Bug#578032: wdg-html-validator and xmlbeans: error when trying to install together
Package: xmlbeans,wdg-html-validator Version: xmlbeans/2.5.0-2 Version: wdg-html-validator/1.6.02-7 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2010-04-16 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: WARNING: The following packages cannot be authenticated! classpath-common openjdk-6-jre-lib ca-certificates-java tzdata-java java-common libavahi-common-data libavahi-common3 libdbus-1-3 libavahi-client3 libcups2 liblcms1 libjpeg62 libnspr4-0d libnss3-1d libfreetype6 openjdk-6-jre-headless default-jre-headless liburi-perl libhtml-tagset-perl libhtml-parser-perl libhtml-tree-perl libio-string-perl libi18n-charset-perl libjconv2 libjconv-bin libosp5 libunicode-string-perl libunicode-map8-perl libwww-perl libxml-commons-resolver1.1-java libxmlbeans-java sgml-base opensp xml-core sgml-data w3c-dtd-xhtml wdg-html-validator xmlbeans Extracting templates from packages: 78% Extracting templates from packages: 100% Authentication warning overridden. Can not write log, openpty() failed (/dev/pts not mounted?) Selecting previously deselected package classpath-common. (Reading database ... 12171 files and directories currently installed.) Unpacking classpath-common (from .../classpath-common_2%3a0.98-6_all.deb) ... Selecting previously deselected package openjdk-6-jre-lib. Unpacking openjdk-6-jre-lib (from .../openjdk-6-jre-lib_6b18-1.8-1_all.deb) ... Selecting previously deselected package ca-certificates-java. Unpacking ca-certificates-java (from .../ca-certificates-java_20100412_all.deb) ... Selecting previously deselected package tzdata-java. Unpacking tzdata-java (from .../tzdata-java_2010h-1_all.deb) ... Selecting previously deselected package java-common. Unpacking java-common (from .../java-common_0.35_all.deb) ... Selecting previously deselected package libavahi-common-data. Unpacking libavahi-common-data (from .../libavahi-common-data_0.6.25-3_amd64.deb) ... Selecting previously deselected package libavahi-common3. Unpacking libavahi-common3 (from .../libavahi-common3_0.6.25-3_amd64.deb) ... Selecting previously deselected package libdbus-1-3. Unpacking libdbus-1-3 (from .../libdbus-1-3_1.2.24-1_amd64.deb) ... Selecting previously deselected package libavahi-client3. Unpacking libavahi-client3 (from .../libavahi-client3_0.6.25-3_amd64.deb) ... Selecting previously deselected package libcups2. Unpacking libcups2 (from .../libcups2_1.4.3-1_amd64.deb) ... Selecting previously deselected package liblcms1. Unpacking liblcms1 (from .../liblcms1_1.18.dfsg-1.2+b1_amd64.deb) ... Selecting previously deselected package libjpeg62. Unpacking libjpeg62 (from .../libjpeg62_6b-16.1_amd64.deb) ... Selecting previously deselected package libnspr4-0d. Unpacking libnspr4-0d (from .../libnspr4-0d_4.8.4-1_amd64.deb) ... Selecting previously deselected package libnss3-1d. Unpacking libnss3-1d (from .../libnss3-1d_3.12.6-2_amd64.deb) ... Selecting previously deselected package libfreetype6. Unpacking libfreetype6 (from .../libfreetype6_2.3.11-1_amd64.deb) ... Selecting previously deselected package openjdk-6-jre-headless. Unpacking openjdk-6-jre-headless (from .../openjdk-6-jre-headless_6b18-1.8-1_amd64.deb) ... Selecting previously deselected package default-jre-headless. Unpacking default-jre-headless (from .../default-jre-headless_1.6-35_amd64.deb) ... Selecting previously deselected package liburi-perl. Unpacking liburi-perl (from .../liburi-perl_1.54-1_all.deb) ... Selecting previously deselected package libhtml-tagset-perl. Unpacking libhtml-tagset-perl (from .../libhtml-tagset-perl_3.20-2_all.deb) ... Selecting previously deselected package libhtml-parser-perl. Unpacking libhtml-parser-perl (from .../libhtml-parser-perl_3.65-1_amd64.deb) ... Selecting previously deselected package libhtml-tree-perl. Unpacking libhtml-tree-perl (from .../libhtml-tree-perl_3.23-2_all.deb) ... Selecting previously deselected package libio-string-perl. Unpacking libio-string-perl (from .../libio-string-perl_1.08-2_all.deb) ... Selecting previously deselected package libi18n-charset-perl. Unpacking libi18n-charset-perl (from .../libi18n-charset-perl_1.394-2_all.deb) ... Selecting previously deselected package libjconv2. Unpacking libjconv2 (from .../libjconv2_2.8-6+b1_amd64.deb) ... Selecting previously deselected package libjconv-bin. Unpacking libjconv-bin (from .../libjconv-bin_2.8-6+b1_amd64.deb) ... Selecting previously deselected package libosp5. Unpacking libosp5 (from .../libosp5_1.5.2-8_amd64.deb) ... Selecting previously deselected package libunicode-string-perl. Unpacking libunicode-string-perl (from .../libunicode-string-perl_2.09-3+b1_amd64.deb) ... Selecting previously deselected package libunicode-map8-perl. Unpacking libunicode-map8-perl (from .../libunicode-map8-perl_0.13+dfsg-3_amd64.deb) ... Selec
Bug#578055: newpki-server: [INTL:vi] Vietnamese debconf templates translation
Package: newpki-serverVersion: Tags: l10n patchSeverity: wishlistThe initial Vietnamese translation for the debconf file: newpki-servertranslated and submitted by:Clytie SiddallVietnamese Free-Software Translation Teamhttp://vnoss.net/dokuwiki/doku.php?id=projects:l10n vi.po Description: application/apple-msg-attachment
tla_1.3.5+dfsg-14+lenny1_i386.changes ACCEPTED
Notes: Mapping stable to proposed-updates. Accepted: tla-doc_1.3.5+dfsg-14+lenny1_all.deb to main/t/tla/tla-doc_1.3.5+dfsg-14+lenny1_all.deb tla_1.3.5+dfsg-14+lenny1.diff.gz to main/t/tla/tla_1.3.5+dfsg-14+lenny1.diff.gz tla_1.3.5+dfsg-14+lenny1.dsc to main/t/tla/tla_1.3.5+dfsg-14+lenny1.dsc tla_1.3.5+dfsg-14+lenny1_i386.deb to main/t/tla/tla_1.3.5+dfsg-14+lenny1_i386.deb Override entries for your package: tla-doc_1.3.5+dfsg-14+lenny1_all.deb - optional doc tla_1.3.5+dfsg-14+lenny1.dsc - source devel tla_1.3.5+dfsg-14+lenny1_i386.deb - optional devel Announcing to debian-chan...@lists.debian.org Closing bugs: 560940 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1o2rfh-0007il...@ries.debian.org
Bug#560940: marked as done (CVE-2009-3560 and CVE-2009-3720 denial-of-services)
Your message dated Fri, 16 Apr 2010 19:57:49 + with message-id and subject line Bug#560940: fixed in tla 1.3.5+dfsg-14+lenny1 has caused the Debian Bug report #560940, regarding CVE-2009-3560 and CVE-2009-3720 denial-of-services to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 560940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560940 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: tla severity: serious tags: security Hi, The following CVE (Common Vulnerabilities & Exposures) ids were published for expat. I have determined that this package embeds a vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is a mass bug filing (due to so many packages embedding expat), I have not had time to determine whether the vulnerable code is actually present in any of the binary packages derived from this source package. Please determine whether this is the case. If the binary packages are not affected, please feel free to close the bug with a message containing the details of what you did to check. CVE-2009-3560[0]: | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, | as used in the XML-Twig module for Perl, allows context-dependent | attackers to cause a denial of service (application crash) via an XML | document with malformed UTF-8 sequences that trigger a buffer | over-read, related to the doProlog function in lib/xmlparse.c, a | different vulnerability than CVE-2009-2625 and CVE-2009-3720. CVE-2009-3720[1]: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat | 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, | allows context-dependent attackers to cause a denial of service | (application crash) via an XML document with crafted UTF-8 sequences | that trigger a buffer over-read, a different vulnerability than | CVE-2009-2625. These issues also affect old versions of expat, so this package in etch and lenny is very likely affected. This is a low-severity security issue, so DSAs will not be issued to correct these problems. However, you can optionally submit a proposed-update to the release team for inclusion in the next stable point releases. If you plan to do this, please open new bugs and include the security tag so we are aware that you are working on that. For further information see [0],[1],[2],[3]. In particular, [2] and [3] are links to the patches for CVE-2009-3560 and CVE-2009-3720 respectively. Note that the ideal solution would be to make use of the system expat so only one package will need to be updated for future security issues. Preferably in your update to unstable, alter your package to make use of the system expat. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://security-tracker.debian.org/tracker/CVE-2009-3560 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://security-tracker.debian.org/tracker/CVE-2009-3720 [2] http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 [3] http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch --- End Message --- --- Begin Message --- Source: tla Source-Version: 1.3.5+dfsg-14+lenny1 We believe that the bug you reported is fixed in the latest version of tla, which is due to be installed in the Debian FTP archive: tla-doc_1.3.5+dfsg-14+lenny1_all.deb to main/t/tla/tla-doc_1.3.5+dfsg-14+lenny1_all.deb tla_1.3.5+dfsg-14+lenny1.diff.gz to main/t/tla/tla_1.3.5+dfsg-14+lenny1.diff.gz tla_1.3.5+dfsg-14+lenny1.dsc to main/t/tla/tla_1.3.5+dfsg-14+lenny1.dsc tla_1.3.5+dfsg-14+lenny1_i386.deb to main/t/tla/tla_1.3.5+dfsg-14+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 560...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sylvain Beucler (supplier of updated tla package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 13 Apr 2010 17:55:51 +0200 Source: tla Binary: tla tla-doc Architecture: source all i386 Version: 1.3.5+dfsg-14+lenny1 Distribution: stable Urgency: low Maintainer: De
