Bug#858914: CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver

On Tue, Mar 28, 2017 at 05:48:16PM +0200, Markus Koschany wrote: > Control: forcemerge 857343 858914 > > Am 28.03.2017 um 17:38 schrieb Guido Günther: > > Package: logback > > Severity: grave > > Tags: security > > > > Hi, > > > > the following vulnerability was published for logback. > > > >

Bug#858955: subversion: Error unable to retrieve any working copy after upgrade/install

On Tue, Mar 28, 2017 at 10:50:20PM -0400, PICCORO McKAY Lenz wrote: > I cited why must be set for 1.8 and q.9 until 1.10 released: > > Users who wish to avoid the additional request may set that option to yes or  > no >  in order to short-circuit the additional request and avoid making it. This

Bug#858955: subversion: Error unable to retrieve any working copy after upgrade/install

I cited why must be set for 1.8 and q.9 until 1.10 released: Users who wish to avoid the additional request may set that option to yes or no in order to short-circuit the additional request and avoid making it. later we have: The Serf-based HTTP access library would use chunked transfer

Bug#858955: subversion: Error unable to retrieve any working copy after upgrade/install

On Tue, Mar 28, 2017 at 07:34:46PM -0400, PICCORO McKAY Lenz wrote: > Package: subversion > Version: 1.8.10-6+deb8u4 > Severity: grave > Justification: renders package unusable > > Dear Maintainer,the current package in debian are broken > i upgrade clients to jeesie > and now could'n chekout

Bug#858525: marked as pending

tag 858525 pending thanks Hello, Bug #858525 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://anonscm.debian.org/git/pkg-multimedia/jackd2.git/commit/?id=cbbda8d --- commit

Processed: Bug#858525 marked as pending

Processing commands for cont...@bugs.debian.org: > tag 858525 pending Bug #858525 [libjack-jackd2-dev] libjack-jackd2-dev: broken symlink: /usr/lib/x86_64-linux-gnu/libjackserver.so -> libjackserver.so.0.1.0 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need

Processed: user debian...@lists.debian.org, usertagging 851986, affects 851986, usertagging 852457 ...

Processing commands for cont...@bugs.debian.org: > user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was a...@debian.org). > usertags 851986 piuparts Usertags were: piuparts. Usertags are now: piuparts. > affects 851986 + rt4-extension-sla Bug #851986

Processed: Re: pmw-doc: uninstallable in sid after binNMU of pmw

Processing control commands: > found -1 1:4.28-3 Bug #858348 {Done: Wouter Verhelst } [pmw-doc] pmw-doc: uninstallable in sid after binNMU of pmw Marked as found in versions pmw/1:4.28-3; no longer marked as fixed in versions pmw/1:4.28-3 and reopened. -- 858348:

Bug#858348: pmw-doc: uninstallable in sid after binNMU of pmw

Followup-For: Bug #858348 Control: found -1 1:4.28-3 The fix is missing the corresponding dpkg-maintscript-helper symlink_to_dir ... calls ... Andreas

Bug#858525: libjack-jackd2-dev: Depend on jackd2

On 2017-03-28 04:04, Mattia Rizzolo wrote: On Mon, Mar 27, 2017 at 11:22:41PM -0400, Reinhard Tartler wrote: I think the approach of adding a 'depends' to jackd2 is the simplest. Moving the shared library to the -dev packages doesn't work, because /usr/bin/jackd2 and netserver.so link against

Bug#858955: avout Unexpected HTTP status 413 when chekout client 1.8 againts server 1.6/1.7/1.5

As well documented: http://subversion.apache.org/docs/release-notes/1.8.html#411-length-required default configuration in code must be "http-chunked-requests = no" i compiled my own package but 1.8.0 and works, debian package just dont work in any ... well knowed in internet:

Bug#858957: libstk0-dev: broken symlinks: /usr/include/stk/Rt{audio, Midi}.h -> ../Rt{audio, Midi}.h

Package: libstk0-dev Version: 4.5.2+dfsg-4 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package ships (or creates) a broken symlink. >From the attached log (scroll to the bottom...): 0m18.5s ERROR: FAIL: Broken symlinks:

Bug#858955: subversion: Error unable to retrieve any working copy after upgrade/install

Package: subversion Version: 1.8.10-6+deb8u4 Severity: grave Justification: renders package unusable Dear Maintainer,the current package in debian are broken i upgrade clients to jeesie and now could'n chekout working copies from external networks, only internal local network but when i conpiled

Bug#832128: freespace2: Bad symlinks /usr/games/fs2_open{,_DEBUG}

On Tuesday, 28 March 2017 9:35:27 AM AEDT Simon McVittie wrote: > On Fri, 22 Jul 2016 at 16:33:02 +0100, Edward Allcutt wrote: > > The current package contains symlinks such as > > > >/usr/games/fs2_open -> fs2_open_3.7.2+repack-1+b1 > > > > where the target doesn't exist. > > This was

Bug#858953: python-murano: uninstallable in sid: Depends: python-sqlalchemy (< 1.1.0) but 1.1.6+ds1-1 is to be installed

Package: python-murano Version: 1:3.0.0-4 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package is no longer installable in sid: The following packages have unmet dependencies: python-murano : Depends: python-sqlalchemy (<

Bug#858951: php7.0-sassphp: fails to install: php7.0-sassphp.postinst: phpenmod: not found

Package: php7.0-sassphp Version: 0.5.10-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus the severity.

Bug#858949: python{, 3}-magics++: fails to install: SyntaxError: from __future__ import print function

Package: python-magics++,python3-magics++ Version: 2.32.0-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus

Bug#858769: marked as done ("cvs init" creates CVSROOT/history and val-tags world-writeable)

Your message dated Tue, 28 Mar 2017 22:18:52 + with message-id and subject line Bug#858769: fixed in cvs 2:1.12.13+real-22 has caused the Debian Bug report #858769, regarding "cvs init" creates CVSROOT/history and val-tags world-writeable to be marked as

Processed: found 849932 in 2.12.40-1

Processing commands for cont...@bugs.debian.org: > found 849932 2.12.40-1 Bug #849932 [gtk-sharp2-gapi] gtk-sharp2-gapi: gapi2-codegen generates fields with void type Marked as found in versions gtk-sharp2/2.12.40-1. > thanks Stopping processing here. Please contact me if you need assistance.

Bug#858948: python-ginga: Drop obsolete recommends on pywebkitgtk

Package: python-ginga Version: 2.6.1-1 Severity: serious Justification: blocks removal of no longer supported packages python-ginga has an alternate recommends on pywebkitgtk, but pywebkitgtk has been removed from Debian stretch. (See https://bugs.debian.org/790218 ). I believe this is a Release

Processed: severity of 858941 is serious, severity of 852495 is serious

Processing commands for cont...@bugs.debian.org: > severity 858941 serious Bug #858941 [mariadb-server-10.0] mariadb-server-10.[01]: purging old mariadb-server shuts down mariadb-server and removes init.d links Severity set to 'serious' from 'normal' > severity 852495 serious Bug #852495

Bug#858934: marked as done (apt FTBFS with po4a 0.50-1)

Your message dated Tue, 28 Mar 2017 21:49:15 + with message-id and subject line Bug#858934: fixed in po4a 0.51-1 has caused the Debian Bug report #858934, regarding apt FTBFS with po4a 0.50-1 to be marked as done. This means that you claim that the

Bug#858934: apt FTBFS with po4a 0.50-1

On Tue, Mar 28, 2017 at 11:09:14PM +0200, David Kalnischkies wrote: > > The full command is: > > cd /path/to/apt/build/doc && po4a --previous --no-backups > --package-name='apt-doc' --package-version='1.4~rc2' > --msgid-bugs-address='APT\ Development\ Team\ ' >

Bug#851208: marked as done (mariadb-10.0: stretch should be released with mariadb-10.1 only)

Your message dated Tue, 28 Mar 2017 23:40:32 +0200 with message-id <1490737232.3838044.926643232.0ed97...@webmail.messagingengine.com> and subject line mariadb-10.0 is stable-only, so this bug can be closed. has caused the Debian Bug report #851208, regarding mariadb-10.0: stretch should be

Bug#849932: libindicate: FTBFS (Fields cannot have void type)

Andreas Henriksson a écrit le 27/03/2017 à 22:43 : > Hello Gilles Filippini, > > Thanks for your thorough investigations. > > On Fri, Feb 03, 2017 at 12:19:26AM +0100, Gilles Filippini wrote: > [...] >>> This is caused by gtk-sharp2 2.12.40 generating this line in file >>> ListenerServer.cs:

Bug#858934: apt FTBFS with po4a 0.50-1

Control: reassign -1 po4a 0.50-1 Hi, On Tue, Mar 28, 2017 at 10:05:52PM +0200, Helmut Grohne wrote: > Since today apt fails to build from source in unstable on amd64. The > typical failure looks like: > > | cd "/<>/obj-x86_64-linux-gnu/doc" && po4a --previous > --no-backups

Processed: Re: Bug#858934: apt FTBFS with po4a 0.50-1

Processing control commands: > reassign -1 po4a 0.50-1 Bug #858934 [src:apt] apt FTBFS with po4a 0.50-1 Bug reassigned from package 'src:apt' to 'po4a'. No longer marked as found in versions apt/1.4~rc2. Ignoring request to alter fixed versions of bug #858934 to the same values previously set

Bug#858885: marked as done (tests fail with libcmocka-dev 0.4.1-2)

Your message dated Tue, 28 Mar 2017 21:04:08 + with message-id and subject line Bug#858885: fixed in socket-wrapper 1.1.7-2 has caused the Debian Bug report #858885, regarding tests fail with libcmocka-dev 0.4.1-2 to be marked as done. This means that you

Bug#858934: apt FTBFS with po4a 0.50-1

Hello, I'm the maintainer of po4a. Indeed, it seems that my fix to #855431 was not really appropriate. I will upload a new po4a within the hour to not break if the po file does not exist. Sorry, Mt. On Tue, Mar 28, 2017 at 10:05:52PM +0200, Helmut Grohne wrote: > Source: apt > Version: 1.4~rc2

Bug#858942: android-tools-adb + android-tools-fastboot: Uninstallable due to Depends/Conflicts chain

Package: android-tools-adb,android-tools-fastboot Severity: serious Version: android-platform-system-core/1:7.0.0+r1-4 android-tools-adb and android-tools-fastboot both depend on a package (adb respectively fastboot) which again Replaces/Breaks android-tools-adb respectively

Bug#856117: Stretch update for tnef

Hi everybody, On Tue, 28 Mar 2017, Adrian Bunk wrote: could you (or Thorsten) also fix it in stretch by adding the CVE and regression fixes to the version in stretch? I could do the upload, but isn't it too late now, as the AUTORM will remove the package? Thorsten

Bug#858865: dar-static: hard-coded built-using

Hi, On Mon, Mar 27, 2017 at 11:30:10PM +0200, László Böszörményi (GCS) wrote: > On Mon, Mar 27, 2017 at 11:21 PM, Ivo De Decker wrote: > > The build-using line for dar-static contains hard-coded versions for the > > built-dependencies that are used in the build, even if the

Processed: clone a few bugs ossl 1.1

Processing commands for cont...@bugs.debian.org: > user pkg-openssl-de...@lists.alioth.debian.org Setting user to pkg-openssl-de...@lists.alioth.debian.org (was sebast...@breakpoint.cc). > # jabberd2 > unarchive 828360 Bug #828360 {Done: Simon Josefsson } [src:jabberd2]

Bug#858934: apt FTBFS with po4a 0.50-1

Source: apt Version: 1.4~rc2 Severity: serious User: helm...@debian.org Usertags: rebootstrap Since today apt fails to build from source in unstable on amd64. The typical failure looks like: | cd "/<>/obj-x86_64-linux-gnu/doc" && po4a --previous --no-backups --package-name='apt-doc'

Processed: your mail

Processing commands for cont...@bugs.debian.org: > tags 855521 + help Bug #855521 [lxpanel] lxpanel: freezes all the desktop environment if started or lauch no matter desktop are used Added tag(s) help. > thanks Stopping processing here. Please contact me if you need assistance. -- 855521:

Processed: clone a few bugs for ossl 1.1

Processing commands for cont...@bugs.debian.org: > user pkg-openssl-de...@lists.alioth.debian.org Setting user to pkg-openssl-de...@lists.alioth.debian.org (was sebast...@breakpoint.cc). > # hhvm > unarchive 828340 Bug #828340 {Done: Faidon Liambotis } [src:hhvm] hhvm:

Bug#830446: marked as done (golang-go-xdg: FTBFS: dh_auto_test: go test -v launchpad.net/go-xdg/v0 returned exit code 1)

Your message dated Tue, 28 Mar 2017 18:34:02 + with message-id and subject line Bug#830446: fixed in golang-go-xdg 0~bzr20140219-2 has caused the Debian Bug report #830446, regarding golang-go-xdg: FTBFS: dh_auto_test: go test -v launchpad.net/go-xdg/v0

Processed: python-tz: FTBFS: AssertionError: '+0020+0020' != 'NET+0020'

Processing control commands: > tags -1 + patch Bug #858133 [src:python-tz] python-tz: FTBFS: AssertionError: '+0020+0020' != 'NET+0020' Added tag(s) patch. -- 858133: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858133 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#858133: python-tz: FTBFS: AssertionError: '+0020+0020' != 'NET+0020'

Control: tags -1 + patch The attached patch simply skips the tests which use timezone abbreviations that were dropped from tzdata 2017a-1. Description: Skip tests using deprecated timezone abbreviations Several timezone abbreviations were dropped from tzdata 2017a-1. Bug-Debian:

Processed: your mail

Processing commands for cont...@bugs.debian.org: > tags 858769 + pending Bug #858769 [cvs] "cvs init" creates CVSROOT/history and val-tags world-writeable Added tag(s) pending. > tags 858143 + fixed-in-experimental Bug #858143 [src:xrdp] xrdp: CVE-2017-6967: incorrect placement of

Bug#857343: #857343: logback deserialization vulnerability

Am 28.03.2017 um 20:02 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Tue, Mar 28, 2017 at 05:51:38PM +0200, Markus Koschany wrote: >> Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso: [...] >> Thank you. I am going to fix this bug in a few minutes. Do you think >> this bug warrants a DSA

Bug#858546: marked as done (CVE-2017-5029: Integer overflow in xsltAddTextString)

Your message dated Tue, 28 Mar 2017 18:03:48 + with message-id and subject line Bug#858546: fixed in libxslt 1.1.29-2.1 has caused the Debian Bug report #858546, regarding CVE-2017-5029: Integer overflow in xsltAddTextString to be marked as done. This

Processed: Re: Bug#858195: compass-bootstrap-sass-plugin: Wrong install path, and code not registered with Compass

Processing control commands: > severity -1 wishlist Bug #858195 [compass-bootstrap-sass-plugin] compass-bootstrap-sass-plugin: Wrong install path, and code not registered with Compass Severity set to 'wishlist' from 'grave' -- 858195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858195

Bug#858195: compass-bootstrap-sass-plugin: Wrong install path, and code not registered with Compass

Control: severity -1 wishlist Hi, On Sun, Mar 19, 2017 at 06:13:06PM +0100, Jonas Smedegaard wrote: > Package: compass-bootstrap-sass-plugin > Version: 3.3.5.1-3 > Severity: grave > Justification: renders package unusable > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > The most basic

Bug#858832: [wea...@debian.org: Bug#858832: calls efibootmgr with invalid options]

28.03.2017 09:34, Peter Palfrader пишет: > } /dev/md2953M 176K 953M 1% /boot/efi Sorry, that's not going to work. Even assuming that grub can map from Linux MD to underlying physical device + partition (as that is what efibootmgr needs, we cannot simply pass /dev/md2 to it), this will

Bug#857343: #857343: logback deserialization vulnerability

Hi Markus, On Tue, Mar 28, 2017 at 05:51:38PM +0200, Markus Koschany wrote: > Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso: > [...] > > There apparently was a mistake on triaging CVE-2017-5929. > > > > This should be: > > https://security-tracker.debian.org/tracker/CVE-2017-5929 > > > >

Bug#858920: neurodebian-desktop: Trigger cycle via interest(-await) on /usr/share/icons/gnome while depending (in)directly on gnome-icon-theme - please use interest-noawait

On Tue, 28 Mar 2017, Niels Thykier wrote: > Package: neurodebian-desktop > Version: 0.37.5 > Severity: serious > The neurodebian-desktop package declares an "interest(-await)" trigger > on /usr/share/icons/gnome. At the same time, it depends on > gnome-icon-theme, which provides files in

Bug#857067: marked as done (dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity)

Your message dated Tue, 28 Mar 2017 17:48:49 + with message-id and subject line Bug#857067: fixed in dsdp 5.8-9.4 has caused the Debian Bug report #857067, regarding dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity to be

Bug#857067: dsdp: diff for NMU version 5.8-9.4

Control: tags 857067 + patch Dear maintainer, I've prepared an NMU for dsdp (versioned as 5.8-9.4). The diff is attached to this message. Regards, James diff -Nru dsdp-5.8/debian/changelog dsdp-5.8/debian/changelog --- dsdp-5.8/debian/changelog 2017-03-28 16:40:25.0 +0100 +++

Processed: dsdp: diff for NMU version 5.8-9.4

Processing control commands: > tags 857067 + patch Bug #857067 [src:dsdp] dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity Added tag(s) patch. -- 857067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857067 Debian Bug Tracking System Contact

Bug#857067: closed by Ole Streicher <oleb...@debian.org> (Bug#857067: fixed in dsdp 5.8-9.3)

Control: reopen 857067 Control: tags 857067 - patch On Tue, Mar 28, 2017 at 04:39:07PM +, Debian Bug Tracking System wrote: > Changes: > dsdp (5.8-9.3) unstable; urgency=medium > . >* Non-maintainer upload. >* Initialize all INFO vars. Closes: #857067 This is not the right fix at

Processed: Re: Bug#857067 closed by Ole Streicher <oleb...@debian.org> (Bug#857067: fixed in dsdp 5.8-9.3)

Processing control commands: > reopen 857067 Bug #857067 {Done: Ole Streicher } [src:dsdp] dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be

Bug#858876: libjna-jni: causes NoClassDefFoundError

Hi Emmanuel, On Tue, Mar 28, 2017 at 4:47 PM, Emmanuel Bourg wrote: > Thank you for the report. The symlink was in the same directory? What > JRE did you use? Yes, in the same directory. I use openjdk-8-jre:i386. Regards, -- YOSHINO Yoshihito

Bug#857067: dsdp: diff for NMU version 5.8-9.3

Dear maintainer, I've prepared an NMU for dsdp (versioned as 5.8-9.3). The diff is attached to this message. Regards, James diff -Nru dsdp-5.8/debian/changelog dsdp-5.8/debian/changelog --- dsdp-5.8/debian/changelog 2017-03-28 08:22:18.0 +0100 +++ dsdp-5.8/debian/changelog 2017-03-28

Bug#857067: marked as done (dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity)

Your message dated Tue, 28 Mar 2017 16:34:00 + with message-id and subject line Bug#857067: fixed in dsdp 5.8-9.3 has caused the Debian Bug report #857067, regarding dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity to be

Bug#858920: neurodebian-desktop: Trigger cycle via interest(-await) on /usr/share/icons/gnome while depending (in)directly on gnome-icon-theme - please use interest-noawait

Package: neurodebian-desktop Version: 0.37.5 Severity: serious The neurodebian-desktop package declares an "interest(-await)" trigger on /usr/share/icons/gnome. At the same time, it depends on gnome-icon-theme, which provides files in /usr/share/icons/gnome, triggering said interest trigger.

Bug#858914: marked as done (CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver)

Your message dated Tue, 28 Mar 2017 16:04:57 + with message-id and subject line Bug#857343: fixed in logback 1:1.1.9-2 has caused the Debian Bug report #857343, regarding CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver

Bug#857343: marked as done (logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver components)

Your message dated Tue, 28 Mar 2017 16:04:57 + with message-id and subject line Bug#857343: fixed in logback 1:1.1.9-2 has caused the Debian Bug report #857343, regarding logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and

Bug#858918: dochelp: Introduces a trigger cycle via interest on /usr/share/doc-base - please migrate to interest-noawait

Package: dochelp Version: 0.1.4 Severity: serious Hi, dochelp registers an "interest(-await)" trigger on /usr/share/doc-base. At the same time, it depends on findutils and base-passwd, which provides files in /usr/share/doc-base, triggering said interest trigger. """ The cycle is created

Bug#858046: marked as done (logtool: uninstallable)

Your message dated Tue, 28 Mar 2017 16:05:05 + with message-id and subject line Bug#858046: fixed in logtool 1.2.8-9 has caused the Debian Bug report #858046, regarding logtool: uninstallable to be marked as done. This means that you claim that the

Bug#858260: Help needed for pandas bug: Could anybody verify the suspicion that tzdata might have some influence?

At second thought it might not be a bug in python-tz, but some undefined behavior that results from the pandas use of tz._utcoffset: >   tz = pytz.timezone('Asia/Tokyo') >   dt = datetime.datetime(2011,1,1) >   >   In[76]:  tz.utcoffset(dt) >   Out[76]: datetime.timedelta(0, 32400) > >   In

Processed (with 1 error): forcibly merging 857343 858914

Processing commands for cont...@bugs.debian.org: > forcemerge 857343 858914 Bug #857343 [liblogback-java] logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver components Unable to merge bugs because: package of #858914 is 'logback' not

Bug#857343: #857343: logback deserialization vulnerability

Am 28.03.2017 um 10:54 schrieb Salvatore Bonaccorso: [...] > There apparently was a mistake on triaging CVE-2017-5929. > > This should be: > https://security-tracker.debian.org/tracker/CVE-2017-5929 > > I fixed the tracker entry and it should display the correct > information on the next update.

Processed: reassign and merge with #857343

Processing commands for cont...@bugs.debian.org: > reassign 858914 liblogback-java Bug #858914 [logback] CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver Bug reassigned from package 'logback' to 'liblogback-java'. Ignoring request to alter found versions of bug

Bug#858914: CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver

Control: forcemerge 857343 858914 Am 28.03.2017 um 17:38 schrieb Guido Günther: > Package: logback > Severity: grave > Tags: security > > Hi, > > the following vulnerability was published for logback. > > CVE-2017-5929[0]: > | QOS.ch Logback before 1.2.0 has a serialization vulnerability

Processed (with 1 error): Re: Bug#858914: CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver

Processing control commands: > forcemerge 857343 858914 Bug #857343 [liblogback-java] logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver components Unable to merge bugs because: package of #858914 is 'logback' not 'liblogback-java' Failed to

Bug#858914: CVE-2017-5929: serialization vulnerability in SocketServer and ServerSocketReceiver

Package: logback Severity: grave Tags: security Hi, the following vulnerability was published for logback. CVE-2017-5929[0]: | QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting | the SocketServer and ServerSocketReceiver components. If you fix the vulnerability please

Bug#817375: marked as done (bibcursed: Removal of debhelper compat 4)

Your message dated Tue, 28 Mar 2017 15:04:14 + with message-id and subject line Bug#817375: fixed in bibcursed 2.0.0-6.1 has caused the Debian Bug report #817375, regarding bibcursed: Removal of debhelper compat 4 to be marked as done. This means that you

Bug#851819: ERROR: wget failed to download http://people.debian.org/~bartm/...

It's now been well over two months since this bug was filed. Not only has the problem not been fixed, another Flash release has been made upstream in the interim; I've been retrying this once a day so that I'll notice as soon as a fix gets put in place, and it's now reporting failure to download

Bug#857067: Keeps on building for ages on s390x

Hallo Andreas, schick mir mal das debian.tar.xz, damit ich ein neues NMU vorbereiten kann. Ich habe nen Fix. Cheers Ole Am 28.03.2017 um 16:00 schrieb Andreas Tille: > reopen 857067 > thanks > > Hi, > > as far as I can see on the build logs[1] the package needs >1h to build > on s390x and

Bug#853095: flashplugin-nonfree: Unable to update to the last flash version

Package: flashplugin-nonfree Version: 1:3.6.1+deb8u1 Followup-For: Bug #853095 Dear Maintainer, This is still behind - new version is available upstream and it's not being provided dsusman@fgx-laptop:~$ sudo update-flashplugin-nonfree --install --verbose options : --install --verbose --

Bug#858260: Help needed for pandas bug: Could anybody verify the suspicion that tzdata might have some influence?

On Tue, 28 Mar 2017 15:18:20 +0200, Gert Wollny wrote: > I did some digging: > > Maybe it's a bug in python-tz? > Most likely: FWIW, python-tz also has a FTBFS bug: https://bugs.debian.org/858133 Cheers, gregor -- .''`. https://info.comodo.priv.at/ - Debian Developer

Bug#857295: [oss-security] LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership

On Tue, Mar 28, 2017 at 06:45:34AM -0400, Stiepan wrote: > Thanks to the 2.0.7-2 update by Evgeni Golov and his crystal-clear > instructions on how to use lxcbr0 with this version, I could confirm that the > issue with the host's routing table being affected by changes in the > containers'

Processed: Keeps on building for ages on s390x

Processing commands for cont...@bugs.debian.org: > reopen 857067 Bug #857067 {Done: Andreas Tille } [src:dsdp] dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity 'reopen' may be inappropriate when a bug has been closed with a version; all fixed

Bug#857067: Keeps on building for ages on s390x

reopen 857067 thanks Hi, as far as I can see on the build logs[1] the package needs >1h to build on s390x and thus I do not consider my latest upload as a fix and reopen the bug. Please note: When I applied the patch suggested by Ole I've found some quilt cruft in .pc dir inside the patch. I

Bug#858260: Help needed for pandas bug: Could anybody verify the suspicion that tzdata might have some influence?

Hello, I did some digging: > Maybe it's a bug in python-tz? Most likely: Pandas uses this code to get the time offset for the local time in tslib.pyx: cpdef _get_utcoffset(tzinfo, obj): try: return tzinfo._utcoffset except AttributeError: return

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

Hi Dirk, On Tue, Mar 28, 2017 at 07:25:34AM -0500, Dirk Eddelbuettel wrote: > | On Tue, Mar 28, 2017 at 10:09:28AM +0200, Andreas Tille wrote: > | > ... If you want to fix the issue inside > | > r-cran-rcppgsl package you need to either convince the release team to > | > accept this new upstream

Bug#858905: kde-telepathy-text-ui: Fails to show text entry widget

Package: kde-telepathy-text-ui Version: 15.08.3-1+b2 Severity: serious Justification: breaks entire package Dear Maintainer, The text-ui package is supposed to present a textbox in which the user can type to be able to chat on IM. At present, the text box is not displayed (instead and empty

Bug#858260: Help needed for pandas bug: Could anybody verify the suspicion that tzdata might have some influence?

Hi James, I'm just forwarding the issue to python-tz maintainers - may be they will be able to clarify it. Thanks for the hint Andreas. On Tue, Mar 28, 2017 at 12:05:22PM +0100, James Cowgill wrote: > > I admit that when reading the bug report I have no idea how to fix it. > > I can

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

On 28 March 2017 at 14:16, Adrian Bunk wrote: | On Tue, Mar 28, 2017 at 10:09:28AM +0200, Andreas Tille wrote: | > ... If you want to fix the issue inside | > r-cran-rcppgsl package you need to either convince the release team to | > accept this new upstream version or revert the new version by

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

On 28 March 2017 at 13:32, Andreas Tille wrote: | Hi Dirk, | | On Tue, Mar 28, 2017 at 05:24:02AM -0500, Dirk Eddelbuettel wrote: | > | Alternatively this could be fixed by moving the script gsl-config from | > | package libgsl-dev to libgsl2. Since you are the maintainer of both | > | > I am

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 857936 serious Bug #857936 [src:gsequencer] gsequencer: duplicated flag AGS_MIDI_PARSER_EOT makes header useless Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. --

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 857910 serious Bug #857910 [src:gsequencer] gsequencer: GObject::dispose() is not implemented Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 857910:

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 858283 serious Bug #858283 [src:gsequencer] gsequencer: GSequencer crashes as no soundcard configured Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 858283:

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 857931 serious Bug #857931 [src:gsequencer] gsequencer: AgsSynth possible division by zero by oscillator Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. --

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 857937 serious Bug #857937 [src:gsequencer] gsequencer: memory leaks while g_timeout_add() function in GUI Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. --

Processed: gsequencer unfit for release

Processing commands for cont...@bugs.debian.org: > severity 857935 serious Bug #857935 [src:gsequencer] gsequencer: SIGSEGV as doing NULL pointer dereference as restoring AgsFFPlayer Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need

Bug#857067: marked as done (dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity)

Your message dated Tue, 28 Mar 2017 12:04:19 + with message-id and subject line Bug#857067: fixed in dsdp 5.8-9.2 has caused the Debian Bug report #857067, regarding dsdp FTBFS on s390x: Build killed with signal TERM after 150 minutes of inactivity to be

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

Hi Dirk, On Tue, Mar 28, 2017 at 05:24:02AM -0500, Dirk Eddelbuettel wrote: > | Alternatively this could be fixed by moving the script gsl-config from > | package libgsl-dev to libgsl2. Since you are the maintainer of both > > I am wondering if it was in lbgsl0 before the move to 'gsl2'. I

Bug#858567: mssh: local files installed to /usr/@DATADIRNAME@/locale

On Fri, Mar 24, 2017 at 02:46:32AM +0100, Axel Beckert wrote: >... > --- a/configure.ac > +++ b/configure.ac > @@ -26,6 +26,9 @@ >AC_MSG_ERROR([gconftool-2 executable not found in your path - should be > installed with GConf]) > fi > > +test -n "$DATADIRNAME" || DATADIRNAME=share >

Bug#858898: supermin: FTBFS on mips*

package: supermin severity: serious version: 5.1.17-7 Hi, During a rebuild to update the outdated built-using, supermain failed on mips, mipsel and mips64el. https://buildd.debian.org/status/package.php?p=supermin

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

On Tue, Mar 28, 2017 at 10:09:28AM +0200, Andreas Tille wrote: > ... If you want to fix the issue inside > r-cran-rcppgsl package you need to either convince the release team to > accept this new upstream version or revert the new version by using an > epoch. I have CCed the release team where

Bug#858882: marked as done (r-cran-rcppgsl: Missing dependency libgsl-dev)

Your message dated Tue, 28 Mar 2017 11:04:19 + with message-id and subject line Bug#858882: fixed in r-cran-rcppgsl 0.3.2-2 has caused the Debian Bug report #858882, regarding r-cran-rcppgsl: Missing dependency libgsl-dev to be marked as done. This means

Bug#858260: Help needed for pandas bug: Could anybody verify the suspicion that tzdata might have some influence?

Hi, On 28/03/17 10:37, Andreas Tille wrote: > tags 858260 help > thanks > > Hi, > > I admit that when reading the bug report I have no idea how to fix it. > I can confirm that I can reproduce the issue in a recent unstable > chroot. I have added maintainers of tzdata, Debian Science and Debian

Processed: Version tracking fix

Processing commands for cont...@bugs.debian.org: > found 858882 0.3.1-1 Bug #858882 [r-cran-rcppgsl] r-cran-rcppgsl: Missing dependency libgsl-dev Marked as found in versions r-cran-rcppgsl/0.3.1-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 858882:

Bug#857295: [oss-security] LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership

Thanks to the 2.0.7-2 update by Evgeni Golov and his crystal-clear instructions on how to use lxcbr0 with this version, I could confirm that the issue with the host's routing table being affected by changes in the containers' routing tables is not there anymore when using that version (lxc

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

The other possible fix is upstream -- I could just not assume I always have gsl-config and make its use conditional. That's probably the best idea going forward to support pure 'run-time, not dev' packages better. Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org

Bug#858895: stk: fails to find soundfile

Package: stk Version: 4.5.2+dfsg-4 Severity: serious Justification: grave Dear Maintainer, Launching stk-demo TubeBell -or throws an error FileRead::open: could not open or find file (../../rawwaves/sinewave.raw)! while the file searched for is in place in

Bug#858882: r-cran-rcppgsl: Missing dependency libgsl-dev

On 28 March 2017 at 10:09, Andreas Tille wrote: | Package: r-cran-rcppgsl | Version: 0.3.2-1 | Severity: grave | Tags: patch | Justification: renders package unusable | | [ Release team see below how to deal with newer upstream version in unstable | than in testing ] | | Dear Maintainer, | |

Bug#858564: Confirmed on sid

On Tue, 28 Mar 2017 01:33:44 +0300 Adrian Bunk wrote: > Control: severity -1 grave > I've upgraded the severity again. > > Quoting the original bug report: >* What led up to the situation? > I upgraded to 8u4 through unattended upgrades. > > > Regressions in a DSA

  1   2   >