Hi,
a test with piuparts revealed that your package uses files from
/usr/share/doc in its maintainer scripts which is a violation of
Policy 12.3: Packages must not require the existence of any files in
/usr/share/doc/ in order to function.
cp: cannot stat '/usr/share/doc/mibrfcs/*': No
tags 767611 -moreinfo
thanks
Hi,
Now dak rm only lists hurd/sparc, so libgcrypt11 can be removed:
efl: libecore-con1 [sparc]
libeet1 [sparc]
libevas1 [sparc]
libevas1-engines-x [sparc]
gnome-keyring: gnome-keyring [hurd-i386]
gvfs: gvfs-backends [hurd-i386]
libgnome-keyring:
Package: ftp.debian.org
Severity: normal
Hi,
Please remove freepops from unstable.
It has been removed from testing over a year ago with no visible action since.
It has two RC bugs filed well over a year ago without a single response.
It depends on libgcrypt11, a security-buggy obsolete
Package: ftp.debian.org
Severity: normal
Hi,
Please remove zoneminder from unstable.
It has been removed from testing 10 months ago. It has 3 open RC bugs. It
depends on the obsolete and security-buggy libgcrypt11 thereby preventing that
package from being removed.
There is some report of
notfound 779547 0.0.20120125b-1
thanks
Present since release_candidate_2013-10-28
signature.asc
Description: This is a digitally signed message part.
On Thu, February 19, 2015 10:38, Florian Schlichting wrote:
Newly released RFC 7465 [0] describes RC4 as being on the verge of
becoming practically exploitable and consequently mandates that both
servers and clients MUST NOT offer or negotiate an RC4 cipher suite, and
indeed terminate the TLS
Is there any progress on this bug?
I'm unsure what we should be doing on this bug. I think the current
description of www-data gives the most factual one: it is the one the
webserver will run as, so don't make the content writable by it.
Who else on the system gets write access, seems very
On Sat, February 21, 2015 01:32, Daniel Kahn Gillmor wrote:
Source: gnupg
Version: 1.4.18-6
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps_in_pe_binaries
I believe that the gnupg package can be made reproducible with the
attached
On Fri, February 13, 2015 16:10, Joost van Baal-IliÄ wrote:
CVE-2014-4172
php-cas problem, fixed in Debian's php-cas 1.3.3-1 and 1.3.1-4+deb7u1.
Moodle ships with unchanged phpCAS 1.3.3, see
moodle-2.7.5+dfsg/auth/cas/CAS/moodle_readme.txt Moodle can likely use the
Debian-maintained
Hi Etienne,
On Wed, February 11, 2015 00:32, Etienne MAHE wrote:
Package: ttf-mscorefonts-installer
Version: 3.6
Good day,
I cannot install the ttf-mscorefonts package. I have tried to reinstall
it several times but I get the following message :
Sourceforce (that hosts the fonts) had an
Hi Antonio,
On Mon, February 2, 2015 15:34, Antonio Terceiro wrote:
ping :)
As a heads up, we're currently preparing a upload for stable-security
where this patch will most likely be included.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
On Mon, January 26, 2015 00:16, Simon Josefsson wrote:
Thijs Kinkhorst th...@debian.org writes:
Hi,
When authentication via yubikey is triggered, the module prompts:
YubiKey for `username':
However, there's no visual feedback that characters are being input when
you press the button
Hi,
See https://github.com/librsync/librsync/issues/5 . librsync uses MD4
as part of syncing; given the low strength and size of MD4, and the
relative ease of computing collisions/preimages, that makes librsync
unsafe to use on untrusted data, such as when running a duplicity
backup.
The
arbitrary
+file access (CVE-2013-6892, Closes: #775682).
+
+ -- Thijs Kinkhorst th...@debian.org Sat, 24 Jan 2015 12:31:44 +
+
websvn (2.3.3-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru websvn-2.3.3/debian/patches/13_security_CVE-2013-6892.patch websvn-2.3.3/debian/patches
Package: libpam-yubico
Version: 2.17-2
Severity: wishlist
Hi,
When authentication via yubikey is triggered, the module prompts:
YubiKey for `username':
However, there's no visual feedback that characters are being input when
you press the button on the yubikey, so as a user you're unsure if
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package python-django.
It fixes several security issues.
The NMU seems to add a stray .orig in the source package; but I reckon
that is harmless and should not block fixing
Hi,
I've NMU'ed websvn for this security issue with attached debdiff.
Cheers,
Thijs
websvn_nmudiff.debdiff
Description: Binary data
Package: websvn
Severity: minor
Hi,
While investigating websvn I encountered some issues you may want to improve:
- Package includes a number of patches in debian/patches/ that are
obsolete and hence not in series. That confused me. Maybe remove the
patches from there?
- Still alternatively
Package: lintian
Version: 2.5.30
Severity: normal
Hi,
The 'source-is-missing' check can generate really excessive output of many
hundreds of tags when just a single source is missing. Take for example
roundcube which currently has 800+ tags which nearly all relate to tinymce
missing:
Package: websvn
Severity: serious
Tags: security patch
Hi,
James Clawson reported:
Arbitrary files with a known path can be accessed in websvn by committing a
symlink to a repository and then downloading the file (using the download
link).
An attacker must have write access to the repo, and
tags 582196 moreinfo
thanks
Hi Mike,
On Fri, May 21, 2010 03:12, Michael Gilbert wrote:
That's not a bug in the tracker, you should simply only add entries
to DSA/list which point to security problems.
i am going to work on this problem, so please don't override my
reminder without due
. As discussed at the security team meeting.
Please apply.
Thanks,
Thijs
From 22817e551a4b55c9f94bc66c027d42ab87492fdb Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst th...@kinkhorst.com
Date: Sat, 17 Jan 2015 18:26:40 +0100
Subject: [PATCH] Remove php5,memcached from limited-support
Our PHP support
Op maandag 12 januari 2015 23:03:56 schreef Stephen Kitt:
Done, I've uploaded binutils-mingw-w64 2+deb7u1 which produces
binutils-mingw-w64{,-i686,x86-64} 2.22-8+deb7u2+2+deb7u1 (ugh, that's
terrible, sorry...).
Thanks, released now.
How do you plan to handle unstable and jessie?
Cheers,
Hi ftpmaster,
Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
This is not something we do very routinely, so I'd like to confirm: if
these binNMU's are triggered for stable-security, do they still end up
On Mon, January 12, 2015 20:18, Ansgar Burchardt wrote:
Hi,
Thijs Kinkhorst th...@debian.org writes:
Op maandag 12 januari 2015 19:18:28 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 19:15 +0100, Thijs Kinkhorst wrote:
This is not something we do very routinely, so I'd like to confirm
Op maandag 12 januari 2015 08:15:39 schreef Adam D. Barratt:
On Mon, 2015-01-12 at 06:47 +0100, Stephen Kitt wrote:
binutils was recently updated in wheezy-security and wheezy-p-u to fix
a number of security issues identified in DSA-3123-1; of these, a
number concern binutils-mingw-w64 as
On Wed, January 7, 2015 18:33, Jérôme wrote:
This posting to Mailman-Users could be related:
http://www.mail-archive.com/mailman-users@python.org/msg60891.html
Indeed. The post is mine, and I reference this bug in it.
This occurred again recently, so searched once more.
Some solutions
Package: harden-doc
Severity: normal
Tags: patch
Hi,
Attached patch updates the manual to mention the more featureful 'needrestart'
tool in the section on library restarts, and removes the lsof line since
there's better alternatives (install checkrestart or needrestart; we don't
need to confuse
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package znc.
The upload adds an upstream patch that allows to disable SSL
protocols, and disables SSLv2 and SSLv3.
unblock znc/1.4-2
Thanks,
Thijs
--
To UNSUBSCRIBE,
On Thu, December 11, 2014 19:38, Niels Thykier wrote:
I have applied and committed your patch with 3 changes. These changes
are:
* In the first paragraph, avoid implying that all packages have been
compiled without SSLv3 support (as I recall, at least openssl still
have it, and given
On Mon, December 22, 2014 10:22, Friedhelm Mehnert wrote:
O.K. I know now what the problem is.
But since the maintainers obviously are not interested at all, I can't
be bothered either.
It's quite harsh to tell the volunteers that maintain this package that
we're obviously not interested at
severity 772639 important
thanks
Hi Tomoo,
On Tue, December 9, 2014 14:40, Tomoo Nomura wrote:
When login from squirrelmail to imap server, the server rejects the
request due to Unknown user or invalid password.
The reason is that squirrelmail sents incorrect password to the server.
Package: release-notes
Severity: wishlist
Tags: patch
Hi,
Attached patch renames the Hardening section to Security, adds mention
of the removed SSLv3 protocol and progress on hardened build flags.
Cheers,
Thijs
Index: en/whats-new.dbk
Package: simplesamlphp
Severity: important
PHP's XML parser has a known issue in XML canonicalization that makes the
amount of memory consumed grow with the square of the amount of entries it
processes when run on a subtree (https://bugs.php.net/bug.php?id=53655).
This is a problem for
+
@@ -1,3 +1,11 @@
+simplesamlphp (1.13.1-2) unstable; urgency=medium
+
+ * Add xmlc14n.patch fixing extreme resource consumption when processing
+large metadata files (closes: #772121).
+See: https://simplesamlphp.org/metaprocessing
+
+ -- Thijs Kinkhorst th...@debian.org Fri, 05
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
Please remove cyassl from jessie. The library has a number of open security
issues affecting the version in jessie, but has no packages actually depending
on it.
While security team
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package gnutls28. The only change is a patch from upstream
to disable the obsolete protocol SSLv3. OpenSSL in jessie also has SSLv3
disabled.
unblock gnutls28/3.3.8-5
Hi,
Could you please make an upload with only this change to sid? Then we can
ask the release team to unblock it for jessie.
It's still tagged pending. Do you need help to get this change uploaded?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Hi,
sid/jessie will be fixed, soon. But I can not take the responsibility
for backporting this patch to znc=0.206.
I've not seen movement in sid yet on this issue. Is it still on your
radar? Anything I can help with?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Package: mariadb-server-10.0
Version: 10.0.14-4
Severity: normal
Hi,
Recently I've answered a debconf queston whether I indeed want to migratie
to MariaDB (oneway_migrate). I answered positively to that question.
Hoever, whenever MariaDB is upgraded on my system, I get the question
again.
It
On Wed, November 19, 2014 18:01, Karl O. Pinc wrote:
Hi,
Any way to get the priority on this bug bumped?
The emails every 30 minutes are very annoying.
What do you mean bump the priority? The bug has been fixed early this
morning already.
Thijs
--
To UNSUBSCRIBE, email to
Hi Roland,
On Mon, November 17, 2014 10:02, Roland Stigge wrote:
On 11/16/2014 01:17 PM, Thijs Kinkhorst wrote:
Sorry, I have to change my request because I've now seen that the new
upstream release of polarssl also fixes some other security issues.
Will you be contacting the release team
On Sun, November 16, 2014 17:01, Daniel Pocock wrote:
On 16 November 2014 16:58:47 CET, Jonathan Wiltshire j...@debian.org
Did you get any responses from elsewhere to this?
Not yet, I'll follow up after the weekend. If no response, I'm happy to
NMU the one line fix to copy the missing header
Package: gnutls28
Version: 3.3.8-4
Severity: important
Tags: security
Hi,
Can SSLv3 be disabled in our GnuTLS build please?
As a reference, OpenSSL disabled this in jessie and sid:
https://packages.qa.debian.org/o/openssl/news/20141015T180434Z.html
It would be good for security and consistency
Package: cyassl
Version: 2.9.4+dfsg-3
Severity: important
Tags: security
Hi,
Can SSLv3 be disabled in cyassl please?
As a reference, OpenSSL disabled this in jessie and sid:
https://packages.qa.debian.org/o/openssl/news/20141015T180434Z.html
It would be good for security and consistency if
Hi Joachim,
openssl disabled it entirely; it features a dedicated build flag for it
(no-ssl3).
Ok, I think we can easily follow suit here. Removing code is always
simple :-)
Could you approach haskell-tls upstream for their recommendation to
disable it?
Vincent, did you consider
Package: polarssl
Version: 1.3.8-1
Severity: important
Tags: security
Hi Roland,
I see that SSLv3 has been disabled in polarssl/1.3.9-2 in sid, excellent.
However, it's really desirable to have this fix also in jessie.
Given that unstable has a new upstream release with many changes, I think
Hi Roland,
Sorry, I have to change my request because I've now seen that the new
upstream release of polarssl also fixes some other security issues.
Will you be contacting the release team for an unblock request?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Sure, I just requested commit access on Alioth to follow that path,
thanks.
Approved that request.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thu, November 13, 2014 22:49, Thomas Liske wrote:
tag 767370 upstream,fixed-upstream
thanks
Hi Thijs,
needrestart did not find any kernel images which triggers this special
bug. There was a divison by zero triggered by calculating the
progressbar length.
needrestart did not die since
Hi Noah,
I am not interested in playing bug ping-pong with the libnet-dns-perl
maintainers, though this bug lies with that package. It has already been
fixed upstream and in unstable.
No, I don't think the problem is in libnet-dns-perl but in spamassassin.
SA uses a fragile and inappropriate
severity 661020 normal
thanks
Hi,
From what I see the remote file inclusion is limited to environments with
register_globals being on though.
I've investigated this issue. The vast majority of the mentioned 'attacks'
evidently only possible through register_globals, and the one about
'create'
Hi David,
Please consider updating the French translation of GnuPG, for which I'm
the 'official' translator. There has been a few new strings since the
last update, and the 'passphrase' translation has been fixed in the
mean time.
I did not see any translation attached. Is there some
On Wed, November 12, 2014 12:55, Marco d'Itri wrote:
Can I merge this for jessie?
I'd strongly prefer if we could indeed merge this for jessie.
INN, at the moment, supports TLS connections to nnrpd, but does not
allow any configuration besides the certificate and key.
+=item Itlsprotocols
On Wed, November 12, 2014 14:29, Marco d'Itri wrote:
On Nov 12, Thijs Kinkhorst th...@debian.org wrote:
Can you remove SSLv3 from the default list?
I do not know the implications wrt clients support.
Christian, did you do any tests?
+=item Itlscompression
+Whether to enable or disable
On Wed, November 12, 2014 21:28, Thomas Liske wrote:
Could you please run needrestart (without -v) again and run `pstree -a`?
There should be debconf's frontend running as the parent process of
needrestart:
| | `-bash
| | `-frontend -w
On Mon, November 10, 2014 21:46, Thomas Liske wrote:
What can I do to help debug this?
Good question. I'm unable to reproduce it on any of my maschines nor do
I have any idea why this happens. Maybe we require some debconf guru
helping us to dig into it?
Maybe.. I'm not a debconf guru
Package: release.debian.org
Severity: important
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package file.
* Fixes a security issue, urgency set to high
* Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
Fix note bounds reading, Francisco Alonso / Red Hat
On Sat, November 8, 2014 22:25, intrigeri wrote:
I doubt it would add much value, but Jonathan's point was about
getting enough information to assess severity, so perhaps you could
tell the release team what severity you _would_ set for each of these
bugs in the Debian BTS, if they were
On Sun, November 2, 2014 12:42, Thomas Liske wrote:
Hi,
On 10/30/2014 04:59 PM, Thijs Kinkhorst wrote:
With current needrestart on jessie, after upgrading my packages I see
debconf-command like output in my terminal (SET ...) but no debconf
interface
is presented. It waits for input after
On Fri, November 7, 2014 12:52, Jonathan Wiltshire wrote:
On 2014-11-07 07:30, Thijs Kinkhorst wrote:
This is an upstream release limited to strictly bugfixes.
Are there corresponding Debian bugs so we can assess severity please?
These are the issues fixed in this release.
https://github.com
.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 27 Oct 2014 19:23:35 +
+
simplesamlphp (1.13.0-1) unstable; urgency=medium
* New upstream release.
diff -Nru simplesamlphp-1.13.0/debian/control simplesamlphp-1.13.1/debian/control
--- simplesamlphp-1.13.0/debian/control 2014-08-18 11:11:23.0
; urgency=medium
+
+ * New upstream pseudorelease.
+- Accesses OAuth API over SSL by default (Closes: #736446, #760815).
+- Addresses rate limit warning (Closes: #756960).
+
+ -- Thijs Kinkhorst th...@debian.org Thu, 30 Oct 2014 22:36:58 +0100
+
ttytter (2.1.0-1) unstable; urgency=low
On Sun, November 2, 2014 08:32, Christos Trochalakis wrote:
I have prepared a patch and I plan to merge it in a few days. SSLv3
is disabled in the http {} scope so it affects all vhosts that not
expicitly override it.
http://anonscm.debian.org/cgit/collab-maint/nginx.git/commit/?h=no-sslv3
Package: nginx
Version: 1.6.2-2
Severity: important
Hi,
Please disable the legacy SSLv3 protocol by default for installations of
nginx. It doesn't need to be disabled completely per se, but should not
be available on a default installation.
This helps to defend against the recent POODLE attack
Hi Thomas,
On Fri, October 31, 2014 12:48, Thomas Ward (Dark-Net) wrote:
fixed 1.6.2-3
thanks
Confirmed: This was done already. The commit this was done in was
this one:
http://anonscm.debian.org/cgit/collab-maint/nginx.git/commit/?id=9a4e0f0a698bee2b03b7f417ad9286e5eb22141e
Thanks.
Package: needrestart
Version: 1.2-2
Severity: normal
Hi,
With current needrestart on jessie, after upgrading my packages I see
debconf-command like output in my terminal (SET ...) but no debconf interface
is presented. It waits for input after each one, so I press enter after SET
.., then afetr
severity 766972 minor
fixed 766972 5.5.0+dfsg-1
thanks
Hi Roman,
On Mon, October 27, 2014 09:56, Roman Vasilev wrote:
Problem with phpinfo() display libjpeg version:
Actual result:
root@eurosmed ~ # php -i | grep libJPEG
libJPEG Version = unknown
After path result:
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
There is a simple one line patch available for dovecot 2.0.
Maybe a similar way exists for 1.2.
Do you have a pointer to this patch?
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
On Wed, October 15, 2014 16:30, Henrik Langos wrote:
Hi Thijs,
On 10/15/14 14:26, Thijs Kinkhorst wrote:
On Wed, October 15, 2014 14:07, Henrik Langos wrote:
There is a simple one line patch available for dovecot 2.0.
Maybe a similar way exists for 1.2.
Do you have a pointer to this patch
Package: apache2
Version: 2.4.10-5
Severity: wishlist
Hi,
The shipped mods-available/ssl.conf now contains:
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
I propose to
Hi Paul,
Installing tmpreaper gives you the debconf question about security. The
action to take is not entirely accurate anymore:
If after that you still want tmpreaper to run, please edit
/etc/tmpreaper.conf and remove the line:
.
echo Please read
On Thu, October 9, 2014 14:58, Jonathan McDowell wrote:
On Wed, Oct 08, 2014 at 07:57:14PM +0100, Jonathan Dowland wrote:
Hey, I noticed that the most recent DSA failed signature check for me.
This is because Thijs' signing key had an expiry of 2014-06-16 at some
point. He has more recently
This is CVE-2014-7206.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
On Tue, September 30, 2014 08:17, Daniel Iancu wrote:
I have this line over and over in the web server logs:
phpmyadmin: Failed to load /etc/phpmyadmin/config-db.php
I checked the permissions on config-db.php
and it's owned by root:www-data with permissions -rw-r-.
So it's very
On Tue, September 30, 2014 18:55, Agustin Martin wrote:
myspell-nl could maybe provide virtual package name hunspell-nl
I think this was once proposed and not implemented. Do not remember the
reasons. René is the person behind hunspell and might remember why.
It seems to be harmless and
Package: ftp.debian.org
Severity: normal
Hi,
Please remove freesci from unstable. The code has been merged into
scummvm years ago. I talked about this with Bas and he's fully in
agreement, so labelling this as ROM. It hasn't been in testing
since august.
Thanks,
Thijs
--
To UNSUBSCRIBE,
I've asked ftp-master to remove this package from sid in #764256.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Mon, September 29, 2014 13:33, Michael Meskes wrote:
@security: Is this enough of a security problem to warrant a stable
upload?
The fix seems easy enough, just run pinky if $user is still empty.
On its own, I would not consider failure to lock the screen in specific
situations a high
Hi Thorsten
Op vrijdag 26 september 2014 15:28:55 schreef Thorsten Glaser:
Failure to do so will mean shipping Mediawiki 1.19 in
jessie, which is currently upstream’s oldstable and
fading LTS. Mediawiki 1.23 is upstream’s current LTS;
we have an agreement from upstream to support 1.19 for
All,
Thank you Paul, indeed it helped me, as I too ran into this issue in a
fresh Jessie install. I didn't have to downgrade OpenSSH, however, just
edit PermitRootLogin as you did.
So am I right to conclude that this bug actually concerns the change that
changes PermitRootLogin to
Package: libxml2
Version: 2.7.8.dfsg-2+squeeze9 2.8.0+dfsg1-7+wheezy1
Severity: important
Tags: security
Hi,
The patch applied to libxml2 for wheezy and squeeze-lts for CVE-2014-0191
seems to be applied wrong. A line is duplicated in xmlSAXParseDTD:
@@ -12324,6 +12341,12 @@
Hi,
The security team is working on an update which includes amongst others
the patch referenced in this bug.
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Sat, September 13, 2014 18:49, Thijs Kinkhorst wrote:
On Wed, September 10, 2014 09:01, Alexandre Detiste wrote:
Source: dutch
Version: please provide hunspell-nl
Severity: wishlist
Dear Maintainer,
It's not at all evident that someone can mix hunspell myspell
dictionaries packages
On Fri, September 19, 2014 11:16, Stefano Zacchiroli wrote:
On Fri, Sep 19, 2014 at 10:46:31AM +0200, Raphael Hertzog wrote:
In any case, Distro Tracker is 100% Python and I don't see us relying on
libparse-debianchangelog-perl to generate pretty changelogs. So this
wishlist is likely to sit
Package: tracker.debian.org
Severity: wishlist
Hi,
The changelogs are currently displayed in plain text format. Tools like
libparse-debianchangelog-perl can pretty print those to HTML so they have nice
headings, clickable bug numbers, etc.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Package: security-tracker
Severity: wishlist
Hi,
In the overview per-package, the tracker currently shows for each CVE
name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy,
wheezy-security, jessie, sid.
I think for the overviews it would be preferable if the table just
On Mon, September 15, 2014 18:25, Matthias Urlichs wrote:
Hi,
Thijs Kinkhorst:
I've talked briefly with Enrico, DDE's developer, and he indicated he
doesn't have time to bring it back to life. Therefore my question: is
there someone interested to bring this service back to Debian? There's
On Tue, September 16, 2014 09:10, Paul Wise wrote:
Could we get a new URL that also has information about unimportant and
resolved issues and DSAs? I would suggest a format like what lintian
uses:
Not sure what you'd use that additional info for, but I would heartily
disrecommend to display
On Mon, September 15, 2014 01:36, Holger Levsen wrote:
Hi,
See attached or branch html5+external_css from
ssh://git.debian.org/git/collab-maint/secure-testing.git
These patches turn the html into html5 and introduce a modern, slick css
style
inspired from tracker.d.o - enjoy! :)
On Mon, September 15, 2014 16:07, Holger Levsen wrote:
control: tags -1 + pending
Hi,
see attached. This version also deals with several URLs in one note :)
It also works for all three recent examples of Salvatore.
Go
Thijs
--
To UNSUBSCRIBE, email to
Hi,
On Thu, September 4, 2014 22:04, marc zonzon wrote:
I have the same problem with apt-file v 2.5.2.3. This bug is caused by
the inaccessibility of dde.debian.net which is a cname for
paganini.debian.org and there is no more any DNS for
paganini.debian.org.
The role of Debian Data Export
All,
The 'rapt-file' tool shipped in apt-file uses dde.debian.net to query for
filenames, obviating the need to download Contents files before you can
search. Unfortunately, dde.debian.net is down and we, the apt-file
maintainers, got reports that therefore, rapt-file has become useless.
I've
On Sun, August 31, 2014 11:54, Morten Bo Johansen wrote:
Trying to use rapt-file to search for a file produces the
following error message:
urllib2.URLError: urlopen error [Errno -2] Name or service not
known
Thanks for reporting. The service dde.debian.net on which rapt-file
depends has
On Wed, September 10, 2014 09:01, Alexandre Detiste wrote:
Source: dutch
Version: please provide hunspell-nl
Severity: wishlist
Dear Maintainer,
It's not at all evident that someone can mix hunspell myspell
dictionaries packages.
myspell-nl could maybe provide virtual package name
Package: needrestart
Version: 1.1-1
Severity: normal
Hi,
When installing needrestart on a standard Debian system, one is required to
install 20 MB of dependencies. This seems quite heavy, and would in my
opinion preclude needrestart to become a more widely installed tool.
The sole culprit of
Package: lists.debian.org
Severity: wishlist
Hi,
Can you please configure the debian-lts-announce list so it has a subject
prefix [SECURITY] , in the same way that debian-security-announce has?
Current difference between d-s-a and d-l-a:
Subject: [SECURITY] [DSA 3017-1] php-cas security
On Wed, September 3, 2014 13:31, Alexander Wirt wrote:
Desired situation:
Subject: [SECURITY] [DSA 3017-1] php-cas security update
Subject: [SECURITY] [DLA 43-1] eglibc security update
Done, but untested. Please test this as soon as possible.
Works as designed, thank you!
Thijs
--
To
On Sun, August 31, 2014 14:43, Olivier Berger wrote:
I'm not sure it's used in most cases, so I'm a bit puzzled on how to solve
this, besides my lack of interest for CAS these days (see my RFA :
#757231).
Are you going to update it in sid for the security issue?
Thijs
--
To UNSUBSCRIBE,
101 - 200 of 2622 matches
Mail list logo