OoO Peu avant le début de l'après-midi du samedi 13 décembre 2008, vers
13:47, Andreas Henriksson andr...@fatal.se disait :
I modified the upstream changeset 2148 to apply to the 0.1.1 version in
debian.
The debdiff is attached...
Hi!
Please, don't upload. I am preparing an upload. You
)
@@ -1,3 +1,10 @@
+roundcube (0.1.1-9) unstable; urgency=high
+
+ * Fix a vulnerability in preg_replace() use. Thanks to Andreas
+Henriksson for the report. Closes: #508628.
+
+ -- Vincent Bernat ber...@debian.org Sat, 13 Dec 2008 14:04:57 +0100
+
roundcube (0.1.1-8) unstable; urgency=low
OoO En ce début d'après-midi ensoleillé du samedi 13 décembre 2008, vers
15:28, Andreas Henriksson andr...@fatal.se disait :
... in other words, atleast I can't find anything wrong with it (except
for introducing some harmless whitespace damage). :)
Yeah, I did not succeed in sorting this
OoO En ce milieu de nuit étoilée du samedi 08 novembre 2008, vers 04:19,
Edward Allcutt [EMAIL PROTECTED] disait :
Package: balazar3-2d
Version: 0.1-2
Severity: grave
Justification: renders package unusable
On running balazar3 I get the following output:
* Balazar 3 * Balazar 3 lives in
OoO En ce début d'après-midi ensoleillé du samedi 04 octobre 2008, vers
15:43, Jochen Friedrich [EMAIL PROTECTED] disait :
Would it be possible to push the fix into lenny? Without it, this
particular binary package is almost unusable.
Hi!
Since the package is mostly unusable, I
reopen 498857
reopen 498477
thanks
OoO En cette nuit nuageuse du vendredi 19 septembre 2008, vers 00:53,
Thomas Viehmann [EMAIL PROTECTED] disait :
Hi Vincent,
thanks for looking into licensing issues in Debian.
How exactly is the python license GPL-incompatible?
If you scroll down a
clone 498477 -1
reassign -1 python2.4
found -1 2.4.5-5
thanks
Hi!
I propose to append this to debian/copyright:
GNU Readline
The `readline' module makes use of GNU Readline.
The GNU Readline Library is free software; you can redistribute it
and/or modify it under the
Package: libsnmp-base
Version: 5.4.1~dfsg-9
Severity: serious
Justification: Policy 2.1
Hi!
libsmi2-common contains a lot of MIB licensed under a restrictive
license. I did not look at all of them but many of them are from IETF
and are licensed in the same manner as the corresponding RFC.
Those
Package: python2.5
Version: 2.5.2-11
Severity: serious
Justification: Policy 2.1
Hi!
debian/copyright of python2.5 (and I suppose python2.4) fails to say
that some files are linked to GNU Readline:
/usr/lib/python2.5/lib-dynload/readline.so
GNU Readline is licensed under GPLv2+
Since Python
Package: libsmi2-common
Version: 0.4.7+dfsg-0.1
Severity: serious
Justification: Policy 2.1
Hi!
libsmi2-common contains a lot of MIB licensed under a restrictive
license. I did not look at all of them but most of those under ietf
directory are licensed in the same manner as the corresponding
Hi!
I have just opened two bugs against libsmi-common and libsnmp-base:
http://bugs.debian.org/498476
http://bugs.debian.org/498475
Those packages ship MIB files that are non-free (same license as IETF
RFC). However, there is no quick fix: removing those files make the
packages
Hi Thomas!
setup.py builds lxml.etree.c and lxml.objectify.c when cython is
present. Therefore, only the dependency with cython was necessary (plus
the cleaning rule). Moreover, cython is a replacement for pyrex so the
dependency on pyrex is not necessary.
I don't think this warrant
OoO En ce début de soirée du lundi 08 septembre 2008, vers 21:29, Thomas
Viehmann [EMAIL PROTECTED] disait :
#474630 (python-central-packaged twisted-core not playing well with
python-support-packaged twisted packages) does not currently seem to
affect packages (nevow which prompted the bug to
OoO La nuit ayant déjà recouvert d'encre ce jour du vendredi 29 août
2008, vers 23:50, David Symons [EMAIL PROTECTED] disait :
Here is a patch to fix this issue.
Hi Vincent,
Thanks for the patch. I've incorporated it and uploaded here:
- URL:
OoO Vers la fin de l'après-midi du samedi 30 août 2008, vers 16:12,
David Symons [EMAIL PROTECTED] disait :
If you want, you can set urgency=high since this fixes a security issue.
Done - and reuploaded to mentors.d.n.
OK, uploaded.
--
panic(IRQ, you lose...);
2.2.16
tags 496381 + patch
thanks
Hi!
Here is a patch to fix this issue.
diff --git a/plait b/plait
index da29326..4631565 100755
--- a/plait
+++ b/plait
@@ -498,16 +498,18 @@ querystream ()
if test $ORDER = random
then
+tmpfile=$(mktemp)
cat $HOME/.plait/playlist.m3u | awk
Hi!
I have uploaded an NMU with this fix in delayed+4. Feel free to prepare
a new version with the fix if you want. I can upload it for you. My
upload will appear here shortly:
http://people.debian.org/~djpig/delayed/
http://people.debian.org/~djpig/delayed.html
--
No fortunes found
tags 496384 + patch
thanks
Here is a patch for this issue. I use a temporary directory to let the
user find the backup file if needed.
--- bin/rrdedit.in~ 2004-06-05 02:32:17.0 +0200
+++ bin/rrdedit.in 2008-08-27 20:57:49.0 +0200
@@ -24,17 +24,19 @@
exit
fi
OoO En cette nuit nuageuse du mardi 26 août 2008, vers 00:27, Sven
Dowideit [EMAIL PROTECTED] disait :
do I need to find and contact (and bribe with beer?) someone to
'convince release-manager'?
Bribing with a beer will surely work. You can also just write to
[EMAIL PROTECTED]
OoO En ce début d'après-midi ensoleillé du dimanche 24 août 2008, vers
15:33, Sven Dowideit [EMAIL PROTECTED] disait :
I've finally placed a new twiki 4.1.2-4 deb at
http://distributedinformation.com/TWikiDebian/twiki_4.1.2-4_i386.changes
I have put the session files into
OoO Pendant le temps de midi du samedi 16 août 2008, vers 12:36, Sven
Dowideit [EMAIL PROTECTED] disait :
frustratingly, I'm not a DD
and Worse. I have an emergency update to TWiki for a security issue that
needs fixing for Lenny, but I have no DD to help me upload it
Anyone here willing
tags 481145 + pending
tags 481376 + pending
thanks
OoO En cette soirée bien amorcée du vendredi 16 mai 2008, vers 22:10, je
disais:
Thanks for spotting this problem. Depending on tinymce 3 would mean
that new version will never hit testing. I try a simple modification to
make roundcube
OoO En cette fin de nuit blanche du mercredi 14 mai 2008, vers 06:16,
Michael Pitra [EMAIL PROTECTED] disait:
Package: roundcube-core
Version: 0.1.1-3
Severity: grave
Justification: renders package unusable
If tinymce is installed in the latest version (3.0.8-1), then roundcube is
not
OoO La nuit ayant déjà recouvert d'encre ce jour du dimanche 27 avril
2008, vers 23:01, je disais:
I think that this patch is the less invasive change that we can do.
Hi Matthias!
Do you agree with the proposed patch?
--
No fortunes found
pgptdcbrWYB5r.pgp
Description: PGP signature
Hi!
Josselin, Sam, Christopher and glyph, I put you on copy of this mail
since I don't know if you are subscribed to this bug. Sorry for any
inconvenience.
OoO La nuit ayant déjà recouvert d'encre ce jour du vendredi 25 avril
2008, vers 23:41, [EMAIL PROTECTED] disait:
To be honest
OoO En cette soirée bien amorcée du dimanche 27 avril 2008, vers 22:07,
[EMAIL PROTECTED] disait:
To summarize:
- we can fix the problem in python-nevow by using python-central
instead of python-support. I am OK with this but this won't fix other
potential packages that use
OoO Pendant le journal télévisé du vendredi 25 avril 2008, vers 20:02,
Bastian Blank [EMAIL PROTECTED] disait:
Format: 1.8
Date: Fri, 25 Apr 2008 17:52:00 +
Source: debian-archive-keyring
Binary: debian-archive-keyring debian-archive-keyring-udeb
Architecture: source all
Version:
with a patch from Chris Lamb (Closes: #475208).
+
+ -- Vincent Bernat [EMAIL PROTECTED] Sat, 19 Apr 2008 07:48:51 +0200
+
bless (0.5.2-1.1) unstable; urgency=low
* Non-maintainer upload from BSP Zurich.
only in patch2:
unchanged:
--- bless-0.5.2.orig/debian/patches/ftbfs-gcc4.3.patch
+++ bless
severity 476225 minor
tags 476225 + patch
thanks
Hi Raphael!
I downgrade the severity of this bug since turbogears is now installable
again. Your fix is still current though and I turn it into a patch
attached to this message. I have also removed the dependency for
reassign 474630 python-support
thanks
OoO Peu avant le début de l'après-midi du mardi 15 avril 2008, vers
13:18, Matthias Klose [EMAIL PROTECTED] disait:
this is not a bug in python-twisted-core; it is known that the
installation of modules/plugins in two different directories in
Package: libgpmg1
Version: 1.20.3~pre3-1
Severity: serious
Tags: patch
Justification: FTBFS
Hi !
When building gpm from source, I get:
autoconf
./configure --prefix=/usr --sysconfdir=/etc
make: execvp: ./configure: Permission denied
Building again solves the problem. Attached a very simple
Hi !
I have tested with a current IE7 and the XSS problem appears despite
having applied the patch.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
OoO En ce début de soirée du vendredi 28 décembre 2007, vers 21:45, je
disais:
I found Squirrelmail's solution. They seem to use one function for every
possible tag in the HTML source:
http://osdir.com/ml/mail.squirrelmail.cvs/2006-12/msg00031.html
I'll try to implement that, and/or
Package: python-paramiko
Version: 1.7.1-1
Severity: grave
Tags: security
Justification: user security hole
Hi !
Using paramiko with threads or multiple forking processes may lead to
data leak. You can find the explanation and a patch here:
Package: virtualbox-ose
Version: 1.5.4-dfsg-1
Severity: grave
Justification: causes non-serious data loss
Hi !
When upgrading from 1.5.2 to 1.5.4, virtual hosts cannot be restored
from saved states or snapshots. Since many people may rely on this
functionality to save important data, I think
OoO En ce milieu de nuit étoilée du mercredi 12 décembre 2007, vers
03:46, Micah Anderson [EMAIL PROTECTED] disait:
CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and
earlier. Its only affects users of IE who are using roundcube, so it may
seem unimportant, but the sad fact
OoO En cette matinée pluvieuse du samedi 17 novembre 2007, vers 10:38,
Michal Politowski [EMAIL PROTECTED] disait:
Package: unoconv
Version: 0.3-1
Severity: serious
Justification: Policy 10.1
Unoconv and odt2txt both install /usr/bin/odt2txt
Hi Nelson,
I have just uploaded unoconv
OoO En cette fin de matinée radieuse du samedi 17 novembre 2007, vers
11:45, je disais:
I have just uploaded unoconv which is a text converter based on
OpenOffice. It provides a binary called odt2txt which conflicts with the
one of your package.
Can we rename each of our binary
reassign 451601 python-uno
found 451601 1:2.3.0.dfsg-1
thanks
OoO Peu avant le début de l'après-midi du samedi 17 novembre 2007, vers
13:17, Florian Cramer [EMAIL PROTECTED] disait:
Package: unoconv
Version: 0.3-1
Severity: grave
Justification: renders package unusable
Upon startup - and
OoO En cette nuit striée d'éclairs du dimanche 14 octobre 2007, vers
02:38, Jonas Smedegaard [EMAIL PROTECTED] disait:
I suppose that you did use sqlite as database backend ?
Nope - mysql.
Sorry that I didn't mention that.
I did test for each database with dbconfig-common 1.8.33. So I
tags 446500 + moreinfo unreproducible
thanks
OoO En ce doux début de matinée du dimanche 14 octobre 2007, vers 08:55,
je disais:
I did test for each database with dbconfig-common 1.8.33. So I suppose
that we can depend on this version. However, I have two Etch boxes where
roundcube works
OoO Vers la fin de l'après-midi du samedi 13 octobre 2007, vers 16:33,
Jonas Smedegaard [EMAIL PROTECTED] disait:
Installing this package on an Etch system fullfills all dependencies,
but fails to initialize a database.
Backporting a newer version of dbconfig-common makes the installation
Just a quick note about this bug: this is not as easy as chmoding the
file. The security bug here is that the file is the same for everyone so
a man in the middle is possible with the actual configuration.
I'd like to provide a way to generate a new RSA key at installation:
openssl genrsa
Package: ca-certificates
Version: 20070303
Severity: critical
Justification: breaks unrelated software
Hi !
The severity may be a bit severe, but the addition of CAcert.org Class
3 certificate really breaks unrelated software that used the other
certificate. The root certificate was located at
from rules script
+ * Start aiccu after networking
+ * Start aiccu on postinst
+ * Support of po-debconf
+
+ -- Vincent Bernat [EMAIL PROTECTED] Sat, 20 Jan 2007 08:57:30 +0100
+
aiccu (20070115) stable; urgency=medium
* Fixup in Debian init script (based on original patch by Bernhard Schmidt
Package: proftpd
Version: 1.3.0-1
Severity: serious
Justification: Policy 10.7.3
After upgrading to 1.3.0-1, my previous proftpd.conf has been erased.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:
Package: xautolock
Version: 1:2.1-6
Severity: grave
Justification: renders package unusable
Because xautolock install binaries in /usr/X11R6/bin, it now conflicts
with x11-common and therefore is uninstallable. See #362524 and
#362200.
-- System Information:
Debian Release: testing/unstable
OoO En cette fin de matinée radieuse du jeudi 26 janvier 2006, vers
11:57, je disais:
I have just upgraded to 0.6.4-1 and the bug is still here.
This seems to be fixed in 0.6.5-1.
--
BOFH excuse #148:
Insert coin for new game
pgpLhZRbRjaRN.pgp
Description: PGP signature
Package: racoon
Version: 1:0.6.4-1
Followup-For: Bug #341398
I have just upgraded to 0.6.4-1 and the bug is still here.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
OoO Vers la fin de l'après-midi du vendredi 16 décembre 2005, vers
16:14, Aidas Kasparas [EMAIL PROTECTED] disait:
If you get racoon to disapear, please run under gdb, add -F
option (to stay in foreground) and post backtrace.
Racoon does not disappear. Here is however what I
Aidas,
Here is a configuration that fails with a stock 2.6.12 debian kernel.
,[ /etc/racoon/racoon.conf ]
| path pre_shared_key /etc/racoon/psk.txt;
|
| remote 138.231.148.1
| {
| exchange_mode main;
| proposal {
| encryption_algorithm 3des;
|
Package: udev
Version: 0.074-1
Followup-For: Bug #337881
reopen #337881
thanks
This bug is still present in 0.074-1. The same work-around applies.
-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 24
lrwxrwxrwx 1 root root 20 2005-04-10 14:12 020_permissions.rules -
Package: libdevmapper1.01
Version: 2:1.01.04-2
Followup-For: Bug #323413
Hello,
I have the same error on a 2.6.13 but this is due to the fact that
devfs has been dropped : initrd configuration relies on devfs and I
use cryptsetup in an initrd. Therefore, libdevmapper is unable to find
Package: unison
Version: 2.13.16-1
Severity: grave
Justification: renders package unusable
WHen trying to sync with unison :
zsh: command not found: unison-2.13.16-gtk
Fatal error: Lost connection with the server
I use unison and not unison-gtk.
-- System Information:
Debian Release:
OoO En cette matinée ensoleillée du jeudi 18 août 2005, vers 09:18,
Francesco Paolo Lovergine [EMAIL PROTECTED] disait:
Shouldn't this bug be tagged security ? Moreover, since it is marked
as closed in the BTS, will it be tracked correctly in the future ?
Being now enabled versioning in
OoO En cette matinée pluvieuse du lundi 25 juillet 2005, vers 10:42,
Francesco P. Lovergine [EMAIL PROTECTED] disait:
I pointed both bugs at the very start of july (or end of june?)
to both stable and testing secteams and sent at least 3 mails about the topic
with patches and analysis for
Package: kismet
Version: 2005.07.R1a-1
Severity: critical
Tags: security
Justification: root security hole
2005.08.R1 fixes some security holes related to mangled SSID and bad
pcap files.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990,
reopen #318220
thanks
OoO Pendant le temps de midi du jeudi 14 juillet 2005, vers 12:18,
[EMAIL PROTECTED] (Debian Bug Tracking System) disait:
- Works with tla 1.3.1 and newer. closes: #318220.
With tla from unstable, I still get :
[2005-Jul-16 12:22:03] executing: 'tla' '--version'
Package: archzoom
Version: 0.5.0+patch-302-1
OoO Pendant le temps de midi du jeudi 14 juillet 2005, vers 12:18,
[EMAIL PROTECTED] (Debian Bug Tracking System) disait:
* Tighten libarch-perl dependency to =0.5.0+patch-167-1.
The dependency is in fact =0.5.0-patch-167-1 (an hyphen instead
Package: archzoom
Version: 0.5.0-1
Severity: grave
Justification: renders package unusable
The 1.3.3 version of tla from unstable seems incompatible with
archzoom. Any attempt to get a page drives to :
[2005-Jul-14 08:38:25] executing: 'tla' '--version'
[2005-Jul-14 08:38:25] Unexpected 'tla
301 - 360 of 360 matches
Mail list logo