On Thu, January 3, 2013 04:19, Christoph Anton Mitterer wrote:
This is a follow up for #697108 and CVE-2012-6085.
Eric,
Thanks for fixing this in unstable. Can you also provide an update for
stable-security? Let me know if you prefer that we handle it.
Cheers,
Thijs
--
To UNSUBSCRIBE, email
On Fri, January 4, 2013 11:39, Thijs Kinkhorst wrote:
On Thu, January 3, 2013 04:19, Christoph Anton Mitterer wrote:
This is a follow up for #697108 and CVE-2012-6085.
Eric,
Thanks for fixing this in unstable. Can you also provide an update for
stable-security? Let me know if you prefer
retitle 692911 unblock: ca-certificates/20121114
thanks
Hi,
ca-certificates/20121114 has been uploaded in the meantime which addresses
both the wish for documentation expressed in this bug log above and fixes
RC bug #537051. It has been in unstable for over 30 days now without new
issues
tags 693276 moreinfo
thanks
Hi Jerome,
please consider to add TERENA CA certificates available at
http://www.terena.org/activities/tcs/repository/
I'm not sure that would be useful. The whole idea behind the TCS project
is that it issues certificates from a CA that is already present in major
On Wed, January 2, 2013 16:04, Jerome BENOIT wrote:
It is the pops server of my University: pops.univ-fcomte.fr
openssl s_client -CApath /etc/ssl/certs -connect pops.univ-fcomte.fr:995
Yes, I get:
Certificate chain
0 s:/C=FR/O=Universit\xC3\xA9 de
franche-Comt\xC3\xA9/OU=Universit\xC3\xA9 de
On Wed, January 2, 2013 20:53, John Paul Adrian Glaubitz wrote:
Package: gnupg
Version: 1.4.12-6
Followup-For: Bug #697108
Attaching proposed debdiff. Would do an NMU to fix the problem
upon permission.
Thanks for your offer! However, I just uploaded an update to gnupg along
the same lines
Hi Stephen,
On Fri, December 28, 2012 22:15, Stephen Michael Kellat wrote:
Okay. Cameron released TTYtter 2.1.0 as of 27 December 2012 which
complies with Twitter API 1.1.[1] Twitter notes on their calendar that
the drop dead date for Twitter API 1.0 is 5 March 2013.[2] Cameron
notes that
Hi,
On Fri, December 21, 2012 17:24, Andreas Schamanek wrote:
Found the same problem on an installation using Dovecot IMAPd
$ dpkg -l 'dovecot*' | grep ^.i | awk '{print $1,$2,$3}'
ii dovecot-core 1:2.1.7-2
ii dovecot-imapd 1:2.1.7-2
ii dovecot-pop3d 1:2.1.7-2
The folder tree of the
Hi,
On Wed, December 19, 2012 17:53, Leonardo Boselli wrote:
reading a certain message i got this.
Fatal error: Call to undefined function sq_get_html_translation_table() in
/usr/share/squirrelmail/functions/url_parser.php on line 242
only with that message (not reproducible with other
Package: boost1.49
Severity: normal
Hi,
Please enabled hardened build flags through dpkg-buildflags.
Please see http://wiki.debian.org/HardeningWalkthrough
for more information.
Thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
Package: release-notes
Tags: patch
Hi,
Attached patch adds a what's new item on the security hardening build
flags release goal. Please consider to apply. I'm not currently aware of
other hardening improvements except the flags, but if there are, they can
of course be included in this section.
Hi, Dario,
On Tue, December 4, 2012 17:07, Dario Minnucci wrote:
The option 'Sanity check of your simpleSAMLphp setup' at
/simplesaml/module.php/core/frontpage_config.php is not working due to a
missing file (config-sanitycheck.php)
This can be fixed by adding this softlink under
Package: collabtive
Severity: important
Tags: security
Hi,
Two CVE's were assigned recently for 'ancient' Collabtive security issues:
CVE-2010-5284
http://www.exploit-db.com/exploits/15240
CVE-2010-5285
http://www.exploit-db.com/exploits/15240
Can you please check and verify that these old
On Sat, April 7, 2012 17:22, Thijs Kinkhorst wrote:
We'll have to investigate how to best fix this.
I'm currently preparing a patch in cooperation with upstream.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble
Hi Samuel,
On Thu, December 6, 2012 21:13, Samuel Bronson wrote:
tags 466181 + security
Why are you adding this tag? The last message in the bug log has a clear
statement from the security team that the tag is not warranted for this
bug.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Hi Michael,
On Tue, December 4, 2012 20:25, Michael Stapelberg wrote:
On Fri, 30 Nov 2012 16:14:42 +0100
Moritz Muehlenhoff j...@inutil.org wrote:
http://www.openwall.com/lists/oss-security/2012/10/29/8
Please see the Red Hat bug for more details on the patch
status:
Package: qt4-x11
Severity: serious
Tags: security patch
Hi,
A security advisory has been posted by Qt regarding XmlHttpRequest
insecure redirection:
http://lists.qt-project.org/pipermail/announce/2012-November/14.html
A patch is available in their advisory.
This is CVE-2012-5624.
Cheers,
severity 677762 wishlist
thanks
The few packages that have still not migrated to M-A are no longer in the
Depends line of ia32-libs-gtk and hence not a blocking issue anymore -
this bug is hence no longer RC. Leaving open as wishlist because it still
documents packages that have not converted.
Hi,
Dr. Cameron Kaiser released a new version of TTYtter on July 5th that
requires packaging.
Thanks, I'm well aware of that, but as you may know Debian is currently in
a freeze period which precludes packaging of new upstream releases.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Hi Dominik,
Thank you for your suggestion.
The debian/control file ists a dependency on curl | lynx, essentially
stating that both provide the same functionality. While ttytter can
really be used with any of the two, the defaut OAuth authentication
mechanism is not supported with lynx.
I
Hi,
That basic functionality is breaking on February 1st. Kinda
inappropriate to ship a version of a package that *will* be broken by
then.
Thanks. I'm aware of it. There are however two complicating factors:
1) Upstream release with support for this API is still in beta.
2) Debian is
Bonjour M. Noit,
On Tue, November 13, 2012 23:54, Monsieur Noit wrote:
The web interface needs a CGI-aware HTTP server.
The httpd-cgi virtual package would make this dependency explicit.
That doesn't sound like a bad idea. I have two concerns: one is that not
all HTTP servers supporting CGI
severity 691945 wishlist
tags 691945 wontfix
thanks
Hi Osamu,
On Wed, October 31, 2012 16:26, Osamu Aoki wrote:
As you know main area package can not list non-free/contrib in
recommends or depends per policy. But in many cases, one feels like
listing the following to ensure automatic font
On Thu, October 25, 2012 07:18, Scott Kitterman wrote:
Package: opendkim
Version: 2.0.1+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
See http://www.kb.cert.org/vuls/id/268267, VU#268267
opendkim in squeeze, wheezy, sid offers no method to prevent use of
-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Revert conversion to Multi-Arch: same done in 2.30.3-1.1.
+This needs to be done coordinated with changes to libglade2.
+ * Keep the Multi-Arch: foreign change for libgnomecanvas-common.
+
+ -- Thijs Kinkhorst th...@debian.org Sun
severity 671063 normal
thanks
This should be done by the administrator on demand with his own choice of
parameters. Ån automatic generation can be done at each new installation
(better) or at each upgrade, but anyway that would imply having the same
set for years in many cases. A patch for
Hi Stefan,
It is indeed possible to build those module packages. After dkms
build, cd to /var/lib/dkms/$MODULE$/$MOD_VERS$/build and execute
KVERS=`uname -r` fakeroot debian/rules binary-modules
This will create the correct $MODULE-module-$KVERS-$MOD_VERS deb
package with no Depends. I
for me with one module, so I'm submitting it here. It may of course
be open to improvement or a different way of implemneting this that the dkms
maintainers may prefer.
Cheers,
Thijs
--
Thijs Kinkhorst th...@uvt.nl – LIS Unix
Universiteit van Tilburg – Library and IT Services • Postbus 90153
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I believe we should consider to have ia32-libs and friends migrate to
testing. In my perception the status is as follows.
All blocking bugs against ia32-libs have been closed. I have
Package: dkms
Severity: minor
Tags: patch
Hi,
The dkms(8) man page misindents the 'mkdeb' subcommand.
Attached patch fixes this.
Cheers,
Thijs
diff -Nur dkms-2.2.0.3.orig/dkms.8 dkms-2.2.0.3/dkms.8
--- dkms-2.2.0.3.orig/dkms.8 2010-08-12 23:44:37.0 +0200
+++ dkms-2.2.0.3/dkms.8
Package: dkms
Severity: minor
Tags: patch
Hi,
When running dkms on one system I got the message:
Module build for the currently running kernel was skipped since the
kernel source for this kernel does not seem to be installed.
I did in fact have the appropriate linux-source package installed;
Package: doc-debian
Version: 4.0.2
Severity: important
Hi,
Building this package from source requires one to have a webwml
checkout in a specific hardcoded filesystem location.
Also, the source package does not really contain the sources
as these are pulled in from the checkout at build time.
Hi,
We sent the first batch to the Alioth users, and are quite happy that,
among the 213 members of the Alioth webwml group we contacted, 104
members already sent us back the agreement, and 44 other persons (who
already provided content but who currently don't have commit access)
sent it
Package: libapache2-mod-axis2c
Severity: important
Tags: security
Hi,
Researchers have found a flaw in the SAML logic in Axis 2 where signatures
are validated when and only when they are included: validation can hence
be bypassed by not including a SAML assertion signature at all.
This is
by applying patches from
+Adam Stokes and Steve Langasek (closes: #650777).
+
+ -- Thijs Kinkhorst th...@debian.org Sun, 14 Oct 2012 11:10:26 +
+
libgnomecanvas (2.30.3-1) unstable; urgency=low
[ Josselin Mouette ]
diff -Nru libgnomecanvas-2.30.3/debian/control libgnomecanvas-2.30.3
This is CVE-2012-5303.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
CVE-2012-4430 was fixed in unstable and stable, thanks for that, but
wheezy is still lacking the fix. This is because the unstable version
cannot migrate due to it containing many auxilliary fixes. Could you
coordinate with the release team to make an upload to
testing-proposed-updates with
Hi,
This security issue was fixed in unstable, thanks for that, but
wheezy is still lacking the fix. This is because the unstable version
cannot migrate due to it containing many auxilliary fixes. Could you
coordinate with the release team to make an upload to
testing-proposed-updates with the
the Multi-Arch: foreign change for libgnomecanvas-common.
+
+ -- Thijs Kinkhorst th...@debian.org Sun, 14 Oct 2012 17:39:04 +
+
libgnomecanvas (2.30.3-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru libgnomecanvas-2.30.3/debian/control libgnomecanvas-2.30.3/debian/control
tags 684148 moreinfo
thanks
Hi,
dpkg: error processing
/var/cache/apt/archives/libsvga1_1%3a1.4.3-33_i386.deb (--unpack):
trying to overwrite shared '/etc/vga/null.keymap', which is different from
other instances of package libsvga1:i386
I checked and null.keymap is byte for byte
tags 690258 moreinfo
thanks
Hi Fabian,
Package: phpmyadmin
Version: 4:3.3.7-7
Severity: important
Your report lacks a description of what does not work for you.
The package automatically generates a blowfish secret for your
configuration which is included in the default config.
If it
tag 683424 patch
thanks
Hi,
We need some introduction to multi-arch.
Attached patch adds a basic introduction to Multiarch in the What's new
section, referring to the HOWTO for extended information for those who
want it. Besides it points users of ia32-libs, probably one of the most
Package: libproxy
Severity: serious
Tags: security fixed-upstream patch
Hi,
A buffer overflow was discovered in the PAC handling which lacks a
sufficient content length check.
The following bug report describes the issue and a proposed fix for the
0.3 branch:
for wheezy+1 (Closes: #677993, #678077).
+ * Fix DoS via specially crafted EAP-TLS messages with longer message
+length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990).
+
+ -- Thijs Kinkhorst th...@debian.org Sat, 13 Oct 2012 14:48:08 +
+
wpa (1.0-2) unstable; urgency=low
On Sat, October 13, 2012 16:08, Fabián Bonetti wrote:
On Sat, 13 Oct 2012 14:09:11 +0200
Thijs Kinkhorst th...@debian.org wrote:
In the picture is clear. Not taking the variable blowfish
The config.inc.php in /usr/share/phpmyadmin contains the lines:
// Load secret generated on postinst
On Thu, October 11, 2012 10:07, Thijs Kinkhorst wrote:
On Wed, October 10, 2012 22:43, Adam D. Barratt wrote:
On Thu, 2012-08-30 at 22:13 +0100, Adam D. Barratt wrote:
On Mon, 2012-08-27 at 23:00 -0400, David Prévot wrote:
Can someone from the release team please confirm that you would
On Wed, October 10, 2012 22:43, Adam D. Barratt wrote:
On Thu, 2012-08-30 at 22:13 +0100, Adam D. Barratt wrote:
On Mon, 2012-08-27 at 23:00 -0400, David Prévot wrote:
Can someone from the release team please confirm that you would
consider
unblocking such an upload of gnupg, knowing that
Control: tags 685960 + confirmed
After a chat with KiBi the proposed changes shouldn't have any effect on
the content / behaviour of the udeb, so please go ahead.
Ping? Is there anything I could do to help #685627 get fix in Wheezy?
I'm sorry, do you expect me to make this upload?
I can do
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
Please unblock package tinyproxy. It fixes a denial of service.
unblock tinyproxy/1.8.3-3
Thanks,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with
Hi Salvatore,
On Sat, September 29, 2012 19:15, Salvatore Bonaccorso wrote:
On Sun, Aug 19, 2012 at 01:23:38PM +0200, Jordi Mallach wrote:
On Sun, Aug 19, 2012 at 11:42:57AM +0200, Thijs Kinkhorst wrote:
A Denial of Service attack has been reported against tinyproxy:
https
Package: apt
Version: 0.9.7.4
Severity: important
Hi,
Using apt from wheezy with our APT repository fails:
201 URI Done:
bzip2:/var/lib/apt/lists/partial/non-free.uvt.nl_debian_dists_squeeze_uvt_binary-amd64_Packages
RecivedHash:
.
+
+ -- Thijs Kinkhorst th...@debian.org Wed, 29 Aug 2012 15:43:31 +
+
simplesamlphp (1.9.1-1) unstable; urgency=medium
* New upstream security release:
diff -Nru simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.2/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.1/docs
On Mon, August 27, 2012 03:38, David Prévot wrote:
Attached the current (from the gnupg package repository) debdiff,
excluding the translation, since it contains other pending changes that
may not be in line with the current freeze policy (so the release team
may point what changes could be
This is CVE-2012-3526.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: tinyproxy
Severity: serious
Tags: security patch
Hi Jordi,
A Denial of Service attack has been reported against tinyproxy:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
Can you please see to it that this gets addressed
Hi,
As it seems, Daniel has uploaded a version of open-vm-tools that reverts
the contentious changes. This version has been in unstable for 11 days now
and no bugs have been reported since.
Can you please review and unblock?
thanks,
Thijs
--
To UNSUBSCRIBE, email to
site scripting [PMASA-2012-4].
+
+ -- Thijs Kinkhorst <th...@debian.org> Mon, 13 Aug 2012 13:24:09 +
+
phpmyadmin (4:3.4.11-1) unstable; urgency=low
* New upstream release.
diff -Nru phpmyadmin-3.4.11/js/db_structure.js phpmyadmin-3.4.11.1/js/db_structure.js
--- phpmyadmin-3.4
On Wed, August 8, 2012 01:15, Cyril Brulebois wrote:
Thijs Kinkhorst th...@debian.org (07/08/2012):
On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
while I have only glanced at it, that doesn't look bad at all,
please go ahead and ping us once it's accepted.
It has now been accepted
On Tue, August 7, 2012 01:44, Cyril Brulebois wrote:
Hello Thijs,
Thijs Kinkhorst th...@debian.org (06/08/2012):
I would like to upload simplesamlphp/1.9.1-1: an upstream security
release that only fixes a security issue and adds some minor
documentation fixes. The debdiff is attached
.
+
+ -- Thijs Kinkhorst th...@debian.org Mon, 06 Aug 2012 12:57:02 +
+
simplesamlphp (1.9.0-1) unstable; urgency=low
* New upstream release.
diff -Nru simplesamlphp-1.9.0/docs/simplesamlphp-changelog.txt simplesamlphp-1.9.1/docs/simplesamlphp-changelog.txt
--- simplesamlphp-1.9.0/docs
% saving.
I've enabled it by default, because of the signifcant savings but also because
other logs on Debian systems are compressed by default (syslog, Apache to name
a few).
Cheers,
Thijs
--
Thijs Kinkhorst th...@uvt.nl – LIS Unix
Universiteit van Tilburg – Library and IT Services • Postbus
17 00:00:00 2001
From: Thijs Kinkhorst th...@debian.org
Date: Fri, 27 Jul 2012 12:58:35 +0200
Subject: [PATCH] Add readme section to tell users about httponly cookies.
httponly session cookies are a useful proactive security measure to mitigate
against the effects of cross site scripting attacks
On Wed, July 18, 2012 14:09, Thorsten Glaser wrote:
This means that any (php/perl/python) script running with the webserver
privileges can potentially read/write to /var/lib/mailman/data .
Hrm. So does the other way: mailman can read/write apache's stuff.
It may not be quite that big an
Hi Daniel,
I've uploaded an NMU to DELAYED/5 to help you fix this RC bug. Please cancel
it before that time if you disagree and/or have a fix ready yourself.
Attached is the diff for this NMU.
Cheers,
Thijs
--
Thijs Kinkhorst th...@uvt.nl – LIS Unix
Universiteit van Tilburg – Library
Hi Daniel,
I can reproduce this bug. When building the module, I get:
/usr/src/linux-headers-3.2.0-3-common/scripts/Makefile.build:44:
/var/lib/dkms/open-vm-tools/2012.05.21/build/Makefile: No such file or
directory
make[3]: *** No rule to make target `/var/lib/dkms/open-vm-tools
On Mon, July 9, 2012 11:09, Marco Nenciarini wrote:
I would be happy to help sponsoring, but I see another problem: the
package is listed only amd64 in buildd's Packages-arch-specific file
[1].
So It will not be picked up for i386 and therefore it will not work.
tags 677746 -moreinfo
tags 679748 -moreinfo
thanks
Hi Alexander,
Op woensdag 20 juni 2012 16:27:22 schreef Goswin von Brederlow:
Alexander Reichle-Schmehl alexan...@schmehl.info writes:
tags 677746 + moreinfo
thanks
Debiaa32-libs: ia32-libs [ia64]
ia32-libs-gtk: ia32-libs-gtk [ia64]
Hi Sebastien,
On Sat, January 21, 2012 22:24, Sebastien Wains wrote:
Link to Debian logo in /usr/lib/mailman/Mailman/Defaults.py is hardcoded
(variable SITE_LOGO).
Well, the default is hardcoded. It is changable via mm_cfg.py like every
other configuration option.
While Mailman gives you the
Hi Michele,
1.0.9.1 is available upstream. Could you please package it?
It looks like this contains a significant number of useful bugfixes. Are you
able to package this release (wheezy freeze is expected not long from now)?
Let me know if you need help / an upload to fix it.
Cheers,
Thijs
Hi Nicholas,
I seem to recall that this bug is fixed in 5.5.24 which actually is in
testing. The migration is not yet complete and probably still has a week
or two to go at the least. But does that change your calculations at all.
Yes, 5.5 seems fixed in both sid and wheezy.
As for 5.1,
Hi,
I have done several tries on several systems (lenny, squeeze,
squeeze-without-DSA-2429, wheezy) and am not able to reproduce the issue.
Others report a similar experience. I don't dare to say yet with certainty
that no version of MySQL in any Debian release is vulnerable, but I have
not been
On Thu, June 7, 2012 10:41, Matthew Hall wrote:
The mailman package includes this stanza in /etc/mailman/mm_cfg.py:
PRIVATE_ARCHIVE_URL = ...
However it does not exist in mailman and causes real troubleshooting
confusion, and complaints on the upstream mailing lists.
Thanks. I wasn't aware
Hi all,
Reading the bug about CVE-2011-2716, I think the only question left is this:
So, in all cases the variable is enclosed in double quotes.
Yes this look secure. What about the udeb script?
/debian/tree/busybox-udeb/usr/share/udhcpc/default.script:
do_resolv_conf() {
local
On Sun, June 3, 2012 12:29, Michael Tokarev wrote:
The version of busybox currently in experimental verifies
all the strings returned by dhcpd and if any bad char is
found, it replaces the whole thing with literal string
bad when exporting the variable to the script. So
there should be no
Hi Francesco,
I agree with the submitter that it would be good to update the dh params
before the wheezy release. It seems a relatively easy thing to fix and it
would resolve this RC bug.
Let me know if you need any help (nmu's, etc).
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Hi,
I'm sorry, but we've got yet another set of struts vulnerabilities:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0838
It would be really helpful if you could
Hi IMP maintainers,
Thanks micah for preparing a squeeze package. I'm building it now and will
upload it to the security archive.
Is there already progress on fixing unstable?
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
bts found 651204 1.2.3-3
bts fixed 651204 1.3.7-1
thanks
Hi,
Wheezy and sid contain a patch for this issue. Squeeze seems still
affected. Are you able to provide an updated package for squeeze?
cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
severity 608286 minor
thanks
httpOnly has been made the default in Tomcat 7, so this ID is
essentially about an insecure default setting.
For Tomcat 6 I don't esee the need to change the default (which might
even break applications). Instead such settings should be taken into
account when
Package: unbound
Severity: wishlist
Hi Robert,
As you're probably aware unbound 1.4.17 has been released. I'm very
interested to get this included before wheezy.
Please consider this as an offer to help out, prepare a package or test,
if needed, if that would help to get the package ready
Hi Ghe,
Do you think you are ready to prepare an update for radvd with the patch I
sent? Hardened build is a release goal for wheezy afterall.
I can prepare an NMU if you're not currently in the position to deal with
this.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to
Package: dbconfig-common
Severity: wishlist
Tags: patch
Hi,
The dbc_dballow variable is used in dbconfig-common but cannot be set from
the package. Attached patch adds a simple check to see if it was already
set by the package, and if then just uses this value.
Please consider.
thanks,
severity 669813 wishlist
retitle 669813 automatically configure Apache
thanks
Hi,
On Sat, April 21, 2012 14:07, a...@debian.org wrote:
your package mailman is a web application which supports the Apache2
web server. We're upgrading Apache to the new upstream version 2.4 [1]
Current Mailman
Hi,
Joey Hess wrote:
This is also easy to get wrong for backports -- and again a better
default queue can easily be determined by the suite.
How about adding a config option that matches against the suite.
Something like:
[security-master]
default_for_suite = .*-security
That would be
On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote:
On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
For some reason I had it in my head that 5.4.2 was the upstream
version
with the fixed fix rather than the not-quite fixed fix.
I think
Package: www.debian.org
Hi,
When going to the download page of a package on package.debian.org which
is in squeeze-backports, one is presented with a list of mirrors. Of
those, the following are dysfunctional:
Discontinued:
debian.acantho.net/backports.org
On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
For some reason I had it in my head that 5.4.2 was the upstream
version
with the fixed fix rather than the not-quite fixed fix.
I think this is the case (e.g. 5.4.2 is the fixed
Hi Adam,
On Sat, May 5, 2012 16:24, Adam D. Barratt wrote:
I'd like to try and get php5 migrated to testing over the next couple of
days. This does mean aging the 5.4.2-1 upload somewhat, but 5.4.1~rc1-1
had been in unstable for a month already and the diff from that looks
sane enough once
On Sat, April 21, 2012 14:07, a...@debian.org wrote:
Package: mailman
Severity: important
User: debian-apa...@lists.debian.org
Usertags: apache24webapptransition
Thanks. I plan to include this when we upload upstream's 2.1.15 release.
Thijs
--
To UNSUBSCRIBE, email to
On Sat, April 21, 2012 14:07, a...@debian.org wrote:
Package: phpmyadmin
Severity: important
User: debian-apa...@lists.debian.org
Usertags: apache24webapptransition
Thanks. It makes sense to me to combine this with our upload of the 3.5
branch, which is currently blocked by a license issue
of patched version please? It's now blocking
a transition of PHP to testing.
Ondrej
On Mon, Feb 6, 2012 at 20:10, Thijs Kinkhorst th...@uvt.nl wrote:
severity 658875 normal
forwarded 658875
http://code.google.com/p/simplesamlphp/issues/detail?id=473
tags 658875 patch upstream
thanks
Hi Dennis,
On Mon, April 16, 2012 15:44, Dennis van Dok wrote:
I would like to include the CA distribution of the IGTF
(www.igtf.net), which is an international collaboration of CAs for use
in the e-science communities (i.e. scientific grid computing cloud
computing).
orig.tar.gz which is not appropriate.
Cheers,
Thijs
From bf556672a555ab2b2a92f806b35f19b99ce699d6 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst th...@debian.org
Date: Wed, 11 Apr 2012 13:53:09 +0200
Subject: [PATCH 1/2] Do not generate warnings when debdiff'ing dpkg source
format 3.0 (git
On Mon, April 9, 2012 21:07, Filipus Klutiero wrote:
There is a difference between configuring and using a configuration.
Using my MUA's reply feature may indeed be conceived as *using* a
configuration. However, it's certainly not commonly conceived as
*configuring*.
Could be, but the word
$ /usr/bin/php5
PHP Warning: PHP Startup: Unable to load dynamic library
'/usr/lib/php5/20100525/pdo_sqlite.so' -
/usr/lib/php5/20100525/pdo_sqlite.so: cannot open shared object file: No
such file or directory in Unknown on line 0
PHP Warning: PHP Startup: Unable to load
Package: gajim
Severity: grave
Tags: security
Hi,
Two security issues were reported in gajim: one user assisted code
execution and one an SQL injection:
- https://trac.gajim.org/ticket/7031
- https://trac.gajim.org/ticket/7034
They are fixed in gajim 0.15-1, which is in unstable and I've asked
Hi,
CVE-2012-2085 (code execution) and CVE-2012-2086 (sql injection) have been
assigned to this issue.Please mention them in any changelog entries.
cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Sun, April 8, 2012 18:36, Filipus Klutiero wrote:
That's not an opinion, that's a bug. Compare
; Production Value: Off
with
short_open_tag = On
Off != On
I think what confuses you is that the comments in the php.ini indicate
what upstream considers production values, while what we ship is
On Sun, April 8, 2012 18:31, Filipus Klutiero wrote:
Package: php5-common
Version: 5.4.1~rc1-1
Severity: normal
README.Debian.security starts:
The Debian stable security team does not provide security support for
certain configurations known to be inherently insecure. This includes
the
On Sun, April 8, 2012 21:23, Filipus Klutiero wrote:
Hi Thijs,
On 2012-04-08 13:16, Thijs Kinkhorst wrote:
On Sun, April 8, 2012 18:31, Filipus Klutiero wrote:
Package: php5-common
Version: 5.4.1~rc1-1
Severity: normal
README.Debian.security starts:
The Debian stable security team does
501 - 600 of 2622 matches
Mail list logo
