Bug#784859: Workaround considered annoying at best
Hi, > On Wed, 16 Sep 2015 10:23:24 -0400 David =?UTF-8?Q?Pr=C3=A9vot?= > wrote: >> unarchive 784859 >> # Rebuilding is a workaround, it does *not* address the problem. >> reopen 784859 > > AFAICT rebuilding with an updated toolchain actually got rid of the > strict versioning (without changing something in the package itself): > > Package: ampache Youre not even looking at the right package, and no: Package: ampache-common Source: ampache Version: 3.6-rzb2752+dfsg-6 [ ] Depends: fonts-freefont-ttf (<< 20120503.0~), fonts-freefont-ttf (>= 20120503), libjs-prototype (<< 1.7.1.0~), libjs-prototype (>= 1.7.1), libphp-phpmailer (<< 5.2.10+dfsg.0~), libphp-phpmailer (>= 5.2.10+dfsg), libphp-snoopy (<< 2.0.0.0~), libphp-snoopy (>= 2.0.0), php-getid3 (<< 1.9.9+dfsg.0~), php-getid3 (>= 1.9.9+dfsg), php-gettext (<< 1.0.11.0~), php-gettext (>= 1.0.11) The next transition of any of these dependencies will be blocked by this unmaintained and out of date ampache package. Keeping it in the archive as is is considered harmful. Regards David
Bug#784859: Workaround considered annoying at best
On 2015-09-18 11:36, "David Prévot" wrote: >> Package: ampache > > You’re not even looking at the right package, and no: > > Package: ampache-common Oops ... right, that tells a different story. At least this "workaround" seems to have worked in the past. I don't mind doing rebuild-only QA uploads (since arch:all cannot be binNMUed), but I don't care about (or even use) ampache at all. > The next transition of any of these dependencies will be blocked by this > unmaintained and out of date ampache package. Keeping it in the archive as > is is considered harmful. Please retitle the bug according to your wishes, right now it just calls for a rebuild. Andreas
Processing of rafkill_1.2.2-5_source.changes
rafkill_1.2.2-5_source.changes uploaded successfully to localhost along with the files: rafkill_1.2.2-5.dsc rafkill_1.2.2-5.debian.tar.xz Greetings, Your Debian queue daemon (running on host franck.debian.org)
rafkill_1.2.2-5_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 18 Sep 2015 18:09:14 +0200 Source: rafkill Binary: rafkill rafkill-data Architecture: source Version: 1.2.2-5 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Santiago Vila Description: rafkill- vertical shoot'em-up similar to Raptor: Call of the Shadows rafkill-data - graphics and audio data for rafkill Changes: rafkill (1.2.2-5) unstable; urgency=medium . * QA upload. * Fix several lintian warnings. * Drop outdated postinst and preinst. * Switch to minimal dh debian/rules. * Switch to "3.0 (quilt)" source format. * Rewrite copyright file based on available data. License is LGPL-2, not GPL-2+. * Make clean target to remove "build" and "config.log". This should make the Debian diff to be small again. * Fix typo in old changelog entry. Checksums-Sha1: a49d258f5968c4d25fd652f99ce011f526283f14 1593 rafkill_1.2.2-5.dsc bcbf50e329a7b0aadd55ace0d8f4d5bedc512ae4 10880 rafkill_1.2.2-5.debian.tar.xz Checksums-Sha256: bbf77a50991a6f30c65afb72811590d7a1c6be4ff40925e8260fa1dfda020a14 1593 rafkill_1.2.2-5.dsc afd2d0f2ffd0de5cc87ba006abb9f39f05870cd22e3dd89267204d4f70fa 10880 rafkill_1.2.2-5.debian.tar.xz Files: ee574717087e776d9517db17e889b884 1593 games optional rafkill_1.2.2-5.dsc 12cab8fec727886cbd6e7a8cf4766d21 10880 games optional rafkill_1.2.2-5.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJV/DrUAAoJEEHOfwufG4syp+QIAKfIAPXTM/ba7KmEvfKKib0b kC+QlTcUXJk/Vz5iCufUzH/o83dS7mahaAcecVtFDkk8R6PnONjR4CIzpQNQLY0f XR88lXpoTqhHdEs1B6kKEgs+wY/DDHuvpZbyvzYe6072J00opa5PZm0603/v0fQK E5tFfJfJ/FQlGPzJVwIFcLS0WznC7VrYMlKnDNZHrsGmlhQLacyMcoDp9hTj0QaI Kem9awuE4AWhIGHMcsYdEh/W3X91HyOFU0EsU9yqZpB7HBd1zXTKacxOZrmdyjRC AaqzAjH00Lclcgp5uT5flk8UhVixAZ7vecnFJ2Vvi8+4D3W/z25PZ5LxC2UX94Q= =n4px -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#797165: marked as done (CVE-2015-0852: integer overflow in PluginPCX.cpp)
Your message dated Fri, 18 Sep 2015 19:50:37 + with message-id and subject line Bug#797165: fixed in freeimage 3.15.4-5 has caused the Debian Bug report #797165, regarding CVE-2015-0852: integer overflow in PluginPCX.cpp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 797165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: freeimage Version: 3.10.0-4 Severity: serious Tags: security upstream fixed-upstream Hi, the following vulnerability was published for freeimage. CVE-2015-0852[0]: Integer overflow in PluginPCX.cpp If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0852 https://marc.info/?l=oss-security&m=144073280200732&w=2 Please adjust the affected versions in the BTS as needed. BTW upstream patches are available but they are not minimal patches: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN Hopefully one the of the people who will discover this RC bug (because their package depends on freeimage or whatever) can be convinced to take over this package... it has been orphaned for way too long. Note that the package has another pending security issue (#786790). Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ --- End Message --- --- Begin Message --- Source: freeimage Source-Version: 3.15.4-5 We believe that the bug you reported is fixed in the latest version of freeimage, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 797...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. W. Martin Borgert (supplier of updated freeimage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 15 Sep 2015 22:50:49 +0200 Source: freeimage Binary: libfreeimage-dev libfreeimage3 libfreeimage3-dbg Architecture: source Version: 3.15.4-5 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: W. Martin Borgert Description: libfreeimage-dev - Support library for graphics image formats (development files) libfreeimage3 - Support library for graphics image formats (library) libfreeimage3-dbg - Support library for graphics image formats (debugging symbols) Closes: 797165 Changes: freeimage (3.15.4-5) unstable; urgency=medium . [ W. Martin Borgert ] * QA upload. * [e807e1c] Fix integer overflow. (Closes: #797165) Checksums-Sha1: 9a3d187e315da299918aab1e73137d7a7228d0dd 2140 freeimage_3.15.4-5.dsc f3db0ed1c0f3f5b2173dbe8ca666c0edef3f7107 33224 freeimage_3.15.4-5.debian.tar.xz Checksums-Sha256: dcd5904b934f84cccdb5818a680662914918c76f5697db926f3c06d1faf6186a 2140 freeimage_3.15.4-5.dsc 1670d7bb031427cd1392bf197bb92c08fe3b1cf822c2afd42938807f2580aa5c 33224 freeimage_3.15.4-5.debian.tar.xz Files: ce8cbfe9aa8034d4a5086648ed2e31bd 2140 libs optional freeimage_3.15.4-5.dsc df3d35dd419158482f7b6757208a1d39 33224 libs optional freeimage_3.15.4-5.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJV+cFvAAoJENPhc4PPp/8GV7UQAIiPdVkEYezwY8K/iE919Kr8 CGBzYblbwinm0CkAWk8+CHCqncIsi/4VbpNZCB0WYgNGcVHjDBzSiegoZzlEa6/x IaXJtK1KRSMWGhlmFgYuqJCi+icc62fKD5TnfpVXCK/lHfpKGPh24PsEuKQbtvLC 20FRiaWXtj+2zCm6XoI1ptjbQXrcUZxgUuGzLuncSZYRJ499gI/Xfjvj/4WGDZbL x1ExB5GPq/OrZ8saXSaP2xpby118iQDf+8w6zQwoxd7xuUn36in85/dm6OcdP1Au OFDevZOByjOERyOtcjLGeDPgd8L14Afeph7ik2HUQfErVZCOj0mo4wfm4C+Wh1d8 CoFRKGjKODgTEKzqo+BWgqF6uff/Xm//rYi9r4gMDFrbJMzr34aG9JXO9WWKFTLH Q6TEimDDutz7bm2RrzgC2tzyTu0Nrniphh6KV/dfKjMrpYtppTIil0rl8ncGRtio 5+XgGKaaZcPRUI/y5m1XdtpAJA1nZqEgmDcoBY8ajWlQ3P9yQFpxdtDpuRdbb28w eLy7Oa8eXEx2Dr+XgWVZrQhgF07VN7G6CiCoz+MmOVoP3K5Uc8aQ7AWGQgeOGgP
freeimage_3.15.4-5_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 15 Sep 2015 22:50:49 +0200 Source: freeimage Binary: libfreeimage-dev libfreeimage3 libfreeimage3-dbg Architecture: source Version: 3.15.4-5 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: W. Martin Borgert Description: libfreeimage-dev - Support library for graphics image formats (development files) libfreeimage3 - Support library for graphics image formats (library) libfreeimage3-dbg - Support library for graphics image formats (debugging symbols) Closes: 797165 Changes: freeimage (3.15.4-5) unstable; urgency=medium . [ W. Martin Borgert ] * QA upload. * [e807e1c] Fix integer overflow. (Closes: #797165) Checksums-Sha1: 9a3d187e315da299918aab1e73137d7a7228d0dd 2140 freeimage_3.15.4-5.dsc f3db0ed1c0f3f5b2173dbe8ca666c0edef3f7107 33224 freeimage_3.15.4-5.debian.tar.xz Checksums-Sha256: dcd5904b934f84cccdb5818a680662914918c76f5697db926f3c06d1faf6186a 2140 freeimage_3.15.4-5.dsc 1670d7bb031427cd1392bf197bb92c08fe3b1cf822c2afd42938807f2580aa5c 33224 freeimage_3.15.4-5.debian.tar.xz Files: ce8cbfe9aa8034d4a5086648ed2e31bd 2140 libs optional freeimage_3.15.4-5.dsc df3d35dd419158482f7b6757208a1d39 33224 libs optional freeimage_3.15.4-5.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJV+cFvAAoJENPhc4PPp/8GV7UQAIiPdVkEYezwY8K/iE919Kr8 CGBzYblbwinm0CkAWk8+CHCqncIsi/4VbpNZCB0WYgNGcVHjDBzSiegoZzlEa6/x IaXJtK1KRSMWGhlmFgYuqJCi+icc62fKD5TnfpVXCK/lHfpKGPh24PsEuKQbtvLC 20FRiaWXtj+2zCm6XoI1ptjbQXrcUZxgUuGzLuncSZYRJ499gI/Xfjvj/4WGDZbL x1ExB5GPq/OrZ8saXSaP2xpby118iQDf+8w6zQwoxd7xuUn36in85/dm6OcdP1Au OFDevZOByjOERyOtcjLGeDPgd8L14Afeph7ik2HUQfErVZCOj0mo4wfm4C+Wh1d8 CoFRKGjKODgTEKzqo+BWgqF6uff/Xm//rYi9r4gMDFrbJMzr34aG9JXO9WWKFTLH Q6TEimDDutz7bm2RrzgC2tzyTu0Nrniphh6KV/dfKjMrpYtppTIil0rl8ncGRtio 5+XgGKaaZcPRUI/y5m1XdtpAJA1nZqEgmDcoBY8ajWlQ3P9yQFpxdtDpuRdbb28w eLy7Oa8eXEx2Dr+XgWVZrQhgF07VN7G6CiCoz+MmOVoP3K5Uc8aQ7AWGQgeOGgPR lbzMkSeaPolF55AGtG1Tu+RcApNxgFvlEiZhVx71OWlXixZLXrfXpKCeK4oWp1v5 kk0sW+CoNhibHFMNAbob =qVsb -END PGP SIGNATURE- Thank you for your contribution to Debian.
