Bug#570527: opencryptoki: broken symlink under /usr/lib/pkcs11
Package: opencryptoki Version: 2.2.8+dfsg-4 Severity: normal The symlinks under /usr/lib/pkcs11 point to ../opencryptoki/libopencryptoki.so but there's no such file. In practice these is /usr/lib/opencryptoki/libopencryptoki.so.0 that is symlink to libopencryptoki.so.0.0.0. # ls -l /usr/lib/pkcs11/ kokku 0 lrwxrwxrwx 1 root root 34 19. veebr 16:43 libopencryptoki.so -> ../opencryptoki/libopencryptoki.so lrwxrwxrwx 1 root root 10 19. veebr 16:43 methods -> ../../sbin lrwxrwxrwx 1 root root 34 19. veebr 16:43 PKCS11_API.so -> ../opencryptoki/libopencryptoki.so lrwxrwxrwx 1 root root 21 19. veebr 16:43 stdll -> ../opencryptoki/stdll Real applications try to use PKCS11_API.so and fail. Fixing the symlinks by hand cures the problem. The same problem exists in ubuntu 9.10, did not report it there. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=et_EE.UTF-8, LC_CTYPE=et_EE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages opencryptoki depends on: ii adduser 3.112add and remove users and groups hi libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libopencryptoki02.2.8+dfsg-4 PKCS#11 implementation for Linux ( opencryptoki recommends no packages. opencryptoki suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100219153809.6893.96360.report...@koiott.tartu-labor
ysmv7 2.9.9.1-1 MIGRATED to testing
FYI: The status of the ysmv7 source package in Debian's testing distribution has changed. Previous version: 2.9.9-2 Current version: 2.9.9.1-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1nivt3-0008fd...@ries.debian.org
opencryptoki 2.2.8+dfsg-4 MIGRATED to testing
FYI: The status of the opencryptoki source package in Debian's testing distribution has changed. Previous version: 2.2.8+dfsg-3 Current version: 2.2.8+dfsg-4 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1nivt3-0008dk...@ries.debian.org
Processing of libarchive_2.6.2-2_i386.changes
libarchive_2.6.2-2_i386.changes uploaded successfully to localhost along with the files: libarchive_2.6.2-2.dsc libarchive_2.6.2-2.diff.gz libarchive-dev_2.6.2-2_i386.deb libarchive1_2.6.2-2_i386.deb bsdtar_2.6.2-2_i386.deb bsdcpio_2.6.2-2_i386.deb Greetings, Your Debian queue daemon (running on host ries.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1niwea-0003hi...@ries.debian.org
libarchive_2.6.2-2_i386.changes ACCEPTED
Accepted: bsdcpio_2.6.2-2_i386.deb to main/liba/libarchive/bsdcpio_2.6.2-2_i386.deb bsdtar_2.6.2-2_i386.deb to main/liba/libarchive/bsdtar_2.6.2-2_i386.deb libarchive-dev_2.6.2-2_i386.deb to main/liba/libarchive/libarchive-dev_2.6.2-2_i386.deb libarchive1_2.6.2-2_i386.deb to main/liba/libarchive/libarchive1_2.6.2-2_i386.deb libarchive_2.6.2-2.diff.gz to main/liba/libarchive/libarchive_2.6.2-2.diff.gz libarchive_2.6.2-2.dsc to main/liba/libarchive/libarchive_2.6.2-2.dsc Override entries for your package: bsdcpio_2.6.2-2_i386.deb - optional utils bsdtar_2.6.2-2_i386.deb - optional utils libarchive-dev_2.6.2-2_i386.deb - optional libdevel libarchive1_2.6.2-2_i386.deb - optional libs libarchive_2.6.2-2.dsc - source libs Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1niwie-0004ds...@ries.debian.org
Bug#547047: marked as done (polipo crashes when server reply contains "Cache-Control: max-age")
Your message dated Fri, 19 Feb 2010 19:55:35 +
with message-id
and subject line Bug#547047: fixed in polipo 1.0.4-1+lenny1
has caused the Debian Bug report #547047,
regarding polipo crashes when server reply contains "Cache-Control: max-age"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
547047: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: polipo
Version: 1.0.4-1
Severity: grave
Tags: patch
Justification: renders package unusable
When polipo receives a "Cache-Control: max-age" line without a value,
it logs a parsing error but then continues to use the not-parsed value,
resulting in a segfault. It does this in several places in http_parse.c.
I have attached a stacktrace and patch that seems to
work for me. You should check that I have not missed an occurence of the
same error.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/dash
Versions of packages polipo depends on:
ii libc6 2.9-26 GNU C Library: Shared libraries
polipo recommends no packages.
polipo suggests no packages.
-- no debconf information
--- polipo-1.0.4.orig/http_parse.c
+++ polipo-1.0.4/http_parse.c
@@ -1088,9 +1088,10 @@
(v_end >= 0 ? v_end : token_end) -
token_start);
do_log(L_WARN, "\n");
+} else {
+a = atoi(buf + v_start);
+cache_control.max_age = a;
}
-a = atoi(buf + v_start);
-cache_control.max_age = a;
} else if(token_compare(buf, token_start, token_end,
"s-maxage")) {
int a;
@@ -1100,9 +1101,10 @@
(v_end >= 0 ? v_end : token_end) -
token_start);
do_log(L_WARN, "\n");
+} else {
+a = atoi(buf + v_start);
+cache_control.max_age = a;
}
-a = atoi(buf + v_start);
-cache_control.max_age = a;
} else if(token_compare(buf, token_start, token_end,
"min-fresh")) {
int a;
@@ -1112,9 +1114,10 @@
(v_end >= 0 ? v_end : token_end) -
token_start);
do_log(L_WARN, "\n");
+} else {
+a = atoi(buf + v_start);
+cache_control.max_age = a;
}
-a = atoi(buf + v_start);
-cache_control.max_age = a;
} else if(token_compare(buf, token_start, token_end,
"max-stale")) {
int a;
@@ -1124,9 +1127,10 @@
(v_end >= 0 ? v_end : token_end) -
token_start);
do_log(L_WARN, "\n");
+} else {
+a = atoi(buf + v_start);
+cache_control.max_stale = a;
}
-a = atoi(buf + v_start);
-cache_control.max_stale = a;
} else {
do_log(L_WARN, "Unsupported Cache-Control directive ");
do_log_n(L_WARN, buf + token_start,
(gdb) bt full
#0 0xb7f22b38 in *__GI_strtol_l_internal (nptr=0xb7dcefff , endptr=0x0, base=10,
group=0, loc=0xb804c380) at strtol_l.c:298
negative =
cutoff =
i =
s =
c =
Bug#560779: marked as done (polipo: DoS via overly large "Content-Length" header)
Your message dated Fri, 19 Feb 2010 19:55:35 + with message-id and subject line Bug#560779: fixed in polipo 1.0.4-1+lenny1 has caused the Debian Bug report #560779, regarding polipo: DoS via overly large "Content-Length" header to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 560779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: polipo Version: 0.9.12-1 Severity: grave Tags: security Hi, A vulnerability has been found in polipo that allows a remote attacker to crash the daemon via an overly large "Content-Length" header. The vulnerability is caused by connection->reqlen (in client.c: httpClientDiscardBody()) being a signed integer which can be overflowed turning it into a negative value which later leads to a segmentation fault in the call to memmove. If you fix this vulnerability please include the CVE id in your changelog entry, when one is assigned. Please work with the security team to fix this vulnerability in the stable and oldstable releases. For further information see: http://www.exploit-db.com/exploits/10338 http://secunia.com/advisories/37607/ Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net --- End Message --- --- Begin Message --- Source: polipo Source-Version: 1.0.4-1+lenny1 We believe that the bug you reported is fixed in the latest version of polipo, which is due to be installed in the Debian FTP archive: polipo_1.0.4-1+lenny1.diff.gz to main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz polipo_1.0.4-1+lenny1.dsc to main/p/polipo/polipo_1.0.4-1+lenny1.dsc polipo_1.0.4-1+lenny1_i386.deb to main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 560...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated polipo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 17 Feb 2010 20:31:37 +0100 Source: polipo Binary: polipo Architecture: source i386 Version: 1.0.4-1+lenny1 Distribution: stable-security Urgency: high Maintainer: Denis V. Sirotkin Changed-By: Stefan Fritsch Description: polipo - a small, caching web proxy Closes: 547047 560779 Changes: polipo (1.0.4-1+lenny1) stable-security; urgency=high . [ Stefan Fritsch ] * Non-maintainer upload by the Security Team. * Backport various security related bug fixes from upstream git. * Fix segfault when server sends Cache-Control: max-age without a value (closes: #547047, CVE-2009-3305). . [ Andreas Kirschbaum ] * Apply upstream commit to fix DoS via overly large "Content-Length" header; fixes CVE-2009-4413 (closes: #560779) Checksums-Sha1: 485ac6e4844c157bd4e0ebd56302aa82e694dec6 1042 polipo_1.0.4-1+lenny1.dsc ba562906d125a6bf72dc36c2d078147d40cf8722 180487 polipo_1.0.4.orig.tar.gz 1808bdf4f47219863d7de6894af2fbab98f93500 13430 polipo_1.0.4-1+lenny1.diff.gz f253afca3c423bd3b0789db7655f9db6c7662f80 191848 polipo_1.0.4-1+lenny1_i386.deb Checksums-Sha256: 90a376437eb8e4ccde04e6cb7dc541037c69cf7fdb7a94b236456e853be96e93 1042 polipo_1.0.4-1+lenny1.dsc f6458a3ab2548280d4f5596f8d5ae60c61ddf7147ee0b3bb2d67b96da49c0436 180487 polipo_1.0.4.orig.tar.gz b4eaf56b26226f0681df3473271eb5110e4fff6acca549a5160f04e05a9aa8e8 13430 polipo_1.0.4-1+lenny1.diff.gz 9f8c0507255e42052aee2604ee8aeb7fc475f5bc1a83444046cf427722a5bd24 191848 polipo_1.0.4-1+lenny1_i386.deb Files: 4bb50ed5472fcd6b264cb89816586bbe 1042 web optional polipo_1.0.4-1+lenny1.dsc defdce7f8002ca68705b6c2c36c4d096 180487 web optional polipo_1.0.4.orig.tar.gz 4cc90f3327e4018c56b4e140cbcb2f46 13430 web optional polipo_1.0.4-1+lenny1.diff.gz 33af29a3f9e091dd6437fc3f3bfccab9 191848 web optional polipo_1.0.4-1+lenny1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iD4DBQFLfE0tbxelr8HyTqQRAmmRAJ47Hx4C3QUud/up/BzZhk8sVS4ajgCY46fY eeuA08NSfFby46IUIzFbbQ== =6XhM -END PGP SIGNATURE- --- End Message ---
Bug#570575: pydance: XS-P-V: current and Python 2.6 as default
Package: pydance Severity: important User: debian-pyt...@lists.debian.org Usertags: python2.6 Hello, This package has `XS-Python-Version: current' field in debian/control file and it builds `Architure: all' binary package containing Python modules, that were only built for the default Python version. Because of this, the binary package currently depends on `python (<< 2.6)', and thus it will need a sourceful upload after switching default version of Python to 2.6. Use of the 'current' keyword is deprecated. Please consider updating your package to not enforce a particular Python version (that happened to be the default at build time), for example by setting `XS-Python-Version' either to `>> 2.4' or `all'. Thanks! -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100219193500.7044afb...@zion.matrix.int
Descubra os seus números da sorte
- This mail is a HTML mail. Not all elements could be shown in plain text mode. - Numerologia Caso nao visualize correctamente este e-mail, por favor clique aqui Caso nao deseje voltar a receber campanhas publicitarias neste endereco de e-mail, por favor clique aqui
