close 781224
thanks
On 26.03.2015 10:31, Moritz Muehlenhoff wrote:
Package: freeipa
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2015-1827:
https://fedorahosted.org/freeipa/ticket/4908
Upstream says this only affects 4.1 and master, not 4.0.x
Processing commands for cont...@bugs.debian.org:
tags 780675 + pending
Bug #780675 [systemd] systemd: segfault in systemd when running systemctl
daemon-reload
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780675:
Hi,
there is 1.12 available (but the patch above solves
the problem as well).
Tomasz
signature.asc
Description: Digital signature
Source: nvidia-graphics-drivers
Version: 340.76-1
Severity: serious
Hi,
During build nvidia-graphics-drivers on amd64 and i386 package return FTBFS:
https://buildd.debian.org/status/logs.php?pkg=nvidia-graphics-
driversver=340.76-1suite=sid
Mateusz
-- System Information:
Debian Release: 8.0
Hi,
Thank you for this detailed report, and sorry for the inconvenience...
On Thu, Mar 26, 2015 at 04:29:02AM +0200, Faidon Liambotis wrote:
The package's postinst, however, is buggy: it does not use
dh_installinit but calls invoke-rc.d ipsec manually. That would have been
fine, but
Hi Moritz,
This is fixed in experimental, but since we're in freeze, testing
should rather be fixed with a targeted upload to sid plus unblock.
(A patch set and reproducers are linked from the oss-security posting).
I have an update ready for unstable jessie, I'll also prepare an update
for
Package: jenkins
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23:
SECURITY-171 is CVE-2015-1812
SECURITY-177 is CVE-2015-1813
SECURITY-180 is CVE-2015-1814
and
On Wed, 18 Mar 2015, Bill Allombert wrote:
On Wed, Mar 18, 2015 at 12:48:13PM +0100, Holger Levsen wrote:
buildd.debian.org uses
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
Urgh! /usr/local in package builds?
It’s unquestionable it should be set like
Processing commands for cont...@bugs.debian.org:
severity 781222 important
Bug #781222 [python-mpmath] mpmath.polyroots fails with NameError: global name
'orig' is not defined
Severity set to 'important' from 'serious'
--
Stopping processing here.
Please contact me if you need assistance.
--
Package: freexl
Severity: grave
Tags: security
Justification: user security hole
Hi,
multiple vulnerabilities have been found in freexl. Please see
this posting on oss-security for additional details:
http://www.openwall.com/lists/oss-security/2015/03/25/1
This is fixed in experimental, but
Processing commands for cont...@bugs.debian.org:
close 781224
Bug #781224 [freeipa] freeipa: CVE-2015-1827
Marked Bug as done
thanks
Stopping processing here.
Please contact me if you need assistance.
--
781224: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781224
Debian Bug Tracking
Control: tags -1 confirmed
Hi Moritz,
multiple vulnerabilities have been found in freexl. Please see
this posting on oss-security for additional details:
http://www.openwall.com/lists/oss-security/2015/03/25/1
This is fixed in experimental, but since we're in freeze, testing
should rather
Processing control commands:
tags -1 confirmed
Bug #781228 [freexl] freexl: Multiple vulnerabilitities
Added tag(s) confirmed.
--
781228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781228
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to
Processing commands for cont...@bugs.debian.org:
tags 780263 + pending
Bug #780263 [udev] udev doesn't create all static nodes with kmod 20
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
780263:
Package: puppet-module-puppetlabs-apt
Version: 1.4.2-1
Severity: serious
Hi,
The Apt module seems to require the presence of the $lsbdistid fact,
which is only available when lsb-release is installed. Neither
puppet-module-puppetlabs-apt, puppet, nor facter have a Dependency (or
any weaker
Processing commands for cont...@bugs.debian.org:
found 781228 1.0.0g-1
Bug #781228 [freexl] freexl: Multiple vulnerabilitities
There is no source info for the package 'freexl' at version '1.0.0g-1' with
architecture ''
Unable to make a source version for version '1.0.0g-1'
Marked as found in
Package: freeipa
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2015-1827:
https://fedorahosted.org/freeipa/ticket/4908
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Processing commands for cont...@bugs.debian.org:
tags 779902 + pending
Bug #779902 [systemd] /tmp can be mounted as tmpfs against user's will
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
779902:
Processing commands for cont...@bugs.debian.org:
tags 781228 + upstream fixed-upstream
Bug #781228 [freexl] freexl: Multiple vulnerabilitities
Added tag(s) upstream and fixed-upstream.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
781228:
Processing commands for cont...@bugs.debian.org:
tags 777164 + pending
Bug #777164 [systemd] systemd: libvirt cgroups start to disappear from
machine.slice after systemctl daemon-reload
Added tag(s) pending.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Package: ruby-rest-client
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2015-1820:
https://github.com/rest-client/rest-client/issues/369
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
Package: network-manager-gnome
Version: 0.9.10.0-2
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Created a new Hotspot via `gnome-control-center network'.
Status: OK, Hostspot working.
* What exactly did you do (or not
Your message dated Thu, 26 Mar 2015 12:34:41 +
with message-id e1yb6zh-0002a0...@franck.debian.org
and subject line Bug#780519: fixed in tomcat7 7.0.56-2
has caused the Debian Bug report #780519,
regarding tomcat7: FTBFS due to failing tests
to be marked as done.
This means that you claim
Your message dated Thu, 26 Mar 2015 12:18:45 +
with message-id e1yb6kh-00066g...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.10.1-1
has caused the Debian Bug report #780989,
regarding dulwich: CVE-2014-9706: does not prevent to write files in commits
with invalid paths
Your message dated Thu, 26 Mar 2015 12:18:45 +
with message-id e1yb6kh-00066g...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.10.1-1
has caused the Debian Bug report #780989,
regarding python-dulwich: CVE-2014-9706: arbitrary command execution
vulnerability in conjunction
Your message dated Thu, 26 Mar 2015 12:18:45 +
with message-id e1yb6kh-00066b...@franck.debian.org
and subject line Bug#780958: fixed in dulwich 0.10.1-1
has caused the Debian Bug report #780958,
regarding dulwich: CVE-2015-0838: buffer overflow in C implementation of pack
apply_delta()
to be
Processing commands for cont...@bugs.debian.org:
close 780255
Bug #780255 [kmod] openconnect: kmod update from version 18 to 20 breaks
openconnect
Bug #780256 [kmod] Stopped auto-loading tun module
Bug #780295 [kmod] linux-image-3.19.0-trunk-amd64: net bridge devices no longer
brought up
Source: fw4spl
Version: 0.9.2-1
Severity: serious
Justification: fails to build from source
Automated builds of fw4spl have been failing to detect HDF5 fully:
-- Configuring fwAtomsHdf5IO: /«PKGBUILDDIR»/SrcLib/io/fwAtomsHdf5IO
CMake Warning (dev) at CMakeLists.txt:135 (get_target_property):
Control: severity -1 important
Christoph Berg christoph.b...@credativ.de writes:
The Apt module seems to require the presence of the $lsbdistid fact,
which is only available when lsb-release is installed. Neither
puppet-module-puppetlabs-apt, puppet, nor facter have a Dependency (or
any
Package: r-base-core
Version: 3.1.1-1+b2
Severity: grave
Justification: renders package unusable
When installing the package `r-base-core` (or anything that depends on it) on a
clean jessie install (not upgraded) then the depricated staff group will not
exist and the calls to `chown root:staff
Processing commands for cont...@bugs.debian.org:
severity 781243 normal
Bug #781243 [network-manager-gnome] network-manager-gnome: Wireless Hotspot
cannot be reconfigured
Severity set to 'normal' from 'grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Package: gnome-power-manager
Version: 3.14.1-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Opened `gnome-power-statistics' (via GNOME Terminal emulator),
switched between the Tabs, and it segfaults on certain cases.
On 26 March 2015 at 18:03, Alexander Schlarb wrote:
| Package: r-base-core
| Version: 3.1.1-1+b2
| Severity: grave
| Justification: renders package unusable
|
| When installing the package `r-base-core` (or anything that depends on it) on
a
| clean jessie install (not upgraded) then the
Processing control commands:
severity -1 important
Bug #781231 [puppet-module-puppetlabs-apt] err: Could not retrieve catalog from
remote server: Error 400 on SERVER: Unsupported osfamily (Debian) or lsbdistid
() at /usr/share/puppet/modules/apt/manifests/params.pp:39
Severity set to
On Tue, 23 Sep 2014 17:42:59 +0200 gregor herrmann gre...@debian.org wrote:
On Mon, 22 Sep 2014 17:06:19 -0500, Julián Moreno Patiño wrote:
Sorry for the late reply. I can build it on amd64.
Whatever we decide -- so far the package is available on amd64 and
i386; the latter is no probelm
Hi Mateusz
On 26 March 2015 at 10:50, Mateusz Łukasik mat...@linuxmint.pl wrote:
During build nvidia-graphics-drivers on amd64 and i386 package return FTBFS:
https://buildd.debian.org/status/logs.php?pkg=nvidia-graphics-
driversver=340.76-1suite=sid
It seems your build environment had an old
Upon reflection, I'll make it 'adm'.
We still need to think through if this warrants an update for Jessie.
Dirk
--
http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Processing commands for cont...@bugs.debian.org:
severity 779613 normal
Bug #779613 [blueman] no such file or directory trying to connect through the
blueman-applet
Severity set to 'normal' from 'grave'
tags 779613 fixed-upstream
Bug #779613 [blueman] no such file or directory trying to
Control: tags -1 patch
Hi
Attached is a fix, also available at
http://mentors.debian.net/package/yocto-reader
I had to fix #518856 (FTBFS when version has NMU).
The package is not in a good shape, with a bunch of undocumented bugs.
diff -Nru yocto-reader-0.9.4/apache-alias.conf
Processing control commands:
tags -1 patch
Bug #669777 [yocto-reader] yocto-reader: transition towards Apache 2.4
Added tag(s) patch.
--
669777: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669777
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE,
Am Donnerstag, 26. März 2015, 12:48:37 schrieb Dirk Eddelbuettel:
On 26 March 2015 at 18:03, Alexander Schlarb wrote:
| Package: r-base-core
| Version: 3.1.1-1+b2
| Severity: grave
| Justification: renders package unusable
|
| When installing the package `r-base-core` (or anything that
Processing commands for cont...@bugs.debian.org:
tags 781238 + upstream fixed-upstream
Bug #781238 [ruby-rest-client] ruby-rest-client: CVE-2015-1820
Added tag(s) upstream and fixed-upstream.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
781238:
Processing commands for cont...@bugs.debian.org:
found 781238 1.6.1-2
Bug #781238 [ruby-rest-client] ruby-rest-client: CVE-2015-1820
Marked as found in versions ruby-rest-client/1.6.1-2.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
781238:
Processing commands for cont...@bugs.debian.org:
severity 781259 serious
Bug #781259 [fasttree] fasttree: hard-coded limit on branch length precision
leads to erroneous results
Severity set to 'serious' from 'normal'
thanks
Stopping processing here.
Please contact me if you need assistance.
Your message dated Thu, 26 Mar 2015 16:19:24 +
with message-id e1ybava-0007h5...@franck.debian.org
and subject line Bug#779902: fixed in systemd 219-5
has caused the Debian Bug report #779902,
regarding /tmp can be mounted as tmpfs against user's will
to be marked as done.
This means that you
Your message dated Thu, 26 Mar 2015 16:19:24 +
with message-id e1ybava-0007hb...@franck.debian.org
and subject line Bug#780263: fixed in systemd 219-5
has caused the Debian Bug report #780263,
regarding udev doesn't create all static nodes with kmod 20
to be marked as done.
This means that
Your message dated Thu, 26 Mar 2015 19:18:34 +
with message-id e1ybdiy-0002zq...@franck.debian.org
and subject line Bug#781228: fixed in freexl 1.0.0g-1+deb8u1
has caused the Debian Bug report #781228,
regarding freexl: Multiple vulnerabilitities
to be marked as done.
This means that you
Control: tags -1 + moreinfo unreproducible
Control: severity -1 normal
On Thu, 2015-03-26 at 12:48 -0500, Dirk Eddelbuettel wrote:
On 26 March 2015 at 18:03, Alexander Schlarb wrote:
| Package: r-base-core
| Version: 3.1.1-1+b2
| Severity: grave
| Justification: renders package unusable
|
Processing control commands:
tags -1 + moreinfo unreproducible
Bug #781266 [r-base-core] r-base-core: Package fails to install when there is
no group names staff on the system
Added tag(s) unreproducible and moreinfo.
severity -1 normal
Bug #781266 [r-base-core] r-base-core: Package fails to
Your message dated Thu, 26 Mar 2015 19:19:20 +
with message-id e1ybdji-0003hu...@franck.debian.org
and subject line Bug#780596: fixed in wireshark 1.12.1+g01b65bf-4
has caused the Debian Bug report #780596,
regarding wireshark: Ctrl+C/Ctrl+V does not work in filter textbox
to be marked as
Your message dated Thu, 26 Mar 2015 13:49:07 +
with message-id e1yb89j-0004k1...@franck.debian.org
and subject line Bug#780263: fixed in systemd 215-13
has caused the Debian Bug report #780263,
regarding udev doesn't create all static nodes with kmod 20
to be marked as done.
This means that
Your message dated Thu, 26 Mar 2015 13:49:07 +
with message-id e1yb89j-0004k7...@franck.debian.org
and subject line Bug#780675: fixed in systemd 215-13
has caused the Debian Bug report #780675,
regarding systemd: segfault in systemd when running systemctl daemon-reload
to be marked as done.
Your message dated Thu, 26 Mar 2015 13:49:07 +
with message-id e1yb89j-0004jv...@franck.debian.org
and subject line Bug#779902: fixed in systemd 215-13
has caused the Debian Bug report #779902,
regarding /tmp can be mounted as tmpfs against user's will
to be marked as done.
This means that
-=| Niko Tyni, 24.03.2015 22:04:15 +0200 |=-
Package: perl
Version: 5.20.2-2
Severity: serious
X-Debbugs-Cc: debian-p...@lists.debian.org
Bug #780830 against spamassassin highlights a 5.18 change in
handling non-readable directories on @INC.
In wheezy (Perl 5.14), 'require' (and
Processing commands for cont...@bugs.debian.org:
tags 779738 + unreproducible
Bug #779738 [evolution-ews] evolution-ews: The server cannot service this
request right now. Try again later
Added tag(s) unreproducible.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Processing commands for cont...@bugs.debian.org:
severity 779738 important
Bug #779738 [evolution-ews] evolution-ews: The server cannot service this
request right now. Try again later
Severity set to 'important' from 'grave'
thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
close 752199
Bug #752199 [php-sabre-event] Useless in Jessie
Marked Bug as done
thanks
Stopping processing here.
Please contact me if you need assistance.
--
752199: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752199
Debian Bug Tracking
Control: tags 518856 + patch
Control: tags 518856 + pending
Control: tags 669777 + pending
Dear maintainer,
Jean-Michel Nirgal Vourgère has prepared an NMU for yocto-reader
(versioned as 0.9.4+nmu1) and I've uploaded it to DELAYED/2. Please
feel free to tell me if I should delay it longer.
Processing control commands:
tags 518856 + patch
Bug #518856 [yocto-reader] yocto-reader: FTBFS with binary-only NMU version
Ignoring request to alter tags of bug #518856 to the same tags previously set
tags 518856 + pending
Bug #518856 [yocto-reader] yocto-reader: FTBFS with binary-only NMU
Processing control commands:
tags 518856 + patch
Bug #518856 [yocto-reader] yocto-reader: FTBFS with binary-only NMU version
Added tag(s) patch.
tags 518856 + pending
Bug #518856 [yocto-reader] yocto-reader: FTBFS with binary-only NMU version
Added tag(s) pending.
tags 669777 + pending
Bug
Processing commands for cont...@bugs.debian.org:
notfound 780756 0.10.1-1
Bug #780756 {Done: Salvatore Bonaccorso car...@debian.org} [src:libzip]
libzip: CVE-2015-2331: ZIP integer overflow
No longer marked as found in versions libzip/0.10.1-1.
thanks
Stopping processing here.
Please contact
Your message dated Thu, 26 Mar 2015 21:19:24 +
with message-id e1ybfbu-00024b...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.9.7-3
has caused the Debian Bug report #780989,
regarding python-dulwich: CVE-2014-9706: arbitrary command execution
vulnerability in conjunction
Your message dated Thu, 26 Mar 2015 21:19:24 +
with message-id e1ybfbu-000246...@franck.debian.org
and subject line Bug#780958: fixed in dulwich 0.9.7-3
has caused the Debian Bug report #780958,
regarding dulwich: CVE-2015-0838: buffer overflow in C implementation of pack
apply_delta()
to be
Hi Mohammed,
On 26.03.2015 17:55, Mohammed Sadik P. K. wrote:
* What led up to the situation?
Opened `gnome-power-statistics' (via GNOME Terminal emulator),
switched between the Tabs, and it segfaults on certain cases.
[...]
ii libupower-glib3
Your message dated Thu, 26 Mar 2015 21:19:24 +
with message-id e1ybfbu-00024b...@franck.debian.org
and subject line Bug#780989: fixed in dulwich 0.9.7-3
has caused the Debian Bug report #780989,
regarding dulwich: CVE-2014-9706: does not prevent to write files in commits
with invalid paths to
On Thu, 26 Mar 2015 10:41:55 +0100 Romain Francoise
rfranco...@debian.org wrote:
Hi,
Thank you for this detailed report, and sorry for the inconvenience...
On Thu, Mar 26, 2015 at 04:29:02AM +0200, Faidon Liambotis wrote:
The package's postinst, however, is buggy: it does not use
Processing commands for cont...@bugs.debian.org:
found 781228 freexl/1.0.0b-1
Bug #781228 {Done: Bas Couwenberg sebas...@debian.org} [freexl] freexl:
Multiple vulnerabilitities
Marked as found in versions freexl/1.0.0b-1.
fixed 781228 freexl/1.0.0b-1+deb7u1
Bug #781228 {Done: Bas Couwenberg
On 26 March 2015 at 19:01, Johannes Ranke wrote:
|
| Am Donnerstag, 26. März 2015, 12:48:37 schrieb Dirk Eddelbuettel:
| On 26 March 2015 at 18:03, Alexander Schlarb wrote:
| | Package: r-base-core
| | Version: 3.1.1-1+b2
| | Severity: grave
| | Justification: renders package unusable
| |
On 3/27/15, Andreas Cadhalpun andreas.cadhal...@googlemail.com wrote:
Hi Mohammed,
This looks like a duplicate of #774546 [1].
Can you install libupower-glib3 0.99.2-2 from experimental and report
if that fixed this problem?
Yes, It does fix the bug. Please close the bug.
Thank you.
--
Processing commands for cont...@bugs.debian.org:
# Also affects unstable
tags 781153 + sid
Bug #781153 [zanshin] [zanshin] Fix compatibility with zanshin development
version
Added tag(s) sid.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
781153:
Processing control commands:
forcemerge 781002 781205
Bug #781002 [initramfs-tools] initramfs-tools: no kernel modules are insert
into initrd
Bug #781002 [initramfs-tools] initramfs-tools: no kernel modules are insert
into initrd
Marked as found in versions initramfs-tools/0.119.
Added tag(s)
Processing commands for cont...@bugs.debian.org:
fixed 774358 2.9.1+dfsg1-5
Bug #774358 [libxml2-utils] libxml2: CVE-2014-3660 patch makes
installation-guide FTBFS
Bug #768089 [libxml2-utils] libxml2-utils: Upstream bug 738805 triggered by
CVE-2014-3660 fix
Marked as fixed in versions
Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a écrit :
Control: found -1 2.8.0+dfsg1-7+wheezy3
This is still an issue in stable, the proposed patch was not applied
there, and thus installation-guide still FTBFS on wheezy, notably on our
dillon.debian.org machine, thus making
Processing commands for cont...@bugs.debian.org:
fixed 774358 2.9.2+dfsg1-2
Bug #774358 [libxml2-utils] libxml2: CVE-2014-3660 patch makes
installation-guide FTBFS
Bug #768089 [libxml2-utils] libxml2-utils: Upstream bug 738805 triggered by
CVE-2014-3660 fix
Marked as fixed in versions
Control: found -1 2.7.8.dfsg-2+squeeze11
Samuel Thibault, le Thu 26 Mar 2015 08:45:46 +0100, a écrit :
Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a écrit :
Control: found -1 2.8.0+dfsg1-7+wheezy3
This is still an issue in stable, the proposed patch was not applied
there, and
Processing control commands:
found -1 2.7.8.dfsg-2+squeeze11
Bug #774358 [libxml2-utils] libxml2: CVE-2014-3660 patch makes
installation-guide FTBFS
Bug #768089 [libxml2-utils] libxml2-utils: Upstream bug 738805 triggered by
CVE-2014-3660 fix
Marked as found in versions
Package: python-mpmath
Version: 0.19-1
Severity: serious
Tags: patch
How to reproduce:
$ python
Python 2.7.9 (default, Mar 1 2015, 12:57:24)
[GCC 4.9.2] on linux2
Type help, copyright, credits or license for more information.
from mpmath import mp
mp.polyroots([4,3,2], error=True)
Traceback
Processing control commands:
severity -1 important
Bug #781210 [systemd] systemd asserts on function cg_is_empty_recursive, crashes
Severity set to 'important' from 'critical'
--
781210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781210
Debian Bug Tracking System
Contact
Control: severity -1 important
Hello Faidon,
thanks for your report!
I downgrade the severity to important as per
https://www.debian.org/Bugs/Developer#severities (and with #781209 we
have the bug that triggers this one); nevertheless, this is still an
important issue of course.
Faidon
79 matches
Mail list logo