Hi,
> Your package still depends on the old, obsolete PCRE3[0] libraries
> (i.e. libpcre3-dev).
Thanks for the report. Indeed there's work ongoing upstream to fix this.
I'm monitoring this and we hope to get a working version well in time for
trixie.
Kind regards,
Thijs
Dear Abhishek,
On Sun, October 10, 2021 04:46, Abhishek Deshpande wrote:
> recent changes in filenames, and locations. For example, the READ_ME!.gz
> file that has the licensing terms of font files themselves,
> does not exist in recent package versions.
Thanks for reporting. The file does in fac
-0.14.2/debian/changelog 2022-12-06
15:39:13.0 +
@@ -1,3 +1,10 @@
+libapache2-mod-auth-mellon (0.14.2-1+deb10u1) buster; urgency=high
+
+ * Upload to fix security issues:
+- Open redirect in logout endpoint (CVE-2019-13038 CVE-2021-3639)
+
+ -- Thijs Kinkhorst Tue, 06 Dec 2022 15:39
20:12:37.0 +0100
@@ -1,3 +1,10 @@
+libapache2-mod-auth-mellon (0.17.0-1+deb11u1) bullseye; urgency=medium
+
+ * Upload to fix security issue:
+- Open redirect in logout endpoint (CVE-2021-3639)
+
+ -- Thijs Kinkhorst Tue, 06 Dec 2022 20:12:37 +0100
+
libapache2-mod-auth-mellon
abase file was > 1 GB in size while after vacuum only
a 1 M remained, so it really was growing way to large.
The attached patch installs a weekly cronjob to perform the vacuum.
I've also submitted it as a merge request on salsa.
Kind regards,
Thijs Kinkhorst
diff -Nru fail2ban-0.11.2/d
Hi Salvatore,
> CVE-2021-3639[0]:
> | Prevent redirect to URLs that begin with '///'
I have a fixed package prepared and tested for sid but can only upload
this next week when I return from holiday.
I consider this (open redirect in general) a minor issue so I don't think
it's needed to expediat
Hi Chris,
On Thu, March 25, 2021 02:42, Chris Hofstaedtler wrote:
> Source: cpqarrayd
> Version: 2.3.6
> Severity: serious
>
> Linux upstream has removed the "cciss" driver in 4.14-rc1. cpqarrayd
> needs the cciss driver to function.
>
> I imagine we shouldn't ship software that did not work with
Package: ftp.debian.org
Severity: normal
Dear FTP-masters,
Please remove cpqarrayd from unstable.
As noted in #985859, the Linux kernel driver it needs has been removed
from the upstream kernel. The package has also been orphaned for 3 years
with no activity since.
Kind regards,
Thijs
severity 939763 serious
thanks
Hi,
Salvatore Bonaccorso wrote:
> Is sphinxsearch still of use or should it be removed from unstable and
> not included in bullseye?
I'm raising this to serious because I think the situation of the
sphinxsearch package is not good and we would need to explicitly wa
Hi Michael,
On Wed, June 17, 2020 22:48, Michael Biebl wrote:
> Systemd itself does indeed search /usr/lib/systemd/system . Our
> internal/Debian tooling though
> (dh_installsystemd/invoke-rc.d/service/...) currently only handles files
> from /lib/systemd (mostly for historical reasons where a /us
Package: systemd
Version: 245.6-1
Severity: normal
Hi,
This is the output of 'systemd-analyze unit-paths' on my system:
# systemd-analyze unit-paths
/etc/systemd/system.control
/run/systemd/system.control
/run/systemd/transient
/run/systemd/generator.early
/etc/systemd/system
/etc/systemd/system
Package: rst2pdf
Version: 0.93-7
Severity: serious
Hi,
rst2pdf calls fc-match in findfonts.py, but does not list a dependency
on fontconfig. If you don't have it installed, building the document
will succeed but the document itself is empty.
Cheers,
Thijs
Hi Laurence,
Thanks for the feedback.
On Fri, July 6, 2018 12:47, Laurence Alexander Hurst wrote:
>* What led up to the situation?
> I've been asked to install this on a business system, so was trying to
> find licence terms for the fonts to see if I can, legally, before
> proceeding. The co
On Tue, April 21, 2020 18:02, Andrew Hodgson wrote:
> Thijs Kinkhorst wrote:
>>On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
>>> Package: src:mailman
>>> Version: 1:2.1.29-1
>>> Severity: serious
>>> Justification: Policy 2.2.1
>>>
>
Hi,
On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
> Package: src:mailman
> Version: 1:2.1.29-1
> Severity: serious
> Justification: Policy 2.2.1
>
> This package Depends/Build-Depends on python-dnspython which is an NBS
> cruft package. Please update your package to use python3-dnspython, w
Package: liblasso3
Version: 2.6.0-2+b2
Severity: important
Tags: fixed-upstream
Hi,
We're using lasso with libapache2-mod-auth-mellon and it crashes every
time an IdP sends a (valid) AuthnContextDecl.
This has been fixed meanwhile upstream, which I've verified solves the
problem: https://dev.ent
=medium
+
+ * Fix incompatibility with PHP 7.3 (closes: #944820).
+
+ -- Thijs Kinkhorst Mon, 16 Dec 2019 14:15:00 +0100
+
simplesamlphp (1.16.3-1+deb10u1) buster-security; urgency=high
* Fix security issue CVE-2019-3465.
diff -Nru simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73
Hoi Jorn,
> When SimpleSAMLphp consumes an assertion, it will fail and log the
> following:
Can you confirm that this update fixes the problem for you?
https://people.debian.org/~thijs/ssp/
Cheers,
Thijs
ivate*/*'` to cron job to prevent
+breaking systemd services that have PrivateTmp=true (closes: #881725).
+
+ -- Thijs Kinkhorst Mon, 16 Sep 2019 09:39:51 +0200
+
tmpreaper (1.6.13+nmu1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru tmpre
on-maintainer upload with maintainer approval.
+ * Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent
+breaking systemd services that have PrivateTmp=true (closes: #881725).
+
+ -- Thijs Kinkhorst Mon, 16 Sep 2019 07:15:24 +
+
tmpreaper (1.6.14) unstable; urgency=me
angeLog 2019-09-06 13:20:49.0 +
@@ -1,3 +1,11 @@
+tmpreaper (1.6.14+nmu1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent
+breaking systemd services that have PrivateTmp=true (closes: #881725).
+
+
On Wed, May 22, 2019 17:21, Frederic Peters wrote:
> Hi Thijs,
>
>> >> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
>> >> and I was in the believe that I had installed it. But when checking,
>> >> I'm still running 2.5.0-5+b1. Spooky
>>
>> > I'll see about uploading 2.6.0 t
Hi Frederic,
>> I would have been OK to have 2.6.0 of liblasso3 in stretch backports,
>> and I was in the believe that I had installed it. But when checking,
>> I'm still running 2.5.0-5+b1. Spooky
> I'll see about uploading 2.6.0 to backports.
That would be great. I have a backport of libapache
Source: dbconfig-common
Version: 2.0.11
Severity: minor
Version reporting in the usage message relies on SVN keywords which are
not interpolated (anymore):
dbconfig-load-include v$
copyright (c) 2005 sean finney
On Sat, March 23, 2019 16:56, Jonathan Wiltshire wrote:
> On Sat, Mar 23, 2019 at 03:00:06PM +0100, Thijs Kinkhorst wrote:
>> Please unblock package libapache2-mod-auth-mellon
>>
>> The upload contains fixes for two security issues, it is a new
>> upstream tha
000
@@ -1,3 +1,11 @@
+libapache2-mod-auth-mellon (0.14.2-1) unstable; urgency=high
+
+ * New upstream security release. (closes: #925197)
+- Auth bypass when used with reverse proxy [CVE-2019-3878]
+- Open redirect vulnerability in logout [CVE-2019-3877]
+
+ -- Thijs Kinkhorst Fri, 22 Mar 2
Package: iptables
Version: 1.8.1-2
Severity: important
Hi,
With iptables in sid, When specifying a rule for "0.0.0.0/8", it gets
added to the ruleset as "0.0.0.0/0". This broke things at my
systems since the latter means "anywhere".
The problem can be reproduced as follows:
# iptables -A OUTPU
On Wed, June 15, 2016 14:32, Ian Jackson wrote:
> Package: mailman
> Version: 1:2.1.18-2
>
> In (at least some) previous versions of the Debian mailman package,
> the regular tasks were done by dropping files into /etc/cron.monthly/
> and so on.
This has not been the case since at least 2006, like
On Wed, May 30, 2018 20:22, Michael Shuler wrote:
> On 05/30/2018 12:46 PM, Sebastian Andrzej Siewior wrote:
>>
>> I've read about this bug (and the other one) on d-devel. I uploaded
>> recently a new version of openssl to unstable (1.1.0h-3)which changes
>> the exit code of "openssl rehash" to zer
Package: ftp.debian.org
Severity: normal
Hi,
Please remove the following package from unstable:
iprint - Trivial command-line integer print utility
The package is indeed trivial and the functionality is available
in many other ways. The contents of the package have not been
updated or changed si
Package: wnpp
Severity: normal
The cpqarrayd package has been orphaned.
Both current maintainers do not use it anymore.
It provides support for specific HP hardware array controllers.
The package description is:
cpqarrayd is a userspace monitoring daemon for HP (Compaq) SmartArray
hardware RA
Package: release-notes
Severity: normal
Tags: patch buster
Hi,
I'd like to add the following to the "package-specific-issues" section
in issues.dbk of the Buster release notes. It describes the new mailman3
package since buster and the expectations for the mailman 2.x release.
Mailman ver
tags 893957 upstream
forwarded 893957 https://github.com/UNINETT/mod_auth_mellon/pull/172
severity 893957 wishlist
thanks
Hi Philipp,
On Sat, March 24, 2018 14:04, Philipp Kolmann wrote:
> to create the certificate and the metadata for the Service Provider, there
> is a shell script that helps th
On Tue, May 29, 2018 23:08, Moritz Muehlenhoff wrote:
> On Sat, Oct 14, 2017 at 08:03:27AM +0200, Thijs Kinkhorst wrote:
>> Hi,
>>
>> On Thu, October 12, 2017 23:44, Sebastian Andrzej Siewior wrote:
>> > this is a remainder about the openssl transition [0]. We
On Wed, April 25, 2018 15:57, Geert Stappers wrote:
> Control: tag -1 patch
>
> Hi,
>
> FWIW I also needed the patch describe
> in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669813#41
>
> So now tagging this BR with 'patch'
This specific configuration change has been made since Stretch (1:2
On Sat, April 7, 2018 20:51, Uwe Kleine-König wrote:
> Hallo Thijs,
>
> On Wed, Feb 07, 2018 at 09:27:06AM +0100, Thijs Kinkhorst wrote:
>> On Mon, February 5, 2018 09:50, Chris Lamb wrote:
>> > Whilst working on the Reproducible Builds effort [0], we noticed
>> >
On Sun, February 25, 2018 12:13, Luke Kenneth Casson Leighton wrote:
> apologies, after downloading the source i noted that the debian/rules
> file lists several HTTP servers, and that apache2 is the "default if
> none are installed".
>
> i actually *had* nginx installed... but because of the diffi
On Mon, February 5, 2018 09:50, Chris Lamb wrote:
> Whilst working on the Reproducible Builds effort [0], we noticed
> that mailman could not be built reproducibly as it includes
> a time/timezone/locale-varying timestamp .
Thanks! Applied and will be part of the next upload.
Cheers,
Thijs
>> I plan to release Mailman 2.1.26 along with a patch for older releases
>> to fix this issue on Feb 4, 2018. At that time, full details of the
>> vulnerability will be public.
I've reserved time on Sunday to in any case to sid when the fix is
released, and depending on the details/severity look
On Fri, January 12, 2018 10:24, Raphael Hertzog wrote:
> Hi,
>
> On Tue, 09 Jan 2018, Brian May wrote:
>> Raphael Hertzog writes:
>>
>> > I think this mail went through the cracks as we haven't received a
>> reply
>> > from you so far. Can you let us know the status and whether we can
>> help to
>
Hi Brian,
> Currently getting this error building the latest version - as in the
> Debian git package.
>
> Possibly this is because we depend on a package that needs updating -
> mostly likely mkdocs or jinja2 - but wonder which one? Maybe we should
> just update both anyway.
We're half a year o
On Sun, January 7, 2018 13:36, Thijs Kinkhorst wrote:
> On Sun, January 7, 2018 13:25, Rene Engelhard wrote:
>> Hi,
>>
>> On Sun, Jan 07, 2018 at 01:18:17PM +0100, Thijs Kinkhorst wrote:
>>> On Sun, January 7, 2018 12:36, Rene Engelhard wrote:
>>> > sinc
On Sun, January 7, 2018 13:25, Rene Engelhard wrote:
> Hi,
>
> On Sun, Jan 07, 2018 at 01:18:17PM +0100, Thijs Kinkhorst wrote:
>> On Sun, January 7, 2018 12:36, Rene Engelhard wrote:
>> > since this is now on salsa in the Debian group (aka collab-maint) I
>
Hi Rene,
On Sun, January 7, 2018 12:36, Rene Engelhard wrote:
> since this is now on salsa in the Debian group (aka collab-maint) I went
> forward and did
>
> https://salsa.debian.org/debian/dutch/commit/2d67054bebd5324eafb2ff24f56ad63d8e0de99d
Great! That was actually my next step :-)
Can this
Hi,
On Thu, October 12, 2017 23:44, Sebastian Andrzej Siewior wrote:
> this is a remainder about the openssl transition [0]. We really want to
> remove libssl1.0-dev from unstable for Buster. I will raise the severity
> of this bug to serious in a month. Please react before that happens.
Thanks,
dependencies in SpamAssassin.py (Closes: #838288).
+Thanks Stephen Rothwell for the patch.
+
+ -- Thijs Kinkhorst Thu, 14 Sep 2017 12:23:04 +0200
+
mailman (1:2.1.23-1) unstable; urgency=medium
* New upstream release.
diff -Nru mailman-2.1.23/debian/contrib/SpamAssassin.py
mailman-2.1.23/debian
On Mon, September 11, 2017 18:24, Pierre-Elliott Bécue wrote:
> Well, I asked on pkg-mailman-hackers to be added to the project on alioth
> one month ago, and for now I didn't get any answer. Would you accept to
> add me on it and maybe give me administration ACLs so I can add other
> developers th
On Mon, September 11, 2017 12:10, Pierre-Elliott Bécue wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Pierre-Elliott Bécue
>
> * Package name: mailman3-django
> Version : 1.1.0
> Upstream Author : Aurélien Bompard
> * URL : http://list.org/
> * License
Package: ftp.debian.org
Severity: normal
Hi,
Please remove ttytter from unstable.
Upstream has abandoned the project and it is now unmaintained.
An alternative is now in Debian, oystter. It is not a drop-in
replacement so it does not Replace the old package.
Thanks,
Thijs
Hi all,
On Sat, September 2, 2017 18:10, fl...@florz.net wrote:
> Control: tags 838288 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for mailman (versioned as 1:2.1.23-1.1) and
> uploaded it to DELAYED/14. Please feel free to tell me if I
> should delay it longer.
Thanks for the help. I
forcemerge 838288 873505
thanks
On Wed, August 30, 2017 00:58, Pete Donnell wrote:
> Apologies, turns out that this is a duplicate of
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838288
>
> Applying the patch included there fixed it.
Thanks for the extra confirmation.
I've uploaded a fixe
On Wed, August 30, 2017 21:54, Kurt Roeckx wrote:
> It seems that libreoffice-dictionaries started shipping an
> hunspell-nl package at some point and it's actually providing an
> older version of the dictionaries.
>
> I've talked to Rene about this, and he agreed we could take over
> this package.
Hi Thorsten,
On Sat, August 26, 2017 16:44, Thorsten Alteholz wrote:
> Hi,
>
> I just wanted to tell everybody that oysttyer just entered unstable.
>
> Thorsten
Thanks!
Do you think it would be useful if oysttyer would also provide a
transitional package ttytter, or should we remove ttytter wh
Package: wnpp
Severity: normal
I no longer have an interest in maintaining TTYtter.
Anyone taking over this package should probably migrate it to the
active upstream Oystttyer, see #818968
Cheers,
Thijs
severity 818968 serious
thanks
On Tue, March 22, 2016 13:32, Cord Beermann wrote:
> Looks like ttytter has been abandoned. [1]
> But there is an endorsed replacement: Oysttyer [2]
I no longer have an interest in maintaining ttytter, so I'm orphaning the
package.
Of course I hope someone will pic
session transfer vulnerability [CVE-2017-6807].
+
+ -- Thijs Kinkhorst Mon, 13 Mar 2017 13:06:19 +
+
libapache2-mod-auth-mellon (0.12.0-1) unstable; urgency=high
* New upstream release.
diff -Nru
libapache2-mod-auth-mellon-0.12.0/debian/patches/01_logout_segfault.patch
libapache2-mod-auth
Package: ftp.debian.org
Severity: normal
Hi,
Please remove squirrelmail from experimental.
The package has been removed from sid as per #846069.
The version in experimental is nearly 10 years old.
Thanks,
Thijs
loses: #849626).
+
+ -- Thijs Kinkhorst Wed, 04 Jan 2017 16:31:03 +
+
libphp-swiftmailer (5.4.2-1) unstable; urgency=medium
* Imported Upstream version 5.4.2
diff -Nru libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE-2016-10074.patch libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE
ibphp-phpmailer (5.2.14+dfsg-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix regression in previous update: remove check for
+Sendmail binary, upstream commit ed4e7ce8.
+
+ -- Thijs Kinkhorst Mon, 02 Jan 2017 14:21:27 +
+
libphp-phpmailer (5.2.14+dfs
10045): apply commits
+4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
+
+ -- Thijs Kinkhorst Fri, 30 Dec 2016 11:22:28 +
+
libphp-phpmailer (5.2.14+dfsg-2) unstable; urgency=medium
* Team upload
diff -Nru libphp-phpmailer-5.2.14+dfsg/debian/patches/0002-Fix-CVE-2016-10033-CVE
On Mon, November 28, 2016 15:19, Scott Kitterman wrote:
> On Monday, November 28, 2016 02:45:29 PM OndÅej Surý wrote:
>> according to the upstream, the SVN snapshot is supposed to support PHP
>> 7.0, but it seems to be untested even by upstream (well, that's what I
>> am reading on the mailing li
On Mon, November 28, 2016 13:56, Scott Kitterman wrote:
> On Sun, 13 Nov 2016 18:31:48 +0100 Thijs Kinkhorst
> wrote:
>> Package: squirrelmail
>> Severity: serious
>>
>> SquirrelMail has been missing from Stretch for a while now and I intend
>> to leave it th
Hi Philipp,
On Wed, November 23, 2016 17:17, Philipp Kern wrote:
> Source: ca-certificates
> Tags: patch,d-i
> X-Debbugs-Cc: ma...@debian.org, debian-b...@lists.debian.org
>
> In an effort to make HTTPS usable in the installer (e.g. to fetch
> preseed, authorized_keys files, or packages) ca-certif
On Sat, November 19, 2016 07:25, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-mellon-dummy : Depends:
>> liblasso3-dev (>= 2.1.0) but it is not going to be installed
>> E: Unable to correct problems, you have held broken packa
On Sat, November 19, 2016 07:24, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-cas-dummy : Depends:
>> libssl-dev but it is not going to be installed
>> E: Unable to correct problems, you have held broken packages.
>> apt-get f
Package: squirrelmail
Severity: serious
SquirrelMail has been missing from Stretch for a while now and I intend
to leave it that way. This bug is to document this explicit choice (and
room for any concerns).
Upstream (of which I'm, at least on paper) part, has not made any new
release of Squirrel
Hi Jakub,
On Wed, March 9, 2016 11:50, Jakub Wilk wrote:
> * Arno Töll , 2015-08-21, 11:13:
>>The fix would be, to raise this Lintian error only if a package depends
>>on apache2-bin but not on apache2-api-MMNN.
>
> There's already separate tag for missing apache2-api-* dep:
> apache2-module-d
On Wed, October 12, 2016 17:37, Jan Niehusmann wrote:
> On Wed, Oct 12, 2016 at 03:21:13PM +0200, Jan Niehusmann wrote:
>> May it be that either needrestart or systemd calls the stop and start
>> rules directly, instead of using the restart rule?
>
> It looks like the way systemd calls the init scr
On Mon, April 18, 2016 08:16, Bernhard Schmidt wrote:
> Package: mailman
> Version: 1:2.1.20-1
> Severity: wishlist
>
> Hi,
>
> Mailman 2.1.21 and 2.1.22 have been released. They contain some DMARC
> fixes
> and the translations, especially the German translation, have been
> improved
> a lot.
>
>
Version: 1:2.1.20-1
On Tue, January 19, 2016 18:37, David Magda wrote:
> Package: mailman
> Version: 1:2.1.18-2
> Severity: important
>
> The current copy of /etc/mailman/apache.conf in the mailmain package
> has configuration items that are for Apache 2.2. For example:
Thanks. This has been fixe
On Thu, March 17, 2016 16:08, martin f krafft wrote:
> What's the status of mailman3 for Debian? Has there been any work
> done, and if so, where?
I believe that's tracked in the WNPP bug #799292 (although it doesn't have
very recent updates at the time of writing).
Cheers,
Thijs
Package: composer
Version: 1.0.0-1
Severity: wishlist
Hi,
Installing composer by default also pulls in mercurial because it's in
Recommends. I personally doubt that the amount of mercurial use justifies
pulling it in by default (and e.g. not svn). I'd say it could be better
moved to Suggests.
C
Hi Frederic,
> Severity: serious
> Setting up php5-lasso (2.5.0-3) ...
> /var/lib/dpkg/info/php5-lasso.postinst: 4: /var/lib/dpkg/info/php5-
> lasso.postinst: php5enmod: not found
> dpkg: error processing package php5-lasso (--configure):
> subprocess installed post-installation script retur
Hi,
On Fri, 21 Aug 2015 10:19:06 -0700, Russ Allbery wrote:
> > we agreed that we should change Lintian to accommodate these
> > changes. The fix would be, to raise this Lintian error only if a package
> > depends on apache2-bin but not on apache2-api-MMNN.
>
> Ah, yes, that would work.
So, a
On Sat, January 16, 2016 22:15, Robert Edmonds wrote:
> Axel Beckert wrote:
>> So why was the CA then removed already if debconf.org still uses this
>> CA? https://www.debconf.org/ is now reported as broken.
>
> Hi,
>
> If you examine the certificate served by www.debconf.org:443, it has a
> common
On Thu, January 14, 2016 15:49, Christoph Anton Mitterer wrote:
> You probably know about this already, but just in case not:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034679.html
Thanks for reporting.
The security team is indeed aware and a DSA is in preparation.
Cheers
Package: websvn
Severity: serious
I propose to remove websvn from Debian.
The package is unmaintained with last maintainer upload in 2011. There was also
no response to a security issues which I fixed in an NMU one year ago. I then
noticed and reported several packaging issues which have gone una
On Tue, December 22, 2015 01:15, Christoph Anton Mitterer wrote:
> Control: tags -1 + wontfix
>
> On Mon, 2015-12-21 at 10:23 +0100, Thijs Kinkhorst wrote:
>> Such polarizing comments are not welcome and do not serve to improve
>> Debian. I'm closing the bug now.
> I
On Mon, December 21, 2015 13:14, Rob Stradling wrote:
> I just noticed that ca-certificates/20151214 addresses this request, so
> I guess you can close this bug as a duplicate.
>
> ca-certificates/20151214 doesn't currently show up when I search for
> "ca-certificates" on packages.debian.org. That
fixed 808600 20151214
tags 808600 wheezy jessie
thanks
Hi Rob,
On Mon, December 21, 2015 12:57, Rob Stradling wrote:
> Package: ca-certificates
> Version: 20150426
>
> Please sync the latest additions/removals from Mozilla's NSS
> certdata.txt file.
>
> Comodo have recently removed our "UTN - DAT
On Mon, August 31, 2015 07:46, Niels Thykier wrote:
> On 2015-08-30 20:28, Axel Beckert wrote:
>> Hi,
>>
>> Niels Thykier wrote:
Moreover minified js is a security risk so removing tag is not really
an option
>>>
>>> The bug is not about removing the tag, it is about the amount of times
>
Package: nm.debian.org
Severity: minor
Tags: patch
Attached patch fixes the missing url part of this email text:
> The mailbox with everything so far can be downloaded at:
> /am/mail-archive/username
>From dd0b9ed3df0cb4b124f4ee59af344e291f55bbc6 Mon Sep 17 00:00:00 2001
From: Thijs
On Thu, July 30, 2015 01:01, Nick Adams wrote:
> The metapackage `php5` has a number of options to supply php but
> php5-cli is not one of those. On a host that doesn't require a web
> server, this metapackage seems to require that one be installed.
>
> Adding php5-cli to the php5 package dependenc
On Sun, June 14, 2015 23:57, brian m. carlson wrote:
> I'm marking this bug as security in case the Security Team wants to
> issue an advisory, although I suspect they will not (or I would have
> notified them directly).
Agreed that although good to fix, this is not something for an advisory.
Ch
On Mon, June 8, 2015 09:34, Wouter Verhelst wrote:
> On Mon, Jun 08, 2015 at 09:16:44AM +0200, Thorsten Glaser wrote:
>> On Sun, 7 Jun 2015, Wouter Verhelst wrote:
>>
>> > > Actually, the traceback says what's happening is CookHeaders is
>> trying
>> > > to create the List-Id: header to be added to
Hoi Wouter,
I got some questions back from upstream, can you help?
Actually, the traceback says what's happening is CookHeaders is trying
to create the List-Id: header to be added to the message.
It tries to create a header of the form:
List-Id: list description
And the exception occurs when
severity 785642 important
thanks
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
> I received a message from one of my list admins that he couldn't send a
> mail to his list. Investigating turned up the following in
> /var/log/mailman/error:
>
> May 17 15:32:20 2015 (981) Uncaught runner except
On Thu, May 21, 2015 20:20, Carlos Carvalho wrote:
> Package: squirrelmail
> Version: 2:1.4.23~svn20120406-2
> Severity: grave
>
> Below is a message that doesn't display in squirrelmail; Its single line
> doesn't appear. When clicking "reply" it appears quoted, as it should.
Thanks. I've committe
On Mon, May 18, 2015 19:18, Wouter Verhelst wrote:
> Package: mailman
> Version: 1:2.1.18-2
> Severity: grave
> Justification: causes data loss
>
> Hi,
>
> I received a message from one of my list admins that he couldn't send a
> mail to his list. Investigating turned up the following in
> /var/log
On Wed, April 29, 2015 17:29, shirish wrote:
> Package: mailman
> Version: 1:2.1.18-2
> Severity: wishlist
>
> Dear Maintainer,
> Please package mailman 3 which was released today. From the announce mail
The current Debian Mailman team has very limited resources. I heartily
invite anyone intereste
tiation. (Closes: #765649)
+
+ -- Thijs Kinkhorst Tue, 05 May 2015 13:27:06 +
+
pound (2.6-6) unstable; urgency=low
* Add options to disable SSLv2 and SSLv3.
diff -Nru pound-2.6/debian/patches/0008-disable_client_initiated_renegotiation.patch pound-2.6/debian/patches/0008-disable_client_init
Package: needrestart
Version: 2.0-2
Severity: normal
Hi,
Running needrestart after an upgrade which included a new apt version triggers
an email with the following content:
Your session on host tetraquark.soleus.nu (/dev/pts/0) is running
obsolete binaries or libraries as listed below.
Hi,
> /etc/modules contain:
>
> # Required for cinder hotplug
> acpiphp
> pci_hotplug
>
> Those modules don't exist in Jessie. This makes systemd display a
> failed unit.
We are seeing the same on our OpenStack platform when using the official
Jessie image.
It was also reported in Ubuntu at
http
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package commons-httpclient.
It fixes security issue CVE-2014-3577.
unblock commons-httpclient/3.1-11
Cheers,
Thijs
diff -Nru commons-httpclient-3.1/debian/ant.properties c
Hi Emmanuel,
On 24.03.2015 12:30, Emmanuel Bourg wrote:
> I don't think this is a good idea. commons-httpclient is a very popular
> library, even in its older incarnation. Removing it could make it harder
> to bring new libraries or applications to Debian.
This could be the case, however, the pac
Hi,
Since the last maintainer upload was well over three years ago and there have
been several unacknowledged NMU's since then, I've taken the liberty to upload
Markus' good work as-is to unstable to fix this security issue for jessie.
Cheers,
Thijs
signature.asc
Description: This is a digit
ues
+ fixed in SVG filtering to prevent XSS and protect viewer's
+ privacy.
+
+ -- Thijs Kinkhorst Mon, 06 Apr 2015 16:53:54 +
+
mediawiki (1:1.19.20+dfsg-2.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru mediawiki-1.19.20+dfsg/debian/patches/security_1.19.24.
installations which use an Exim or Postfix transport
+instead of fixed aliases; attacker needs to be able to place
+files on the local filesystem.
+(CVE-2015-2775, Closes: 781626)
+
+ -- Thijs Kinkhorst Mon, 06 Apr 2015 15:36:15 +
+
mailman (1:2.1.18-1) unstable; urgency=medium
* New
Index: en/whats-new.dbk
===
--- en/whats-new.dbk (revision 10679)
+++ en/whats-new.dbk (working copy)
@@ -480,6 +480,15 @@
hardening-wrapper can
provide a gcc with these flags enabled.
+
+ New in this release is the
+ need
Package: release-notes
Severity: wishlist
Tags: patch
Hi,
Please see attached patch to mention the needrestart package in the Security
section.
Cheers,
Thijs
needrestart.patch
Description: inode/empty
1 - 100 of 2643 matches
Mail list logo