Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

2011-09-06 Thread Giuseppe Iuculano 
Hi,

On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled 
> DigiNotar "
> In chromium, for example, if you browse a DigiNotar-signed website and check 
> the certificate chain you will see the Explicitly Disabled cert there.
> 
> Giuseppe, do you already have plans for updating chromium? (more info on the 
> CCed bug.)

chromium uses libnss, please explain, what kind of update chromium
needs? did I miss something?

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#425565: missing information from error message

2009-03-27 Thread Giuseppe Iuculano 
Hi Martin,

> razor writes to syslog:
>   reporter: razor2 report failed: No such file or directory report
>   requires authentication at
>   /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 170. at
>   /usr/share/perl5 /Mail/SpamAssassin/Plugin/Razor2.pm line 318.

[...]

> Lately, I am seeing a lot of:
> 
>   reporter: razor2 report failed: reporter: razor2 had unknown error
>   during authenticate at
>   /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 217,
>line 1. at
>   /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 326.


I think in this case spamassassin writes to syslog, not razor (and perhaps... is
this a razor spamassassin plugin bug ?).


> It'd be nice to see this resolved. Every time I see the message,

I'm also using spamassassin with razor in my mail server, but I haven't those
message.

> I am even more tempted to just kick razor and go rant about the
> quality of its implementation, which, based on the error message,
> must be, uh, well, you know...

Oh yes, I know :)

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#533361: got a CVE id

2009-06-25 Thread Giuseppe Iuculano 
severity 533361 serious
thanks

Hi,

this issue got a CVE id:

CVE-2009-2175[0]:
| Stack-based buffer overflow in the flattenIncrementally function in
| flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2)
| xcf2png utilities, allows remote attackers to cause a denial of
| service (crash) and possibly execute arbitrary code via a crafted
| image that causes a consersion to a location "above or to the left of
| the canvas." NOTE: some of these details are obtained from third party
| information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2175
http://security-tracker.debian.net/tracker/CVE-2009-2175

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-08 Thread Giuseppe Iuculano 
It's likely that pgadmin3 should have been rebuilt after the latest wxwidgets2.8
upload.

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-08 Thread Giuseppe Iuculano 
reassign 540060 pgadmin3
found 540060 1.10.0-1
thanks

Giuseppe Iuculano ha scritto:
> It's likely that pgadmin3 should have been rebuilt after the latest 
> wxwidgets2.8
> upload.

Yes, I confirm that, I rebuilt pgadmin3 and it works perfectly.


Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-08 Thread Giuseppe Iuculano 
Gerfried Fuchs ha scritto:
>  Beg your pardon, but that sounds rather like the ABI of wxwidgets2.8
> has changed - and then it's not pgadmin3's job to fix it, rather the
> library should bump its compatibility level, not?
> 
>  Can this please get investigated properly? I don't object to a
> scheduled binNMU of pgadmin3 (given that there won't be any source
> changes needed), but if wxwidgets2.8 changes its ABI/API it shouldn't do
> that in disguise.

You are right, but I don't think my small patch[1] introduced in the latest
security/QA upload caused an API breakage...

_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
2.8.7.1-2  and
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
2.8.7.1-1

I have no idea... Is it possible that something changed with symbol mangling in
latest gcc-4.3 version?

[1]http://patch-tracking.debian.net/patch/series/view/wxwidgets2.8/2.8.7.1-2/CVE-2009-2369.dpatch

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-08 Thread Giuseppe Iuculano 
Ryan Niebur ha scritto:
> since amd64 seems to be the only architecture with (known) problems,


No, unfortunately I was able to reproduce this issue on my i386 machine.

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-08 Thread Giuseppe Iuculano 
Giuseppe Iuculano ha scritto:
> _zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
> 2.8.7.1-2  and
> _zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
> 2.8.7.1-1

It seems that something changed in binutils, testcase:

squeeze, binutils 2.19.51.20090723-1:

$ cat test.c
int test(void)
{
return 1;
}

int test_new(void)
{
return 2;
}

$ cat test.version
TEST_1.0.1 {
*new*;
};

TEST_1.0 {
global: *;
};

$ gcc -c -fPIC test.c
$ ld -shared -o test.so -version-script test.version test.o
$ objdump -T test.so |grep test
test.so: file format elf32-i386
0210 gDF .text  000a  TEST_1.0test
021a gDF .text  000a  TEST_1.0test_new



but in lenny, binutils 2.18.1~cvs20080103-7:

# objdump -T test.so |grep test
test.so: file format elf32-i386
0210 gDF .text  000a  TEST_1.0test
021a gDF .text  000a  TEST_1.0.1  test_new



signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-10 Thread Giuseppe Iuculano 
clone 540060 -1
reassign -1 binutils
retitle -1 version script commands not handled correctly in sid/squeeze
severity -1 grave
thanks


Hi,

please see the testcase below

Cheers,
Giuseppe.


Giuseppe Iuculano ha scritto:
> Giuseppe Iuculano ha scritto:
>> _zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
>> 2.8.7.1-2  and
>> _zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
>> 2.8.7.1-1
> 
> It seems that something changed in binutils, testcase:
> 
> squeeze, binutils 2.19.51.20090723-1:
> 
> $ cat test.c
> int test(void)
> {
>   return 1;
> }
> 
> int test_new(void)
> {
>   return 2;
> }
> 
> $ cat test.version
> TEST_1.0.1 {
> *new*;
> };
> 
> TEST_1.0 {
> global: *;
> };
> 
> $ gcc -c -fPIC test.c
> $ ld -shared -o test.so -version-script test.version test.o
> $ objdump -T test.so |grep test
> test.so: file format elf32-i386
> 0210 gDF .text000a  TEST_1.0test
> 021a gDF .text000a  TEST_1.0test_new
> 
> 
> 
> but in lenny, binutils 2.18.1~cvs20080103-7:
> 
> # objdump -T test.so |grep test
> test.so: file format elf32-i386
> 0210 gDF .text000a  TEST_1.0test
> 021a gDF .text000a  TEST_1.0.1  test_new
> 




signature.asc
Description: OpenPGP digital signature

Bug#540060: error in pgadmin3

2009-08-28 Thread Giuseppe Iuculano 
Hi,

#540751 was fixed, so a binNMU of wxwidgets2.8 should fix this issue.

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#562353: [28eb1d5] Fix for Bug#562353 committed to git

2010-01-23 Thread Giuseppe Iuculano 

tags 562353 + pending
thanks

Hello,

 The following change has been committed for this bug by
 Giuseppe Iuculano  on Sat, 23 Jan 2010 12:52:24 +0100.
 The fix will be in the next upload. 
=
Removed tetex-bin from Build-Depends

Closes: #562353
=

You can check the diff of the fix at:

http://git.debian.org/?p=users/iuculano/apcupsd.git;a=commitdiff;h=28eb1d5





-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#575741: CVE-2010-0280: Array index error

2010-03-28 Thread Giuseppe Iuculano 
Package: lib3ds
Severity: grave
Tags: security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lib3ds.

CVE-2010-0280[0]:
| Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
| Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a
| denial of service (memory corruption) or possibly execute arbitrary
| code via crafted structures in a 3DS file, probably related to mesh.c.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0280
http://security-tracker.debian.org/tracker/CVE-2010-0280


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuvxHAACgkQNxpp46476apkxQCdG7o/h2LxuGqqXbWLl7a+1gmO
aQYAn0IayiOyvMi7MuGt2UbHA5ZS2fA/
=HYKo
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100328210449.32210.94647.report...@sd6-casa.iuculano.it