Looks like this is caused by texlive-base (2018.20190122-1), reverting to
texlive-base (2018.20181214-1) fixes the FTBFS.
Package: libcaca
Version: 0.99.beta19-2
Severity: serious
Justification: fails to build from source (but built successfully in the past)
See:
http://debomatic-amd64.debian.net/distribution#unstable/libcaca/0.99.beta19-2/buildlog
We're hitting the same issue in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1675698
"follow symlinks = no" is required to reproduce it.
Package: tar
Version: 1.28-2
Followup-For: Bug #803012
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu xenial ubuntu-patch
*** /tmp/tmp70_1Po/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/use-sort-in-t-dir-tests.diff: upstream
Package: openslp-dfsg
Version: 1.2.1-10
Followup-For: Bug #795429
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu wily ubuntu-patch
*** /tmp/tmpHzlE84/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via double
Package: hplip
Version: 3.13.11-1
Followup-For: Bug #731480
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
-- Package-specific info:
*** /tmp/tmp2P2w3P/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
*
Package: libcommons-fileupload-java
Version: 1.3-2
Followup-For: Bug #726601
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
*** /tmp/tmpA8shKI/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: arbitrary file
Thank you Emmanuel!
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: maven-javadoc-plugin
Version: 2.9.1-1
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
*** /tmp/tmpvJaNhd/bug_body
In Ubuntu, the attached patch
On 13-11-07 04:05 PM, Emmanuel Bourg wrote:
The tests are ignored in maven-javadoc-plugin (maven.test.skip is set to
true in debian/maven.properties), so adding this dependency will make no
difference. Do you have a log of the build failure?
Here is the build log we were getting:
Here's what I did...not sure if it's the best way to fix it though:
--- libxcb-1.8.1.orig/tests/Makefile.am
+++ libxcb-1.8.1/tests/Makefile.am
@@ -12,9 +12,6 @@
check_PROGRAMS = check_all
check_all_SOURCES = check_all.c check_suites.h check_public.c
-all-local::
- $(RM) CheckLog*.xml
-
On 12-11-29 05:30 AM, Didier 'OdyX' Raboud wrote:
snip
B) Disable any remote configuration by lpadmin users
This has been attempted by Marc on [1]. For now, it is incomplete as it still
allows lpadmin users to HTTP PUT updates to the configuration files.
Pros: + Addresses the problem in a
Michael,
On 12-11-29 10:12 AM, Michael Sweet wrote:
So, your alternate fix doesn't actually solve the problem as I can still
do something like:
PageLog /var/log/cups/../../../etc/shadow
Adding a check for ../ in the path will catch that, easy fix...
Also, there are a lot of other
On 12-11-27 11:38 PM, Michael Sweet wrote:
After looking at this patch in detail, it doesn't actually prevent users in
the lpadmin group from modifying cupsd.conf and performing the specified
privilege escalation.
An alternate fix for cups-1.5 and earlier that specifically addresses the
FYI, as a security fix for our stable releases in Ubuntu, we plan on
disabling cupsd.conf modification in the web interface entirely.
Attached is the patch we plan on using.
Marc.
Description: fix privilege escalation by disabling config file editing via
the web interface
Author: Marc
On 12-11-27 03:51 PM, Didier 'OdyX' Raboud wrote:
Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit :
FYI, as a security fix for our stable releases in Ubuntu, we plan on
disabling cupsd.conf modification in the web interface entirely.
Attached is the patch we plan on using.
Hi
Package: tiff
Version: 4.0.2-4
Followup-For: Bug #692345
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu raring ubuntu-patch
*** /tmp/tmpm0_BMg/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service and possible code
On Sat, 2012-07-21 at 20:57 -0400, Jay Berkenbilt wrote:
Marc Deslauriers marc.deslauri...@ubuntu.com wrote:
*** /tmp/tmpgGHwFf/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
Package: net-snmp
Version: 5.4.3~dfsg-2.4
Followup-For: Bug #672492
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch
*** /tmp/tmp7KXNLG/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service via SNMP
Package: libzip
Version: 0.10-1
Followup-For: Bug #664990
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch
*** /tmp/tmpvDE7OS/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: arbitrary code execution or
Package: libmodplug
Version: 1:0.8.8.2-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmpNcrGvL
In Ubuntu, the attached patch was applied to fix the security issue:
* SECURITY UPDATE: multiple security issues in ABC
Package: gupnp-ui
Version: 0.1.1-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmp8b36Ny
In Ubuntu, the attached patch was applied to fix the FTBFS:
* configure, configure.ac: add libgupnp libraries to LIBS in
Package: ghostscript
Version: 8.63.dfsg.1-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
*** /tmp/tmpQ4x52y
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: arbitrary code execution via
Package: samba
Version: 2:3.4.0-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpUnTGqJ
In Ubuntu, we've applied the attached patch in our current releases:
* SECURITY UPDATE: privilege escalation via mount.cifs race
On Sat, 2009-10-31 at 09:12 +0100, Reinhard Tartler wrote:
One problem, it breaks build. Therefore, I had to backport svn r18016
aka 'MOV-Support-stz2-Compact-Sample-Size-Box' to fix FTBFS. without
this patch, libavformat/mov.c won't compile, as field_size is introduced
with this commit. While
On Thu, 2009-10-15 at 13:03 +0200, Reinhard Tartler wrote:
snip
of chromium patches and managed to locate most patches in ffmpeg trunk
Patches that I couldn't find upstream include:
09_mov_stsz_int_oflow.patch
32_mov_stream_index.patch
35_mov_bad_timings.patch
Package: mimetex
Version: 1.50-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
*** /tmp/tmpXGbr7m
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: arbitrary code execution via long picture,
The patch included in 3.1.0-7 doesn't actually fix the problem. Normal
users can still set the ClientNameAlias by adding something like
override_ClientNameAlias=1v_zZ_ClientNameAlias= to their POST.
Marc.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject
Included is a patch that moves the previous fix to a location before the
settings get applied.
Marc.
diff -Naur backuppc-3.1.0.ori/lib/BackupPC/CGI/EditConfig.pm backuppc-3.1.0/lib/BackupPC/CGI/EditConfig.pm
--- backuppc-3.1.0.ori/lib/BackupPC/CGI/EditConfig.pm 2009-10-05 08:04:01.0
The SUSE update simply contains the patch from:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205#17
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Here are the patches Ubuntu used:
http://patches.ubuntu.com/by-release/extracted/intrepid-security/p/poppler/0.8.7-1ubuntu0.2/64_security_jbig2.patch
http://patches.ubuntu.com/by-release/extracted/hardy-security/p/poppler/0.6.4-1ubuntu3.2/104_security_jbig2.patch
Here is the upstream commit:
http://git.gnome.org/cgit/pango/commit/?id=4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
The CVE-2008-6123 security issue was introduced in the following commit:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revrevision=16654
So, the issue was introduced in 5.2.5, 5.3.2 and 5.4.2.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
33 matches
Mail list logo
