Bug#1004682: src:pure-ftpd: fails to migrate to testing for too long: uploader built arch:all binaries

2022-01-31 Thread Stefan Hornburg (Racke)
On 31/01/2022 19:39, Paul Gevers wrote: Source: pure-ftpd Version: 1.0.49-4.1 Severity: serious Control: close -1 1.0.50-2 Tags: sid bookworm pending User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync b

Bug#943874: pure-ftpd: pure-ftp error on upgrade

2021-01-22 Thread Stefan Hornburg (Racke)
On 1/18/21 11:55 PM, Andreas Beckmann wrote: > Followup-For: Bug #943874 > Control: tag -1 patch pending > > Hi, > > I'm attaching a patch that tries to clean up the docdir symlink mess. > The package is already uploaded to DELAYED/5. > > > Andreas > Thanks a lot for your fixes! Regards

Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers

2020-12-07 Thread Stefan Hornburg (Racke)
On 12/7/20 10:52 AM, Sylvain Beucler wrote: > Hi, > > On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)" > wrote: >> On 10/7/20 3:03 PM, Sylvain Beucler wrote: >> > I noticed this local root escalation yesterday and I'm working on a &g

Bug#961491: fixed in sympa 6.2.40~dfsg-5

2020-10-10 Thread Stefan Hornburg (Racke)
On 10/7/20 3:03 PM, Sylvain Beucler wrote: > Hi, > > I noticed this local root escalation yesterday and I'm working on a > Stretch LTS update. > See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 > > Are there plans to update buster? > > Cheers! > Sylvain > Hello Sylvain, t

Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers

2020-05-25 Thread Stefan Hornburg (Racke)
package: sympa severity: critical tags: upstream security patch Security advisory: https://sympa-community.github.io/security/2020-002.html Excerpt: --snip-- A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses

Bug#952428: Security flaws in CSRF prevention

2020-02-24 Thread Stefan Hornburg (Racke)
package: sympa severity: critical version: 6.2.40~dfsg-3 tags: patch A vulnerability has been discovered in Sympa web interface that can cause denial of service (DoS) attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary

Bug#940505: pure-ftpd: TLS 1.3 support broken

2019-09-16 Thread Stefan Hornburg (Racke)
On 9/16/19 3:53 PM, Thomas Deutschmann wrote: > Source: pure-ftpd > Severity: grave > Justification: causes non-serious data loss > > Dear Maintainer, > > please consider disabling TLS 1.3 support. > > While you added TLS 1.3 compatibility through bug 918630, this uncovered > a grave bug in pure

Bug#671644: Login problem confirmed

2018-12-02 Thread Stefan Hornburg (Racke)
Hello Daniel, sorry for the very, very late answer to your bug report. This problem still exists in current Sympa and I actually suspect that you are correct and this a problem with Cookie handling. It actually results in *changing* the current password. Regards Racke -- Ecommerce an

Bug#909383: Patch to skip install for Xemacs21

2018-12-01 Thread Stefan Hornburg (Racke)
Hello, attached is a patch to skip install of python-mode for Xemacs21. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. --- python-mode-6.2.3/debian/emacsen-install 2017-01-17 22:33:55.00

Bug#909383: xemacs21 stale

2018-11-30 Thread Stefan Hornburg (Racke)
I think the main problem is that xemacs21 is quite stale, latest upstream release dating back to 2013. Thus it doesn't support (string-to-syntax) Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning

Bug#909383: Fails to install

2018-11-30 Thread Stefan Hornburg (Racke)
This even happens on a normal system - looks like it enters an infinite loop: Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim

Bug#877173: Critical Errors in 6.2.20 Release

2017-09-29 Thread Stefan Hornburg (Racke)
Package: sympa Version: 6.2.20~dfsg-2 Severity: serious upgrade_send_spool.pl could leave some messages not upgraded [diff] "sympa.pl --change_user_email" was broken GH #65 Next release is planned for 1st of October. Regards Racke -- Ecommerce and Linux consulting + Perl and

Bug#863631: Also affects sympa: trashes configuration on update without asking

2017-07-26 Thread Stefan Hornburg (Racke)
On 07/05/2017 10:42 PM, Daniel Gnoutcheff wrote: > Control: found -1 6.1.23~dfsg-2+deb8u1 > > I've experienced this on jessie as well when upgrading from > 6.1.23~dfsg-2 to 6.1.23~dfsg-2+deb8u1 for the 8.7 point release. > > The listmaster directive in /etc/sympa/sympa.conf got clobbered, locking

Bug#868720: sympa FTBFS: configure: error: invalid value /usr/sbin/newaliases for newaliases command

2017-07-18 Thread Stefan Hornburg (Racke)
On 07/18/2017 01:02 AM, Adrian Bunk wrote: > Source: sympa > Version: 6.2.16~dfsg-4 > Severity: serious > > https://buildd.debian.org/status/package.php?p=sympa&suite=sid > > ... > checking for pod2man... /usr/bin/pod2man > checking for makemap... /usr/bin/makemap > checking user-supplied newalia

Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in

2017-06-25 Thread Stefan Hornburg (Racke)
ase use > dpkg-maintscript-helper rm_conffile > to remove it properly (also from dpkg's database). > > > cheers, > > Andreas > Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administr

Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in

2017-06-11 Thread Stefan Hornburg (Racke)
On 06/10/2017 03:06 PM, Stefan Hornburg (Racke) wrote: > On 06/10/2017 02:02 PM, Andreas Beckmann wrote: >> Package: sympa >> Version: 6.2.16~dfsg-3 >> Severity: serious >> User: debian...@lists.debian.org >> Usertags: piuparts >> >> Hi, >> &g

Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in

2017-06-10 Thread Stefan Hornburg (Racke)
On 06/10/2017 02:02 PM, Andreas Beckmann wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https:/

Bug#863701: sympa: insists that cookie has changed when it hasn't

2017-05-30 Thread Stefan Hornburg (Racke)
On 05/30/2017 03:38 PM, Dominik George wrote: > Hi, > >> In this case the head command might not be in the path Sympa is seeing. >> Could you please test if >> `/usr/bin/head ...` works for you? > > Yes, it does. > > -nik > OK, thanks a lot. I'll adjust the default settings for the configurat

Bug#863701: sympa: insists that cookie has changed when it hasn't

2017-05-30 Thread Stefan Hornburg (Racke)
On 05/30/2017 10:35 AM, Dominik George wrote: > Hi, > >> The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian >> package, >> so this hasn't changed? > > Confirmed. > >> >> What are the permissions of the cookie file? > > 640 owned by sympa:sympa > > I have placed debugging p

Bug#863701: sympa: insists that cookie has changed when it hasn't

2017-05-30 Thread Stefan Hornburg (Racke)
On 05/30/2017 09:37 AM, Dominik George wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: grave > Justification: renders package unusable > > SYMPA suddenly refuses to start with: > > May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter > has changed. You may ha

Bug#848015: ciphersaber: diff for NMU version 1.01-2.1

2017-04-03 Thread Stefan Hornburg (Racke)
On 04/04/2017 07:01 AM, Mattia Rizzolo wrote: > Control: tags 848015 + patch > Control: tags 848015 + pending > > Dear maintainer, > > I've prepared an NMU for ciphersaber (versioned as 1.01-2.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer. > > Regar

Bug#829477: courier-mta: fails to install: Invalid command 'gendh'

2016-10-31 Thread Stefan Hornburg (Racke)
On 07/03/2016 07:07 PM, Andreas Beckmann wrote: > Package: courier-mta > Version: 0.76.1-3+exp1 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package failed to install. As > per definition of the release team thi

Bug#754538: sqwebmail fails to install due to non-existant /var/www directory

2014-07-12 Thread Stefan Hornburg (Racke)
On 07/12/2014 10:12 AM, Willi Mann wrote: > Package: sqwebmail > Version: 0.73.1-1.2 > Severity: serious > Justification: fails to install > > Hi Racke, > > sqwebmail fails to install if the directory /var/www does not exist (which > apparently does not exist if nginx is installed as httpd-cgi):

Bug#741899: courier-maildrop: maildrop fails to deliver to virtual user reporting "Invalid user specified."

2014-03-24 Thread Stefan Hornburg (Racke)
On 03/17/2014 03:25 AM, Thomas L Marshall wrote: > Package: courier-maildrop > Version: 0.73.1-1 > Severity: grave > Tags: d-i > Justification: renders package unusable > > Dear Maintainer, > > After upgrading to courier-maildrop_0.73.1-1_amd64.deb, my email server begin > bouncing messages with

Bug#741620: upgrade broke starttls?

2014-03-14 Thread Stefan Hornburg (Racke)
severity 741620 grave thanks On 03/14/2014 04:38 PM, Joey Hess wrote: > Package: courier-imap-ssl > Version: 4.15-1 > Severity: normal > > Establishing connection to kitenet.net:143 > ERROR: While attempting to sync account 'joey' > command: CAPABILITY => socket error: - [Errno 1] > _ssl.c:

Bug#730086: courier-pop-ssl not able to upgrade: error

2014-03-09 Thread Stefan Hornburg (Racke)
tags 730086 unreproducible severity 730086 important thanks On 11/21/2013 08:01 AM, Andreas Rittershofer wrote: > Package: courier-pop-ssl > Version: 0.68.2-1 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > >* What led up to the situation? > > apt-get upgr

Bug#741162: Install fails due to dangling symlink

2014-03-09 Thread Stefan Hornburg (Racke)
Package: courier-pop-ssl Version: 0.73.1-0.1 Severity: grave Justification: renders package unusable It fails on a fresh install on my system: Setting up courier-pop-ssl (0.73.1-0.1) ... cp: not writing through dangling symlink ‘/usr/lib/courier/pop3d.pem’ dpkg: error processing package courier-p

Bug#730086: courier-pop-ssl not able to upgrade: error

2014-03-09 Thread Stefan Hornburg (Racke)
On 11/21/2013 08:01 AM, Andreas Rittershofer wrote: > Package: courier-pop-ssl > Version: 0.68.2-1 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > >* What led up to the situation? > > apt-get upgrade > >* What was the outcome of this action? > > apt-g

Bug#730346: dh-make-drupal barfs on undefined method 'search'

2013-11-24 Thread Stefan Hornburg (Racke)
package: dh-make-drupal version: 1.6-1 severity: grave racke@argus:~/build$ dh-make-drupal google_analytics /usr/bin/dh-make-drupal:695:in `fetch_data': undefined method `search' for nil:NilClass (NoMethodError) from /usr/bin/dh-make-drupal:747:in `for' from /usr/bin/dh-make-drupa

Bug#691485: Security vulnerabilities in RT

2012-10-26 Thread Stefan Hornburg (Racke)
package: request-tracker3.8 severity: critical tags: security >From the RT mailing lists: We have determined a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and 4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as w

Bug#691486: Security vulnerabilities in RT

2012-10-26 Thread Stefan Hornburg (Racke)
package: request-tracker4 severity: critical tags: security >From the RT mailing lists: We have determined a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and 4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as wel

Bug#642165: Observations

2012-07-01 Thread Stefan Hornburg (Racke)
Hello, on my local machine it fails too in my sid /chroot. Building the package from my installed wheezy works fine. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange De

Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore

2012-05-01 Thread Stefan Hornburg (Racke)
On 04/18/2012 11:40 AM, Alberto Serrano wrote: Hi Racke, We have been experiencing the same issue since upgrade to 0.67.0 (yesterday at 19:00 GMT+2 approx.). Imap server connections don't work properly anymore. In /var/log/syslog, the imap log entries stop after initial connection: Apr 18

Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore

2012-04-18 Thread Stefan Hornburg (Racke)
On 04/18/2012 02:15 PM, Alberto Serrano wrote: Confirmed. After installing fam, the problem is solved: # apt-get install fam libfam0 So it was probably related to the recent upgrade of libgamin0 0.1.10-4. Thanks again, Alberto. PS: To those applying this workaround. Do not install only libfa

Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore

2012-04-18 Thread Stefan Hornburg (Racke)
On 04/18/2012 01:25 PM, Jesse Molina wrote: Here an FYI of a problem I had recently. I doubt this is the same issue, but I'll write it up anyway for posterity. I had a similar issue about a week ago when I updated some courier related packages. The issue turned out to be some kind of problem

Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore

2012-04-18 Thread Stefan Hornburg (Racke)
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote: Package: courier-imap Version: 4.10.0-1 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, * What led up to the situation? An update. * What exactly did you do (or not do) that was effective (or

Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore

2012-04-17 Thread Stefan Hornburg (Racke)
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote: Package: courier-imap Version: 4.10.0-1 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, * What led up to the situation? An update. * What exactly did you do (or not do) that was effective (or

Bug#620396: dot-forward and courier-mta: error when trying to install together

2011-09-05 Thread Stefan Hornburg (Racke)
On 04/01/2011 08:19 PM, Ralf Treinen wrote: Package: courier-mta,dot-forward Version: courier-mta/0.65.3-2 Version: dot-forward/1:0.71-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2011-04-01 Architecture: amd64 Distribution: sid Hi, automatic installation te

Bug#617334: Squeeze is still vulnerable

2011-09-02 Thread Stefan Hornburg (Racke)
On 09/01/2011 11:05 PM, Igor Sverkos wrote: Hi, please correct me, but the current Debian stable (squeeze) looks still vulnerable: root@squeeze /root # apt-show-versions pure-ftpd pure-ftpd/squeeze uptodate 1.0.28-3 Did you forget to create an update for the stable branch? That's tr

Bug#624848: Glob vulnerability in Pure-FTPd

2011-05-01 Thread Stefan Hornburg (Racke)
package: pure-ftpd, pure-ftpd-mysql, pure-ftpd-postgresql severity: serious tag: security From the author on the Pure-FTPd mailinglist: --snip-- A new "0-day" multiple vendors vulnerability in the glob(3) function has been published. A command like STAT {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/

Bug#622014: courier: FTBFS: libcouriertls.c:555: undefined reference to `SSLv2_method'

2011-04-14 Thread Stefan Hornburg (Racke)
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote: Source: courier Version: 0.65.3-2 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20110408 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd

Bug#622014: courier: FTBFS: libcouriertls.c:555: undefined reference to `SSLv2_method'

2011-04-11 Thread Stefan Hornburg (Racke)
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote: Source: courier Version: 0.65.3-2 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20110408 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd

Bug#617334: Patch for TLS security flaw

2011-03-08 Thread Stefan Hornburg (Racke)
Hello, The patch can be found on GitHub: https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4 Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Int

Bug#617334: Update on security problem

2011-03-08 Thread Stefan Hornburg (Racke)
Hello, I asked on the mailing list for a single patch which fixes the TLS security flaw so we can use it for stable and maybe oldstable security upgrade. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http

Bug#617334: TLS security flaw

2011-03-08 Thread Stefan Hornburg (Racke)
package: pure-ftpd tags: security severity: grave The new release 1.0.30 fixes a flaw similar to Postfix's CVE-2011-0411 by clearing the command-line buffer after switching to TLS. Reference: http://tech.groups.yahoo.com/group/postfix-users/message/275069 Regards Racke -- LinuXia Syst

Bug#606704: If someone fixes this bug, please fix #605355 as well

2011-01-08 Thread Stefan Hornburg (Racke)
On 01/07/2011 07:23 PM, Mehdi Dogguy wrote: On 0, "Stefan Hornburg (Racke)" wrote: On 12/29/2010 06:20 PM, Christian PERRIER wrote: I got a verbal ACK from at least one release team member that fixing the Portuguese debconf translation update for squeeze (with a t-p-u upload) would

Bug#606704: If someone fixes this bug, please fix #605355 as well

2010-12-30 Thread Stefan Hornburg (Racke)
On 12/29/2010 06:20 PM, Christian PERRIER wrote: I got a verbal ACK from at least one release team member that fixing the Portuguese debconf translation update for squeeze (with a t-p-u upload) would be OK. I was indeed about to build such upload when I got pointed by Julien to this RC bug. So,

Bug#606704: sympa: installation fails

2010-12-14 Thread Stefan Hornburg (Racke)
On 12/11/2010 01:41 AM, Lucas Nussbaum wrote: Package: sympa Version: 6.0.1+dfsg-3 Severity: serious User: debian...@lists.debian.org Usertags: instest-20101207 instest Hi, While testing the installation of all packages in squeeze, I ran into the following problem: [..] + echo Not configur

Bug#594119: Upgrade path from Lenny to Squeeze is broken

2010-11-14 Thread Stefan Hornburg (Racke)
On 11/13/2010 09:59 PM, Julien Cristau wrote: On Tue, Nov 2, 2010 at 12:27:59 +0100, Stefan Hornburg (Racke) wrote: On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote

Bug#594119: Upgrade path from Lenny to Squeeze is broken

2010-11-03 Thread Stefan Hornburg (Racke)
On 11/02/2010 09:20 PM, Adam D. Barratt wrote: On Tue, 2010-11-02 at 12:27 +0100, Stefan Hornburg (Racke) wrote: On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote: Err

Bug#594119: Upgrade path from Lenny to Squeeze is broken

2010-11-02 Thread Stefan Hornburg (Racke)
On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote: On Tue, Aug 31, 2010 at 15:00:32 +0200, Stefan Hornburg (Racke) wrote: Fix applied to Git: http://git.debian.org/?p

Bug#601507: Postinst script breaks on chmod aliaswrapper

2010-10-26 Thread Stefan Hornburg (Racke)
On 10/26/2010 10:18 PM, Stefan Hornburg (Racke) wrote: package: sympa version: 6.1.1~dfsg-1 severity: grave Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes failure of postinst script: Setting up sympa (6.1.1~dfsg-1) ... dbconfig-common: writing config to /etc/dbconfig

Bug#601507: Postinst script breaks on chmod aliaswrapper

2010-10-26 Thread Stefan Hornburg (Racke)
package: sympa version: 6.1.1~dfsg-1 severity: grave Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes failure of postinst script: Setting up sympa (6.1.1~dfsg-1) ... dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf dbconfig-common: flushing administrative

Bug#597434: Fixe for courier IMAP_ULIMITD

2010-09-24 Thread Stefan Hornburg (Racke)
On 09/23/2010 06:54 AM, Thomas Goirand wrote: Hi, Here's a patch to fix the issue. Do you agree that is the way to fix it, and would you accept that I NMU this fix, so that it has a chance to get into Squeeze soon? Thomas Goirand (zigo) I'm going to upload fixed packages myself. Regards

Bug#597434: Fixe for courier IMAP_ULIMITD

2010-09-23 Thread Stefan Hornburg (Racke)
On 09/23/2010 06:54 AM, Thomas Goirand wrote: Hi, Here's a patch to fix the issue. Do you agree that is the way to fix it, and would you accept that I NMU this fix, so that it has a chance to get into Squeeze soon? Thomas Goirand (zigo) I'm going to upload a fixed version myself. Thanks for

Bug#597434: The /etc/courier/imapd IMAP_ULIMITD is too small

2010-09-20 Thread Stefan Hornburg (Racke)
On 09/19/2010 07:52 PM, Thomas Goirand wrote: Package: courier-imap Version: 4.8.0-1 Severity: grave In the file /etc/courier/imapd, there is the following: IMAP_ULIMITD=65536 While it doesn't seem so problematic under i386, under amd64 arch, each time I want to setup a server with courier-imap

Bug#594119: Upgrade path from Lenny to Squeeze is broken

2010-08-31 Thread Stefan Hornburg (Racke)
On 08/25/2010 01:59 PM, Stefan Hornburg (Racke) wrote: On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: critical {,family,bounce}queue binaries are now installed in /usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will breaks

Bug#594113: task_manager.pl daemon failed to start

2010-08-26 Thread Stefan Hornburg (Racke)
On 08/24/2010 11:44 AM, Jonas Smedegaard wrote: Hi Emmanuel, On Mon, Aug 23, 2010 at 09:20:38PM +0200, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: grave To start correctly, task_manager.pl daemon expects /usr/share/sympa/default/ca-bundle.crt to be a valid symlink

Bug#594113: task_manager.pl daemon failed to start

2010-08-26 Thread Stefan Hornburg (Racke)
On 08/26/2010 09:49 AM, Jonas Smedegaard wrote: On Thu, Aug 26, 2010 at 08:24:46AM +0200, Emmanuel Bouthenot wrote: Well, you not experiencing problems avoiding Recommends do not really change the Debian definition of the Recommends: stanza: >`Recommends' > This declares a strong, but not abs

Bug#594119: Upgrade path from Lenny to Squeeze is broken

2010-08-25 Thread Stefan Hornburg (Racke)
On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: critical {,family,bounce}queue binaries are now installed in /usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will breaks mail aliases used by SYMPA during the upgrade from Lenny t

Bug#594113: task_manager.pl daemon failed to start

2010-08-25 Thread Stefan Hornburg (Racke)
On 08/25/2010 10:34 AM, Jonas Smedegaard wrote: On Wed, Aug 25, 2010 at 09:18:36AM +0200, Stefan Hornburg (Racke) wrote: IMHO Sympa daemons should work without packages in Recommends. And ca-certificates isn't really a problem to be depend on. Is S/MIME a mandatory or optional featu

Bug#594113: task_manager.pl daemon failed to start

2010-08-25 Thread Stefan Hornburg (Racke)
On 08/25/2010 09:11 AM, Emmanuel Bouthenot wrote: When not respecting recommends, you cannot expect package to work "out of the box" but will need some hand-tuning to get working. I never install Recommends on my Debian machines (servers, desktop, laptop). It's the first time I encounter such

Bug#584001: courier-faxmail: Security bugs in ghostscript

2010-06-02 Thread Stefan Hornburg (Racke)
On 06/01/2010 03:05 AM, Paul Szabo wrote: Package: courier-faxmail Severity: grave Tags: security Justification: user security hole Please note remote execute-any-code security bugs in ghostscript: http://bugs.debian.org/583183 This package depends on ghostscript, and may be affected. Plea

Bug#584001: courier-faxmail: Security bugs in ghostscript

2010-06-01 Thread Stefan Hornburg (Racke)
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote: Dear Racke, What kind of fixes do you have in mind? Please add the -P- option to all $GS invocations. Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics Unive

Bug#584001: courier-faxmail: Security bugs in ghostscript

2010-06-01 Thread Stefan Hornburg (Racke)
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote: Dear Racke, What kind of fixes do you have in mind? Please add the -P- option to all $GS invocations. OK, I'll do so today. I just wonder why this option isn't mentioned in the gs manpage. Regards Racke -- LinuXia Systems

Bug#583989: Courier IMAP: Clients think logins have failed after upgrade

2010-06-01 Thread Stefan Hornburg (Racke)
On 06/01/2010 01:18 AM, Adam Warner wrote: Package: courier Version: 0.64.2-1 Severity: grave Upstream has the patch: "Thunderbird chokes on that and requests a login again, claimin

Bug#584001: courier-faxmail: Security bugs in ghostscript

2010-06-01 Thread Stefan Hornburg (Racke)
On 06/01/2010 03:05 AM, Paul Szabo wrote: Package: courier-faxmail Severity: grave Tags: security Justification: user security hole Please note remote execute-any-code security bugs in ghostscript: http://bugs.debian.org/583183 This package depends on ghostscript, and may be affected. Plea

Bug#579790: courier-authdaemon: uninstallation fails: exec: /usr/sbin/courierlogger: cannot execute: No such file or directory

2010-05-07 Thread Stefan Hornburg (Racke)
On 05/06/2010 10:35 PM, Sascha Silbe wrote: I've worked around this by killing the remaining courier processes manually ("pkill -f courier") and hacking /var/lib/dpkg/info/courier-authdaemon.prerm to do "exit 0" immediately. Courier is now gone from my system. CU Sascha OK, thanks for the in

Bug#436266: (no subject)

2010-05-04 Thread Stefan Hornburg (Racke)
severity 436266 important thanks On 05/03/2010 11:04 PM, Olaf van der Spek wrote: severity 436266 serious thanks This one leads to data loss... I don't consider this a serious data loss. Volatile and discarded data has to be purged at some point. Of course, the default setting can still be

Bug#579550: sympa: missing dependencies

2010-04-30 Thread Stefan Hornburg (Racke)
On 04/28/2010 04:23 PM, Malte S. Stretz wrote: Package: sympa Version: 6.0.1-1 Severity: grave Justification: renders package unusable Startup will fail because the following Perl libraries aren't automatically pulled in: libfile-copy-recursive libnet-netmask-perl libterm-progressbar-perl Ca

Bug#575366: HTTP response splitting vulnerability

2010-03-25 Thread Stefan Hornburg (Racke)
package: interchange severity: critical tags: security, fixed-upstream Interchange 5.7.6 closes a potential HTTP response splitting vulnerability. For details see http://www.icdevgroup.org/i/dev/news?mv_arg=00042. The patch to fix the vulnerability is here: http://git.icdevgroup.org/?p=interch

Bug#574106: Build failure on sid (AMD64)

2010-03-16 Thread Stefan Hornburg (Racke)
Stefan Hornburg (Racke) wrote: package: courier severity: serious Courier packages fail to build on sid (AMD64 architecture). The error message is: /usr/bin/libtool --tag=CXX --mode=link g++ -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 -lcrypt -o aliaslookup aliaslookup.o

Bug#572439: SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

2010-03-04 Thread Stefan Hornburg (Racke)
package: drupal6 severity: critical tags: security * Advisory ID: DRUPAL-SA-CORE-2010-001 * Project: Drupal core * Version: 5.x, 6.x * Date: 2010-March-03 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities DESCRIPTION ---

Bug#560614: fixed

2010-01-24 Thread Stefan Hornburg (Racke)
Jan Dittberner wrote: I patched debian/rules to use the system libtool to fix this FTBFS and NMUed it at BSP Mönchengladbach. That's great. Please send me the patch. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration IC

Bug#563407: sympa: FTBFS because libmime-base64-perl was removed

2010-01-03 Thread Stefan Hornburg (Racke)
Ansgar Burchardt wrote: Hi, "Stefan Hornburg (Racke)" writes: So why does it fail if perl is present? That seems odd to me. Some buildds will not consider alternative dependencies, others may do so. Many buildds run different versions of sbuild (see also for example #54134

Bug#563407: sympa: FTBFS because libmime-base64-perl was removed

2010-01-03 Thread Stefan Hornburg (Racke)
Ansgar Burchardt wrote: Source: sympa Version: 5.4.7-1 Severity: serious Justification: FTBFS Hi, sympa failed to build [1] on hppa, hurd-i386, ia64, mips, mipsel, sparc because libmime-base64-perl is no longer a real package and sympa has a versioned build-dep on it. Replacing the build-dep

Bug#559802: CVE-2009-3736 local privilege escalation

2009-12-07 Thread Stefan Hornburg (Racke)
Michael Gilbert wrote: Package: courier-authlib Severity: grave Tags: security Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for libtool. I have determined that this package embeds a vulnerable copy of the libtool source code. However, since this is a mass bug fi

Bug#559020: Session Fixation Vulnerability

2009-12-01 Thread Stefan Hornburg (Racke)
Package: request-tracker3.6 Tag: security Severity: critical http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html RT 3.8.6 is not affected. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP

Bug#555087: [courier-mta] courier-mta does not install on clean squeeze system

2009-11-09 Thread Stefan Hornburg (Racke)
tags 555087 + confirmed patch thanks Heiner Markert wrote: Package: courier-mta Version: 0.59.0-3 Severity: serious --- Please enter the report below this line. --- When performing apt-get install courier-mta on an otherwise clean squeeze system, dpkg fails with an post-install script error in

Bug#555087: [courier-mta] courier-mta does not install on clean squeeze system

2009-11-08 Thread Stefan Hornburg (Racke)
Heiner Markert wrote: Package: courier-mta Version: 0.59.0-3 Severity: serious --- Please enter the report below this line. --- When performing apt-get install courier-mta on an otherwise clean squeeze system, dpkg fails with an post-install script error in package courier-mta. Installing the

Bug#554182: courier: missing-build-dependency po-debconf

2009-11-03 Thread Stefan Hornburg (Racke)
tag 554182 + pending confirmed thanks Manoj Srivastava wrote: Package: courier Version: 0.63.0-1 Severity: serious User: lintian-ma...@debian.org Usertags: missing-build-dependency The package doesn't specify a build dependency on a package that is used in debian/rules. Also, it depends on obso

Bug#553539: interchange-ui: dir-or-file-in-var-www /var/www/interchange-5/da_DK/az.gif and 150+ others

2009-10-31 Thread Stefan Hornburg (Racke)
tag 553539 + confirmed fixed-upstream thanks Manoj Srivastava wrote: Package: interchange-ui Version: 5.7.2-1 Severity: serious User: lintian-ma...@debian.org Usertags: dir-or-file-in-var-www Debian packages should not install files under /var/www. This is not one of the /var directories in the

Bug#368905: interchange-doc: Useless without interchange in testing

2009-10-26 Thread Stefan Hornburg (Racke)
Barry deFreese wrote: Hi, What's the status of this. It is from 2006 but interchange has been in testing for a while now. Hello, Barry! Interchange has moved its documentation system, so it'll take a while to adjust the package accordingly. Regards Racke -- LinuXia Systems => htt

Bug#547511: python-scientific and sympa: error when trying to install together

2009-09-21 Thread Stefan Hornburg (Racke)
Olivier Berger wrote: On Sun, Sep 20, 2009 at 02:52:53PM +0200, Ralf Treinen wrote: Unpacking sympa (from .../sympa_5.4.7-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/sympa_5.4.7-1_amd64.deb (--unpack): trying to overwrite '/usr/bin/task_manager', which is also in package p

Bug#521037: courier-base: postinst failure caused by incorrect alternative if maildrop is installed

2009-09-06 Thread Stefan Hornburg (Racke)
Laurent Bonnaud wrote: Package: courier-base Version: 0.61.2-1 Justification: postinst script must not fail Severity: serious Hi, here is the problem: Setting up courier-base (0.61.2-1) ... update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz is already managed by ma

Bug#517960: courier-imap-ssl: upgrade to lenny broke ssl connection

2009-03-03 Thread Stefan Hornburg (Racke)
Erwan David wrote: On Tue, Mar 03, 2009 at 11:01:20AM CET, Stefan Hornburg said: Erwan David wrote: Package: courier-imap-ssl Version: 4.4.0-2 Severity: grave Justification: renders package unusable Since upgrade to lenny, I cannot get a ssl connection with courier-imap. Here is the log: Ma

Bug#505732: SA32658: Interchange Cross-Site Scripting Vulnerabilities

2008-11-14 Thread Stefan Hornburg (Racke)
Raphael Geissert wrote: Source: interchange Severity: grave Version: 5.6.0-1 Tags: security Hi, The following SA (Secunia Advisory) id was published for interchange. SA32658[1]: Some vulnerabilities have been reported in Interchange, which can be exploited by malicious people to conduct cross

Bug#499078: jfsutils: Bus Error when running fsck.jfs on sparc

2008-10-13 Thread Stefan Hornburg (Racke)
Luk Claes wrote: Stefan Hornburg (Racke) wrote: Luk Claes wrote: Hi Any news from upstream? Can we expect an upload shortly? No word from upstream. Will you upload a version that at least takes care of being able to recover from a power failure like the patch submitter proposes? We have

Bug#499078: jfsutils: Bus Error when running fsck.jfs on sparc

2008-10-13 Thread Stefan Hornburg (Racke)
Luk Claes wrote: Hi Any news from upstream? Can we expect an upload shortly? No word from upstream. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange Development T

Bug#501605: sympa: broken post-inst script

2008-10-09 Thread Stefan Hornburg (Racke)
Niko Tyni wrote: severity 501605 serious tag 501605 - unreproducible thanks On Thu, Oct 09, 2008 at 01:42:39PM +0200, Patrick Schoenfeld wrote: Severity 501605 important thanks I have tested the installation of sympa as well and I can't reproduce the problem. Additional I auditted the post-i

Bug#498144: remove sympa from lenny?

2008-10-03 Thread Stefan Hornburg (Racke)
Lucas Nussbaum wrote: On 03/10/08 at 15:21 +0200, Olivier Berger wrote: Le vendredi 03 octobre 2008 à 12:43 +0200, Thomas Viehmann a écrit : It does not seem to have reverse dependencies. There are a few users (double digit popcon), but not exceedingly many. As it is on the servers, I assume

Bug#498144: remove sympa from lenny?

2008-10-03 Thread Stefan Hornburg (Racke)
Thomas Viehmann wrote: Hi, sympa has two RC bugs open for about one month, #496520 about insecure usage of tmp (which looks at least partially fixed upstream, but has no maintainer response) and #498144 about problems on upgrade (with an initial maintainer response "will investigate, also happen

Bug#496520: remove sympa from lenny?

2008-10-03 Thread Stefan Hornburg (Racke)
Thomas Viehmann wrote: Hi, sympa has two RC bugs open for about one month, #496520 about insecure usage of tmp (which looks at least partially fixed upstream, but has no maintainer response) and #498144 about problems on upgrade (with an initial maintainer response "will investigate, also happen

Bug#490881: give back (on alpha only) and unblock jfsutils

2008-07-31 Thread Stefan Hornburg (Racke)
Steve Langasek wrote: On Wed, Jul 30, 2008 at 09:18:55PM +0300, Teodor wrote: I didn't received any response from the alpha buildd admins, maybe the message was lost. Is there anyone who can tell where the problem is and fix it? Can you unblock it also? It is 26 days old and it could migrate to

Bug#485424: courier-authlib: possible sql injection

2008-06-09 Thread Stefan Hornburg (Racke)
Steffen Joeris wrote: > Package: courier-authlib > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi > > It was announced that courier-authlib suffers from a sql injection > vulnerability with MySQL databases that use non-Latin character > sets. > For more inform

Bug#482048: Source package contains non-free IETF RFC/I-D

2008-05-22 Thread Stefan Hornburg (Racke)
Simon Josefsson wrote: Severity: serious Package: courier Version: 0.59.0-1 User: [EMAIL PROTECTED] Usertags: nonfree-doc rfc Hi! This source package contains the following files that claim to be released under the non-free IETF license in RFC 2026: courier-0.59.0.orig/courier/doc/draft-vars

Bug#475163: intent to NMU

2008-04-11 Thread Stefan Hornburg (Racke)
Stefan Hornburg wrote: > Nico Golde wrote: >> Hi, >> the attached patch fixes this issue. >> It will be also archive on: >> http://people.debian.org/~nion/nmu-diff/sympa-5.3.4-3_5.3.4-3.1.patch > > sympa_5.3.4-4_i386.changes uploaded successfully to localhost > along with the files: > sympa_5.3.4

Bug#462515: sqwebmail: installation fails

2008-01-30 Thread Stefan Hornburg (Racke)
Willi Mann wrote: >> I don't know if it should supply it, but it doesn't. > > Hi Racke, hi Lucas! > > Why don't we just ship the directory /usr/lib/cgi-bin in the sqwebmail > package? Except for a lintian warning (empty directory), that should > work, AFAIK, as a directory can be owned by more th

Bug#462515: sqwebmail: installation fails

2008-01-25 Thread Stefan Hornburg (Racke)
Lucas Nussbaum wrote: > On 25/01/08 at 13:48 +0100, Stefan Hornburg (Racke) wrote: >> Lucas Nussbaum wrote: >>> On 25/01/08 at 13:02 +0100, Stefan Hornburg (Racke) wrote: >>>> Lucas Nussbaum wrote: >>>>> Package: sqwebmail >>>>> Vers

Bug#462515: sqwebmail: installation fails

2008-01-25 Thread Stefan Hornburg (Racke)
Lucas Nussbaum wrote: > On 25/01/08 at 13:02 +0100, Stefan Hornburg (Racke) wrote: >> Lucas Nussbaum wrote: >>> Package: sqwebmail >>> Version: 0.58.0-1 >>> Severity: serious >>> >>> In a clean chroot: >>> >>> Setting up sqweb

  1   2   >