Processing commands for [EMAIL PROTECTED]:
> found 504251 0.95.0-4.1
Bug#504251: dia: Python scripts load modules from current directory
Bug marked as found in version 0.95.0-4.1.
>
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system ad
Package: mahara
Severity: grave
Version: 1.0.4-2
Tags: security patch
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
PHPMailer, which affects the embedded copy shipped in mahara[0].
CVE-2007-3215[1]:
> PHPMailer 1.7, when configured to use sendmail, allows remot
Package: dia
Version: 0.96.1-7
Severity: grave
Tags: security patch
Justification: user security hole
Usertags: pythonpath
dia's python interface calls PySys_SetArgv such that Python prepends
sys.path with an empty string. This allows the possibility to run
arbitrary code on the user's system if
Processing commands for [EMAIL PROTECTED]:
> reassign 504232 samba4
Bug#504232: openchange_1.0~svn842-1(sparc/experimental): FTBFS:
librpc/ndr/libndr.h: No such file or directory
Bug reassigned from package `openchange' to `samba4'.
>
End of message, stopping processing here.
Please contact me
Processing commands for [EMAIL PROTECTED]:
> fixed 504232 4.0.0~alpha5+20081101-1
Bug#504232: openchange_1.0~svn842-1(sparc/experimental): FTBFS:
librpc/ndr/libndr.h: No such file or directory
Bug marked as fixed in version 4.0.0~alpha5+20081101-1.
>
End of message, stopping processin
Package: htop
Version: 0.7-1
Followup-For: Bug #504144
Nico Golde wrote:
>* Josh Triplett <[EMAIL PROTECTED]> [2008-11-01 04:16]:
>> Package: htop
>> Version: 0.7-1
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>>
>> htop does not filter non-printable characters in pro
Package: wordpress
Severity: grave
Version: 2.0.10-1etch3
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
KSES, which affects the embedded copy shipped in wordpress[0].
CVE-2008-1502[1]:
> The _bad_protocol_once function in phpgwapi/inc/class.kses.
Processing commands for [EMAIL PROTECTED]:
> tags 503771 +patch
Bug#503771: coco-java: java bytecode / java runtime version mismatch
There were no tags set.
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(a
Your message dated Sun, 02 Nov 2008 02:37:19 +
with message-id <[EMAIL PROTECTED]>
and subject line re: libjdic-java: java bytecode / java runtime version mismatch
has caused the Debian Bug report #503795,
regarding libjdic-java: java bytecode / java runtime version mismatch
to be marked as do
Processing commands for [EMAIL PROTECTED]:
> found 503798 1.0.3.GA-1
Bug#503798: libjboss-serialization-java: java bytecode / java runtime version
mismatch
Bug marked as found in version 1.0.3.GA-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug trackin
tags 503798 +patch
thanks
add
ANT_OPTS := -Dant.build.javac.source=1.5 -Dant.build.javac.target=1.5
immeditately after the line that sets DEB_JARS in debian/rules to fix
this bug
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTE
Processing commands for [EMAIL PROTECTED]:
> tags 503798 +patch
Bug#503798: libjboss-serialization-java: java bytecode / java runtime version
mismatch
There were no tags set.
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking syst
found 503798 1.0.3.GA-1
thanks
This bug also affects the version in lenny (which is built with the sun
propietry jdk) marking as such
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Ken,
Thanks for the quick reply.
On Sat, Nov 01, 2008 at 07:48:12PM -0500, Chanoch (Ken) Bloom wrote:
> The build process for the tzdata package involves running zic
> (included in libc6) on a collection of text source files downloaded
> from upstream, and included in the tzdata source package (b
Your message dated Sun, 02 Nov 2008 02:00:33 +
with message-id <[EMAIL PROTECTED]>
and subject line re: jcc: java bytecode / java runtime version mismatch
has caused the Debian Bug report #503782,
regarding jcc: java bytecode / java runtime version mismatch
to be marked as done.
This means th
Processing commands for [EMAIL PROTECTED]:
> tags 503785 +patch
Bug#503785: java-access-bridge: java bytecode / java runtime version mismatch
There were no tags set.
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system adminis
Package: moodle
Severity: grave
Version: 1.8.2-1.3
Tags: security, patch
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
snoopy, which affects the embedded copy shipped by moodle [0].
CVE-2008-4796[1]:
> The _httpsrequest function (Snoopy/Snoopy.class.php) in Sno
Processing commands for [EMAIL PROTECTED]:
> found 504234 2.0.10-1
Bug#504234: CVE-2008-4796: missing input sanitising in embedded copy of
Snoopy.class.php
Bug marked as found in version 2.0.10-1.
>
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug
Package: wordpress
Severity: grave
Version: 2.5.1-8
Tags: security, patch
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for
snoopy, which affects the embedded copy shipped in wordpress[0].
CVE-2008-4796[1]:
> The _httpsrequest function (Snoopy/Snoopy.class.php) in
Package: openchange
Version: 1.0~svn842-1
Severity: serious
Hi,
your package failed to build from source. Since the error occours in a
samba4 header, the bug might actually be located there, feel free to
reassign or clone the bug in this case.
| Automatic build of openchange_1.0~svn842-1 on njoe
The build process for the tzdata package involves running zic
(included in libc6) on a collection of text source files downloaded
from upstream, and included in the tzdata source package (but not the
binary package). This creates the binary files in /usr/share/zoneinfo
libtzinfo-ruby has a script
Filipus Klutiero ha scritto:
Submitter and Luigi, is your problem caused by portmap?
Yes, it is (I can only speak for myself, obviously).
I simply disabled portmap from automatic execution and my laptop cleanly
unmounts the partitions during shutdown.
Strangely enough, portmap terminates co
Jamin W. Collins wrote:
Steffen Joeris wrote:
The extracted patch for Snoopy.class.php can be found here[1]. However
it would be much appreciated (and it is a release goal anyway), if
you could just depend on libphp-snoopy, instead of duplicating the code.
(Maybe you need to change some include
Your message dated Sat, 01 Nov 2008 23:02:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504161: fixed in openmpi 1.2.8-2
has caused the Debian Bug report #504161,
regarding libopenmpi-dev: Package cannot be installed
to be marked as done.
This means that you claim that the pro
Your message dated Sat, 1 Nov 2008 18:56:35 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#478105: seperate issue?
has caused the Debian Bug report #478105,
regarding funguloids: crashes on startup
to be marked as done.
This means that you claim that the problem has been dealt
Processing commands for [EMAIL PROTECTED]:
> package mahara
Ignoring bugs not assigned to: mahara
> tags 504170 confirmed
Bug#504170: CVE-2008-4796: missing input sanitising in Snoopy.class.php
Tags were: patch security
Tags added: confirmed
> stop
Stopping processing here.
Please contact me if
On Sat, Nov 01, 2008 at 10:11:56PM +1100, Steffen Joeris wrote:
> Package: mahara
> Severity: grave
> Tags: security, patch
> Justification: user security hole
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mahara.
>
> CVE-2008-4796[0]:
> | The _httpsreque
Your message dated Sat, 01 Nov 2008 21:32:30 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503900: fixed in libnagios-object-perl 0.14-2
has caused the Debian Bug report #503900,
regarding libnagios-object-perl doesn't work with Nagios 3
to be marked as done.
This means that you
Your message dated Sat, 01 Nov 2008 21:32:16 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504209: fixed in gkrellm 2.3.2-2
has caused the Debian Bug report #504209,
regarding gkrellm: Missing log.h
to be marked as done.
This means that you claim that the problem has been dealt w
Nope, the crash was pretty clearly in the engine. I'm sure gimp 2.4 uses
newer features of GTK, which the theme could have problems with. I
haven't received any other reports of a crash under these circumstances.
Sergey I. Sharybin wrote:
> I tested this issue on my Debian Etch machine with gimp
I tested this issue on my Debian Etch machine with gimp version 2.2.
There is the same GTK theme installed and there is no such bug with
gimp's crashing.
Maybe there is bug in some of GTK libraries?
P.S. I use theme based on candido gtk engine from http://candido.berlios.de/
--
To UNSUBSCR
Steffen,
I have placed ampache-3.4.1-2 up on m.d.n. for your review and upload.
http://mentors.debian.net/debian/pool/main/a/ampache
With this upload I have made the package dependent on
- libphp-snoopy - to correct bug #504169
- libjs-prototype - this is also a duplicate copy of code, and
Submitter and Luigi, is your problem caused by portmap?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: libavcodec-dev, libavformat-dev
Version: 3:0.svn20080925-1
Severity: grave
Hi,
libavcodec-dev and libavformat-dev miss some dependencies.
libavcodec's pkg-config file says:
Requires.private: libraw1394 theora vorbisenc libavutil = 49.10.0
libavformat's pkg-config file says:
Requires.pri
Hi Timo,
On Sat, Nov 01, 2008 at 09:32:30PM +0200, Timo Sirainen wrote:
On Sat, 2008-11-01 at 19:28 +0100, Jonas Smedegaard wrote:
Attached is a corruption discovered this morning, and my hand-crafted
corection that pleased offlineimap. They are gzipped simply to
convince mutt that they should
On Sat, 2008-11-01 at 19:28 +0100, Jonas Smedegaard wrote:
> Attached is a corruption discovered this morning, and my hand-crafted
> corection that pleased offlineimap. They are gzipped simply to convince
> mutt that they shouldn't be treated as ascii (I am not familar with
> educating mutt manu
Your message dated Sat, 01 Nov 2008 19:17:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504215: fixed in fnonlinear 270.74-2
has caused the Debian Bug report #504215,
regarding fnonlinear: FTBFS: there is no package called 'fImport'
to be marked as done.
This means that you cl
Your message dated Sat, 01 Nov 2008 19:02:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504210: fixed in fasianoptions 270.74-2
has caused the Debian Bug report #504210,
regarding fasianoptions: FTBFS: there is no package called 'fImport'
to be marked as done.
This means that
On 1 November 2008 at 19:52, Kurt Roeckx wrote:
| On Sat, Nov 01, 2008 at 01:43:52PM -0500, Dirk Eddelbuettel wrote:
| >
| > On 1 November 2008 at 18:56, Kurt Roeckx wrote:
| > | Package: fasianoptions
| > | Version: 270.74-1
| > | Severity: serious
| > |
| > | Hi,
| > |
| > | Your package is f
On Sat, Nov 01, 2008 at 01:43:52PM -0500, Dirk Eddelbuettel wrote:
>
> On 1 November 2008 at 18:56, Kurt Roeckx wrote:
> | Package: fasianoptions
> | Version: 270.74-1
> | Severity: serious
> |
> | Hi,
> |
> | Your package is failing to build with the following error:
> | Loading required packag
Steffen Joeris wrote:
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediamate.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote attackers to execute arbitrary commands via
| shell metacharacters in
On Sat, Nov 01, 2008 at 06:36:23PM +, Toby Smithe wrote:
> On Sat, Nov 1, 2008 at 6:23 PM, Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> > Your package is failing to build with the following error:
> > Loading required package: fArma
> > Error in loadNamespace(name) : there is no package called 'fIm
On 1 November 2008 at 18:56, Kurt Roeckx wrote:
| Package: fasianoptions
| Version: 270.74-1
| Severity: serious
|
| Hi,
|
| Your package is failing to build with the following error:
| Loading required package: fOptions
| Error in loadNamespace(name) : there is no package called 'fImport'
| Err
On Sat, Nov 1, 2008 at 6:23 PM, Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> Your package is failing to build with the following error:
> Loading required package: fArma
> Error in loadNamespace(name) : there is no package called 'fImport'
I do not believe the fault to lie with mscore, here, as the pa
Processing commands for [EMAIL PROTECTED]:
> reassign 504215 fnonlinear 270.74-1
Bug#504215: mscore: FTBFS: there is no package called 'fImport'
Bug reassigned from package `mscore' to `fnonlinear'.
> retitle 504215 fnonlinear: FTBFS: there is no package called 'fImport'
Bug#504215: mscore: FTBFS
reassign 504215 fnonlinear 270.74-1
retitle 504215 fnonlinear: FTBFS: there is no package called 'fImport'
thanks
Ooops, wrong package.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> tags 504082 -patch
Bug#504082: dovecot: assertion failures on amd64 suspected to be from being
built using broken flex
Tags were: patch
Tags removed: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug track
tags 504082 -patch
thanks
On Sat, Nov 01, 2008 at 04:45:03PM +, Dominic Hargreaves wrote:
On Fri, Oct 31, 2008 at 12:13:11PM +0100, Jonas Smedegaard wrote:
On Fri, Oct 31, 2008 at 12:44:00PM +0200, Timo Sirainen wrote:
> On Oct 31, 2008, at 11:53 AM, Jonas Smedegaard wrote:
>
>> I experien
Package: mscore
Version: 0.9.3+dfsg-1
Severity: serious
Hi,
Your package is failing to build with the following error:
Loading required package: fArma
Error in loadNamespace(name) : there is no package called 'fImport'
Error in as.environment(pos) :
no item called "newtable" on the search list
Your message dated Sat, 01 Nov 2008 18:17:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504168: fixed in libphp-snoopy 1.2.4-1
has caused the Debian Bug report #504168,
regarding CVE-2008-4796: missing input sanitising
to be marked as done.
This means that you claim that the p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[sent again, to all this time!]
On Sat, Nov 01, 2008 at 04:45:03PM +, Dominic Hargreaves wrote:
>severity 504082 grave
>thanks
>
>On Fri, Oct 31, 2008 at 12:13:11PM +0100, Jonas Smedegaard wrote:
>> On Fri, Oct 31, 2008 at 12:44:00PM +0200, Timo S
Package: fasianoptions
Version: 270.74-1
Severity: serious
Hi,
Your package is failing to build with the following error:
Loading required package: fOptions
Error in loadNamespace(name) : there is no package called 'fImport'
Error in as.environment(pos) :
no item called "newtable" on the search
Package: gkrellm
Version: 2.3.2-1
Severity: grave
Justification: renders package unusable
The gkrellm packaging is not installing /usr/include/gkrellm2/log.h which
is used by /usr/include/gkrellm2/gkrellm.h. This is causing some, if not
all of the gkrellm-* packages to FTBFS.
Regards,
Bradley Smi
Your message dated Sat, 01 Nov 2008 17:32:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503804: fixed in tinylaf 1.3.8-4
has caused the Debian Bug report #503804,
regarding tinylaf: java bytecode / java runtime version mismatch
to be marked as done.
This means that you claim t
Processing commands for [EMAIL PROTECTED]:
> severity 504194 important
Bug#504194: CVE-2008-4640: insecure file handling
Severity set to `important' from `grave'
> thank
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
severity 504194 important
thank
On Sat, Nov 1, 2008 at 4:36 PM, Ludovic Rousseau
<[EMAIL PROTECTED]> wrote:
> Nico Golde a écrit :
>>
>> Hi Ludovic,
>> * Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
>>> If I understand correctly it will just delete
>>> files with names derived from e
Processing commands for [EMAIL PROTECTED]:
> found 504194 2.84-1
Bug#504194: CVE-2008-4640: insecure file handling
Bug marked as found in version 2.84-1.
> found 503645 2.84-1
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename
and insecure file handling
Bug marked as
Paul Wise wrote:
> On Sat, 2008-11-01 at 17:07 +0100, Luk Claes wrote:
>
>> Any reason why you didn't upload your NMU yet?
>
> As I wrote to debian-release, I'm not hugely familiar with debconf and
> maintainer scripts, so I was hoping the release team wouldn't mind
> reviewing and ACKing the pat
On Sat, Nov 01, 2008 at 06:29:10PM +0200, Guillem Jover wrote:
> Hi,
>
> On Wed, 2008-10-29 at 21:25:50 +0100, Moritz Muehlenhoff wrote:
> > Kurt Roeckx wrote:
> > > Package: lockvc
> > > Version: 4.0.5-6
> > > Severity: serious
>
> > > It seems that lockvc sometimes segfaults on me. It's not do
On Sat, 2008-11-01 at 17:07 +0100, Luk Claes wrote:
> Any reason why you didn't upload your NMU yet?
As I wrote to debian-release, I'm not hugely familiar with debconf and
maintainer scripts, so I was hoping the release team wouldn't mind
reviewing and ACKing the patch.
--
bye,
pabs
http://wik
Package: recite
Version: 1.0-8
Severity: grave
Tags: security
Justification: renders package unusable
When running "recite ok", me and two other fairly random lenny users
get a segmentation violation. Also a fairly random sid user reported
this problem.
("Fairly random" here means people on an
Hi,
On Wed, 2008-10-29 at 21:25:50 +0100, Moritz Muehlenhoff wrote:
> Kurt Roeckx wrote:
> > Package: lockvc
> > Version: 4.0.5-6
> > Severity: serious
> > It seems that lockvc sometimes segfaults on me. It's not doing it all
> > time, but atleast once a week.
If there was a backtrace I might t
Processing commands for [EMAIL PROTECTED]:
> package apt
Ignoring bugs not assigned to: apt
> severity 504006 important
Bug#504006: Bug still not closed
Bug#400768: apt: Returns "E: Wow, you exceeded the number of versions this APT
is capable of"
Bug#466643: please increase number of package nam
Your message dated Sat, 01 Nov 2008 16:17:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503786: fixed in libjgroups-java 2.6.3.GA+dfsg1-2
has caused the Debian Bug report #503786,
regarding libjgroups-java: java bytecode / java runtime version mismatch
to be marked as done.
Th
Your message dated Sat, 01 Nov 2008 16:02:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503789: fixed in libxstream-java 1.3-4
has caused the Debian Bug report #503789,
regarding libxstream-java: java bytecode / java runtime version mismatch
to be marked as done.
This means th
Hi Paul
Any reason why you didn't upload your NMU yet?
Cheers
Luk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
clone 503645 -1
reopen -1
retitle -1 CVE-2008-4640: insecure file handling
thank
Nico Golde a écrit :
Hi Ludovic,
* Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote:
Hi Bruno,
* Bruno De Fraine <[EMAIL PROTECTED]> [20
Processing commands for [EMAIL PROTECTED]:
> clone 503645 -1
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename
and insecure file handling
Bug 503645 cloned as bug 504194.
> reopen -1
Bug#504194: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename
and
> This version won't help. First of all, I strongly doubt that the release team
> would accept such intrusive changes for lenny. Second, the file should just
> be removed and a dependency added against libphp-snoopy. Of course you will
> have to check that it still works correctly. Keep in mind
Processing commands for [EMAIL PROTECTED]:
> severity 504099 important
Bug#504099: gnu-fdisk: fails to display GPT partition properly
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(a
Your message dated Sat, 01 Nov 2008 14:50:16 +
with message-id <[EMAIL PROTECTED]>
and subject line re: imagej: java bytecode / java runtime version mismatch
has caused the Debian Bug report #503777,
regarding imagej: java bytecode / java runtime version mismatch
to be marked as done.
This me
Hi Ludovic,
* Ludovic Rousseau <[EMAIL PROTECTED]> [2008-11-01 15:55]:
> On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote:
> > Hi Bruno,
> > * Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]:
> > [...]
> >> Nico, do you think this would be sufficient to rule out the vulne
severity 504099 important
thanks
Hi,
On Fri, Oct 31, 2008 at 09:45:57PM +0900, Osamu Aoki wrote:
> It may cause data loss due to wrong imprssion this software gives and
> freitend user may do funny thing. data loss is grave bug
You use the verb "may", hence you have no valid claim of a security
* Moritz Muehlenhoff | 2008-11-01 12:42:30 [+0100]:
>Mark Purcell wrote:
>> On Friday 19 September 2008 15:56:05 Stephen Kitt wrote:
>> > Thanks for the patch and the info, the next upload will fix both issues. It
>> > won't happen in the next few days though
>>
>> Stephen,
>>
>> Any progress on
On Sat, Nov 1, 2008 at 1:36 PM, Nico Golde <[EMAIL PROTECTED]> wrote:
> Hi Bruno,
> * Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]:
> [...]
>> Nico, do you think this would be sufficient to rule out the vulnerability?
>
> I didn't get this message because you didn't CC me.
> I just had a
Hi Steve,
* Steve Stalcup <[EMAIL PROTECTED]> [2008-11-01 14:55]:
> I'm just waiting for a sponsor upload. I have uploaded the fix into ubuntu
> 8.10
I can sponsor the upload if you want.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reason
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> severity 504149 grave
Bug#504149: virtualbox-ose: symlink vulnerability due to bad /tmp handling
Severity set to `grave' from `serious'
>
End of message, stopping processing here.
Hi Josh,
* Josh Triplett <[EMAIL PROTECTED]> [2008-11-01 04:16]:
> Package: htop
> Version: 0.7-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> htop does not filter non-printable characters in process names. Test
> case:
>
> echo -e '#!/bin/sh\nwhile :;do :;done' > $
Hi Nico,
I'm just waiting for a sponsor upload. I have uploaded the fix into
ubuntu 8.10
Steve
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> retitle 504182 hf: CVE-2008-2378 insecure system call leading to local root
Bug#504182: [EMAIL PROTECTED]: [Secure-testing-team] hf - CVE-2008-2378 - local
root exploit]
Changed Bug
Source: hf
Severity: grave
Tags: security
- Forwarded message from Steve Kemp <[EMAIL PROTECTED]> -
From: Steve Kemp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [Secure-testing-team] hf - CVE-200
Hi,
attached is a ported version of the patch for 0.8.6.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad vlc-0.8.6.h.orig/modules/demux/ty.c vlc-0.8.6.h/modules/demux/ty.c
--
> Cheers
> Steffen
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796
> http://security-tracker.debian.net/tracker/CVE-2008-4796
> [1] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch
>
>
Steffen,
Thanks for the bug repor
Hi Steve,
any reason this hasn't yet been uploaded?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpmw15c6RZ7D.pgp
Description: PGP signature
Hi Charlie
> Thanks for the bug report.
>
> I have addressed this issue in ampache-3.4.3-1 which is currently on
> m.d.n [1] awaiting sponsoring.
>
> With Lenny so close to release I am contacting my usual sponsor for
> guidance on which would be the best solution for this bug:
> a. use supplied
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: apt
Version: 0.7.17~exp4
Severity: serious
On Sat, Nov 01, 2008 at 06:38:46AM -0600, Buildd user wrote:
> Automatic build of apt_0.7.17~exp4 on zx6000 by sbuild/ia64 98-farm
> Build started at 2008110
Processing commands for [EMAIL PROTECTED]:
> found 503118 0.8.6.h-4
Bug#503118: vlc: CVE-2008-4686 integer overflow in ty parsing
Bug marked as found in version 0.8.6.h-4.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(admi
Hi Bruno,
* Bruno De Fraine <[EMAIL PROTECTED]> [2008-10-29 18:43]:
[...]
> Nico, do you think this would be sufficient to rule out the vulnerability?
I didn't get this message because you didn't CC me.
I just had a look at the applied patch and I think this is
sufficient.
You didn't fix CVE-200
Package: opendb
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for opendb.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote atta
Mark Purcell wrote:
> On Friday 19 September 2008 15:56:05 Stephen Kitt wrote:
> > Thanks for the patch and the info, the next upload will fix both issues. It
> > won't happen in the next few days though
>
> Stephen,
>
> Any progress on your upload to resolve this RC bug against lenny?
I can't r
Package: mediamate
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mediamate.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remot
Package: pixelpost
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pixelpost.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remot
Package: mahara
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mahara.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote atta
Package: ampache
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ampache.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allows remote at
Package: libphp-snoopy
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libphp-snoopy.
CVE-2008-4796[0]:
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3
| and earlier allo
I have 965 board and card
[EMAIL PROTECTED]:~$ lspci | grep -i "vga"
00:02.0 VGA compatible controller: Intel Corporation Mobile
GM965/GL960 Integrated Graphics Controller (rev 0c)
I never had problems with font rendering, right now I'm using
"xserver-xorg-video-intel (2:2.3.2-2+lenny5)" and I've
severity 504109 wishlist
retitle 504109 please provide a kde4 version of kdebluetooth
thanks
On Saturday 01 November 2008 11:25:42 Christian Perrier wrote:
> No, from the submitter's information, this is not a bug in lenny.
and from KDE point of view, it is not a bug as such.
/Sune
--
I'm not a
Hi,
as far as i see there was no security reason to remove this package.
The only other reason i could see is that there would be no possible
upgrade path from 1.2.x to 1.4.x. Maybe someone can explain me?
I think lenny without ocfs2 support at all is worse than having an
outdated (but at least
Processing commands for [EMAIL PROTECTED]:
> severity 504109 wishlist
Bug#504109: [kdebluetooth] "protocol not supported bluetooth" error trying...
Severity set to `wishlist' from `grave'
> retitle 504109 please provide a kde4 version of kdebluetooth
Bug#504109: [kdebluetooth] "protocol not suppo
Quoting Luk Claes ([EMAIL PROTECTED]):
> Christian Perrier wrote:
> > As the bug submitter said, this bug only happens when kdebluetooth is
> > used with KDE4.
> >
> > As KDE4 packages are not and will not be in lenny, I suspect that this
> > bug should be tagged "lenny-ignore".
> >
> > CC'ing th
1 - 100 of 115 matches
Mail list logo
