Bug#846854: nagios2mantis: Don't depend on nagios3 which has been removed from unstable

On Sat, Dec 03, 2016 at 06:54:26PM +0100, Bas Couwenberg wrote: > Source: nagios2mantis > Version: 3.1-1.1 > Severity: normal > Tags: patch > > Dear Maintainer, > > Please update your package to deal with the nagios3 removal from Debian > (#845765). Or let's simply remove nagios2mantis, after al

Bug#851161: CVE-2016-2339

On Thu, Jan 12, 2017 at 04:10:44PM +0100, Moritz Muehlenhoff wrote: > Source: ruby2.3 > Severity: grave > Tags: security > > Hi, > this has been assigned CVE-2016-2339: > http://www.talosintelligence.com/reports/TALOS-2016-0034/ > > Patch is here: > https://github.com/ruby/ruby/commit/bcc2421b4

Bug#841257: fixed in sendmail 8.15.2-7

On Thu, Dec 08, 2016 at 07:11:27PM +0100, Andreas Beckmann wrote: > On 2016-12-08 16:46, Axel 'the C.L.A.' Müller wrote: > > Seems to work fine - at least I'm not getting those mails anymore. > > I've now implemented a different way to aquire lockfiles for the > cronjobs, let's hope that does work

Bug#814030: Security flaw fixed in version 6.2.0

On Mon, Jan 09, 2017 at 09:39:30PM +0100, Raphael Hertzog wrote: > Hi everybody, > > On Thu, 05 Jan 2017, Raphael Hertzog wrote: > > CCing upstream author for confirmation. Nicola we are trying to understand > > what security fix went into tcpdf 6.2.0. The bug is private on > > sourceforge, could

Bug#858177: CVE-2016-3921

retitle 858177 CVE-2016-3921 CVE-2016-3885 thanks On Sun, Mar 19, 2017 at 01:38:15PM +0100, Moritz Muehlenhoff wrote: > Source: android-platform-system-core > Severity: grave > Tags: security > > Please see > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3921 Also: http://cve.mitre.org

Bug#858177: CVE-2016-3921

retitle 858177 CVE-2016-3921 CVE-2016-3885 CVE-2016-3861 thanks > On Sun, Mar 19, 2017 at 01:38:15PM +0100, Moritz Muehlenhoff wrote: > > Source: android-platform-system-core > > Severity: grave > > Tags: security > > > > Please see > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-392

Bug#860316: CVE-2017-7861

Moritz Muehlenhoff wrote: > Source: grpc > Severity: grave > Tags: security > > Please see > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7861 for details. Also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7860 Cheers, Moritz

Bug#814030: CVE-2017-6100: Security flaw fixed in version 6.2.0

On Tue, Apr 18, 2017 at 05:04:15PM +0200, Raphael Hertzog wrote: > Hello everybody, > > On Sat, 14 Jan 2017, Moritz Mühlenhoff wrote: > > > The upstream bug is now public: > > > https://sourceforge.net/p/tcpdf/bugs/1005/ > > > > Since K_TCPDF_CALLS_IN_HTM

Bug#863584: CVE-2017-2824

On Fri, Jun 02, 2017 at 07:22:20AM +1000, Dmitry Smirnov wrote: > On Wednesday, 31 May 2017 10:57:01 PM AEST Moritz Mühlenhoff wrote: > > Dmitry, can you please upload a fix in time for the stretch release? > > I'm planning to work on it this weekend... I'll let you know

Bug#865413: flatpak: Flatpak security issue #845 involving setuid/world-writable files

On Wed, Jun 21, 2017 at 12:35:43PM +0100, Simon McVittie wrote: > On Wed, 21 Jun 2017 at 09:46:21 +0100, Simon McVittie wrote: > > Security team: do you want a backport/DSA for stretch-security, or do > > you consider the mitigations to be sufficient to fix this through > > a stable update instead?

Bug#733961: Migration to yui3

On Thu, Jan 02, 2014 at 03:05:20PM -0430, Ernesto Hernández-Novich wrote: > On Thu, 2014-01-02 at 19:06 +0100, Moritz Muehlenhoff wrote: > [...] > > Please migrate from src:yui to src:yui3. > > > > src:yui is abandoned, see > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730104 > > Hi Moritz

Bug#657870: Multiple issues in Struts

On Wed, Feb 01, 2012 at 10:46:51PM -0800, tony mancill wrote: > On 01/29/2012 06:05 AM, Moritz Muehlenhoff wrote: > > Package: libstruts1.2-java > > Severity: grave > > Tags: security > > > > Hi, > > several vulnerabilities have been reported against Struts: > > > > http://cve.mitre.org/cgi-bin/c

Bug#658276: libcurl3: Doesn't work for all sites anymore

On Sat, Feb 11, 2012 at 02:04:01PM +0100, Alessandro Ghedini wrote: > On Fri, Feb 10, 2012 at 08:23:24PM +0100, Kurt Roeckx wrote: > > On Fri, Feb 10, 2012 at 10:15:44AM +0100, Alessandro Ghedini wrote: > > > On Sat, Feb 04, 2012 at 10:45:59PM +0100, Kurt Roeckx wrote: > > > > Having SSL_OP_DONT_IN

Bug#647205: cherokee: Admin password generation uses time and PID, allows attackers to brute-force it

On Wed, Nov 23, 2011 at 12:47:18PM -0600, Gunnar Wolf wrote: > Moritz Mühlenhoff dijo [Tue, Nov 22, 2011 at 09:47:28PM +0100]: > > Hi Gunnar, > > this doesn't warrant a DSA, but it would be appreciated if you > > fix this through a point update: > > http://www.d

Bug#660617: FTBFS

ork you're doing by rebuilding the archive. > > This problem was fixed upstream in commit 0a0fbb4. > > I am waiting for some bugfixes in the rsync handler before I upload > a new package. I have no precise ETA for this. Is it fine with you? Sure, any time before the Whe

Bug#657870: Multiple issues in Struts

On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote: > Hi Moritz, > > Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit : > > On 09/02/2012 21:16, Moritz Mühlenhoff wrote: > > > There's a new issues, which affects 1.x: > > > ht

Bug#659687: Multiple security issues

On Mon, Feb 13, 2012 at 09:15:43AM +0100, Moritz Muehlenhoff wrote: > Package: mysql-5.1 > Severity: grave > Tags: security > > Multiple security issues have been announced in MySQL: > http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixMSQL > > Unfortunately Oracle r

Bug#649322:

On Sun, Nov 27, 2011 at 03:10:57PM +, Colin Watson wrote: > tags 649322 security > severity 649322 grave > thanks > > On Sat, Nov 19, 2011 at 11:19:48PM +0100, Leo Iannacone wrote: > > The package clearsilver fails to compile with the new hardened compiler > > flags dpkg-buildflag outputs [0].

Bug#645881: critical update 29 available

On Thu, Dec 01, 2011 at 09:47:53PM +0100, Florian Weimer wrote: > * Moritz Mühlenhoff: > > > Florian, what's the status of openjdk6 for stable/oldstable? > > I've released the pending update for squeeze. lenny will eventually > follow, and so will the pending upda

Bug#650434: mediawiki: two security issues (fixed in 1.17.1)

On Sun, Dec 18, 2011 at 04:34:51PM +, Jonathan Wiltshire wrote: > On Tue, Dec 06, 2011 at 08:01:18PM +0100, Moritz Muehlenhoff wrote: > > What's the status of the following for stable? > > http://security-tracker.debian.org/tracker/CVE-2011-1578 > > http://security-tracker.debian.org/tracker/CV

Bug#653168: Should this package be removed?

retitle 653168 RM: oprofile - unmaintained, replacements exist, buggy, low popcon reassign 653168 ftp.debian.org severity 653168 normal thanks On Sat, Dec 24, 2011 at 03:55:43PM -0500, Roberto C. Sánchez wrote: > On Sat, Dec 24, 2011 at 04:56:55PM +0100, Moritz Muehlenhoff wrote: > > Source: opro

Bug#653107: Should this package be removed?

retitle 653107 Include vserver patch severity 653107 normal thanks On Sat, Dec 24, 2011 at 12:04:27PM -0500, micah anderson wrote: > On Fri, 23 Dec 2011 23:40:20 +0100, Moritz Muehlenhoff > wrote: > > Package: util-vserver > > Severity: serious > > > > util-vserver hasn't seen an upload since 1

Bug#626281: [Keepalived-devel] Security problem in keepalived's pid handling/daemonize code

On Tue, May 10, 2011 at 09:21:32PM +0200, Vincent Bernat wrote: > OoO Lors de la soirée naissante du mardi 10 mai 2011, vers 17:15, > Alexander Wirt disait : > > >> Readwrite permissions to the pidfile of a daemon is a really bad idea. a > >> umask of 000 is probably never a good idea. So

Bug#633935: fim: Please Build-Depends on libjpeg-dev, not libjpeg62-dev

On Wed, Nov 09, 2011 at 04:49:14PM +0100, Didier Raboud wrote: > Le vendredi, 12 août 2011 00.40:07, Michele Martone a écrit : > > On 20110808@19:24, Moritz Mühlenhoff wrote: > > > On Thu, Aug 04, 2011 at 10:11:16PM +0200, Michele Martone wrote: > > > > Moreover, th

Bug#614458: freej - FTBFS (#614458)

On Mon, Apr 25, 2011 at 06:58:48PM +0200, Jaromil wrote: > > this is now all fixed and uploaded to > > http://apt.dyne.org/debian/pool/main/f/freej/freej_0.11git20110420-1.dsc > > my packaging is being reviewed and hopefully will serve as a base to > make me debian maintainer, since i'd really l

Bug#647252: CVE-2011-4063: Remote crash vulnerability in SIP channel driver

On Tue, Nov 01, 2011 at 08:31:00AM +0100, Moritz Muehlenhoff wrote: > Package: asterisk > Severity: grave > Tags: security > > Please see http://downloads.asterisk.org/pub/security/AST-2011-012.html > > Apparently stable/oldstable is not affected, please but double-check. Asterisk maintainers, d

Bug#648359: [CVE-2011-4000] Unspecified buffer overflow vulnerability

On Mon, Nov 14, 2011 at 10:01:41PM +0900, Hideki Yamane wrote: > Hi, > > On Thu, 10 Nov 2011 20:18:15 +0100 > Florian Weimer wrote: > > JPCERT disclosed an unspecified buffer overflow vulnerability in > > ChaSen: > > > > > > > > Apparently, upstream

Bug#647297: CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()

On Tue, Nov 01, 2011 at 06:28:48PM +0100, Moritz Muehlenhoff wrote: > Package: ldns > Severity: grave > Tags: security > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=741024 > http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403 Ondrey, what's the status? Cheers, Moritz

Bug#645881: critical update 29 available

On Fri, Oct 21, 2011 at 11:07:30AM +0200, Florian Weimer wrote: > * Moritz Muehlenhoff: > > > As for stable/oldstable: I noticed that Red Hat provided packages for > > update 29 for RHEL 4 (RHEL 5 onwards use OpenJDK): > > http://lwn.net/Articles/463919/ > > If anyone remembers the rationale beh

Bug#647205: cherokee: Admin password generation uses time and PID, allows attackers to brute-force it

On Mon, Oct 31, 2011 at 10:28:36AM -0600, Gunnar Wolf wrote: > Package: cherokee > Version: 1.2.100-1 > Severity: grave > Tags: security > Justification: user security hole > > CVE issue CVE-2011-2190 points out that the temporary admin password > generation function is seeded by the time and PID,

Bug#635549: #635549: Two hplip security issues

On Fri, Nov 25, 2011 at 02:04:44PM +0100, Didier Raboud wrote: > Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit : > > > > > > 2. Insecure tempfile handling: > > > https://bugzilla.novell.com/show_bug.cgi?id=704608 > > > https://bugs.launchpad.net/hplip/+bug/809904 > > > This is CVE-

Bug#635549: #635549: Two hplip security issues

On Fri, Nov 25, 2011 at 12:22:24PM +0100, Didier Raboud wrote: > Le vendredi, 25 novembre 2011 12.16:06, Didier Raboud a écrit : > > found 635549 3.10.6-2 > > notfound 635549 3.11.10 > > thanks > > > > Hi Moritz, > > > > Le mardi, 26 juillet 2011 23.07:01, Moritz Muehlenhoff a écrit : > > > Two s

Bug#661799: FTBFS

ror exit > > status 2 > > I cannot reproduce this with libcvs-perl 0.07. Do you have maybe the > full build log available? The full log is attached. The system was once installed with squeeze, that's why the hostname is squeezeamd64, but it's running

Bug#640819: Fix jpeg library detection for multiarch location

s checking for zlib.h... yes HAVE ZLIB = LIBTIFF_INCLUDE_PATH= -I/usr/include LIBTIFF_LIB_PATH = -L/usr LIBTIFF_LIBS= -ltiff JPEG_TOP: /usr ERROR: libjpeg not found! configure: error: jpeg support required! make: *** [debian/stamp-autotoo

Bug#662595: FTBFS

d not affected, correct? parcimonie is arch:all, so it's not build on the buildd network anyway. Cheers, Moritz -- Moritz Mühlenhoff muehlenh...@univention.de Open Source Software Engineer and Consultant Univention GmbH Linux for Your Business fon: +49 421 22

Bug#662599: libmail-imapclient-perl: FTBFS: Test suite failure

On Montag, 5. März 2012 11:08:41 Gilles LAMIRAL wrote: > Hello Moritz, > > Perl release? > > I think this code test is very old, the load fails. Perl changes. This is Perl 5.14.2 from Debian unstable (5.14.2-9) Cheers, Moritz -- Moritz Mühlenhoff

Bug#662816: jifty: FTBFS: Test suite failure

On Dienstag, 6. März 2012 16:43:46 Moritz Muehlenhoff wrote: > Package: jifty > Version: 1.10518+dfsg-1 > Severity: serious > > Your package fails to build from source: (full build log attached) -- Moritz Mühlenhoff muehlenh...@univention.de Open

Bug#662789: sisu-ioc: Fix FTBFS and ensure jar's installed to /usr/share/java

- make: *** [mvn-build] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Moritz Mühlenhoff muehlenh...@univention.de Open Source Software Engineer and Consultant Univention GmbH Linux for Your Business fon: +49 421 22 232- 0

Bug#662864: freetype: multiple vulnerabilities in freetype before 2.4.9

On Wed, Mar 07, 2012 at 03:57:33PM +0100, Moritz Muehlenhoff wrote: > On Tue, Mar 06, 2012 at 10:12:35PM +0100, Yves-Alexis Perez wrote: > > Source: freetype > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Hi, > > > > several vulnerabilities were found in free

Bug#650610: openjade1.3: diff for NMU version 1.3.2-11.1

Dear maintainer, here's the debdiff for my openjade NMU. Cheers, Moritz diff -u openjade1.3-1.3.2/config.sub openjade1.3-1.3.2/config.sub --- openjade1.3-1.3.2/config.sub +++ openjade1.3-1.3.2/config.sub @@ -2,9 +2,9 @@ # Configuration validation subroutine script. # Copyright (C) 1992

Bug#621802: stgit: diff for NMU version 0.15-1.1

Dear maintainer, here's the debdiff for my stgit NMU. Cheers, Moritz diff -u stgit-0.15/debian/changelog stgit-0.15/debian/changelog --- stgit-0.15/debian/changelog +++ stgit-0.15/debian/changelog @@ -1,3 +1,10 @@ +stgit (0.15-1.1) unstable; urgency=low + + * Non-maintainer upload for RC

Bug#663566: tightvnc: FTBFS: dpkg-source: error: aborting due to unexpected upstream changes

eport.cgi?bug=652211 Another solution would be dh-autoreconf. Cheers, Moritz -- Moritz Mühlenhoff muehlenh...@univention.de Open Source Software Engineer Univention GmbH Linux for Your Business fon: +49 421 22 232- 0 Mary-Somerville-Str.1 28359 Bremen fax: +4

Bug#665208: Buffer overflow

On Thu, Mar 22, 2012 at 04:47:00PM +0100, Moritz Muehlenhoff wrote: > Package: libpng > Severity: grave > Tags: security > > This is CVE-2012-3045: > > Fix in Chromium repository: > http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libpng/pngrutil.c?r1=125311&r2=125310&pathrev=125311 I

Bug#611130: CVE-2010-2087

On Sun, May 13, 2012 at 05:52:05PM +0100, Steve McIntyre wrote: > On Sun, Oct 02, 2011 at 05:53:48PM -0430, Miguel Landaeta wrote: > >#tag 611130 + idontgiveadamn > >tag 611130 + moreinfo > >kthxbye > > > >Upstream doesn't answer any request about this bug. > > > >I sent emails, I posted in their d

Bug#611661: Bundled plugins using Xinha allow malicious file uploads

On Sun, May 13, 2012 at 06:04:03PM +0100, Steve McIntyre wrote: > On Tue, Mar 08, 2011 at 10:37:13PM +0100, Moritz Muehlenhoff wrote: > >On Tue, Mar 08, 2011 at 02:02:31PM +0100, Hector Romojaro wrote: > >> Hi, > >> > >> About openacs and dotlrn packages, I don't think they are affected by > >> an

Bug#672695: wordpress: no sane way for security updates in stable releases

On Sun, May 13, 2012 at 02:54:40PM +0200, Yves-Alexis Perez wrote: > On sam., 2012-05-12 at 23:45 +0200, Bernd Zeimetz wrote: > > Being forced to upgrade to a new major version by a stable security support > > is > > nothing we should force our users to. Debian stable is known for (usually) > > pa

Bug#649151: [Build-common-hackers] Bug#649151: cdbs: documentation missing

severity 649151 important thanks On Sat, May 26, 2012 at 11:27:21AM +0200, Jonas Smedegaard wrote: > I agree, Jonathan, that lack of documentation is not so severe an issue > that Debian would be better off released without CDBS. I merely had no > desire to play severity ping-pong or argue with

Bug#590147: Upgrade

On Mon, Nov 29, 2010 at 11:28:31AM +0200, Modestas Vainius wrote: > > The two are from my point of view RC > > No, the first part is not RC because: > > 1) it is rare enough > 2) there is no data loss involved > > There is no info about the 2nd part and according to upstream, the bug has > been

Bug#651225: Status on security issues

On Tue, Dec 20, 2011 at 01:15:32AM +0100, Christoph Haas wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > http://security-tracker.debian.org/tracker/CVE-2011-2904 > I have extracted a patch using > svn diff -r r20742:r20789 frontends/php/acknow.php > from the upstream sources. > > htt

Bug#635342: CVE-2011-2193: Multiple buffer overflows

On Wed, Dec 28, 2011 at 03:22:51PM +0100, Julien Cristau wrote: > > > > > > torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low > > > > > > [ Jordi Mallach ] > > > * [CVE_2011_2193]: Fix two potential buffer overflows: > > > jobid length and hostname length weren't properly checked,

Bug#636818: Please transition to libnotify 0.7

On Mon, Aug 08, 2011 at 09:46:59AM +0200, Sebastian Harl wrote: > Hi, > > On Sat, Aug 06, 2011 at 08:06:17AM +0200, Michael Biebl wrote: > > the libnotify 0.7 transition is currently ongoing [0]. > > Even if your package currently FTBFS for other reasons, it will also > > fail to build due the API

Bug#635549: foomatic-filters 4.0.5-6+squeeze1 stable-security upload for CVE-2011-2964

On Wed, Jan 04, 2012 at 01:04:22PM +0100, Didier Raboud wrote: > Hi Moritz, > (CC'ing #635549 as it was mentionned there and team@s.d.o as per [0]) > > First of all, sorry for the delay. > > I have been preparing a stable-security upload for foomatic-filters, > reportedly vulnerable to CVE-2011-2

Bug#644290: phppgadmin multiple XSS (CVE-2011-3598)

On Thu, Jan 05, 2012 at 10:00:43AM +0100, Christoph Berg wrote: > Re: Moritz Muehlenhoff 2012-01-04 <20120104171956.ga4...@inutil.org> > > > > Can you also assess whether (old)stable are affected, and if so, provide > > > > packages? If not (affected or able), do let us know aswell. > > > > > > >

Bug#635342: CVE-2011-2193: Multiple buffer overflows

On Wed, Dec 28, 2011 at 08:21:50PM +0100, Jordi Mallach wrote: > On Wed, Dec 28, 2011 at 07:30:10PM +0100, Moritz Mühlenhoff wrote: > > CVE_2011_2193 was fixed in DSA 2329. > > > > The second issue, CVE-2011-2907, is still unfixed in stable. > > My read of the Bugzilla

Bug#646903: FTBFS: Cannot detect libclamav

gt; > Alternatively, you may set the environment variables CLAMAV_CFLAGS > and CLAMAV_LIBS to avoid the need to call pkg-config. > See the pkg-config man page for more details. The bug is still present in stable. I'm attaching the patch we used for Univention Corporate

Bug#636166: exiftran: dies with Segmentation fault when rotating an image

On Thu, Sep 22, 2011 at 12:18:22PM +0100, Steve Cotton wrote: > package exiftran > tags 636166 +fixed-upstream > thanks > > Upstream version 2.08 adds support for libjpeg8. > > As a patch, copying the files from 2.08's jpeg/80/ to 2.07's jpeg/ > worked for me, without copying any of the makefile

Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass

On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote: > -=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=- > > I'm reopening the bug, because I believe this fix applies to > > squeeze, and should be fixed there. > > Agreed. > > > Has anyone yet contacted the security team about this/

Bug#644108: unsafe use of eval in Digest->new()

On Sun, Oct 02, 2011 at 11:44:39PM +0200, Ansgar Burchardt wrote: > Package: perl > Version: 5.10.0-19 > Severity: grave > Tags: security upstream > > Hi, > > the last upstream release of libdigest-perl (1.17) contains a fix for an > unsafe use of eval: the argument to Digest->new($algo) was not

Bug#643648: CVE-2011-2834 and CVE-2011-2821

On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote: > On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote: > > Package: libxml2 > > Severity: serious > > Tags: security > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Hi, > > > > two libxml2 issues were fi

Bug#635342: CVE-2011-2193: Multiple buffer overflows

On Mon, Oct 10, 2011 at 10:09:27PM +0100, Jonathan Wiltshire wrote: > On Sat, Jul 30, 2011 at 12:12:08AM +0200, Moritz Mühlenhoff wrote: > > On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote: > > > > > I have prepared a package in SVN which is ready for uploa

Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass

On Fri, Oct 14, 2011 at 05:54:44PM +0200, Moritz Muehlenhoff wrote: > On Wed, Oct 12, 2011 at 12:03:50PM +0300, Damyan Ivanov wrote: > > > > Hello Damyan, are you planning to do this or do you need someone > > > else to take over? IMO this one warrants a DSA. > > > > Thanks for the nudge. I have

Bug#667000: Rebuilding objenesis from source makes mockito FTBFS

> > /usr/share/java/objenesis-1.2.jar > /usr/share/java/objenesis.jar Attached patch fixes this, I'd appreciate some review from someone with more Java packaging foo, though. Cheers, Moritz -- Moritz Mühlenhoff muehlenh...@univention.de Open Source Softw

Bug#657047: hplip: does not build in pbuilder

On Sun, Feb 19, 2012 at 08:58:00AM +1100, Mark Purcell wrote: > On Tue, 24 Jan 2012 05:22:09 Ronny Standtke wrote: > > But building v3.11.12-2 with pbuilder fails because in the debian/rules > > step "Correct Python interpreter path in all executables", readlink > > fails to print ./debian/tmp/usr/

Bug#667998: leafnode: backtrace on segfault

On Sun, Apr 08, 2012 at 01:21:27PM +0200, Robert Grimm wrote: > tags 667998 moreinfo unreproducible > thanks > > I have this running on i386 (virtual) and amd64 without problems. > > Can you please try to get a backtrace with an unstripped build? > > e.g. > $ DEB_BUILD_OPTIONS="nostrip" apt-get

Bug#668087: libtiff4: libtiff crashes with corrupted images

On Mon, Apr 09, 2012 at 08:18:35PM -0400, Jay Berkenbilt wrote: > Mikulas Patocka wrote: > > > libtiff crashes on corrupted images when using electric fence memory > > debugger. > > > > . . . > > Do you know whether this bug is present with libtiff4 3.9.4-5+squeeze3 > or with 3.9.6-1? If so, I

Bug#665012: CVE-2012-1570 not yet fixed in stable

On Mon, Apr 16, 2012 at 12:43:40AM +0100, Nicholas Bamber wrote: > On 15/04/12 16:18, Arne Wichmann wrote: > >Found: 665012 1.4.03-1.1 > > > >As far as I can see this is not yet fixed in stable. > > > >cu > > > >AW > > Arne, > All the security issues are present in the stable release.

Bug#661150: dropbear: CVE-2012-0920 SSH server use-after-free vulnerability]

On Mon, Apr 23, 2012 at 09:58:33AM +, Gerrit Pape wrote: > Hi Team, > > do you have any news on this pending security fix? If I can be of any > help, please don't hesitate to ask. Sorry for the delay. I've just released the DSA. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-

Bug#806666: Should advene be removed?

On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote: > I am the upstream maintainer of Advene. The project is not abandoned, > but the port to gtk3 + gstreamer 1.0 is not simply trivial, and needs > more time than I can invest right now. It is still in my todo list, but > it will not be

Bug#806586: Please keep playitslowly in Debian

On Fri, Dec 04, 2015 at 05:35:32PM +0100, treb...@tuxfamily.org wrote: > Hi all, > I'd say that I'd like Debian to keep it in since I'm using it. > Just my 2 cents. > Olivier We won't be able to keep it unless it's get ported/maintained. Cheers, Moritz

Bug#806586: Should playitslowly be removed?

reassign 806586 ftp.debian.org retitle 806586 RM: playitslowly - dead upstream, depends on legacy libs severity 806586 normal thanks On Sun, Nov 29, 2015 at 11:40:24AM +0100, Moritz Muehlenhoff wrote: > Package: playitslowly > Severity: serious > > Should playitslowly be removed? It depends on gs

Bug#806587: Should coherence be removed?

reassign 806587 ftp.debian.org retitle 806587 RM: coherence - dead upstream, relies on gstreamer 0.10 thanks On Sun, Nov 29, 2015 at 11:43:37AM +0100, Moritz Muehlenhoff wrote: > Source: coherence > Severity: serious > > Hi, > should coherence be removed (along with the depending upnp-inspector)?

Bug#785867: fixed in morituri 0.2.3-2

On Sun, Nov 29, 2015 at 06:04:42PM +, Jonas Smedegaard wrote: > Format: 1.8 > Date: Sun, 29 Nov 2015 18:04:59 +0100 > Source: morituri > Binary: morituri > Architecture: source all > Version: 0.2.3-2 > Distribution: experimental > Urgency: medium > Maintainer: Debian Multimedia Maintainers >

Bug#785891: psimedia: Please update to GStreamer 1.x

On Wed, May 20, 2015 at 04:03:06PM +0300, sl...@debian.org wrote: > Source: psimedia > Severity: important > User: sl...@debian.org > Usertags: gstreamer0.10-removal > > Hi maintainer, > > your package psimedia currently still depends on GStreamer 0.10. > > GStreamer 0.10 is no longer maintained

Bug#750562: sendmail: CVE-2014-3956

On Thu, Jun 05, 2014 at 12:08:34AM +0200, Andreas Beckmann wrote: > Control: fixed -1 8.14.4-6 > > On 2014-06-04 15:44, Moritz Muehlenhoff wrote: > > Hi, > > please see http://www.openwall.com/lists/oss-security/2014/06/03/1 for > > details. > > That's a trivial patch that I already cherry-picked

Bug#810251: guayadeque: Should this package be removed?

reassign 810251 ftp.debian.org retitle 810251 RM: guayadeque - depends on gstreamer 0.10m dead upstream thanks On Thu, Jan 07, 2016 at 05:48:35PM +0100, Moritz Muehlenhoff wrote: > Source: guayadeque > Severity: serious > > Should guayadeque be removed? It depends on gstreamer 0.10, which > is sc

Bug#785887: Upstream is dead?

On Thu, Jan 07, 2016 at 05:42:38PM +0100, Moritz Mühlenhoff wrote: > On Wed, Dec 30, 2015 at 08:47:50PM -0500, Bryan Quigley wrote: > > Additionally upstream appears to be dead, hasn't seen an update since may > > 2014. - https://github.com/pculture/miro > > >

Bug#806666: Should advene be removed?

reassign 80 ftp.debian.org retitle 80 RM: advene: depends on gstreamer 0.10 thanks On Sun, Dec 20, 2015 at 12:35:34PM +0100, Moritz Mühlenhoff wrote: > On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote: > > I am the upstream maintainer of Advene. The project is not

Bug#785897: your mail

On Fri, May 22, 2015 at 07:47:50PM -0700, Vincent Cheng wrote: > forwarded 785897 https://github.com/exaile/exaile/issues/3 Hi Vincent, there's now only a handful of packages left depending on gstreamer 0.10. The port of exaile doesn't yet seem to be in a usable state? I'd say let's remove exaile

Bug#812335: tagging 812335, bug 812335 is forwarded to https://sourceforge.net/p/cmusphinx/bugs/448/

On Fri, Jan 22, 2016 at 02:42:42PM +0100, Samuel Thibault wrote: > tags 812335 + upstream > forwarded 812335 https://sourceforge.net/p/cmusphinx/bugs/448/ > thanks Could we remove the outdated binaries on the affected archs via a ftp.debian.org removal request? These still depend on gstreamer 0.10

Bug#724227: libnet-mac-vendor-perl: FTBFS: Tests failed

le Computer' > > # Looks like you failed 1 test of 11. > > t/fetch_oui.t .. > > Dubious, test returned 1 (wstat 256, 0x100) > > Failed 1/11 subtests > > t/normalize_mac.t .. ok > > t/parse_oui.t .. ok > > t/pod.t ....

Bug#724227: libnet-mac-vendor-perl: FTBFS: Tests failed

> Hi Moritz, > > On Mon, Jan 27, 2014 at 10:28:37AM +0100, Moritz Mühlenhoff wrote: > > > Source: libnet-mac-vendor-perl > > > Version: 1.18-2 > > > Severity: serious > > > Tags: jessie sid > > > User: debian...@lists.debian.org > >

Bug#735051: libhtml-formhandler-perl: FTBFS: test failures: t/compound/basic.t

ailed 1 test of 24. > t/compound/basic.t .. > Dubious, test returned 1 (wstat 256, 0x100) > Failed 1/24 subtests libhtml-formhandler-perl also FTBFSes in stable. I'm attaching a patch. Note that to make it to a Wheezy point release it needs to be fixed in unstable first. Che

Bug#737149: CVE-2014-1691: Remote code execution in horde < 5.1.1

On Thu, Jan 30, 2014 at 12:00:10PM -0500, Micah Anderson wrote: > Package: horde3 > Version: 3.3.8+debian0-2 > Severity: serious > Tags: security > Justification: security issue > > Hello, > > As detailed on the debian security tracker[0] and reported on oss-sec[1] and > assigned CVE 2014-1691,

Bug#726871: gst-plugins-bad0.10: FTBFS -- stdafx.h in libalglib-dev conflicts with one in libmodplug-dev

lug.cc > should include . gst-plugins-bad0.10 also FTBFSes in stable. This is related to the libmodplug update in DSA 2751. Patch attached. Cheers, Moritz -- Moritz Mühlenhoff Open Source Software Engineer Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 [.]

Bug#707419: libproxy: FTBFS: pacrunner_mozjs.c:56:56: error: unknown type name 'uintN'

[3]: Leaving directory `/home/jmm/scratch/wheezy/libproxy-0.3.1/src/modules' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/jmm/scratch/wheezy/libproxy-0.3.1/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/jmm/scratch/wheezy/libproxy-0.3.1&

Bug#735410: Information on recent VBox CVEs

On Sun, Feb 09, 2014 at 01:14:08AM +1300, Matthew Daley wrote: > Hi, > > I've recently released some more detailed information on these CVEs > that can hopefully help out; see > . Saw that, thanks for following up in the bug log. Felix, given that

Bug#732159: Should this package be removed?

On Sat, Dec 14, 2013 at 05:07:36PM -0500, Reinhard Tartler wrote: > On Sat, Dec 14, 2013 at 4:28 PM, Moritz Muehlenhoff wrote: > > Package: mplayer > > Severity: serious > > > > Should this package be removed? If so, please reassign to ftp.debian.org > > > > - Last upload nearly two years ago > >

Bug#726418: advi: Builds broken package from source: /usr/share/texmf/tex/latex/advi -> /advi

ips.def I'm not sure what's causing this, though. Cheers, Moritz -- Moritz Mühlenhoff Open Source Software Engineer Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-0 [.] Fax : +49 421 22232-99 muehlenh...@univention.de http://www.univention.de Gesch

Bug#724487: xmms2: FTBFS: fatal error: modplug.h: No such file or directory

', '-g', '-O0', '-Wall', '-Wempty-body', '-Wformat=2', '- Wformat-nonliteral', '-Wformat-security', '-Wignored-qualifiers', '-Wmissing- prototypes', '-Wstrict-prototypes', '-Wtype-limits', &#x

Bug#816042: closed by Jonas Smedegaard (reply to 816...@bugs.debian.org) (Re: Bug#816042: Don't include in stretch)

reopen 816042 thanks On Tue, Apr 12, 2016 at 12:27:09PM +, Debian Bug Tracking System wrote: > Quoting Moritz Muehlenhoff (2016-02-26 22:31:43) > > asterisk hasn't seen a maintainer upload to unstable in 2015. It's > > already excluded from testing due to an unrelated FTBFS bug. This bug > >

Bug#718309: python-irclib: duplicate of python-irc

reassign 718309 ftp.debian.org retitle 718309 RM: python-irclib: Obsolete severity 718309 normal thanks On Thu, Aug 08, 2013 at 03:40:03PM +0200, Margarita Manterola wrote: > Hi, > > On Tue, Jul 30, 2013 at 12:27 AM, Oxan van Leeuwen > wrote: > > This package is an old version of the python-irc

Bug#785898: freerdp: Please update to GStreamer 1.x

On Mon, Oct 19, 2015 at 07:23:45AM +, Mike Gabriel wrote: > Hi Laurent, > > On Mo 19 Okt 2015 01:00:24 CEST, Laurent Bigonville wrote: > > >Package: src:freerdp > >Followup-For: Bug #785898 > > > >Hi, > > > >Quickly looking at upstream git repository, it seems that they now > >support gst 1.

Bug#785891: psimedia: Please update to GStreamer 1.x

On Mon, Feb 01, 2016 at 06:26:33PM +0300, Boris Pek wrote: > Hi Moritz, > > > what's the status, is there pending work to fix this upstream? The > > list of remaining gstreamer 0.10 is now becoming really short, so > > at one point psimedia will have to be removed along if it doesn't > > get fixed

Bug#813258: [Pkg-sugar-devel] Bug#813258: sugar-record-activity: Should sugar-record-activity be removed?

On Sun, Jan 31, 2016 at 08:16:47AM +0530, Jonas Smedegaard wrote: > Quoting Moritz Muehlenhoff (2016-01-31 04:00:28) > > Should sugar-record-activity be removed? It depends on gstreamer, > > which is scheduled for removal and there doesn't seem to be any > > upstream activity to port it to modern

Bug#802976: Should this package be removed?

On Fri, Nov 13, 2015 at 07:38:41PM +0100, Thibaut Girka wrote: > Le 13 novembre 2015 18:42:55 CET, "Moritz Mühlenhoff" a > écrit : > >On Tue, Oct 27, 2015 at 03:32:17PM +0100, Thibaut Girka wrote: > >> On Sun, Oct 25, 2015 at 09:22:53PM +0100, Moritz Mühlenhoff wro

Bug#813257: turtleart: Should turtleart be removed?

retitle 813257 RM: turtleart -- unmaintained, depends on gstreamer 0.10 reassign 813257 ftp.debian.org severity 813257 normal thanks On Sat, Jan 30, 2016 at 11:28:26PM +0100, Moritz Muehlenhoff wrote: > Package: turtleart > Version: 98-1.1 > Severity: serious > > Should turtleart be removed? It d

Bug#785832: gamine: diff for NMU version 1.1-3.1

Dear maintainers, this is the patch for my gamine NMU for the gstreamer transition. Cheers, Moritz diff -Nru gamine-1.1/debian/changelog gamine-1.1/debian/changelog --- gamine-1.1/debian/changelog 2013-06-23 12:35:22.0 +0200 +++ gamine-1.1/debian/changelog 2015-11-14 23:56:50.

Bug#783503: mediawiki: not suitable for Stretch

On Fri, Nov 06, 2015 at 09:10:26PM +0100, Salvatore Bonaccorso wrote: > Hi, > > On Mon, Apr 27, 2015 at 04:00:10PM +0100, Jonathan Wiltshire wrote: > > Package: mediawiki > > Version: 1:1.19.20+dfsg-2.3 > > Severity: serious > > Tags: stretch sid > > > > Mediawiki as it currently stands is not su

Bug#803782: Should drawtk be removed?

reassign 803782 ftp.debian.org retitle 803782 RM: drawtk - unmaintained, no rev deps, depends on gstreamer 0.10 thanks On Mon, Nov 02, 2015 at 07:42:51PM +0100, Moritz Muehlenhoff wrote: > Source: drawtk > Severity: serious > > Should drawtk be removed? > - Last maintainer upload in 2012 > - No r

Bug#785867: morituri: Please update to GStreamer 1.x

On Sat, Nov 28, 2015 at 04:54:11PM +0100, Jonas Smedegaard wrote: > Hi Moritz, > > Quoting Moritz Muehlenhoff (2015-11-14 23:18:21) > > On Wed, May 20, 2015 at 04:03:06PM +0300, sl...@debian.org wrote: > >> your package morituri currently still depends on GStreamer 0.10. > >> > >> GStreamer 0.10 i

<    4   5   6   7   8   9   10   11   >