Bug#397327: Same shortcut used twice

Package: gdm Version: 2.16.1-1 Severity: wishlist Moin, in the current version of GDM in the non-themed version the following strings (among others) are used in the user dialog: _Session _Action _Start Again It would be nice if _S (i.e. Alt-S) won't be used as shortcut twice in the same dialog.

Bug#397516: broken formatting

Package: debtags Version: 1.6.2 There is a space missing: impromtu!joey(pts/0):~> debtags help search [..] -i, --invertinvert the match, selecting non-matching items [..] --- Here are two spaces missing: impromtu!joey(pts/0):~>

Bug#401447: lynx doesn't accept wildcard certificates

Package: lynx Version: 2.8.5-2sarge2.2 Severity: important According to RFC 2818 Section 3.1 certificates may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches

Bug#401447: lynx doesn't accept wildcard certificates

Martin Schulze wrote: > Package: lynx > Version: 2.8.5-2sarge2.2 > Severity: important > > According to RFC 2818 Section 3.1 certificates may contain the wildcard > character * which is considered to match any single domain name component > or component fragment. E.g., *.a.

Bug#401447: lynx doesn't accept wildcard certificates

Martin Schulze wrote: > > According to RFC 2818 Section 3.1 certificates may contain the wildcard > > character * which is considered to match any single domain name component > > or component fragment. E.g., *.a.com matches foo.a.com but not > > bar.foo.a.com. f*.com

Bug#401447: lynx doesn't accept wildcard certificates

Thomas Dickey wrote: > On Sun, Dec 03, 2006 at 06:40:08PM +0100, Martin Schulze wrote: > > Martin Schulze wrote: > > > Package: lynx > > > Version: 2.8.5-2sarge2.2 > > btw, lynx-cur contains something analogous. You mean, lynx-cur has this fixed? Or that

Bug#402010: gosa leaves the ldap admin password readable by any web application

Finn-Arne Johansen wrote: > Package: gosa > Version: 2.5.6-2 > Severity: critical > Tags: security > Justification: root security hole > > > The documentation in gosa tells the admin to install gosa.conf under > /etc/gosa/gosa.conf, and to make it readable by the group www-data. > In this configu

Bug#405197: CVE name

Please use CVE-2006-5876. Regards, Joey -- GNU GPL: "The source will be with you... always." Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#406602: Documentation improvement

Package: websec Version: 1.9.0-1 Severity: wishlist Tags: patch Hi, I was puzzled to have websec bail out on my configuration until I reached the examples section of url.list. On the top of the file the syntax was missing. Here's a patch to fix this. I'd be glad if you could add it to future v

Bug#406605: Document source of fetching new versions

Package: websec Version: 1.9.0-1 Severity: wishlist Tags: patch Hi, I'd like the manpage to document when new versions are fetched. Since websec inspects the timestamp of an archived page and uses it in an additional HTML header line for if-modified-since this should be written down somewhere, I

Bug#406607: Typo

Package: websec Version: 1.9.0-1 Tags: patch Hi, there's a typo in the webdiff.1 manpage. --- webdiff.1.orig 2007-01-12 10:46:03.0 +0100 +++ webdiff.1 2007-01-12 10:46:09.0 +0100 @@ -175,7 +175,7 @@ Don't ignore if token contains >= given Debug messages .SH "DESCRIPTIO

Bug#406486: Reporting useless bugs

Thijs Kinkhorst wrote: > Dear members of the security team(s), > > On Fri, 2007-01-12 at 11:08 -0300, Alex de Oliveira Silva wrote: > > Multiple vulnerabilities have been identified in phpMyAdmin, which may > > be exploited by attackers to execute arbitrary scripting code. These > > issues are due

Bug#400573: Fix description

Package: kayak, canoe According to the description, both kayak and canoe implement the same. It would be a **good** idea to add the bit about Qt and Gtk2 not only in the last line of the description but in the short description. It appears taht it would also be a good idea to describe the packag

Bug#400572: arpalert: Description improvement

Package: arpalert Version: current Severity: wishlist - Description: monitoring arp changes in ethernet networks + Description: Monitor ARP changes in ethernet networks Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea. Please always Cc to me whe

Bug#399187: CVE-2006-5925: ELinks "smb" Protocol File Upload/Download Vulnerability

Julien Cristau wrote: > Hi, > > do the security@ people have a DSA in preparation for links and/or > elinks for CVE-2006-5925, or should I prepare a patch for the stable > versions too? As far as I know, no. Please prepare an update. Regards, Joey -- Given enough thrust pigs will fly

Bug#400577: pwman3: Description improvement

Package: pwman3 Version: current Severity: minor - Description: console password managment application + Description: console password management application ^ Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea.

Bug#400619: Default VirtualHosts for 2 of 3 security.debian.org Mirrors Useless

Daniel E. Markle wrote: > Package: security.debian.org > > A dig on the security.debian.org mirrors returns three results: > > security.debian.org.300 IN A 212.211.132.32 > security.debian.org.300 IN A 212.211.132.250 > security.debian.org.300 IN

Bug#387089: Sorry, not fixed

reopen 387089 thanks I'm sorry to tell you, but this problem is not yet fixed. Installed version of ca-certificates: ii ca-certificates 20061027Common CA Certificates PEM files There should be a link, but isn't: finlandia!joey(tty1):/etc/ssl/certs> l |grep luo

Bug#394251: gui-apt-key: Please add a desktop file

Alexander Schmehl wrote: > Hi! > > * Martin Schulze <[EMAIL PROTECTED]> [061020 16:24]: > > > > PS: Forgot a small "nice to have" in the > > > gui-apt-key-desktop-icon.patch: If you like the icon, you should add an > > > 32 bit xpm versio

Bug#398441: Please add signal

Package: libgtk2-perl Version: 1.140-1 Severity: wishlist The documentation for Gtk2::Entry (using perldoc) lacks a reference to the signal 'changed' emitted whenever something happened inside an Entry widget. Please add it. Regards, Joey -- A mathematician is a machine for converting

Bug#310982: plan to include in sarge 2.4 update

dann frazier wrote: > On Mon, Nov 13, 2006 at 12:22:59PM -0800, Steve Langasek wrote: > > Yes, because this is a kernel security bug. The smbmount patch was > > entertained pre-sarge only as a stopgap due to the proximity to release; the > > right place to fix this is still in the kernel (upstream

Bug#294348: evince: Description correction and improvement

Package: evince Version: current Severity: minor - Description: document (postcript, pdf, dvi) viewer + Description: Document (postscript, pdf, dvi) viewer Correction: postscript has two 's' in it Improvement: capital first character Regards, Joey -- Open source is important from a t

Bug#294223: xemacs21: Security-Update for Woody fails to install (on alpha)

Helge Kreutzmann wrote: > Hello, > On Wed, Feb 09, 2005 at 02:02:41AM +0900, OHURA Makoto wrote: > > tags 294223 woody unreproducible > > thanks > > > In my woody machine, > > Since it works fine on our x86-based woody machines, and another > recent security update was misbuild on alpha (#289670)

Bug#278699: Removing ssh keys

Matt Kraai wrote: > Howdy, > > To fix 278699, I'd like to document how to remove ssh keys via the > mail gateway. How is this done? printf "del sshRSAAuthKey\ndelsshDSAAuthKey\n"|clearsign|mail [EMAIL PROTECTED] Actually, this is even documented on : *

Bug#294406: Updated woody packages available

Martin Pitt wrote: > Hi Joey! > > I prepared new PostgreSQL woody packages to fix CAN-2005-024[57], here > is the interdiff: Thanks. Regards, Joey -- GNU GPL: "The source will be with you... always." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Tro

Bug#294688: CAN-2005-0299: Directory traversal in GForge

Package: gforge Version: 3.1-26 Severity: grave Tags: security sarge sid patch The sid/sarge version seems to be vulnerable to this. Please correct it. The correction should be in the GForge CVS, otherwise sanitising the dir should be easy (i.e. recursively strip "../"). Candidate: CAN-2005-0299

Bug#294690: CAN-2005-0300: Directory traversal in JSBoard

Package: jsboard Version: 2.0.10-2 Severity: grave Tags: sarge sid security patch Please fix the directory traversal vulnerability. http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2 Details === PHP has a feature discarding the input values containing null characters when magic_qu

Bug#294488: Ubuntu patch

Thanks. Martin Pitt wrote: > Here is the patch used for the Ubuntu security update: > > http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff CAN-2005-0016 is the gatos problem Debian fixed in DSA 640 > awstats (6.2-1.1ubuntu1) hoary; urgency=low > . >* SECURITY UPDATE: fix

Bug#294488: CVE ids

Use CAN-2005-0362 for fixing *plugin* variables Use CAN-2005-0363 for fixing the config variable Regards, Joey -- If you come from outside of Finland, you live in wrong country. -- motd of irc.funet.fi Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIB

Bug#294896: CAN-2005-0365: insecure temporary file creation in kdelibs 3.3.2

Package: kdelibs Version: 3.2.3-3.sarge.2 3.3.2-1 Severity: grave Tags: security sarge sid patch Please . update the package in sid . mention the CVE id from the subject in the changelog . use priority=high . you probably need to upload into testing-proposed-updates as well Regards,

Bug#295261: CAN-2004-1004+CAN-2004-1005: multiple vulnerabilities in mc

Package: mc Version: 4.6.0-4.6.1-pre1-3 Severity: grave Tags: sarge sid security patch I'm awfully sorry but when releasing DSA 639 I was under the impression that the version of mc was sufficiently new and contained all security fixes already. However, Gerardo Di Giacomo denied that, so attached

Bug#295499: CAN-2005-0011: Buffer overflows in fliccd of kstars of kdeedu

Package: kdeedu Severity: grave Tags: security sid patch sarge Erik Sjölund discovered that a buffer overflow in fliccd which is installed setuid root (at least on Debian/unstable) can be exploited quite easily and will probably allow arbitrary code to be executed. Patch: ftp://ftp.kde.org/pub/kd

Bug#294099: multiple security holes in XPM code (CAN-2004-0914)

Martin Pitt wrote: > Hi again, > > Martin Pitt [2005-02-16 11:28 +0100]: > > Hi! > > > > Please note that the new upstream only fixes lesstif2, not lesstif1: > > > > This directory contains fixed sources: > > > > http://cvs.sourceforge.net/viewcvs.py/lesstif/lesstif/lib/Xm-2.1/ > > > > Howev

Bug#286905: CAN-2004-0452 File::Path::rmtree() vulnerability

This has been assigned CAN-2005-0448. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#295556: FWD: [SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution

Dafydd Harries wrote: > > Filing this bug to track the security hole in the DSA below. Apparently > > a fix for unstable has not yet been uploaded. > > Since I don't have a copy of the original security patch, I tried to > extract the changes by interdiffing the fixed stable version with the > lat

Bug#295548: Merging bugs

Jeroen van Wolffelaar wrote: > > These bugs are the same, and it seems that indeed there was a mistake when > > making the package. I hope it can be fixed soon. > > Security team, Joey, > > It seems the most recent evolution security update had a regression > w.r.t. SSL support, not unlikely cau

Bug#294647: This patch will do

the lowest requirement for +mailman in Debian/stable and since Python 1.5.2 doesn't do list +comprehensions [Mailman/Cgi/private.py] + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18 Feb 2005 12:57:31 +0100 + mailman (2.0.11-1woody10) stable-security; urgency=high * Non-maintainer upload by the Security Team

Bug#289670: kdelibs3: Changed dependencies during security update

Helge Kreutzmann wrote: > Package: kdelibs3 > Version: 4:2.2.2-13.woody.12 > Severity: normal > > I just wanted to apply the latest security update for kdelibs (DSA 631-1), > I was quite astonished, when I got > The following NEW packages will be installed: > libarts libglib2.0-0 > > I was u

Bug#289670: kdelibs3: Changed dependencies during security update

Helge Kreutzmann wrote: > Hello Joey, > On Mon, Jan 10, 2005 at 02:56:40PM +0100, Martin Schulze wrote: > > > I just wanted to apply the latest security update for kdelibs (DSA > > > 631-1), > > > I was quite astonished, when I got > > > Th

Bug#132873: -1 for this bug

Benjamin Drieu wrote: > > I often have to install firewalls based on Debian and kernel logging > make console useless, so everytime I have to change klog init.d > scripts to add a "-c" option to avoid flooding the console. That's what syctl is for and not klogd. Regards, Joey -- The

Bug#289885: xfig can't handle a private colormap anymore

Package: xfig Version: 3.2.5-alpha5-3 This version doesn't seem to be able to handle a private colormap anymore. In former times, when leaving the xfig window the other colormap was restored, but when moving the focus into the xfig window the private xfig colormap was set. This only works with t

Bug#289976: [exposed@lss.hr: Apache mod_auth_radius remote integer overflow]

Package: libapache-mod-auth-radius Version: 1.5.7-5 Severity: grave Tags: woody sid security I haven't checked if this problem exists in the Debian package. Please check. If the Debian package is fixed, too old or too new, please close this bug report. Regards, Joey - Forwarded m

Bug#289885: xfig can't handle a private colormap anymore

Martin Schulze wrote: > However this version now has a) problems with a private colour > map and b) doesn't accept my Fig file anymore or rather the > settings wrt grid_color and canvasbackground. I found out that on another machine with enough free colors so that not privat

Bug#289976: [exposed@lss.hr: Apache mod_auth_radius remote integer overflow]

Fabio Massimo Di Nitto wrote: > The package was not released with woody. I am working right now to check sid. What about the attached patch? Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. --- mod_a

Bug#289976: [exposed@lss.hr: Apache mod_auth_radius remote integer overflow]

Fabio Massimo Di Nitto wrote: > I did talk with upstream that is working on a fix and will release soon. Great. > The patch looks ok, but i am going to give one or two days to upstream > before going with this fix. Feel free to forward upstream. Regards, Joey -- MIME - broken solutio

Bug#289560: cve id

Please use CAN-2005-0069. Regards, Joey -- The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290533: Arbitrary code execution in MaxDB

Package: maxdb-webtools Version: 7.5.00.19-1 Severity: grave Tags: security sarge sid Please see the advisory below and update the package in sarge with the priority elevated to high. Regards, Joey - Forwarded message from customer service mailbox <[EMAIL PROTECTED]> - Subject

Bug#290605: CAN-2005-0012: Arbitrary code execution in dillo

Package: dillo Version: 0.8.1-1 Severity: grave Tags: pending security sarge The problem below seems to be fixed in the version in sid (0.8.3-1) but not yet in the version in sarge), hence this bug report. This bug report is meant to track this issue. Please close it when the fixed pacakge enter

Bug#278191: CAN-2005-0079: authentication bypass via integer overflow

Just for references, this issue has been assigned CAN-2005-0079. A Debian advisory will follow. Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a

Bug#278190: Bug#278191: CAN-2005-0079: authentication bypass via integer overflow

Justin Pryzby wrote: > reopen 278191 > tag 278191 woody > thanks > > Correct? In generall yes and only if the security team is contacted in parallel, but please close them as I surely forget this. Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please al

Bug#278191: CAN-2005-0079: authentication bypass via integer overflow

Justin Pryzby wrote: > Bug#278191: CAN-2005-0079: authentication bypass via integer overflow > > > Its not an integer overflow, btw, though its not really a buffer > overflow either; its an set-an-arbitrary-byte-of-memory-to-zer

Bug#291064: Arbitrary command execution

Package: awstats Version: 6.2-1 Severity: grave Tags: security sarge sid patch Please see this advisory at iDEFENSE for details http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false VI. VENDOR RESPONSE This vulnerability is addressed in AWStats 6.3,

Bug#291700: Proposing stable PostgreSQL bugfixes

Steve Langasek wrote: > On Sun, Feb 27, 2005 at 10:28:27PM +0100, Martin Pitt wrote: > > In the light of #291700 I prepared a new PostgreSQL stable upload. It > > fixes a grave misbehaviour if a database is called "peer", and fixes > > the calling of dpkg --compare-versions which caused the help sc

Bug#298060: (forw) Bug#298060: Please don't install login as setuid root

Christian Perrier wrote: > Security and release teams, may I have your advice about this suggestion? > > As you may know, I currently act as maintainer for the shadow package, > but I'm also aware of my own weaknesses when it comes at security (and > security-related) issues so I prefer getting th

Bug#298929: Security problem in distcc

Package: distcc Version: 2.18.1-5 Severity: grave Tags: sarge sid security Saw this on bugtraq: XCode ships with version 2.0.1 of distcc. We also tried updating to 2.18.3 and had similar issues with that version as well. Apple was not contacted prior to this release because the exploit for distcc

Bug#298939: xfree86 4.1.0-16woody6 available to fix CAN-2005-0605

Branden Robinson wrote: > The following URL contains source and binary packages for powerpc resolving > CAN-2005-0605[1], which is described as: > > The XPM library's scan.c file may allow attackers to execute arbitrary code > by crafting a malicious XPM image file containing a negative bitmap

Bug#298929: Security problem in distcc

Martin Pool wrote: > Hi Frank, Martin, > > I don't think there is any new information in this report beyond what > has been on the web site for many months. distcc is secure when used as > directed. If this report is irrelevant for Debian, feel free to close it right away. Regards, Joe

Bug#409907: Installing lpr over lprng doesn't work

Package: lpr, lprng Version: 2006.11.04, 3.8.28dfsg.1-1 Severity: important Installing lpr (by removing lprng) will leave you with no working lpr package since /var/spool/lpd is owned daemon.lp with mode 700. It should've been lp.lp with mode 2775. Purging lprng afterwards will remove /var/spool

Bug#409907: Installing lpr over lprng doesn't work

Craig Small wrote: > On Tue, Feb 06, 2007 at 10:19:51AM +0100, Martin Schulze wrote: > > 2. lprng.postrm should not remove /var/spool/lpd upon purge > > I cannot see the justification for this, purge means purge right? Purge means purge, but it shouldnt purge files/directori

Bug#409907: Installing lpr over lprng doesn't work

Craig Small wrote: > On Wed, Feb 07, 2007 at 07:36:47AM +0100, Martin Schulze wrote: > > Purge means purge, but it shouldnt purge files/directories now owned > > by another package. lpr/lprng are a special case I guess. > > Hmm, yes I see the problem now. > So either

Bug#409907: Installing lpr over lprng doesn't work

Craig Small wrote: > On Thu, Feb 08, 2007 at 09:36:43AM -0600, Adam Majer wrote: > > Martin Schulze wrote: > > >> I can't see a way of lprng postinst saying 'oh lpr is being installed' > > >> and not deleting the directory. > > > > >

Bug#413797: OpenBSE inetd configure problem

Package: openbsd-inetd Version: 0.20050402-5 It seems that the postinst script of openbsd-inetd is not able to grok a situation in which the package is already installed and the server running. This is what I get: finlandia:~# apt-get dist-upgrade -y Reading package lists... Done Building depend

Bug#415134: Mailto uses wrong hostname

Rob van der Putten wrote: > Package: mailto > Version: 1.2.6 > Version: 1.3.2 > > > Hi there > > > Mailto uses gethostbyname() to get the hostname; > > /* Get the local hostname for later insertion */ > gethostname(localhost, sizeof(localhost)); > if ( index(localhost,

Bug#415134: Mailto uses wrong hostname

Rob van der Putten wrote: > Hi there > > > On Sat, 17 Mar 2007, Martin Schulze wrote: > > >Please be more verbose. > > > >Why should gethostname() not return the valid hostname of the host > >it runs on? > > > >If it doesn't return so

Bug#409147: glibc tzdata2005b out of date for 4 Canadian Provinces.

merge 409147 409148 thanks David Broome wrote: > Package: glibc > Version: glibc-2.3.2.ds1-22sarge4 > Severity: critical > > Hello - tzdata in glibc for stable is based on tzdata2006b (from edits > in 2.3.2.ds1-22sarge1), this does not have the correct PST changes for > this year for 4 Canadian

Bug#402592: foo

tags 402592 wontfix upstream severity normal thanks After being pestered about this bug I've contacted Werner on this regard. He told me that this can happen with all GNU utilities and is an inherent "feature" as they all operate without fixed limits whenever possible. For example, a user ID in Op

Bug#402592: foo

tags 402592 -wontfix pending thanks Martin Schulze wrote: > After being pestered about this bug I've contacted Werner on this regard. > He told me that this can happen with all GNU utilities and is an inherent > "feature" as they all operate without fixed limits whenever

Bug#385042: pcmanfm: Description improvement

Package: pcmanfm Version: current Severity: minor - Description: extramly fast and lightweight file manager for X Window + Description: Extremely fast and lightweight file manager for X Window Sorry for the second bug report, but the final ispell run discovered that extramly is not an English wor

Bug#385040: pcmanfm: Description improvement

Package: pcmanfm Version: current Severity: minor Please choose one of the descriptions below: - Description: Extramly fast and lightweight file manager for X Window + Description: Extramly fast and lightweight file manager for the X Window System + Description: Extramly fast and lightweight fil

Bug#385041: polymer: Description improvement

Package: polymer Version: current Severity: minor - Description: a port of the KDE style Plastik depending on QT only + Description: Port of the KDE style Plastic depending on Qt only Sorry for the second bug report, but the final ispell run discovered that Plastik is not an English word. Regard

Bug#385043: polymer: Description improvement

Package: polymer Version: current Severity: minor - Description: Port of the KDE style Plastik depending on QT only + Description: Port of the KDE style Plastik depending on Qt only The official upstream name for Qt is Qt and not QT. Regards, Joey -- Beware of bugs in the above code;

Bug#385041: polymer: Description improvement

Mathias Krause wrote: > > - Description: a port of the KDE style Plastik depending on QT only > > + Description: Port of the KDE style Plastic depending on Qt only > > > > Sorry for the second bug report, but the final ispell run discovered > > that Plastik is not an English word. > > But Plastik

Bug#384832: Broken links for debian manual

Hi! Osamu Aoki wrote: > On Mon, Aug 28, 2006 at 10:18:28PM -0700, Matt Kraai wrote: > > On Mon, Aug 28, 2006 at 11:09:09PM +0200, Stephan Fuhrmann wrote: > > > this one http://www.debian.org/doc/user-manuals#quick-reference > > > > > > seems to be broken on all web servers (404, not found) for al

Bug#386010: r2e run consumes max CPU

Package: python2.4 Version: 2.4.3-8 When I add the feed for www.bildblog.de to rss2email, i.e. r2e run does not terminate anymore bug consumes loads of memory. This seems to be problem of the python2.4 package since r2e uses python-feedparser which uses xml.

Bug#358575: mailman 2.1.5-8sarge3: screwup between security and maintainer upload

Lionel Elie Mamane wrote: > let a be an architecture in sarge. Then one of the following holds for > mailman in sarge r3: > > - it is affected by a security problem. > > - it has a severity critical bug. > > Mailman in sid: > > - may or may not suffer of a security problem > > A security pr

Bug#388537: DSA-1172 upgrade sets incorrect permissions on rndc.key

retitle 388537 bind9 upgrade sets incorrect permissions on rndc.key thanks dude Matt Brown wrote: > Package: bind9 > Version: 1:9.2.4-1sarge1 > > Hi, > > After applying the security update from DSA-1172 to two Sarge systems > that I run the permissions of /etc/bind/rndc.key are set to bind:bind

Bug#384960: www.ru.debian.org ip address changed

Simon Paillard wrote: > On Mon, Aug 28, 2006 at 12:58:18PM +0400, Max Kosmach wrote: > > Package: mirrors > > > > Please change IP address of www.ru.debian.org from 213.171.53.130 to > > 82.179.191.68 > > > > Our ISP changed our address space. > > > > PS. You can check availability of debian mir

Bug#383362: New libc breaks GnuPG

Aurelien Jarno wrote: > Martin Schulze wrote: > >Package: libc6 > >Version: 2.3.6-16 (and newer) > > > >When I install a libc6 that is compiled with GCC 4.1 instead of 4.0 > >gnupg (1.4.5-1) doesn't want to work anymore. > >'gnupg --clearsign <

Bug#383362: New libc breaks GnuPG

Aurelien Jarno wrote: > Ok, fix found, checked in our SVN, it will be in the next upload > (probably soon). Thanks to Denis Barbier for the hint. Cool! I'm eager to try it out with one of the next upgrades. Regards, Joey -- Every use of Linux is a proper use of Linux. -- Jon 'maddog'

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Sun, Jul 23, 2006 at 08:51:29PM +0200, Martin Schulze wrote: > > Steve Langasek wrote: > > > On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote: > > > > It appears to be a correct fix for the regression that has been reported.

Bug#372719: regression in FreeType security fix for DSA-1095

gasek wrote: > On Sat, Aug 19, 2006 at 09:28:46AM +0200, Martin Schulze wrote: > > > Well, apparently the -3 package that you said you couldn't find was on > > > security.d.o all along, because this was *not* in the second -3 package > > > that > > > I upl

Bug#382607: further info on CVE-2006-4041

sean finney wrote: > executive summary for security team: not escaping query strings > can possibly result in SQL injection for apps that use pike+postgresql. > > i've developed a patch which cleanly applies to both the 7.2 and 7.6 > branches that exist in sarge. however, looking more closely at

Bug#380504: Bug#383362: New libc breaks GnuPG

Aurelien Jarno wrote: > > Ok, I bet you are using a 2.4 kernel and you are actually have the same > > bug as 380504. I will try to find a fix asap. > > > > Ok, fix found, checked in our SVN, it will be in the next upload > (probably soon). Thanks to Denis Barbier for the hint. Confirmed, this

Bug#383993: Please add suucp/uucps to /etc/services

Package: netbase Version: 4.26 Severity: wishlist Please add suucp/uucp alias 4013/tcp to /etc/services for UUCP over SSL. This port has been officially assigned by the IANA (Internet Corporation for Assigned Names and Numbers). See for reference.

Bug#383993: Please add suucp/uucps to /etc/services

Marco d'Itri wrote: > On Aug 21, Martin Schulze <[EMAIL PROTECTED]> wrote: > > > Please add suucp/uucp alias 4013/tcp to /etc/services for UUCP over SSL. > Which package uses it? If you configure it properly, stunnel and uucp. Regards, Joey -- This is GNU/

Bug#384069: apt-key can't update

Package: apt Version: 0.6.42.1 pergolesi!joey(pts/8):/root# apt-key update ERROR: Can't find the archive-keyring Is the debian-keyring package installed? pergolesi!joey(pts/8):/root# dpkg -l debian-keyring Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Faile

Bug#382279: soundconverter: Produces an error, and doesn't do anything

I've solved the same problem here by manually installing package gstreamer0.8-gnomevfs! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#387089: Certificate links must not be removed

Package: ca-certificates Version: 20050804 Severity: important Upon upgrade of this package it seems that all symlinks to certificates in /etc/ssl/certs are removed. However, recreated are only those to certificates provided by this package. (or all symlinks to certs not from this package are re

Bug#387091: gdrae: Description improvement

Package: gdrae Version: current Severity: minor - Description: A Real Academia Espanola dictinoary interface + Description: Real Academia Espanola dictionary interface Regards, Joey -- GNU does not eliminate all the world's problems, only some of them.

Bug#387092: obexfs: Description improvement

Package: obexfs Version: current Severity: minor - Description: Mount filesystem of ObexFTP capabable devices + Description: Mount filesystem of ObexFTP capable devices Regards, Joey -- GNU does not eliminate all the world's problems, only some of them.

Bug#387160: Beautify queuegraph

Package: queuegraph Version: 1.1.0-1 Severity: wishlist Since this package is somewhat derived from mailgraph it would be nice if the titles would be displayed similarily. The attached fix does this. Regards, Joey -- GNU does not eliminate all the world's problems, only some of them.

Bug#385040: pcmanfm: Description improvement

Andrew Lee wrote: > Dear Joey and Tetralet, > > I found this in the prepared upload: > Description: Extremely fast and lightweight file manager for the X > Window System > > - According to developers-reference 6.2.2, it says the synopsis shoud > not starts with a capital letter. Ugh! Stupid! S

Bug#315605: sysklogd: UTF-8 log messages are mangled horribly

Roger Leigh wrote: > When a program using a UTF-8 locale logs a UTF-8 string using syslog(3), > syslog mangles the string. For example: > > Jun 23 21:34:24 hardknott schroot[10687]: [sid chroot] > rleigh\u\206\222rleigh Running login shell: /bin/bash > > [sid chroot] rleigh???rleigh Running

Bug#388044: savelog documentation fix

Package: debianutils Version: 2.17.1 Severity: wishlist Tags: patch Please apply the attached patch to the next upload. It fixes a documentation gap since -m/-g/-u implies -t so that new files are indeed created. Regards, Joey -- There are lies, statistics and benchmarks. Please alwa

Bug#387091: gdrae: Description improvement

Jens Seidel wrote: > On Tue, Sep 12, 2006 at 09:41:49AM +0200, Martin Schulze wrote: > > Package: gdrae > > Version: current > > Severity: minor > > > > - Description: A Real Academia Espanola dictinoary interface > > + Description: Real Academia Espanola

Bug#389586: Reference to php4

Package: php5-xcache Version: 1.0-4 Severity: minor Hi, /usr/share/doc/php5-xcache/README.Debian says [..] You can find a sample file about what to append at /usr/share/doc/php4-xcache/examples/php.ini. [..] Other pieces contain references to php4 instead of php5 as well. You may want to corre

Bug#366454: Config is in source

Hi, the well documented configuration file is still there. However it's only available in the source archive. After fetching and unpacking the source you'll find the documentation in config/gdm.conf.in. Regards, Joey -- Still can't talk about what I can't talk about. Sorry. -- Bruc

Bug#366454: Config is in source

Martin Schulze wrote: > the well documented configuration file is still there. However it's only > available in the source archive. After fetching and unpacking the source > you'll find the documentation in config/gdm.conf.in. Philipp Kern pointed me to /usr/share/gdm/def

Bug#382418: xdm depends on wrong location

Package: xdm Version: 1.0.5-1 The program xdm is installed as /usr/bin/xdm. However, the rc script requires /etc/X11/default-display-manager to contain the string /usr/bin/X11/xdm. I suggest to use something like -DAEMON=/usr/bin/X11/xdm +DAEMON=/usr/bin/xdm +DAEMON_OLD=/usr/bin/X11/xdm ...

Bug#329387: [bugzilla #329387] new sarge package that fixes CVE-2005-4534

Alexis Sukrieh wrote: > Moritz Muehlenhoff wrote: > >The distribution should be stable-security instead of > >testing-proposed-updates. Please also remove all the i18n updates: > > Ok, I'll make a new package with the correct distribution. > > The i18n updates are automatically made by the build

<    1   2   3   4   5   6   >