Processing control commands:
tag -1 + patch
Bug #700608 [pigz] pigz creates temp files with too wide permissions
(CVE-2013-0296)
Added tag(s) patch.
--
700608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
Control: tag -1 + patch
The attached patch fixes the issue. It uses st.st_mode as a base
when creating a new file (falling back to usual 0666 when dealing
with stdin). It also uses the same stat attributes as used when
creating the file.
One more thing which is good to have here (it is also
16.02.2013 12:18, Michael Tokarev wrote:
Control: tag -1 + patch
The attached patch fixes the issue. It uses st.st_mode as a base
when creating a new file (falling back to usual 0666 when dealing
with stdin). It also uses the same stat attributes as used when
creating the file.
And
Processing commands for cont...@bugs.debian.org:
reopen #694473 =
Bug #694473 {Done: Ondřej Surý ond...@debian.org} [libapache2-mod-php5]
session extension causes endless recursion after graceful reload
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions
Le mardi 12 février 2013 14:26:18, Dominique Dumont a écrit :
Since this is the first time I'm dealing with a trciky licensing issue,
I'd like some folks from debian-legal mailing list to confirm my opinion.
As mentioned here [1], my proposal is a bad idea. GPL license is transitive.
Since
Your message dated Sat, 16 Feb 2013 09:33:18 +
with message-id e1u6e90-0006by...@franck.debian.org
and subject line Bug#700669: fixed in pyrad 2.0-2
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing
to be marked as done.
This
Hi Jonathan,
On Wed, Feb 13, 2013 at 01:00:21PM +, Jonathan Wiltshire wrote:
On Mon, Feb 11, 2013 at 04:06:44PM +0100, Ivo De Decker wrote:
Control: tags -1 patch
On Mon, Feb 11, 2013 at 03:53:11PM +0100, Ivo De Decker wrote:
You package rawstudio has a (build) dependency on
Your message dated Sat, 16 Feb 2013 09:48:04 +
with message-id e1u6eni-00041h...@franck.debian.org
and subject line Bug#700525: fixed in sundials 2.5.0-2
has caused the Debian Bug report #700525,
regarding sundials: several binary packages not linked properly against blas
and lapack
to be
Processing commands for cont...@bugs.debian.org:
# improve subject
retitle 700669 pyrad: CVE-2013-0294: potentially predictable password hashing
and packet IDs
Bug #700669 {Done: Jeremy Lainé jeremy.la...@m4x.org} [pyrad] pyrad:
CVE-2013-0294: potentially predictable password hashing
Changed
Your message dated Sat, 16 Feb 2013 10:32:09 +
with message-id e1u6f3x-0003gm...@franck.debian.org
and subject line Bug#696375: fixed in gmime2.2 2.2.25-2+squeeze1
has caused the Debian Bug report #696375,
regarding mono-gac: fails to upgrade from lenny if libgmime2.2-cil is still
installed
Processing control commands:
tags -1 confirmed
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Added tag(s) confirmed.
--
695866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To
Control: tags -1 confirmed
On 2012-12-13 21:26, Niels Thykier wrote:
[...]
top tells me that Lintian starts its memory usage at about 450MB/300MB
and ends at about 620MB/450MB[1]. During this interval, Lintian
processed about 512 groups[2].
Assuming the entire change is a leak, Lintian
Hi Jeremy
Thanks for already fixing the issue for pyrad in unstable. As the
debdiff between 1.2-1 and 2.0-2 looks quite big, it cannot be a
candidate for a unblock per se to testing.
Could you prepare also a package targetting wheezy (versioned as
1.2-1+deb7u1) only containing the changes to fix
On 2013-02-16 11:09, Adam D. Barratt wrote:
On Sat, 2013-02-16 at 01:34 +0100, Andreas Beckmann wrote:
that should be fixable by adding to gforge-web-apache2
Breaks/Replaces: gforge-common ( 4.8)
Does should be fixable mean you haven't tested your patch? It looks
okay but I'd really feel
On Fri, Feb 15, 2013 at 11:12:57PM +0100, Kurt Roeckx wrote:
On Fri, Feb 15, 2013 at 09:27:14AM +0100, Thijs Kinkhorst wrote:
Hi wb-team,
I read in this bug log that most aspects of wheezy-security have been
taken care of, but Philipp reported on Jan 4 that the buildds still need
to be
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hello,
Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
#700525 (fix by Christophe).
The change is basically adding -lblas -llapack -lm to LDFLAGS
debdiff attached.
Control: found -1 2.5.9
Control: tags -1 pending
On 2013-02-16 11:34, Niels Thykier wrote:
[...]
It seems that (part of) this leak can be triggered with something like:
$LAB-visit_packages (sub {
my ($entry) = @_;
while (1) {
eval { $entry-info-index (''); };
Processing control commands:
found -1 2.5.9
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Marked as found in versions lintian/2.5.9.
tags -1 pending
Bug #695866 [lintian] lintian: regression in memory usage or memory leak
Added tag(s) pending.
--
695866:
On Sat, 2013-02-16 at 12:03 +0100, Andreas Beckmann wrote:
On 2013-02-16 11:09, Adam D. Barratt wrote:
Does should be fixable mean you haven't tested your patch? It looks
okay but I'd really feel happier knowing it had been tested...
The fusionforge packages are not really in a good shape
Your message dated Sat, 16 Feb 2013 12:59:42 +0100
with message-id 511f74ae.6000...@gambaru.de
and subject line Done
has caused the Debian Bug report #691452,
regarding lgc-pg: ships non-free files in contrib
to be marked as done.
This means that you claim that the problem has been dealt with.
If
Your message dated Sat, 16 Feb 2013 13:00:08 +
with message-id e1u6hna-000188...@franck.debian.org
and subject line Bug#681654: fixed in kstars-data-extra-tycho2 1.1r1-9
has caused the Debian Bug report #681654,
regarding kstars-data-extra-tycho2: should be moved to non-free
to be marked as
Control: tag -1 pending
On 2013-02-16 00:46, Andreas Beckmann wrote:
A proposed patch is attached, I intend to NMU libzorpll once that
request was accepted. Unfortunately p-u-NEW will close on Monday for the
next point release that is scheduled for 23rd, so I can probably only
upload this to
Processing control commands:
tag -1 pending
Bug #693984 [libzorpll-dev] libzorpll-dev: fails to upgrade lenny - squeeze -
trying to overwrite /usr/include/zorp/streamblob.h
Added tag(s) pending.
--
693984: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693984
Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org:
tags 699892 + pending
Bug #699892 [pan] pan: Incompatible license: GPLv2 binary linked against
LGPLv3+ library
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
699892:
Your message dated Sat, 16 Feb 2013 13:47:32 +
with message-id e1u6i72-00059t...@franck.debian.org
and subject line Bug#695866: fixed in lintian 2.5.10.4
has caused the Debian Bug report #695866,
regarding lintian: regression in memory usage or memory leak
to be marked as done.
This means
Package: fcitx-libs-gclient
Version: 1:4.2.7-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + fcitx-libs-dev
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'testing'.
It installed fine in 'testing', then the upgrade to
Processing control commands:
affects -1 + fcitx-libs-dev
Bug #700710 [fcitx-libs-gclient] fcitx-libs-gclient: fails to upgrade from
'testing' - trying to overwrite
/usr/lib/x86_64-linux-gnu/libfcitx-gclient.so.0.1
Added indication that 700710 affects fcitx-libs-dev
--
700710:
Package: clang-3.2,clang
Version: 1:3.2-1~exp6
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because
Package: python-quantum
Version: 2012.2.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'sid' to 'experimental'.
It installed fine in 'sid', then the upgrade to 'experimental' fails
because it
Processing control commands:
severity -1 serious
Bug #690172 {Done: Matthias Klose d...@debian.org} [gcc-4.7-base]
gcc-4.7-base: adding Breaks: gcc-4.4-base ( 4.4.7) ?
Severity set to 'serious' from 'normal'
--
690172: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690172
Debian Bug
found 700525 2.5.0-2
thanks
Hello,
Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
#700525 (fix by Christophe).
The change is basically adding -lblas -llapack -lm to LDFLAGS
LDFLAGS is the wrong place for this, it must be placed in LIBS or your
build systems
Processing commands for cont...@bugs.debian.org:
found 700525 2.5.0-2
Bug #700525 {Done: Christophe Trophime christophe.troph...@lncmi.cnrs.fr}
[sundials] sundials: several binary packages not linked properly against blas
and lapack
There is no source info for the package 'sundials' at version
Source: python-imaging
Version: 1.1.7+1.7.8-2
Severity: serious
Justification: fails to build from source
python-imaging FTBFS on buildds:
| dh_movefiles -ppython-imaging-tk \
| --sourcedir=debian/python-imaging \
| usr/lib/python2.6/$(basename $(_py_=2.6;
Package: python-numpy
Version: 1:1.6.2-1.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'squeeze'.
It installed fine in 'squeeze', then the upgrade to 'wheezy' fails.
From the attached log
On 02/16/2013 03:46 PM, Julian Taylor wrote:
found 700525 2.5.0-2
thanks
Hello,
Could you unblock sundials version 2.5.0-2 ? It would fix the RC bug
#700525 (fix by Christophe).
The change is basically adding -lblas -llapack -lm to LDFLAGS
LDFLAGS is the wrong place for this, it
Hi Pierre,
long ago you had reported #543163 lvm2: Please don't depend on udev
http://bugs.debian.org/543163
Unfortunately the fix included in squeeze was incomplete (and you
promptly reopened the bug) as the dependencies in the init script were
not adjusted accordingly.
I'd like to get this
Package: postfix
Version: 2.9.3-2.1
Severity: serious
Postfix 2.9 = x 2.9.6 computes completely bogus public key
fingerprints for TLS checks. Please fix this for Wheezy.
Bastian
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'),
Processing commands for cont...@bugs.debian.org:
found 700597 4.0~a15-1
Bug #700597 [live-config-systemd] systemd-backend fails to install on
non-systemd systems
Marked as found in versions live-config/4.0~a15-1.
found 700597 3.0.21-1
Bug #700597 [live-config-systemd] systemd-backend fails to
tag 699124 + pending
thanks
Some bugs in the libbusiness-isbn-perl package are closed in revision
8316fb44bedf760a3b688027a8648d915339c81f in branch 'master' by gregor
herrmann
The full diff can be seen at
Processing commands for cont...@bugs.debian.org:
tag 699124 + pending
Bug #699124 [src:libbusiness-isbn-perl] [PATCH] Resolve FTBFS based on new
group data
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
699124:
Your message dated Sat, 16 Feb 2013 17:47:41 +
with message-id e1u6lrr-0002lr...@franck.debian.org
and subject line Bug#699124: fixed in libbusiness-isbn-perl 2.05-2
has caused the Debian Bug report #699124,
regarding [PATCH] Resolve FTBFS based on new group data
to be marked as done.
This
Your message dated Sat, 16 Feb 2013 19:03:36 +
with message-id e1u6n2u-0006f8...@franck.debian.org
and subject line Bug#700348: fixed in samba4 4.0.3+dfsg1-0.1
has caused the Debian Bug report #700348,
regarding samba4: fails to upgrade from sid: libserver-role.so: version
`SAMBA_4.0.0' not
Hello Andreas,
long ago you had reported #543163 lvm2: Please don't depend on udev
http://bugs.debian.org/543163
Unfortunately the fix included in squeeze was incomplete (and you
promptly reopened the bug) as the dependencies in the init script were
not adjusted accordingly.
I'd like to
Source: tty-clock
Version: 1.1-1
Severity: serious
Justification: use-after-free and who knows what else
Hi!
Just saw ttyclock in the wanna-build Needs-Build list for m68k,
and thought to have a look at what it can do (comparison with
my /usr/share/doc/mksh/examples/uhr.gz script, for example),
On Sat, Feb 16, 2013 at 10:34:51AM +0100, Ivo De Decker wrote:
Hi Jonathan,
On Wed, Feb 13, 2013 at 01:00:21PM +, Jonathan Wiltshire wrote:
On Mon, Feb 11, 2013 at 04:06:44PM +0100, Ivo De Decker wrote:
Control: tags -1 patch
On Mon, Feb 11, 2013 at 03:53:11PM +0100, Ivo De
Hi Jonathan,
On Sat, Feb 16, 2013 at 07:58:06PM +, Jonathan Wiltshire wrote:
Ok. Please build a package if you want and I will sponsor it into
DELAYED/2; by then the maintainers will have had 1 week to fix this which I
think is fair.
The package is available at
On Tue, 29 Jan 2013 17:39:24 +0100, gregor herrmann wrote:
Same here (with different times, slightly lower values), in both a
wheezy and a sid chroot ony ma laptop, while a backup is running.
I looked into the code now. lib/IO/Async/Loop/Glib.pm and especially
loop_once() (lines 295 ff.) seem
Processing commands for cont...@bugs.debian.org:
tags 700530 + confirmed
Bug #700530 [src:qt4-x11] qt frames remain empty in kfreebsd since -10 to -11
update
Added tag(s) confirmed.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
700530:
Your message dated Sat, 16 Feb 2013 20:47:06 +
with message-id e1u6of4-00020d...@franck.debian.org
and subject line Bug#688849: fixed in ffmpeg 4:0.5.10-1
has caused the Debian Bug report #688849,
regarding ffmpeg/squeeze/stable: multiple CVEs that need further investigation
to be marked as
Your message dated Sat, 16 Feb 2013 20:47:30 +
with message-id e1u6ofs-00025e...@franck.debian.org
and subject line Bug#696155: fixed in fglrx-driver 1:10-9-3squeeze1
has caused the Debian Bug report #696155,
regarding fglrx-glx-ia32: fails to upgrade from lenny
to be marked as done.
This
Your message dated Sat, 16 Feb 2013 20:48:44 +
with message-id e1u6oge-0002gg...@franck.debian.org
and subject line Bug#697373: fixed in colorhug-client 0.1.11-2
has caused the Debian Bug report #697373,
regarding colorhug-client: must Depends: on librsvg2-common for SVG loading
to be marked
Processing commands for cont...@bugs.debian.org:
notfound 700530 4:4.8.2+dfsg-10
Bug #700530 [src:qt4-x11] qt frames remain empty in kfreebsd since -10 to -11
update
Ignoring request to alter found versions of bug #700530 to the same values
previously set
thanks
Stopping processing here.
On Sat, Feb 16, 2013 at 09:29:57PM +0100, Ivo De Decker wrote:
Hi Jonathan,
On Sat, Feb 16, 2013 at 07:58:06PM +, Jonathan Wiltshire wrote:
Ok. Please build a package if you want and I will sponsor it into
DELAYED/2; by then the maintainers will have had 1 week to fix this which I
Dear maintainer,
I've prepared an NMU for rawstudio (versioned as 2.0-1.1) which will be
uploaded by Jonathan Wiltshire to DELAYED/2. Please feel free to tell us if we
should delay it longer.
Regards.
Ivo
diff -u rawstudio-2.0/debian/changelog rawstudio-2.0/debian/changelog
---
Your message dated Sat, 16 Feb 2013 17:48:17 -0500
with message-id
CANTw=MNK4y1m12Pj-zituH=ixpuakajgu5qsjedxdj9hchp...@mail.gmail.com
and subject line re: CSS visited elements allow for disclosure of users browser
history
has caused the Debian Bug report #579136,
regarding CSS visited elements
Processing commands for cont...@bugs.debian.org:
# squeeze is not affected
tags 653883 + wheezy sid
Bug #653883 {Done: Jakub Wilk jw...@debian.org} [src:python-ldap-doc]
python-ldap-doc: FTBFS: /usr/lib/python2.5/doc/tools/mkhowto: No such file or
directory
Added tag(s) sid and wheezy.
Hi Salvatore,
I have just uploaded the requested version to testing-proposed-updates and will
get in touch with the release team to allow it into wheezy.
For squeeze, the package will be exactly the same (squeeze / wheezy both have
pyrad 1.2-1), but what should the version number be?
Cheers,
Your message dated Sat, 16 Feb 2013 23:17:26 +
with message-id e1u6r0y-0007iu...@franck.debian.org
and subject line Bug#700669: fixed in pyrad 1.2-1+deb7u1
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing and
packet IDs
to be
Dear release team,
Yesterday the following security vulnerability in the pyrad package was
brought to my attention by Salvatore Bonaccorso:
https://security-tracker.debian.org/tracker/CVE-2013-0294
It is tracked in the following bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700669
I
Processing commands for cont...@bugs.debian.org:
tags 700215 - pending patch
Bug #700215 [httpie] Documentation is not converted to common documentation
formats
Removed tag(s) pending and patch.
# sorry, my mistake
tags 700315 + pending patch
Bug #700315 [rawstudio] rawstudio: please remove
On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote:
Dear release team,
Yesterday the following security vulnerability in the pyrad package was
brought to my attention by Salvatore Bonaccorso:
https://security-tracker.debian.org/tracker/CVE-2013-0294
It is tracked in the
Your message dated Sun, 17 Feb 2013 00:17:05 +
with message-id e1u6rwh-0002sn...@franck.debian.org
and subject line Bug#695224: fixed in perl 5.10.1-17squeeze5
has caused the Debian Bug report #695224,
regarding perl-modules: Locale::Maketext code injection
to be marked as done.
This means
Your message dated Sun, 17 Feb 2013 01:17:30 +
with message-id e1u6ssk-0006i0...@franck.debian.org
and subject line Bug#700535: fixed in fts 1.1-1.1
has caused the Debian Bug report #700535,
regarding fts: several issues w.r.t. configuration file handling
to be marked as done.
This means that
Package: jenkins
Version: 1.447.2+dfsg-3
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory.
In this advisory, three vulnerabilities are rated high severity,
one is medium and one is low.
See:
Processing commands for cont...@bugs.debian.org:
# Sunday 17 February 07:03:19 UTC 2013
# Tagging as pending bugs that are closed by packages in NEW
# http://ftp-master.debian.org/new.html
#
# Source package in NEW: a
href=http://packages.qa.debian.org/camitk;camitk/a
tags 689021 +
Hi all
On Sun, Feb 17, 2013 at 12:19:00AM +, Jonathan Wiltshire wrote:
On Sun, Feb 17, 2013 at 12:16:32AM +0100, Jeremy Lainé wrote:
Dear release team,
Yesterday the following security vulnerability in the pyrad
package was brought to my attention by Salvatore Bonaccorso:
Hi Jeremy
On Sun, Feb 17, 2013 at 12:09:32AM +0100, Jeremy Lainé wrote:
I have just uploaded the requested version to
testing-proposed-updates and will get in touch with the release team
to allow it into wheezy.
Thank you, have seen the mail.
For squeeze, the package will be exactly the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/17/2013 01:19 AM, Jonathan Wiltshire wrote:
It's traditional to seek approval *before* uploading; more so in this case
since adding a
patch system is a no-no. The change itself is fine, please upload with this
only. You will
have to bump
Your message dated Sun, 17 Feb 2013 07:47:29 +
with message-id e1u6yy9-oy...@franck.debian.org
and subject line Bug#700669: fixed in pyrad 1.2-1+deb7u2
has caused the Debian Bug report #700669,
regarding pyrad: CVE-2013-0294: potentially predictable password hashing and
packet IDs
to be
69 matches
Mail list logo