Bug#81547: dh_perl should detect dependencies on perl modules

Hello, could you please explain why you marked this bug as wontfix? Because of the nature of perl5 it isn't possible to really know what modules need to be installed to make the application work. But there are good heuristics to do so. Only a small fraction of the perl modules and applications lo

Bug#330895: blender: Arbitrary code execution when importing a .bvh file

.py.diff?r1=1.4&r2=1.5&cvsroot=bf-blender> +in that it doesn't provide the new checks introduced therein; +for reference, this is CVE-2005-3302 - closes: #330895 + + -- Florian Ernst <[EMAIL PROTECTED]> Wed, 2 Nov 2005 13:45:57 +0100 + blender (2.36-1) unstable

Bug#327171: ugly but working!

Hello, i want to give pype a try and what did i see? yeah, it crashed, again and again :D For me pype runs... Here the diff (it just remove the icon thing - but its better to have no icons than have no (working) editor...) so here just the diff.. mfg 403c403 < #EXT_TO_IMG = {'python':1}

Bug#81547: dh_perl should detect dependencies on perl modules

On Mon, Nov 07, 2005 at 03:32:02PM -0500, Joey Hess wrote: > Florian Ragwitz wrote: > > could you please explain why you marked this bug as wontfix? > > Because debhelper is not the place to put complex dependency analysis > code like you describe, especially since that would m

Bug#286191: New upstream release packaged

A. Get it from here (arm / amd64 / m68k missing): <http://people.debian.org/~florian/uae/> Only the i386 version was tested and found to be running fine, all packages built from the same source... Please use them at your own risk. HTH, Flo signature.asc Description: Digital signature

Bug#338077: KJV Bible - Crown Copyright in UK

* Lionel Elie Mamane: > Please investigate this before uploading to Debian. Or alternatively, depend on the bible-kjv-text package, which already is in main. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#329583: libmailtools-perl: New upstream release

tags 247009 patch tags 316160 patch tags 304155 patch tags 329583 patch thanks [EMAIL PROTECTED] BCC'd On Thu, 22 Sep 2005 09:21:38 +0200, Florian Ragwitz wrote: > 1.67 is on CPAN. Please update your package. The upstream changelog reads: | version 1.67: Thu Mar 31 12:05:31 C

Bug#329604: libnet-ip-perl: New upstream release

tags 329604 patch thanks [EMAIL PROTECTED] BCC'd On Thu, 22 Sep 2005 10:12:45 +0200, Florian Ragwitz wrote: > 1.23 is on CPAN. Please update your package. The upstream changelog reads: | 1.24 Tue Oct 18 12:00:00 2005 |- Thanks to Frederic Schutz

Bug#338211: libcurses-perl: new upstream release available

+++ libcurses-perl-1.13/debian/changelog @@ -1,3 +1,11 @@ +libcurses-perl (1.13-0.1) unstable; urgency=low + + * Non-maintainer upload + * New upstream release (Closes: #XX) ++ triggers a rebuild (Closes: #324819) + + -- Florian Ernst <[EMAIL PROTECTED]> Tue, 8 Nov 2005 21:09:39

Bug#338217: libhtml-lint-perl: New upstream release

Package: libhtml-lint-perl Severity: wishlist Tags: patch There is a new upstream release available. The changelog reads: | 2.02Thu Nov 3 11:49:18 CST 2005 | [ENHANCEMENTS] | * The warnings for missing ALT and HEIGHT/WIDTH on your images | now give the SRC attribute.

Bug#329604: libnet-ip-perl: New upstream release

On Tue, Nov 08, 2005 at 10:31:03PM +0100, Frederic Schutz wrote: > The updated version of the package has been ready for a while -- I see. Unfortunately this wasn't what I gathered from seeing a bugreport without any public maintainer reaction. Putting a small note would have saved me a few minute

Bug#338280: Version 0.40 available.

Package: libetpan3 Version: 0.39.1-1 Severity: wishlist Good morning! There is version 0.40 available at http://libetpan.sourceforge.net/ . I'd love to see this in Debian and would be thankful to hear any information about when this is anticipated. Thanks Florian -- System Inform

Bug#329370: These bugs are fixed upstream

#265745: pciutils: lspci uses wrong header type for PCI-X cap # 2.2.0 is identical to what the patch proposes, thus tags 265745 fixed-upstream #292324: Patch to build pciutils on Debian GNU/kFreeBSD # 2.2.0 looks slightly different, but still similar enough, thus tags 292324 fixed-upstream #313100:

Bug#333958: Patch for #333958, Intent to NMU

On Wed, Nov 09, 2005 at 05:05:17PM +0100, Wouter van Heyst wrote: > In the past Masayuki has mentioned lack of time, if that is still the > case, I'm willing to take over (or become part of a team), as I'm now > much more able to do so. I'm still not a DD yet though. FWIW, as I'm quite interested

Bug#338344: libpci1: not needed anymore?

Package: libpci1 Severity: wishlist Apparently no package depends or build-depends on libpci1, so in the spirit of your changelog entry for libpci1_1:2.1.11-10 |* libpci1 package, separated from pciutils. This is just here for | compatibility reasons. This package may be removed in the fu

Bug#281250: new version 1.06 available

retitle 281250 new version 1.07 available tags 281250 patch thanks [EMAIL PROTECTED] BCC'd On Sun, 14 Nov 2004 19:41:46 +0100, Matthias Klose wrote: > new version 1.06 available Now there is already 1.07 available, the changelog reads as follows: | 2005-10-24 Gisle Aas <[EMAIL PROTECTED]> | |

Bug#307299: TWiki.cfg

Could you show us your TWiki.cfg file, please? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#336719: Can you reproduce this on 4.5.3-4?

* Hilko Bengen: > db_query uses sprintf to replace placeholder expressions if passed > more than one argument and it seems to me that using %s does the same > thing as PHP's string expansion as in 4.5.3. What about SQL injection? Doesn't db_query protect against it, while PHP's string expansion

Bug#274924: nm256 - system freeze on recording

rks fine - only that the ALSA modules will freeze the system on 4 of 5 boot-ups... (There's a strange message "null symbol found" twice after successfully loading snd_nm256 / nm256_audio in /var/log/boot - and they appear on screen together with a crack in the speakers..??) F

Bug#336719: Can you reproduce this on 4.5.3-4?

* Hilko Bengen: > Do you have any idea how the $key parameter to sess_destroy > (includes/session.inc) is generated? It seems as if drupal uses the value generated by PHP, which would mean that it's not exploitable for SQL injection, but I'm not sure. -- To UNSUBSCRIBE, email to [EMAIL PROTECT

Bug#335476: nscd: Caches old IP-address

* Dave Love: > Yes, please turn off the default persistent caching of hosts (at > least). I think this should also be done upstream. It can lead to > lockout of logins in an obscure fashion -- at least it did on Fedora > systems running what appears to be the same version of nscd with the > same

Bug#332232: RFA: phalanx -- Chess playing program

On Wed, 05 Oct 2005 11:12:20 +0200, Milan Zamazal wrote: > I use this package only rarely and lack time to maintain it carefully, > so I'm offering it for adoption. As the new maintainer of xboard I'd love to also take phalanx. If you don't mind I'll start working on an update this Sunday. Were t

Bug#338678: ITP: italc -- teaching tool

On Sat, Nov 12, 2005 at 01:30:38AM +0100, Steffen Joeris wrote: > Package: wnpp > Severity: wishlist > Owner: Steffen Joeris <[EMAIL PROTECTED]> > > * Package name: italc > Version : 0.9.6.2 > Upstream Author : Tobias Doerffel <[EMAIL PROTECTED]> > * URL : http://italc.

Bug#338877: ITP: libquantum -- C library for the simulation of a quantum computer

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libquantum Version : 0.2.4 Upstream Author : Copyright 2003-2005 Bjoern Butscher, Hendrik Weimer * URL : http://www.enyo.de/libquantum/news.html * License

Bug#334430: [Pkg-db-devel] hangs on corrupted db file

* Adrian von Bidder: > It's a case of db4.3 apparently hanging on corrupted database files, despite > DB_RECOVER being used on open. Is this a known bug? Unfortunately, the > bug report doesn't (yet) state what db version and if the bug is > reproducable. postgrey seems to use proper locking

Bug#332232: RFA: phalanx -- Chess playing program

On Sun, Nov 13, 2005 at 09:36:03AM +0100, Milan Zamazal wrote: > >>>>> "FE" == Florian Ernst <[EMAIL PROTECTED]> writes: > > FE> As the new maintainer of xboard I'd love to also take phalanx. > > It's yours, thanks! Not at a

Bug#339108: units: new upstream release available (1.85, 20-May-2005)

Package: units Severity: wishlist A new upstream release is available, please update your package when you think it is due time. Cheers, Flo signature.asc Description: Digital signature

Bug#338934: parrot - FTBFS on s390: Segmentation fault

Hello, I'm aware of the unportability of parrot and working on it. Unfortunately I don't have a s390 machine where I can log into currently. Could you please provide a backtrace of this segfault? TIA, Flo -- BOFH excuse #394: Jupiter is aligned with Mars. signature.asc Description: Digital s

Bug#344615: missinglib: ftbfs [sparc] *** [test] Bus error

* Sven Luther: > i guess sparc-*-* should be changed by sparc*-*-*, and we can then > close this bug. But why does the host triplet not match sparc*-*-*? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#346070: linux-image-2.6.15-1-k7: USB sound card stopped working after update to 2.6.15

plaining. Still there is no sound :-( . (the sound card uses software volume control, so it shouldn't be the usual mixer problem?) I saw changes in the changelog concerning USB audio, still I don't know how to make it work again. Regards, Florian -- System Information: Debian Release

Bug#346073: double free bug when closing externally modified mailbox

Package: mutt Version: 1.5.11-4 When a quit mutt after the mailbox has been externally modified (and all messages in it have been deleted), mutt crashes with a GNU libc error message: -*-Mutt: ~/Mail/INCOMING/mail.misc [Msgs:1]---(threads/date)(all)--- Writing messages... 0 (0%)*** gl

Bug#345238: Shell command injection in delegate code (via file names)

* Daniel Kobras: > tag 345238 + patch > thanks > > On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote: >> With some user interaction, this is exploitable through Gnus and >> Thunderbird. I think this warrants increasing the severity to >> "grav

Bug#329583: libmailtools-perl: New upstream release

[ ...sent to an alternative mail address as the debian.org address might be malfunctioning... ] On Thu, Jan 05, 2006 at 03:12:26PM +0100, Jonas Genannt wrote: > please note a new upstream version is available! > > http://search.cpan.org/~markov/MailTools-1.71/ > > > The 1.68 version close the b

Bug#346179: debsecan: doesn't seem to correctly grok ~ in version number

* Marc Haber: > debsecan complains > "invalid version 1.2.9-1~zg1 of package $PACKAGE" > > The version is, however, correct. This should be fixed. How? Is there an official description of the ~ semantics? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?

Bug#346197: [CVE-2005-4560] Wine is vulnerable to SetAbortProc WMF bug

Package: wine Version: 0.9-1 Severity: grave Tags: security H D Moore mentioned that Wine contains vulnerable code similar to Microsoft Windows: The fix seems to be to remove that case label. -- To UNSUBSCRIBE, email

Bug#346179: debsecan: doesn't seem to correctly grok ~ in version number

* Marc Haber: > On Fri, Jan 06, 2006 at 10:55:28AM +0100, Florian Weimer wrote: >> * Marc Haber: >> > debsecan complains >> > "invalid version 1.2.9-1~zg1 of package $PACKAGE" >> > >> > The version is, however, correct. This should be fixe

Bug#346209: [Pkg-db-devel] Bug#346209: Time to remove db2 entirely?

* Nathanael Nerode: > There are no packages in etch which depend on any of the db2 packages. > > In unstable, there are only htdig, qtstalker, and libdb2-ruby. qtstalker > is being converted to libdb4 upstream, and libdb2-ruby isn't actually used > by anything else. htdig appears to be unmaintai

Bug#345604: ConTeXt documentation is non-free

* Ralf Stubner: >> | All rights reserved. No part of this publication may be reproduced, >> | stored in a retrieval system, or transmitted in any form or by any >> | means, electronic, mechanical, photocopying, recording or otherwise, >> | without prior written permission of the publisher. > > (fr

Bug#346335: lintian: Please add parrot to the interpreter list

Package: lintian Version: 1.23.14 Severity: wishlist Hello, please add /usr/bin/parrot, contained by the parrot package, to the list of valid interpreters. Currently only libparrot-dev contains a parrot script inside $PATH, but surely there will be more in future as, for example, parrot will be t

Bug#346343: Bug in texinfo.postinst

Package: texinfo Version: 4.8-3 Severity: grave Justification: renders package unusable Line 56 of /var/lib/dpkg/info/texinfo.postinstall contains the mistyped function call "update_ls_files;" which crashes the package installation process and makes the package uninstallable. I believe this shoul

Bug#346354: distribution of this package is likely a GPL violation

Package: max-db Version: 7.5.00.19-1 Severity: serious The HTML documentation has apparently been generated by a tool called "SAP Html Export": This means that these HTML documents are not "the preferred form of the work for making modifications", and do not qualify as source code under the GPL

Bug#346328: packages.debian.org: packages.d.o is down message.

* Gustavo Franco: > I think we can inform about PTS and remove Google direct reference as in > the following message: The PTS seems to have stopped updating, too. 8-( -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#343330: Confirmed, small note

Florian -- Florian Hinzmann private: [EMAIL PROTECTED] Debian: [EMAIL PROTECTED] PGP Key / ID: 1024D/B4071A65 Fingerprint : F9AB 00C1 3E3A 8125 DD3F DF1C DF79 A374 B407 1A65 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

Bug#346179: debsecan: doesn't seem to correctly grok ~ in version number

* Marc Haber: >> What happens if there are multiple ~? > > They are processed in order. > > dpkg --compare-versions handles ~ correctly. And APT? Does it behave differently? (There are differences between the two in the area of epoch handling.) I'm going to add something like the following:

Bug#346434: bristol doesn't start, startBristol -libtest segfaults

ly. If I start aconectgui while this process is around, aconnectgui segfaults. If aconnectgui is running when I startBristol -seq, no spurious bristolengine stays behind. Yours, Florian -- System Information: Debian Release: 3.1 Architecture: amd64 (x86_64) Kernel: Linux 2.6.12.4 Locale: [EMAIL PRO

Bug#346448: rosegarden does nothing but segfault

Of course, that is just an accident until the other XtVa... calls are fixed, but I will not do that at 3 in the morning. Oh, and there is a build-dependecy on xaw3dg-dev missing. Yours, Florian Hars. -- System Information: Debian Release: 3.1 Architecture: amd64 (x86_64) Kernel: Linux 2.6.12.4 Loca

Bug#346555: Blender 2.4 and other packages

retitle 346555 python bindings for blender thanks [EMAIL PROTECTED] BCC'd Hello Suman, thanks for your interest in this package. On Mon, Jan 09, 2006 at 02:03:21AM +0530, Suman wrote: > Can you please upgrade the blender package to 2.4. Please note that there were already two bugs filed asking

Bug#344450: ITA: fbgrab -- Framebuffer grabber

Hello Luca, are you still interested in this? On Tue, Dec 27, 2005 at 11:49:02AM +0100, Luca Bruno wrote: > I'd like to adopt fbgrab. > A new revision that I've just made is available at debian-mentors: > http://mentors.debian.net/debian/pool/main/f/fbgrab/ > > As I'm not (yet) a DD, I need a sp

Bug#346572: [mipsel] Depends on ocaml-nox-3.08.3 which cannot be installed.

>> > The following packages have unmet dependencies: >> > ocaml: Depends: ocaml-nox-3.08.3 >> > E: Broken packages > > I get this from my mirror regularly. It occurs because the > package index is downloaded first .. but the packages come later. No, this has to be something else, I'm afaraid.

Bug#346572: [mipsel] Depends on ocaml-nox-3.08.3 which cannot be installed.

* Paul Richards: > Attempting to install 'ocaml' on current debian stable fails due to > broken packages. > The following packages have unmet dependencies: > ocaml: Depends: ocaml-nox-3.08.3 > E: Broken packages What does "apt-get install ocaml-nox" print, or "apt-get install ocaml-nox-3.08

Bug#347221: smstools: Format string attack in logging code

* Steve Kemp: > A DSA has just been released for smstools due to an insecure > usage of syslog in the logging code. Please mention the CVE name CVE-2006-0083 in the changelog when fixing this bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contac

Bug#286191: Any plans regarding your packages?

Hello Stephan, for some reason you might have missed my previous mails, yet still it appears to me you aren't actually maintaining your Debian packages as listed on anymore. However, as bug#343318 indicates you seem to be well and around, so I wonder what

Bug#288386: Any plans regarding your packages?

Hello Philipp, for some reason you might have missed my previous mails, yet still it appears to me you aren't actually maintaining your Debian packages as listed on anymore. However, as bug#338294 indicates you seem to be well and around, so I wonder what

Bug#300807: Any plans regarding your packages?

Hello Ross, for some reason you might have missed my previous mails, yet still it appears to me you aren't actually maintaining your Debian packages as listed on anymore. However, as bug#313634 indicates you seem to be well and around, so I wonder what you

Bug#293196: Any plans regarding your packages?

Hello Shiju, for some reason you might have missed any previous mails, yet still it appears to me you aren't actually maintaining your Debian packages as listed on anymore. So I wonder what your plans regarding these packages are? Could you please enlighte

Bug#345604: ConTeXt documentation is non-free

* Frank Küster: > Florian, are you on a general search for non-free docs, and looking at > more files in tetex-doc? Then please also send a Debbugs-Cc to > [EMAIL PROTECTED] ("Woeful copyright file"). I'm aware of that bug report, but think of it as a separate matter

Bug#345604: ConTeXt documentation is non-free

* Frank Küster: > #218195 is about the woeful copyright file, not the woeful copyright of > a particular file... What we really need to do is to sort out which > parts of teTeX are under which license, and document that clearly (and > remove if necessary), and to that end collecting information a

Bug#335745: Plans regarding new upstream release?

Hello Justin, just curious: did you already package the new upstream release and I have simply missed your pointer, or are there some issues that still need to be resolved? Cheers, Flo signature.asc Description: Digital signature

Bug#347756: [EMAIL PROTECTED]: Mail delivery failed: returning message to sender]

Mail-Followup-To: debian-user-german@lists.debian.org References: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2D20dG0OqTzqkNh7" Content-Disposition: inline In-Reply-To: <[EMAI

Bug#347917: ocaml-mode on emacs-snapshot

Package: ocaml-mode Version: 3.09.1-1 Please enable ocaml-mode for emacs-snapshot (two edits are required in the install/ocaml-mode file). Basically functionality works, so there does not seem to be any reason to disable it. (Please consider enabling font-lock support by default, too.) -- To

Bug#347994: bmon: new upstream release available (2.1.0, 2005-04-05)

Package: bmon Version: 2.0.1-3 Severity: wishlist Hello Reto, as of 2005-04-05 there is a new upstream release 2.1.0 available, the changelog reads as follows: | Summary of changes from 2.1.0-pre7 to 2.1.0 | | Thomas Graf <[EMAIL PROTECTED]> | o

Bug#324590: now has other test problems

On Fri, Jan 13, 2006 at 09:36:40PM -0800, Blars Blarson wrote: > Looking into this for a potiential NMU, I found adding netbase was not > sufficient. It appears that this package is not compatable with the > current perl in unstable. Yes. I'm already aware of that. It's caused by either openssl o

Bug#264717: Status of CAN-2003-0693, CAN-2003-0682, CAN-2003-0695

Hi, would you please answer Joey's question if these security fixes have been applied in the ssh-krb5 package? Thanks, Florian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#344566: sysutils: /usr/bin/memtest also found in package memtester

tags 344566 pending thanks [EMAIL PROTECTED] BCC'd Yes, I know about this conflict, please see bug#339481. Unfortunately I noticed this reduplication of effort rather late, and furthermore right now I have locked myself out from my working machine (again) being away from home over the holi

Bug#324254: [Pkg-db-devel] Bug#324254: db4.3: Add NPTL versions of DSOs

* Clint Adams: >> But you wouldn't object to a patch in principle, right? > > Nope. There seems to be a problem: The on-disk lock region format changes. This means that it's not worth the trouble, I guess. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?

Bug#344948: libtorrent: New upstream release

Package: libtorrent Severity: wishlist Hello, libtorrent 0.9.1 is available on sourceforge. Please update your package. TIA, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell:

Bug#344950: mozilla-firefox-webdeveloper: update lib-dir (ff trans)

Package: mozilla-firefox-webdeveloper Version: 0.9.4-1 Severity: grave i think the files have to move to: /usr/lib/firefox (from /usr/lib/mozilla-firefox) otherwise the plugin is not usable florian ludwig -- System Information: Debian Release: testing/unstable APT prefers unstable APT

Bug#344976: syntax error on /var/lib/dpkg/info/debsecan.config

tags 344976 confirmed pending thanks * Nelson A. de Oliveira: > Today while upgrading debsecan to version 0.3.2, I saw this error: > > Setting up debsecan (0.3.2) ... > /var/lib/dpkg/info/debsecan.config: 30: arith: syntax error: "STATE + 1" > dpkg: error processing debsecan (--configure): > sub

Bug#344996: debsecan: ugly emails every hour

* Zlatko Calusic: > Package: debsecan > Version: 0.3.2 > Severity: normal > > I'm getting emails like this every hour: > > Traceback (most recent call last): > File "/usr/bin/debsecan", line 875, in ? > rate_system(target, options, fetch_data(options), history) > File "/usr/bin/debsecan",

Bug#345003: ITP: libfuse-perl -- Write filesystems in Perl using FUSE

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libfuse-perl Version : 0.6 Upstream Author : Mark Glines <[EMAIL PROTECTED]> * URL : http://search.cpan.org/~dpavlin/Fuse/ Description : Write filesystems i

Bug#344996: debsecan: ugly emails every hour

tag 344996 confirmed thanks * Zlatko Calusic: >> This means that your /var/lib/dpkg/status file contains some invalid >> data. I'll investigate it if you can send mee a compressed copy. > > Interesting, I'll send you a copy off-list to help you debug it, sure. The culprit is: Package: nerolinu

Bug#344948: libtorrent: New upstream release

On Wed, Dec 28, 2005 at 12:43:56PM +, Qingning Huo wrote: > On Tue, Dec 27, 2005 at 09:42:08PM +0100, Florian Ragwitz wrote: > > Package: libtorrent > > Severity: wishlist > > > > Hello, > > > > libtorrent 0.9.1 is available on sourceforge. Please up

Bug#345019: DB_REGISTER problem

Package: libdb4.4 Version: 4.4.16-3 Tags: upstream patch The patch below (from Keith Bostic/Sleepycat, posted to the comp.databases.berkeley-db newsgroup) fixes a problem with DB_REGISTER support. I'm not yet sure if this fixes my problem mentioned on the pkg-db mailiung list, but I hope so. ---

Bug#345197: ca-certificates: Enhances old libssl0.9.7

Package: ca-certificates Version: 20050804 Severity: minor Hello, ca-certificates control file contains this line: Enhances: libssl0.9.7, openssl libssl0.9.7 is an old version of libssl that's being replaced by libssl0.9.8. Please update the enhances field. TIA, Flo -- System Information: Deb

Bug#345238: Shell command injection in delegate code (via file names)

Package: imagemagick Version: 6.2.4.5-0.3 Tags: security The delegate code in Imagemagick is vulnerable to shell command injection, using specially crafted file names: $ cp /usr/lib/openoffice/share/template/en-US/wizard/bitmap/germany.wmf \ '" ; echo "Hi!" >&2; : "'.gif $ display '" ; echo "Hi

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: > [EMAIL PROTECTED]:~# debsecan --only-fixed --suite sarge > CVE-2005-0034 libdns11 (fixed, remotely exploitable, obsolete) "obsolete" means that a package of that name is no longer available from the archive. The

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: > ii proftpd 1.2.10-15sarge1.0.1 Versatile, virtual-hosting FTP daemon Ah, this version has been binary-NMUed, and I didn't think about that. I think I've fixed the server-side data generation (it's r3179 in the secure-testing repository, for future reference). No client-side

Bug#345238: Shell command injection in delegate code (via file names)

severity 345238 grave thanks With some user interaction, this is exploitable through Gnus and Thunderbird. I think this warrants increasing the severity to "grave". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#345469: DOS/hang

tag 345469 -security merge 340283 345469 thanks * Joey Hess: > This web page, which was originally developed as a proof of concept for > a different security hole in MSIE, makes firefox spin, consuming cpu and > being completly unresponsive to user input until killed. > > http://www.computerterro

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: >> This sounds like an interesting application. If you find the output >> format too difficult to parse, I can add yet another one to >> accommodate your needs. > > The most important thing is the return code. After a quick overview, > it seems that debsecan is inconditionnally

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: > On top of that, libcurl3 is not listed as obsolete and is not fixed > nor vulnerable : > > web8:~# debsecan --only-fixed --suite sarge | grep -v obsolete > CVE-2005-4077 libcurl3 (fixed, medium urgency) > web8:~# apt-get install libcurl3 > libcurl3 is already the newest version

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: > By the way, I have those very old packages installed on a machine that > are not reported by debsecan and I guess they have many security > issues: > > kernel-image-2.4.24-1-686 install > kernel-image-2.4.25-1-686-smp install > kernel-ima

Bug#345158: debsecan: proftpd is reported to be remotely exploitable on sarge but it's not

* Cyril Bouthors: > On 30 Dec 2005, Florian Weimer wrote: > >> "obsolete" means that a package of that name is no longer available >> from the archive. > > I think it shouldn't appear with --only-fixed because obsolete > packages are not fixed. What do y

Bug#345256: debsecan: /etc/cron.d/debsecan should be owned by the package

* Cyril Bouthors: > /etc/cron.d/debsecan should be owned by the package > > [EMAIL PROTECTED]:~$ dpkg -S /etc/cron.d/debsecan > dpkg: /etc/cron.d/debsecan not found. > > Please add it to debian/conffiles. As far as I understand Policy, the current approach is explicitly permitted. Why do you wan

Bug#345604: ConTeXt documentation is non-free

Package: tetex-doc Version: 3.0-11 Severity: serious The license is clearly non-free: | All rights reserved. No part of this publication may be reproduced, | stored in a retrieval system, or transmitted in any form or by any | means, electronic, mechanical, photocopying, recording or otherwise, |

Bug#345238: Shell command injection in delegate code (via file names)

retitle 345238 [CVE-2005-4601] Shell command injection in delegate code (via file names) thanks This issue has been assigned CVE-2005-4601. Please mention this identifier in the changelog when fixing this bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Tro

Bug#345968: initscripts: should depend on sufficient version of mount package

dency on a sufficiently recent version of the mount package. (at least version 2.11x-1) Thanks, Florian -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i

Bug#274924: nm256 - system freeze on recording

Hi David, On Mon, Jan 02, 2006 at 09:19:45PM +0100, David Schmitt wrote: > Hi Florian! > > Can you reproduce the problem with a current kernel (testing: 2.6.12, > unstable: 2.6.14)? well, things have changed a little bit, but just a bit... using either kernel, I now get an error

Bug#335931: chmlib exploitable buffer overflow

Package: chmlib Version: 0.36-3 Severity: grave Tags: security Advisory: chmlib exploitable buffer overflow Product: chmlib Affected Version: <=0.36 Immune Version: >0.36 OS: Tested on linux 2.4 probably other OS affected as well Date: 26.10.2005 Author:

Bug#335817: [EMAIL PROTECTED]: Bug#335817: wordpress: SECURITY : Contains an insecure version of class.snoopy]

* Kai Hendry: > On 2005-10-26T00:40-0700 Matt Mullenweg wrote: >> >I need a Wordpress release with the updated "Snoopy version 1.2.1. ASAP. >> Could you confirm this affects WP? We use an older version of Snoopy >> that has been modified, and the only calls to it are hard-coded RSS >> feeds, so

Bug#336002: libhtml-parser-perl: new upstream release available

Package: libhtml-parser-perl Severity: wishlist Dear maintainers, as DEHS seems to run a little slow again I'd like to take the opportunity to manually point you to the most recent upstream release providing the following changes: | 2005-10-24 Gisle Aas <[EMAIL PROTECTED]> | | Release 3.

Bug#336137: Version 6.4-1.1 (4-Sept-2005) does not exist in stable (CAN-2005-152)

retitle 334833 CVE-2005-1527 still not fixed in stable branch retitle 336137 CVE-2005-1527 still not fixed in stable branch severity 334833 grave found 334833 6.4.1 merge 336137 334833 thanks * FX: > Version 6.4-1.1 which fixed CAN-2005-152 on Sept 4, 2005 is still not > available in the stable

Bug#336330: qa.debian.org: adding links to popcon graphs to popcon display page

Package: qa.debian.org Severity: wishlist Tags: patch Dear QA people, I'm wondering whether it's desirable to include links to Ian Lynagh's popcon graphs in the popcon display page, like e.g. adding a link to to

Bug#336342: Clarify permitted epoch values and numeric versions

Package: debian-policy Version: 3.6.2.1 Severity: normal In section 5.6.12, the permitted epoch values are not specified precisely. Large epochs tend to cause problems for some tools, for example dpkg, whose behavior is even architecture-specific. There might be other problems throughout the too

Bug#336387: svk: New upstream release

Package: svk Version: 1.04-1 Severity: wishlist Hello, 1.05 is available on CPAN. Please update your package. TIA, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh li

Bug#72034: html2ps; bad defaults for external programs in xhtml2ps

severity 72034 minor thanks [EMAIL PROTECTED] BCCed On Tue, 19 Sep 2000 17:02:52 +0200, Francesco Potorti` wrote: > The Postscript viewer and the print command default to `ghostview' and > to `lp', which are not good for a Debian system. While I agree that those defaults aren't good I must also s

Bug#72188: html2ps; bad DSC with --toc and a problem with CSS

severity 72188 minor retitle 72188 problem with CSS (margin-left indication is ignored) thanks [EMAIL PROTECTED] BCCed On Tue, 19 Sep 2000 19:15:56 +0200, Francesco Potorti` wrote: > This source illustrates two problems: ghostscript barfs while generating > DSC, and the H5 style indicated in t

Bug#336433: Package diff support

.0 +0100 +++ new-apt-proxy-1.9.32/debian/changelog 2005-10-30 11:04:52.0 +0100 @@ -1,3 +1,10 @@ +apt-proxy (1.9.32.1) unstable; urgency=low + + * Non-maintainer upload + * Map type of "Index" and "Translation-*" files to text/plain. + + -- Florian Wei

Bug#336436: html2ps: A NAME match brokes url that have any option ended with name= (i.e. phpwiki generates options pagename=, postnuke generates optiones modname=)

Package: html2ps Version: 1.0b4-3 Severity: normal Hello there Andres, I just X-Debbugs-Cc you in order to inform you that I have reopen your bugreport #222640 again as the patch provided had to be backed out due to it causing bad side effects (#320913 and #335701). Unfortunately I couldn't direc

Bug#336460: html2ps: "restore" command and Lexmark Optra E310

Package: html2ps Version: 1.0b4-2 Severity: minor - Forwarded message from John Plate <[EMAIL PROTECTED]> - But I've seen another small problem: The postscript output has a "restore" command at the very end of the file. My Lexmark Optra E310 prints the file without problems but goes in er

<    1   2   3   4   5   6   7   8   9   10   >