Bug#306877: mysql-server: debian-sys-maint shouldn't have ALL PRIVILEGES

Package: mysql-server Version: 4.0.24-5 Severity: grave Tags: security Justification: user security hole The debian-sys-maint user is setup in the postinst to have mostly ALL PRIVILEGES, WITH GRANT, even. As I understand it (and as the README.Debian documents), the debian-sys-maint user is

Bug#307548: postfix-mysql: local delivery broken with proxymaps

Package: postfix-mysql Version: 2.1.5-9 Severity: grave Justification: renders package unusable When you configure a chrooted smtpd server and have mysql lookup maps, behind the proxymap service, you end up having problems with either local delivery or access to the maps in smtpd. *** Problem

Bug#401454: bmpx: exception when accepting albums

Package: bmpx Version: 0.32.0-1 Severity: grave Justification: renders package unusable Hi, Here I can't really use bmpx to listen to my (moderatly big) mp3/ogg library. After scanning my mp3 directory, bmpx asks me to accept it, i click on accept all (or something like that) and it crashes

Bug#362656: firefox: Serveral security vulnerabilities fixed in Firefox 1.5.0.1

Package: firefox Version: 1.5.dfsg+1.5.0.1-4 Severity: grave Tags: security Justification: user security hole It's that time of the year (month?) again: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.2 MFSA 2006-29 Spoofing with translucent windows MFSA

Bug#386901: python2.3: cannot upgrade to python 2.3.5 from 2.4.1: pyversions not found

Package: python2.3 Version: 2.3.5-15 Severity: grave Justification: renders package unusable I installed etch using the daily netinst snapshot and a retarded mirror, and now i'm syncing with the recent packages. Python 2.4 refuses to install itself because some python-gnome librairies complain

Bug#367221: quodlibet: problem with pygst still happening

Package: quodlibet Version: 0.22-2 Followup-For: Bug #367221 quodlibet still refuses to start here. I do not know what virtual-python is, but I don't think I have it installed. I think the problem is due to the python transition: [EMAIL PROTECTED]:~$ quodlibet Traceback (most recent call last):

Bug#493573: no hang for me

I cannot reproduce this bug here: mumia:/home/anarcat# /etc/init.d/apache2 start Starting web server: apache2[Sat Aug 16 10:20:04 2008] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results [Sat Aug 16 10:20

Bug#495122: RC unblock?

Does this require unblocking from the debian-release@ team? It seems that it packages a new upstream which is against freeze policy. It would probably be better to package this patch instead: http://drupal.org/files/sa-2008-047/SA-2008-047-5.9.patch -- The United States is a nation of laws:

Bug#391935: did anyone tried contacting xensource?

Maybe there's a way to get an exception here. Other distributions should also be contacted to coordinate and seek help. A. -- Arrêtez les bombardements | Stop the bombings | Pare los bombardeos Arrêtez le génocide| Stop the genocide | Pare los genocide Anti-guerre|

Bug#495122: NMU package available

This would probably need sponsorship of some sort: http://debian.koumbit.net/debian/dists/testing-security/main/source/web/drupal5_5.9-1~lenny1.dsc debdiff: http://paste.debian.net/14921/ Some concerns were voiced that the blogapi.install modifications were introducing unrelated additionnal

Bug#495122: fixed NMU

I somehow screwed up on that NMU: * it doesn't have the right version: 5.9-1~lenny1 5.9-1 * it included the _orig source, which caused a REJECT notice from ries * it didn't include the magic NMU string in the changelog * it didn't include a Closes statement with this bug # I just fixed

Bug#474951: another workaround

That works for now: server.errorlog= /dev/null -- VBscript: la simplicité du C, la puissance du BASIC - Mathieu Petit-Clair signature.asc Description: Digital signature

Bug#469221: apt-listchanges: lenny problem confirmation

Package: apt-listchanges Followup-For: Bug #469221 I confirm the problem under lenny and the workaround of purging and reinstalling the package. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux

Bug#447314: puppetmaster: permission denied on /var/run

On Sat, Oct 20, 2007 at 11:06:07AM +1000, Matthew Palmer wrote: On Fri, Oct 19, 2007 at 08:19:31PM -0400, The Anarcat wrote: The fix is simple, and should be part of the postinst (or simply in debian/rules): mkdir /var/run/puppet chown puppet:puppet !$ This fix won't work, because

Bug#447314: puppetmaster: permission denied on /var/run

Package: puppetmaster Version: 0.23.2-11 Severity: grave Justification: renders package unusable When starting puppetmasterd for the first time (after creating a proper site.pp), I'm getting this error message: Restarting puppet configuration management tool master

Bug#538822: dash: here too

Package: dash Version: 0.5.4-12 Followup-For: Bug #538822 Upgrading from lenny here: anar...@lenny$ ls -al /bin/sh lrwxrwxrwx 1 root root 9 mai 31 2006 /bin/sh - /bin/dash I *may* have broken that symlink before. I would expect dash to gracefully recover from this nonetheless. Even if I

Bug#581265: why not in squeeze?

I do not see in the URL mentionned earlier why we shouldn't ship squeeze with Chromium. It's a massively popular web browser which doesn't suffer from the trademark issues Firefox and the Mozilla foundation spawned on Debian (and now Fedora, btw). If there are security concerns in Chromium, that

Bug#567039: Shouldn't this be filed upstream?

Has the upstream maintainer been contacted so that everyone benefits from the security fix? Thanks, -- Quidquid latine dictum sit, altum sonatur. Whatever is said in Latin sounds profound. signature.asc Description: Digital signature

Bug#521227: irssi-plugin-xmpp: still happens here

Package: irssi-plugin-xmpp Version: 0.50+cvs20100122-1 Severity: normal Tags: patch I still see this problem here right now, from time to time. It's pretty hard to reproduce, I'd say one out of 10 times I see this behaviour. I have been able to produce the following backtrace: Program received

Bug#562757: nfs-common: isn't the issue with portmap?

Package: nfs-common Version: 1:1.2.1-1 Severity: normal Hum. Isn't this issue a question of portmap/statd interoperability? It was duly noted here that the issue is that statd now tries to connect to portmap through IPv6 instead of behaving normally. That seems to be the core issue for me here

Bug#446405: ardour: libsndfile status update?

Package: ardour Followup-For: Bug #446405 what's the status on the libsndfile upstream release here? it seems like sid has the latest libsndfile, is that okay now with Ardour? too bad this kept ardour out of lenny... -- System Information: Debian Release: lenny/sid APT prefers testing APT

Bug#446405: marked as done (ardour: Embeds too many libs)

On Thu, Dec 18, 2008 at 07:49:17PM +0100, Free Ekanayaka wrote: I'm going to upload a second revision, it will have less embedded libs: /usr/lib/ardour2/engines/libclearlooks.so /usr/lib/ardour2/libardour_cp.so /usr/lib/ardour2/libardour.so /usr/lib/ardour2/libgtkmm2ext.so

Bug#595728: upload to -security?

Hi, Seems to me this is a regression from the last security upgrade. Shouldn't we just publish a new version to -security and be done with it? Seems to me volatile is not sufficient, as it's not necessarily followed by everybody that got hit by this (critical) bug. I have seen numerous such

Bug#595728: upload to -security?

On Wed, Sep 22, 2010 at 12:59:02AM +0300, Jonathan Nieder wrote: Hi, The Anarcat wrote: Seems to me this is a regression from the last security upgrade. [...] What am I missing here? Rather than a security advisory, it's from a stable point release, unfortunately. I understand

Bug#595728: git-core: permissions of templates too restrictive

On Wed, Sep 22, 2010 at 01:16:39AM +0300, Jonathan Nieder wrote: (+cc: previous participants) The Anarcat wrote: I understand that, but how does that keep us from issuing [an] update on security.debian.org? [...] People running stable are not necessarily running volatile and s-p-u

Bug#601161: Some links, and some thoughts

Hi, My experience with ppp on freebsd has been fairly limited, as I tried to make PPPoE work, and failed to do that because of funky netgraph problems, see: http://www.mail-archive.com/debian-...@lists.debian.org/msg05960.html and:

Bug#616662: new version available, test again?

A new version of the chromium-browser package was uploaded (11.0.696.68~r84545-2) - maybe you can try again? -- The United States is a nation of laws: badly written and randomly enforced. - Frank Zappa signature.asc Description: Digital signature

Bug#627337: can we close this?

Can we just change the timeout for this build test or just close this issue? This is the last blocker to get the v8 security updates (#617418) and also from v8 and chromium-browser to finally hit testing (updating from 6 to 10!!) Thanks! A. -- Antoine Beaupré +++ Réseau Koumbit Networks +++

Bug#616662: new version available, test again?

On Sun, Jun 05, 2011 at 11:42:48AM +0100, Adam D. Barratt wrote: You need to CC the submitters, not just the bug addresses. Note taken. In any case, the current package FTBFS on armel still - see

Bug#697722: working on a NMU?

Anyone working on an upload? I'd be ready to help with this or do a straight out NMU.. By the way, it seems the git repo for the package is totally out of date... Anyone still working on that? A. -- Man really attains the state of complete humanity when he produces, without being forced by

Bug#685632: trying to prepare a delayed upload

Hi, This seems like a simple thing to fix, I will try to prepare an upload now. A. -- In god we trust, others pay cash. - Richard Desjardins, Miami -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact

Bug#680235: debirf: wheezy minimal image segfaults during boot

On Sun, Sep 30, 2012 at 12:01:18AM -0400, Micah Anderson wrote: I just downloaded your two files and did the kvm command that you provided and I did not get the segfault, rather it booted up to this: /proc/cmdline: No such file or directory Debian GNU/Linux wheezy/sid (none) tty1

Bug#558784: any progress on apt-key update (#558784)?

tag 558784 + patch thanks Any progress here? This is still a critical bug blocking the wheezy release yet it hasn't seen any progress even though there is a patch waiting... Nobody seemed to express any explicit concern with the patch, why shouldn't we just go ahead and NMU that? A. -- The

Bug#680236: debirf: fails to generate minimal image of wheezy on wheezy as a normal user

I think this is done since #596284 has been fixed. At least I cannot reproduce this bug in wheezy with 0.33 or 0.32. I am therefore closing this bug, with many thanks to the original reporter and maintainer. A. -- La guerre, c'est le massacre d'hommes qui ne se connaissent pas, au profit

Bug#681654: About kstars-data-extra-tycho2 distributability

tags 681654 - fixed-upstream thanks On Thu, Aug 30, 2012 at 07:33:38PM +0100, Noel David Torres Taño wrote: date: Thu, 23 Aug 2012 10:52:43 +0200 from: HOTLINE-DU-CDS Non-Nominatif (UDS) cds-quest...@unistra.fr to: Noel David Torres Taño env...@rolamasao.org, HOTLINE-DU-CDS Non-Nominatif

Bug#688785: xbmc: Fatal: can't open /dev/urandom: Bad address

tags 688785 +unreproducible thanks I am running xbmc under wheezy with this exact same version without problems. A. -- The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by

Bug#703298: affects only ubuntu?

Control: notfound -1 1.9-1 Version: 1:1.11.3-1ubuntu2 Wait - this is an Ubuntu version of the package - can you test this again in Debian? I would be very surprised if automake fails to build in Debian as this point, as we are in a freeze and automake hasn't been changed since july 2012. So if

Bug#680626: update report on python wheezy upgrade problems?

This bug is blocking release, is it still happening? This has been opened more than 6 months ago... A. -- Si Dieu existe, j'espère qu'Il a une excuse valable - Daniel Pennac signature.asc Description: Digital signature

Bug#711071: uploading

Control: tags -1 +pending Control: tags -1 -patch Hi, I'll upload that patch now, but i think this issue needs to remain opened until bitlbee is ported. this is just a crude workaround... a. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe.

Bug#765525: gitweb broken by libcgi-pm-perl 4.06-1

So I believe this bug report affecting jessie won't be automatically fixed by the migration because of the freeze. In essence, gitweb is totally broken in Jessie right now, and we need an unblock request to fix that. However, the upload done to unstable to fix this breaks the freeze policy

Bug#809136: borgbackup: Mention API incompatibilities in README

On Mon, Jan 11, 2016 at 01:46:48PM +0100, Danny Edel wrote: [...] > Please state whether you think this (write README and hope user actually > reads it) is an appropriate solution to the compatibility problem, > meaning we could close the bug this way. [...] > [2]: >

Bug#807735: gmpc-plugins: FTBFS: libmpd-internal.h:210:10: error: expected identifier or '(' before '__extension__'

Control: tags -1 +patch So how about just disabling jamendo as a quick fix? --- debian/rules.orig 2016-04-13 11:29:24.570556456 -0400 +++ debian/rules2016-04-13 11:29:26.214556530 -0400 @@ -9,7 +9,7 @@ dh $@ --with autoreconf override_dh_auto_configure: -

Bug#821483: drush will be removed from Debian

Hi, In #823767, I have requested from the FTP-masters that Drush be removed from Debian. In the ~9 months since it was orphaned, no one stepped up to start maintaining the Drush package, let alone update it to a current version. There was some movement on the Ubuntu side of things (also in CC),

Bug#806034: gmpc: FTBFS when built with dpkg-buildpackage -A (No such file or directory)

On Wed, Aug 03, 2016 at 07:55:10AM +0100, Simon McVittie wrote: > On Sun, 29 May 2016 at 15:12:12 +0200, Etienne Millon wrote: > > Here's a patch that fixes the issue. > > Please prepare a proposed upload, I'd be happy to sponsor it. > > Alternatively, if you intend for pkg-mpd team members to

Bug#810506: Upload of linux-grsec to jessie-backports?

On Mon, Apr 25, 2016 at 08:19:42AM +0200, Yves-Alexis Perez wrote: > On lun., 2016-04-25 at 05:45 +, Amarildo Júnior wrote: > > Any news? > > Stay tuned? As already said I was waiting on the kernel to become eligible for > migration. This happened two days ago, so I'll prepare a

Bug#848139: CVE-2016-8707 ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability

Here's a patch for wheezy, which may be useful for jessie if, like wheezy, it lacks the ReadYCCKMethod case. From e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0 Mon Sep 17 00:00:00 2001 From: Cristy Date: Thu, 1 Dec 2016 20:06:50 -0500 Subject: [PATCH] Fix possible

Bug#859655: golang-go.crypto: CVE-2017-3204

Control: user -1 debian-rele...@lists.debian.org Control: usertags -1 bsp-2017-04-ca-montreal Control: tags -1 +patch I looked into this during the Montreal BSP, and it's unclear what we should do here, considering there has been multiple new uploads since the stretch freeze. The patch is

Bug#860287: libosip2: CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853

Control: fixed -1 4.1.0-2.1 Control: tags -1 +pending I have made a NMU (diff in #860345) to fix this in sid/stretch, the patches apply fairly cleanly, and since it's the same version in jessie, it should be trivial to backport there... I forgot to mention the bug # in the NMU, unfortunately...

Bug#857992: openjdk-8-jre-headless: please add Breaks: tzdata-java

user debian-rele...@lists.debian.org usertags 857992 bsp-2017-04-ca-montreal thanks On Mon, Apr 10, 2017 at 12:28:07PM +0200, Andreas Beckmann wrote: > Control: severity -1 serious > > On 2017-03-17 00:33, Andreas Beckmann wrote: > > I haven't rebuilt openjdk-8 to test whether this actually

Bug#885699: smokeping: symbolic link to smokeping.cgi missing

Control: tags -1 +pending Control: severity -1 normal On Fri, Dec 29, 2017 at 10:48:43AM +0100, Sigbjorn Kjetland wrote: > Dear Maintainer, > >* What led up to the situation? > I am installing smokeping on a new server to replace old smokeping server > I have configured and restarted

Bug#889281: dokuwiki: CVE-2017-18123: reflected file download vulnerability

Hi, I have tested an update of the jessie package and things seem to work fine after merging the patch from upstream during a smoketest of a clean jessie VM. Attached is the debdiff to complete the update. A. diff -Nru dokuwiki-0.0.20140505.a+dfsg/debian/changelog

Bug#887750: pam-python: diff for NMU version 1.0.6-1.1

Dear maintainer, I've prepared an NMU for pam-python (versioned as 1.0.6-1.1) and uploaded it to DELAYED/0. Please feel free to tell me if I should delay it longer. Regards. -- diff -Nru pam-python-1.0.6/debian/changelog pam-python-1.0.6/debian/changelog --- pam-python-1.0.6/debian/changelog

Bug#903698: sphinxbase: build appears broken for multiple python3 versions

user debian-rele...@lists.debian.org usertag nn + bsp-2019-01-ca-montreal tags -1 -patch +moreinfo thank you On Thu, Jan 03, 2019 at 10:16:13AM +0100, Samuel Thibault wrote: > Oops, this bug was erroneously closed

Bug#917492: fam: diff for NMU version 2.7.0-17.3

Control: tags 917492 + pending Dear maintainer, I've prepared an NMU for fam (versioned as 2.7.0-17.3) and uploaded it to DELAYED/0. Please feel free to tell me if I should delay it longer. Regards. -- diff -u fam-2.7.0/debian/changelog fam-2.7.0/debian/changelog ---

Bug#919217: Acknowledgement (Missing dependency on devscripts)

tags 919217 +pendingo user debian-rele...@lists.debian.org usertag 919217 + bsp-2019-01-ca-montreal thanks On Mon, Jan 14, 2019 at 09:27:08PM +0100, Jeroen Dekkers wrote: > Control: tag -1 +patch > >

Bug#915307: magic-wormhole FTBFS with Python 3.7

Control: fixed 915307 0.11.2-1 I believe the latest upstream release fixes that, or at least it compiles here in a sid schroot with py 3.7. I meant to fix this in the changelog but forgot about it before doing the upload... :/ Thanks for the heads up though! signature.asc Description: PGP

Bug#942114: ganeti-instance-debootstrap: diff for NMU version 0.16-6.1

Control: tags 942114 + pending Dear maintainer, I've prepared an NMU for ganeti-instance-debootstrap (versioned as 0.16-6.1) and uploaded it to DELAYED/02. Please feel free to tell me if I should delay it longer. Regards. diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog

Bug#941638: docopt: diff for NMU version 0.6.2-2.1

Control: tags 941638 + pending Dear maintainer, I've prepared an NMU for docopt (versioned as 0.6.2-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. diff -Nru docopt-0.6.2/debian/changelog docopt-0.6.2/debian/changelog ---

Bug#1053483: hash-slinger: diff for NMU version 3.1-1.2

Control: tags 1053483 + pending Dear maintainer, I've prepared an NMU for hash-slinger (versioned as 3.1-1.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. I didn't find a recent copy of the source code on Salsa as well, otherwise I would have submitted

Bug#987008: grub2: diff for NMU version 2.06-8.1

if you will followup with an unstable update or I should. A copy of the package is also available at: https://people.debian.org/~anarcat/debian/sid/grub2_2.06-8.1_amd64.changes (and yes, I am aware this makes it possible to bypass the DELAYED queue, which is partly why it's targeting experimental

Bug#1032287: python-qrencode: diff for NMU version 1.2-5.1

Control: tags 1032287 + pending Dear maintainer, I've prepared an NMU for python-qrencode (versioned as 1.2-5.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Regards. -- diff -Nru python-qrencode-1.2/debian/changelog