Source: wolfssl
Version: 3.10.2+dfsg-2
Severity: grave
Tags: upstream security
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-2800[0]:
No description was found (try on a search engine)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabili
Your message dated Tue, 09 May 2017 06:34:08 +
with message-id
and subject line Bug#862098: fixed in lxterminal 0.3.0-2
has caused the Debian Bug report #862098,
regarding lxterminal: CVE-2016-10369: socket can be blocked by another user
to be marked as done.
This means that you claim that th
Your message dated Tue, 09 May 2017 04:48:34 +
with message-id
and subject line Bug#860225: fixed in bind9 1:9.10.3.dfsg.P4-12.3
has caused the Debian Bug report #860225,
regarding bind9: CVE-2017-3137: A response packet can cause a resolver to
terminate when processing an answer containing a
Hi Michael,
On Mon, May 08, 2017 at 06:23:23PM -0400, Michael Gilbert wrote:
> On Sun, May 7, 2017 at 10:38 AM, Salvatore Bonaccorso wrote:
> > I've prepared an NMU for bind9 (versioned as 1:9.10.3.dfsg.P4-12.3) and
> > uploaded it to DELAYED/5. Please feel free to tell me if I
> > should delay it
Hi,
On Mon, May 08, 2017 at 06:28:51PM -0400, Michael Gilbert wrote:
> On Mon, May 8, 2017 at 6:23 PM, Michael Gilbert wrote:
> > I reviewed the diff. It does look correct to me, so please feel free
> > to remove the delay.
>
> There is also CVE-2017-3139 now [0].
This should only affect Red Ha
Your message dated Tue, 09 May 2017 00:33:31 +
with message-id
and subject line Bug#854872: fixed in
golang-github-docker-docker-credential-helpers 0.5.0-2
has caused the Debian Bug report #854872,
regarding golang-github-docker-docker-credential-helpers FTBFS on 32bit: type
[1073741824]*C.c
Your message dated Tue, 09 May 2017 00:18:39 +
with message-id
and subject line Bug#861539: fixed in tcpreplay 4.2.5-1
has caused the Debian Bug report #861539,
regarding tcpreplay FTBFS on armel/armhf/mips*: L7 fuzzing test: Makefile:963:
recipe for target 'rewrite_l7fuzzing' failed
to be ma
On Mon, May 8, 2017 at 6:23 PM, Michael Gilbert wrote:
> I reviewed the diff. It does look correct to me, so please feel free
> to remove the delay.
There is also CVE-2017-3139 now [0].
Best wishes,
Mike
[0] https://access.redhat.com/errata/RHSA-2017:1202
On Sun, May 7, 2017 at 10:38 AM, Salvatore Bonaccorso wrote:
> I've prepared an NMU for bind9 (versioned as 1:9.10.3.dfsg.P4-12.3) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.
Hi Salvatore,
I reviewed the diff. It does look correct to me, so please f
gregor herrmann wrote:
> > This is due to GNUPGHOME needing to fit within sockaddr_un.sun_path.
>
> Also #861591, where the same happens.
>
> I'm not sure how RC-ish this should be, as build paths by our usual
> tools (sbuild, pbuilder) are, IIRC, shorter (/build//…), so
> this shouldn't be a pr
Processing control commands:
> affects 862071 + src:gnupg2
Bug #862071 [src:password-store] password-store: FTBFS when built in a path
with >= 74 characters
Added indication that 862071 affects src:gnupg2
--
862071: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862071
Debian Bug Tracking Sys
Control: affects 862071 + src:gnupg2
Upstream's recommendation is currently to use a temporary $GNUPGHOME
(with a short path) for test suites which depend on GnuPG with an
ephemeral homedir.
--dkg
signature.asc
Description: PGP signature
On Mon, 08 May 2017 22:25:54 +0100, Chris Lamb wrote:
> retitle 862071 password-store: FTBFS when built in a path with >= 74
> characters
> thanks
>
>
> (Yes, really.)
> This is due to GNUPGHOME needing to fit within sockaddr_un.sun_path.
Also #861591, where the same happens.
I'm not sure how
retitle 862071 password-store: FTBFS when built in a path with >= 74 characters
thanks
(Yes, really.)
This is due to GNUPGHOME needing to fit within sockaddr_un.sun_path.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Processing commands for cont...@bugs.debian.org:
> retitle 862071 password-store: FTBFS when built in a path with >= 74
> characters
Bug #862071 [src:password-store] password-store: FTBFS: not ok 1 - Test
"generate" command
Changed Bug title to 'password-store: FTBFS when built in a path with >=
Processing control commands:
> found 861771 0.13-1
Bug #861771 [nodm] Fails to install: postinst script returned error exit status
1
Marked as found in versions nodm/0.13-1.
> tags 861771 + patch
Bug #861771 [nodm] Fails to install: postinst script returned error exit status
1
Added tag(s) patch
Control: found 861771 0.13-1
Control: tags 861771 + patch
On Mon, 08 May 2017 at 20:14:28 +0100, Simon McVittie wrote:
> If you try to downgrade to 0.13-1 (in testing), do you still get this?
I can reproduce this with 0.13-1, so it should not block migration.
> I think the attached patch should
Processing commands for cont...@bugs.debian.org:
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was ni...@thykier.net).
> usertags 851819 - stretch-can-defer
Usertags were: stretch-can-defer.
Usertags are now: .
> tags 851819 - stretch-ignore
On Wed, 03 May 2017 at 16:13:25 -0400, Ryan Kavanagh wrote:
> nodm fails to install/upgrade.
What version did you upgrade from, and how long had you had that version
installed before upgrading?
If you try to downgrade to 0.13-1 (in testing), do you still get this?
If you do, please mark this bug
Processing commands for cont...@bugs.debian.org:
> reopen 862103
Bug #862103 [mariadb-server-10.1] mariadb-server-10.1: MariaDB crash after
throwing an instance of 'std::out_of_range'
Bug 862103 is not marked as done; doing nothing.
> thanks
Stopping processing here.
Please contact me if you nee
Processing commands for cont...@bugs.debian.org:
> retitle 862098 lxterminal: CVE-2016-10369: socket can be blocked by another
> user
Bug #862098 [lxterminal] lxterminal: socket can be blocked by another user
Changed Bug title to 'lxterminal: CVE-2016-10369: socket can be blocked by
another user
Your message dated Mon, 08 May 2017 17:29:00 +
with message-id <1d3c25fa-0033-79a1-a5d9-e0c33c9ff...@thykier.net>
and subject line Re: Latest slim upgrade caused involuntary crashes/logouts...
has caused the Debian Bug report #862052,
regarding Latest slim upgrade caused involuntary crashes/log
Your message dated Mon, 08 May 2017 17:29:00 +
with message-id <1d3c25fa-0033-79a1-a5d9-e0c33c9ff...@thykier.net>
and subject line Re: Latest slim upgrade caused involuntary crashes/logouts...
has caused the Debian Bug report #862052,
regarding slim: Reloads automatically and queries login-prom
Your message dated Mon, 08 May 2017 17:29:00 +
with message-id <1d3c25fa-0033-79a1-a5d9-e0c33c9ff...@thykier.net>
and subject line Re: Latest slim upgrade caused involuntary crashes/logouts...
has caused the Debian Bug report #862052,
regarding slim: Session restarts in a loop rendering the who
Processing commands for cont...@bugs.debian.org:
> severity 862052 critical
Bug #862052 [slim] Latest slim upgrade caused involuntary crashes/logouts...
Severity set to 'critical' from 'serious'
> fixed 862052 1.3.6-5.1
Bug #862052 [slim] Latest slim upgrade caused involuntary crashes/logouts...
M
Processing commands for cont...@bugs.debian.org:
> found 862098 0.2.0-1
Bug #862098 [lxterminal] lxterminal: socket can be blocked by another user
Marked as found in versions lxterminal/0.2.0-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862098: http://bugs.d
Hi
I have requested a CVE via https://cveform.mitre.org .
Regards,
Salvatore
Follow up :
Patrick Gaus just suggested on the MariaDB bug report that the same fix
should also be applied to XtraDB (storage/xtradb/dict/dict0stats.cc - Around
line 1171), and not just in InnoDB. Makes sense.
Thanks!
Hope the fix will be good enough to solve this issue.
Unfortunately, Kazuhiko Shiozaki reported 3 days ago on the MariaDB bug
report (http://cpc.cx/jg3) that the same crash happened to MariaDB 10.1.23
with the patch applied. That's the only report so far.
PS: The package currently availa
>> Could you please try to upgrade to slim/1.3.6-5.1 to see if that
>> fixes your issue?
> Of course, no problem, but it will have to wait a day or so.
I can now confirm that upgrading to 1.3.6-5.1 does indeed fix
the issue I was experiencing. From my perspective that means
that you may mark this
unblock report filed: #862108
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
pgpDcNjbHuTyp.pgp
Description: PGP signature
Hi Sam,
thanks for the heads-up and for the link to the patch - it applies
cleanly (after whitespace fixes) to MariaDB 10.1.23, so I am just
building 10.1.23-5 with the patch applied.
Cheers,
--
Ondřej Surý
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https
Package: mariadb-server-10.1
Version: 10.1.22-3
Severity: grave
Tags: newcomer upstream
Justification: causes non-serious data loss
Dear Maintainer,
A critical MySQL bug was discovered in InnoDB storage engine (related to
statistics calculation) some weeks ago.
This bug affects MariaDB 10.1 as
Here after rebuilding hdf5 in debug mode
:~/Debian/nexus$ ./bug.py
H5get_libversion(majnum=0xbf8a5b04, minnum=0xbf8a5b08, relnum=0xbf8a5b0c) =
SUCCEED;
H5Eset_auto2(estack=H5P_DEFAULT, func=NULL, client_data=NULL) = SUCCEED;
H5open() = SUCCEED;
H5Pcreate(cls=8 (genprop class)) = 18 (genprop list)
Processing commands for cont...@bugs.debian.org:
> severity 862095 wishlist
Bug #862095 [reportbug] reportbug: Bugs in backported packages must not be sent
to the BTS
Severity set to 'wishlist' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
862095
On Mon, 2017-05-08 at 15:00 +0200, Thorsten Glaser wrote:
> Hi!
>
> I disagree with making this RC right now, for the following reasons:
[...]
I also disagree, and I like bugs for backported linux packages going to
the BTS as they are rarely specific to the backport.
Ben.
--
Ben Hutchings
[W]e
On Mon, May 08, 2017 at 03:00:13PM +0200, Thorsten Glaser wrote:
>...
> > Bugs against backported packages (~bpo versions) are not allowed
> > to be reported to the BTS without explicit permission from the
> > maintainer to do so
>
> 1. There is no automated way for the maintainers to agree to tha
Your message dated Mon, 08 May 2017 13:18:30 +
with message-id
and subject line Bug#852059: fixed in opendnssec 1:2.0.4-3
has caused the Debian Bug report #852059,
regarding opendnssec-signer: installation hangs on invoke-rc.d due to script
name being to long
to be marked as done.
This means
Processing control commands:
> severity -1 important
Bug #859419 [opendnssec-enforcer] non-functional after installation (service
fails to start)
Severity set to 'important' from 'serious'
--
859419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859419
Debian Bug Tracking System
Contact ow..
Your message dated Mon, 08 May 2017 13:18:30 +
with message-id
and subject line Bug#859418: fixed in opendnssec 1:2.0.4-3
has caused the Debian Bug report #859418,
regarding non-functional after installation (service fails to start)
to be marked as done.
This means that you claim that the pro
Control: severity -1 important
Hi,
this is not something really fixable without breaking existing user base
(for now).
The problem is that you need configured and initialized HSM store for
the keys, and that something the user must do manually, because he is
expected to provide his own HSM - and
Package: lxterminal
Version: 0.3.0-1
Severity: grave
Tags: upstream patch security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This vulnerability is discussed in a Stackexchange website:
https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netst
Hi!
I disagree with making this RC right now, for the following reasons:
> Bugs against backported packages (~bpo versions) are not allowed
> to be reported to the BTS without explicit permission from the
> maintainer to do so
1. There is no automated way for the maintainers to agree to that
Package: reportbug
Version: 6.6.3
Severity: serious
Bugs against backported packages (~bpo versions) are not allowed
to be reported to the BTS without explicit permission from the
maintainer to do so, and should instead automatically be sent
to debian-backpo...@lists.debian.org
Example for a bug
Hi,
Same bug for me with 1.3.6-5
Solved with 1.3.6-5.1
There are several reasons why graphite-web does not work with Django
1.10 (the current version in sid). One of them is that it uses the
"patterns" variable:
Traceback (most recent call last):
File "/usr/bin/graphite-manage", line 15, in
execute_from_command_line(sys.argv)
File "/usr/lib/p
https://anonscm.debian.org/git/pkg-mysql/mariadb-10.1.git/commit/?id=2a17c70476de768f1e166b65f4a1b3865ac9757f
--
Ondřej Surý
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro c
2017-05-08 11:42 GMT+02:00 Ondřej Surý :
> Definitely, I am just building the fixed version. I did a cleanup of
> upstream files not being installed in the last bigger mariadb update,
> and I was just not aware mytop was already packaged. Sorry for the
> troubles.
Shouldn't it also declare a Repla
Your message dated Mon, 08 May 2017 10:03:55 +
with message-id
and subject line Bug#861913: fixed in mariadb-10.1 10.1.23-4
has caused the Debian Bug report #861913,
regarding mariadb-client-10.1: trying to overwrite '/usr/bin/mytop', which is
also in package mytop 1.9.1-4
to be marked as don
Your message dated Mon, 08 May 2017 09:48:26 +
with message-id
and subject line Bug#860618: fixed in golang-github-seccomp-libseccomp-golang
0.0~git20150813.0.1b506fc-2
has caused the Debian Bug report #860618,
regarding golang-github-seccomp-libseccomp-golang: FTBFS on i386: dh_auto_test:
g
Your message dated Mon, 08 May 2017 09:49:14 +
with message-id
and subject line Bug#861804: fixed in slrn 1.0.3+dfsg-1
has caused the Debian Bug report #861804,
regarding slrn non-free license issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Hi Ondřej,
Shouldn't it conflict / replace the mytop pkg?
2017-05-08 11:34 GMT+02:00 Ondřej Surý :
> Hi Olaf,
>
> mytop is part of MariaDB a version that fixes little bugs here and
> there:
>
> +=item Michael "Monty" Widenius
> +
> +Fixed a couple of minor bugs that gave warnings on startup.
> +
Definitely, I am just building the fixed version. I did a cleanup of
upstream files not being installed in the last bigger mariadb update,
and I was just not aware mytop was already packaged. Sorry for the
troubles.
Cheers,
--
Ondřej Surý
Knot DNS (https://www.knot-dns.cz/) – a high-performance
Hi Olaf,
mytop is part of MariaDB a version that fixes little bugs here and
there:
+=item Michael "Monty" Widenius
+
+Fixed a couple of minor bugs that gave warnings on startup.
+Added support for MariaDB (show MariaDB at top and % done).
+Cut long server version names to display width.
+Made 'S
Your message dated Mon, 08 May 2017 09:18:45 +
with message-id
and subject line Bug#861855: fixed in php7.0 7.0.18-3
has caused the Debian Bug report #861855,
regarding php7.0-fpm: Uses kill without depending on procps
to be marked as done.
This means that you claim that the problem has been
Processing commands for cont...@bugs.debian.org:
> # The BTS still considers this bug to apply to testing
> # and unstable, hopefully this command is enough to mark
> # the bug as done there.
> fixed 859805 3.1.4-4
Bug #859805 {Done: Scott Kitterman } [postfix-ldap]
postfix-ldap: unsupported dict
Control: found -1 1.1.8-3.1
What causes this breakage is the date in the manpage,
which is the date of the package build.
Always likely to hit on jessie when the upload contained
amd64 (or i386) binaries.
On stretch this is breakage waiting to happen when a DSA gets built on
different days on
Processing commands for cont...@bugs.debian.org:
> reassign 788721 src:firefox-esr
Bug #788721 [src:iceweasel] [src:iceweasel] Some sources are not included in
your package
Warning: Unknown package 'src:iceweasel'
Bug reassigned from package 'src:iceweasel' to 'src:firefox-esr'.
No longer marked
Processing control commands:
> found -1 1.1.8-3.1
Bug #851545 [libpam-modules] libpam-modules: multiarch packages with differing
files
Marked as found in versions pam/1.1.8-3.1.
--
851545: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851545
Debian Bug Tracking System
Contact ow...@bugs.debi
Your message dated Mon, 8 May 2017 11:35:37 +0300
with message-id <20170508083535.d5hogtbpxxbdsjeo@localhost>
and subject line src:golang-prometheus-client binaries have been removed from
stretch/sid
has caused the Debian Bug report #855927,
regarding golang-prometheus-client: FTBFS: dh_auto_build
Your message dated Mon, 8 May 2017 11:27:50 +0300
with message-id <20170508082750.lh5tt7d75uomuhpu@localhost>
and subject line src:golang binaries have been removed from stretch/sid
has caused the Debian Bug report #860608,
regarding golang: FTBFS: Go version is "go1.6.1", ignoring -next
/<>/api/n
Your message dated Mon, 8 May 2017 11:24:11 +0300
with message-id <20170508082410.kfmh3l6khny5x2ez@localhost>
and subject line src:golang-1.6 binaries have been removed from stretch/sid
has caused the Debian Bug report #860606,
regarding golang-1.6: FTBFS: Go version is "go1.6.3", ignoring -next
/
Source: password-store
Version: 1.6.5-5
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
password-store fails to build from source in unstable/amd6
Processing commands for cont...@bugs.debian.org:
> severity 861913 serious
Bug #861913 [mariadb-client-10.1] mariadb-client-10.1: trying to overwrite
'/usr/bin/mytop', which is also in package mytop 1.9.1-4
Severity set to 'serious' from 'normal'
> quit
Stopping processing here.
Please contact m
64 matches
Mail list logo