Package: okular
Version: 4:4.8.4-2
Severity: important
Dear Maintainer,
With recent Wheezy packages (not sure exactly which), the search
function in Okular consistently fails. The waiting spinning cursor
shows and the search never completes, nor finding any match nor
reporting search failure. How
Package: cdbs
Version: 0.4.105
Severity: normal
Hello,
The autotools rules in cdbs set libexecdir to /usr/lib/$pkg instead of
simply /usr/lib. As a consequence pkglibexecdir becomes
/usr/lib/$pkg/$pkg.
libexecdir and libdir are supposed to be identical in Debian.
See also http://bugs.deb
Package: mingw-w64-dev
Version: 2.0~rc1-1
Severity: normal
File: /usr/i686-w64-mingw32/include/d2d1.h
Tags: upstream patch
Hello,
There are two typing mistakes in that render the file unusable
for inclusion. Patch atteched.
-- System Information:
Debian Release: wheezy/sid
APT prefers uns
Package: nettle-dev
Version: 2.1-2
Severity: wishlist
Tags: upstream
Hello,
nettle-dev does not provide a .pc file for use with pkg-config. This
would be much more convenient to detect the development package from
autotools and friends.
Best regards,
-- System Information:
Debian Relea
Package: vlc-nox
Version: 1.1.10-1+b1
Severity: grave
Tags: security upstream
Justification: user security hole
See upstream advisory for details:
http://www.videolan.org/security/sa1106.html
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (100, 'unstable')
Package: vlc-nox
Version: 1.1.10-1+b1
Severity: grave
Tags: security upstream
Justification: user security hole
See upstream advisory for details:
http://www.videolan.org/security/sa1105.html
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (100, 'unstable')
Package: libfuse-dev
Version: 2.8.4-1.4
Severity: minor
Hello,
Some of the example codes in libfuse-dev depend on "fioc.h" which is
nowhere to be found. The examples are thus unusable as is.
Best regards,
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT po
Package: libmodplug1
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hello,
As the security contact for VLC media player, this was brought to my
attention: http://www.exploit-db.com/exploits/17222/
I can confirm the bug happens, but I have
Package: libmodplug
Version: 1:0.8.8.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hello,
An exploitable memory corruption vulnerability has been publicized
against libmodplug 0.8.8.1:
http://seclists.org/fulldisclosure/2011/Apr/113
Upstream version 0.8.8
Package: gcc-4.6
Version: 4.6.0-1
Severity: grave
Justification: renders package unusable
Hello,
Trying to compile VLC media player using Debian gcc-4.6.
It turns out that the compiler is silently replacing memmove() calls
with memcpy() ones, when it is clearly NOT a legal optimization.
Package: libebml0
Version: 0.7.7-3.1
Severity: minor
Hello,
The libebml0 binary package creates /usr/include. As a run-time package
it should probably not do that. And indeed, it does not hold any file
in that directory.
Regards,
-- System Information:
Debian Release: wheezy/sid
APT
Package: wnpp
Severity: normal
I request an adopter for the pax-utils package.
This package is NOT to be confused with GNU paxutils.
The package description is:
This is a small set of various PaX aware and related utilities for ELF
binaries. It can check ELF binary files and running processes
Package: vlc-nox
Version: 1.1.1-1
Severity: important
Tags: upstream patch security
Hello,
VLC fails to perform sufficient input validation when trying to extract some
meta-informations about input media through ID3v2 tags. In the failure case,
VLC attempt dereference an invalid memory addr
Package: libmodplug0c2
Version: 1:0.8.8-2
Severity: important
Tags: upstream
Hello,
libmodplug0c2 0.8.8 makes playback of MOD files completely silent with
vlc from Debian. Downgrading to libmodplug0c2 0.8.7-1 works around the
problem.
-- System Information:
Debian Release: squeeze/sid
A
Package: libkio5
Version: 4:4.4.3-1
Severity: normal
Tags: upstream
Hello,
libkio5 appears to register a buggy exit handler.
This triggers a crash after VLC returns from its main(),
if and only if the Open file dialog has been shown.
libkio is loaded by KDE dialog plugins for libQt4Gui,
Package: kdelibs5
Version: 4:4.4.3-1
Severity: grave
Justification: renders package unusable
Hello,
After upgrading to KDE 4.4 from Sid, login from KDM just return a wallpaper and
a mouse. The KDE startup progress bar is never shown. Nothing ever happens.
Invoking startx from the text m
Package: libc6-dev
Version: 2.10.2-6
Severity: wishlist
Tags: upstream
Hello,
The current glibc implementation of dlerror() calls strerror(). The
current implementation of strerror() is not thread-safe. While this
is allowed by POSIX, this is quite inconvenient for thread-safe programs
o
Package: liblivemedia-dev
Version: 2010.02.10-1
Severity: serious
Justification: Policy 2.3
Hello,
The liblivemedia-dev packages applies a patch explicitly licensed under
the GPL. In my understanding, this makes the resulting binaries GPL.
Yet the copyright file claims Debian provides t
Package: manpages-fr-extra
Version: 20090906
Severity: normal
Hello,
Accentuated characters in /usr/share/man/fr/man1/rand.1SSL.gz
(man 1 rand) are incorrectly encoded. It seems the file has been
transcoded from Latin-1 to UTF-8 *twice*.
Best regards,
-- System Information:
Debian Rele
Package: xdg-utils
Version: 1.0.2-6.1
Severity: important
Hello,
xdg-screensaver as found in Debian does not inhibit the KDE desktop
screensaver (which uses the FreeDesktop DBus API). Nothing happens,
except for the dcop error already noted in Debian bug #557104.
The current version fro
Package: wnpp
Severity: normal
Hello,
I request assistance with maintaining the miredo package.
The last update has unfortunately introduced a severe regression. That
bug was upstream, but that's hardly an excuse since I am upstream too.
In the mean time, I have lost contact of my sponsor (n
Package: mpeg2dec
Version: 0.4.1-3
Severity: important
Hello,
mpeg2dec systematically crashes at start with the default settings:
0.4.1 - by Michel Lespinasse and Aaron Holtzman
X Error of failed request: BadMatch (invalid parameter attributes)
Major opcode of failed request: 132 (
Package: clang
Version: 2.6-1
Severity: grave
Justification: renders package unusable
Hello,
Debian clang's defines MB_LEN_MAX to 1.
Debian eglibc insists on MB_LEN_MAX being equal to 16
(/usr/include/bits/stdlib.h:89). Otherwise it fails explicitly into
an #error.
Regardless of eglib
Package: vlc-nox
Version: 1.0.4-1
Severity: normal
Hello,
Since version 1.0.4-1, the hotkeys plugin is part of vlc instead of
vlc-nox. This is quite unfortunate as the command line interface (rvlc)
does use hotkeys (with the key command) too, not just the X11 UIs.
-- System Information:
Deb
Package: vlc
Version: 1.0.4-1
Severity: normal
Hello,
Upgrading vlc and vlc-nox from 1.0.3-1 to 1.0.4-1 fails as the hotkeys
plugin has changed from the latter package to the former.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (100, 'unstable')
Arc
Package: xdg-utils
Version: 1.0.2-6.1
Severity: minor
File: /usr/bin/xdg-screensaver
Hello,
With Debian KDE 4.3, xdg-screensaver keeps complaining that dcop is not
present. In my understanding, this is a normal situation with KDE 4, so
it should not print an error.
Best regards,
-- Sys
Package: libc6-i686
Version: 2.10.1-1
Severity: critical
Justification: breaks unrelated software
Hello,
With the upgrade to 2.10.1, pthread_cond_wait() fails to re-acquire the
provided mutex when acting on a deferred cancellation event from
another thread. This is seen if (and apparentl
Package: libc6-dev
Version: 2.9-27
Severity: wishlist
Hello,
Recent kernel versions introduced the O_CLOEXEC open() flag to support
setting the close-on-exec in a thread-safe manner (i.e. atomic w.r.t.
the process file descriptor table).
Unfortunately, the definition for O_CLOEXEC is on
Package: manpages-dev
Version: 3.22-1
Severity: normal
File: /usr/share/man/man3/insque.3.gz
Hello,
The manual page for insque() states that
insque(&elem, NULL);
is invalid. However, the POSIX standards and the actual glibc
implementation both explicitly allows this:
http://www.openg
Package: kdelibs5
Version: 4:4.3.2-2
Severity: important
Hello,
Since the last update, all KDE-based password prompt fields appear to
enter a busy loop when they get the focus. Pressing Enter does not work.
Clicking on the confirmation button has no effect either.
This is visible in the KDE
- Message d'origine -
> Hello,
>
> Here is a patch that adds only pthread_condattr_init/destroy,
> pthread_cond_timedwait, pthread_exit, and makes both cond_*wait abort
> instead of just returning 0.
I would expect cond_timedwait to sleep for the specified interval rather than
abort (thou
Package: libtheora-dev
Version: 1.0-2
Severity: grave
Justification: renders package unusable
Hello,
/usr/lib/libtheora.la refers to libogg.la which is nowhere to be found
among the dependencies of libtheora-dev. I gues libogg-dev stops
providing libtool archives.
This causes any attemp
Package: libxcb-randr0-dev
Version: 1.3-2
Severity: minor
Hello,
from libxcb-randr0-dev includes "render.h", which is part
of the libxcb-render0-dev package. Effectively, the Randr development
package is useless without the Render one. Hence, the former should
depend (Depends:) on the latte
Package: libxcb-shm0-dev
Version: 1.2-1
Severity: important
Hello,
It would seem that the layout of the xcb_shm_completion_event_t
structure has the segment XID swapped with the event minor/major
numbers. This breaks processing of SHM completion event pretty badly
(without an ugly work a
Package: mozilla-plugin-vlc
Version: 0.9.9a-2
Severity: important
Tags: security
Hello,
The logging Javascript API (vlc.log.*) provided by this plugin can leak
sensitive informations to third party websites. For instance, one can
enumerate the content of file system by "opening" a direct
Package: vlc
Version: 0.9.9a-2
Severity: minor
The symbolic link at /usr/share/vlc/http/.hosts leads nowhere. I assume
a dot is missing in the target path. I would expect this would leave the
HTTP interface world-writable by default, but somehow it does not?
-- System Information:
Debian Release
Package: kmail
Version: 4:4.2.2-1
Severity: grave
Tags: security
Justification: user security hole
Hello,
Contrary to that in KDE 3.5, kmail in KDE 4.2 is incapable of verifying
IMAP server credentials when TLS is used. This means that the user has
to decide between fetching mail at all
Package: konqueror
Version: 4:4.2.2-1
Severity: important
Hello,
Since upgrading from 3.5 to 4.2, Konqueror has become completely unable
to import root certificates with the certificate manager. That makes
secure connections to, e.g. Cacert.org-certified websites _impossible_.
Needless to men
Package: kwalletmanager
Version: 4:4.2.2-1
Severity: important
Hello,
Just upgraded from KDE 3.5.10 to 4.2.2 from unstable. As per my older
configuration, the KDE password widgets are printing 3 dots instead of
just 1, whenever a key is pressed.
However, this has now become horribly slow
Package: libxcb1-dev
Version: 1.1.92-0.1
Severity: wishlist
Hello,
The libxcb source includes Doxygen documentation and a plain HTML
tutorial in the doc/ directory. It would be nice to not have to have it
in libxcb-doc or whatever, besides just the source package.
Regards,
-- System Infor
Package: vlc-nox
Version: 0.8.6.h-4.1
Severity: grave
Tags: security
Justification: user security hole
Hello,
When parsing the header of an invalid CUE image file or an invalid
RealText subtitle file, stack-based buffer overflows might occur:
http://www.videolan.org/security/sa0810.html
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole
VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.
See also http://www.videolan.org/security/sa0809.html
N.
Package: libtool-doc
Version: 2.2.2-1
Severity: normal
Tags: experimental
Hello,
With libtool-doc from experimental, "info libtool" does not work
anymore. It brings up the shortened manual page instead of the info
pages.
Regards,
-- System Information:
Debian Release: lenny/sid
APT p
Package: kopete
Version: 4:3.5.9-3
Severity: wishlist
Hello,
Kopete will only try A/ DNS lookups to connect to a Jabber/XMPP
server. If the domain uses SRV records, the only way to connect is to
lookup the server manually, e.g. with dig, and hard-code it in the
Kopete configuration.
Package: kopete
Version: 4:3.5.9-3
Severity: normal
Hello,
Kopete appears to be unable to handle StartTLS for XMPP/Jabber. If the
server requires it (e.g. ovi.com), it is entirely impossible to connect
to the service. Works fine with pidgin.
-- System Information:
Debian Release: lenny/
Hello,
On Tue, 24 Jun 2008 07:51:22 +0200, Daniel Baumann <[EMAIL PROTECTED]>
wrote:
> please retry with the current version (1.5beta7+debian-1 that is), which
> I've just uploaded to sid.
Sorry, I am not using the affected connection setup anymore, cannot test
anymore.
--
Rémi Denis-Courm
Package: manpages-fr-extra
Version: 20080429
Severity: normal
Tags: l10n
Hello,
The error case EDEADLK for pthread_mutex_lock is described as the
opposite of when it actually happens.
Please check the original version.
Regards
-- System Information:
Debian Release: lenny/sid
APT pref
Package: vorbis-tools
Version: 1.2.0-1
Followup-For: Bug #239073
I have the same problem. Widening the console to 81 columns works around
the issue. Switching to another language also fixes the issue; it would
the French translation for the status string is one character too wide.
-- System Info
Package: mozilla-plugin-vlc
Version: 0.8.6.e-2.1
Severity: grave
Tags: security patch
Justification: user security hole
The "vlc" binary package part of CVE-2007-6683 has been fixed as per
#458318. However, the issue affecting the mozilla plugin as noted here:
http://mailman.videolan.org/pipermai
Package: libc6
Version: 2.7-9
Severity: normal
Tags: patch
Hello,
Rule 2 of the Destination Address Selection algorithm in RFC3484
specifies:
| Rule 2: Prefer matching scope.
| If Scope(DA) = Scope(Source(DA)) and Scope(DB) <> Scope(Source(DB)),
| then prefer DA. Similarly, if Scope(D
Package: vlc
Version: 0.8.6.c-6
Severity: grave
Tags: security
Justification: user security hole
"VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
specially crafted (invalid) MP4 input files.
If successful,
Package: libdvbpsi4-dev
Version: 0.1.5-3
Severity: important
Tags: fixed-upstream
Hello,
The dvbpsi_SDTServiceAddDescriptor API is not defined by .
As such, the compiler assumes all of its parameters are interger.
This creates incorrect (segfaulting) code on 64-bits platforms,
as the poi
Package: xml2rfc
Version: 1.32.dfsg-1
Severity: grave
Justification: renders package unusable
Hello,
Since I switched from tcl8.4 to tcl8.5 (pulled by
planetpenguin-racer-data), xml2rfc will not work at all anymore. It
simply fails with:
xml2rfc: error: can't read "counter(section)": no
tags 464261 + confirmed upstream fixed-upstream
thanks
Right.
This would be due to >= 2.6.24 linux-kernel-headers, I guess.
Upstream SVN has a patch for this.
--
Rémi
Package: libfluidsynth1
Version: 1.0.7a-1
Severity: normal
Tags: fixed-upstream
Hello,
Fluidsynth 1.0.7 leaks memory quite heavily (depending on the soundfonts
size, I guess) when it is initialized and deinitialized multiple times
from within the same process.
It would seem that upstrea
reported: it simply returns the
EINVAL back from the kernel.
The iptables manpage should mention the limitations though, and correctly.
--
Remi Denis-Courmont
http://www.simphalempin.com/home/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
to kill anyone (I hope). If someone
has a more FTP-master-friendly implementation of anything they didn't like
(MD5?), that's a possible option as well.
--
Remi Denis-Courmont
http://www.simphalempin.com/home/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
for teleport-iabg. As for the other relays, HotNIC is running
something on FreeBSD, and ConsulIntel runs miredo atop RHEL, but that's
slightly out of topic.
--
Remi Denis-Courmont
http://www.simphalempin.com/home/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
58 matches
Mail list logo
