Package: awstats
Version: 6.5-1
Severity: important
Tags: security
Source: http://www.osreviews.net/reviews/comm/awstats
| Arbitrary code can be executed by uploading a specially crafted
| configuration file if an attacker can put a file on the server with
| chosen file name and content (e.g. by
Package: awstats
Version: 6.5-1
Severity: important
Tags: security
Source: http://www.osreviews.net/reviews/comm/awstats
| If the update of the stats via web front-end is allowed, a remote
| attacker can execute arbitrary code on the server using a specially
| crafted request involving the
Hello,
as mentioned in http://www.osreviews.net/reviews/comm/awstats, the
same type of XSS vulnerability also exists with the 'diricons'
parameter. In this case, Debian is affected, too.
Hendrik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Just to fix false hints, it should be:
`pkg-config --variable=includedir openobex`/openobex
HS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
what can cobex do that obexftp doesn't do already?
obexftp also handles devices made by SE and the cable obex that they use.
The version in Debian is slightly outdated (my sponsor doesn't react
currently), you can find the most current version at
Hi,
siefs currently has some issues of the source code files that it ships.
For some, no license is mentioned and I have some doubts that the siefs
author is also the author of those files (I mean the character set translation
files).
I mailed the author about the issue but nothing happened so
Geoff Crompton [EMAIL PROTECTED] writes:
Package: openvpn
Version: 2.0-1sarge2
Followup-For: Bug #360559
Is this the same as CVE-2006-1629?
Yes, it is.
Hendrik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
forgotten. Now Firefox uses the correct library and everything works
fine. :-) Sorry for the inconvenience.
Hendrik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: openvpn
Version: 2.0.5-1
Severity: important
Tags: security
As described in http://www.osreviews.net/reviews/security/openvpn
OpenVPN contains a security hole that allows a malicious VPN server to
take over connected clients.
OpenVPN allows to push environment variables to a client via
Package: oprofile
Version: 0.9.1-9
Tags: security
As described in http://www.osreviews.net/reviews/devel/oprofile
OProfile allows unprivileged users to profile all code on a
system. This makes cryptographic services vulnerable to timing attacks
(e.g. compromise of secret keys).
--
To
is a bit far-fetched, I think you'll get the
idea. Real world attacks would probably be directed at cryptographic
keys, e.g. in the spirit of [1].
Probably the best solution would be to restrict reading
/var/lib/oprofile/samples/current/{$USER}/ to $USER.
Hendrik
[1] http://www.cs.cmu.edu
fault) @ 0 (0) ---
6681 unlink(/home/hendrik/.mozilla/firefox/z8jcg1f2.default/lock) = 0
6681 rt_sigaction(SIGSEGV, {SIG_DFL}, NULL, 8) = 0
6681 rt_sigprocmask(SIG_UNBLOCK, [SEGV], NULL, 8) = 0
6681 tgkill(6681, 6681, SIGSEGV) = 0
6681 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
So
Package: openjade
Version: 1.4devel1-15
Severity: important
Hi,
Please take a look at
http://buildd.debian.org/fetch.php?pkg=libopenobexver=1.2-1arch=armstamp=1143231391file=logas=raw
It does work fine on other archs, e.g.
shipped source files into one).
Sincerly
Hendrik Sattler
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8
.
Are there any other problems with this plan?
Hendrik Sattler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
below make configure detect this version.
Like before, OPENOBEX_CFLAGS and OPENOBEX_LIBS are set.
However, other bugs are also involved: all includes like
#include obex.h
must be changed to
#include openobex/obex.h
If you have further problems, please tell me.
Sincerly
Hendrik Sattler
Package: affix
Severity: serious
Justification: no longer builds from source
Hi,
There was a new version of libopenobex accepted in unstable. However,
it does NOT use openobex-config anymore but pkg-config. Thus,
configure fails on openobex.
I would provide a patch but the configure.ac file is
standardized pkg-config.
There is a possible problem in plugins/irmc_sync/configure.in because
the link libs do not fit. Either -lusb is added manually or you
properly use pkgconfig to get those values.
Hendrik Sattler
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT
Hi,
I missed two things:
1. the two typos in the error message :-/
2. the build dependency must be changed, too.
HS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: aptitude
Version: 0.4.1-1
Severity: important
Hi,
I have the following pinning:
Package: *
Pin: release a=unstable
Pin-Priority: -10
Package: *
Pin: release a=sid
Pin-Priority: -10
Whenever I select a package from unstable to install it, aptitude crashes!
This makes is unusable for
retitle 284745 bluez-utils: fails to work with current dbus
severity 284745 important
thanks
Package: bluez-utils
Version: 2.24-1
Followup-For: Bug #284745
Hi,
the following happens on running /etc/init.d/bluetooth start in syslog:
Feb 13 16:02:43 localhost hcid[4964]: Bluetooth HCI daemon
Feb
Am Montag, 13. Februar 2006 17:52 schrieb Filippo Giunchedi:
On Mon, Feb 13, 2006 at 04:13:40PM +0100, Hendrik Sattler wrote:
retitle 284745 bluez-utils: fails to work with current dbus
how this is related to the previous title of the bug? (it was Subject:
needs extra hciconfig hci0 up
Am Montag, 13. Februar 2006 17:52 schrieb Filippo Giunchedi:
[...]
The package bluez-utils is simply missing a file.
The bug only comes up if you enable the dbus_pin_helper instead of the
fixed pin_helper in /etc/bluetooth/hcid.conf.
The behaviour changed from earlier versions. The
Am Montag, 13. Februar 2006 17:52 schrieb Filippo Giunchedi:
[...]
The problem is in packaging in debian/bluez-utils.install. Change:
debian/tmp/etc/dbus/*
to
debian/tmp/etc/dbus-1/*
to fix this bug.
One point down for cdbs as it is not using dh_install's full power (see option
Am Freitag, 10. Februar 2006 00:37 schrieb Edd Dumbill:
On Thu, 2006-02-09 at 23:55 +0100, Hendrik Sattler wrote:
retitle 237386 please update to openobex-1.1
thanks
Hi,
SF has openobex-1.1 available and this version is NEEDED for USB device
support with obexftp-0.19 (And I really
retitle 237386 please update to openobex-1.1
thanks
Hi,
SF has openobex-1.1 available and this version is NEEDED for USB device
support with obexftp-0.19 (And I really would like to package that).
The new version depends on a libusb version that is already in Sid, so it
should compile just
reassign 271627 scmxx
thanks
Hi,
The upcoming version of scmxx will include adr2vcf and the smi decoding
utility (merge fo smi2txt and smi2csv).
The vmo en-/decoding utility is not included because it is actually a
different code base and is available at many location, thus should be
packaged
Hi,
I am the Debian obexftp maintainer by now and filed a bug on upstream about
the soname issue:
https://sourceforge.net/tracker/?func=detailatid=108960aid=1402799group_id=8960
Those bugs tend to get more reponse than a private mail and there was a
reaction in the mailing list, too:
Package: ifupdown
Version: 0.6.7
Severity: normal
Hi,
I am using the madwifi-ng driver from http://www.madwifi.org and use the
following in my /etc/network/interfaces file:
snip-
allow-hotplug ath0
iface ath0 inet dhcp
,
Hendrik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
retitle 238314 ITP: siefs -- virtual filesystem for accessing memory of
Siemens mobiles
owner !
quit
Note that the URL changed from the original request:
http://chaos.allsiemens.com/siefs/
Since fuse is included in linux-2.6.14, this makes it more interesting than
before.
HS
The previous message had numerous typos, here a corrected version:
The bug is believed to be fixed with obexftp-0.10.7+0.10.8pre9-3 in Debian
unstable. Actually it was fixed in obexftp-0.10.7+0.10.8pre9-2 which was not
uploaded to the archive.
pgptflzmVsjp5.pgp
Description: PGP signature
which has
it's own access method with option -b (and that works with the version
currently in Debian).
Michael: please upload the new version. Thanks.
Hendrik
pgpFLzUf9KyCk.pgp
Description: PGP signature
Am Samstag, 29. Oktober 2005 00:17 schrieb Silvestre Zabala:
Package: obexftp
Version: 0.10.7-3
Followup-For: Bug #289181
the beta releases at http://triq.net/obexftp/beta-testing/ contain the
fix:
2005-08-06 Christian W. Zuckschwerdt [EMAIL PROTECTED]
* Nokia hack (suppressing
Hi,
Am Dienstag, 16. August 2005 14:55 schrieb Jukka Suomela:
It seems that I had the same problem with my Nokia 6680 as described in
the bug report #289181. I use a USB-Bluetooth dongle to communicate
with the device, and I have the latest packages from Debian unstable.
All obexftp commands
Package: wnpp
Severity: wishlist
* Package name: libevent-rpc-perl
Version : 0.84
Upstream Author : Joern Rieder [EMAIL PROTECTED]
* URL : http://www.exit1.org/Event-RPC/
* License : GPL
Description : Event based transparent Client/Server RPC framework
Package: tcl8.4
Version: 8.4.9-1
Severity: normal
Hi,
If I run
$ tclsh
% echo $auto_path
/usr/lib/tcl8.4 /usr/lib
Why are those files in /usr/lib and not in /usr/share?
If I want to add e.g. tablelist TCL package, why is it not possible
to put it to /usr/local without having to fiddle with
Package: mc
Version: 1:4.6.0-4.6.1-pre4-2
Severity: normal
Hi,
The following line in /etc/mc/mc.ext is wrong:
View=%view{ascii} if rpm --nosignature --version /dev/null 21; then RPM=rpm
--nosignature ; else RPM=rpm --nosignature ; fi ; $RPM -qivlp --scripts %f
Sure, RPM as always is horribly
Package: rpm
Version: 4.0.4-31
Severity: normal
Hi,
Is there a specific reason that %{_sysconfdir} (when used in a .spec file)
points to /usr/etc instead of /etc?
HS
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture:
Package: apt-file
Version: 2.0.6
Severity: normal
Here the error message:
# apt-file update
Warning: Illegal date format for -z/--timecond and not a file name.
See curl_getdate(3) for valid date syntax.
% Total% Received % Xferd Average Speed TimeTime Time Current
Package: pingus
Version: 0.6.0-8
Severity: minor
Hi,
I use the german l10n and 8bit characters like üöä are missing from the
texts in the game.
HS
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:
Am Freitag, 1. Juli 2005 12:50 schrieb SDiZ:
tag: patch
I have experience the same problem on My Sharp GZ100, the following
patch fix it.
I know it's ugly, but it works..
+++ scm-075/src/actions.c 2005-07-01 10:35:48.0 +
@@ -109,6 +109,15 @@
char* ack;
Am Freitag, 1. Juli 2005 17:39 schrieb SDiZ:
I guess there are some old data in the read buffer, because of what i
see in the debug output:
Sending command: ATZ
Received: ERROR
Value matched ERROR.
Value matched ERROR.
Received: CPM=
Value matched nothing.
Value matched nothing.
Am Freitag, 1. Juli 2005 18:33 schrieb SDiZ:
I have tried you patches, it worked only once out of five trials...
Maybe the tcflush() function never works with my IrDA dongle?
nsc-ircc, Found dongle: HP HSDL-1100/HSDL-2100
Works here:
write(4, +++, 3) = 3
nanosleep({1,
Hi,
Info: I'm the developer of kvpnc and have still build debian packages for
kvpnc (see download page).
Your donwload page is empty (Konqueror and FireFox).
HS
pgpzntjjDfFeh.pgp
Description: PGP signature
Package: ftp.debian.org
Severity: important
apt-get update fails with following message:
W: GPG error: http://ftp.at.debian.org unstable/non-US Release: The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY B629A24C38C6029A
W: You may want to run
Am Samstag, 18. Juni 2005 03:40 schrieb Ben Pfaff:
Hendrik Sattler [EMAIL PROTECTED] writes:
running configure might reveal that it depends on the following files:
config.guess
config.sub
install-sh
There does not seem to any method to get those files by looking only
at the autoconf
Package: autoconf
Version: 2.59a-3
Severity: important
Hi,
running configure might reveal that it depends on the following files:
config.guess
config.sub
install-sh
There does not seem to any method to get those files by looking only
at the autoconf package.
I know that the files can be found
to the obexftp package that I maintain.
If you need help on this package, please tell me :)
Hendrik Sattler
Am Freitag, 3. Juni 2005 19:26 schrieb Michael Meskes:
On Fri, Jun 03, 2005 at 03:29:05PM +0200, Hendrik Sattler wrote:
did anything on this happen? I currently use the package from Fred
Schättgen: deb http://fred.hexbox.de/debian ./
I'm working on it, but have put it on hold until 3.4
Am Donnerstag, 26. Mai 2005 19:05 schrieb Andreas Tille:
Thanks for the bug report. Because I have no idea how to
fix this I foreward this to the upstream authors.
Kind regards and thanks for using tipptrainer
Currently, Tipptrainer is abandoned by the upstream authors due to lack of
Package: capiutils
Version: 1:3.6.2005-01-03-5
Severity: minor
Hi,
under load bootcode [contrnr [protocol:
The URL ftp://ftp.avm.de/cardware/b1/linux/firmware
is mentioned there.
However, this URL is not there, anymore. Instead, see #171446 for
a working URL.
Additionally, the firmware
Am Samstag, 7. Mai 2005 13:53 schrieb Marco d'Itri:
On May 07, Hendrik Sattler [EMAIL PROTECTED] wrote:
Package: ppp
Version: 2.4.3-20050321+1
Please upgrade.
Sorry, that did not help:
May 8 15:19:02 coruscant pppd[14083]: rcvd [LCP TermReq id=0xcc]
May 8 15:19:02 coruscant pppd[14083
Hi
gnomebaker from sarge crashes when starting.
This only happens on my account not an a newly created one.
Nevertheless this bug should be important (RC) because it renders
gnomebaker unusable for me.
Here are the files it opens in my home (from strace)
open(/home/hendrik/.Xauthority
tags 271627 + wontfix
stop
Hi,
although I am the author of the requested programs and debian maintainer of
obexftp, I will not include them in the package.
However, the current CVS of the flexmem-tools have a proper debian subdir (may
be delayed by a few hours by the time of this writing). To
Package: alsaplayer-common
Severity: normal
Hi,
just try out to install the following combination of alsaplayer components:
apt-get install alsaplayer-text alsaplayer-alsa
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
Package: stunnel4
Version: 2:4.070-5
Severity: normal
The Perl Wrapper Script /usr/sbin/stunnel fails to parse
merged options like -cd 127.0.0.1:1000:
Option '-cd' not supported at /usr/sbin/stunnel line 84.
Workaround: Change that line to -c -d 127.0.0.1:1000
-- System Information:
Debian
Hi,
another suggestion for this:
.PHONY: %-all
%-all:
make -C $* all
.PHONY:all
all: src-all po-all
(as replacement for the old all target). You can do equivalent with the other
targets. I checked it and it works nice. If you know an even more generic
rule, let me know.
I doubt,
Am Montag, 11. April 2005 00:45 schrieb Hendrik Sattler:
another suggestion for this:
.PHONY: %-all
%-all:
make -C $* all
.PHONY:all
all: src-all po-all
The following solution is now in the tipptrainer-CVS:
--snip
[EMAIL PROTECTED
Package: isdnutils-base
Version: 3.6.2005-01-03-5
Severity: minor
Hi,
I only use this to start isdnlog but with the new start script (probably due to
the LSB stuff?)
I cannot see anymore what items were started. When entering:
myservername /etc/init.d# ./isdnutils start
* Starting ISDN
Package: emacs21-common
Version: 21.4a-1
Severity: normal
The file /usr/share/emacs/21.4/etc/NEWS does not contain any news
items for version 21.4.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Kernel: Linux
Package: isdnactivecards
Severity: important
Hi,
With version 1:3.6.2005-01-03-3, the upgrade from Woody broke:
package isdnactivecards provided all the capi utils, including
/etc/isdn/capi.conf, see
Package: xmlto
Version: 0.0.18-5
Severity: wishlist
Hi,
xmlto cannot check an XML file itself or change the encoding, so using
xmllint and piping to xmlto would be most useful :)
xsltproc already accepts stdin by using - as file name,
I guess xmlto uses it?
HS
-- System Information:
Debian
Package: xmlto
Version: 0.0.18-5
Severity: normal
Hi,
checking the created HTML file validator.w3c.org shows the main flaw with
many HTML files:
You HAVE TO specify the DOCTYPE in the HTML document.
HS
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500,
Package: xmlto
Version: 0.0.18-5
Severity: normal
Hi,
is there any reason why ISO-8859-1 is enforces and entities used for everything
that does not fit in?
Why isn't the encoding of the XML file used? It has to fit anyway and makes the
output much more readable!
I assume you agree that forcing
Package: docbook2x
Version: 0.8.3-1
Followup-For: Bug #262990
Hi,
this is extremely inconvenient situation. The docbook-utils have misleading name
because the cannot handle docbook-XML but provide a docbook2man script that just
gives you lots of errors on docbook-XML input.
The alternative is
Package: docbook-utils
Version: 0.6.14-1
Severity: important
Hi,
You state in the description:
Description: Convert Docbook files to other formats (HTML, RTF, PS, man, PDF)
The docbook-utils is a set of a few small programs intended to ease
everyday use of technical documentation software and
Am Samstag, 12. März 2005 18:53 schrieb Ilya Voronin:
I clearly understand that.
But how can i build applications which uses libobexftp?
For example gobexftp - http://triq.net/obexftp/gobexftp-0.2.tar.gz.
They #include's obexftp/*.h and build fails - there is no 'uuid.h'.
libobexftp-dev
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: important
Hi,
I try to setup IPv6 on my local network. Ping6 already works but sshd refuses
to cooperate:
# sshd -d -e
debug1: sshd version OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key
Package: kdepim-dev
Severity: normal
Hi,
currently, to install kdepim-dev, I have to install ALL kdepim application
(as of 2005-02-18, this is BROKEN IN SARGE!). That is 12,5MB(!) as of today
to install a 55KB package :-/
However, I do not have a palm, why am I forced to install kpilot, I don't
to improve this situation. You simply have
to either set your AUDIOSERVER variable, or arrange for a second NAS
server to start up when you start the second X server.
Thanks
Can I run two nas server for the same sound card?
Greetings Hendrik
-Lex
--
Hendrik Wouters [EMAIL PROTECTED
Op zo, 23-01-2005 te 11:50 -0500, schreef Lex Spoon:
Hendrik Wouters [EMAIL PROTECTED] wrote:
So I run the following command on a black Linux console (not X): $ X
-query host :1 . This gives me a second virtual screen. Actually, this
virtual screen is on the same physical display (aside from
Package: aptitude
Version: 0.2.15.8-1
Severity: important
Hi,
The help page in its current implementation is not much of help if the locale
character set is not UTF-8 (and probably most locales are not set to that, yet).
With that, there is a lot of garbage.
So, a simple printing of the help
Hi,
can you confirm that this bug is still present with current version (0.10.6-4)
in unstable?
Hendrik Sattler
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: qt3-designer
Version: 3:3.3.3-7
Severity: normal
Hi,
after installing qt3-designer, it does not show up in the Development section
of the KDE menu but in lostfound (nicht zuzuordnen in German).
HS
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500,
Am Mittwoch, 12. Januar 2005 22:57 schrieb Adam Goode:
Package: obexftp
Version: 0.10.6-3
Tags: patch
Followup-For: Bug #251252
Very close, but off by 1 error keeps it broken. (No idea how this
bug got in there in the first place. Byte 1 is reserved in the
structure.)
Probably my fault,
Package: lintian
Version: 1.23.7
Severity: normal
Hi,
lintian outputs the following error:
E: obexftp: changelog-file-not-compressed ChangeLog.html
N:
N: Changelog files must be compressed using `gzip -9'. Even if they start
N: out small, they will become large with time.
N:
N: Refer to
Hi,
I tried to test the .deb from your site but it is compiled against a version
of kdelibs4 that is not available in Debian sid
HS
--
Mein GPG-Key ist auf meiner Homepage verfügbar: http://www.hendrik-sattler.de
oder über pgp.net
PingoS - Linux-User helfen Schulen:
801 - 878 of 878 matches
Mail list logo