably) same here. When sending as test case (incompletely filled form, not
exported to Coala XML, no signature, call Geier, do not print transmission
protocol via taxbird-print-helper, do not store protocol to file) I get:
> Program received
one of my tests also caused a postgresql SQL error to be displayed
(which can be an indication of an SQL injection vulnerability).
Unfortunately I did not note it down nor do I know how exactly to
reproduce it. If you have logs, please review them.
--
To UNSUBSCRIBE, email to debian-bugs-dist-
Package: nm.debian.org
Severity: normal
Tags: security
The GPG key signing coordination utility does not seem to attamept to validate
user inputs. As a result, it is possible to create a new signing offer or
requestaccount and fill in some HTML or script code which may
* steal other https://nm
Package: nm.debian.org
Severity: normal
Tags: security
Hi,
there's an XSS issue here:
https://nm.debian.org/gpglogin2.php?username=%22%20onmouseover%3Ddocument.location%3DString.fromCharCode%28104,116,116,112,58,47,47,114,101,100,104,97,116,46,99,111,109%29%2F%2F
Once you have this URL loaded,
Norman Messtorff wrote:
> Now we are waiting for the 2.3 release of Postfix Admin to start with a
> good tested release in Debian.
postfixadmin 2.3 is available since Oct 26 at
http://sourceforge.net/projects/postfixadmin/files/
I use upstreams' .deb on an i386 Debian Etch system and it works wel
Package: tiger
Version: 3.2.2-11
Severity: normal
Tags: patch
According to /usr/share/doc/tiger/README.ignore and TIGER(8) the lines in
/etc/tiger/tiger.ignore will be interpreted as extended regular expressions. As
such, two of the rules coming with tiger on Debian are incorrect and will never
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please note that I have sent a patch introducing input validation for
buildd.php to Adeodato Simó on Nov 29th 2008.
I can resend this patch here if you do not mind this becoming public.
Moritz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GN
On Mon, 24 Nov 2008 22:52:25 +0100, Adeodato Simó <[EMAIL PROTECTED]>
wrote:
>> Am Samstag, den 01.11.2008, 17:47 +0100 schrieb Moritz Naumann:
>>> Let me know if you need any help fixing these.
>
> I would welcome help in fixing these, yes. What do you need, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please find attached a simple patch for this issue which applies to
mailman 2.1.9-7.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREKAAYFAkkOATkACgkQn6GkvSd/Bgwy8ACfczQBGCk9ZUlUSe53Or+yuDob
wGEAnRAOM73iGSOBYHItPA3FZBRjKcJs
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> If this problem is uncommon or only affects users with a deprecated setup,
> let's not worry about it. GRUB 2 handles this in a completely different way,
> so our effort is most likely not going to pay back.
I just upgraded t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> I think the usual thing to find in that output are physical devices instead
> of /dev/dm-X.
>
> What other special things are in your setup that we should know about? Are
> you using LVM / EVMS or something like that?
No LVM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> Please try:
>
> mdadm -D -b /dev/md0
> mdadm -D /dev/md0
> debby:~# mdadm -D -b /dev/md0
> ARRAY /dev/md0 level=raid1 num-devices=1 spares=1
> UUID=b36bed37:7b1ca284:5f985e7d:0ec83b51
> debby:~# mdadm -D /dev/md0
> /dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> On Sun, Jul 27, 2008 at 03:07:41PM +0200, Moritz Naumann wrote:
>> debby:~# /usr/sbin/grub-probe -t device /boot
>> /dev/md0
>>
>> debby:~# /usr/sbin/grub-probe -t device /
>> /dev/md2
>
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Felix Zielcke wrote:
> Am Sonntag, den 27.07.2008, 15:07 +0200 schrieb Moritz Naumann:
>
>> Unfortunately, it doesn't work with 1.96+20080724-2 either:
>
> I just saw that PATH contains /usr/local before /usr, I always th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Felix Zielcke wrote:
> Please see the message above in the report, The patch from Robert is in
> 1.96+20080724-2 not -1 which you have installed.
>
Ah, my bad. Thanks for the hint, Felix.
Unfortunately, it doesn't work with 1.96+20080724-2 either:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> [..] Simply run from your build dir:
>
> ./grub-probe -t device /
> ./grub-probe -t device /boot
>
> Instead of /dev/dm-X, it should print /dev/md0 or /dev/md2.
While this worked, installing the new grub-common package (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> [..] Simply run from your build dir:
>
> ./grub-probe -t device /
> ./grub-probe -t device /boot
>
> Instead of /dev/dm-X, it should print /dev/md0 or /dev/md2.
It does :-) :
debby:~/grub2-1.96+20080704# ./grub-probe -t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Felix Zielcke wrote:
> ./configure; make install installs everything to /usr/local not /usr
> and /usr is before /usr/local in PATH
> update-grub is just a bash script which invokes some commands
I realized this, thanks for making me aware though. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> Does this patch (for grub-common) fix the problem?
While the patch applies fine and I can compile using
"./configure; make", I cannot rebuild the deb using debuild:
> debby:~/grub2-1.96+20080704# export LANG=en_US.UTF-8
> deb
Package: grub
Version: 0.97-41
Severity: important
I'm unable to install any linux (kernel) security updates or any other
kernels at all. Whenever I try to installa new kernel image (and thus
run update-grub) I get this:
> Running postinst hook script /usr/sbin/update-grub.
> Searching for GRUB i
Package: emdebian-tools
Severity: grave
Tags: security
I'm not providing additional technical information or ways to reproduce
this issue since - while a patch is available - I cannot verify whether
or not there are other vulnerable installations out there.
Please feel free to get in touch with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This appears have been caused by a local routing issue.
Still, it would be nice to have a timeout occur there and to possibly
inform the user about the source of this issue (unless this introduces a
vulnerability).
-BEGIN PGP SIGNATURE-
Versi
Package: login
Version: 1:4.0.18.1-7
Severity: important
Filing this bug against login is a pure guess, I just don't know any
better - sorry.
I'm having trouble logging into this system which uses NIS and NFS shares. When
I attempt to authenticate with incorrect credentials behavior is as
expect
Package: flashplugin-nonfree
Version: 1:1.5
Severity: normal
flashplugin-nonfree depends on the availability of people.debian.org,
however, no Debian package should depend on availability of this server.
Actually, no installation or removal scripts should depend on
availability of any server, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Same problem here.
This is because the prerm script attempts to download files from
http://people.debian.org (using wget), which is not currently available,
and fails to generate a timeout.
Which leads to the question: why does a removal script nee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert Millan wrote:
> On Wed, May 14, 2008 at 08:06:50PM +0200, Moritz Naumann wrote:
>> Package: grub
>> Version: 0.97-38
>> Severity: normal
>>
>> When running update-grub, I have this output:
>>
Package: grub
Version: 0.97-38
Severity: normal
When running update-grub, I have this output:
# update-grub
Searching for GRUB installation directory ... found: /boot/grub
grub-probe: error: /boot/grub/device.map:2: Duplicated entry found
#
This did not happen with older versions of grub-legacy
Package: php5
Version: 5.2.0-8+etch10
Tags: security, upstream, fixed-upstream, etch, lenny
http://www.php.net/ChangeLog-5.php lists several security fixes which are
included in upstream PHP 5.2.6:
* Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei
Nigmatulin)
--> CVE-2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Sorry for the broken formatting of my last email.
Bart Martens wrote:
> Does this work ?
>
> man update-flashplugin-nonfree
yes
> update-flashplugin-nonfree --install
yes
Unfortunately, I was not aware of the update-flashplugin-nonfree script.
I
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
Received: from janus.zertificon.com [213.23.92.1] with HTTP/1.1 (POST); Fri, 11
Apr 2008 09:55:58 +
User-Agent: freeIT.org Webmail
Content-Type: text/plain; charset="UTF-8"
Content-Transf
Package: flashplugin-nonfree
Version: 1:1.4~bpo40+1
Severity: grave
Tags: security
Justification: user security hole
Adobe has released v9.0.124.0 which is supposed to provide fixes for
CVE-2007-5275
CVE-2007-6243
CVE-2007-6637
CVE-2007-6019
CVE-2007-0071
CVE-2008-1655
CVE-2008-1654
http://www.a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I apparently misunderstood the format pof this config file.
The line
## Comments are marked like this. The rest of the file is INI-style.
combined with other lines such as
# OperPassword = ChangeMe!
made me think that lines starting with just a
Package: iceweasel
Version: 2.0.0.12-0etch1
Severity: normal
It appears that in some or all cases, the confirmation prompt window which is
displayed when a user connects to a URL containing a username (and optional
password) in the form of http://USER[:[EMAIL PROTECTED]/, will display a
questio
Package: rkhunter
Version: 1.3.0-1
Severity: wishlist
Please add the following to the commented out INETD_ALLOWED_SVC section
in the config file:
#INETD_ALLOWED_SVC=/usr/sbin/tcpd
tcpd is used by some Debian packages, such as bitlbee.
Also, please add these entries to the ALLOWPROCDELFILE sectio
Package: rkhunter
Version: 1.3.0-1
Severity: minor
Missing letter 't' in README.Debian at position 34,48.
In the same file, at position 35,6, there is a reference to a file named
/var/lib/rkhunter/db/rkhunter.db. This file is actually called
/var/lib/rkhunter/db/rkhunter.dat.
rkhunter also suppo
Package: rkhunter
Version: 1.3.0-1
Severity: normal
rkhunter reports:
[04:00:02] Performing filesystem checks
[04:00:02] Info: Starting test name 'filesystem'
[04:00:02] Info: SCAN_MODE_DEV set to 'THOROUGH'
[04:00:47] Checking /dev for suspicious file types [ Warning ]
[04:00:47] Warnin
Package: rkhunter
Version: 1.3.0-1
Severity: wishlist
rkhunter supports running tripwire (check for "software intrusions") and
so the package should suggest it.
In addition to supporting wget (as mentioned in README.Debian) it also
supports curl, links, elinks and lynx, according to upstreams'
RE
Package: rkhunter
Version: 1.3.0-1
Severity: normal
Tags: l10n
Not having run rkhunter before, I edited the config file and set it to
use 'de' as locale (which does not yet exist).
$ rkhunter --propupd
The language specified is not available: de
Use the '--list languages' option to see the list o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
I'd like to second this. It may be worth replacing the current stock
vserver <=4GB kernel images by bigmem ones, so the maintenance work
remains more or less the same as now. I think systems in the need of
both vserver and bigmem support are not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: win32-loader
Version: 0.6.0~pre3
Severity: critical
Tags: security
Justification: root security hole
The default boot option used by this package contains the following:
preseed/url=http://goodbye-microsoft.com/runtime/preseed.cfg
As seen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
SILC Toolkit 1.1.1 has just been released, containing fixes for "over 20
bugs, most of them security fixes", compared to 1.1.0.
It would be very nice to have a usable package crafted from any
mantained upstream branch at some point. Thanks for putti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
An upgrade would indeed be nice and somewhat neccessary.
There have been a lot of changes:
http://silcnet.org/docs/changelog/SILC%20Toolkit%201.0.2
Release notes for 1.0.2 (it says '1.0.1' which is incorrect):
http://silcnet.org/docs/release/SILC%2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
are there any news on this?
Thomas, did you get around to sort out the assumed licensing issue?
jacORB 2.3.0 has been released on Feb 17th 2007, maybe it's worth giving
it another look?
http://www.jacorb.org/releases/2.3.0/REL_NOTES
Thanks in a
Package: nvidia-kernel-legacy-2.6.18-3-486
Version: 1.0.7184+5
Severity: wishlist
Currently, the legacy versions of the binary kernel modules use exactly
the same package description as the current packages. As such, it's not
possible to determine the difference between the legacy and non-legacy
v
Package: logcheck
Version: 1.2.47
Severity: wishlist
I'm running logcheck with an extended set of regular expressions on a
desktop system. The CPU load of this system is normally very low, around
3%-5%. When logcheck starts scanning the logs, the CPU usage increases
to 100% for several minutes and
Package: logcheck
Version: 1.2.47
Followup-For: Bug #295560
This patch does not work for me in 1.2.47.
Here's a (quick and dirty) way to determine the line number of a broken
regular expression in a logcheck rule file. It doesn't solve the problem
of not so useful output on cron jobs, though.
#!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Thijs,
Thijs Kinkhorst wrote:
> I don't think this is in any way an issue, even not with "normal"
> severity.
in my opinion, it remains a bug for the reasons given below. Personally,
I don't really care whether or not it's changed/fixed, though.
Package: qa.debian.org
Severity: normal
The following URLs demonstrate that it is possible to inject client side
script (such as Javascript) and HTML tags into the HTML form (1) and error
message (2) output generated by the "advanced [PTS] subscription" script.
(1)
http://packages.qa.debian.org
Package: mysql-server-5.0
Version: 5.0.24-3
Severity: normal
When Mysql starts up, it reports:
/etc/mysql/debian-start[575]: /usr/bin/mysql_upgrade: unknown variable
'host=localhost'
This variable is found in /etc/mysql/debian.cnf:
# Automatically generated for Debian scripts. DO NOT TOUCH!
[clie
According to the timeline of
http://bugzilla.gnome.org/show_bug.cgi?id=126468
and the mention of this bug in the "past notes on improvement" section on
http://www.gnome.org/projects/gconf/plans.html
upstream has not been unable to, not sufficiently interested in or
discarded plans to fix this i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354683;msg=19
and
http://idssi.enyo.de/tracker/CVE-2006-0207
claim CVE-2006-0207 would not apply to sarges' 4.3.10-16. However, it
does apply.
The false assumption that the advisory by Stefan Esser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Alex,
this was just patched in Firefox, see Bug#371153. You were planning to
look into why SSL2 has not been disabled in the 1.5 series upstream.
Have you been able to research this, yet?
Thanks,
Moritz
-BEGIN PGP SIGNATURE-
Version: GnuPG
Package: harden-doc
Severity: minor
I just came across a broken link in the 'Securing Debian' manual at
http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html#s-debian-sec-team
Chapter 7.1, last but one paragraph, contains this broken link:
debian-security-announce
Obviously the pr
Package: qa.debian.org
Severity: minor
The search / redirection
http://packages.qa.debian.org/common/index.html
points to may provide unexpected results in some cases.
For example, put a single dot into the search box and submit the search.
http://packages.qa.debian.org/common/index.html?src=.
The vulnerable lines and the developers' counter measure can be inspected at
http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/view_all_set.php?r1=1.60&r2=1.61
The package state is as follows:
STABLE
The package in Debian stable is currently at version 0.19.2-5sarge2:
http://packages.debia
Package: proftpd
Version: 1.3.0-8
Severity: minor
In cases where the
IPv6 getaddrinfo 'your_host_name' error: Name or service not
known
error occurs, README.Debian suggests editing /etc/hosts and, in case of
a statically assigned IP address, to add an IPv4 mapped IPv6 address [1]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florian Weimer wrote:
> The whitepaper you referenced describes a vulnerability in web
> proxies. The sqwebmail vulnerability could be used to exploit it, but
> then you could also direct the victim to a completely rogue web server
> under your contro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here's a whitepaper on this issue, called HTTP Response Splitting, in
case you're interested in the backgrounds.
http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
The code quoted above makes me, too, think this needs to be
Package: metche
Severity: normal
When setting up metche using debconf for the first time (and only then,
it seems), selecting 'single changelog file' and providing a custom
changelog location, this location is not written to /etc/metche.conf.
Insetad, the default value of CHANGELOG_FILE="/root/Ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander Sack - Debian Bugmail wrote:
> yes, a security issue but not a blocker IMO.
I agree. I'm still in the process of getting acquainted with the Debian BTS.
> Anyway, I will do some
> research on this. I don't remember exactly why mozilla deci
Package: thunderbird
Version: 1.5-4
Severity: grave
Tags: security
Justification: user security hole
SSL v2 encryption is been considered insecure because of design flaws
and weak ciphers [1], as such security.enable_ssl2 = false should be set
by default. However, currently this package accepts S
This bug is rather old by now, is it still relevant?
Unfortunately, Internet Explorer 5.5 is still used by a notable amount
(~3%) of users, some of which may be badly maintained internet cafes, so
it may still be relevant. Seemingly the many unpatched flaws in IE v5.x
and 6.x have still not convin
Package: courier-imap-ssl
Version: 3.0.8-13
Severity: normal
TLS/SSL session caching, an experimental feature, is activated by
default.
It causes issues with Mozilla Thunderbird MUA v1.0.7 and
v1.5.x, if the client uses SSL connection and 'Maximum number of server
connections' set set to a value
Package: bamboo
Severity: minor
Anchors contained in URLs are lost when authentication is required to
view the related page.
For example, if an URL such as
http://my.host/view/protected/page/#anchor1
is clicked on, and this points at a view protected page which requires
you to login first, t
Did I say "Please mark this a duplicate of 359905 and close."?
Of course, I meant "Please mark this a duplicate of 359906 and close".
I did not *mean to* destroy your day.
/me looking for a good place to hide away.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". T
I'm sorry for this. Please mark this a duplicate of 359905 and close.
Thanks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: php5
Version: 5:5.1.2-1
Severity: grave
Tags: security
Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.
Quoting Stefan Esser:
> The bug is a binary safety issue in html_ent
I'm sorry for this. Please mark this a duplicate of 359906 and close. I
will file a seperate bug against the php5 package. Thanks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: php4
Version: 5:5.1.2-1
Severity: grave
Tags: security
Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.
Quoting Stefan Esser:
> The bug is a binary safety issue in html_ent
Package: php4
Version: 4:4.4.2-1
Severity: grave
Tags: security
Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.
Quoting Stefan Esser:
> The bug is a binary safety issue in html_ent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: php4
Version: 4:4.4.2-1
Severity: grave
Tags: security
Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing
partial working memory contents on some PHP applications.
Quoting Stefan Esser:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Unfortunately, the magic.mime bug stops several other packages from
working correctly.
In combination with a default syscp setup it results in a mail flooded
inbox due to cronjobs running every 5 mins.
A workaround is provided at:
http://forum.lightt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Unfortunately, the magic.mime bug stops several other packages from
working correctly.
In combination with a default syscp setup it results in a mail flooded
inbox due to cronjobs running every 5 mins.
A workaround is provided at:
http://forum.lightt
Peter Palfrader schrieb:
>
> Is Tor 0.1.0.16 still broken with your openssl? What about 0.1.1.x?
> Did we ever change anything with that or did the problem go away?
Hi Peter,
I'm currently using Tor 0.1.0.16-1 and openssl 0.9.8a-5. Tor works fine
for me. It felt like the problem faded away slow
Please note that there have been security issues in tattle versions
before 0.3.0 as reported by b0iler on Bugtraq [1].
An updated release of tattle which fixes this issue is available on the
new website [2] of its developer, Mr. C.J. Steele.
Though much has been improved since the initial release
Package: file-roller
Version: 2.10.4-2
Severity: important
File-roller seems to incorrectly set passwords on .zip files.
While I can set a password using file-roller and create a password protected
archive just fine, and can also extract files from this archive fine using
file-roller (after res
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi again,
a friend has investigated this further and sent me this report:
> __malloc_initialize_hook should probably not be called - which would
> mean that there is something wrong with libcrypto.so.
>
> If you look at
> int EVP_CIPHER_CTX_cleanup(
Package: gobby
Version: 0.2.2-2
Followup-For: Bug #337047
I'm running into the same problem. Here's the (stripped down) output when
running it under valgrind:
$ valgrind --leak-check=full gobby >valgrind.log 2>&1
[..]
==10948== Using valgrind-2.4.0, a program supervision framework for x86-linux.
Peter Palfrader schrieb:
> Please install the tor-dbg to your tor binary package as well and send
> us a backtrace.
see below.
> Is there anything interesting in the log?
Nothing at all.
> What was the previous version
> which worked fine for you?
Hmm, I wouldn't know how to determine the vers
Package: apache
Followup-For: Bug #307798
Hi,
it's a pity that this problem persists, as it breaks functionality of many
common web applications, and does not match expected behaviour.
This also seems to be an easily fixable bug.
I propose to keep the 'icons' alias as it it, but to comment out
Package: tor
Version: 0.1.0.15-1.0.1
Severity: important
Tor dies silently, sometimes at startup, sometimes after a few seconds
or minutes of using it. This started after upgrading to 0.1.0.15-1.0.1.
I can provide a core dump, how should I send it? Gzip + attach?
-- System Information:
Debian Re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
I just realized there are already (inofficial) rkhunter packages. It
took some time to find them, so you may have missed them, too.
http://julien.valroff.free.fr/#main
or
http://kirya.net/~julien/wiki/doku.php?id=freesoftware:debianpackages
Ju
Distribution: Debian 3.1
Package: gftp
Severity: normal
Version: GNOME2.8.1 2.0.18
Gnome-Distributor: Debian
Synopsis: gtfp chmod function broken in gftp 2.0.18rc1
Bugzilla-Product: gftp
Bugzilla-Component: general
Bugzilla-Version: 2.0.18
Description:
Description of Problem:
It's impossible to chm
91 matches
Mail list logo
