> Description : Mesh optimization, mesh smoothing.
>
> Several mesh smoothing/optimization methods with one simple interface.
> optimesh
> - is fast,
> - preserves submeshes,
> - only works for triangular meshes (for now; upvote this issue if you're
> interested in tetrahedral mes
Your bug report is correct, but it is really just a more specific
example of the problem already reported in #863960:
https://bugs.debian.org/863960
Steve
--
https://steve.fi/
On Mon Feb 19, 2018 at 12:44:40 +0100, Michael Meskes wrote:
> > * It relies upon the external VPNGate.net site/service. If this
> > goes away in the lifetime of a stable Debian release users will
> > be screwed.
>
> That is actually a good point. I wonder if using a local copy might b
> Version : 0.0~git20170129.72dd7f6-1
> Upstream Author : Adhityaa C
> * URL : https://github.com/adtac/autovpn
..
> autovpn is a tool to automatically connect you to a random VPN
> in a country of your choice. It uses openvpn to connect you to a server
> obtained from VPN
> Description : debug a running process for memoy leaks without
> recompiling or restarting
Typo: "memory", not "memoy".
> Memleax debugs a program for memory leaks by attaching to a running process,
> similarly to how gdb's does. It then hooks into the target process's
> invocation of m
Package: facter
Version: 2.4.6-1
Severity: minor
Dear Maintainer,
Since upgrading a virtual-machine host from jessie to stretch I started
seeing this email every hour, when puppet ran:
To: root
From: root(Cron Daemon)
Cc:
Subject: Cron /usr/bin/puppet agent --onetime ..
Co
Tags: patch
One approach at solving this problem would be to stop
highlighting the URL at the first "'" character.
This matches what gnome-terminal, and others, do already
even though I don't believe this character _should_ be
escaped.
This can be achieved by updating the regexp:
deagol ~/evil
Package: evilvte
Version: 0.5.1-1
Severity: important
Tags: security
Dear Maintainer,
Although a terminal is designed to execute commands it is unexpected
that clicking on hyperlinks would execute arbitrary code, and
unfortunately that is trivially possible.
Consider the following hyperlink:
On Fri Nov 04, 2016 at 02:10:56 +0100, Nicolas Braud-Santoni wrote:
> Description : easy-to-understand shell script to handle APT repositories
> freight is an easy-to-use and to understand shell script for
> building packages and keeping them in an up-to-date and signed
> reporitory.
M
> Fixed, thank you.
>
> -
> https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=5a159af05d8556a3f9f8f1a42d8fc153ffbc9694
>
I confirm that fixes the problem. Thanks once more for your
prompt attention.
> Welcome to add more info, so that I'll confirm the problems are
> really
Package: w3m
Version: 0.5.3-19
Severity: important
Tags: security
Dear Maintainer,
Please find attached a pair of files, each of these cause w3m to
segfault when run as follows:
cat $file | w3m -dump
The crash is a segfault, which is probably not exploitable but may
be to somebody who puts
On Thu Apr 07, 2016 at 06:51:52 +0900, Tatsuya Kinoshita wrote:
> > Confirmed, thank you.
>
> Fixed in the development repo.
>
> -
> https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=7bb2a4671503c41d63989dcef9ef54dea0c73b43
>
> Will be fixed in the next upload for unstable.
Package: w3m
Version: 0.5.3-19
Severity: important
Tags: security
Dear Maintainer,
Please find attached a tarball which contains two files, a generated
one, and one which has been reduced to the smallest possible test-case.
Each of those files causes w3m to segfault when run as follows:
cat
Package: gawk
Version: 1:4.1.1+dfsg-1
Severity: important
Dear Maintainer,
The following wonderful program causes an immediate segfault in the
parse-process of gawk:
for (i = ) in foo bar baz
For example:
shelob ~ $ cat t.gawk
for (i = ) in foo bar baz
shelob
Package: gawk
Version: 1:4.1.1+dfsg-1
Severity: important
Dear Maintainer,
While I appreciate that passing untrusted code to gawk is not a common thing to
do, I do not believe that it should be possible to trigger a segfault though.
The following "program" will crash gawk though:
$ echo
> Fair enough. In any case, I am going to upload to backports as soon as
> the version in sid stabilises.
Great.
> Well, I think a DSA would be too much for a tool like this :) Specially
> since there has not been any PoC to show a real security issue.
I won't try to force it, but I'd certai
On Wed Jan 13, 2016 at 18:08:44 -0300, MartÃn Ferrari wrote:
> > When running under valgrind we see that an attempt is made to access
> > an invalid pointer:
>
> This is a known issue (#679877), it was fixed when I took over this
> package, and it has already reached testing.
Having the fixed
Package: catdoc
Version: 0.94.4-1.1
Severity: important
Tags: security
Dear Maintainer,
The attached word document will cause catdoc to crash when executed:
catdoc x.doc
When running under valgrind we see that an attempt is made to access
an invalid pointer:
==6875== Invalid read of siz
Package: node-cli
Version: 0.4.4~20120516-1
Severity: critical
Tags: security
Dear Maintainer,
The `node-cli` library makes insecure use of the following two
temporary files:
lock_file = '/tmp/' + cli.app + '.pid',
log_file = '/tmp/' + cli.app + '.log';
These allow overwriting
Package: stalin
Version: 0.11-5
Severity: critical
Tags: security
When `stalin` launches it attempts to detect its environment via
the following code in /usr/lib/stalin/QobiScheme.sc:
(system "uname -m >/tmp/QobiScheme.tmp")
...
(system "rm -f /tmp/QobiScheme.tmp"))
This is a p
The following patch seems to me to be a reasonable stab at fixing
the NULL pointer dereference.
Tested on Debian Jessie (amd64), against keys of type:
* dsa
* ecdsa
* ed25519
* rsa
* rsa1
On a valid key it shows the fingerprint. On my bogus sample it shows:
line 2
> .. and the exciting-looking address is apparently a typical load address
> for the ssh binary.
Yes. It was in the ascii-range, which made me more optimistic.
(I'm too used to using AAA..AAA as input and seeing 0x41. 0x55 looks
close enough to be plausible.)
Steve
--
I'm almost embarrassed to say that I submitted the wrong reproducer
in my original bug report.
The previous key does trigger the fault, but it is needlessly complex.
The attachment to this mail should be considered a saner example, as it
still triggers the crash, but it is is significantly
Package: openssh-client
Version: 1:6.7p1-5
Severity: important
Tags: security
Dear Maintainer,
I believe that the sanest way to generate an SSH fingerprint, for display
to users, etc, is via executing:
ssh-keygen -l -f path/to/public.key
This is the rationale behind the following blog-post:
Sorry for the slow reply, I wasn't Cc'd so I didn't see your reply.
> Did you request a CVE for it already?
No, I did not.
> make me believe that the trust boundaries are not crossed here, thus
> I suppose it will be tracked as a secuirity hardening issue, and not a
> flaw.
> What do you t
Package: xbindkeys-config
Version: 0.1.3-2
Severity: important
Tags: security
If you use this program and "view generated file" the current output
will be saved to the file /tmp/xbindkeysrc-tmp.
This allows the corruption of any file the user has permission to write
to.
Later this predictable fi
On Fri Oct 17, 2014 at 15:38:02 +0200, Jonas Smedegaard wrote:
> Not sure what it is you suggest: Seems to me like they have _opposite_
> scopes :-)
You're right, I'm clearly mistaken/wrong and not being helpful.
Sorry for the noise.
Steve
--
--
To UNSUBSCRIBE, email to debian-bugs-dist
On Fri Oct 17, 2014 at 14:38:07 +0200, Jonas Smedegaard wrote:
> Test::Tabs scans your project/distribution for any perl files (scripts,
> modules, etc) for the presence of tabs.
> .
> Needed for some uses of Dist::Inkt.
> Will be maintained in the Perl team.
Looks like a simple/small modul
Package: fotoxx
Version: 11.11.1-1.1
Severity: important
Tags: security
(Irrelevent) Printing Issues
All three versions of fotoxx packaged for Debian (squeeze, wheezy, and jessie)
make insecure use of a temporary file when printing in the function `wprintp`
in zfunc
Package: fotoxx
Version: 14.07.1-1
Severity: normal
Dear Maintainer,
The version of fotoxx available to Jessie, version 14.07.1-1,
contains code which runs at startup to:
* Phone home.
* Attempt to update itself.
"Phoning home", no matter how benignly, without explicit consent
from the user is
On Tue Sep 09, 2014 at 12:52:38 +0300, Henri Salo wrote:
> Have you requested CVE already? If you want I can verify this issue and create
> the request.
I have not, the lack of update to the bug report made it slip my mind.
If you'd like to confirm the issues, which shouldn't be hard, and
r
Package: xcfa
Version: 4.3.1-1
Severity: important
Tags: security
xcfa contains several insecure uses of temporary files.
For example the file src/get_info.c has code to test that
curl is present, in the function GetInfo_wget which
essentially runs:
wget --user-agent=\"Mozilla 22.0\" --
Package: libxml-dt-perl
Version: 0.62-1
Severity: important
Tags: security
The libxml-dt-perl package installs the script "/usr/bin/mkxmltype"
which blindly overwrites the contents of the file:
/tmp/_xml_$$
(Where '$$' corresponds to the PID of the process.)
This is insecure and can al
Package: lives
Version: 1.6.2
Severity: important
Tags: security
lives contains a perl script, smogrify, which is what does
a lot of the work.
I don't want to point out line-by-line all the issues in the
smogrify script, but please consider significantly overhauling it.
There are numerous inse
Package: rawstudio
Version: 2.0-1.1
Severity: important
Dear Maintainer,
The function "rs_filter_graph" located in file ./librawstudio/rs-filter.c
contains the following code:
g_string_append_printf(str, "}\n");
g_file_set_contents("/tmp/rs-filter-graph", str->str, str->len, NUL
On Mon Jun 02, 2014 at 10:23:23 +0100, Steven Chamberlain wrote:
> http://sources.debian.net/src/trafficserver/3.0.5-1/mgmt/tools/SysAPI.cc
> > NOWARN_UNUSED_RETURN(system("/bin/mv -f /tmp/shadow /etc/shadow"));
>
> Won't that reset the shadow file's ownership to root:root? If default
> umas
Package: trafficserver
Version: 3.0.5-1
Severity: important
Tags: security
Dear Maintainer,
The binary `/usr/bin/traffic_shell` contains the following strings, which
should be sufficient to explain the issue:
/bin/mv -f /tmp/shadow /etc/shadow
/bin/sort /tmp/zonetab.tmp > /tmp/zonetab
Package: scheme48
Version: 1.8+dfsg-1
Severity: important
Tags: security
The function `scheme48-send-definition` in cmuscheme48.el blindly
overwrites the file /tmp/s48lose.tmp prior to sending it to
the inferior scheme process.
This action will blindly overwrite files the user has permission
to m
Clearly I'm an idiot, the correct link is this:
http://www.openwall.com/lists/oss-security/2014/05/07/7
Steve
--
http://www.steve.org.uk/
These issues have now had several CVE identifiers
associated with them, for future tracking:
http://www.openwall.com/lists/oss-security/2014/03/14/5
Steve
--
http://www.steve.org.uk/
Package: emacs23
Version: 23.4+1-4
Severity: important
There are several tempfile-vulnerabilities present in the Emacs Lisp
bundled and distributed with the emacs23 package.
Here are four brief pointers to unsafe code:
lisp/gnus/gnus-fun.el:
In the function `gnus-grab-cam-face` the file "/tmp/
Package: libreadline6
Version: 6.2+dfsg-0.1
Severity: important
Tags: security
Dear Maintainer,
I noticed that GNU Readline version 6.x makes insecure use of
files when outputting debugging information via the _rl_trace
function.
The details were reported here:
http://www.openwall.com/lists/
Package: apt
Version: 0.9.7.9+deb7u1
Severity: important
Tags: security
When installing/upgrading packages via `apt-get` a child process
is invoked against the downloaded .deb-file to extract any templates
which might be contained in that package.
For example I was recently upgrading my lighttpd
CVE-2014-2387 has been allocated for the two hardcoded/insecure
uses of temporary files.
("/tmp/webfile.html", and "/tmp/penctl.cgi".)
Steve
--
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.or
On Thu Mar 13, 2014 at 14:46:37 +0100, Ulric Eriksson wrote:
> The control socket and the configuration file use the exact same
> syntax by design.
I see that is currently the case, yes..
> If it is impossible or impractical to limit
> access to the socket, the same level of control over a run
[Apologies for bouncing your mails. Fixed now.]
> The core issue being that it is possible to run pen with remote
> control from untrusted hosts (or any host), should the administrator so
> desire.
Agreed. I did think of limiting the control-socket to 127.0.0.1:XX
but that a) reduces flex
Package: pen
Version: 0.18.0-1
Severity: minor
Tags: security
There are four issues to report here;
1. Predictable filename in pen itself.
2. Insecure temporary filename in the contributed CGI script.
3. File overwrite / disclosure issues in pen.
4. Information disclosure.
Predictable file
Package: rush
Version: 1.7+dfsg-1
Severity: important
From the package description:
"GNU Rush is a restricted shell designed for sites providing only
limited access to resources for remote users".
Much like sudo the shell allows a configuration file to limit the
commands the user(s
The patches seem to work successfully for me:
* The test-suite that runs at compile-time still passes.
* The reproducer stops segfaulting.
The reproducer I'm using is:
--
#!/usr/bin/ruby1.8
require 'json'
JSON.parse("[1."+"1"*30+"]")
--
Steve
--
http://www.steve.org.uk/
Drop the file attached into ./debian/patches/special-to-self.diff,
and add it to debian/patches/series.
et voila.
Steve
--
Index: gtetrinet-0.7.11/src/config.c
===
--- gtetrinet-0.7.11.orig/src/config.c 2013-09-26 20:14:19.0
I knocked up a patch to do this, bound to 's' by
default.
If there is interest I'm happy to report it here,
I'm only resisting because this is an 8 year old bug
and my patch doesn't use quilt.
Steve
--
http://www.steve.org.uk/
I found the jessie package compiled cleanly under
wheezy and made it available here:
http://packages.steve.org.uk/fabric/
While I don't necessarily expect you to trust a
random repository on the internet you can easily
get the source(s) and rebuild locally.
Steve
--
http://www.steve.
Package: mpc
Version: 0.19-2
Severity: normal
*** Please type your report below this line ***
I regularly use (via a local emacs mode) the formatting optiona
available in the playlist-display to choose my next song.
This example will make it clear:
* I'm trying to dump all songs in the play
Package: greed
Version: 3.4-2
Severity: normal
Usertags: security
*** Please type your report below this line ***
The setgid(games) binary greed makes insecure use of the
file /tmp/Greed.lock - allow arbitrary files that are
writeable to the games user.
By itself this is not a grave concern, but
Package: omega-rpg
Version: 1:0.90-pa9-15
Severity: normal
Usertags: security
omega-rpg is installed setgid(games).
There are two cases where it doesn't drop group(games) privileges:
* When creating the help file "omega.doc"
* When writing save-games
Loading the game, and pressing "S
Package: summain
Version: 0.13-1
Severity: minor
*** Please type your report below this line ***
Please find below a diff fixing a couple of typos in the manpage.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Arc
Simple patch:
--- src/njam.cpp-orig 2011-12-13 17:06:04.0 +
+++ src/njam.cpp2011-12-13 17:07:08.0 +
@@ -339,7 +339,7 @@
sprintf(linux_sdl_driver, "x11\0");
char *driver_name = getenv("SDL_VIDEODRIVER");
if (driver_name)
- sprintf(linux_sdl_driver,
Package: njam
Version: 1.25-5
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
The setgid(games) binary /usr/games/njam makes insecure use of the
environmental variable SDL_VIDEODRIVER.
This potentially allows the execution of arb
Package: nanourl
Version: 0.1-7.1
Severity: important
*** Please type your report below this line ***
The lookup of destination URLs uses unescaped parameters from
the query string, making a classic SQL Injection security hole.
In real terms this package is not security critical, has a low
user
Package: fabric
Version: 0.9.1-1
Justification: causes serious data loss
Severity: important
Tags: security
*** Please type your report below this line ***
Fabric includes two modules which are marked as "contrib", and are
included in the main package.
These two modules both suffer from the sam
On Sun Feb 27, 2011 at 16:16:48 +0100, Kai Wasserb??ch wrote:
> Steve Kemp schrieb am 27.02.2011 16:01:
> > I've been careful to open all files in a way which seemed to be
> > clean - but could you please try the patch below and let me
> > know if it helps?
>
&
On Sun Feb 27, 2011 at 15:50:28 +0100, Kai Wasserb??ch wrote:
> another side effect of this bug is a broken RSS feed,
Indeed. If it is broken it will be broken globally.
I've been careful to open all files in a way which seemed to be
clean - but could you please try the patch below and let
Subject: A security issue was recently discovered in cgiirc.
Package: cgiirc
Version: Security issue in CGI::IRC
Severity: important
*** Please type your report below this line ***
Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
CGI:IRC.
Mozilla have assigned CVE-2011-0050 for th
On Wed Jan 19, 2011 at 07:27:43 +0100, Thijs Kinkhorst wrote:
> > For the "old" one I see what package is affected whereas for the new
> > one I cannot.
> >
> > Could you please return to the old subject line?
>
> I think this is a good point. Maybe not return to the old subject per se, but
> m
On Thu Sep 09, 2010 at 20:49:27 +1000, Ben Finney wrote:
> I've followed the instructions in the README.Debian for ???libjs-jquery???
> to use it from HTML files generated by ???python-coverage???, but without
> success.
Right, I think your specific use-case is non-standard and doesn't
really
On Sat May 08, 2010 at 18:02:25 -0400, Felipe Sateler wrote:
> When looking at a /tags//, posts are sorted in ascending
> chronological order (older entries first). This should be the other way
> around.
Please consider using the --recent-tags-first command-line argument,
or adding that to you
On Sun Feb 07, 2010 at 00:47:10 +0800, jida...@jidanni.org wrote:
> I can't take it any more, day after day various incomplete apt-get
> updates, e.g., bug 564829 and Bug#553533: Seeing BADSIG 9AA38DCD55BE302B
> frequently. What apt-get -o option can I use to turn off all this
> security or whatev
On Mon Jan 25, 2010 at 14:10:18 +0100, Guido G?nther wrote:
> $ perl test.pl
> 1. Open a pipe, normally
> group
> motd
> 2. Open a pipe, set the mode
> group
> motd
> 3. Open a handle.
> group
> motd
> 4. Open a handle. binmode
> group
> motd
> 5
On Thu Jan 21, 2010 at 11:08:39 +0100, Guido G??nther wrote:
> Failed to run filter: No such file or directory at /usr/bin/chronicle line
> 2000.
> # Run the command, reading stdout.
> #
> -open( FILTER, "$cmd|;utf8" ) or
> +open( FILTER, "$cmd|" ) or
This will work, but mea
On Sun Jan 24, 2010 at 19:25:07 +0100, Axel Beckert wrote:
> I know that upstream stopped development since Steve doesn't use
> xen-tools (nor xen) anymore.
FWIW I support this ITP.
I will be happy to "give away" the code - such that this fork
becomes official, and all existing references t
Package: redis-server
Version: 2:1.2.0-1
Severity: wishlist
Tags: +patch
*** Please type your report below this line ***
It would be useful to add a simple bash completion script to this
package to ease use - as the manpage doesn't list options.
Sample script attached below which you're wel
The package does include a copy of the prototype library, but it is
only used to run the integrated test-suite and is thus not a concern.
It is not included in the binary package, just there for a maintainer
who wants to fiddle with the package.
Steve
--
Debian GNU/Linux System Administrati
[Closing as directed]
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Now that we're on 0.83 it looks like this bug may be closed ..?
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debi
Package: wnpp
Owner: Steve Kemp
Severity: wishlist
*** Please type your report below this line ***
* Package name: libtext-vimcolor-perl
Version : 0.11
Upstream Author : Geoff Richards
* URL : http://search.cpan.org/dist/Text-VimColor/
* License : Perl
Package: ftp.debian.org
Severity: normal
*** Please type your report below this line ***
Please remove from unstable release.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: ftp.debian.org
Severity: normal
*** Please type your report below this line ***
Please remove from unstable.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: winkeydaemon
Version: 1.0.1-3
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
This is probably not a hugely exploitable issue, but reporting
regardless:
winkeydaemon.pl:
if (-d "/tmp/.winkey") {
# ok, no action re
Package: ttylog
Version: 0.1.c-1
Severity: normal
*** Please type your report below this line ***
The script uses strcpy to copy the specified device
name into a fixed buffer.
This program isn't a security-sensitive one so the
issue is minor, but the bug should be fixed:
s...@gold:$ /us
> 0.81-1 included prefork, which was usable via editing the init.d script, but
> couldn't be selected through debconf, because prefork didn't as of 0.81
> support listening on multiple interfaces, and hence would have broken some
> deployed setups.
The current release is 0.83, and the changelog
Package: oping
Version: 1.3.2-1
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
oping is setuid root and one of the command line arguments allows
a configuration file to be specified. This file is read and *reported*
to the con
On Fri Sep 18, 2009 at 14:06:44 +0200, Arnaud Fontaine wrote:
> No I didn't, I could not find this discussion, could you please point it
> me out? As soon as all these issues will have been addressed, I will
> prepare a package (debian-security team: please do not upload the
> package f
On Fri Sep 18, 2009 at 13:38:39 +0200, Arnaud Fontaine wrote:
> I have prepared yesterday a package for Lenny including this patch. At
> the moment, I'm waiting for a reply from the debian-security team.
Great. Don't forget etch to.
> Thank you very much for the patch and bug report.
Did
The patch doesn't account for case variations, so it shold be updated:
+
+for i in xrange (len (attrs)):
+k,v = attrs[i]
+if (( k == "src" ) or ( k == "href" ) ) and
(v.lower().find("javascript:" ) <> -1 ):
+del attrs[i]
+
return attrs
S
Subject: planet: [CVE-2009-2937] - Insufficient escaping of input feeds
Package: planet
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
The planet feed aggregator attempts to remove malicious content from
user-submitted feeds. It d
Subject: planet-venus: [CVE-2009-2937] - Insufficient escaping of input feeds
Package: planet-venus
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
The planet feed aggregator attempts to remove malicious content from
user-submitted
On Sat Sep 05, 2009 at 18:41:36 +0200, Guido G??nther wrote:
> $ chronicle
> Use of uninitialized value $site
> in concatenation (.) or string at /usr/bin/chronicle line 1613.
> Use of uninitialized value $site
> in concatenation (.) or string at /usr/bin/chronicle line 1638.
> at
Package: offlineimap
Version: 6.1.0
Severity: important
The upgrade today resulted in this:
Setting up libgail-common (2.16.4-1) ...
Setting up gtk2-engines-pixbuf (2.16.4-1) ...
Setting up libgtk2.0-bin (2.16.4-1) ...
Setting up offlineimap (6.1.0) ...
Setting up python-gdbm (2.5.2-1.1) ...
P
On Mon Jun 01, 2009 at 19:19:28 +0200, Salvatore Bonaccorso wrote:
> This is still an release of this module and it should not be considered to be
> complete by any means. It is very basic implemenation at this point and will
"implementation" would fix that typo.
Steve
--
Managed Anti-Spam
On Tue May 26, 2009 at 08:11:06 -0300, Brian Cassidy wrote:
> * Package name: libfile-temp-perl
> Version : 0.21
> Upstream Author : Tim Jenness
> * URL : http://search.cpan.org/dist/File-Temp/
> * License : Artistic | GPL-1+
> Programming Lang: Perl
> Desc
On Wed May 20, 2009 at 11:56:25 +0200, Steve Langasek wrote:
> >[ Steve Kemp ]
> >* Re-upload with orig.tar.gz file present, unfortunately this means
> > bumping the release number, but that is a small price to pay.
> > (Closes: #526228)
>
> H
On Wed Apr 29, 2009 at 17:00:21 +0100, Adam D. Barratt wrote:
> The patch looks fine to me; thanks. As we're not upstream for the
> script, I've BCCed the original author to make him aware of the patch,
> and in case he has any issues / comments with it.
Thanks for the notification, the patch
On Thu Mar 12, 2009 at 22:37:41 +0100, Karl Ferdinand Ebert wrote:
> - a more usable status line syntax, with the ability to display the first line
> of output of a specific command;
That is also possible in GNU Screen.
> - a cleaner, modern, easily extended, BSD-licensed codebase.
That w
Looks like I filed this too soon - the bug is fixed in Lenny's
package already.
Steve
--
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: mantis
Severity: grave
Tags: security
Version: 1.1.6+dfsg-2
There's a security issue in the mantis version in lenny, at least,
which allows registered users to run commands on the server.
Details here:
http://secunia.com/advisories/32314/
Patch here:
http://mantisb
On Tue Feb 17, 2009 at 11:52:10 -0300, Walter Cruz wrote:
> > a. renamed to be libjs-jquery-ui
>
> Should I fill another ITP?
I think there's no need, just rename the package prior to the
upload. I don't think people would get too pedantic if you were
changing the name to fit in with e
On Tue Feb 17, 2009 at 11:36:11 -0300, Walter Cruz wrote:
> * Package name: libjs-jqueryui
> Version : 1.5.3
> Upstream Author : Paul Bakaus
> * URL : http://jqueryui.com/
> * License : GPL, MIT/X
> Programming Lang: JavaScript
> Description : jQuery UI
On Wed Jan 21, 2009 at 14:22:37 +, brian m. carlson wrote:
>> Brian are you able to test the package uploaded to experimental,
>> version 1.5.19-1?
>
> Yes.
Great, thanks!
>> That has had a couple of minor IMAP changes relating to handling
>> NULL pointers, and I'd be curious to know if
This bug is a duplicate of 482883:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482883
"mutt: removes custom headers on postpone+resume"
I will merge the two bugs together for improved tracking.
Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/aud
The patch below might prevent this from happening.
s...@gold:~/git/mutt/mutt-1.5.19$ diffs
--- sendlib.c-orig 2009-01-20 22:57:28.0 +
+++ sendlib.c 2009-01-20 22:57:57.0 +
@@ -2206,7 +2206,11 @@
args = add_option (args, &argslen, &argsmax, "-R");
args = add_o
1 - 100 of 448 matches
Mail list logo
