On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: grave
> Tags: security
> Justification: user security hole
>
> No specific details available yet:
> http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
>
> Cheers,
> Moritz
>
The follo
Package: systemd
Version: 215-9
Severity: serious
Tags: upstream confirmed patch
Michael points out a regression in 215-9 wrt. handling init scripts
with a .sh suffix. This is closely related, but not identical to
#775404, so let's track it as a separate bug.
I posted a fix with a test case to th
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a su
Faidon Liambotis writes:
> On Debian systems (i.e. on $::operatingsystem == "debian"), the default
> provider is "debian"; this is a separate provider that inherits the
> "init" provider but overrides a few methods to add invoke-rc.d support.
> The systemd provider, on the other hand, is default
Source: mariadb-10.0
Version: 10.0.15-3
Severity: grave
Tags: security
Hi MariaDB maintainers!
As you might have seen there is a new Oracle Patch Update including
updates for MySQL 5.5. I'm filling this bug to just have it
double-checked as mariadb.com does not list yet new versions afaics:
http
Your message dated Wed, 21 Jan 2015 06:03:39 +
with message-id
and subject line Bug#775276: fixed in condor 8.2.3~dfsg.1-6
has caused the Debian Bug report #775276,
regarding condor: CVE-2014-8126
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is
Your message dated Wed, 21 Jan 2015 05:48:22 +
with message-id
and subject line Bug#775699: fixed in gaviotatb 0.4-2
has caused the Debian Bug report #775699,
regarding libgaviotatb-dev is broken: undefined reference to `z_uncompress'
to be marked as done.
This means that you claim that the p
Source: mysql-5.5
Version: 5.5.23-2
Severity: grave
Tags: security upstream patch fixed-upstream
Hi
As usual at this time of the year, there was a new Oracle Patch Update
including updates for MySQL, see:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
Reg
Followup-For: Bug #774862
Control: found -1 1.05-4
The .maintscript needs a small fix to actually work as intended:
vvv
-symlink_to_dir /usr/share/ciderwebmail/root/static/images/mimeicons
../../../
Processing control commands:
> found -1 1.05-4
Bug #774862 {Done: gregor herrmann } [ciderwebmail]
ciderwebmail: unhandled symlink to directory conversion:
/usr/share/ciderwebmail/root/static/images/mimeicons
Marked as found in versions ciderwebmail/1.05-4; no longer marked as fixed in
versions
Package: moodle
Followup-For: Bug #754565
Hi,
This bug has been open for a while, with no response. Files that forbid
modification are not DFSG-free, so you will need to remove
lib/tcpdf/include/sRGB.icc from the moodle package.
However, note that the file that you want is in the non-free packag
Package: gnome-session
Version: 3.14.0-2
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
I upgraded all packages with apt-get upgrade.
after the upgrade, when starting gdm, everything seems fine, but
On 2015-01-10 15:05, Holger Levsen wrote:
>> This seems to be an udevadm 'bug' instead, it can't handle unreachable
>> /proc/cmdline . Is there any policy that a package should install
>> while /proc is unavailable?
>
> packages may be in non working state, but I'd argue that installation itself
I had the same problem in Gentoo linux.
I am by no means a network expert.
I had this warning in NM log.
error in connection
/etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0:
invalid connection: connection.type: property is missing
So I removed the the following file
/
On Wed, Jan 21, 2015 at 06:55:05AM +0900, Mike Hommey wrote:
>On Tue, Jan 20, 2015 at 01:44:37PM +, Steve McIntyre wrote:
>>
>> The automatic setup of grub-install calling efibootmgr won't be
>> touching the "grub" entry at all - it's set up to only play with
>> "debian" entries. So that shoul
On Sat, 17 Jan 2015, Ben Hutchings wrote:
> chown() and write() should clear all privilege attributes on
> a file - setuid, setgid, setcap and any other extended
> privilege attributes.
>
> However, any attributes beyond setuid and setgid are managed by the
> LSM and not directly by the filesyste
peter green wrote:
I have just prepared a patch against wheezy's openjdk-6 to disable the
timebomb code. I have attatched this patch which I am currently in the
process of testing.
I have tested that my patch results in succesful builds of openjdk-6 and
openjdk-7 in raspbian wheezy.
Debdiffs
On 1/20/2015 3:17 PM, James Morris wrote:
> On Sat, 17 Jan 2015, Ben Hutchings wrote:
>
>> chown() and write() should clear all privilege attributes on
>> a file - setuid, setgid, setcap and any other extended
>> privilege attributes.
>>
>> However, any attributes beyond setuid and setgid are manag
On Tue, Jan 20, 2015 at 01:44:37PM +, Steve McIntyre wrote:
> On Mon, Jan 19, 2015 at 07:42:37AM +0900, Mike Hommey wrote:
> >On Sun, Jan 18, 2015 at 11:37:28AM +, Steve McIntyre wrote:
> >> The ENOSPC handling has been bad in the past, but it's not clear that
> >> was the cause of your ori
Hi!
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
> CVEs should follow soon. Also, I guess Wheezy and Jessie are affected too, so
> a
> DSA might be needed.
They were assigned now:
http://www.openwall.com/lists/oss-security/2015/01/20/11
Regards,
Salvatore
--
To UNSUBSCR
Your message dated Tue, 20 Jan 2015 21:17:06 +
with message-id
and subject line Bug#768095: fixed in openvswitch 1.4.2+git20120612-9.1~deb7u1.1
has caused the Debian Bug report #768095,
regarding openvswitch-datapath-dkms fails to build on Debian 7.7 3.2.0-4-amd64
(3.2.63-2+deb7u1)
to be mark
Your message dated Tue, 20 Jan 2015 21:17:07 +
with message-id
and subject line Bug#775167: fixed in privoxy 3.0.19-2+deb7u1
has caused the Debian Bug report #775167,
regarding privoxy: CVE-2015-1030 CVE-2015-1031
to be marked as done.
This means that you claim that the problem has been dealt
Your message dated Tue, 20 Jan 2015 21:17:12 +
with message-id
and subject line Bug#773085: fixed in xdg-utils 1.1.0~rc1+git20111210-6+deb7u2
has caused the Debian Bug report #773085,
regarding xdg-utils: CVE-2014-9622: command injection vulnerability
to be marked as done.
This means that you
Source: vlc
Version: 2.1.5-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
multiple vulnerabilities were reported against vlc 2.1.5. The complete
mail is at http://seclists.org/oss-sec/2015/q1/187 but at least the
following vulnerabilities are fixed in vlc master branch:
*
Here's a cosmetically evolved patch which I'll commit and release
shortly. Thanks!
--
Thomas
diff --git a/etc/dhcp/dhclient-enter-hooks.d/resolvconf b/etc/dhcp/dhclient-enter-hooks.d/resolvconf
index 529504b..cf61615 100644
--- a/etc/dhcp/dhclient-enter-hooks.d/resolvconf
+++ b/etc/dhcp/dhclient-e
On 2015-01-20 19:28, Felipe Sateler wrote:
> For reference, the inclusion of common-session is a local debian
> patch[1]. The original file referenced system-auth, which apparently
> debian does not use.
>
>
> [1]
> http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/debian/patches/Adj
On Mon, 19 Jan 2015 11:45:28 +0100
Matthias Klose wrote:
> reopen 769797
> found 769797 4.9.1-4
> thanks
>
> On 01/18/2015 11:51 AM, Debian Bug Tracking System wrote:
> > Your message dated Sun, 18 Jan 2015 10:46:31 +
> > with message-id <20150118104631.13a3ecaf@sylvester.codehelp>
> > and s
Hello,
came across launchpad bug #1360241 [1] which discusses the same error.
There it comes from ubuntu-ui-toolkit tests.
There they did revert their mesa package to depend on llvm-3.4 instead
of llvm-3.5.
So did I and recompiled mesa to use llvm-3.4 (see attached patch).
And with these packages
On Mon, 05 Jan 2015 20:57:05 +0100 Christian Kastner wrote:
>
> If this second PAM session via systemd-user is indeed intended to be
> merely a background thing, them common-session-noninteractive should be
> the way to go anyway. But I'm not familiar enough with systemd to make
> that call.
For
Thanks Patrick. One note - just like the v6 issue, the gdnsd test suite
is detecting a genuine problem in the city DB. It is something wrong with
the city DB creation tools that's causing it (i.e. not just an issue with
the gdnsd tests). I just haven't finished tracking down exactly what the
issu
tag #775638 + confirmed
clone #775638 -1
reassign -1 geoip-bin
retitle -1 geoip-generator produces faulty v6/city database
severity -1 grave
found -1 1.6.2-3
thanks
Hi
Am 18.01.2015 um 05:21 schrieb Debian Bug Tracking System:
> Processing commands for cont...@bugs.debian.org:
>
>> reassign 7756
Source: timblserver
Version: 1.7-4
Severity: serious
Tags: sid
Hi,
timblserver FTBFS in unstable (but not in testing) on amd64 with the
following error:
> /bin/bash ../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I..
> -I../include -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-st
Processing commands for cont...@bugs.debian.org:
> tag #775638 + confirmed
Bug #775638 [geoip-database] IPv6 database is corrupt
Added tag(s) confirmed.
> clone #775638 -1
Bug #775638 [geoip-database] IPv6 database is corrupt
Bug 775638 cloned as bug 775851
> reassign -1 geoip-bin
Bug #775851 [geo
Processing commands for cont...@bugs.debian.org:
> found 775843 1.6.4-1
Bug #775843 [node-serve-static] node-serve-static: CVE-2015-1164
Marked as found in versions node-serve-static/1.6.4-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
775843: http://bugs.debi
Hi,
Michael Gilbert wrote:
> I prepared a patch fixing resolvconf's bashisms. Please test.
I've just tested this patch on the machine where I initially run into
this issue.
I can confirm that dhclient-script no more throws errors with
Michael's patch and /etc/resolv.conf respectively its symlin
Your message dated Tue, 20 Jan 2015 16:30:43 +
with message-id
and subject line Bug#775672: Removed package(s) from unstable
has caused the Debian Bug report #774366,
regarding ploader: Fails to log in with Can't locate object method "ParseDate"
via package "Wx::DateTime"
to be marked as done
Package: node-serve-static
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://nodesecurity.io/advisories/serve-static-open-redirect
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". T
Processing commands for cont...@bugs.debian.org:
> submitter 759691 !
Bug #759691 [src:ck] ck: file "ck_hclh" is not cleaned by debian/rules clean
Changed Bug submitter to 'James Cowgill ' from 'James
Cowgill '
> submitter 770457 !
Bug #770457 {Done: Markus Koschany } [eclipse-rcp]
eclipse-rcp:
On Wed, Nov 19, 2014 at 11:17:43PM +0100, Moritz Muehlenhoff wrote:
> Source: cyassl
> Severity: grave
> Tags: security
>
> Please see https://marc.info/?l=oss-security&m=139779940032403&w=2
In addition there are five issues fixed in the local copy in MySQL.
Please check with upstream, in which c
Package: moodle
Severity: grave
Tags: security
Justification: user security hole
The current Moodle package in the archive is affected by multiple security
issues:
Cheers,
Moritz
https://security-tracker.debian.org/tracker/CVE-2015-0218
https://security-tracker.debian.org/tracker/CVE-20
Processing commands for cont...@bugs.debian.org:
> # #759841 has a better title than #705026, so steal it :)
> retitle 705026 minbar: FTBFS: ld: minbar-main.o: undefined reference to
> symbol 'sincos@@GLIBC_2.2.5'
Bug #705026 [minbar] minbar: fails to build, underlinked against libm
Changed Bug t
Control: severity -1 important
On Tue, 20 Jan 2015 15:03:12 +0100 Fabian Greffrath
wrote:
> Source: deng
> Version: 1.10.4-2
> Severity: serious
> Justification: Policy 5.6.3
>
> Hi all,
>
> I once helped to get the package back up into shape in order to
> provide another alternative engine (be
Processing control commands:
> severity -1 important
Bug #775830 [doomsday] deng: has no human maintainer anymore
Severity set to 'important' from 'serious'
--
775830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775830
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Your message dated Tue, 20 Jan 2015 15:19:06 +
with message-id
and subject line Bug#773751: fixed in fex 20150120-1
has caused the Debian Bug report #773751,
regarding race condition between fur and fex_cleanup
to be marked as done.
This means that you claim that the problem has been dealt
Your message dated Tue, 20 Jan 2015 15:19:06 +
with message-id
and subject line Bug#774854: fixed in fex 20150120-1
has caused the Debian Bug report #774854,
regarding fex: fails to install: subprocess installed post-installation script
returned error exit status 1
to be marked as done
I'd also like to know how to get involved on that.
I currently see two possibilities:
a) address the important, release critical bugs.
However, ideally would need someone of the old maintainers/uploaders
(added as CC) to sponsor that.
b) See if a quick backport will be possible after the rele
Am 20.01.2015 um 14:50 schrieb Michael Biebl:
> I'd rather have NM use a runtime check for systemd (sd_booted()).
> All the code still seems to be there [1], it just needs to be changed to
> use a runtime check instead of compile time.
>
> I'm inclined to re-assign this to NM.
>
>> I hope we can
Processing control commands:
> reassign -1 doomsday
Bug #775830 [src:deng] deng: has no human maintainer anymore
Bug reassigned from package 'src:deng' to 'doomsday'.
No longer marked as found in versions deng/1.10.4-2.
Ignoring request to alter fixed versions of bug #775830 to the same values
pr
Control: reassign -1 doomsday
> I once helped to get the package back up into shape in order to
> provide another alternative engine (besides prboom-plus) that was able
> to run freedoom. This was around the time when vavoom became unusable
> and was eventually removed from Debian.
>
> Meanwhile,
Source: deng
Version: 1.10.4-2
Severity: serious
Justification: Policy 5.6.3
Hi all,
I once helped to get the package back up into shape in order to
provide another alternative engine (besides prboom-plus) that was able
to run freedoom. This was around the time when vavoom became unusable
and was
On 20 January 2015 at 10:51, Aníbal Monsalve Salazar wrote:
> Hello Steven,
Hi Aníbal,
>
> At IMGtech.com, we would like to support this patch for tbb.
>
> If you prefer, I could sponsor a new Debian version of tbb including
> Jurica's patch.
>
Taking a look at this patch, I would like to exper
tags: -1 + moreinfo help
Am 20.01.2015 um 11:42 schrieb Mike Gabriel:
> Severity: serious
> Justification: GSM modem support will not work out-of-the-box with
> non-systemd setups
>
> Hi,
>
> I see a similar issue about ModemManager not coming up by default via
> network-manager.
>
> The reason
On Mon, Jan 19, 2015 at 07:42:37AM +0900, Mike Hommey wrote:
>On Sun, Jan 18, 2015 at 11:37:28AM +, Steve McIntyre wrote:
>> The ENOSPC handling has been bad in the past, but it's not clear that
>> was the cause of your original bug. :-/ *Now* it's a very bad state to
>> be in, and may cause ot
Simon Horman writes:
> On Mon, Jan 19, 2015 at 09:26:36AM +0900, Christian Balzer wrote:
>
>> Meanwhile, here in what it what we tenuously call reality one can observe
>> the following things:
>>
>> 1. Pacemaker broken in Jessie for more than 2 months now.
>> 2. Silence on this bug for more tha
Package: base
Severity: serious
Justification: Policy 9.11
Dear Maintainer,
I initially reported this problem on the debian-user list (17 Dec 2014). Here
follow the description of the problem that I described:
I'm running Debian testing (jessie) on an HP EliteBook 840 G1 laptop.
Everything goes
On Wed, 2014-12-17 13:11:32 +, Jurica Stanojkovic wrote:
> Package: tbb
> Version: 4.2~20140122-4
> Severity: serious
> Tags: sid + patch
> Justification: FTBFS
> User: debian-m...@lists.debian.org
> Usertags: mips-patch
>
> Hello,
> Package tbb_4.2~20140122-4 FTBFS on mips and mipsel.
>
> Mips
Severity: serious
Justification: GSM modem support will not work out-of-the-box with
non-systemd setups
Hi,
I see a similar issue about ModemManager not coming up by default via
network-manager.
The reason is simple (after staring at mm and nm from jessie and
wheezy for a while):
o
Processing commands for cont...@bugs.debian.org:
> severity #770871 serious
Bug #770871 [modemmanager] modemmanager: ModemManager does not start
automatically
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
770871: http:
Hi!
> Can you give me pointers where those bugreports exist? Do you have
> first hand experience that it's not working correctly?
> I made netboot images onto my USB sticks and they worked.
This exchange is sadly pretty common when it comes to unetbootin and we see
this frequently in #debian.
Hi Ralf,
Thank you for the report. Could you install the libecj-java/3.10.1-1
package from the wheezy-backports and try again please? It contains the
version 4.4 used by Tomcat upstream and is likely to fix this issue.
Emmanuel Bourg
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.deb
On Sat, 17 Jan 2015 12:12:31 + Jonathan Wiltshire
wrote:
> Hi,
>
...
>
> Unfortunatley this isn't suitable for including in Jessie. Could you
> prepare an upload that only fixes this bug, and not the other changes like
> hardening for nginx?
>
Thank you for your advice.
Ok, I'll upload fix ve
Source: phabricator
Version: 0~git20141101-1
Severity: serious
Justification: Policy §9.1.4
Dear Maintainer,
The daemon initscript does not create /run/phabricator and as a result
the daemons do not start on boot until the directory is created
manually:
Daemon:[2015-01-20 11:22:48] EXCEPTION
Package: tomcat7
Version: 7.0.56-1~bpo70+2
Severity: grave
Tags: d-i
Justification: renders package unusable
Dear Maintainer,
https://issues.apache.org/bugzilla/show_bug.cgi?id=57445 no longer occurs if
in /usr/share/java
eclipse-ecj.jar symlinks to eclipse-ecj-4.4.jar
Regards
Ralf
See also
63 matches
Mail list logo