Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

On Wed, Jan 21, 2015 at 01:15:53PM +0530, Ritesh Raj Sarraf wrote: > On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote: > > Package: virtualbox > > Severity: grave > > Tags: security > > Justification: user security hole > > > > No specific details available yet: > > http://www.oracle.com/technetwor

Bug#772963: release-notes: cellphone friendly CSS

On 2015-01-21 01:23, Stéphane Blondon wrote: > Demos are temporary available : ... > http://stephane.yaal.fr/tmp/installer_docs/Chapter%C2%A02.%C2%A0What%27s%20new%20in%20Debian%208.html Nice! Two (minor) remarks: 1. The footer does not fit on my telephone in portrait format. The house icon i

Bug#775873: patch: directory traversal via file rename

Control: found -1 2.7.1-6 I could check that this bug is also present in 2.7.1-6. Marking as found there (this should be useful for apt-listbugs). -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - comput

Bug#775873: patch: directory traversal via file rename

Control: severity -1 grave because one can easily attack a local user, e.g. by creating an arbitrary rc file in his home directory. -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - computer arithmetic /

Bug#775866: vlc: multiple vulnerabilities

On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: > Source: vlc > Version: 2.1.5-1 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > multiple vulnerabilities were reported against vlc 2.1.5. The complete > mail is at http://seclists.org/oss-sec/20

Bug#769797: marked as done (gnat-4.9: FTBFS: Needs update for gcc-4.9-4.9.2)

Neil Williams writes: >> unless you tell me how the b-d >> >> gcc-4.9-source (<< 4.9.2) >> >> is satisfied in unstable, please leave this issue open. > > That doesn't make sense. gnat-4.9 in unstable has build-dependencies > which can be satisfied in unstable. gnat-4.9 in testing has > build-d

Bug#774467: references cdn.debian.net, which is deprecated

Paul and Aoki-san, Sorry for late response.. I would like to make an alias from cdn.debian.net to http.debian.net at end of Jan. I believe that pbulider can run it. ARAKI Yasuhiro a...@debian.org cdn.debian.net/debian/ 2015-01-18 15:36 GMT+09:00 Paul Wise : > On Sat, 2015-01-17 at 00:21 +0900,

Bug#775375: python-django: diff for NMU version 1.7.1-1.1

Hello Neil, On Fri, 16 Jan 2015, Neil Williams wrote: > I've prepared an NMU for python-django (versioned as 1.7.1-1.1) and > I'll do some more testing of it before uploading it, likely to Delayed-2 > or possibly 4. Thanks for this, but we prefer to try to push 1.7.3 into unstable/jessie. I'm ope

Bug#767441: docker.io: daemon ignores proxy settings

Hi, Olaf Meeuwissen wrote (31 Oct 2014 04:13:11 GMT) : > Actually, I take that partially back. It turns out to be dependent on > what init system you are using. For the traditional SysV init and > Upstart the `export` seems to be needed but for systemd it causes the > variable to be ignored, as

Bug#775778: open-iscsi: Boot with systemd hangs (ordering of init script w.r.t. remote filesystems)

Hi again, Btw, in case it wasn't clear from my first reply here: >> - there is this needless 90s delay (or whatever other delay the admin >>has configured) in waiting on the iSCSI targets > > Have you had luck root causing in why there is the 90 sec delay ? systemd actively complains at bo

Bug#775892: unblock (pre-approval): python-django/1.7.3-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock I would like to upload python-django 1.7.3-1 to sid and jessie. It's a new upstream version but it contains only bugfixes (a few of which are security related, see #775375). The diffstat is

Bug#775893: libzookeeper-java: Missing Maven artifacts

Package: libzookeeper-java Version: 3.4.5+dfsg-2 Severity: important libzookeeper-java doesn't install the Maven artifacts in /use/share/maven-repo, they are required to build Maven projects depending on Zookeeper such as Solr. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.o

Bug#775866: vlc: multiple vulnerabilities

On 2015-01-20 21:47:26, Yves-Alexis Perez wrote: > And there are unfixed ones: > > * The potential buffer overflow in the Dirac Encoder was not fixed as > the Dirac encoder no longer exists in the master branch. Similarly, 2.2.0~rc2-1 no longer contains the Dirac encoder, so this only affects w

Bug#712841: SOLVED: Debian ARM install on a QNAP HS-210

On Wed, 2015-01-21 at 07:46 +1300, m...@wiimail.com wrote: > Hi Ian > > Thanks for that. > > I'm happy to help bugtest a proper long term solution for this, or > whatever I can do to help... Thank you, I'm overdue to have a look into this stuff. I've CC'd #712841 so this info ends up in a safe

Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Yes. We'll talk to the upstream folks. s3nt fr0m a $martph0ne, excuse typ0s On Jan 21, 2015 1:28 PM, "Moritz Muehlenhoff" wrote: > On Wed, Jan 21, 2015 at 01:15:53PM +0530, Ritesh Raj Sarraf wrote: > > On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote: > > > Package: virtualbox > > > Severity: gr

Bug#775044: [Openjdk] Bug#775044: openjdk-7: FTBFS: java.lang.RuntimeException: time is more than 10 years from present: 1104530400000

On 01/21/2015 01:00 AM, peter green wrote: > peter green wrote: >> I have just prepared a patch against wheezy's openjdk-6 to disable the >> timebomb code. I have attatched this patch which I am currently in the >> process >> of testing. > I have tested that my patch results in succesful builds o

Bug#775778: open-iscsi: Boot with systemd hangs (ordering of init script w.r.t. remote filesystems)

Thanks Christian. I'm building a setup to verify the same. s3nt fr0m a $martph0ne, excuse typ0s On Jan 21, 2015 2:20 PM, "Christian Seiler" wrote: > Hi again, > > Btw, in case it wasn't clear from my first reply here: > > >> - there is this needless 90s delay (or whatever other delay the admin

Bug#755202: My Fix in Gentoo

Am Dienstag, 20. Januar 2015, 20:27:09 schrieb Keivan Moradi: > I had the same problem in Gentoo linux. > I am by no means a network expert. > I had this warning in NM log. > > error in connection > /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0: > invalid connection:

Bug#775895: mpt-status: prints 'mpt-statusd: detected non-optimal RAID status' with VMWare vSphere virtual disk

Package: mpt-status Severity: important Dear Maintainer, *** Please consider answering these questions, where appropriate *** I have a VMware vSphere 4.1 cluster. The service writes mpt-statusd: detected non-optimal RAID status in the /var/log/messages. Of course the virtual disk has no RAID p

Bug#616331: python-django: changed_data in django froms is undocumented

Control: forwarded -1 https://code.djangoproject.com/ticket/24191 Hi Björn, On Thu, 03 Mar 2011, Björn Påhlsson wrote: > Would be nice if the Forms API page would mention it. Indeed, I submitted this to the upstream developers in the above ticket and I put you in copy so that you can follow the

Bug#658500: python-django: Build and install documentation for devhelp

On Fri, 03 Feb 2012, Thomas Bechtold wrote: > Please build and install the django documentation also for devhelp. This > should be possible with sphinx. Out of curiosity, what does this format bring? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/servi

Bug#775749: fails to load comments

You are right, Nicholas, this is an unintended side effect of the change introduced in 5.1.24. I'll come with a proper fix soon. Best, Evgeny On 19/01/15 23:29, Nicholas Breen wrote: On Mon, Jan 19, 2015 at 11:17:48PM +0800, Lu Wang wrote: Package: grace Version: 1:5.1.24-3 Severity: normal

Bug#775896: libdumbnet-dev: copyright file missing after upgrade (policy 12.5)

Package: libdumbnet-dev Version: 1.12-4 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, a test with piuparts revealed that your package misses the copyright file after an upgrade, which is a violation of Policy 12.5: https://www.debian.org/doc/debian-policy/ch-docs.html#

Bug#668254: bash-completion: dh_bash-completion still installs files in /etc/bash_completion

Control: found 668254 bash-completion/1:2.1-4 On 05-Jul-2013, Laurent Bigonville wrote: > The Debian README is reading: > > Completions are kept in /usr/share/bash-completions/completions. > > /etc/bash_completion.d/ is being kept for compatibility reasons; but will > disappear in future. If

Bug#773359: package tbb_4.2~20140122-4 FTBFS on mips and mipsel

On Tue, 2015-01-20 14:02:08 +, Steven Capper wrote: > On 20 January 2015 at 10:51, Aníbal Monsalve Salazar > wrote: >> Hello Steven, > > Hi Aníbal, > >> >> At IMGtech.com, we would like to support this patch for tbb. >> >> If you prefer, I could sponsor a new Debian version of tbb including

Bug#775897: gnome-panel: horizontal spacing between icons is too much large

Package: gnome-panel Version: 3.8.1-7+b1 Severity: important Hello, Horizontal spacing between icons is too much large. You can see it in the attached image. There is a lot of free place but we can't use it! And no useful gnome-extension for that. Thank you in advance and best regards. Pierre C

Bug#775265: unblock: systemd/215-9

Control: tag 775404 patch Michael Biebl [2015-01-20 17:56 +0100]: > I looked into this a bit more myself. Unfortunately, those .sh suffixes > are not the only ways to trigger this particular bug. > > As can be seen in [1], this can also be caused by backup/temporary > files, i.e. the name of the

Bug#775898: loook: No explicit typeconversion to string for variable 'err'

Package: loook Version: 0.8.0-1 Severity: normal Tags: patch 380c380 < print(_("Warning: Supposed ZIP file ") + filename + _("could not be opened: ") + err) --- > print(_("Warning: Supposed ZIP file ") + filename + _("could not be opened: ") + str(err))

Bug#708000: Include this in Jessie?

Hello, I'm not familiar with Debian's stabilisation process but it would be good if this fix could be pushed to Jessie. It is the key to using F2FS as a root filesystem because fsck.f2fs currently does not like the filesystem being mounted at all. Some manual steps are still required, of course, b

Bug#757851: accessibility: orca says always "not selected"

Control: forwarded -1 https://github.com/mate-desktop/caja/issues/356 On Sa 25 Okt 2014 22:35:27 CEST, Mike Gabriel wrote: Control: severity -1 important Hi Jean-Philippe, On Mo 11 Aug 2014 21:27:40 CEST, Jean-Philippe MENGUAL wrote: Package: caja Version: 1.8.1-2 Severity: normal Dear M

Bug#775899: minetest: status of forwarded patches

Source: minetest Version: 0.4.11+repack-1 Severity: normal Hi, this is a bug report to track the status of all minetest patches currently applied by Debian. It would be a good idea to drop, simplify or forward some of them. This bug report should be ideally closed with the next upstream release.

Bug#739676: systemd-user PAM config breaks some libpam-* modules

Hey Christian, Christian Kastner [2014-12-28 21:55 +0100]: > Trying to run as a user instance, but $XDG_RUNTIME_DIR is not set. > > I assume that this is because common-session also includes > pam_systemd.so, whereas -noninteractive does not, so switching to the > latter drops it from systemd-u

Bug#775900: [sh4]: Test suite fails with '((system-error "setaffinity" "~A" ("Function not implemented") (38)))'

Package: guile-2.0 Version: 2.0.11+1-9 Severity: normal Forwarded: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19646 Hi Rob! I'm one of the Debian sh4 maintainers now and I am working to get the port back into shape. Currently, we can't fill the build queue anymore since the guile-2.0 package is

Bug#770871: ModemManager only starts up if system is PID 1

Hi Michael, On Di 20 Jan 2015 14:50:13 CET, Michael Biebl wrote: tags: -1 + moreinfo help All the code still seems to be there [1], it just needs to be changed to use a runtime check instead of compile time. Ok. I think I am not involved with that code base enough. Also quite busy with th

Bug#775901: patch: another directory traversal via symlinks

Package: patch Version: 2.7.1-7 Tags: security Unfortunately the fix for CVE-2015-1196 (bug #775227) is not complete. It is still possible to abuse symlinks for directory traversal: $ ls /tmp/moo /bin/ls: cannot access /tmp/moo: No such file or directory $ mkdir empty && cd empty $ patch -p1

Bug#775902: cmake: cpack(1) misses "Generators" section

Package: cmake Version: 3.0.2-1 Severity: minor Dear Maintainer, cpack(1) contains the following description of the -G argument: " CPack may support multiple native packaging systems on certain plat- forms. A generator is responsible for generating input files for par- ticular system and invok

Bug#775461: python-wxgtk3.0: wx.tools.img2py: insecure use of /tmp

Hi Olly! * Olly Betts , 2015-01-21, 10:48: I've come up with a patch (attached), but I'm not really a Python programmer, so I'd appreciate a review to make sure I'm not doing something dumb. I'm busy, so I had only a quick look at the patch: -xmltemp = tempfile.mktemp('.

Bug#737789: Cannot reproduce this bug

On Sat, 17 Jan 2015 23:13:11 + Chris Carr wrote: > tags 737789 moreinfo > thanks > > When I apt-get install angband 3.3.2-2.1, I see three icons appearing in > my gnome3 applications menu: > > angband(GTK) > angband(X11) > angband(SDL) > > All three have the same "Mr Att" icon (an @ symbol

Bug#775762: unblock: intel-microcode/3.20150107.1

On Tue, 20 Jan 2015, Ivo De Decker wrote: > On Mon, Jan 19, 2015 at 04:14:21PM -0200, Henrique de Moraes Holschuh wrote: > > Please unblock package intel-microcode > > Unblocked. Thank you! -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness

Bug#775903: systemd: 'service initscript start' starts initscript.dpkg-dist under systemd

Package: systemd Version: 215-9 Severity: serious Tags: security Dear maintainer, I tried systemd after a wheezy → sid upgrade and encountered an annoying problem: after modifying a file related to my /etc/init.d/fetchmail script[1], I decided to start the fetchmail service with 'service fetchmai

Bug#775904: di-netboot-assistant should verify the downloaded files

Package: di-netboot-assistant Severity: normal User: tails-...@boum.org Usertags: infra Dear Maintainer, Given most of the files downloaded by di-netboot-installer are done so over insecure connections, it makes sense to have it verifying this files or at least provide a way for sysadmins to do i

Bug#774811: debian-installer: debian-testing-powerpc-netinst.iso 2015-01-05 08:58 278M doesn't boot

Hi, Since this problem is powerpc specific, I'm putting debian-powe...@lists.debian.org in copy and since it concerns the bootability of an ISO image, I also add debian...@lists.debian.org. On Wed, 07 Jan 2015, intervenant0 wrote: > I have downloaded debian-testing-powerpc-netinst.iso 2015-01-05

Bug#775905: DESKTOP_SESSION and XDG_CURRENT_DESKTOP not set correctly with LightDM's "Default Xsession"

Package: mate-session-manager Severity: important Together with Stefano from upstream I just discovered a new issue in mate-session-manager. If I use LightDM as display manager and log into a Default Xsession (which is MATE on my system), then the env vars DESKTOP_SESSION and XDG_CURRENT_

Bug#775903: systemd: 'service initscript start' starts initscript.dpkg-dist under systemd

Control: forcemerge 775404 775903 Hey Florent, Florent Rougon [2015-01-21 12:05 +0100]: > I tried systemd after a wheezy → sid upgrade and encountered an annoying > problem: after modifying a file related to my /etc/init.d/fetchmail script[1], > I decided to start the fetchmail service with 'serv

Bug#769941: iceweasel crash

tags 769941 - moreinfo thanks On 14/01/15 04:00, Michael Gilbert wrote: This turned out to be faulty ram for the other person experiencing this. Submitter, can you see if memtest says anything meaningful, and possibly reseating, removing, or replacing ram? I ran memtest for an hour and got no

Bug#774492: [vim] "c{motion}" temporary cancels 'linebreak' option for current line

Package: vim Version: 2:7.4.488-4 Followup-For: Bug #774492 Control: tag -1 + patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, there seems to be the same or a related bug mentioned at https://www.mail-archive.com/vim_dev@googlegroups.com/msg30754.html Attached is a file to reproduce this

Bug#775866: vlc: multiple vulnerabilities

On 2015-01-20 21:47:26, Yves-Alexis Perez wrote: > * Null-pointer dereference in dmo codec: > > https://github.com/videolan/vlc/commit/229c385a79d48e41687fae8b4dfeaeef9c8c3eb7 No CVE was issued for this bug, so I'll omit that patch. Cheers -- Sebastian Ramacher signature.asc Description: Di

Bug#771587: caja hardly startable outside MATE desktop environment

On So 30 Nov 2014 22:45:44 CET, Mike Gabriel wrote: Package: caja Severity: important When launching caja via cmdline in a terminal or via the application menu outside a MATE desktop environment, caja will always launch the MATE desktop (background + icons + context menu). My expectation

Bug#754827: Tag some less complex bugs

On 2015-01-20, at 17:43:35 +0100, Martin Quinson wrote: > did the resulting package install on your side? > I get an error message here: > > mquinson@chaipa:~/Code/debian/build-area$ LC_ALL=C sudo dpkg -i > quilt_0.63-4_all.deb quilt-el_0.63-4_all.deb > (Reading database ... 434798 files and direct

Bug#758430: caja: crashes after several hours of use

Hi, Does it still happen in the current Debian? I'm asking because I suspect it might be a GLib bug, and GLib has been updated to 2.42 since August 2014. If it's still reproducible, can you please install caja-dbg (for more debug info) and post the backtrace again? Oh, and use "bt full" instead o

Bug#775799: RFS: libmodule-install-rtx-perl/0.37-1 [ITP]

- d/copyright: copyright holder is not only "Best Practical Solutions" but also Audrey Tang . - d/docs: maybe missing. - d/p/01-fix-plugindir.patch: where comes from? note: pbuilder and piuparts clean. -- Regards, dai GPG Fingerprint = 0B29 D88E 42E6 B765 B8D8 EA50 7839 619D D439 668E

Bug#715857: Patch for #715857 (eblook segfaults when HOME unset)

tags 715857 + patch stop The cause of this bug is that eblook assumes that the HOME environment variable is always set: it dereferences the return value of getenv("HOME") without checking that it is non-NULL. You can easily reproduce the segfault by running $ env -u HOME eblook The following pat

Bug#774020: systemd: black screen with backlight on start. rescue mode plus Ctrl-D allows normal boot

Control: severity -1 important This is still unreproducible, has no confirmations from other reporters, does not cause actual damage or data loss, and does not make the package completely unusable for everyone. Thus as per https://www.debian.org/Bugs/Developer#severities I'm downgrading this to im

Bug#775525: caja: Desktop icon size settings wrong

Control: tag -1 patch On Di 20 Jan 2015 14:17:59 CET, Mike Gabriel wrote: Control: tag -1 confirmed Control: forwarded -1 https://github.com/mate-desktop/caja/issues/375 On Fr 16 Jan 2015 20:03:24 CET, G. Heine wrote: Package: caja Version: 1.8.2-1 Severity: minor Dear Maintainer, settin

Bug#775907: nautilus: crashes when trying to bookmark an smb share

Package: nautilus Version: 3.14.1-2 Severity: important Dear Maintainer, Steps to reproduce: 1. Connect to an smb share using "connect to server" 2. Drag from the path bar into the sidebar to create a bookmark 3. Unmount the share Result: Bookmark gets renamed from "share on server" to "/" 4.

Bug#775906: lookup-el: possible alternative upstream

Package: lookup-el Version: 1.4.1-13 Severity: wishlist There is a lookup2 project on github/sourceforge. It seems slightly more active that the official lookup upstream (although there is still no stable 2.0 version...) https://lookup2.github.io/ https://github.com/lookup2/lookup2 http://lookup

Bug#775908: enigmail: Enigmail is unable to sign key

Package: enigmail Version: 2:1.7.2-3 Severity: important Dear Maintainer, Enigmial is unable to sign keys: When I attempt to do so ("Sign Key", select any option for how careful I was), I get a message box saying Key signing failed In the Icedove error log, the following message appears: [

Bug#775909: libapache2-mod-gnutls: segfaults with reverse proxy configuration

Package: libapache2-mod-gnutls Version: 0.6-1.2 Severity: normal I've configured mod_gnutls to handle client TLS connections for a reverse proxy with HTTP back end connections. However, requests handled by the proxy led to segfaults in the handler process and, after I fixed the first issue, the TL

Bug#775910: nautilus: treats identical shares with implicit and explicit credentials as distinct

Package: nautilus Version: 3.14.1-2 Severity: normal Dear Maintainer, Steps to reproduce: 1. Using "connect to server", connect to a share for which you have previously cached the credentials. Do not put credentials in the URL, e.g. "smb://server/share/". 2. Now using the same method, connect

Bug#775911: texlive-base: dvips ships non-free ehandler.ps

Package: texlive-base Version: 2014.20141024-2   texlive-base ships ehandler.ps, a set of PostScript error handler routines, as part of dvips. These appear to be non-free:   %!PS-Adobe-2.0 % This is based on: ehandler.ps -- Downloaded Error Break-page handler % Copyright (C) 1984, 1985, 1986 Adobe

Bug#775903: systemd: 'service initscript start' starts initscript.dpkg-dist under systemd

Hi Am 21.01.2015 um 12:30 schrieb Martin Pitt: > Florent Rougon [2015-01-21 12:05 +0100]: >> I tried systemd after a wheezy → sid upgrade and encountered an annoying >> problem: after modifying a file related to my /etc/init.d/fetchmail >> script[1], >> I decided to start the fetchmail service wi

Bug#775912: update-rc.d is slow due to useless fadvise call

Package: insserv Version: 1.14.0-5 When update-rc.d is invoked (be it as part of some service installation or manually), on some machines it takes much more time than anticipated. Example: # time update-rc.d apache2 defaults ... real5m23.611s user0m0.092s sys 0m0.088s Running an str

Bug#775295: AW: Bug#775295: dialog: ok/cancel shortcuts not working in many dialogs

Hi! I was refering to man 3 dialog, which speaks in the dlg_char_to_button function about key bindings. If it's not meant to be a shortcut, why does it receive a hilight on the first character then? And if it's not meant to be a shortcut, is there a way with a switch or such to manually di

Bug#775313: debsums -c don't report all changed files

Hi, Axel Beckert wrote: > Axel Beckert wrote: > > I've pushed a prelimiary NMU to the git branch "nmu": > > https://anonscm.debian.org/cgit/collab-maint/debsums.git/log/?h=nmu > > > > I intend to upload that one as NMU to DELAYED/2 after some testing. > > Will post a full debdiff here once I'm do

Bug#738483: python-gnupg: list_keys fails with debian-keyring due to UTF-8 corruption

On 25/02/14 14:32, Gerald Turner wrote: > Control: found -1 0.3.6-1 > > [...] Hi Gerald, I've hit the same problem. Here is a dirty fix for you: import gnupg from pprint import pprint keyring = gnupg.GPG(keyring = "/usr/share/keyrings/debian-keyring.gpg") keyring.decode_errors =

Bug#775747: Acknowledgement (ITP: ginger -- Host management plugin to Kimchi)

Here is a first draft for ginger packaging : https://mentors.debian.net/package/ginger F. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#775265: unblock: systemd/215-9

Hi, Am 21.01.2015 um 10:52 schrieb Martin Pitt: > Control: tag 775404 patch > > Michael Biebl [2015-01-20 17:56 +0100]: >> I looked into this a bit more myself. Unfortunately, those .sh suffixes >> are not the only ways to trigger this particular bug. >> >> As can be seen in [1], this can also be

Bug#775903: systemd: 'service initscript start' starts initscript.dpkg-dist under systemd

Control: unmerge -1 Control: severity -1 normal Control: retitle -1 sysv-generator: Do not create units for .dpkg-* files Hey Michael, Michael Biebl [2015-01-21 14:05 +0100]: > This bug is related, but might be considered a bug on its own, regarding > handling of temporary/backup conffiles. > >

Bug#775913: vala-0.26: CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()

Source: vala-0.26 Version: 0.26.1-1 Severity: grave Tags: security upstream patch fixed-upstream Control: fixed -1 0.26.2-1 Hi, the following vulnerability was published for vala-0.26. CVE-2014-8154[0]: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo() If you fix the vulnerabilit

Bug#775859: RFP: pageres -- Capture screenshots of websites in various resolutions on the command-line

Tryint to package anything related to PhantomJS is both courageous and honourable! And probably futile. If you don't fear the Python, try python{,3}-ghost: import ghost g = ghost.Ghost() g.open("http://www.debian.org/";) g.capture_to("debian.png") If you prefer searchable PDF output and the sh

Bug#775914: unblock (pre-approval): mate-session-manager/1.8.1-7

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking of planned upload of package mate-session-manager + * debian/patches: -> Two more patches from upstream should arrive in Debian jessie. ++ Add 0002_msmgnom

Bug#775912: [Pkg-sysvinit-devel] Bug#775912: update-rc.d is slow due to useless fadvise call

On Wed, 21 Jan 2015, Bolesław Tokarski wrote: > When update-rc.d is invoked (be it as part of some service installation or > manually), on some machines it takes much more time than anticipated. Example: > > # time update-rc.d apache2 defaults > ... > real5m23.611s > user0m0.092s > sys

Bug#775915: setools: add symbols for mips64el

://mipsdebian.imgtec.com/debian/logs/s/setools/setools_3.3.8-3.1+mips64_mips64el-20150121-1312.build.gz. Thanks, James -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#772910: mate-settings-daemon: Massive memory leak

reassign 772910 libpam-systemd 215-8 forcemerge 732209 772910 thanks Hi, Well, looking at the description, I see this is the same bug that has been found in various situations before [1][2][3]. Especially this line hints that: > Think it might be because I used the plugin for Caja allowing to

Bug#739676: systemd-user PAM config breaks some libpam-* modules

Hi Martin, On 2015-01-21 11:35, Martin Pitt wrote: > On both my Debian sid and my Ubuntu system, the only difference > between common-session and common-session-noninteractive is that the > latter does not include libpam-systemd. Generally speaking, I believe (but haven't verified) that this will

Bug#775916: unblock (pre-approval): caja/1.8.2-2

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking of planned upload of package caja + * debian/patches: -> Upstream helped to trace down to more issues observed with Caja in Debian jessie. ++ Add 0001_fix

Bug#711831: RFA: libgphoto2 -- gphoto2 digital camera library

retitle 711831 ITA: libgphoto2 -- gphoto2 digital camera library owner 711831 ! thanks Hi, I will adopt the package, be co-maintainer and if possible enjoy the team. David, thanks for your time. regards, -- Herbert Parentes Fortes Neto (hpfn) -- To UNSUBSCRIBE, email to debian-bugs-dist-re

Bug#775522: network-online.target reached too early

Reference https://bbs.archlinux.org/viewtopic.php?id=171496 If NetworkManager needs to be up and and start interface(s), services depending on said interfaces (i.e. distccd --listen ) need to depend on a unit such as 'NetworkManager-wait-online.service' (from Fedora NetworkManager-0.9

Bug#775914: unblock (pre-approval): mate-session-manager/1.8.1-7

On Mi 21 Jan 2015 14:41:14 CET, Mike Gabriel wrote: ++ Add 0003_set-XDG_CURRENT-DESKTOP-if-empty.patch. Make sure that I just see that I have a typo here. "_" -> "-". If the unblock request gets approved, I would modify this in debian/patches/* and in debian/changelog. Greets, Mike

Bug#732209: unable to create file '/run/user/1000/dconf/user': Permission denied

> 1. Init system installed on my system is systemd. > root@localhost:~# ps -p1 f > PID TTY STAT TIME COMMAND > 1 ?Ss 0:03 /sbin/init Well, that's a bit weird. On my systemd system, it looks like this. glaubitz@z6:~> ps -p1 f PID TTY STAT TIME COMMAND 1 ?S

Bug#772910: mate-settings-daemon: Massive memory leak

On 01/21/2015 03:03 PM, Vlad Orlov wrote: > Well, looking at the description, I see this is the same bug that has been > found in various situations before [1][2][3]. Just out of curiosity, what init system are you using? Usually, these weird bugs only occur when using something like systemd-shim

Bug#770492: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks

On 01/20/2015 06:17 PM, James Morris wrote: > On Sat, 17 Jan 2015, Ben Hutchings wrote: > >> chown() and write() should clear all privilege attributes on >> a file - setuid, setgid, setcap and any other extended >> privilege attributes. >> >> However, any attributes beyond setuid and setgid are ma

Bug#740811: xdotool seems not to be keyboard layout aware

Hi, I had a similar problem with a french (AZERTY) keyboard. A workaround is to issue a "setxkbmap fr" (for a french keyboard) in an terminal at least once in your X session before you use xdotool. Yours, J. Courant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with

Bug#446015: closed by Jörg Frings-Fürst (Re: sane-utils: scanimage fails with v4l backend and pwc)

Please reopen the bug. - Release 1.0.19~cvs20070730-1 is unsupported -> The bug still exists with sane-utils 1.0.22-7.4 from wheezy (stable). - no answer for more then 12 weeks -> Not true. You specifically asked for testing which I cannot check, and which I did report back to you. This bug is

Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Hi Frank >the most CVEs from that CPU are related to the experimental VMSVGA >implementation. This code is not documented and not announced and >regular users will not use it. Therefore I suggest you to just disable >that code by setting > > VBOX_WITH_VMSVGA= > VBOX_WITH_VMSVGA3D= > >This wil

Bug#775912: [Pkg-sysvinit-devel] Bug#775912: update-rc.d is slow due to useless fadvise call

> With which kernel and arch have you run your tests? The test was conducted on a Debian 6 and Debian 7 machines. Kernel used in Debian 6 was from backports, 3.2.46-1~bpo60+1, in Debian 7 it was 3.2.60-1+deb7u3. Architecture was amd64. > And how did a small read-ahead request ended up taking fi

Bug#775917: splint: memory corruption

Package: splint Version: 3.1.2.dfsg1-2 Usertags: afl splint crashes on the attached file: $ splint crash.c Splint 3.1.2 --- 20 Feb 2009 *** Segmentation Violation *** Error in `splint': malloc(): memory corruption (fast): 0x090dc880 *** Aborted This bug was found using American fuzzy lop: htt

Bug#775918: libhttp-server-simple-perl: Cannot determine client ip-address when using ssl in net_server.

Package: libhttp-server-simple-perl Version: 0.44-1 Severity: normal Dear Maintainer, I use an overriden version of the module Net::Server::Fork as net_server. This module uses the ssl-protocol in combination with IPv4. In the function handle_request it is now not possible to determine the ip-ad

Bug#775919: ITP: python-hpilo -- HP iLO XML interface access from Python

Package: wnpp Severity: wishlist Owner: Sandro Tosi * Package name: python-hpilo Version : 2.11 Upstream Author : Dennis Kaarsemaker * URL : https://github.com/seveas/python-hpilo * License : GPL Programming Lang: Python Description : HP iLO XML interf

Bug#775901:

Before git-style patches, patch could assume that symlinks in the working directory are safe to traverse; it only needed to ensure that pathnames of files it creates weren't absolute and didn't contain '..' pathname components. Patch now creates symlinks. Forbidding absolute symlinks and '.' and '

Bug#775544: nftables: init system stop action shouldn't flush rules

On Tue, 2015-01-20 at 11:47 +0100, Arturo Borrero Gonzalez wrote: > As I said before, the intended behaviour of stopping the firewall > service is firewalling happening no longer in the machine. Well as I've explained before, that should conceptually mean that there is no longer networking at all.

Bug#775920: nftables: migrate ntftables rules loading to netfilter-persistent framework

Package: nftables Severity: wishlist Hi. Well I've already mentioned that in the other bug. IMHO, the nftables package itself shouldn't contain any logic/init-scripts/units for loading/unloading the rules. Debian already has the netfilter-persistent package for that task, which by itself is in

Bug#772910: mate-settings-daemon: Massive memory leak

Hi, > Just out of curiosity, what init system are you using? Usually, these > weird bugs only occur when using something like systemd-shim and any > other of these hacky systemd work arounds. Well, I have one system with systemd-shim + sysvinit-core and a few ones with systemd as init. I can repr

Bug#775888: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Hi Gianfranco, On Wednesday 21 January 2015 14:28:53 Gianfranco Costamagna wrote: > >the most CVEs from that CPU are related to the experimental VMSVGA > >implementation. This code is not documented and not announced and > >regular users will not use it. Therefore I suggest you to just disable > >

Bug#775921: unblock: torbrowser-launcher/0.1.8-1 (pre-approval)

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock x-debbugs-cc: pkg-anonymity-to...@lists.alioth.debian.org Hi, this is a pre-approval unblock request to upload a new upstream verion of torbrowser-launcher to fix a serious and an important

Bug#772910: mate-settings-daemon: Massive memory leak

On 01/21/2015 04:03 PM, Vlad Orlov wrote: > Well, I have one system with systemd-shim + sysvinit-core and a few ones > with systemd as init. I can reproduce the issue (as I described in [1] ) in > all > of them. Ok, I just followed your steps to reproduce on a clean Jessie installation and I coul

Bug#775921: [Pkg-anonymity-tools] Bug#775921: unblock: torbrowser-launcher/0.1.8-1 (pre-approval)

On Mittwoch, 21. Januar 2015, Holger Levsen wrote: > debdiff torbrowser-launcher_0.1.7-1.dsc torbrowser-launcher_0.1.8-1.dsc | > filterdiff -x "*.asc" FYI, I excluded (on purpose) the most meaningful change, the key... sorry, for the noise, I'm in a somewhat noisy and distracting environment

Bug#775921: unblock: torbrowser-launcher/0.1.8-1 (pre-approval)

On Mittwoch, 21. Januar 2015, Holger Levsen wrote: > +torbrowser-launcher (0.1.8-1) unstable; urgency=medium actually, given #775871, I think this should be urgency=high. (I won't change the signed tag for it though, as this part of debian/changelog is currently technically pointless anyway

Bug#775916: unblock (pre-approval): caja/1.8.2-2 (debdiff UPDATE)

Dear release team, On Mi 21 Jan 2015 15:06:21 CET, Mike Gabriel wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please consider unblocking of planned upload of package caja + * debian/patches: -> Upstream helped to trace do

Bug#775888: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Hi Frank, >that code does only exist in VBox 4.3.x, older branches are not affected. wonderful >Attached. wonderful >These patches are against the latest code in the respective branches but >I hope they apply to these old versions. Sorry but it's not possible to >support such old versions, we

  1   2   3   >