Bug#291117: wakeonlan: progrma refers to incorrect manpage

On Tue, Jan 18, 2005 at 04:18:06PM -0500, Jim Paris wrote: > Running the program with no arguments refers to the wakelan(1) > man page, which should probably read wakeonlan(1) instead. Agreed. I will make an upload to fix this once the package has entered into "testing". That should be in

Bug#291332: dsniff fails looking for libnids.so.1.18, but linked against libnids.so.1.19

On Wed, Jan 19, 2005 at 08:02:34PM -0800, Josh Carroll wrote: > When attempting to run dsniff, it complains about needing > libnids.so.1.18: > > dsniff: error while loading shared libraries: libnids.so.1.18: cannot > open shared object file: No such file or directory > > However, ldd reports the

Bug#342044: security.debian.org: Systemically making Debian GNU/Linux less suseptible to buffer overflow attacks

On Sun, Dec 04, 2005 at 02:25:07PM -0800, Bill Wohler wrote: > Package: security.debian.org > Severity: wishlist This is an inappropriate package to report this bug against, I'd suggest at least using GCC. > They mentioned StackGuard, ProPolice, StackShield, and RAD (Return > Address Defender)

Bug#342550: firefox: Javascript, history.dat & DoS

On Thu, Dec 08, 2005 at 04:48:07PM +0200, Timo Poikola wrote: > Package: firefox > Version: 1.4.99+1.5rc3.dfsg-2 > Severity: grave > Tags: security > Justification: causes non-serious data loss > > http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt > > My ff does not cra

Bug#343180: apachetop: problems with logfiles greater than 2gb

Thanks for your report and your patch (and your other patches!) I'm not too sure if this is a good fix right now, so I'm going to leave this patch unapplied for the moment. If I can gain access to a couple more platforms I'll be able to test it out and see how well it works on non-x86 sys

Bug#344081: ITP: xen-debiantools -- Tools to manage debian XEN virtual servers

On Mon, Dec 19, 2005 at 11:54:26PM +0200, Radu Spineanu wrote: > Package: wnpp > Severity: wishlist > Owner: Radu Spineanu <[EMAIL PROTECTED]> > > > * Package name: xen-debiantools ? I'd strongly suggest keeping the name as xen-tools, or xen-tools-debian if you must change it. Becau

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote: > An integer overflow in the header parser for .blend files can potentially > be exploited to execute code through a heap overflow. Please see > http://www.overflow.pl/adv/blenderinteger.txt for details. > > This is CVE-2005-447

Bug#338312: osh: Environment Variable Input Validation Bug

On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote: > Due to a bug in the environment variable substitution code it is > possible to inject environment variables such as LD_PRELOAD and gain a > root shell. Confirmed. Joey we'll need an ID for it. I guess we need to use tw

Bug#347221: smstools: Format string attack in logging code

Package: smstools Version: 1.16-1+b1 Severity: grave Justification: user security hole Tags: security *** Please type your report below this line *** A DSA has just been released for smstools due to an insecure usage of syslog in the logging code. The following patch will correct the issue

Bug#346101: More info?

What output do you see if you run via strace? apt-get install strace strace apachetop Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#346101: Strace log not being accepted

On Wed, Jan 11, 2006 at 03:46:19PM -0600, Bonilla, Alejandro wrote: > I have sent the strace of apachetop and the bug system is not letting it > in, maybe as an spam check? > > Here goes again attached. Cheers, got it. Looks like I tracked down the bug without this. See : http://lists.

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote: > Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code > execution when importing a .bvh file)? Last I heard you were going to > prepare an update unless anybody had an issue with the changes made, > yet I haven't heard

Bug#340989: gnump3d: Problems with final in UTF-8 mp3 tags

I would do this if I knew how. Any suggestion or patch is most welcome. I only deal with ASCII characters so I'm not sure what needs to be changed.. -- Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] wi

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Fri, Dec 23, 2005 at 05:56:59PM +0100, Wouter van Heyst wrote: > > It looks good to me. I've built a package and if nobody has any > > objections I'll upload later today. > > No objections from me. Great I already uploaded the package ;) Steve -- -- To UNSUBSCRIBE, email to [EMAIL

Bug#345912: xen-tools: The generated /etc/fstab file is broken.

Package: xen-tools Version: 0.6-1 Severity: normal Tags: patch *** Please type your report below this line *** Version 0.6 of xen-tools generates a broken /etc/fstab file for all new images. The script used to create this "etc/xen-create-image.d/90-make-fstab" needs the following minor pat

Bug#335959: reprepro: bz2 example is broken

Package: reprepro Version: 0.6-1~sarge Severity: minor Tags: patch The sample file included in examples/bzip.example contains several errors. The section at the top reading thus: -- # DscIndices Sources Release . .gz bzip2.sh # DebIndices Packages Release . .gz bzip2.sh # UDebIndices Packa

Bug#328129: PATCH: The following patch fixes this issue

The following patch extracted from the SF.net discussion linked above fixes the issue for me. Steve -- --- xine-ui-0.99.3.orig/src/xitk/menus.c +++ xine-ui-0.99.3/src/xitk/menus.c @@ -425,8 +425,7 @@ int x, y; xitk_menu_widget_t menu; char buffer[20

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

On Wed, Nov 16, 2005 at 02:05:11PM +0100, Loic Minier wrote: > Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, > CVE-2005-2976 (not described in this report)? Ubuntu has released some > packages which might help . > Do you need the Gt

Bug#334601: I have very interest in vnc2swf

On Fri, Nov 18, 2005 at 05:00:46PM -0200, Rodrigo Tadeu Claro wrote: > I have very interest of "pyvnc2swf" package. :) > Inclusively, I?ll liked of the to make this package. However, I see what > you makes the ITP for vnc2swf (BUG: 334601). Yes that's correct. > How much time you needed fo

Bug#334601: I have very interest in vnc2swf

On Fri, Nov 18, 2005 at 07:59:28PM -0200, Rodrigo Tadeu Claro wrote: > I packed pyvnc2swf for the Debian. But still necessary to finish some small > adjustments, such as, to make a manual page in nroff that not have. OK. > I have it much will to keep this package and would like to have you as

Bug#340079: insecure tempfiles

On Sun, Nov 20, 2005 at 08:17:17PM +0100, Uwe Zeisberger wrote: > Tags: security patch > With the attached patch applied, it uses mktemp for their creation. The patch is .. missing. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [

Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote: > To reproduce this bug: > > su root and then load firefox from the term. Then launch firefox from > another unrelated and normal user terminal. The newly launched firefox reads > root's > profile and gets root's rights. Isn't t

Bug#311251: Confirmed

I can confirm this bug, but I don't see a simple obvious solution. I've been getting lost in the parser whilst trying to resolve it, but I'll keep working on it. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECT

Bug#301470: spider: Binaries in wrong location, and package discription incorrect.

On Sat, Jun 04, 2005 at 12:16:49PM -0400, Dale C. Scheetz wrote: > My appologies for a slow reply... You're welcome, it's not a serious bug. > My last reading of policy suggested that the X11 path was depricated and that > bins should be in /usr/bin. Please point me to where it says otherwise?

Bug#301695: True

This is a limitation of the software, it is only designed to show JPEG images, and as such PNG files are not supported. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?

Bug#309722: ITP: xwc -- lightweight Explorer-like file manager

On Wed, May 18, 2005 at 11:59:10PM -0400, Roberto C. Sanchez wrote: > * Package name: xwc > Version : 0.91.5a > > Supports association by file name and file type, tree view and device > mounting and unmounting. Supports a wide variety of confifuartion That should probably be '

Bug#299560: dsniff: fails due to not finding libnids

On Tue, Mar 15, 2005 at 01:36:08AM +0100, txemi wrote: > Package: dsniff > Version: 2.4b1-8 > Severity: grave > > dsniff fails this way in debian testing after last upgrade: Strange it works for me. > $ sudo dsniff > dsniff: error while loading shared libraries: libnids.so.1.19: cannot > open

Bug#299560: dsniff: fails due to not finding libnids

On Tue, Mar 15, 2005 at 01:36:08AM +0100, txemi wrote: > Package: dsniff > Version: 2.4b1-8 I spoke too soon. libnids 1.20 has made it into testing. dsniff version 2.4b1-9 has not. This is not something I can fix, when the most recent version of dsniff makes it into testing your problem

Bug#300995: gnocatan-client: Deadlock if you use a road-building card with less than two roads

Package: gnocatan-client Version: 0.8.1.54-1 Severity: normal Tags: upstream Towards the end of a long game I obtained and used a 'Road Building' card. I'd not noticed I had only one 'road' piece left - so was unable to place more than that piece. Unfortunately the game doesn't re-enabl

Bug#314869: perldoc.el

On Thu, Jun 23, 2005 at 12:59:37PM -0400, Peter S Galbraith wrote: > Hello Steve, > > There's a minor bug against emacs-goodies-el for perldoc.el. Would you > like to fix it upstream or should I patch for Debian? > > http://bugs.debian.org/314869 > > I suppose patching for Debian makes sense s

Bug#314869: perldoc.el

On Thu, Jun 23, 2005 at 06:51:31PM -0400, Peter S Galbraith wrote: > I was looking at the original file in my CVS tree, but in fact you're > right I did substantially modify the file using dpatch, and I hadn't > noticed. How embarassing. Don't worry about it. I'll deal with it! No worries, t

Bug#315877: ITP: initng -- next generation init system

On Sun, Jun 26, 2005 at 07:10:12PM +0200, Bartosz Fenski aka fEnIo wrote: > Not sure how hard would be to integrate this with Debian (had to tune some > files by hand on test box), but it's definitely worth trying. > > On my test box it started system almost *three* times faster. I guess the o

Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers

On Wed, Jun 29, 2005 at 12:49:31AM +0200, Moritz Muehlenhoff wrote: > Package: apache2 > Severity: grave > Tags: security > Justification: user security hole > > Latest 2.1.6-alpha fixes a security in the proxy HTTP code: > > | The 2.1.6-alpha release addresses a security vulnerability present >

Bug#318678: dsniff needs to depend on libnids1.20 instead of libnids1

On Sat, Jul 16, 2005 at 06:10:08PM -0600, Michael Berg wrote: > Package: dsniff > Version: 2.4b1-11 > Severity: important > > dsniff currently Depends on libnids1 (>= 1.20), but libnids1 was recently > changed to libnids1.20 in Debian/unstable - making dsniff uninstallable. > > Given that the ve

Bug#301470: spider: Binaries in wrong location, and package discription incorrect.

Package: spider Version: 1.2-2 Severity: normal The package description for spide contains the following text: -- The default is round.spider. If you wish to use small.spider, either call it directly, or change the link /usr/X11R6/bin/spider to point to small.spider instead of round

Bug#288195: New homepage

The new homepage appears to be: http://www.securesoftware.com/resources/download_rats.html I will update the package shortly, thanks for the report! Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] w

Bug#302415: F11 maybe a bad choice?

I just spotted that F11 is grabbed by IceWM too. Perhaps the easiest approach might be to switch the default to F12 or so? I guess that changing the code isn't too useful as we still don't see *which* program is already grabbing the key, but the following patch does give an error messag

Bug#302415: F11 maybe a bad choice?

On Fri, Apr 01, 2005 at 03:43:18PM +0200, Niv Altivanik wrote: > > This patch is not really useful, as XGrabKey *always* returns 1 ... > > as far as I understood, the only way to catch an X error, is by using > XErrorEvent and friends, witch looks like a PITA. D'oh! OK. > Maybe F11 is not

Bug#334601: ITP: vnc2swf -- Create shockwave flash videos of windows or desktops

Subject: ITP: vnc2swf -- Create shockwave flash videos of windows or desktops Package: wnpp Owner: Steve Kemp <[EMAIL PROTECTED]> Severity: wishlist *** Please type your report below this line *** * Package name: vnc2swf Version : 0.6.4 Upstream Author : Yusuke Shinyama &

Bug#334641: ITP: metaplanet -- Web-based feed aggregator written in PHP

On Tue, Oct 18, 2005 at 10:37:19PM -0300, Fernando J.Rodr??guez wrote: > Metaplanet is a feed agregrator that shows the news of multiple sources > in a unified web page. The main objetive is to serve web pages as fast > as posible with a minimum load on the server. Just a minor typo that caught

Bug#335439: vncserver: passwords over 8 chars not handled correctly

On Sun, Oct 23, 2005 at 08:19:35PM -0400, Collin E Borrlewyn wrote: > vncserver lets me in without supplying the full password. > > To reproduce this: > start vncserver: vncserver :1 > whe prompted enter a password of eight or more characters > start xvncviewer and connect to :1 > when prompted e

Bug#335817: wordpress: SECURITY : Contains an insecure version of class.snoopy

Package: wordpress Version: 1.5.2-2 Severity: grave Justification: user security hole As described upon the following bugtraq post the class Snoopy which is included in wordpress potentially allows arbitary command execution. http://seclists.org/lists/fulldisclosure/2005/Oct/0536.html

Bug#331067: gnump3d: Broken link http://server:port/COPYING

Package: gnump3d Version: 2.9.5-1 Severity: minor Tags: patch Broken link because the plugin test first lower-cases the plugin filename. Fix: sudo mv /usr/share/perl5/gnump3d/plugins/COPYING.pm \ /usr/share/perl5/gnump3d/plugins/copying.pm -- System Information: Debian

Bug#327165: pioneers-client has problems with mouse and toolbar.

Package: pioneers-client Version: 0.9.23-1 Severity: normal Tags: upstream The toolbar upon the pioneers-client appears to behave strangely. When the mouse is over a disabled button it cannot be clicked when it is enabled without moving away from the current location. This is hard to des

Bug#327165: pioneers-client has problems with mouse and toolbar.

On Thu, Sep 08, 2005 at 07:57:14AM +0200, Roland Clobus wrote: > I've tried to reproduce this, but I got different results (Gtk 2.6.8): Right I'm using 2.6.10-1, as packaged in Debian's unstable distribution. > When the button under the mouse becomes enabled, it can be clicked. > When the butt

Bug#327165: pioneers-client has problems with mouse and toolbar.

On Thu, Sep 08, 2005 at 11:00:56AM +0200, Bas Wijnen wrote: > > Right I'm using 2.6.10-1, as packaged in Debian's unstable distribution. > > I could reproduce this with Gtk 2.6.10-1 as well. Good to see I'm not alone. > That second is the delay the AI makes on purpose, to avoid the game goi

Bug#324034: base-config 2.70 uninstallable

Package: base-config Version: 2.70 Severity: important Tags: patch When attempting to upgraded today I see the following error: Setting up base-config (2.70) ... /var/lib/dpkg/info/base-config.postinst: line 59: syntax error near unexpected token `db_fset' dpkg: error processing base-config (--

Bug#324201: ITP libcgi-session-expiresessions-perl: Clean up old CGI sessions

Package: wnpp Version: N/A; reported 2002-05-17 Severity: wishlist * Package name: libcgi-session-expiresessions-perl Version : 1.04 Upstream Author : Ron Savage <[EMAIL PROTECTED]> * URL : http://savage.net.au/Perl-modules/html/CGI/Session/ExpireSessions.html * Licen

Bug#213957: Fixed.

This is fixed in Sarge, Etch, and unstable. Probably time to close it. -- Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#202963: This is fixed now

This is fixed in Woody, Sarge, and Sid. Probably time to close it now. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#325135: maildrop: lockmail doesn't drop privileges

On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > Thanks a lot for the report. This is CAN-2005-2655. > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental, > > and should be easy to fix: Just add setgid(getgid()) before the > > execvp(). I tested the attache

Bug#333682: security problem within CDDB communication

On Thu, Oct 13, 2005 at 10:52:28AM +0200, Michal ??iha?? wrote: > xine announcement [1] is four day old, it says issue has been found by > Debian Security Audit Project, so I'd expect that Debian will have it > fixed also :-). We do. > Sorry if you're already working on this issue and I interr

Bug#333734: curl: Buffer overflow in NTLM authentication

On Thu, Oct 13, 2005 at 03:03:42PM +0200, Moritz Muehlenhoff wrote: > Package: curl > Version: 7.14.1-5 > Severity: grave > Tags: security > Justification: user security hole > > Another buffer overflow has been found in curl's NTLM authentication > code. (This one is different from CAN-2005-0490

Bug#327722: Patch for Gopher bug CAN-2005-2772

On Mon, Sep 26, 2005 at 09:23:16AM -0500, John Goerzen wrote: > > Attached are the patches that Joey (Schulze) approved. > > Can you (or Joey) comment: did you use a different patch because you > believe mine to be insecure, or for a different reason? (That's an > important question, since as

Bug#325135: maildrop: lockmail doesn't drop privileges

On Sat, Aug 27, 2005 at 07:03:55PM -0400, Andres Salomon wrote: > > Certainly. Once the advisory is out I can make an upload if Joy > > hasn't already made one. > > > > I can also do an upload; Joy already said I should comaintain, I've just > been waiting for racke to do a new courier uploa

Bug#325769: Format string security hole in anon-proxy

Package: anon-proxy Version: 00.02.39-7 Severity: serious Tags: patch, upstream The logging code in anon-proxy contains a misuse of the syslog function allowing potential remote compromise of the host it is running upon. (This depends whether logging is enabled). The patch below fixes t

Bug#322152: Please mention forums.debian.net

On Tue, Aug 09, 2005 at 01:19:07PM +0200, Jeroen van Wolffelaar wrote: > forums.debian.net, which for full disclosure, I started and host, has > been steadily gaining popularity in the past year, and consequently it > has become a resource for new Debian users with actually quite a good > chance o

Bug#319272: I suspect I can't win either way

I suspect that there are still sufficiently many people using Apache 1.3x that changing the default file will just result in a new bug report from them. I guess the best approach is to: 1. Use any logfile specified upon the command line. 2. Then attempt to use /var/log/aa

Bug#320204: Solution ..

This bug is common to all the module-assistant built modules. The problem comes from the fact that the compiler you used to build the fuse-source module differs from that used to build your kernel. Run 'cat /proc/version' to see the GCC version used to build your current kernel. Mine s

Bug#404233: CVE-2006-6678: Netrik arbitrary command execution

On Fri, Dec 22, 2006 at 06:42:41PM +0100, Stefan Fritsch wrote: > A vulnerability has been reported in Netrik: Thanks for the report. Security update for Sarge is building now. Patch attached: Steve -- --- form-file.c 2003-08-06 10:28:45.0 + +++ /home/skx/form-file.c 20

Bug#404455: xen-tools should check if volumegroup exists, exit with error if not

On Mon, Dec 25, 2006 at 12:52:34AM +0100, Henning Sprang wrote: > But in the logs I saw an error in lvm creation. I think such errors > should be caught and properly reported at the command line, and vm > config file creation should not happen. Noted. Fixed in CVS now. Steve -- signature.a

Bug#404443: xen-tools should not overwrite exitsing vm config file without --force

On Mon, Dec 25, 2006 at 12:20:43AM +0100, Henning Sprang wrote: > The problem why it didn't stop was, it seems to only check if a given > lvm or disk already exists. True. > It seems not to check, if the vm config file it is about to create > already exists and just overwrote an existing confi

Bug#402889: xen-tools: in hooks/roles, installDebianPackage always fail

On Wed, Dec 13, 2006 at 01:07:00PM +0100, Abaakouk Mehdi wrote: > When hook or role call installDebianPackage it fail with error like > this: > > assert failed: ${the hook script name}:103 [] Thanks for the patch, it has been committed to CVS and will be in the next release (very soon!)

Bug#404444: make customization hooks optional

On Mon, Dec 25, 2006 at 12:39:47AM +0100, Henning Sprang wrote: > In these cases, the only other solution (if I don't want to lose > xen-tools for creating my configs and block devices) would be to do a > no-install, then mount manually, and untar the file in there. Added the new option "--no-h

Bug#404454: make xt-install.image recognize debootstrap=0

On Mon, Dec 25, 2006 at 12:51:40AM +0100, Henning Sprang wrote: > While it seems like xen-create-image is correctly working when I > overwrite the installation method in a config provided with --config, > setting the default installation method to "0" like this: Seems like the obvious solution

Bug#404509: undefined subroutine logpring

On Mon, Dec 25, 2006 at 03:14:42PM -0500, Joey Hess wrote: > Undefined subroutine &main::logpring called at /usr/bin/xen-create-image line > 2504. > > It's a typo, s/logpring/logprint/ Thanks, fixed in CVS now. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "uns

Bug#404508: (no subject)

On Mon, Dec 25, 2006 at 02:56:01PM -0500, Joey Hess wrote: > Here xen-create-image likes to copy over my dom0's /lib/modules, all 650 > mb of it (I have a "few" kernels installed). Agreed. > Seems to me that for etch and up, a better approach when creating an > image is to install linux-module

Bug#404508: your mail

On Mon, Dec 25, 2006 at 05:14:19PM -0500, Joey Hess wrote: > Here's an approach that tries to be smart about using linux-modules > packages iff available: Thanks, applied now: http://www.cvsrepository.org/cgi-bin/trac/xen-tools/chngview?cn=771 Steve -- -- To UNSUBSCRIBE, email to

Bug#404518: fails to install ssh, libc6-xen: installDebianPackage fails with assert

On Mon, Dec 25, 2006 at 04:15:57PM -0500, Joey Hess wrote: > This happens with every call to installDebianPackage, because of line 81 of > common.sh: > > disableStartStopDaemon Yes. Fixed in CVS already. See #402889 for the original report. (I'll merge this one in.) > I think it might

Bug#404516: insufficient checking for failure when creating disk image

On Mon, Dec 25, 2006 at 04:01:23PM -0500, Joey Hess wrote: > Notice, no errors, and it seemed to succeed, yet in fact no disk image was > produced at all. I have to look in the xen-tools log to see that: This is a duplicate of #404455 reported earlier today. Fixed in upstream CVS here:

Bug#404521: --accounts does not copy over groups

On Mon, Dec 25, 2006 at 04:55:30PM -0500, Joey Hess wrote: > I ran xen-create-image with the --accounts option, and it copied over my > joey user to /etc/passwd and /etc/shadow, but failed to do so in > /etc/group and /etc/gshadow. Fixed now, thanks. http://www.cvsrepository.org/cgi-bin/tra

Bug#404603: no /etc/hosts for dhcp machines?

On Tue, Dec 26, 2006 at 04:21:50PM -0500, Joey Hess wrote: > Why is /etc/hosts only set up for machines w/o dhcp? Because I rarely use DHCP ;) > d-i sets up a basic > hosts file for all machines. Machines with dhcp should still have the > ipv6 stuff, and it makes sense for them to have a local

Bug#401834: weird warnings and checksums errors

> debsums: checksum mismatch xen-tools file > /usr/lib/xen-tools/edgy.d/20-setup-apt > debsums: checksum mismatch xen-tools file > /usr/lib/xen-tools/edgy.d/30-disable-gettys > I guess this is caused because prior to this release the edge.d + dapper.d were both symlinks pointing to ubuntu.

Bug#401969: please build using hunspell

On Fri, Dec 08, 2006 at 10:32:50PM +0100, Mike Hommey wrote: > How does the security team feel about having to rebuild iceape, > iceweasel, icedove (you forgot to file a bug on icedove), OOo and enchant > if there happens to be a security bug in hunspell ? In general having multiple packages ne

Bug#402315: add no-install for people who want only config files generated

I'm not sure this patch makes sense. It seems to me that if you want to create the configuration file(s) only then you should instead invoke xt-create-xen-config directly - and not use xen-create-image at all. Unless you're suggesting that you want to use it in a situation where you want

Bug#402328: #402328 - check --config file for existance

The code already reads the file only if it exists: readConfigurationFile( $path ) if ( -e $path ); That is the same as: if ( -e $path ) { readConfigurationFile( $path ); } I think that aborting if the file doesn't exist is too strong a reaction.. so I'm inclined to ignore it! St

Bug#402315: add no-install for people who want only config files generated

OK .. I will add the option. And then we'll close this bug and the other almost-identical one! I'm glad the talk went well too! Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#402315: add no-install for people who want only config files generated

See-also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383057 Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#402328: #402328 - check --config file for existance

On Sat, Dec 09, 2006 at 06:17:40PM +0100, Henning Sprang wrote: > So, if a user gives --config with an unexisting file it is therefore > very likely a typo, which the user wants to be warned as fast as > possible. In this case, there's no use to run the install until the end > with an unwanted con

Bug#401206: xen-tools: Please consider setting the kernel + initrd image at package-install time.

Package: xen-tools Version: 2.9-2 Severity: wishlist Tags: patch *** Please type your report below this line *** Please consider adding a postinst file to automatically specify the Xen kernel and initrd image. The attached script is one potential solution, it won't work in 100% of cases ho

Bug#396277: allows creating any file as root

On Mon, Oct 30, 2006 at 10:56:28PM +0100, Marco d'Itri wrote: > By creating a /tmp/start_thttpd symlink a local attacker will be able to > create/touch any file as root. Thanks for the report. Once I get a CVE identifier allocated I'll handle an update for Sarge. Daniel if you have a prefe

Bug#396277: allows creating any file as root

arge2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix the insecure use of temporary files when invoked by logrotate. +[CVE-2006-4248] + + -- Steve Kemp <[EMAIL PROTECTED]> Tue, 31 Oct 2006 17:49:34 + + thttpd (2.23beta1-3sarge1) stable-securi

Bug#390295: Still willing to adopt gnump3d?

Hi, Are you still intending to adopt the gnump3d package? If not I will make a new upload and set the maintainer to the QA team in the next day or two. Steve -- signature.asc Description: Digital signature

Bug#390822: Still willing to adopt dsniff?

Hi, Are you still interested in adopting, with sponsorship, dsniff? If not I will make a new upload with the maintainer set to QA over the next day or two. (I don't want to have the package be in the etch release with my name still on it, when I've given up maintaining packages.) Steve

Bug#390822: Still willing to adopt dsniff?

On Thu, Nov 02, 2006 at 08:41:18AM -0300, Luciano Bello wrote: > I has working in some bugs. Dun tell me that he will release a new version > (rewriten from scratch) in the next weeks. But, as you point, etch will be > release soon. Great! > So i will upload a new package in these days (may

Bug#397784: xen-tools: xen-create-image fetches libc6-xen from ftp.debian.org

On Thu, Nov 09, 2006 at 02:53:13PM +0100, Thomas P??hnitzsch wrote: > The mirror defined in /etc/xen-tools/xen-tools.conf is ignored when > xen-create-image installs libc6-xen. > > Thus the installation of libc6-xen should probably be moved to the hook > 20-setup-apt, just after the "apt-get upda

Bug#398769: xen-tools: reports --untar as option

On Wed, Nov 15, 2006 at 12:59:02PM +, Neil Wilson wrote: > - --untar file.tar = Install by untarring the given file. > + --tar file.tar = Install by untarring the given file. Thanks. Applied to upstream CVS now. Steve -- Debian GNU/Linux System Administration http://www.debian-ad

Bug#397933: xen-tools: don't run disable-tls on amd64

On Fri, Nov 10, 2006 at 03:33:09PM +0100, Miquel van Smoorenburg wrote: > If you run a 64 bit xen dom0/domU, the disable-tls script should not be run. > The TLS issue doesn't exist on a 64 bit kernel, not even on 32 bit > userland (--arch i386). Disabling TLS cripples libpthread. Fixed in upstr

Bug#398936: libapache2-mod-ifier: The module breaks POST processing

Package: libapache2-mod-ifier Version: 0.8-2 Severity: grave Justification: renders package unusable This module, when installed and enabled, breaks all processing of POST requests. It should be removed from Etch until it can be updated to work correctly. -- System Information: Debian Rel

Bug#399778: xen-create-image should avoid perl warnings about missing locale

On Tue, Nov 21, 2006 at 11:50:06PM +0100, Petter Reinholdtsen wrote: > xen-create-image should unset the current locale (or set it to the C > locale), to avoid a lot of warnings from perl when installing > packages. True. But I've always figured if the caller was setup the appropriate locale

Bug#399705: distribution in config file should be etch and debootstrap should be set

On Tue, Nov 21, 2006 at 06:00:43PM +0100, Henning Sprang wrote: > It's enough to do it in the debian package. Or, better, in conjunction > with the distribution setting above. Because, in conjunction with etch > as distriution, only copying would also make sense, rpmstrap would not > be right - bu

Bug#399708: --mac option should be mentioned in manpage

On Tue, Nov 21, 2006 at 03:24:57PM +0100, Henning Sprang wrote: > package: xen-tools > version: 2.8-2 > > The --mac option is not mentioned in the man page Fixed in CVS, thanks for the report. Steve -- signature.asc Description: Digital signature

Bug#295401: gnump3d-index dies on uninitialised numeric value in a less-than operation

On Tue, Feb 15, 2005 at 04:15:27PM +, James Cummings wrote: > Package: gnump3d > Version: 2.9-1 > Severity: normal > > > cron.daily gives me this every day: > > /etc/cron.daily/gnump3d: > Use of uninitialized value in numeric lt (<) at > /usr/bin/gnump3d-index line 391. > > which means my m

Bug#295556: FWD: [SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution

On Wed, Feb 16, 2005 at 06:53:07PM +, Dafydd Harries wrote: > > Filing this bug to track the security hole in the DSA below. Apparently > > a fix for unstable has not yet been uploaded. > > Since I don't have a copy of the original security patch, I tried to > extract the changes by interdiff

debian-bugs-dist@lists.debian.org

Package: trackballs Version: 1.0.0-6 Severity: normal Tags: patch, sarge There are three unchecked buffer overflows in the code I missed last time round (#184478) They are: 1. Unchecked use of $TRACKBALLS 2. Overflow on command line parameter (-e) 3. Overflow on c

Bug#289784: [Debian-audit] xshisen (again)

On Wed, Jan 12, 2005 at 02:00:46PM -0500, Grzegorz B. Prokopski wrote: > > > That's an .. unlikely .. bug to occur in practise. I guess only > > > root can modify the GECOS field. > > > > No, you can use the chfn command to change all data in your own GECOS field > > except your real name. Th

Bug#298060: (forw) Bug#298060: Please don't install login as setuid root

On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote: > Security and release teams, may I have your advice about this suggestion? > > As you may know, I currently act as maintainer for the shadow package, > but I'm also aware of my own weaknesses when it comes at security (and > secur

Bug#298573: O: checksecurity -- basic system security checks

Package: wnpp Severity: normal I intend to orphan the checksecurity package, honestly I've done a bad job of looking after it. It deserves a better keeper and I've not had much success at getting a co-maintainer for it. The package description is: Checksecurity does some very basic system

Bug#295401: User error.

After private dialog this turned out to be a local error with the machine setup - and not a bug in the application. I'm closing it now. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#296326: gnocatan-client: Crash after trading fails.

Package: gnocatan-client Version: 0.8.1.53-1 Severity: normal Sometimes when trading the 'finish' button becomes grayed out, making it impossible to dismiss the trading view. The game can continue with both the map and the game board active - using the finish button to complete my turn lea

  1   2   3   4   5   >