Package: fckeditor
Version: 1:2.6.2-1
Severity: grave
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for fckeditor.
CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor
Hi Akira,
Thanks for the follow-up. Quantlib (upstream) and I figured out a workaround.
In previous versions we had gotten by without the configure step -- and hence
no Makefile was created and present. That did not seem to upset earlier
versions but it set up the current versions. Switching
Hi Gijs and Nicolau,
(And hi Raphael, you are the last NMUer. Maybe you are interested in
uploading a fixed package with a revised version of Gijs patch, if not,
maybe Paul or Ondrej want to.)
first, and most importantly, thanks for looking into fixing this problem
and sharing your patch
Processing commands for cont...@bugs.debian.org:
fixed 536051 1:2.6.4-1
Bug#536051: CVE-2009-2265, CVE-2009-2324: input sanitization errors
Bug marked as fixed in version 1:2.6.4-1.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Hi,
Thanks for the follow-up. Quantlib (upstream) and I figured out a workaround.
In previous versions we had gotten by without the configure step -- and hence
no Makefile was created and present. That did not seem to upset earlier
versions but it set up the current versions. Switching to
Your message dated Tue, 07 Jul 2009 07:02:12 +
with message-id e1mo4gu-0005j3...@ries.debian.org
and subject line Bug#527527: fixed in guile-1.8 1.8.7+1-1
has caused the Debian Bug report #527527,
regarding Conflicting types for 'jmp_buf'
to be marked as done.
This means that you claim that
Hi,
i contacted the security team ~6 hours ago with that.
Frank
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processing commands for cont...@bugs.debian.org:
fixed 536051 1:2.6.4.1-1
Bug#536051: CVE-2009-2265, CVE-2009-2324: input sanitization errors
Bug marked as fixed in version 1:2.6.4.1-1.
notfixed 536051 1:2.6.4-1
Bug#536051: CVE-2009-2265, CVE-2009-2324: input sanitization errors
Bug no longer
Processing commands for cont...@bugs.debian.org:
# Tue Jul 7 08:03:22 UTC 2009
# Tagging as pending bugs that are closed by packages in NEW
# http://ftp-master.debian.org/new.html
#
# Source package in NEW: haskell-src-exts
tags 526439 + pending
Bug#526439: haskell-src-exts: FTBFS: setup:
Processing commands for cont...@bugs.debian.org:
close 531940
Bug#531940: FTBFS on mipsel due to missing -fPIC
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Luk Claes l...@debian.org
thanks
Stopping processing here.
* Iain Lane la...@ubuntu.com [20090707 09:19]:
What's the status of this? dillo has now been removed from testing and
I see no sign of FLTK2.
JFTR: see #364295 for the license issues of fltk2.
regards,
-mika-
signature.asc
Description: Digital signature
Processing commands for cont...@bugs.debian.org:
tag 521965 + pending
Bug#521965: libapache2-mod-python: FTBFS: request for member 'next' in
something not a structure or union
There were no tags set.
Tags added: pending
thanks
Stopping processing here.
Please contact me if you need
Your message dated Tue, 07 Jul 2009 12:17:04 +0200
with message-id 1246961824.4676.22.ca...@localhost
and subject line Fixed
has caused the Debian Bug report #530680,
regarding haskell-haskeline: Needs altered build-deps to prevent FTBFS
to be marked as done.
This means that you claim that the
Subject: cdrom: I/O Error: Unable to copy from CD-Drive to HDD after burning
Package: cdrom
Severity: grave
Justification: renders package unusable
Tags: l10n
#
cdrom: This disc doesn't have any tracks I recognize!
#
Jun 18 16:14:04 netbook kernel: [ 7303.957815] warning: `growisofs' uses 32-bit
Processing commands for cont...@bugs.debian.org:
forcemerge 285653 522246
Bug#285653: defoma should migrate to an alternative to libft-perl
Bug#522246: defoma-hints is totally unusable
Bug#478983: defoma-hints requires libft-perl which no longer exists
Forcibly Merged 285653 478983 522246.
Your message dated Tue, 7 Jul 2009 05:37:36 -0500
with message-id 19027.9584.792244.139...@ron.nulle.part
and subject line Re: Bug#533122: ruby1.8-dev: FTBFS with newer ruby ?
has caused the Debian Bug report #533122,
regarding ruby1.8-dev: FTBFS with newer ruby ?
to be marked as done.
This
forcemerge 285653 522246
thanks
On Thu, May 14, 2009 at 09:02:13PM +0200, Sven Hoexter wrote:
Hi,
at least in sid FreeType.pm is available
marvin:/home/sven/debian/pkg-lyx# apt-file search FreeType.pm
libfont-freetype-perl: /usr/lib/perl5/Font/FreeType.pm
Yes, but from a different package.
Hi everyone,
I'm not experienced with C programming. The patch I applied just fixes
some include paths, and also includes a patch adapted from Gentoo. I
think I posted a link to the patch in the bugreport comments.
- gijs
Op 7 jul 2009, om 08:54 heeft Thomas Viehmann het volgende
Lucas,
Probably the reason of FTBFS is because you have newer version of
autoconf and libtool packages on your Sid box. I had very similar
problem under Ubuntu Jaunty.
Did you try to run `autoreconf -f` before?
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
Hi,
This should be fixed in dovecot 1.1.16 (in unstable). Please test
and close if this is the case.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: hal
Version: 0.5.12~git20090406.46dc48-2
Severity: critical
Justification: breaks unrelated software
When hal starts and detects the raid device it segfaults :
hald[17354]: segfault at 0 ip 00433735 sp 7fffa26f78d0
error 4 in hald[40+55000]
This bug looks like a
severity 536072 important
thanks
Jerome Kerdreux wrote:
Package: hal
Version: 0.5.12~git20090406.46dc48-2
Severity: critical
Justification: breaks unrelated software
When hal starts and detects the raid device it segfaults :
hald[17354]: segfault at 0 ip 00433735 sp
Paweł Tęcza wrote:
Lucas,
Probably the reason of FTBFS is because you have newer version of
autoconf and libtool packages on your Sid box. I had very similar
problem under Ubuntu Jaunty.
Did you try to run `autoreconf -f` before?
It works with Courier 0.62.1. Packages will show up soon.
Processing commands for cont...@bugs.debian.org:
severity 536072 important
Bug#536072: hal segfault when it detects md-raid devices
Severity set to `important' from `critical'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Your message dated Tue, 7 Jul 2009 14:25:15 +0200
with message-id 20090707122515.ga19...@feivel.credativ.lan
and subject line Re: #531543 dovecot-imapd: server is killed with signal 6
has caused the Debian Bug report #531543,
regarding dovecot-imapd: server is killed with signal 6
to be marked as
Package: ia32-apt-get
Version: 22
Severity: grave
I cannot install skype via ia32-apt-get. The line in my sources.list is:
deb [arch=i386] http://download.skype.com/linux/repos/debian/ stable
non-free
and I ran /usr/share/ia32-apt-get/convert-all-sources.list
But ia32-apt-get behaves as though
On Mon, Jul 6, 2009 at 23:20:59 -0400, Aaron M. Ucko wrote:
Julien Cristau jcris...@debian.org writes:
xprint support was removed from libXfont. We should add a Breaks:
xprint to the libxfont1 package, as it doesn't look like xprint will be
coming back.
Strictly speaking, shouldn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
close 534549
thanks
I just uploaded the new fixed version of the fontforge-extras
package, but I forgot to close this bug in the changelog file.
So, I am now closing this bug this way.
Thanks, for the bug report.
- --
Kęstutis Biliūnas
Processing commands for cont...@bugs.debian.org:
close 534549
Bug#534549: fontforge-extras: includes showttf, also in package fontforge
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Alexios Zavras zvr+deb...@zvr.gr
thanks
Robert Millan wrote:
Hi,
Please could you test if this patch helps?
Thanks
I am sorry I can no longer test while I got a disk crash!
Jos v.W.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: haml-elisp
Version: 2.2.0-1
Severity: grave
Justification: renders package unusable
| Setting up haml-elisp (2.2.0-1) ...
| install/haml-elisp: Handling install of emacsen flavor emacs
| install/haml-elisp: Handling install of emacsen flavor emacs21
| install/haml-elisp: byte-compiling
Processing commands for cont...@bugs.debian.org:
fixed 534549 0.2-1
Bug#534549: fontforge-extras: includes showttf, also in package fontforge
Bug marked as fixed in version 0.2-1.
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for cont...@bugs.debian.org:
severity 536077 normal
Bug#536077: Flag [arch=i386] in sources.list behaves as though ignored
Severity set to `normal' from `grave'
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Processing commands for cont...@bugs.debian.org:
tag 516670 + patch
Bug#516670: files owned by !root
Tags were: security
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
tag 516670 + patch
thanks
On Mon, Feb 23, 2009 at 12:53:30AM +0100, Peter Palfrader wrote:
Files in /usr/share/lintian/overrides are not owned by root on lenny/alpha.
wea...@intrepid:~/tmp$ wget -nv
http://ftp.de.debian.org/debian/pool/main/k/klibc/klibc-utils_1.5.12-2_alpha.deb
2009-02-23
Hello,
I'm the maintainer of kanyremote.
Because of this bug, I can't upload it's new upstream version. It
segfaults right at the beginning, because with the new release upstream
switched from python-qt3/kde3 to python-qt4/kde4.
Downgrading python-qt4 as mentioned before made the program work,
Processing commands for cont...@bugs.debian.org:
tags 516670 - patch
Bug#516670: files owned by !root
Tags were: patch security
Tags removed: patch
End of message, stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
On Tue, Jul 07, 2009 at 05:29:53PM +0200, Jan Hauke Rahm wrote:
On Mon, Feb 23, 2009 at 12:53:30AM +0100, Peter Palfrader wrote:
Files in /usr/share/lintian/overrides are not owned by root on lenny/alpha.
wea...@intrepid:~/tmp$ wget -nv
Processing commands for cont...@bugs.debian.org:
tags 536034 confirmed patch
Bug#536034: dpkg-dev: dpkg-gensymbols produces broken symbols files
There were no tags set.
Tags added: confirmed, patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
tags 536034 confirmed patch
thanks
On 2009 m. July 7 d., Tuesday 01:41:46 Michael Biebl wrote:
Since the latest update of dpkg from 1.15.2 to 1.15.3, dpkg-gensymbols
produces broken symbols files. As an example I attached the
libc6.symbols file for -19, which whas generated using 1.15.3.
Cyril Brulebois k...@debian.org (06/07/2009):
The trivial fix is attached. Fixing this bug ASAP would help
kfreebsd-i386 get some java support (unfortunately, this package
wasn't built when dpkg-dev was less strict because of a missing build
dependency).
Thanks for the ACK. Final debdiff
Your message dated Tue, 07 Jul 2009 16:47:07 +
with message-id e1modox-0004bh...@ries.debian.org
and subject line Bug#536025: fixed in java-gcj-compat 1.0.80-5.1
has caused the Debian Bug report #536025,
regarding java-gcj-compat: FTBFS with new dpkg-dev
to be marked as done.
This means that
Processing commands for cont...@bugs.debian.org:
# Automatically generated email from bts, devscripts version 2.10.35lenny3
tags 480899 pending
Bug#480899: incomplete split prevents installation of cdebconf-gtk
Tags were: patch
Tags added: pending
End of message, stopping processing here.
Your message dated Tue, 07 Jul 2009 17:02:12 +
with message-id e1moe3y-00050j...@ries.debian.org
and subject line Bug#480899: fixed in cdebconf 0.144
has caused the Debian Bug report #480899,
regarding incomplete split prevents installation of cdebconf-gtk
to be marked as done.
This means
Hi Ludovic,
On Tue, Jul 7, 2009 at 12:15 AM, Ludovic
Claudeludovic.cla...@laposte.net wrote:
plexus-build-api is used only on modello 1.0+, so it looks like you
where using the wrong version of the sources. There was a
uscan --upstream-version 0
in debian/rules which always download the
Your message dated Tue, 07 Jul 2009 19:17:05 +
with message-id e1moga5-0003z7...@ries.debian.org
and subject line Bug#535279: fixed in alpine 2.00+dfsg-4
has caused the Debian Bug report #535279,
regarding alpine: FTBFS with new dpkg-dev
to be marked as done.
This means that you claim that
Processing commands for cont...@bugs.debian.org:
forwarded 525137 https://issues.apache.org/bugzilla/show_bug.cgi?id=39815
Bug#525137: apache2.2-common: could not get next bucket brigade while a
client is doing a PUT results in data loss
Noted your statement that Bug has been forwarded to
Package: libpq-dev
Version: 8.4.0-1
Severity: serious
Justification: Causes FTBFS in other packages
From my pbuilder build log for qt-x11-free:
...
g++ -c -pipe -g -I/usr/include/mysql -I/usr/include/freetype2
-I/usr/include/postgresql -fno-exceptions -Wall -W -O2 -D_REENTRANT -fPIC
Your message dated Tue, 07 Jul 2009 19:32:11 +
with message-id e1mogoh-0004wv...@ries.debian.org
and subject line Bug#534647: fixed in elmerfem 5.5.0.svn.4214.dfsg-1
has caused the Debian Bug report #534647,
regarding elmerfem: FTBFS on mips(el) due to non-PIC code in shared objects
to be
Your message dated Tue, 07 Jul 2009 19:32:11 +
with message-id e1mogoh-0004wx...@ries.debian.org
and subject line Bug#535292: fixed in elmerfem 5.5.0.svn.4214.dfsg-1
has caused the Debian Bug report #535292,
regarding elmerfem: FTBFS with new dpkg-dev
to be marked as done.
This means that
Package: linux-2.6
Version: 2.6.30-1
Severity: grave
Tags: security
Justification: user security hole
Hello Debian kernel team!
According to the security tracker [1], CVE-2009-0029 is fixed in
testing, but not in unstable.
It's fixed in testing because it was fixed in a stable (lenny) point
tags 535838 + patch
thanks
Add dependencies xsltproc in debian/control
Elías
Package: linux-2.6
Version: 2.6.30-1
Severity: grave
Tags: security
Justification: user security hole
Hello again Debian kernel team!
According to the security tracker [1], CVE-2009-1758 is fixed in
testing, but not in unstable.
It's fixed in testing because it was fixed in a stable (lenny)
Processing commands for cont...@bugs.debian.org:
severity 535099 wishlist
Bug#535099: Please drop zephyr-server-krb for real
Severity set to `wishlist' from `serious'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
Package: usbmount
Version: 0.0.17
Severity: normal
I can confirm this bug.
After inserting my USB Stick, which has two ext3 partitions on it, i get
the following output from the mount command.
/dev/sda2 on /media/usb0 type ext3 (ro,noexec,nodev,sync,noatime)
/dev/sda1 on /media/usb0 type ext2
Hi,
On Mon, May 18, 2009 at 5:02 PM, Marcus Bettermar...@better.se wrote:
Michal Vyskocil reported [1] that our tarball contains two doc files
generated from non-free source files (which were themselves removed by
us).
what is the state of this bug report?
Cheers,
Torsten
--
To
Your message dated Tue, 07 Jul 2009 21:36:23 +
with message-id e1moikt-0005x3...@ries.debian.org
and subject line Bug#525366: fixed in mini-httpd 1.19-9.1
has caused the Debian Bug report #525366,
regarding mini-httpd: Initscript fails with dash as /bin/sh
to be marked as done.
This means
Your message dated Tue, 07 Jul 2009 21:39:09 +
with message-id e1moinz-0006mu...@ries.debian.org
and subject line Bug#534595: fixed in samba 2:3.4.0-1
has caused the Debian Bug report #534595,
regarding samba-common-bin: Uninstallable on experimental
to be marked as done.
This means that you
Vincent Bernat ber...@debian.org (10/05/2009):
I have just tried on a freshly updated sid pbuilder and I get the
same error but it is non fatal.
Yes I can! (reproduce)
With a sid/amd64 cowbuilder chroot, see full log attached, including
versions of the build dependencies.
Mraw,
KiBi.
W:
Processing commands for cont...@bugs.debian.org:
severity 536148 important
Bug#536148: linux-2.6: [regression] CVE-2009-1758 fixed in testing, but not in
unstable
Severity set to `important' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug
Your message dated Tue, 07 Jul 2009 22:17:07 +
with message-id e1moiyj-ym...@ries.debian.org
and subject line Bug#535433: fixed in rarian 0.8.1-3
has caused the Debian Bug report #535433,
regarding yelp: Yelp segfaults on startup
to be marked as done.
This means that you claim that the
Your message dated Tue, 07 Jul 2009 22:17:07 +
with message-id e1moiyj-ym...@ries.debian.org
and subject line Bug#535433: fixed in rarian 0.8.1-3
has caused the Debian Bug report #535433,
regarding yelp: crash on startup
to be marked as done.
This means that you claim that the problem
Package: krusader
Version: 1.90.0-3
Severity: critical
Justification: causes serious data loss
If X-server crashed (or restarted by Ctrl-Alt-BkSp), if rerun Krusader again it
displays message unable to talk to ktalker and:
If press F4 on file file zeroed (size==0) and KrViwer apear with empty
Your message dated Tue, 07 Jul 2009 22:32:05 +
with message-id e1mojcn-0001ow...@ries.debian.org
and subject line Bug#521965: fixed in libapache2-mod-python 3.3.1-8
has caused the Debian Bug report #521965,
regarding libapache2-mod-python: FTBFS: request for member 'next' in something
not a
Your message dated Tue, 07 Jul 2009 23:47:14 +0100
with message-id 1247006834.21924.1.ca...@deadeye
and subject line Re: Bug#536147: linux-2.6: [regression] CVE-2009-0029 fixed in
testing, but not unstable
has caused the Debian Bug report #536147,
regarding linux-2.6: [regression] CVE-2009-0029
On Tue, Jul 07, 2009 at 11:00:31PM +0200, Francesco Poli (t1000) wrote:
According to the security tracker [1], CVE-2009-0029 is fixed in
testing, but not in unstable.
The security tracker is _no_ authorative source. This is fixed since
some time.
Bastian
--
To UNSUBSCRIBE, email to
Package: xen-utils-3.4
Version: 3.4.0-1
Severity: grave
Justification: renders package unusable
This packages should depend on the 3.4 version of xenstore utils
and library, because it the Lenny versions are installed,
xend crashes instead of starting up.
(Many users choose to run lenny/sid
Package: xen-utils-3.4
Version: 3.4.0-1
Severity: critical
Justification: breaks unrelated software
After installing xen-utils-3.4 besides my existing xen-3.2 system,
I could not start xend-3.2 anymore. The message I was getting is this:
Failed to initialize dom0 state.
As far as I know,
Package: libncurses5
Version: 5.7+20090606-1
Severity: serious
File: /lib/libncurses.so.5.7
Justification: breaks other packages
Since the latest update of libncurses, I get a lot of segfaults of
programs linking against libncurses. As I haven't seen this behaviour
before the libncurses update,
FWIW., downgraded to the testing version of curses and the segfaults are gone.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
On Wed, 8 Jul 2009, Michael Biebl wrote:
Package: libncurses5
Version: 5.7+20090606-1
Severity: serious
File: /lib/libncurses.so.5.7
Justification: breaks other packages
Since the latest update of libncurses, I get a lot of segfaults of
programs linking against libncurses. As I haven't seen
According to the historic upstream changelog:
Tweaked configure to disable ethereal support instead of
stopping if glib isn't found.
It would seem to be a feature regression if wireshark support were removed.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject
Your message dated Wed, 08 Jul 2009 01:02:12 +
with message-id e1moly4-0001mh...@ries.debian.org
and subject line Bug#536177: fixed in ncurses 5.7+20090607-1
has caused the Debian Bug report #536177,
regarding /lib/libncurses.so.5.7: Segfaults in apps linking against libncurses
to be marked
Package: procps
Version: 1:3.2.8-1
Severity: grave
File: /usr/bin/top
Justification: renders package unusable
(0)% top
zsh: segmentation fault (core dumped) top
Due to recent libc6 upgrade?
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500,
Package: keytouch
Version: 2.4.1-1
Severity: grave
Justification: causes non-serious data loss
I build this from sid source packages, as suggested by you, the maintainer, and
was instructed to file it as a sid bug. Hopefully this works out. (I had the
same behaviour on stable
Lenny's version
It seems that the problem is that pioneers (or some underlying library) is only
trying the first address returned by getaddrinfo. I have localhost as pointing
to both 127.0.0.1 and ::1 (I don't think I did this. Did the debian installer
do this?). When the ai attempts to connect to the server,
Thanks for the bug report. Very sorry we couldn't work this out when I
was helping you on IRC.
At this point, before I go searching through the source code, I am
going to package the new upstream version and see if that fixes it.
I am able to reproduce this issue, so I will try fix this, but
Processing commands for cont...@bugs.debian.org:
reassign 536184 libncurses5 5.7+20090606-1
Bug#536184: /usr/bin/top: top segfaults
Bug reassigned from package `procps' to `libncurses5'.
forcemerge 536177 536184
Bug#536177: /lib/libncurses.so.5.7: Segfaults in apps linking against libncurses
reassign 536184 libncurses5 5.7+20090606-1
forcemerge 536177 536184
thanks
On 2009-07-08 04:39 +0200, ben wrote:
(0)% top
zsh: segmentation fault (core dumped) top
Due to recent libc6 upgrade?
No, due to recent libncurses5 upgrade.
Versions of packages procps depends on:
ii libc6
On Tue, Jul 07, 2009 at 08:39:29PM -0600, ben wrote:
Due to recent libc6 upgrade?
I updated my libc6 to 2.9-19 as well and tops running fine.
However, updating libncurses5 from 5.7_20090523-1 to 5.7+20090606-1
makes top crash.
Ah ha.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536177
A
Processing commands for cont...@bugs.debian.org:
fixed 531543 1:1.1.16-1
Bug#531543: dovecot-imapd: server is killed with signal 6
Bug marked as fixed in version 1:1.1.16-1.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
81 matches
Mail list logo