On 2019-04-20 Magnus Holmgren wrote:
> tisdag 16 april 2019 kl. 18:46:56 CEST skrev du:
[...]
> > I have just uploaded exim 4.92-6 to exoerimental which /should/
> > work with sa-exim, allowing you to debug properly.
> Thanks. So far I haven't managed to reproduce the problem of the malformed
On Sat, 2019-04-20 at 09:22 +0200, Santiago Vila wrote:
> I'm adding "affect base-files" so that people see this bug in the BTS
> page for base-files and nobody thinks the problem is in base-files,
> but just for that.
Well at least with this it does *not* show up in apt-listbugs and
prevent
Package: xpra
Version: 2.5.1+dfsg1-1
Severity: serious
$ xpra attach :33
xpra main error:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/xpra/scripts/main.py", line 87, in
main
options, args = do_parse_cmdline(cmdline, defaults)
File
Package: src:android-platform-build
Version: 1:8.1.0+r23-2
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules build-indep
dh build-indep --with
Processing commands for cont...@bugs.debian.org:
> severity 911795 grave
Bug #911795 [src:golang-golang-x-net-dev] CVE-2018-17846 / CVE-2018-17847 /
CVE-2018-17848
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
911795:
Source: mercurial
Version: 4.8.2-1
Severity: grave
Tags: security
See https://www.mercurial-scm.org/wiki/WhatsNew from 4.9:
This was assigned CVE-2019-3902:
It was possible to use symlinks and subrepositories to defeat Mercurial's
path-checking
logic and write files outside a repository. This
Processing commands for cont...@bugs.debian.org:
> severity 916902 grave
Bug #916902 [src:pspp] pspp: CVE-2018-20230
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
916902:
Your message dated Sat, 20 Apr 2019 22:17:09 +
with message-id
and subject line Bug#926350: fixed in python-django-casclient 1.2.0-2+deb9u1
has caused the Debian Bug report #926350,
regarding CAS middleware incompatible with Django >= 1.10
to be marked as done.
This means that you claim that
Your message dated Sat, 20 Apr 2019 22:17:09 +
with message-id
and subject line Bug#896317: fixed in python-django-casclient 1.2.0-2+deb9u1
has caused the Debian Bug report #896317,
regarding python-django-casclient: cas fails to import
to be marked as done.
This means that you claim that
Your message dated Sat, 20 Apr 2019 22:17:09 +
with message-id
and subject line Bug#896404: fixed in python-django-casclient 1.2.0-2+deb9u1
has caused the Debian Bug report #896404,
regarding python3-django-casclient: cas fails to import
to be marked as done.
This means that you claim that
Control: tags -1 + moreinfo
On Sun, 20 Jan 2019 at 08:55:23 -0800, Josh Triplett wrote:
> I disable suspend on lid close, but I *always* need the screen to lock
> when I close the lid.
This seems like an inherently "unstable" pattern: whatever the precise
design/meaning of this "tweak" might
Processing control commands:
> tags -1 + moreinfo
Bug #919914 [gnome-settings-daemon] gnome-tweaks now equates "don't suspend on
lid close" with "don't lock on lid close" (security issue)
Added tag(s) moreinfo.
--
919914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919914
Debian Bug
Package: node-ws
Severity: grave
Tags: security
Please see
https://nodesecurity.io/advisories/120
https://github.com/nodejs/node/issues/7388
Cheers,
Moritz
Your message dated Sat, 20 Apr 2019 21:47:09 +
with message-id
and subject line Bug#924520: fixed in rails 2:4.2.7.1-1+deb9u1
has caused the Debian Bug report #924520,
regarding rails: CVE-2019-5418 CVE-2019-5419
to be marked as done.
This means that you claim that the problem has been dealt
On Sat, Apr 20, 2019 at 11:40:07PM +0200, Mattia Rizzolo wrote:
> Control: reassign distro-info-data 0.39
> Control: affects -1 dput-ng
>
> On Sat, Apr 20, 2019 at 08:59:34AM +, Santiago Vila wrote:
> > Package: src:dput-ng
> > Version: 1.24
> > Severity: serious
> > Tags: ftbfs
> >
> > Dear
Processing control commands:
> reassign distro-info-data 0.39
Unknown command or malformed arguments to command.
> affects -1 dput-ng
Bug #927467 [src:dput-ng] dput-ng: FTBFS (failing tests)
Added indication that 927467 affects dput-ng
--
927467:
Processing control commands:
> reassign distro-info-data 0.39
Unknown command or malformed arguments to command.
> affects -1 dput-ng
Bug #927467 [src:dput-ng] dput-ng: FTBFS (failing tests)
Ignoring request to set affects of bug 927467 to the same value previously set
--
927467:
Control: reassign distro-info-data 0.39
Control: affects -1 dput-ng
On Sat, Apr 20, 2019 at 08:59:34AM +, Santiago Vila wrote:
> Package: src:dput-ng
> Version: 1.24
> Severity: serious
> Tags: ftbfs
>
> Dear maintainer:
>
> I tried to build this package in buster but it failed:
This is
Processing commands for cont...@bugs.debian.org:
> severity 926958 grave
Bug #926958 [src:freeradius] freeradius: VU#871675: Authentication bypass in
EAP-PWD (CVE-2019-11234 CVE-2019-11235)
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need
Processing commands for cont...@bugs.debian.org:
> severity 925939 grave
Bug #925939 [src:jupyter-notebook] jupyter-notebook: CVE-2019-10255: open
redirect vulnerability
Severity set to 'grave' from 'important'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
tisdag 16 april 2019 kl. 18:46:56 CEST skrev du:
> On 2019-04-15 Magnus Holmgren wrote:
> > So it seems that everything should work unless spool_wireformat=true
> > *and* SARewriteBody: 1. How do I detect in sa-exim whether wire format
> > is used for a given body file though?
>
>
Source: atftp
Version: 0.7.git20120829-3
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerabilities were published for atftp.
CVE-2019-11365[0]:
| An issue was discovered in atftpd in atftp 0.7.1. A remote attacker
| may send a crafted packet triggering a stack-based buffer
Package: sopel
Version: 6.6.2-1
Severity: grave
Sopel, in stable and testing right now, cannot provide a "help" to its
users. It makes it really hard to use (hence the "grave" severity). I'm
also marking this as grave because upstream keeps on churning out
"patch" releases (according to semver)
> So your choice --- we can either reassign this bug back to fastboot or
> android-sdk-platforms-tools, or I can downgrade the severity of this
> bug for e2fsprogs down to wishlist[1]. Let me know how you want to
> handle this.
I would say downgrade it for the moment. We can deal with it after
Processing commands for cont...@bugs.debian.org:
> unarchive 923928
Bug #923928 {Done: Niels Thykier } [release.debian.org]
unblock: daps/3.0.0-3
Unarchived Bug 923928
> block 924843 by 923928
Bug #924843 [src:msxpertsuite] msxpertsuite: FTBFS: MassSpectrum.cpp:50:10:
fatal error:
Processing commands for cont...@bugs.debian.org:
> found 924843 5.7.3-1
Bug #924843 [src:msxpertsuite] msxpertsuite: FTBFS: MassSpectrum.cpp:50:10:
fatal error: pwiz/data/msdata/MSDataFile.hpp: No such file or directory
Ignoring request to alter found versions of bug #924843 to the same values
Package: xpra
Version: 2.5+dfsg1-1
Severity: grave
--- Please enter the report below this line. ---
Thanks for packaging the new xpra release! It does not start, because
LOCAL_MODIFICATIONS in /usr/lib/python3/dist-packages/xpra/src_info.py
is a string, but
Source: curl
Source-Version: 7.64.0-2
Severity: serious
Control: affects -1 rtorrent
Hi!
I've started noticing rtorrent busy-looping at some points after
finishing a torrent. stracing and gdb'ing the process it was doing
that in its main loop, spamming on gettimeofday() and epoll_wait().
Processing control commands:
> affects -1 rtorrent
Bug #927471 [src:curl] curl: Regression that fails to exhaust socket data
Added indication that 927471 affects rtorrent
--
927471: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927471
Debian Bug Tracking System
Contact ow...@bugs.debian.org
Processing commands for cont...@bugs.debian.org:
> severity 925178 serious
Bug #925178 {Done: Utkarsh Gupta } [ruby-globalid]
rails breaks ruby-globalid autopkgtest: Errno::ENOENT: No such file or
directory @ rb_sysopen
Severity set to 'serious' from 'important'
> tags 925178 + ftbfs
Bug
Hi kibi,
On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> I'm also immensely grateful for all the security-related work Matthew
> Garrett puts everywhere he goes, but I'm not sure that MR qualifies as
> “requested by d-i [0]” as you mentioned in [2].
Just to state that publicly:
Package: src:dput-ng
Version: 1.24
Severity: serious
Tags: ftbfs
Dear maintainer:
I tried to build this package in buster but it failed:
[...]
debian/rules binary-indep
dh binary-indep --with
Processing commands for cont...@bugs.debian.org:
> severity 927450 serious
Bug #927450 [debian-security-support] debian-security-support should know that
the next stable is Debian 10
Bug #927459 [debian-security-support] The package "debian-security-support"
prevents the update, installation or
Processing commands for cont...@bugs.debian.org:
> severity 927450 grave
Bug #927450 [debian-security-support] debian-security-support should know that
the next stable is Debian 10
Severity set to 'grave' from 'critical'
> severity 927459 grave
Bug #927459 [debian-security-support] The package
reassign 927450 debian-security-support
retitle 927450 debian-security-support should know that the next stable is
Debian 10
affects 927450 base-files
thanks
On Sat, Apr 20, 2019 at 04:01:05AM +0200, Christoph Anton Mitterer wrote:
> Yeah it's definitely that strange hardcoded part in:
>
Processing commands for cont...@bugs.debian.org:
> reassign 927450 debian-security-support
Bug #927450 [base-files] base-files: breaks debian-security-support, which then
breaks package installations
Bug reassigned from package 'base-files' to 'debian-security-support'.
No longer marked as found
Package: megadown
Version: 0~20180705+git83c53dd-1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
When trying to download a file from mega, which is the sole reason this script
exists, megadown fails like so
$ megadown
37 matches
Mail list logo