On Thu, Jan 29, 2009 at 02:26:56AM +, Ben Hutchings wrote:
This ought to be fixable by a binNMU, but linux-modules-contrib-2.6 is
not binNMU-safe. And rebuilding it properly in unstable will add new
binary packages for the vserver flavour. Perhaps a testing-security
upload is in order.
Kir Kolyshkin k...@openvz.org writes:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
vzctl 3.0.23-2 is available in experimental, so I have installed it and
tested
On Wed, Jan 28, 2009 at 08:04:20PM +0100, Andreas Henriksson wrote:
Hello!
I had a really quick look and there seems to be several issues.
Next after parsing the command line options, the server forks and kills
off the parent (in wzdftpd/wzd_main.c line 402). This leaves no room for
Hey *,
On Wed, 28 Jan 2009 23:12:16 +0100 Nico Golde wrote:
CVE-2009-0317[0]:
| Untrusted search path vulnerability in the Python language bindings
| for Nautilus (nautilus-python) allows local users to execute arbitrary
| code via a Trojan horse Python file in the current working directory,
Hi Ben
I assume you're aware of the RC bug #512839 introduced by your NMU (and in
testing) xine-ui/0.99.5+cvs20070914-2.1 ? Looks like the fork()ing of
xdg-screensaver needs a little more thought.
Regards
Jon
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
On Thu, Jan 29, 2009 at 09:39:57AM +0100, Pierre Chifflier wrote:
This is right, the first process forks and exits (so it does not get the
return code). Suggestions accepted for a better way.
Do the complete initialization (all things needed to pass the no options left
but kill ourself) first
Hi Daniel
Thanks a lot for your information. I'll backport the fix today, upload
and request unblock to the debian release team.
Best regards,
// Ola
Quoting Daniel Pittman dan...@rimspace.net:
Kir Kolyshkin k...@openvz.org writes:
This is caused by newer kernel headers (in this case
On Thu, Jan 29, 2009 at 02:55:20 +, Steve Cotton wrote:
I've spent a while looking at what runs what, and realised that it will be
quite time consuming for someone not familiar with your package to extact
a test case.
Would it be possible for you to isolate the gsf-scan bit;
.c and .i
Processing commands for cont...@bugs.debian.org:
severity 513384 grave
Bug#513384: xserver-xorg-core: server crash in CopyKeyClass when pressing
special keys
Severity set to `grave' from `serious'
severity 513407 grave
Bug#513407: xserver-xorg-core: pressing a multimedia key crashes the X
tag 511519 + pending
thanks
Some bugs are closed in revision 30225
by Damyan Ivanov (dmn)
Commit message:
add security_croak-in-do_verify-too.patch making do_verify() croak on
error the same way varify() already does. Document that verify() and
do_verify() croak on errors.
Closes: #511519.
Stepan Golosunov wrote:
The new xine with xdg-screensaver prevents xscreensaver from locking
the screen. But it does not prevent the same screen from beeing
blanked (old xine did). I don't think proposed patches in #511248 are
going to fix that.
Right, so I guess we need to do xset s off as
Processing commands for cont...@bugs.debian.org:
tag 511519 + pending
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Tags were: security
Tags added: pending
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for cont...@bugs.debian.org:
forwarded 511519
http://sourceforge.net/tracker/index.php?func=detailaid=2545158group_id=73194atid=537053
Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Noted your statement that Bug has been forwarded to
Your message dated Thu, 29 Jan 2009 11:02:05 +
with message-id e1lsuer-ca...@ries.debian.org
and subject line Bug#510585: fixed in netatalk 2.0.4~beta2-4.1
has caused the Debian Bug report #510585,
regarding CVE-2008-5718: arbitrary command execution in papd in netatalk
to be marked as
On Tue, Jan 13, 2009 at 01:30:19PM +0100, Andreas Henriksson wrote:
Maybe I'm missing something obvious because I haven't looked any closer
at this, but to me the debian sshguard bug report #495683 seems bogus!
AFAIK the default action of a non-builtin chain (the ones you create
yourself)
Your message dated Thu, 29 Jan 2009 13:39:45 +0100
with message-id 20090129123944.gd6...@koocotte.org
and subject line No bug
has caused the Debian Bug report #495683,
regarding sshguard: Current implementation skip any other iptables rules
to be marked as done.
This means that you claim that
Package: gdm
Version: 2.20.7-4
Severity: grave
Justification: renders package unusable
Today I did an apt-get update and apt-get upgrade which appeared to hang. I
rebooted
and I can login via ssh but not via the console. It's a Sun with ILOM and if
the console is redirected one gets the same
Le jeudi 29 janvier 2009 à 13:44 +, Jenny Barna a écrit :
Today I did an apt-get update and apt-get upgrade which appeared to hang. I
rebooted
and I can login via ssh but not via the console. It's a Sun with ILOM and if
the console is redirected one gets the same broken result. The
Package: debootstrap
Version: 1.0.10
Severity: grave
debootstrap does not yet allow to bootstrap a squeeze chroot, this needs
to be fixed before Lenny is released as DSA (and other people) need to be
able to create porter/security/... chroots.
-- System Information:
Debian Release: 5.0
APT
Processing commands for cont...@bugs.debian.org:
retitle 513488 debootstrap: version in Lenny needs to be able to bootstrap
Squeeze
Bug#513488: version in Lenny needs to be able to bootstrap Squeeze
Changed Bug title to `debootstrap: version in Lenny needs to be able to
bootstrap Squeeze'
Thanks for sending detailed information, it helps a lot. Here is the
problem. You don’t have a session manager installed, so the X11 startup
scripts choose to run x-window-manager.
ii metacity [x-window-man 1:2.22.0-2A lightweight GTK2 based Window Ma
ii twm [x-window-manager]
On Thu, Jan 29, 2009 at 09:17:26AM +0100, Bastian Blank wrote:
On Thu, Jan 29, 2009 at 02:26:56AM +, Ben Hutchings wrote:
This ought to be fixable by a binNMU, but linux-modules-contrib-2.6 is
not binNMU-safe. And rebuilding it properly in unstable will add new
binary packages for the
This was already corrected in
vzctl (3.0.22-9) unstable; urgency=low
* Correction of capability problem on some platforms. Closes: #482974.
-- Ola Lundqvist o...@debian.org Sat, 7 Jun 2008 19:26:21 +0200
Do you have any other idéa?
// Ola
On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola
Hi Kir and Daniel
When I started to backport this fix, I realized that this fix was
already backported to the version running.
This means that we have some other problem that has been fixed in the
3.0.23 version available in experimental.
Best regards,
// Ola
On Thu, Jan 29, 2009 at
I'm not really sure but maybe this one can help:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?
If that does not work I need straces from both working and non-working
versions.
Ola Lundqvist wrote:
This was already
Hi Daniel
If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/
// Ola
On Thu, Jan 29, 2009 at 07:57:54PM +0300, Kir Kolyshkin wrote:
I'm not really sure but maybe this one can help:
Package: flash-kernel
Version: 2.12
Severity: critical
Justification: breaks the whole system
LVM roots are not handled well. If one specifies an LVM root in
/etc/fstab in the form of /dev/vg/lv (e.g. /dev/VG-n2100/root_lv)
then the system will fail to boot. Instead, one must use the
* Paul Jakma paul+debianb...@jakma.org [2009-01-29 17:45]:
A workaround, according to tbm, would be to have flash-kernel
canonicalise LVM devices to their /dev/mapper/... form - I gather.
It's not a workaround; it's the proper solution.
maks, can you comment on this patch. I've attached the
On 2009-01-29 Steve Langasek steve.langa...@canonical.com wrote:
Hi Andreas,
is this the issue that is also being discussed in
http://news.gmane.org/find-root.php?message_id=%3c49654581.3020505%40anl.gov%3e
or is it the original submitter a different one than Douglas E.
Engert?
That
Processing commands for cont...@bugs.debian.org:
forwarded 513418 http://bugzilla.gnome.org/show_bug.cgi?id=569648
Bug#513418: gnumeric: CVE-2009-0318 untrusted search path vulnerability in
GObject wrapper
Noted your statement that Bug has been forwarded to
Package: newpki-server
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this:
src/EntityLog.cpp: if(!LOG_ENTRY_verify(log, (EVP_PKEY
*)m_CaCert.GetPublicKey()))
LOG_ENTRY_verify() is a function from libnewpki that
Processing commands for cont...@bugs.debian.org:
# Testing is affected as well
found 513418 1.8.3-5
Bug#513418: gnumeric: CVE-2009-0318 untrusted search path vulnerability in
GObject wrapper
Bug marked as found in version 1.8.3-5.
thanks
Stopping processing here.
Please contact me if you
Package: newpki-client
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this:
src/DlgShowLog.cpp: if(!LOG_ENTRY_verify(lValue, (EVP_PKEY
*)m_EntityCert.GetPublicKey()))
LOG_ENTRY_verify() is a function from
Package: phpicalendar
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for phpicalendar.
CVE-2008-5840[0]:
| PHP iCalendar 2.24 and earlier allows remote attackers to bypass
| authentication by setting
Processing commands for cont...@bugs.debian.org:
retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
Bug#507587: CVE-2008-5282,CVE-2008-6005: multiple buffer overflows
Changed Bug title to `CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple
buffer' from
retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
overflows
thanks
Hi
There is an additional CVE about buffer overflows.
CVE-2009-0323[0]:
| Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0
| and 11.0 allow remote attackers to execute arbitrary code
Processing commands for cont...@bugs.debian.org:
retitle 507587 CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
overflows
Bug#507587: CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple buffer
Changed Bug title to `CVE-2008-5282,CVE-2008-6005,CVE-2009-0323: multiple
buffer
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id e1lsdyd-0007pq...@ries.debian.org
and subject line Bug#510560: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #510560,
regarding rtorrent: Command fi.filename_last not available in this version of
rTorrent.
to be
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id e1lsdyd-0007ps...@ries.debian.org
and subject line Bug#512082: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #512082,
regarding rtorrent: Command fi.filename_last not available in this version of
rTorrent.
to be
Your message dated Thu, 29 Jan 2009 20:32:12 +
with message-id e1lsdya-0007oi...@ries.debian.org
and subject line Bug#429137: fixed in modxslt 2005072700-3
has caused the Debian Bug report #429137,
regarding please update/request removal of your package
to be marked as done.
This means that
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id e1lsdyd-0007pq...@ries.debian.org
and subject line Bug#510560: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #510560,
regarding rtorrent: Patch to resolve bug #506748 leads to crashes
to be marked as done.
This
Your message dated Thu, 29 Jan 2009 20:32:15 +
with message-id e1lsdyd-0007ps...@ries.debian.org
and subject line Bug#512082: fixed in rtorrent 0.7.9-2.2
has caused the Debian Bug report #512082,
regarding rtorrent: Patch to resolve bug #506748 leads to crashes
to be marked as done.
This
On Thu, Jan 29, 2009 at 07:31:00PM +0100, Andreas Metzler wrote:
I am not sure this is serious. Douglas' bug applies to X509 v1 CA certs,
which afaiui are rare.
http://news.gmane.org/find-root.php?message_id=%3c20090110155632.10ba0626%40nmav%2deee%3e
Gnutls is documented to not trust this
Hi.
On Mon, Jan 26, 2009 at 12:55:45AM +0100, Jan L?bbe wrote:
Upstream marked the mentioned #1744 as a duplicate of
http://intellinuxwireless.org/bugzilla/show_bug.cgi?id=1703
which has been closed (and marked verified) in 228.57.2.23.
The problem with 228.57.2.23 is that it contains only
Hi,
This works for me, see comments below!
On Thu, 29 Jan 2009, Martin Michlmayr wrote:
maks, can you comment on this patch. I've attached the full hook
for context. Maybe you'll find other cases that need to be handled
in a special way.
Index:
Processing commands for cont...@bugs.debian.org:
severity 513488 important
Bug#513488: debootstrap: version in Lenny needs to be able to bootstrap Squeeze
Severity set to `important' from `grave'
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug
Processing commands for cont...@bugs.debian.org:
# Automatically generated email from bts, devscripts version 2.9.26etch1
tags 513022 + pending
Bug#513022: Possible security flaw in ad-hoc probe request processing
Tags were: security upstream
Tags added: pending
End of message, stopping
Package: ruby1.9
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in ext/openssl/ossl_ocsp.c:
result = OCSP_basic_verify(bs, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result)
Your message dated Thu, 29 Jan 2009 21:47:03 +
with message-id e1lsej1-0003p5...@ries.debian.org
and subject line Bug#513022: fixed in linux-modules-contrib-2.6 2.6.26-3
has caused the Debian Bug report #513022,
regarding Possible security flaw in ad-hoc probe request processing
to be marked
I did a QA upload to the delayed queue based based on my prepared NMU.
Besides fixing this bug it sets the maintainer to the Debian QA Group,
bumps the Standards-Version, uses debhelper 7 and fixes some lintian
warnings. It will hit unstable in a about week
Carsten
--
To UNSUBSCRIBE, email to
Package: xvnc4viewer
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for vnc4.
CVE-2008-4770[0]:
| The CMsgReader::readRect function in the VNC Viewer component in
| RealVNC VNC Free Edition 4.0
severity 513504 important
thanks
* Paul Jakma paul+debianb...@jakma.org [2009-01-29 17:45]:
Package: flash-kernel
Version: 2.12
Severity: critical
Thinking about this some more, I realized that this situation must be
quite rare. d-i generates a /etc/fstab in the form of /dev/mapper/...
so in
Processing commands for cont...@bugs.debian.org:
severity 513504 important
Bug#513504: flash-kernel should handle LVM roots better
Severity set to `important' from `critical'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Package: isakmpd
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in x509.c:
if (X509_verify(cert, key) == -1) {
log_print(x509_cert_validate: self-signed cert is bad);
Package: wvstreams
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in crypto/wvx509.cc:
int verify_result = X509_REQ_verify(certreq, pk);
if (verify_result == 0)
{
debug(WvLog::Warning, Self
Package: newpki-lib
Severity: serious
Tags: security
Hi,
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in src/PKI_CSR.cpp:
if(X509_REQ_verify(m_csr, m_pubKeyCsr) 0)
{
NEWPKIerr(CRYPTO_ERROR_TXT, ERROR_ABORT);
Package: libnet-bittorrent-libbt-tracker-perl
Version: 0.0.19+p4.2296-1
Severity: grave
Justification: renders package unusable
Trying to execute a perl file containing the line:
use Net::BitTorrent::LibBT::Tracker;
produces the error:
Can't load
Package: root-system
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in
xrootd/src/xrootd/src/XrdCrypto/XrdCryptosslX509Req.cc:
bool XrdCryptosslX509Req::Verify()
{
[...]
return
Ola Lundqvist o...@inguza.com writes:
If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/
Ah. I am on amd64, and that is an i386 package without source.
Anyway, I grabbed the source, manually applied the patch and
On Thu, Jan 29, 2009 at 11:34 PM, Miguel Landaeta mig...@miguel.cc wrote:
On Thu, Jan 29, 2009 at 9:51 PM, LI Daobing (李道兵) lidaob...@gmail.com wrote:
I make a mistake in memory management, check the following commit please:
Hi Drew,
On Tue, 27 Jan 2009 15:19:37 +1100, Drew Parsons wrote:
While it's good to see that MathML support is improved (such that we
don't need these fonts for that purpose), I'd like to heartily give my
support for keeping this font package in working order!
Thanks, but it depends heavily
Your message dated Fri, 30 Jan 2009 02:47:03 +
with message-id e1lsjpl-0004zz...@ries.debian.org
and subject line Bug#513446: fixed in duplicity 0.5.06-1
has caused the Debian Bug report #513446,
regarding duplicity 0.5.02-2 does not install with python 2.5 :
incompatibbilities with other
On Fri, 2009-01-30 at 11:12 +0900, Atsuhito Kohda wrote:
Hi Drew,
On Tue, 27 Jan 2009 15:19:37 +1100, Drew Parsons wrote:
While it's good to see that MathML support is improved (such that we
don't need these fonts for that purpose), I'd like to heartily give my
support for keeping this
Dear Ben,
Thanks.
IE_CF_PARM EID_STRUCT Octet data structure in mlme.h will change to unsigned
char too.
-Original Message-
From: Ben Hutchings [mailto:b...@decadent.org.uk]
Sent: Monday, January 26, 2009 2:34 AM
To: 513...@bugs.debian.org
Cc: rt2400-de...@lists.sourceforge.net; Dennis
Your message dated Fri, 30 Jan 2009 08:00:11 +0100
with message-id 20090130070011.ga11...@inguza.net
and subject line Re: [Debian] Re: Bug#513310: vzctl fails to set capabilities,
and subsequently fails to start any VE
has caused the Debian Bug report #513310,
regarding vzctl fails to set
Processing commands for cont...@bugs.debian.org:
# Fri Jan 30 07:03:19 UTC 2009
# Tagging as pending bugs that are closed by packages in NEW
# http://ftp-master.debian.org/new.html
#
# Source package in NEW: linux-modules-contrib-2.6
tags 513022 + pending
Bug#513022: Possible security flaw
Hi Steffen
I'll upload a new package when built.
Can the package be built using etch as that is what I have on mu main
Debian development machine? I know that I got restrictions on some other
package lately.
Best regards,
// Ola
On Thu, Jan 29, 2009 at 05:30:24PM -0500, Steffen Joeris wrote:
Processing commands for cont...@bugs.debian.org:
severity 506748 important
Bug#506748: crash rtorrent by scgi-interface (function: 'fi.get_filename_last')
Severity set to `important' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
Processing commands for cont...@bugs.debian.org:
severity 510560 important
Bug#510560: rtorrent: Patch to resolve bug #506748 leads to crashes
Bug#512082: rtorrent: Command fi.filename_last not available in this version of
rTorrent.
Severity set to `important' from `grave'
thanks
Stopping
69 matches
Mail list logo