Nico Golde wrote:
> Package: screen
> Version: 4.0.2-4.1
> Severity: wishlist
> Tags: patch
> Hi,
> screen isn't able to handle ~/ if you want to load a
> configuration file via source in the command line.
> I hate this because it is short and good :)
> However, I attached a patch which fixes this.
Nico Golde wrote:
> > Nico Golde wrote:
> > > Package: screen
> > > Version: 4.0.2-4.1
> > > Severity: wishlist
> > > Tags: patch
> > > Hi,
> > > screen isn't able to handle ~/ if you want to load a
> > > configuration file via source in the command line.
> > > I hate this because it is short and g
Package: gimp-svg
Version: 2.2.7-1
According to the Depends: line the Description: line is wrong:
Version: 2.2.7-1
Depends: gimp (= 2.2.7-1), libatk1.0-0 (>= 1.7.2), [..]
^^^
Description: SVG plugin for The GIMP, stable version 2.0
Package: gv
Version: 1:3.6.1-10
Something is very wrong here:
[..]
gv: unrecognized option `--grayscale'
Usage: gv [OPTION]... [FILE]
PostScript and PDF viewer.
--monochrome display document using only black and white
--grayscaledisplay document without colors
[.
Andrew Donnellan wrote:
> reopen 290242
> thanks
>
> I'm reopening this bug because prozilla is still in woody, and Martin
> 'Joey' Schulze is preparing 3.0r6, which, from what he's told me, will
> still have prozilla in it. This should not happen. In my opinion,
> prozilla is either patched or re
Adrian von Bidder wrote:
> > You wouldn't need to change "every" script - you just need to move
> > gettext.sh to /usr/share/gettext/scripts and create /usr/bin/gettext.sh
> > with the content Sean suggested.
>
> Which buys us what?
>
> This new gettext.sh would still be a non-executable script s
This problem has been assigned
Candidate: CAN-2004-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1388
Reference: BUGTRAQ:20050126 DMA[2005-0125a] - 'berlios gpsd format string
vulnerability'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110677341711505&w=2
Reference
Package: uw-imap
Version: 2002edebian1-5
Severity: grave
Tags: security sarge sid patch
A vulnerability was discovered in the CRAM-MD5 authentication in
UW-IMAP where, on the fourth failed authentication attempt, a user
would be able to access the IMAP server regardless. This problem
exists only
Package: kleopatra
Version: 3.3.1-3
Tags: sid sarge
Severity: serious
The package should at least be installable when it is in the Debian archive,
even if it is a contrib package.
# apt-get install kleopatra
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be
Christian Hammers wrote:
> Hello
>
> The bug has been reported more than a week ago and the last status from
> the same date is that the Woody package is beeing investigated.
>
> Are there any news regarding the vulnerability status of the Woody
> package or the preparation of a DSA?
Luigi is ta
Christian Hammers wrote:
> On Fri, Apr 29, 2005 at 02:56:38PM +0200, Martin Schulze wrote:
> > > Are there any news regarding the vulnerability status of the Woody
> > > package or the preparation of a DSA?
> >
> > Luigi is taking a look. It's not yet clea
Package: apt-rpm-repository
Version: current
Severity: minor
- Description: tools to create APT RPM repository
+ Description: Tools to create an APT RPM repository
^^
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Barne's Law
P
Moritz Muehlenhoff wrote:
> Package: oops
> Severity: grave
> Tags: security patch sid woody
> Justification: user security hole
>
> [Cc:ing security@, should affect woody as well]
It does.
> A format string vulnerability in the auth() function for SQL database
> user handling possibly permits e
Branden Robinson wrote:
> Hi Joey,
>
> xfree86's fix for CAN-2005-0609 has not yet been uploaded to
> testing/unstable. I expect to make an upload soon, however; the packages
> are currently in preparation, and you can view the current status of the
> SVN trunk at:
>
> http://necrotic.deadbeas
Package: bsmtpd
Version: 2.3pl8b-16
Severity: normal
Tags: patch
I've just noticed that a leading dot in a line is not only duplicated
but tripplicated (sp?) when using bsmtp and postfix in the documented
(README.Debian) fashion. Apparenly, Postfix is duplicating the leading
dot already, but then
Package: nufw
Version: current
Severity: minor
- Description: a per-user firewalling daemon that interfers with libipq
+ Description: Per-user firewalling daemon that interferes with libipq
^
Spelling error.
I'd capitalise the beginning as
Package: lkl
Version: current
Severity: minor
- Description: userspace keylogger for x86 architechture
+ Description: Userspace keylogger for x86 architecture
^
Spelling problem (I'd use a capital U as well, but that's
debatable).
Regards,
.17.0/debian/changelog
@@ -1,3 +1,14 @@
+xli (1.17.0-11woody1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied patch from DSA 069 to fix buffer overflow in faces decoder
+[faces.c, CAN-2001-0775]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18
sean finney wrote:
> On Fri, Mar 11, 2005 at 09:39:10AM +0100, Christian Hammers wrote:
> > Wasn't it the one where a privilege granted to "table_name" also grants
> > rights on "tableXname", "tableYname" as '_' was considered as something
> > like a dot in a RegEx? This should be fairly easy to te
sean finney wrote:
> On Fri, Jul 15, 2005 at 04:15:22PM +0200, Martin Schulze wrote:
> > > However, as I don't like the "next week" part too much, I'll try to
> > > work on the update on my own and send you the diff for comments.
> > > Should redu
Sean Finney wrote:
> hi,
>
> On Mon, Jul 18, 2005 at 07:21:29PM +0200, Martin Schulze wrote:
> > > i'll try and set some time aside tonight or tomorrow to test, but
> > > it looks good from an initial glance.
> >
> > Any outcome? In other words,
Stephen Gran wrote:
> Hello all,
Thanks a lot for contacting us.
> There is a security bug in webcalendar (#315671 and
> http://www.securityfocus.com/bid/14072, for reference). Tim is the
> maintainer, but does not yet have a debian account, and cannot upload.
> We have a fixed version for sarge
Sean Finney wrote:
> On Tue, Jul 19, 2005 at 07:54:31AM +0200, Martin Schulze wrote:
> > Ok, I'll wait.
>
> so, a 6 hour plane flight later, i've learned 3 things:
>
> 1 - there are a number of other variables that also need to be included.
> 2 - there are a n
Stephen Gran wrote:
> Hello all,
>
> There is a security bug in webcalendar (#315671 and
> http://www.securityfocus.com/bid/14072, for reference). Tim is the
> maintainer, but does not yet have a debian account, and cannot upload.
> We have a fixed version for sarge ready (patch attached). I am
Sean Finney wrote:
> this is done now.
Thanks a lot. I have reviewed it and will use it for the advisory.
Regards,
Joey
--
Reading is a lost art nowadays. -- Michael Weber
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTEC
Horms wrote:
> The attached patch should resolve this problem, and I have put
> packages that include this patch up at
> http://debian.vergenet.net/pending/heartbeat/
>
> Joey, what do you want to do about this?
We can't do anything about it.
All you can do, ant that's what you did already, is p
This is half-done. One can edit the CSS file (if one knows enough
about CSS and stuff), but upon the next upgrade the changes would
be gone since /usr/share/cvsweb/css/cvsweb.css is not a conffile.
Hence, if you want to eventually fix and close this bug report,
you'll have to move that file into
Héctor García Álvarez wrote:
> El vie, 25-03-2005 a las 21:54 +0100, Moritz Muehlenhoff escribió:
> > Package: smail
> > Severity: grave
> > Tags: security patch
> > Justification: user security hole
> >
> > [Dear security-team, this should affect Woody as well]
> >
> > Sean <[EMAIL PROTECTED] ha
Package: gphpedit
Version: current
Severity: minor
- Description: Developemnt environment for PHP/HTML/CSS
+ Description: Development environment for PHP/HTML/CSS
^^
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
sean finney wrote:
> hi,
>
> i've prepared a new version which addresses both the previous issues
> addressed in sarge0 and the new hardened-php reported issues:
>
> deb http://people.debian.org/~seanius/cacti/sarge ./
> deb-src http://people.debian.org/~seanius/cacti/sarge ./
>
> version: 0.8.6
Adam D. Barratt wrote:
> On Thu, 2004-05-13 at 10:17 +0200, Martin Schulze wrote:
> [...]
> > James Troup wrote:
> > > Martin Schulze <[EMAIL PROTECTED]> writes:
> [...]
> > > > It seems that the Contents-$arch.gz file for woody does not contain
> &g
Jay Berkenbilt wrote:
>
> Some time ago, a bug was posted about tiff being vulnerable to
> CAN-2005-1544: a bug that caused and exploitable segmentation fault on
> files with certain bad BitsPerSample values (making it a potential DOS
> bug). The fix is already in sarge. I had posted a patch aga
severity 305142 important
tags 305142 security
thanks
Is there any motion on this problem?
==
Candidate: CAN-2005-2214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2214
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigne
Thijs Kinkhorst wrote:
> On Tue, July 12, 2005 12:33, Werner Koch wrote:
> > On Tue, 12 Jul 2005 10:37:41 +0200, Thijs Kinkhorst said:
> >
> >> version of GnuPG in Debian (1.4.1-1). I'm wondering what the stance of
> >> upstream is on this bug: will or won't it be fixed?
> >
> > I don't see the pro
sean finney wrote:
> another update,
>
> the security release for cacti has been delayed due to complications
> backporting the security fix into the version in woody, which is a major
> release (and rewrite) behind the versions in sarge and sid.
>
> joey from the security team provided an init
Sean Finney wrote:
> i guess i didn't in the email updating this, but did so in sanitize.php
> itself:
Yes, I saw that later. I hope, my tone wasn't too harsh.
> > Additionally you seem to be using get_request_var only which
> > uses the $_GET array, but not the $_REQUEST array, and hence
> > ca
Martin Schulze wrote:
> However, as I don't like the "next week" part too much, I'll try to
> work on the update on my own and send you the diff for comments.
> Should reduce the time you need to spend on the issue as well.
Ok, here is an update.
Regards,
Holger Levsen wrote:
> Howto handle security fixes for fai-kernels
> ---
>
> fai-kernels uses the kernel-source-2.4.27 and kernel-source-2.6.8 packages.
> If these packages get updated with a security fix, fai-kernels needs to be
> rebuild.
>
> The kernel
Steve Langasek wrote:
> - Nothing in the source or binary package names matches the
> kernel.*2\.(4\.27|6\.8) regexp that I've been using so far to identify the
> kernel packages requiring attention
>
> I have no knowledge of how important the latter is to the security team;
> they may not be both
Package: tecnoballz
Version: current
Severity: minor
- Description: Breaking block game proted from the Amiga platform
+ Description: Breaking block game ported from the Amiga platform
^^
Regards,
Joey
--
Testing? What's that? If it compiles, it is g
Holger Levsen wrote:
> Hmmm... the only mail address for stable security support on
> http://www.debian.org/intro/organization is [EMAIL PROTECTED] -
> <[EMAIL PROTECTED]> didnt seem appropriate to me.
What's wrong with that address?
> Would that have been a better address ?
Yes.
Regards,
Package: steam
Version: current
Severity: minor
- Description: environment for cooperative knowledgemanagment
+ Description: Environment for cooperative knowledge management
^^ ^
(Similar for the other steam-foo packages.)
Regards,
Package: tutos2
Version: current
Severity: minor
- Description: The Ultimate Team Organization Sofware
+ Description: The Ultimate Team Organization Software
^
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Bar
Package: gspot
Version: current
Severity: minor
- Description: gspot: A GNOME applet to query the Net
+ Description: A GNOME applet to query the network
No need to repeat the package name in the short description of said
package.
Regards,
Joey
--
Life is too short to run proprietary s
This one is CAN-2005-3257.
Regards,
Joey
--
Never trust an operating system you don't have source for!
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Loic Minier wrote:
> Hi,
>
> I'm willing to do a stable-proposed-updates upload of
> libgnomeprint2.2-0 to address #334450. It is an important usability
> bug, but I know that important bugs can not always be addressed in
> stable. Joey: please check the severity of #334450 and the l
Loic Minier wrote:
> Hi,
>
> On Tue, Oct 25, 2005, Martin Schulze wrote:
> > If I understand the problem correctly, for some reason libgnomeprint does
> > not use the proper lpr command. However, the patch does not implicate
> > the execution location.
>
&
Loic Minier wrote:
> On Tue, Oct 25, 2005, Martin Schulze wrote:
> > Please upload a fixed package based on the patch you attached.
>
> Uploaded. Attached are the relevant interdiff and debdiff.
>
> I'm afraid the huge debdiff exposes that:
> - the Uploaders
Loic Minier wrote:
> On Tue, Oct 25, 2005, Martin Schulze wrote:
> > BOTH PARTS ARE VERY EASY TO AVOID.
> > cp patch foo/debian/patches
> > dch -i / emacs debian/changelog
> > fine.
> > I'm sorry, but please reupload with only the patch you provided in the
&g
Loic Minier wrote:
> Hi,
>
> On Tue, Oct 25, 2005, Martin Schulze wrote:
> > That should be followed by dpkg-source -b, of course.
>
> Ok, I didn't knew about that, and it offered a shorter debdiff at the
> end indeed. I did:
That looks a lot better. T
Steve Kemp wrote:
> On Mon, Sep 26, 2005 at 09:23:16AM -0500, John Goerzen wrote:
>
> > > Attached are the patches that Joey (Schulze) approved.
> >
> > Can you (or Joey) comment: did you use a different patch because you
> > believe mine to be insecure, or for a different reason? (That's an
>
Steve Feehan wrote:
> On Wed, Sep 28, 2005 at 03:34:22PM +0900, Horms wrote:
> > Hi Martin,
>
> > I have prepared packages that include this fix, from upstream,
> > and no other changes, and you can find them at
> > http://packages.vergenet.net/sarge-proposed-updates/heartbeat/
> >
> > Steve, ca
Santiago Vila wrote:
> Christian, I received this patch from Ubuntu, so if I'm not mistaken,
> there are now three different ways to fix this bug (two of them from
> discussions that were not cc:ed to the Debian BTS), but so far none of
> these patches have been "blessed" by upstream (i.e. you).
>
Martin Pitt wrote:
> The bug description is quite vague, but I believe it aims at this bug:
>
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694
>
> which is fixed in
>
>
> http://cvs.sourceforge.net/viewcvs.py/net-snmp/net-snmp/snmplib/snmp_api
Sven Mueller wrote:
> I created a fixed package (actually two: one for sid/etch and one for
> sarge), available at https://mail.incase.de/spampd/sarge-security/
> respectively at https://mail.incase.de/spampd/sid/ (until my sponsor
> finds the time to upload the latter to sid). Personally, I'm indi
Could somebody explain the security implication for me?
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
(Apart from that, I'm only slightly annoyed as I had to learn about
this via MITRE
Arthur Korn wrote:
> Hi
>
> 1.19-1 source and binary packages work on stable, and the
> differences to 1.18.4-2 are all local bugfixes, so I figure it
> doesn't make any sense to separate bugfixes from bugfixes for a
> special security fix for stable. Well, we could split out
Since the diff betwe
Moritz Muehlenhoff wrote:
> > 1.19-1 source and binary packages work on stable, and the
> > differences to 1.18.4-2 are all local bugfixes, so I figure it
> > doesn't make any sense to separate bugfixes from bugfixes for a
> > special security fix for stable. Well, we could split out
> > storeBacku
severity 329156 normal
thanks dude
Loïc Minier wrote:
> Hi,
>
> On Fri, Oct 07, 2005, Martin Schulze wrote:
> > Could somebody explain the security implication for me?
>
> You can record in the utmp/wtmp logs something which is wrong, for
> example that an use
Moritz Muehlenhoff wrote:
> Sounds correct, my manpage says:
> -h, --no-dereference
> affect each symbolic link instead of any referenced file (useful only on
> systems that can change the ownership of a symlink)
>
> However, I think that this hunk is missing for CAN-2005-3148:
>
> diff -
Loïc Minier wrote:
> Hi,
>
> On Fri, Oct 07, 2005, Martin Schulze wrote:
> > severity 329156 normal
> > thanks dude
>
> You didn't Cc: control, I've bounced it to control.
I usually use Bcc for that, so that group replies don't annoy
our co
FWIW: I've just tried to install, reinstall and upgrade apache-ssl
inside a sarge chroot environment and the package didn't show problem.
So maybe this bug is indeed due to the many virtual hosts.
Michael should debug the postinst script, e.g. by executing it
with "sh -x" or by creative glancing
Aníbal Monsalve Salazar wrote:
> >Upon investigation of this problem I noticed that ssmtp (oldstable
> >and stable) always strips the last line of the input before sending.
> >
> >gluck!joey(pts/4):~> seq 1 10|sendmail [EMAIL PROTECTED]
> >
> >--> 1..9
> >
> >gluck!joey(pts/4):~> echo seq 1 10|send
Javier Fernández-Sanguino Peña wrote:
> > The page on http://www.debian.org/doc/manuals/debian-faq/index.en.html
> > says: "version CVS, 14 February 2003". However, the current doc-debian
> > package ships "version 3.1.2, 9 June 2005". Is the debian-faq on the
> > web really as outdated as it see
Javier Fernández-Sanguino Peña wrote:
> On Wed, Sep 14, 2005 at 04:44:33PM +0200, Joost van Baal wrote:
> > Package: www.debian.org
> > Severity: normal
> >
> > Hi,
> >
> > The page on http://www.debian.org/doc/manuals/debian-faq/index.en.html
> > says: "version CVS, 14 February 2003". However,
Florian Weimer wrote:
> >> (Note that I have yet to test Lorenzo's new package.)
> >
> > Are you in a position to do so?
>
> Sure, but the question is if you want to rely on the results. You
> don't seem to trust my judgement on this matter, for reasons I don't
> know.
I simply did not understan
Lorenzo Martignoni wrote:
> > If you can, please build an updated package, based on the version in
> > sarge and woody if that's needed as well, and place them on a .debian.org
> > host.
>
> I already have a fixed package. I only need to add the CVE ID.
>
> On which host of .debian.org should I u
Max Vozeler wrote:
> Hi security team,
>
> the loop-aes-utils package in sarge is affected by CAN-2005-2876
> (#328626). I've prepared a stable-security upload of 2.12p-4sarge1
> with a fix backported from 2.12r-pre1:
>
> http://people.debian.org/~xam/security/loop-aes-utils/
>
> This bug will
Christian Hammers wrote:
> Hello Security Team
>
> Are you aware of this bug? The "interdiff" patch are already in the BTS.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526
> Applied the upstream patch that fixes a tempfile vulnerability in the
> mysqld_install_db script th
Looks like the redesign of the BTS broke reportbug horribly since it
depends on a certain set of URLs and content. As both has been
altered, reportbug fails.
The fix for the --mbox failure is simple, and indeed attached to this
message.
The fix for the 'No report available' problem is more diffi
sean finney wrote:
> hi joey, martin,
>
> (christian may already be on vacation, so i'll try and field some
> responses from what i think is going on)
[..]
> christian forwarded the bug information to mysql asking for a
> clarification (http://bugs.mysql.com/bug.php?id=12575) and we're
> waitin
Steve Langasek wrote:
> On Sun, Aug 21, 2005 at 11:20:49PM -0400, Theodore Ts'o wrote:
>
> > I would like to upload the following release to sarge to fix a grave bug
> > (#318463), and taking the opportunity to fix a few other potential
> > core-dumping inducing bugs. All of these are cherry pick
Christoph Haas wrote:
> On Tue, Aug 16, 2005 at 12:06:48PM +0200, Jeremie Koenig wrote:
> > I've not tested anything but I may have found the cause for this
> > problem. Freshly extracted, the source package contains some cruft which
> > gets removed upon running debian/rules clean. Specifically,
>
Christoph Haas wrote:
> Check the upstream archive (pdns_2.9.17.orig.tar.gz) again:
> There are files like debian/doc-base that cause trouble. We are
> currently removing these files in the "clean:" target. But if that
> target isn't called before building the package we get this error.
Ah, now I
Package: nzb
Version: 0.1-1
Package: nzb
Description: An nzb based Usenet binary grabber
Mind writing a description? A real one, not such self-depending
thing?
Regards,
Joey
--
MIME - broken solution for a broken design. -- Ralf Baechle
Please always Cc to me when replying to me on
Martin Schulze wrote:
> Christian Hammers wrote:
> > Hello Security Team
> >
> > Are you aware of this bug? The "interdiff" patch are already in the BTS.
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526
> > Applied the upst
Martin Pitt wrote:
> Hi!
>
> Here is the relevant change from pcre3 6.1-> 6.2, ported to 5.0:
>
> http://patches.ubuntu.com/patches/pcre3.CAN-2005-2491.diff
Patch originally sent by Marcus Meissner from SuSE.
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me
Martin Pitt wrote:
> Hi!
>
> Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
> embedded pcre 3.x, I also took a look at the woody version. I took a
> look at the code and played with the test suite, and it seems to me
> that the capture part works ok; just the integer underflow m
Aidas Kasparas wrote:
> Please find bellow a patch which check EOF condition instead of no
> input. Without fix for this bug package is virtually not useable (I
> experienced mysterious attachment cuts, so I can not relay on it at it's
> present form :-( Please consider importance of this bug as "s
Adeodato Simó wrote:
> severity 325254 serious
> reassign 325254 kdegraphics,security.debian.org
> retitle 325254 kdegraphics 3.3.2-2sarge1/powerpc uninstallable because of
> dependency on kdelibs4 (>= 4:3.3.2-6.2)
> notfound 325254 4:3.3.2-2
> found 325254 4:3.3.2-2sarge1
> thanks
>
> * Jochen A
Max Vozeler wrote:
> Short description:
> lockmail.maildrop (setgid mail) lets the user specify a program and
> execvp()s it, but does not drop egid mail privilege before doing so.
> This opens a trivial privilege escalation (see "poc") to group mail.
Thanks a lot for the report. This is CAN-200
==
Candidate: CAN-2005-3178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178
Reference: BUGTRAQ:20051005 xloadimage buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112862493918840&w=2
Buffer overflow in x
Jeroen van Wolffelaar wrote:
> tags 318286 sarge
> thanks
>
> On Thu, Jul 14, 2005 at 05:36:34PM +0300, Joey Hess wrote:
> > oftpd is vulnerable to anothere security hole. This time a crafted "FTP
> > USER" command can cause a crash. Since a buffer overflow is involved,
> > it's possible that this
Ola Lundqvist wrote:
> Hello
>
> On Wed, Oct 05, 2005 at 01:17:37PM -0400, Mike O'Connor wrote:
> > Package: horde3
> > Version: 3.0.5-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> >
> > As part of the installation procedure in README.Debian, you are told to
Ola Lundqvist wrote:
> > > > I also would recommend that a password be required do use the
> > > > Administration interface.
> > >
> > > The administration thing will be kept there as it do not have any write
> > > permission to any of the configuration files.
> > >
> > > Or do you have a good su
Sven Mueller wrote:
> > Hence, it's rather "one mail falls through" or something. Doesn't sound
> > security-relevant to me.
>
> Well, it's more of an indirect DoS. The mails are rejected with an SMTP
> temporary failure code according to my quick test. This means that those
> mails fill up the s
Package: commit-tool
Version: current
Severity: minor
- Description: GUI commit tool for various Source Control Managment systems
+ Description: GUI commit tool for various Source Control Management systems
Regards,
Joey
--
Experience is something you don't get until just after you nee
Andres Salomon wrote:
> On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote:
> > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote:
> >
> > > Thanks a lot for the report. This is CAN-2005-2655.
> > >
> > > > The bug affects 1.5.3-1
Florian Weimer wrote:
> As far as I understand it, from the perspective of the security team,
> it is not clear if the upstream change breaks existing user
> configurations. Users might rely on the current behavior and use it
> to deliberately weaken the filter policy. This is a reasonable
> ques
Florian Weimer wrote:
> * Martin Schulze:
>
> > So a summary would be to leave the package as it is in sarge, right?
>
> Based on the facts, I reach the opposite conclusion. The upstream
> changes should be merged. However, since easy workarounds are
> possible, we mig
Florian Weimer wrote:
> * Martin Schulze:
>
> > What was the behaviour pre-sarge?
> > What is the behaviour post-sarge (or rather in sarge)?
>
> Do you mean "before and after the upstream security update"? The
> terms pre-sarge/post-sarge do not make mu
doc-base/pdns,
while the package in sarge does not.
Looking at the file contents, it shouldn't be an architecture.deb
but an all.deb, btw., but that's not an issue we need to fix now.
> Martin Schulze:
> How did you build the package ? (I'm pretty curious right now becaus
Christoph Haas wrote:
> Hi, Martin...
>
> On Sat, Aug 13, 2005 at 07:09:02AM +0200, Martin Schulze wrote:
> > Please retry in the sarge chroot on gluck or escher. I've just
> > rebuilt it in both environments and both times the pdns_*.deb
> > contained both /usr/s
Christoph Haas wrote:
> On Tue, Aug 16, 2005 at 10:23:41AM +0200, Martin Schulze wrote:
> > That is very strange. I've just rebuilt it on gluck
> > (see /tmp/joey for log and packages) and it does still contain
> > the doc-base directory.
>
> I was too slow
Package: apache2.2-common
Version: 2.2.3-3.2
I guess that the file /etc/apache2/mods-available/ssl.conf is missing
the statement "Listen 443" to allow Apache 2 to actually listen to the
SSL port as well.
Regards,
Joey
--
A mathematician is a machine for converting coffee into theorems.
Please use CVE-2006-6318 when referring to this NULL pointer dereference.
Regards,
Joey
--
If nothing changes, everything will remain the same. -- Barne's Law
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
Josselin Mouette wrote:
> Le jeudi 28 décembre 2006 à 17:29 -0800, Thomas Bushnell BSG a écrit :
> > On Fri, 2006-12-29 at 01:56 +0100, Josselin Mouette wrote:
> > > Now, if you don't provide us with the necessary data, we won't be able
> > > to fix the regression it introduces in gnucash.
> >
> >
Nicolas François wrote:
> > > The following list contain all the coded character sets known. This does
> > > not necessarily mean that all combinations of these names can be used for
> > > the FROM and TO command line parameters. One coded character set can be
> > > listed with several different
Package: gnome-lokkit
- Forwarded message from Bill Ries-Knight <[EMAIL PROTECTED]> -
Date: Fri, 15 Dec 2006 08:55:27 -0800
From: Bill Ries-Knight <[EMAIL PROTECTED]>
To: debian-www@lists.debian.org
Subject: bad link
X-Folder: debian-www@lists.debian.org
on this page:
http://packages.de
severity 394250 wishlist
thanks
Eddy Petri??or wrote:
> Package: gui-apt-key
> Version: 0.1-3
> Severity: normal
>
> Hello,
>
> I just tried gui-apt-key and I managed to erase one of the keys
> (thankfully was an expired key) when I wanted to view its properties. I
> have seen that regular butto
101 - 200 of 544 matches
Mail list logo
