Processing commands for [EMAIL PROTECTED]:
tag 504619 + pending
Bug#504619: python2.5: CVE-2008-4864 multiple integer overflows in imageop
module
Tags were: patch security
Tags added: pending
tag 504620 + pending
Bug#504620: python2.4: CVE-2008-4864 multiple integer overflows in imageop
Reinhard Tartler [EMAIL PROTECTED] writes:
CVE-2008-4869[0]:
| FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
| to cause a denial of service (memory consumption) via unknown vectors,
| aka a Tcp/udp memory leak.
you asked me later to ignore this. ok.
I'm sorry but I
Package: linux-image-2.6.26-1-686
Version: 2.6.26-10
Followup-For: Bug #504167
Reporting this issue is also confirmed with 2.6.26-10.
Mark
-- Package-specific info:
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1,
Your message dated Wed, 12 Nov 2008 12:53:04 +0100
with message-id [EMAIL PROTECTED]
and subject line Done: [libg3d0] fails to load ieee floats on big endian systems
has caused the Debian Bug report #501809,
regarding [libg3d0] fails to load ieee floats on big endian systems
to be marked as done.
Processing commands for [EMAIL PROTECTED]:
found 505325 4.2.1-3
Bug#505325: typo3-src-4.2: Cross-Site Scripting (XSS) in sysext felogin
Bug marked as found in version 4.2.1-3.
found 505325 4.2.2-1
Bug#505325: typo3-src-4.2: Cross-Site Scripting (XSS) in sysext felogin
Bug marked as found in
On Wed, Nov 12, 2008 at 12:15 PM, Simon Josefsson [EMAIL PROTECTED] wrote:
You mean just removing this code snippet instead of moving it?
/* Check if the last certificate in the path is self signed.
* In that case ignore it (a certificate is trusted only if it
* leads to a trusted
package apt
severity 463030 serious
tags 463030 +pending
thanks
This bug qualifies as RC one.
--
Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com
Ukrainian C++ Developer, Debian APT contributor
signature.asc
Description: OpenPGP digital signature
Processing commands for [EMAIL PROTECTED]:
package apt
Ignoring bugs not assigned to: apt
severity 463030 serious
Bug#463030: apt =0.7.7 break menu update mechanism
Severity set to `serious' from `important'
tags 463030 +pending
Bug#463030: apt =0.7.7 break menu update mechanism
There were
Package: sugar-hulahop
Version: 0.4.7~dfsg-1
Severity: serious
Tags: patch
Usertags: implicit-pointer-conversion
Our automated buildd log filter[1] detected a problem that is likely to
cause your package to segfault on architectures where the size of a
pointer is greater than the size of an
Processing commands for [EMAIL PROTECTED]:
severity 504380 normal
Bug#504380: [icecc-monitor] no host or scheduler found
Severity set to `normal' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
Your message dated Wed, 12 Nov 2008 14:02:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505325: fixed in typo3-src 4.2.3-1
has caused the Debian Bug report #505325,
regarding typo3-src-4.2: Cross-Site Scripting (XSS) in sysext felogin
to be marked as done.
This means that you
Processing commands for [EMAIL PROTECTED]:
found 505399 0.6-1
Bug#505399: SA32651: OptiPNG BMP Reader Buffer Overflow Vulnerability
Bug marked as found in version 0.6-1.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for [EMAIL PROTECTED]:
found 505326 4.2.1-3
Bug#505326: typo3-src: User account passwords cannot be changed in backend
Bug marked as found in version 4.2.1-3.
found 505326 4.2.2-1
Bug#505326: typo3-src: User account passwords cannot be changed in backend
Bug marked as found
Processing commands for [EMAIL PROTECTED]:
severity 504483 important
Bug#504483: iceweasel hangs when restoring bookmarks
Severity set to `important' from `grave'
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Processing commands for [EMAIL PROTECTED]:
tags 505279 + patch
Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
There were no tags set.
Tags added: patch
tags 424763 - patch
Bug#424763: need for an easy/quick print dialog not hidden in the image editor
Tags were: patch wontfix
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christian Perrier wrote:
Quoting José Luis Tallón ([EMAIL PROTECTED]):
José Luis, any plans to prepare an upload? I'd be happy to sponsor it
if needed as fixing two RC bugs during this week-end would continue my
one RC bug per week-end series...
Hi,
I've encountered the exact same bug, but I could circumvent the issue by
removing the need to load bnx2 in the initrd:
remove bnx2 from /etc/initramfs-tools/modules
update-initramfs -u
Now it works, but loading bnx2 in the initrd still fails.
Regards,
Bjoern
--
To UNSUBSCRIBE, email
Sebastiaan Couwenberg wrote:
Christian Perrier wrote:
Quoting José Luis Tallón ([EMAIL PROTECTED]):
José Luis, any plans to prepare an upload? I'd be happy to sponsor it
if needed as fixing two RC bugs during this week-end would continue my
one RC bug per week-end series...
* Samuel Thibault [EMAIL PROTECTED] [2008-11-11 22:24:53 CET]:
The problem is that you both want a mouse on the text console and a
mouse in X. The correct way is to use a repeater: gpm reads
/dev/input/mice, and repeats to X. Now, gpm tries to play nice with X
servers that would read
2008/11/11 Eddy Petrișor [EMAIL PROTECTED] wrote:
2008/11/10 Thomas Schweitzer [EMAIL PROTECTED]:
Concerning bug#504726 I am not sure what's the problem with that? Why is
there a risk to create a static (where static only means that the name will
never change) subdir for temporary data?
When
Package: cpio
Version: 2.9-14
Severity: grave
Justification: renders package unusable
[EMAIL PROTECTED]:~/gateway$ find src/clamav-devel/trunk | cpio -pdu $HOME
Segmentation fault
[EMAIL PROTECTED]:~/gateway$
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy:
E-mail([EMAIL PROTECTED]) for the claims of £1,350.000 pounds in the
Irish-Promo claims Requirement: Name, Occupation, Address, Tel:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
These two updates occurs after a discussion with websvn upstream, to
validate the corrections. Security problem is described at:
http://www.gulftech.org/?node=researcharticle_id=00132-10202008
(I haven't found any related CVE, but a Secunia advisory:
http://secunia.com/advisories/32338/
)
severity 504380 normal
thanks
Hi,
Until a proper fix is found, use:
$ USE_SCHEDULER=host icemon
Cheers,
Fathi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Nikos Mavrogiannopoulos [EMAIL PROTECTED] writes:
1) Remove the code. Fixes both crash and vulnerability.
My suggestion is to remove the offending code.
Thanks. I'll prepare a 2.6.2 release.
/Simon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Package: kqemu-source
Version: 1.3.0~pre9-12
Severity: grave
Tags: patch
Justification: renders package unusable
When running the following:
$ m-a -t build kqemu
SNIP
# Build the module
./configure --kernel-path=/lib/modules/2.6.24-etchnhalf.1-amd64/build
Source path
Your message dated Wed, 12 Nov 2008 12:32:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#503330: fixed in websvn 2.0-4
has caused the Debian Bug report #503330,
regarding Multiple Vulnerabilities (xss, insecure file handling and code
execution)
to be marked as done.
This means
On Tue, Nov 11, 2008 at 04:55:57PM +0100, Simon Josefsson wrote:
I think we have identified the problem, see:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230
That patch at least solves the vulnerability and the crash, so possibly
it could be uploaded to
Your message dated Wed, 12 Nov 2008 17:17:03 +
with message-id [EMAIL PROTECTED]
and subject line Bug#463030: fixed in apt 0.7.19~exp1
has caused the Debian Bug report #463030,
regarding apt =0.7.7 break menu update mechanism
to be marked as done.
This means that you claim that the problem
* Nigel Horne [Wed, 12 Nov 2008 13:18:56 +]:
Hello,
Package: mlocate
Version: 0.21.1-1
Severity: grave
Justification: renders package unusable
/usr/bin/updatedb.mlocate always creates an empty database:
-rw-r- 1 root mlocate 235 2008-11-12 13:09 mlocate.db
It returns no error
Package: mlocate
Version: 0.21.1-1
Severity: grave
Justification: renders package unusable
/usr/bin/updatedb.mlocate always creates an empty database:
-rw-r- 1 root mlocate 235 2008-11-12 13:09 mlocate.db
It returns no error status, prints no error message and immediately returns
with no
# On 2008-11-11 Michael Gilbert [EMAIL PROTECTED] wrote:
# Package: libgnutls26
# Version: 2.4.2-2
# Severity: grave
# Tags: security
# Justification: user security hole
#
# redhat has just released an update that fixes a security flaw in gnutls [1].
# the CVE page [2] indicates that the
Gerfried Fuchs, le Wed 12 Nov 2008 14:43:19 +0100, a écrit :
The unfortunate effect here is that it waits without handling clients.
The attached patch fixes that: when not in text mode, the mouse
is closed, but the select() loop continues. I had to change the
timeout of select, I have
Processing commands for [EMAIL PROTECTED]:
severity 505439 important
Bug#505439: kqemu-source: Fails to build under amd64
Severity set to `important' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Processing commands for [EMAIL PROTECTED]:
clone 504373 -1
Bug#504373: libtemplate-perl: Upgrade from etch breaks code using DBI plugins
Bug 504373 cloned as bug 505471.
reassign -1 ftp.debian.org
Bug#505471: libtemplate-perl: Upgrade from etch breaks code using DBI plugins
Bug reassigned from
clone 504373 -1
reassign -1 ftp.debian.org
retitle -1 Please process libtemplate-plugin-dbi-perl from NEW
thanks
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Your message dated Wed, 12 Nov 2008 18:47:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505279: fixed in gnutls26 2.4.2-3
has caused the Debian Bug report #505279,
regarding libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
to be marked as done.
This means that you claim
Logged upstream as http://dev.sugarlabs.org/ticket/20
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
tags 493988 patch
Bug#493988: rancid-core: subprocess post-installation script returned error
exit status 1
There were no tags set.
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
tags 493988 patch
thanks
Hi,
attached you find a simple patch which will modify rancid-core.postinst
to call adduser only when the rancid user does not exist (that won't
change the UID/GID to a system-one, but should still work fine).
regards
Evgeni
diff -u rancid-2.3.2~a8/debian/changelog
Package: mozilla-plugin-gnash
Version: 0.8.3-6
Severity: grave
Hi!
I've been testing gnash for some time and found that the version in testing
crashes when entering www.eroski.es (machine using testing with linux kernel
from testing, arch i386) I had gnash set to pause on load.
I have upgraded
Processing commands for [EMAIL PROTECTED]:
reassign 505242 libgnutls26
Bug#505242: subversion: segfault when fetching external reference
Bug reassigned from package `subversion' to `libgnutls26'.
forcemerge 505279 505242
Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
On Tue, Nov 11, 2008 at 07:37:50AM +0100, Julian Andres Klode wrote:
On Tue, Nov 11, 2008 at 12:40:52AM +, alex wrote:
After some fiddling it seems that if i disable USB2.0 (a bios option - as
a result the ehci_hcd driver is not loaded) the freezing problem disappears.
This is a 5yr
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
tags 493988 + pending
Bug#493988: rancid-core: subprocess post-installation script returned error
exit status 1
Tags were: patch
Tags added: pending
End of message, stopping
Package: libcdaudio
Severity: grave
Tags: security
Justification: user security hole
Hi Daniel, please see
http://www.openwall.com/lists/oss-security/2008/11/05/1
http://www.openwall.com/lists/oss-security/2008/11/07/1
I'm attaching the dpatch I'm using for stable-security for your
convenience.
Michael Meskes [EMAIL PROTECTED] writes:
On Tue, Nov 11, 2008 at 04:55:57PM +0100, Simon Josefsson wrote:
I think we have identified the problem, see:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230
That patch at least solves the vulnerability and the crash,
Moritz Muehlenhoff wrote:
Package: libcdaudio
Severity: grave
Tags: security
Justification: user security hole
Hi Daniel, please see
http://www.openwall.com/lists/oss-security/2008/11/05/1
http://www.openwall.com/lists/oss-security/2008/11/07/1
I'm attaching the dpatch I'm using for
Your message dated Wed, 12 Nov 2008 21:47:04 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505478: fixed in libcdaudio 0.99.12p2-7
has caused the Debian Bug report #505478,
regarding CVE-2008-5030: Buffer overflow
to be marked as done.
This means that you claim that the problem
Daniel Baumann wrote:
Moritz Muehlenhoff wrote:
Package: libcdaudio
Severity: grave
Tags: security
Justification: user security hole
Hi Daniel, please see
http://www.openwall.com/lists/oss-security/2008/11/05/1
http://www.openwall.com/lists/oss-security/2008/11/07/1
I'm attaching the
* Mark Purcell [Sun, 09 Nov 2008 19:44:05 +1100]:
Hello,
In this context Romain suggested that he only upload the fixed package to
lenny
and upload a new package to sid:
! fix the package in lenny, as well as uploading a new package for sid
I was suggesting that he upload the fixed
Your message dated Wed, 12 Nov 2008 21:47:06 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505399: fixed in optipng 0.6.1.1-1
has caused the Debian Bug report #505399,
regarding SA32651: OptiPNG BMP Reader Buffer Overflow Vulnerability
to be marked as done.
This means that you
* Romain Beauxis [Sat, 08 Nov 2008 18:44:33 +0100]:
Le Saturday 08 November 2008 11:51:25 Adeodato Simó, vous avez écrit :
I don't think a new upstream version is going to be appropriate, but we
can talk about it later when this bug is fixed in Lenny. I don't like
the idea of uploading the
--- El mié, 12/11/08, Santiago Garcia Mantinan [EMAIL PROTECTED] escribió:
I've been testing gnash for some time and found that
the version in testing
crashes when entering www.eroski.es (machine using testing
with linux kernel
from testing, arch i386) I had gnash set to pause on load.
I
* Thomas Schweitzer [Wed, 12 Nov 2008 11:47:53 +0100]:
Oh, I see.
There are such evil people out there? ;-) Ok I never had such a way of
abuse on my mind, so I didn't care about that.
The next version 1.0.3 will have that fixed and I will send the
package to Marcela Tiznado so she can
tags 424763 + patch
thanks
Hi,
Thanks to Simon for the pointer.
Please find attached a debdiff for the bug.
cheers,
Fathi
diff -u gnutls26-2.4.2/debian/changelog gnutls26-2.4.2/debian/changelog
--- gnutls26-2.4.2/debian/changelog
+++ gnutls26-2.4.2/debian/changelog
@@ -1,3 +1,11 @@
Your message dated Wed, 12 Nov 2008 22:17:12 +
with message-id [EMAIL PROTECTED]
and subject line Bug#504619: fixed in python2.5 2.5.2-12
has caused the Debian Bug report #504619,
regarding python2.5: CVE-2008-4864 multiple integer overflows in imageop module
to be marked as done.
This means
Your message dated Wed, 12 Nov 2008 14:02:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505324: fixed in typo3-src 4.2.3-1
has caused the Debian Bug report #505324,
regarding typo3-src: Cross-Site Scripting (XSS) in BE module fileadmin
to be marked as done.
This means that you
Your message dated Wed, 12 Nov 2008 14:02:05 +
with message-id [EMAIL PROTECTED]
and subject line Bug#505326: fixed in typo3-src 4.2.3-1
has caused the Debian Bug report #505326,
regarding typo3-src: User account passwords cannot be changed in backend
to be marked as done.
This means that
Processing commands for [EMAIL PROTECTED]:
# On 2008-11-11 Michael Gilbert [EMAIL PROTECTED] wrote:
# Package: libgnutls26
# Version: 2.4.2-2
# Severity: grave
# Tags: security
# Justification: user security hole
#
# redhat has just released an update that fixes a security flaw in
Michael Meskes [EMAIL PROTECTED] writes:
On Tue, Nov 11, 2008 at 04:55:57PM +0100, Simon Josefsson wrote:
I think we have identified the problem, see:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230
That patch at least solves the vulnerability and the crash,
hey,
As these bugs have been open with a patch for over a month and
without a rejection from the maintainer, I intend to NMU the
associated package in a week's time (or sooner, if requested by the
maintainer).
If you do not wish for this NMU to occur, please send a follow-up in
the bug report
Package: ocaml-batteries
Version: 0.20081112+gitBB342A7-1
Severity: serious
Hi,
your package failed to build from source.
| Automatic build of ocaml-batteries_0.20081112+gitBB342A7-1 on meitner by
sbuild/hppa 98-farm
| Build started at 20081112-1342
as intended, i guess, this patch breaks loading modules from the
current directory but i have scripts that need to load extra modules
from the current directory. how does one do it now? i've modified my
scripts to do
import sys
sys.path.append(.)
import Module
but this seems silly. shouldn't
Processing commands for [EMAIL PROTECTED]:
notfound 504167 2.6.26-8
Bug#504167: linux-2.6 - regression: fails to unblank on resume
Bug no longer marked as found in version 2.6.26-8.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for [EMAIL PROTECTED]:
found 504167 2.6.26-8
Bug#504167: linux-2.6 - regression: fails to unblank on resume
Bug marked as found in version 2.6.26-8.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
clone 470882
retitle -1 pdmenu should check the value returned by Gpm_GetEvent()
reassign -1 pdmenu
thanks
Reading the documentation of Gpm_GetEvent:
« It returns 1 on success, -1 on failure, and 0 after closing the connection. »
pdmenu doesn't properly check that. It should. Patch attached.
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.35
unmerge 470882
Bug#470882: gpm freezes and makes other applications freeze/segfault
Bug#476431: gpm makes apps hang if running; they run normally if stopped
Disconnected #470882 from
Interestin. I just checked this out of curiosity and the site worked
fine for me. I am using Testing with a 2.6.26 kernal that I have compiled.
John
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
# Thu Nov 13 07:03:23 UTC 2008
# Tagging as pending bugs that are closed by packages in NEW
# http://ftp-master.debian.org/new.html
#
# Source package in NEW: arpack
tags 491794 + pending
Bug#491794: arpack: DFSG-incompatible license
There were no
69 matches
Mail list logo
