Hi,
I know this may come as a shock, given how often this isn't the case,
but the contrib status is dutifully documented in the copyright file:
https://metadata.ftp-master.debian.org/changelogs//contrib/c/cytadela/cytadela_1.1.0-4_copyright
;)
Please review and revise severity / close
in msi_dirent_new()
Fix more fuzzer errors
etc.
so most probably there isn't a single clean patch to apply :/
We might want to just bump to buster and bullseye to 2.3, there's only
one rdep AFAICS.
Cheers!
Sylvain Beucler
Debian LTS Team
(this week's Front-Desk person)
Hi,
Note that jessie-elts is not part of the official Debian project, see
https://wiki.debian.org/LTS/Extended
So using Debian-specific resources (the BTS) for elts-specific issues
may be considered an abuse.
Cheers!
Sylvain Beucler
Debian LTS Team
On Thu, 12 Aug 2021 00:17:36 +0200 Andreas
On 07/12/2020 12:06, Stefan Hornburg (Racke) wrote:
On 12/7/20 10:52 AM, Sylvain Beucler wrote:
This high-severity issue was marked with:
[buster] - sympa (Will be fixed via point release)
Consequently I am surprised that it wasn't part of last week's Debian 10.7
point release.
What
Hi,
On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)"
wrote:
On 10/7/20 3:03 PM, Sylvain Beucler wrote:
> I noticed this local root escalation yesterday and I'm working on a
> Stretch LTS update.
> See also https://salsa.debian.org/sympa-team/sympa
Hi,
I noticed this local root escalation yesterday and I'm working on a
Stretch LTS update.
See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1
Are there plans to update buster?
Cheers!
Sylvain
Hi,
On Tue, 6 Aug 2019 08:28:43 +0200 Salvatore Bonaccorso wrote:
> Thanks for keeping track and following up.
>
> On Tue, Aug 06, 2019 at 08:05:11AM +0200, Bastian Blank wrote:
> > Moin
> >
> > On Tue, Jul 02, 2019 at 01:38:10PM +0200, Moritz Muehlenhoff wrote:
> > > On Tue, Jul 02, 2019 at
In case this helps, here's some documentation to test the issue with the
new upstream test cases:
https://wiki.debian.org/LTS/TestSuites/nginx
and my planned stretch package:
https://www.beuc.net/tmp/debian-lts/nginx/
Cheers!
Sylvain Beucler
Debian LTS Team
diff -Nru nginx-1.10.3/debian
the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724
Cheers!
Syl
Hi,
On 07/07/2020 17:07, Sylvain Beucler wrote:
> On 06/07/2020 19:11, Sylvain Beucler wrote:
>> Do we have definite info on what versions are affected?
>>
>> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>>
>> Incidentally Salvatore's tes
Hi,
On 06/07/2020 19:11, Sylvain Beucler wrote:
> Do we have definite info on what versions are affected?
>
> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>
> Incidentally Salvatore's test now yields an error in bullseye
> (5.8dfsg-3), though I
-u testuser -a SHA -A
testpass -x AES -X testpass 127.0.0.1 1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7
Error in packet.
Reason: (genError) A general failure occured
Cheers!
Sylvain Beucler
Debian LTS Team
control: severity -1 important
thanks
elog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-11065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11065
https://github.com/gradle/gradle/pull/8927
Cheers!
Sylvain Beucler
s/27
https://gitlab.gnome.org/GNOME/evolution-ews/issues/36
https://bugzilla.redhat.com/show_bug.cgi?id=1678313
Note: depends on evolution-data-server patch
Cheers!
Sylvain Beucler / Debian LTS
Uploaded to jessie-security.
Hi,
FYI I prepared a patch for jessie, see:
https://lists.debian.org/debian-lts/2019/02/msg00164.html
For stretch, it is worth noting that the fix depends on whether mysql or
mysqli is enabled, whether open_basedir is in effect, and whether we're
protecting against user SQL queries or
Package: libnss-mysql-bg
Version: 1.5-3+b1
Followup-For: Bug #729986
Confirmed here, I just lost two evenings tracing down a weird rsync
issue at Gna(.org) down to this.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641404 sheds some
light on the patch's purpose.
I guess it was tested with
Package: libsfml-dev
Version: 1.6+dfsg1-2+b1
Severity: serious
Justification: Policy 2.2.1
Hi,
In the SFML fonts tutorial, it is mentioned that SFML provides a
default built-in one, which is Arial with a character size of 30.
http://sfml-dev.org/tutorials/1.6/graphics-fonts.php
The file is
Tested, new package 1.0.1-1 that uses libvlc5 works fine. Closing bug. :-)
Neat, thanks for testing.
Enjoy the game :)
--
Sylvain
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
1h too late - I actually just uploaded 1.0.1 which uses newer libvlc,
please test when it's built for your architecture :)
- Sylvain
On Fri, Jul 02, 2010 at 06:09:50PM -0400, Chris wrote:
Package: cytadela
Version: 1.0.0-2
Severity: grave
Justification: renders package unusable
cytadela
The idea to place it in _contrib_ (not in 'non-free') makes sense to
me.
Placing it in 'main' encourages DDs to add more non-modifiable data
there.
If the tools to modify were lost, then users are locked anyway.
Similarly we wouldn't place executable binaries in 'main' if people
had lost the
OK, so as far as I understand, we'd better pass '-dSAFER -P-' to
'ps2pdf' (which is AFAICS the only ghostscript script that's used in
page-crunch).
David, what do you think?
- Sylvain
On Tue, Jun 01, 2010 at 11:14:06AM +1000, Paul Szabo wrote:
Package: page-crunch
Severity: grave
Tags:
Thanks, I already identified the bug and I think I'll make a new
upstream release.
- Sylvain
- Forwarded message from Bruno Haible br...@clisp.org -
Date: Tue, 20 Apr 2010 00:29:29 +0200
From: Bruno Haible br...@clisp.org
To: bug-gnu...@gnu.org
Cc: Sylvain Beucler b...@beuc.net
Subject
Hi,
Any progress?
--
Sylvain
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
.
-- no debconf information
--- automake1.10-1.10.1/debian/changelog
+++ automake1.10-1.10.1/debian/changelog
@@ -1,3 +1,11 @@
+automake1.10 (1:1.10.1-4) stable-security; urgency=high
+
+ [ Sylvain Beucler ]
+ * Fix CVE-2009-4029, which created world-writable directories in
+distribution tarballs
Note: the patch comes from:
http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
--
Sylvain
signature.asc
Description: Digital signature
Hi,
Any progress on that RC issue?
For the record, I saw that there were commits towards v2.0 (9/2009):
http://svn.debian.org/wsvn/debtorrent/debtorrent/trunk/debian/changelog
but they do not reference this particular bug.
--
Sylvain
@BSP2010
signature.asc
Description: Digital signature
Hi,
The 'lam' package uses the AC_LIBLTDL_CONVENIENCE macro, which forces
the use of the bundled copy. It only supports
--disable-ltdl-convenience which just produces an error (this package
needs a convenience libltdl). Note that this is a libtool 1.5
feature, not libtool 2 (where it's
Package: slapd
Severity: normal
When you use:
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/
slapd converts slapd.conf to /etc/ldap/slapd.d/ .
So it's possible that both are not desync'd on your system, and that
only slapd.conf is a valid configuration.
Can you precise what errors
On Tue, Dec 15, 2009 at 01:31:30PM +0100, Sylvain Beucler wrote:
Patched package available at:
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=tla
Ben noticed that part of the bundled libexpat was still used.
I missed 2 -I ../lib/expat occurrences, I'll upload a new
by Sylvain Beucler b...@beuc.net
##
## All lines beginning with `## DP:' are a description of the patch.
-## DP: use system expat to address CVE-2009-3560 and CVE-2009-3720 DoS
-## DP: see also debian/rules, target 'clean'
+## DP: No description.
tla-1.3.5+dfsg.orig/src/tla/tla/Makefile.in
-+++ tla
Patched package available at:
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=tla
--
Sylvain
signature.asc
Description: Digital signature
I'm having a look at this.
I had worked on this package a while ago, and I'm currently doing a NM
TasksSkills, so it's a pleasure ;)
--
Sylvain
signature.asc
Description: Digital signature
Package: php5-xapian
Version: 1.0.7-3.1
Severity: serious
Justification: Policy 2.3
The PHP license is incompatible with the GNU GPL license due to
strong restrictions on the usage of the term 'PHP'.
Thus combining PHP and Xapian through the php5-xapian module is
not permitted and cannot be
Package: iceweasel
Version: 3.0.5-1
Severity: grave
Tags: security
Justification: user security hole
Since Debian stable is a frozen distro, it's not uncommon to install
the official Firefox binaries when the next version of Firefox is
released, and isn't packaged in stable or backported yet.
For the latter, it would be cool if
the maintainers of the affected packages,
Vincent for latex-make
Sylvain and David for page-crunch
the Zope guys and Andreas and Fabio for zope-textindexng3
could weigh in here. I'll look at your packages, but if you already know
whether
Package: gnome
Version: 1:2.14.3.5
Severity: grave
Justification: renders package unusable
Steps to reproduce:
- put CD in drive
- click on the computer icon
- click on the cdrom drive
You get something like impossible to mount the selected volume, and in the
detailed log there is:
tla 1.3.5+dfsg-2 fails to build from source on arm, sparc, ia64 and
hppa[1].
Actually it builds, but the test suite fails on those architectures. I
reported that upstream and they're working on it.
http://lists.gnu.org/archive/html/gnu-arch-users/2006-08/msg6.html
Maybe we can drop the
39 matches
Mail list logo