Package: curl
Severity: grave
Tags: security
Justification: user security hole
http://curl.haxx.se/docs/adv_20130206.html
Remember we're in freeze, so please upload only the minimal security fix.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with
Your message dated Thu, 07 Feb 2013 10:02:32 +
with message-id e1u3ojm-00059w...@franck.debian.org
and subject line Bug#685251: fixed in quantum 2012.1-5+deb70u1
has caused the Debian Bug report #685251,
regarding quantum-plugin-ryu-agent: ImportError: No module named
Hello
on my testing system which also updated yesterday and today I get the
same error again.
So for me it isn't solved.
Kind regards
Mechtilde
signature.asc
Description: OpenPGP digital signature
Please provide a backtrace. And if you can please test with PHP from
experimental.
Thanks,
Ondrej
On Thu, Feb 7, 2013 at 11:11 AM, Mechtilde o...@mechtilde.de wrote:
Hello
on my testing system which also updated yesterday and today I get the
same error again.
So for me it isn't solved.
Hi,
following the advice of Patrick Ohly, I compiled the latest version of
syncevolution (1.3.99.2) on this machine and the issue is resolved.
Please upgrade syncevolution to this version.
Regards
Christof
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against
Package: src:net-tools
Version: 1.60-24.2
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
Apparently, STRIP support is now an unthing, and kernel headers no longer
have it.
Ubuntu have already patched it; from their patch:
diff -pruN
On jeu., 2013-02-07 at 08:37 +0100, Daniel Baumann wrote:
On 02/06/2013 10:03 PM, Yves-Alexis Perez wrote:
There's no such thing as libcom32.c32 in /boot so that'd explain why.
you might want to look at the bug it was merged with, specifically:
On 02/07/2013 01:02 PM, Yves-Alexis Perez wrote:
- I have no idea if it's syslinux or syslinux-themes-debian fault
did you read the other bug?
usually, opening a duplicate bug doesn't mean that the maintainer will
re-tell the whole story again, and that pointing to the first bug about
the
Hi Adam,
Adam D. Barratt a...@adam-barratt.org.uk writes:
I wasn't particularly suggesting re-introducing 3.0 to unstable.
However, given that packages from tpu get essentially no testing at all
(no pun intended) before hitting testing, being able to prove a patch in
unstable first avoids a
Your message dated Thu, 07 Feb 2013 12:19:08 +
with message-id e1u3qry-00054k...@franck.debian.org
and subject line Bug#591199: fixed in yui 2.9.0.dfsg.0.1-0.1
has caused the Debian Bug report #591199,
regarding yui: does not build swf files from source
to be marked as done.
This means that
Your message dated Thu, 07 Feb 2013 12:19:08 +
with message-id e1u3qry-00054o...@franck.debian.org
and subject line Bug#692434: fixed in yui 2.9.0.dfsg.0.1-0.1
has caused the Debian Bug report #692434,
regarding CVE-2012-5883, CVE-2012-5882, CVE-2012-5881 - YUI 2.x security issue
regarding
Your message dated Thu, 07 Feb 2013 12:19:08 +
with message-id e1u3qry-00054k...@franck.debian.org
and subject line Bug#591199: fixed in yui 2.9.0.dfsg.0.1-0.1
has caused the Debian Bug report #591199,
regarding libjs-yui: does not build .swf files from source
to be marked as done.
This means
Your message dated Thu, 07 Feb 2013 12:19:08 +
with message-id e1u3qry-00054o...@franck.debian.org
and subject line Bug#692434: fixed in yui 2.9.0.dfsg.0.1-0.1
has caused the Debian Bug report #692434,
regarding CVE-2012-5883, CVE-2012-5882, CVE-2012-5881 - YUI 2.x security issue
regarding
On jeu., 2013-02-07 at 13:19 +0100, Daniel Baumann wrote:
On 02/07/2013 01:02 PM, Yves-Alexis Perez wrote:
- I have no idea if it's syslinux or syslinux-themes-debian fault
did you read the other bug?
Actually yes, even without being bitten by the bug it'd be hard to miss.
usually,
On 02/07/2013 01:25 PM, Yves-Alexis Perez wrote:
Actually it's $your_theme, but eh.
i ment '$your_theme' as in 'the one you've chosen from the ones that are
available in the package', but whatever.
--
Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:
Le 02/07/13 13:15, Michael Stapelberg a écrit :
Hi Adam,
Adam D. Barratt a...@adam-barratt.org.uk writes:
Looking at the proposed tpu diff and the 3.0 - 3.1 diff, it looks like
the armhf changes should apply as is to 3.1; has anyone tried that?
I have ported the patches from 3.0 to 3.1 and
Hello,
i'm not sure if the creators of PlayOnLinux have ever considered the
software to be used on kfreeBSD.
However can you confirm that the software is otherwise usable if you
modify the check for a Linux system in /usr/share/playonlinux/playonlinux?
If this is the case then a simple solution
Hello Ondrej,
Can you provide me an exact description what you need as backtrace.
then I will send you the data I have.
I I repeated the test under an actual Sid with php5 from experimental in
the same virtual machine as I did the first test writing this bugreport.
I get the same error message
Package: kfreebsd-kernel-headers
Version: 0.82
Severity: serious
Control: affects -1 inetutils
Hi!
I just uploaded a new inetutils version (with a minimal change) which
FTBFS, but it built fine before. Just for reference, here's the build
log:
Processing control commands:
affects -1 inetutils
Bug #700027 [kfreebsd-kernel-headers] kfreebsd-kernel-headers: Redefinition of
struct termios
Added indication that 700027 affects inetutils
--
700027: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700027
Debian Bug Tracking System
Contact
Hi Adam,
Michael Stapelberg stapelb...@debian.org writes:
Therefore, I will now build it on armhf, which will take around a day.
Update: the armhf build failed because about 100 testcases fail.
I have no clue on how to fix this and can’t spend much more time on
debugging this either.
Given
close 675684
thanks
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processing commands for cont...@bugs.debian.org:
close 675684
Bug #675684 [src:haskell-github] Needs to bump http-conduit dependency
Marked Bug as done
thanks
Stopping processing here.
Please contact me if you need assistance.
--
675684: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675684
Processing commands for cont...@bugs.debian.org:
# raising severity since I think the package is actually useless like this
severity 699848 serious
Bug #699848 [sks] sks: sks_build.sh hangs
Severity set to 'serious' from 'normal'
thanks
Stopping processing here.
Please contact me if you need
Le 02/07/13 18:07, Michael Stapelberg a écrit :
Hi Adam,
Michael Stapelberg stapelb...@debian.org writes:
Therefore, I will now build it on armhf, which will take around a day.
Update: the armhf build failed because about 100 testcases fail.
I have no clue on how to fix this and can’t spend
Package: libgo-perl
Version: 0.13-1
Severity: grave
Justification: renders package unusable
Dear Maintainer, Deb Med Team, so myself as well,
/usr/share/perl5/GO/IO/Dotty.pm:24: 'use GraphViz;'. However d/control does not
Depends: libgraphviz-perl.
Module fails to load when libgraphviz-perl is
tags 673038 + patch fixed-upstream
thanks
Hi All,
2013/1/28 Bálint Réczey bal...@balintreczey.hu:
...
I think we're all in agreement that the code should be fixed. Please
help to do that, if you can.
Upstream has rejected the proposed fix.
Since it seems I'm not familiar enough with
Processing commands for cont...@bugs.debian.org:
tags 673038 + patch fixed-upstream
Bug #673038 [slapd] slapd: slapcat output truncated every now and then
Added tag(s) fixed-upstream and patch.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
673038:
Uploaded, thanks so much for your help!
Here is the results from the buildlog.
Debug output for #672524
pwd
/build/buildd-bitcoin_0.7.2-3-kfreebsd-i386-Os85sN/bitcoin-0.7.2
ls -Rl .
{SNIP}
./src/test/data:
total 96
-rw-r--r-- 1 buildd sbuild 438 Dec 10 14:47 base58_encode_decode.json
2013/2/7 Quanah Gibson-Mount qua...@zimbra.com:
--On Thursday, February 07, 2013 7:45 PM +0100 Bálint Réczey
bal...@balintreczey.hu wrote:
tags 673038 + patch fixed-upstream
thanks
...
Upstream (Howard Chu, thanks!) has committed and alternate fix [1] [2].
Please consider back-porting it to
--On Thursday, February 07, 2013 7:45 PM +0100 Bálint Réczey
bal...@balintreczey.hu wrote:
tags 673038 + patch fixed-upstream
thanks
Hi All,
2013/1/28 Bálint Réczey bal...@balintreczey.hu:
...
I think we're all in agreement that the code should be fixed. Please
help to do that, if you
On Wed, Feb 06, 2013 at 11:59:18AM +0100, Thijs Kinkhorst wrote:
Package: openssl
Severity: serious
Tags: security
Hi,
Several issues were announced in the OpenSSL security advisory of 05 Feb 2013
(http://www.openssl.org/news/secadv_20130205.txt):
SSL, TLS and DTLS Plaintext
Hi all!
Scott Howard showard...@gmail.com writes:
In summary: i386 and kfreebsd-i386 builds fail on buildd machines.
They don't fail on other machines, pbuilder chroots, or Ubuntu
builders. The failure comes from he test suite not being able to find
a file, but our debugging shows that the
[Christoph Egger]
The error is printed if the istream signals a fail() *after* parsing
the whole json context. [0] indicates this might just be someone
trying to read an invalid type from the stream (like an int while
the next word in facht is a name). I stopped digging the source
after the
Petter Reinholdtsen p...@hungry.com writes:
[Christoph Egger]
The error is printed if the istream signals a fail() *after* parsing
the whole json context. [0] indicates this might just be someone
trying to read an invalid type from the stream (like an int while
the next word in facht is a
Your message dated Thu, 07 Feb 2013 19:47:34 +
with message-id e1u3xrw-0007bo...@franck.debian.org
and subject line Bug#700037: fixed in libgo-perl 0.13-2
has caused the Debian Bug report #700037,
regarding libgo-perl: libgraphviz-perl dependency missing
to be marked as done.
This means that
On Thu, 2013-02-07 at 19:33 +0100, Laszlo Kajan wrote:
/usr/share/perl5/GO/IO/Dotty.pm:24: 'use GraphViz;'. However d/control does
not Depends: libgraphviz-perl.
Module fails to load when libgraphviz-perl is not installed.
I was looking at this for a potential unblock, but had a query...
Package: sysvinit
Version: 2.88dsf-40
Severity: critical
Hello.
It appears that with the new package that has been pushed to
sid/unstable [sysvinit 2.88dsf-40], performing a debootstrap install
results in an installation with no /etc/inittab. This appears to occur
due to a section of
On Thu, 2013-02-07 at 21:53 +0100, Laszlo Kajan wrote:
/usr/share/perl5/GO/IO/Dotty.pm:24: 'use GraphViz;'. However d/control
does not Depends: libgraphviz-perl.
Module fails to load when libgraphviz-perl is not installed.
I was looking at this for a potential unblock, but had a
/usr/share/perl5/GO/IO/Dotty.pm:24: 'use GraphViz;'. However d/control does
not Depends: libgraphviz-perl.
Module fails to load when libgraphviz-perl is not installed.
I was looking at this for a potential unblock, but had a query... why
does the debdiff contain this?
tags 699616 + pending
thanks
Dear maintainer,
I've prepared an NMU for gosa (versioned as 2.7.4-4.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
--
Jonathan Wiltshire j...@debian.org
Debian Developer
Processing commands for cont...@bugs.debian.org:
tags 699616 + pending
Bug #699616 [src:gosa] gosa: postinst/rm uses -d /etc/apache2/conf.d as guard
across calls to Apache
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
699616:
On Tue, Feb 05, 2013 at 03:43:56PM +0100, Salvatore Bonaccorso wrote:
At this stage of the freeze this option (droping the patch for 627217)
looks the best to me, what do you think Anibal?
Hello Salvatore,
I'll prepare a new package without it.
Cheers,
Aníbal
--
To UNSUBSCRIBE, email to
Your message dated Thu, 07 Feb 2013 21:32:47 +
with message-id e1u3z5l-0003z2...@franck.debian.org
and subject line Bug#699887: fixed in polarssl 1.1.4-2
has caused the Debian Bug report #699887,
regarding TLS timing attack in polarssl (Lucky 13)
to be marked as done.
This means that you
Package: libflickcurl0
Version: 1.22-1
Severity: grave
Justification: renders package unusable
A new version (1.23) is available, and adds support for oAuth, which is needed
right now to authenticate in Flickr. The old method has been dropped now.
-- System Information:
Debian Release:
On Thu, Feb 07, 2013 at 03:58:16PM -0500, David Comeau (SaturnNiGHTS) wrote:
It appears that with the new package that has been pushed to
sid/unstable [sysvinit 2.88dsf-40], performing a debootstrap install
results in an installation with no /etc/inittab. This appears to
occur due to a
Hi,
polarssl 1.1.4-2 just hit unstable. Fixes security bug #699887,
CVE-2013-0169, so please unblock.
Thanks!
(Will contact the security team separately for the respective security
update for the version in stable.)
Roland
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
On Thu, 2013-02-07 at 22:53 +0100, Roland Stigge wrote:
polarssl 1.1.4-2 just hit unstable. Fixes security bug #699887,
CVE-2013-0169, so please unblock.
Unblocked; thanks.
Please consider filing a usertagged unblock tag (e.g. via reportbug) in
future. They're much easier for us to keep track
Processing commands for cont...@bugs.debian.org:
severity 547092 grave
Bug #547092 [nagios-nrpe-server] nagios-nrpe-server: Insecure 'SSL' option, key
identical for all debian systems
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need
Hi,
I prepared a security upload for stable (attached debdiff). Should I
upload it to stable-security(security-master)?
Thanks,
Roland
diff -ruN temp/polarssl-0.12.1/debian/changelog polarssl-0.12.1/debian/changelog
--- temp/polarssl-0.12.1/debian/changelog 2013-02-07 22:54:41.0
Package: sysvinit
Version: 2.88dsf-40
Severity: critical
Hello.
It appears that with the new package that has been pushed to
sid/unstable [sysvinit 2.88dsf-40], performing a debootstrap install
results in an installation with no /etc/inittab. This appears to occur
due to a section of
On Sun, Feb 03, 2013 at 05:20:24AM +0100, Andreas Beckmann wrote:
Followup-For: Bug #685469
Control: tag -1 patch
Hi,
I'm attaching my sugggested patch to fix this problem. The fixup should
only be performed by ekg2.postinst - ekg2-core should have nothing to do
as everything is fine
As pointed out in a previous message to the bug, #547092
nagios-nrpe-server: Insecure 'SSL' option, key identical for all
debian systems is severity grave due to the security problem it
introduces in the service (but not critical since the problem is
limited to the nrpe service). I have adjusted
On Thu, 2013-02-07 at 14:13 -0800, Matt Taggart wrote:
If this can't be solved, maybe we could recommend better
alternatives?
The better alternative is using ssh with control channel
multiplexing,... which is as fast as nrpe.
The only thing missing there was a restricted shell for the remote
i don't know why this created again. really sorry about that. please
close as already filed.
700051:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=70005
On 02/07/2013 05:09 PM, Debian Bug Tracking System wrote:
Thank you for filing a new Bug report with Debian.
This is an automatically
On Thu, 07 Feb 2013, Matt Taggart wrote:
As pointed out in a previous message to the bug, #547092
nagios-nrpe-server: Insecure 'SSL' option, key identical for all
debian systems is severity grave due to the security problem it
introduces in the service (but not critical since the problem is
Just my 2 cents (without any hat on):
TLS integration in NRPE was broken from the beginning and more or less
by design.
The real and only security feature is to configure a appropriate
allowed_hosts list, which might be enough security for internal
networks in respect of TCP sessions.
Question
On 08.02.2013 00:31, Markus Frosch wrote:
Just my 2 cents (without any hat on):
TLS integration in NRPE was broken from the beginning and more or less
by design.
The real and only security feature is to configure a appropriate
allowed_hosts list, which might be enough security for internal
On Fri, 2013-02-08 at 00:26 +0100, Alexander Wirt wrote:
In fact nothing is new here and security wouldn't change much with different
keys. The implementation ist just broken. But if you have an idea to improve
it, feel free to send a patch. (as long as it doesn't make nrpe incompatible
to
Off topic but...
Hi Michael
On Fri, 2013-02-08 at 00:55 +0100, Michael Friedrich wrote:
i've tried the idea of the ssl x509 patch in an unofficial nrpe fork.
lives in git here, until it dies, and will never get released, so
beware: https://git.icinga.org/?p=icinga-irpe.git;a=summary
If
Package: python-selenium
Version: 2.2.0-1
Severity: grave
Current selenium package includes the firefox webdriver, which doesn't work
with recent iceweasel, and the chrome webdriver, which requires external
binaries from http://code.google.com/p/chromedriver/downloads/list
I cannot say anything
forcemerge 700048 700051
thanks
On Thu, Feb 07, 2013 at 05:11:00PM -0500, David Comeau (SaturnNiGHTS) wrote:
i don't know why this created again. really sorry about that.
please close as already filed.
No worries, I'll just merge them so they are closed together.
--
.''`. Roger Leigh
:
Processing commands for cont...@bugs.debian.org:
forcemerge 700048 700051
Bug #700048 [src:haveged] Log for attempted build of haveged_1.4-4 on m68k
(dist=unstable)
Unable to merge bugs because:
package of #700051 is 'sysvinit' not 'src:haveged'
Failed to forcibly merge 700048: Did not alter
Processing commands for cont...@bugs.debian.org:
forcemerge 700047 700051
Bug #700047 [sysvinit] sysvinit: fails to create /etc/inittab from a fresh
debootstrap
Bug #700051 [sysvinit] sysvinit: fails to create /etc/inittab from a fresh
debootstrap
Merged 700047 700051
thanks
Stopping
Your message dated Fri, 08 Feb 2013 00:48:23 +
with message-id e1u3c8d-0001fi...@franck.debian.org
and subject line Bug#700051: fixed in sysvinit 2.88dsf-41
has caused the Debian Bug report #700051,
regarding sysvinit: fails to create /etc/inittab from a fresh debootstrap
to be marked as done.
Your message dated Fri, 08 Feb 2013 00:48:23 +
with message-id e1u3c8d-0001fi...@franck.debian.org
and subject line Bug#700051: fixed in sysvinit 2.88dsf-41
has caused the Debian Bug report #700051,
regarding sysvinit: fails to create /etc/inittab from a fresh debootstrap
to be marked as done.
Your message dated Fri, 08 Feb 2013 01:32:31 +
with message-id e1u3cpl-0002by...@franck.debian.org
and subject line Bug#698632: fixed in rstatd 4.0.1-8
has caused the Debian Bug report #698632,
regarding rstatd: Patch 03-627217-netio.patch breaks RPC protocol compatibility
for rstatd
to be
On Thu, Feb 07, 2013 at 10:26:51PM +0100, Jose Carlos Garcia Sogo wrote:
A new version (1.23) is available, and adds support for oAuth, which is needed
right now to authenticate in Flickr. The old method has been dropped now.
Thanks for the report. I have checked the changes, and it looks as
Processing commands for cont...@bugs.debian.org:
tags 700050 + confirmed
Bug #700050 [libflickcurl0] libflickcurl0: New version available (and needed
for new oAuth scheme)
Added tag(s) confirmed.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
700050:
627217 found rstatd/4.0.1-8
stop
On Mon, Jan 21, 2013 at 02:50:43PM +0100, Salvatore Bonaccorso wrote:
Source: rstatd
Version: 4.0.1-7
Severity: serious
Justification: Regression, mixed environments Squeeze and Wheezy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Anibal
At our
Package: mtpfs
Version: 1.1-4
Severity: grave
Tags: patch
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
mount my android phone with mtpfs-1.1, it will not show files in
folder that didn't have a subfolder.
* What exactly did you do
When removing the Linux check, playonlinux starts. However, when
trying to install a windows program (7zip), it downloads a linux
version of wine. This (obviously) doesn't work. Maybe recoding
playonlinux to download a custom GNU/kfreeBSD version of wine would
help, but I can understand that this
On Wed, Feb 06, 2013 at 02:08:10AM +0100, Christian Böhme wrote:
Package: clang
Version: 3.0-6
Severity: grave
Justification: renders package unusable
Dear Maintainer,
compiling this program
---8---
#include cstddef
int main ( int argc, char * argv[] )
{
int * i = new
Package: xfe-themes,xfe-i18n
Version: 1.32.5-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
an upgrade test with piuparts revealed that your package installs files
over existing symlinks and possibly overwrites files owned by other
packages. This usually means an old
Package: vim-lesstif
Version: 2:7.3.547-6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
an upgrade test with piuparts revealed that your package installs files
over existing symlinks and possibly overwrites files owned by other
packages. This usually means an old
Hi!
On Wed, 2013-02-06 at 00:50:29 +0100, Andreas Beckmann wrote:
On Tuesday, 5. February 2013 01:01:43 Vagrant Cascadian wrote:
As far as I can tell, /etc/nagios3/stylesheets/* were introduced in the
squeeze nagios3-cgi package. /etc/nagios3/cgi.cfg was a conffile with
nagios3-common in
Your message dated Fri, 08 Feb 2013 03:17:34 +
with message-id e1u3et0-00055q...@franck.debian.org
and subject line Bug#680824: fixed in xdotool 1:2.20100701.2961-3+deb7u2
has caused the Debian Bug report #680824,
regarding xdotool: FTBFS: cannot load such file -- xdo_test_helper
to be marked
Your message dated Fri, 08 Feb 2013 03:17:34 +
with message-id e1u3et0-00055q...@franck.debian.org
and subject line Bug#680824: fixed in xdotool 1:2.20100701.2961-3+deb7u2
has caused the Debian Bug report #680824,
regarding xdotool: FTBFS: /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in
On 02/04/2013 01:28 PM, Dominic Hargreaves wrote:
On Sat, Feb 02, 2013 at 03:31:33PM +0100, intrigeri wrote:
FWIW, I've asked about the same on the Monkeysphere mailing-list last
October, see dkg's answer there:
https://lists.riseup.net/www/arc/monkeysphere/2012-10/
I've just pushed a
79 matches
Mail list logo
