Bug#318946: Bad press again...

* Paul Gear: > The maintainer is not the problem. Lorenzo has prepared 2.2.3-2 for > sarge [1] and has tested the before and after situations and found that > the bug is fixed. The problem is no response from Martin Schulze. > > [1] http://idea.sec.dico.unimi.it/~lorenzo/tmp/ This information s

Bug#324891: openssh-client. strange lines in known_host

* Greg Norris: > This is a documented feature. It's controlled by the HashKnownHosts > option, which is set by default in /etc/ssh/ssh_config. It looks like > the manpage needs to be updated, however, as it incorrectly states that > the parameter defaults to "no" (which is the upstream defaul

Bug#270073: grub-splashimages: breaks on systems where /boot is a separate partition

The splashimages don't have to be in your /boot/boot/grub/ directory. They can exist in any partition that has the same filesystem than the boot partition. You have to spacify the right partition in the configfile. It looks like this: splashimage=(hd0,0)/boot/grub/splashimages/debsplash.xpm.gz hda0

Bug#317979: New xmlrpc-c upstream version available

Hello Chris, it would really be nice if you could update xmlrpc-c to version 1.03.03. It features some really important changes and I need the latest version for some projects I'm working on. Maybe you lack some time at the moment? If yes I could offer you to be your Co-Maintainer and update it.

Bug#318946: User expectations and shorewall

As far as I understand it, from the perspective of the security team, it is not clear if the upstream change breaks existing user configurations. Users might rely on the current behavior and use it to deliberately weaken the filter policy. This is a reasonable question because the existing docume

Bug#318946: User expectations and shorewall

* Martin Schulze: > So a summary would be to leave the package as it is in sarge, right? Based on the facts, I reach the opposite conclusion. The upstream changes should be merged. However, since easy workarounds are possible, we might get away without code changes, if issuing the update Lorenz

Bug#318946: User expectations and shorewall

* Martin Schulze: > What was the behaviour pre-sarge? > What is the behaviour post-sarge (or rather in sarge)? Do you mean "before and after the upstream security update"? The terms pre-sarge/post-sarge do not make much sense to me in this context, I'm afraid. > What do you think is the vulnera

Bug#324609: Downloads work again

Have updated to *-srage3. Downloads are working. (Closes: #324609) should be included into the changelog to close this bugreport. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#318946: User expectations and shorewall

* Martin Schulze: >> > What was the behaviour pre-sarge? >> > What is the behaviour post-sarge (or rather in sarge)? >> >> Do you mean "before and after the upstream security update"? The >> terms pre-sarge/post-sarge do not make much sense to me in this >> context, I'm afraid. > > Ok, so when d

Bug#323139: Do we still need libc5?

* Jeroen van Wolffelaar: > Fact is though that libc6 has been in Debian stable for over 7 > years, since hamm was releaed mid-1998, This suggests that we should give it three more years or something like that. However, if the packages aren't covered by security support anyway, it probably doesn'

Bug#325359: cogito: version 0.13 is available, please update package

* Sebastian Kuzminsky: > Thanks for your bug report. The latest cogito ships without git, and > thus requires git from the git-core package. I'm working on getting > git-core into Debian, but a naming conflict with GNU Interactive Tools > is slowing things down. Do you need any moral support?

Bug#320541: unsafe temp file creation (CAN-2004-2265)

* Frank Lichtenheld: > I mean, after closing fd _and_ unlinking the temporary file it is > completly gone and the race is open again, isn't it? Wouldn't be > the right fix to return the fd from the function and not bother > about the filename at all? In the interest of a minimal change, it might

Bug#320541: unsafe temp file creation (CAN-2004-2265)

* Frank Lichtenheld: > On Sat, Sep 03, 2005 at 11:53:52PM +0200, Florian Weimer wrote: >> * Frank Lichtenheld: >> >> > I mean, after closing fd _and_ unlinking the temporary file it is >> > completly gone and the race is open again, isn't it? Wouldn't

Bug#326648: libsqlite3-0: database handles can't be shared among threads any more

* Florian Weimer: > * Adeodato Simó: > >> Also, I have no idea what's the case for Debian: "On some versions of >> Linux, a thread is not able to override locks created by a different >> thread in the same process." Does this depend on the ker

Bug#326648: libsqlite3-0: database handles can't be shared among threads any more

* Adeodato Simó: > Also, I have no idea what's the case for Debian: "On some versions of > Linux, a thread is not able to override locks created by a different > thread in the same process." Does this depend on the kernel, on libc, > or on something else? This is probably the same problem

Bug#313106: openvpn: fixed the unaligned access problems

* Stuart Rowan: > Okay to get rid of the unaligned access issues, I built the package with > debugging enabled etc. and traced the unaligned access to the line in > the patch below. > > The below patch made the unaliagned accesses disappear for me. Sorry, the patch is almost certainly wrong; it d

Bug#326768: ITP: libscriptalicious-perl -- Make scripts more delicious to SysAdmins

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libscriptalicious-perl Version : 1.10 * License : Perl (GPL/Artistic) Description : Make scripts more delicious to SysAdmins This module helps you write scripts that c

Bug#326768: ITP: libscriptalicious-perl -- Make scripts more delicious to SysAdmins

On Mon, Sep 05, 2005 at 05:50:15PM +0200, Steinar H. Gunderson wrote: > On Mon, Sep 05, 2005 at 05:47:24PM +0200, Florian Ragwitz wrote: > > This module helps you write scripts that conform to best common > > practices, quickly. > > Would it be appropriate to ask how it d

Bug#326786: Processed: Re: Bug#326786: Needs stuff from libdigikam-dev package - should depend on it

severity 326768 wishlist severity 326786 serious thanks Hello Mark, I think you misstyped the bug number. I hope I have corrected everything. -Flo -- BOFH excuse #47: Complete Transient Lockout signature.asc Description: Digital signature

Bug#326807: dh-make-perl: Check errors from the YAML module

Package: dh-make-perl Version: 0.18 Severity: normal dh-make-perl fails for Test::Tap::Model because it's META.yml seems to be damaged. So it dies in line 327 after an YAML error. Regards, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'uns

Bug#321073: cowdancer support

Hello, is there already any progress in making pbuilder use cowdancer? -Flo -- BOFH excuse #80: That's a great computer you have there; have you considered how it would work as a BSD machine? signature.asc Description: Digital signature

Bug#317967: probably fixed in .11 ..

found 317967 1.10.28 tag 317967 security sarge thanks * Joey Hess: > Presumably this bug was fixed in dpkg 1.13.11, which was released well > after the fixed zlib got into the archive. Although I've not actually > checked all the builds to see. This bug is also present in sarge. I think the con

Bug#326832: libc6: valgrind reports use of uninitialized values

reassign 326832 valgrind thanks * Justin Pryzby: > valgrind reports 13 instances of "Conditional jump or move depends on > uninitialised value(s)" using the new libc6 in testing, for a trivial > program which just calls exit(0). This is valgrind-2.4.0-3. This means that the valgrind suppression

Bug#318946: User expectations and shorewall

* Lorenzo Martignoni: > The patch has been tested by me and by Paul Gear but further tests will > be better, so your feedback will be very precious. Apart from the lack of CVE entry in the changelog, the package seems to be fine. Both problems are fixed. There is a surprising reduction of the

Bug#327084: libglib-perl: New upstream release

Package: libglib-perl Version: 1:1.093-1 Severity: wishlist Hello, v1.100 has been released. Please update your package. -Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /b

Bug#302640: Bug still in 1.02

found 302640 1.02-1 thanks This bug still occurs with version 1.02. [EMAIL PROTECTED]:~$ svk depotmap Waiting for editor... New depot map saved. Repository /home/fw/.svk/mlton.org does not exist, create? (y/n)y [EMAIL PROTECTED]:~$ svk mirror svn://mlton.org/mlton /MLTON/mlton Committed revision

Bug#234573: ITP: jhbuild -- An automated build system with dependency resolution

Hello, is there any progress on jhbuild yet? If you lost interest in it I would like to adopt this ITP. Regards, Flo -- BOFH excuse #278: The Dilithium Crystals need to be rotated. signature.asc Description: Digital signature

Bug#322213: libpoe-component-irc-perl: New upstream release

Package: libpoe-component-irc-perl Version: 4.3-2 Severity: wishlist Hello, version 4.66 of POE::Component::IRC is already available on CPAN. Please update your package. TIA, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1,

Bug#279823: ITA: perl-tk -- Perl module providing the Tk graphics library.

> Yes, I still intend to adopt perl-tk. I discovered that the new version of > perl-tk doesn't work in an identical manner to the current perl-tk. Rather > than delay sarge by uploading a package that would require several rebuilds, I > delayed my upload. Now that sarge has been released, I can

Bug#322216: libpoe-perl: New upstream version

Package: libpoe-perl Version: 2:0.29-1 Severity: wishlist Hello, version 0.32 of POE is available on CPAN. Please update your package. TIA, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386

Bug#322230: libcatalyst-perl: minor bug in dispatchers causes forward() to maybe fail

Package: libcatalyst-perl Version: 5.30-1 Followup-For: Bug #322230 Hello, in your special case the object $c->components->{$command} inherits from Class::DBI which is overloaded in the bool context. perldoc says: > The perl builtin bool operator is overloaded so that a Class::DBI > object refer

Bug#322412: libtest-pod-perl: all_pod_files_ok() doesn't recognize pod files as pod files if they don't start with #!/usr/bin/perl

Package: libtest-pod-perl Version: 1.20-2 Severity: normal Hello, Test::Pod::all_pod_files_ok() will only check pod files that start with #!/usr/bin/perl, which is not required to be a valid pod file. Regards, Florian -- System Information: Debian Release: testing/unstable APT prefers

Bug#322410: loudmouth: lm_connection_open_and_block() blocks infinitely if the server counldn't be reached.

Package: loudmouth Severity: important Hello, lm_connection_open_and_block() blocks as long as the connection state is LM_CONNECTION_STATE_OPENING, but this state will never reached if, for example, the server refuses the connection. Therefor this operation will block infinitely. Regards, Flo

Bug#322337: subversion: segmentation fault: access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT

* Jari Aalto: > For some reason subversion suddendly stopped working. It dies on > segmentation fault. Strace reveals lines of: > > access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) > open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) > stat

Bug#322434: ekg2: english translation

Package: ekg2 Version: 20050713+2142-1 Severity: wishlist Hello, only small parts of ekg2 seem to be translated into english. It would be nice to have a complete english translation as a starting point for translations into other languages. TIA, Flo -- System Information: Debian Release: testi

Bug#322440: piuparts: Don't put temp files into $PWD

Package: piuparts Version: 0.7-1 Severity: wishlist Hello, I don't like the creation of temporary files in my home. Please use /tmp or something else or let me at least specify it myself. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable

Bug#322439: piuparts: Let the user specify the base.tgz

Package: piuparts Version: 0.7-1 Severity: wishlist Hello, I'd like to specify the location of the base.tgz if used with the -p option. Regards, Flo -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture:

Bug#322441: piuparts: Parse options and decide what to do before doing anything else

Package: piuparts Version: 0.7-1 Severity: wishlist Hello, I dislike the behaviour that piuparts first unpacks or creates a chroot and then thinks about what to do. This wastes a lot of time if you get some arguments wrong. -- System Information: Debian Release: testing/unstable APT prefers un

Bug#317952: clamav: clamscan should descend into xpi files

* Stephen Gran: > This one time, at band camp, Florian Weimer said: >> xpi files are ZIP archives and can contain malicious code. It makes >> sense to scan them, IMHO. > > Can you try with 0.86.2? It looks like it does here. This seems to be the case indeed, although it&#x

Bug#311567: wmii 2 already released

Hello, > meanwhile I found a sponsor but we decided to wait for the first > upstream bugfix release (wmii-1.1) before uploading wmii to debian. It > is scheduled for June 20. but those who waited for wmii-1 know: Don't > take the proposed release date too serious ;) wmii 1.1 and even 2 are alread

Bug#322477: ejabberd: unpredictable segfaults

Package: ejabberd Version: 0.9.8-1 Severity: important Hello Torsten, I am currently working on perl bindings for libloudmouth, a jabber library written in c. The bindings have a testsuite which make ejabberd segfault quite often. The current source of the binding is available at http://www-user.

Bug#279796: I'm still willing to adopt this package

Hello. Sorry for the delay. I still want to adopt this package. I'll put some work in within the next week. Regards, Flo signature.asc Description: Digital signature

Bug#322699: fprobe-ng: Possible DoS attack due to weak hash function

Package: fprobe-ng Severity: normal Tags: security fprobe-ng uses a weak hash function (based on CRC16). It is likely that it is subject to the usual DoS attacks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#322748: libmon-perl: Please migrate from libconvert-ber-perl to libconvert-asn1-perl

Package: libmon-perl Severity: whishlist Hello, I recently adopted Convert::ASN1 and originally intended to adopt Convert::BER. I noticed that your package is the only one in the archive that uses Convert::BER in some way. Because of this and because of the fact that Convert::ASN1 is able to do e

Bug#322674: 1.33.0 released

* martin f. krafft: > but the ABI might change any day and we might need to put a new > version into 1.33.0-2. Then the SONAME would stay the same and > things would break. Ok, it's an unofficial package, but still. If you want to ship an experimental Boost version, you should consider static lin

Bug#322870: ITP: nfdump

Package: wnpp Version: N/A; reported 2005-08-13 Severity: wishlist * Package name: nfdump Version: 1.3.1 Upstream author: Peter Haag <[EMAIL PROTECTED]> * URL: http://nfdump.sourceforge.net/ * License: BSD Description: capture and analyze NetFlow data The nfdump tools collect and process ne

Bug#322869: fprobe: allocates all available memory

Package: fprobe Version: 0.4-4 Severity: grave Justification: renders package unusable Upon start, fprobe allocates all available memory and is killed by the OOM handler. (This happens with very light network traffic.) -- System Information: Debian Release: testing/unstable APT prefers unstabl

Bug#322872: libnet-ldap-perl: improved version of recursive-ldap-delete.pl

tags 322872 + confirmed pending thanks Hello, This fix will be included with the next upload. Thanks, Flo -- BOFH excuse #298: Not enough interrupts signature.asc Description: Digital signature

Bug#261870: Net::LDAP: on SPARC architecture bind fails: ldap bind failed: I/O Error Resource temporarily unavailable

tags 261870 + moreinfo help thanks Hello, does this bug still occur? If yes: I don't have access to any SPARC machine. Would you please provide me some more information on this issue (example code, debugging output, ...)? Thanks, Flo -- BOFH excuse #217: The MGs ran out of gas. signature.a

Bug#322563: libauthen-sasl-perl: better DIGEST_MD5 support in Authen::SASL

tags 322563 + confirmed fixed-upstream pending thanks Hello, I mailed gbarr about this issue. He said that the next release, which will include the changes of the patch, will be released in the near future. It will make it into Debian with the next upstream release. Regards, Flo -- BOFH excus

Bug#195020: libio-socket-ssl-perl: In listen mode it stops respoding after some time..

tags 195020 + moreinfo help unreproducible thanks Hello, I wasn't able to reproduce this bug with a little netcat like script, even after it was running for more than 24 hours. Do you have any example code for which your bug applies? Please send it to me. Thanks, Flo -- BOFH excuse #5: static

Bug#323240: ITP: viruskiller -- Game about viruses invading your computer

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: viruskiller Version : 1.0-1 Upstream Author : Stephen Sweeney <[EMAIL PROTECTED]> * URL : http://www.parallelrealities.co.uk/virusKiller.php * License

Bug#323245: ITP: libpoe-component-jabber-perl -- A POE Component for communicating over Jabber

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libpoe-component-jabber-perl Version : 1.1 Upstream Author : Nicholas Perez <[EMAIL PROTECTED]> * URL : http://search.cpan.org/~nperez/POE-Component-Jabbe

Bug#323404: pnmtopng segfaults under Kernel 2.6.12.4.

Package: netpbm Version: 10.0-8 After manually upgrading the kernel from 2.4.30 to 2.6.12.4, pnmtopng segfaults when invoked as normal user while working normally when invoked by root. Netpbm ist used with libpng3 1.2.8rel-1 and libpng12-0 1.2.8rel-1. -- To UNSUBSCRIBE, email to [EMA

Bug#320718: loudmouth: lm_connection_send_with_reply_and_block() should check if the connection is open

Package: loudmouth Severity: normal Hi, lm_connection_send_with_reply_and_block() does not check if the connection is open before accessing the connections GSource elements, which results in some Glib warnings and an endless block. Regards, Flo -- System Information: Debian Release: testing/un

Bug#320719: loudmouth: lm_connection_authenticate_and_block() doesn't set the connections state to a proper value

Package: loudmouth Severity: normal Hello, after calling lm_connection_authenticate_and_block() on an opened connection I'm authed with the server but the connections state is still LM_CONNECTION_STATE_OPEN it should be LM_CONNECTION_STATE_AUTHENTICATED. Also during the authentication the state i

Bug#320778: ITP: libtest-tap-htmlmatrix -- Creates colorful matrix of Test::Harness friendly test run results using Test::TAP::Model

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libtest-tap-htmlmatrix Version : 0.0.4 Upstream Author : Gaal Yahas <[EMAIL PROTECTED]> and others * URL : http://search.cpan.org/~gaal/Test-TAP-HTMLMatri

Bug#320775: ITP: libtest-tap-model -- Accessible (queryable, serializable object) result collector for Test::Harness::Straps runs

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name : libtest-tap-model Version : 0.04 Upstream Author : Yuval Kogman <[EMAIL PROTECTED]> and others * URL : http://search.cpan.org/~nuffin/Test-TAP-Mode

Bug#320780: ITP: libpetal-perl -- Perl Template Attribute Language - TAL for Perl

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: libpetal-perl Version : 2.16 Upstream Author : Jean-Michel Hiver, Fergal Daly <[EMAIL PROTECTED]>, and others. * URL : http://search.cpan.org/~bpostle/Peta

Bug#320780: ITP: libpetal-perl -- Perl Template Attribute Language - TAL for Perl

On Mon, Aug 01, 2005 at 01:41:47PM +0100, Stephen Quinney wrote: > On Mon, Aug 01, 2005 at 02:02:09PM +0200, Florian Ragwitz wrote: > > Package: wnpp > > Severity: wishlist > > Owner: Florian Ragwitz <[EMAIL PROTECTED]> > > > > * Package name: lib

Bug#321005: samba: wrong paths in man page of tdbbackup

Package: samba Version: 3.0.14a-6 Severity: normal the manpage of tdbbackup shows many wrong paths which do not apply to the debian installation. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/

Bug#321003: samba doesn't backup the .tdb files

Package: samba Version: 3.0.14a-6 Severity: important Tags: patch Hi, this also applies to the samba of the stable debian distri. samba uses many .tdb files, and there is a nice small tool within the package to dump those files, or check them. but there is no tool to dump them, rotate them ..

Bug#317914: cg-clone on the cogito repository does not work

Package: cogito Version: 0.12.1+20050730-1 When trying to clone the cogito repository over HTTP, I get: $ cg-clone http://www.kernel.org/pub/scm/cogito/cogito.git cogito defaulting to local storage area 09:33:00 URL:http://www.kernel.org/pub/scm/cogito/cogito.git/refs/heads/master [41/41] -> "r

Bug#321003: samba doesn't backup the .tdb files

On Die, 02 Aug 2005, Steve Langasek wrote: > On Tue, Aug 02, 2005 at 09:10:28PM +0200, Florian Reitmeir wrote: > > Package: samba > > Version: 3.0.14a-6 > > Severity: important > > Tags: patch > > > this also applies to the samba of the stable debian distr

Bug#321003: samba doesn't backup the .tdb files

On Mit, 03 Aug 2005, Steve Langasek wrote: > On Wed, Aug 03, 2005 at 12:36:29PM +0200, Florian Reitmeir wrote: > > On Die, 02 Aug 2005, Steve Langasek wrote: > > > On Tue, Aug 02, 2005 at 09:10:28PM +0200, Florian Reitmeir wrote: > > > > Package: samba > > >

Bug#321137: libauthen-sasl-perl: Please set the priority to optional

Package: libauthen-sasl-perl Version: 2.08-2 Severity: minor The policy says: `optional' (In a sense everything that isn't required is optional, but that's not what is meant here.) This is all the software that you might reasonably want to install if you didn't k

Bug#321149: jackd not using /dev/shm as tmpdir

filesystem can be a source of xruns. a shmfs or tmpfs is much better suited. Regards, Florian Schmidt -- Palimm Palimm! http://affenbande.org/~tapas/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#321343: ITA for xboard

retitle 321343 ITA: xboard -- An X Window System Chess Board. thanks It might take a while before I really get to this, but considering the time this package was lying dormant this shouldn't matter that much... Cheers, Flo signature.asc Description: Digital signature

Bug#321301: cogito: FTBFS: Missing build dependency on ssl-dev.

* Kurt Roeckx: > Your package is missing a build dependency on ssl-dev, resulting > in the following error: > cc -g -O2 -Wall '-DSHA1_HEADER="mozilla-sha1/sha1.h"' -c -o epoch.o epoch.c > epoch.c:14:24: error: openssl/bn.h: No such file or directory For licensing reasons, the build dependency

Bug#321301: cogito: FTBFS: Missing build dependency on ssl-dev.

* Sebastian Kuzminsky: > epoch uses openssl for the bignums, not for the SSL. We already got > rid of all the SSL stuff by using the Mozilla SSL implementation. > Getting rid of this last openssl dependency will require significant > changes (reimplementation or feature removal). A patch to repl

Bug#321462: exim4-config: Issue a warning if CFILEMODE allows world-read and config file has any hide options

* Dave E. Martin: > A warning should be issued if the configuration contains sensitive > information and CFILEMODE allows world-read (and some option isn't > suppressing the warning); such as the presence of any exim options > prefixed with "hide", or perhaps even just the presence of lines > such

Bug#404107: [linux-image-2.6.18-3-686] sky2 crashes on boot or resume

Package: linux-image-2.6.18-3-686 Version: 2.6.18-8 Severity: important Hi, on a Fujitsu Siemens LifeBook E8110 the sky2 ethernet driver crashes on bootup about every second try. This also happens on resume or rmmod/modprobe. Here is the output captured via a serial console on a bootup: sky2 e

Bug#404259: konqueror: error when printing: kdeprint_lpd.la not found

Package: konqueror Version: 4:3.5.5a.dfsg.1-3 Severity: normal When tying to print with konqueror, I get the following error message: --- There was an error loading kdeprint_lpd. The diagnostic is: Library files for "kdeprint_lpd.la" not found in paths. --- After I confirm this dialog three time

Bug#404472: CVE-2006-6457 and potential XSS bug

Package: tikiwiki Severity: important Tags: security Could you please investigate if CVE-2006-6457 has been fixed in the Debian package? Thanks. In addition, tiki-wiki_rss.php may suffer from an XSS vulnerability (the affected site claims to run the 1.0 CVS version, though): http://tikiwiki/tik

Bug#405268: Missing dependency, should be rebuilt against new libpcap

Package: tcptrace Version: 6.6.1-1 Severity: grave The binary is linked against libpcap0.7 (at least on amd64), but the package doesn't declare a dependency. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#405431: RFP: Vidalia -- nice QT GUI for TOR

Package: wnpp Severity: wishlist I particularly liked the idea of looking at a network map... * Package name: Vidalia Version : 0.0.10 Upstream Author : Matt Edman <[EMAIL PROTECTED]>, Justin Hipple <[EMAIL PROTECTED]> see http://trac.vidali

Bug#405675: marked as done (smlnj_110.52-1(m68k/unstable/zeus): FTBFS, requires itself to build)

* Debian Bug Tracking System: > The version in experimental, 110.60-1, contains bootstrap images for > ppc, sparc and i386, which will make the dependency on smlnj itself go > away. This is a policy violation. The self-dependency is the correct approach, perhaps with explicitly listing the suppo

Bug#407683: CVE-2007-0317: format string vulnerabilities

Package: filezilla Version: 3.0.0~beta2-2 Tags: security Severity: grave Upstream fixed format string issues in 3.0.0-beta5. Please upgrade to that version (or backport the changes). Don't forget to mention CVE-2007-0317 in the changelog when fixing this bug. Thanks! -- To UNSUBSCRIBE, email

Bug#407921: lxr-cvs: genxref produces MySQL errors when used with --reindexall

ready for MySQL 4.0. Apparently nobody uses --reindexall or doesn't care about the errors. Or is this not reproducible by others than me? The syntax used also produces an identical error when used from the MySQL client shell. Regards, Florian Zschocke -- System Information: Debian Release

Bug#407985: pwman3: history file shows entered passwords in plaintext

Package: pwman3 Version: 0.0.5-1 Severity: important The .pwman/history file shows the newly entered passwords in plaintext. I think as a secure password manager it should not do this. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable') Architectur

Bug#186457: xserver-xfree86: [vesa] -weight option doesn't work at depth 16

I guess you can close it... if i remember correctly it was fixed quite some time ago. Greetings Florian -- The dream of yesterday Florian Boor is the hope of today Tel: 0271-7411487 and the reality of tomorrow. [EMAIL PROTECTED] [Robe

Bug#408237: debsecan: should not fail to configure if cron is not installed

* Lucas Nussbaum: > I would suggest: > - either check if /etc/cron.d exists in postinst, and display an > appropriate message. > - or depends on cron. Or add the /etc/cron.d directory to the package (like it would be the case if there were a static cron file). Hmm. Have you tested if the pack

Bug#408439: ITP: blobby -- volleyball game with blobs

Package: wnpp Severity: wishlist Owner: Florian Ragwitz <[EMAIL PROTECTED]> * Package name: blobby Version : 0.6a Upstream Author : Jonathan Sieber and others * URL : http://blobby.redio.de/content/de/index.php * License : GPL Programming Lang: C, C+

Bug#403011: typo3-site-installer: please update manpage

Package: typo3-site-installer Version: 0.94+debian-1 Severity: wishlist '/usr/sbin/typo3-site-installer -h' lists 10 different options. Its manpage documents just 3 of these. It would be nice if the manpage was updated. Florian -- System Information: Debian Release: 4.0 APT prefer

Bug#403014: typo3-site-installer: error without 'latest' link

rror unless the link is created manually (or perhaps some option is used?) Florian -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (700, 'unstable'), (650, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Lin

Bug#403025: [intl:fr] debsecan debconf template translation

* Steve: > Please find attached the french debconf templates translation, proofread by > the debian-l10n-french mailing list contributors. > > This file should be put as debian/po/fr.po in your package build tree. Thanks. There are strange characters in that file: "En indiquant «GENERIC» (valeu

Bug#403114: typo3: HOWTO get extension manager to work and to install a testsite

is going to be in 4.1 but not 4.0.x Do you think you could add info on these two points to README.Debian.gz? Thanks a lot for finally providing up-to-date Debian packages and making it so easy to install typo3! Florian -- System Information: Debian Release: 4.0 APT prefers unstable AP

Bug#389748: (no subject)

* Andrew Schulman: >> CVE-2005-3624 >> CVE-2005-3625 >> CVE-2005-3626 >> CVE-2005-3627 >> CVE-2005-3628 > > I get a report about these every day, even though Debian hasn't been > vulnerable since Woody. I'd appreciate it if the database could be > updated to correct their status. Thanks, Andre

Bug#403034: Deep MIME Nesting Content Filter Bypass

* Stephen Gran: > I'm not sure what clamav should do here. What algorithm do you suggest > for infinitely recursive scanning without memory exhaustion or other > physical limits being hit? MIME has been designed to support one-pass, streaming processing. Therefore, the only thing you need to sto

Bug#402316: dnsbl.ins.pl is not executed

* Blars Blarson: > tags 402316 - security > thanks > > dnsbl.ins.pl is only parsed for settings, it is not exectued. | @version = (@version, "hinfo.conf example 14 Jul 2003"); | | use "/var/lib/hinfo/dnsbl.ins.pl"; | use "/var/lib/hinfo/whois.ins.pl"; If we were a commercial software vendor, th

Bug#401006: Related issue reported on lmkl

Here's something that could be related (APT seems to call msync as well): -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#402316: read hinfo before making bogus assertions

tags 402316 security thanks > Your failure to read the code in /usr/bin/hinfo that parses > /etc/hinfo.conf does not make this a security bug. Code injection is still possible via the $pager variable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Conta

Bug#403770: ITP: context -- A powerful TeX format

* Norbert Preining: > * URL : http://www.pragme-ade.com It's .nl. > * License : GPLv2 Does your package include documentation? It's covered by a non-free CC license, source code is not available, and it embeds non-free fonts. 8-( -- To UNSUBSCRIBE, email to [EMAIL PROTEC

Bug#389270: same problem; DNS failure stored?

y connected to the internet (it's a laptop), and the impression I have as to what happens is that when fetchmail first starts up, name resolution doesn't work yet so the first server gives an error, and this error is then stored permanently somewhere - a bug in getaddrinfo()? Florian signature.asc Description: Digital signature

Bug#396959: dlint: Deprecated syntax for sort and tail

rnings to stop for > me: > -- > 307c307 > < sort +0nr $TMPSERIALS | awk '{print $2}' > $TMPNS > --- > > sort -k 0nr $TMPSERIALS | awk '{print $2}' > $TMPNS Especially here I am not sure wether the options &

Bug#396687: Puts system user into the adm group

* Gerrit Pape: > On Thu, Nov 02, 2006 at 11:23:02AM +0100, Florian Weimer wrote: >> From the postinst: >> >> adduser --system --home /var/log/git-daemon --no-create-home --ingroup adm >> gitlog >> >> This is wrong. adm group membership is reserved to (hu

Bug#397532: libdatetime-perl: New upstream release

Package: libdatetime-perl Version: 1:0.2901-1.1 Severity: wishlist Hello, DateTime 0.35 has been release to CPAN. Please update your package. TIA, Flo -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686

Bug#397560: blender: FTBFS: /usr/bin/ld: cannot find -lsh

On Wed, Nov 08, 2006 at 09:57:35AM +0100, Lucas Nussbaum wrote: > During a rebuild of all packages in etch, I discovered that your package > failed to build on i386. > > Relevant parts: > Compiling ==> 'buildinfo.c' > Linking program ==> 'blender' > /usr/bin/ld: cannot find -lsh: > collect2: ld re

Bug#394159: xserver-xorg-video-mga: Locks up on i386 / G200 as well

On Mon, Oct 30, 2006 at 06:15:57PM +0100, Florian Ernst wrote: > Package: xserver-xorg-video-mga > Version: 1:1.4.2.dfsg.1-1 > Followup-For: Bug #394159 > > Abstract: > New packages unusable on G200: lead to complete freeze / garbled screen > under certain conditions. > [

Bug#398199: debsecan: should be able to configure who is notifed

tag 398199 confirmed * Axel Beckert: > debsecan currently has hard-wired that mails it generates should be > delivered to root on localhost. There are scenarios where this is not > wanted. Please include a debconf question for configuring to which > email address(es) debsecan should send mail to.

<    5   6   7   8   9   10   11   12   13   14   >