Bug#220156: Patch applied to development branch

On Tue, August 3, 2004 12:09, Thijs Kinkhorst said: > FYI, I've applied the patch you mention to our current development branch > (1.5.x). It will appear in the 1.6.x series but probably not be backported > to 1.4.x. This patch has been backported upstream to the 1.4.5-CVS, and will

Bug#286134: squirrelmail: Folder option not working

Hello people, >> > Maybe try to higher the option "memory_limit" in php.ini? >> > >> > Bu default: >> > memory_limit = 16M >> >> OK. Now it is memory_limit = 64M >> But when clicking on Folders I am getting a new error: >> >> http://biolinux.df.ibilce.unesp.br/naoliv/squirrel1.png > > This is yet

Bug#286134: squirrelmail: Folder option not working

Thanks for the info; is this tested with the latest 1.4.4 package or with 1.4.3a? THijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292496: phpbb2: Should suggest a DBMS

Package: phpbb2 Version: 2.0.10-3 Severity: minor Hoi Jeroen, phpBB2 depends on a MySQL- or PostgreSQL database server, however this is not reflected in the dependencies. Since this DBMS does not have to be installed on the same machine, it would be logical to "Suggests: mysql-server | postgresq

Bug#292490: squirrelmail-locales is missing in debian sarge

On Thu, January 27, 2005 15:30, Jeroen van Wolffelaar said: > We _could_ also refer to > squirrelmail-locales in the squirrelmail package description, though I > don't know whether that's a good place to put a mention like this. If you're reading the package description you'll also see the list of

Bug#283948: PLease integrate squirrelmail with dictionaries-common

into this, but can't find out how this should work: what is a reliable way to detect which dictionaries are installed, and which one is the default? If you can advise me in this I will see whether it's possible to integrate it. Thanks, Thijs Kinkhorst -- To UNSUBSCRIBE, email to

Bug#337391: libcgi-ssi-perl: requires net access to build

retitle 337391 libcgi-ssi-perl: requires net access to build tags 337391 +pending thanks While the build-depends on netbase indeed solves this bug for networked build hosts, the real problem was that 'make test' tried to access network resources. I've disabled those tests that require network acce

Bug#341028: /usr/sbin/dbconfig-load-include: dbconfig-load-include does not work as advertised

Package: dbconfig-common Version: 1.8.7 Severity: normal File: /usr/sbin/dbconfig-load-include Hey sean, I'm exploring dbconfig-common for use in one of my packages. It really solves a common problem but I'm working on having it integrate seamlessly with previous (e.g. sarge) versions of my pack

Bug#340370: rain: Generates bad TCP packets

think that it might be better to remove this package from Debian? Or is there still a need to keep it? If you think it's right to remove it, please reassign this bug to ftp.debian.org. thanks, Thijs Kinkhorst signature.asc Description: This is a digitally signed message part

Bug#250428: squidguard: source contains cruft

tags 250428 wontfix stop Hello Toni, > while trying to import squidguard into an archive for tla-buildpackage, > I find this file which makes tla-importdsc barf: > > samples/.sample.conf.swp This file is part of the upstream tarball, but is not shipped in the binary package. I don't think it's

Bug#341028: /usr/sbin/dbconfig-load-include: dbconfig-load-include does not work as advertised

On Mon, November 28, 2005 20:55, sean finney wrote: > so it seems the way getopt(1) handles cmdline arguments is that if you > have an argument that takes an optional argument (like -t [varname]), then > the argument must immediately follow the cmdline flag (-t[varname]). > > some simple testing sh

Bug#341289: typos in debhelper.pot: compatability

Package: debhelper Version: 5.0.7 Severity: minor Tags: patch The man page for debhelper contains a paragraph which repeatedly spells compatibility as compatability; this patch fixes it. bye, Thijs --- debhelper.pod.orig 2005-11-29 22:14:23.0 +0100 +++ debhelper.pod 2005-11-29 22:

Bug#326916: ctn: CTN seems to be incompatible with MySQL Versions > 4.0

tags 326916 upstream thanks On Wed, 2005-09-07 at 16:00 +0200, Thijs Kinkhorst wrote: > > I experienced a problem using CTN with MySQL Version 5.0 (but because of > > the nature of the problem I assume it also affects using CTN with MySQL > > Version 4.1) > > I've n

Bug#336582: Upgrade

Hello Laurent, > Could you upgrade quickly? This bug is open for 29 days and involve > security problems... Coincidentally we were already working on it, and the fix has been uploaded to Debian last night. bye, Thijs signature.asc Description: This is a digitally signed message part

Bug#336582: New round of security issues

On Tue, 2005-11-01 at 20:52 +0100, Thijs Kinkhorst wrote: > Packages for 2.0.18 for sid are nearly ready, we only need some code to > add a new database table. Jeroen is working on this, and will upload as > soon as this is fixed. Packages for sid have been uploaded. CVE-names were no

Bug#336582: New round of security issues

On Wed, November 30, 2005 18:02, Thijs Kinkhorst wrote: > CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities > - 1. error_msg parameter to usercp_register.php > - 2. forward_page parameter to login.php > - 3. list_cat parameter to search.php > - Only relevant when r

Bug#341860: yaclc: debian/copyright is incorrect and incomplete

Package: yaclc Version: 1.4.1 Severity: normal Tags: patch Hello Thomas, The debian/copyright file shipped with yaclc is incorrect and incomplete: 1) It lacks the copyright holder, and after the heading "Copyright" follows text which is the licence. 2) debian/copyright mentions the GNU General

Bug#336582: phpbb2: New round of security issues

e only a vulnerability when running with the +heaviliy discouraged register_globals = off setting) + + -- Thijs Kinkhorst <[EMAIL PROTECTED]> Wed, 30 Nov 2005 11:52:53 +0100 + phpbb2 (2.0.13+1-6sarge1) stable-security; urgency=high * Security update by phpBB maintainers only in patch

Bug#264719: http://qa.debian.org/man-pages.html not reflective of lintian report. Missing missing man pages.

On Tue, 10 Aug 2004 02:08, Dave Harding wrote: > In brief, I don't think http://qa.debian.org/man-pages.html , > which is a listing of missing man pages is acurately reflecting the > lintian report at: > http://lintian.debian.org/reports/Tbinary-without-manpage.html What does the man-pages.html pa

Bug#341958: dbconfig-common: Support for table prefix

Package: dbconfig-common Version: 1.8.8 Severity: wishlist Hello Sean, I'm working on adding dbconfig-common to my package. One thing I'm encountering is that it allows to specify a table prefix which defaults to phpbb2, so your tables will be of the format phpbb2_users etc. We currently offer t

Bug#341991: phpbb2-conf-mysql: Gziped SQL schemas are expected, but they're not gziped

On Sun, December 4, 2005 18:22, Christer Mjellem Strand wrote: > After the SQL schemas were moved away from the doc dir, an upgrade > results in the following error message: > > zcat: /usr/share/phpbb2/schemas/mysql_schema.sql.gz: No such file or > directory > > indicating that the schemas are expe

Bug#336623: phpbb2-languages: Russian translations fixes

thanks, Thijs Forwarded Message From: Alexander GQ Gerasiov <[EMAIL PROTECTED]> To: Thijs Kinkhorst <[EMAIL PROTECTED]> Subject: Re: Bug#336623: phpbb2-languages: Russian translations fixes Date: Mon, 05 Dec 2005 12:25:46 +0300 Hello Thijs, Thijs Kinkhorst wrote:

Bug#342082: phpbb2: Database export doesn't work

mited backup sizes and gzipping is not trivial to solve, especially with my knowledge of the algorithm. I'll check what upstream has to say about it. regards, Thijs Kinkhorst signature.asc Description: This is a digitally signed message part

Bug#342155: Squirrelmail

w that someone used it. In any case you should discontinue using those systems immediately and do a full reinstall, since someone has had root-level access. If you need more support for solving that problem, this bug report is not the right place; you could try a mailinglist or hiring a c

Bug#242117: RM: cabot (orphaned, never part of a stable release, never part of testing, dead upstream, better alternatives exist)

retitle 320961 RM: cabot (orphaned, never part of a stable release, never part of testing, dead upstream, better alternatives exist) reassign 320961 ftp.debian.org thanks Dearest ftp-masters, I'm requesting the removal of cabot from Debian for the following reasons: - The package has been orpha

Bug#342569: [lists.debian.nl] Bug#342569: lists.debian.org: request for debian-events-nl mailing list

On Thu, 2005-12-08 at 17:39 +0100, Joost van Baal wrote: > Could [EMAIL PROTECTED] please get created? Since this I second this request. Thijs signature.asc Description: This is a digitally signed message part

Bug#328115: squirrelmail: Some attachments don't show up

tags 328115 moreinfo thanks Hello Mário, On Thu, 2005-10-06 at 10:45 +0100, Mário Filipe wrote: > I'm sending a .tgz file in attachment with two files: > > squirrelmsg: the message, which was saved in evolution where it display > ok (in other graphical email clients there are no complaints eithe

Bug#328115: squirrelmail: Some attachments don't show up

ther you with such a "stupid" > problem. Once again thank you No problem, if the interface can be confusing that should be addressed as well. thanks, Thijs Kinkhorst signature.asc Description: This is a digitally signed message part

Bug#343091: Squirrelmail-locales french translation problem

Hello, > I suggest : > > 378c378 > < msgid "Purge" > --- >> msgid "purge" > > in order to translate "Purge" to "Vider". Thanks, I'll forward this to the upstream maintainer of the French translation for review and possibly inclusion. bye, Thijs

Bug#253302: Please rename this package

Hello Florian, > Also, the package source is really a bunch of unrelated dirs from each > utility, and at least one of them is Linux-specific (procinfo). I really > think they should be splitted. I agree with this. Since you are the new maintainer and have been fixing up this page, perhaps you'd

Bug#253302: Please rename this package

On Fri, 2005-12-16 at 11:25 +0100, Florian Ernst wrote: > Already working on this, please see > . Great, thanks. If you need any help, or need some testing, just let me know. Thijs signature.asc Description: This is a digitally signed

Bug#343763: Please upgrade build depends to libmysqlclient15-dev

On Sun, 2005-12-18 at 00:15 +0100, Christian Hammers wrote: > Package: ctn > Please upgrade the build dependencies of your package to use > libmysqlclient15-dev Thanks for the note. Currently, ctn only works with MySQL < 4.1 as the server, I don't think this should be a problem for the clie

Bug#343933: debian-policy: typos in sect 9.3.1: "ends .sh", "rather that"

Package: debian-policy Version: 3.6.2.1 Severity: minor Tags: patch The last paragraph of section 9.3.1: Also, if the script name ends .sh, the script will be sourced in runlevel S rather that being run in a forked subprocess, but will be explicitly run by sh in all other

Bug#336582: phpbb2: New round of security issues

On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote: > You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable > to it? Or did you miss it? Or did you just didn't document this? This has been fixed but indeed isn't documented in the changelog. The fact is that CVE-2005-341{

Bug#335997: flyspray: Multiple XSS vulnerabilities

y; urgency=high + + * NMU for security bug + * CVE-2005-3334: Sanitize incoming GET parameters in index.php. +Patch from unstable package (Closes: #335997). + + -- Thijs Kinkhorst <[EMAIL PROTECTED]> Mon, 19 Dec 2005 13:15:26 +0100 + flyspray (0.9.7-2) unstable; urgency=high * Let t

Bug#343610: flyspray: Flyspray (unstable) depends on phpapi

tags 343610 +patch thanks > Flyspray from unstable (currently 0.9.8-5) depends on phpapi, which obviously > isn't correct. phpapi is (AFAIK) only used by PHP modules, but correct me if > I'm wrong! You are correct, phpapi should only be used as a dependency by PHP modules. PHP applications like f

Bug#344014: flyspray: typos in postinst: "informations", "savec"

Package: flyspray Version: 0.9.8-5 Severity: minor Tags: patch Hello Pierre, There are two typos in the following output by flyspray.postinst: Setting up flyspray (0.9.8-5) ... debconf informations savec in /etc/flyspray/debconf_info "informations" should be "information" "save

Bug#335997: flyspray: Multiple XSS vulnerabilities

On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote: > For stable: > I've extracted the right patch from the unstable version (which has been > present without any bugreports since the end of October), and that is > attached. I've also prepared updated package

Bug#344014: here's the patch

a classic error diff -ur flyspray-0.9.8.orig/debian/flyspray.postinst flyspray-0.9.8/debian/flyspray.postinst --- flyspray-0.9.8.orig/debian/flyspray.postinst 2005-12-19 13:46:56.0 +0100 +++ flyspray-0.9.8/debian/flyspray.postinst 2005-12-19 14:12:45.0 +0100 @@ -149,7 +149,7 @@

Bug#335997: flyspray: Multiple XSS vulnerabilities

On Mon, 2005-12-19 at 15:04 +0100, Florian Weimer wrote: > * Thijs Kinkhorst: > > > For the testing (etch) and unstable distribution (sid) this problem has > > been fixed in version 0.9.8-5. > > > close 335997 0.9.8-4 > > -4 or -5? The changelog for -4 l

Bug#335997: flyspray: Multiple XSS vulnerabilities

On Mon, 2005-12-19 at 16:26 +0100, Pierre Habouzit wrote: > > > Multiple Cross-Site-Scripting vulnerabilties have been found in > > > Flyspray. Have a look at > > > http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-va > > >riable.html for more details. This has been assigned CVE-2005

Bug#335997: flyspray: Multiple XSS vulnerabilities

On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote: > -6 is the package that will fix all that should be, and it'll enter etch > in 10 days from now. Great, my interest is that the problem is addressed in the best way possible :) What about stable, do you want to prepare new updated package

Bug#344094: [Fwd: missing file packages.qa.debian.org]

merge 344094 309927 thanks On Mon, 2005-12-19 at 18:21 -0500, Roberto Sanchez wrote: > I noticed that the page > http://packages.qa.debian.org/w/webcpp/news/1.html does not exist. This is a known bug, see #309927. Thijs signature.asc Description: This is a digitally signed message part

Bug#344132: mantis: Broken phpmailer in TR locale

retitle 344132 Depend on libphp-phpmailer instead of using packaged version thanks On Tue, 2005-12-20 at 11:40 +0200, Serkan Kenar wrote: > Turkish translation for the bundled PHPMailer in Mantis package is > broken. This is fixed in the upstream release of PHPMailer. Broken file > is `/usr/share/

Bug#342609: /etc/init.d/shorewall stop doesn't undo /etc/init.d/shorewall start

> /etc/init.d/shorewall stop will keep applied some of the shorewall settings I experienced a problem that I think reduces to the same issue: I executed "/etc/init.d/shorewall stop", thinking that it would disable the shorewall rules and hence enable all traffic. However, running "/etc/init.d/shor

Bug#65188: please use deborphan

> Those bug reports seem to basically imply that cruft should call > deborphan and report what it's found. But I don't think that is a good > idea, since cruft and deborphan have two different purposes. Might it be an idea to supply 'deborphan' as a Suggests? I think it's quite likely that people

Bug#338463: ITP: squirrelmail-decode -- Extra decoding routines for complex character sets

Package: wnpp Severity: wishlist Owner: Thijs Kinkhorst <[EMAIL PROTECTED]> * Package name: squirrelmail-decode Version : 1.0 Upstream Author : SquirrelMail Project Team * URL : http://www.squirrelmail.org/ * License : GPL Description : Extra de

Bug#338649: packages depends on php4, but php5 works since squirrelmail 1.4.3

tags 338649 fixed-upstream thanks On Fri, November 11, 2005 20:44, Stephan Poehlsen wrote: > This Version is working with PHP5, please add it as an alternative for > php4 in the list of depend packages. Hello Stephan, Thank you for your report. The current version does not work completely with P

Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php

severity 346255 minor thanks Hello Frederik, On Fri, January 6, 2006 18:18, Frederik Reiss wrote: > on http://qa.debian.org/developer.php it is possible to inject javascript > and html tags: > > http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E

Bug#345288: mantis: Plethora of vulnerabilities

On Fri, January 6, 2006 06:48, Igor Genibel wrote: > Please read the bugs filled against wnpp concerning mantis. It is already > adopted and uploaded. Good to hear that. Especially with those vulnerabilities it's good when there's an active maintainer. BTW, are you considering of moving the data

Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php

> [0] [EMAIL PROTECTED]:~/qa/wml 1j $cvs ci -m 'filter input for sanity (Closes: > #346255)' developer.wml < Checking in developer.wml; > /org/cvs.debian.org/cvs/qa/wml/developer.wml,v <-- developer.wml > new revision: 1.141; previous revision: 1.140 > done I think you might have broken somethin

Bug#298733: dbconfig-common

On Fri, 2006-01-06 at 17:03 -0500, Charles Fry wrote: > Perhaps dbconfig-common could help with this? Perhaps indeed, it's planned to use dbconfig-common soon but I'm unaware whether that would solve this specific bug, but we'll see. Thijs signature.asc Description: This is a digitally signed

Bug#346255: Javascript and HTML injection on http://qa.debian.org/developer.php

reopen 346255 thanks On Sat, 2006-01-07 at 00:48 +0100, Christoph Berg wrote: > Re: Thijs Kinkhorst in <[EMAIL PROTECTED]> > > I think you might have broken something, since viewing my own DDPO doesn't > > work anymore: > > http://qa.debian.org/developer.php?login

Bug#295595: Don't ship in sarge - what about etch?

Hello Mike, > After discussing the situation with upstream, we agreed that vegastrike > would better serve our users if it was not shipped in sarge. Sarge has been released, will vegastrike be ready at the time of etch? Thijs signature.asc Description: This is a digitally signed message part

Bug#303477: kmatplot: Do not release with sarge...

Hello Hugo, > I feel kmatplot should not release with sarge. The project is dead > upstream, qmatplot should be considered at least, but even that is just > a "make kmatplot build with gcc3" patched kmatplot 0.4. Sarge has been released. I think it would be good to either decide to let the packa

Bug#263783: Shouldn't be included on Sarge - what about etch?

> This package is not ready for a stable release yet so this bug will > keep it out of Sarge. Sarge has been released; time to let the package flow to testing, preparing it for etch? Thijs signature.asc Description: This is a digitally signed message part

Bug#299144: Keep PHPWiki out of Sarge

> I do not believe that the phpwiki package, as-is, is suitable for testing. > It is several minor releases behind upstream, will take significant work to > ensure easy upgrades to the latest upstream version, and has lots of minor > things that make it quirky in live use. Sarge has been release

Bug#263358: minit: Minit not to be included in sarge, experimental packaging

Hello Erich, > Minit should not be included in sarge. > The packaging is experimental and i did not recieve any feedback yet. > Since minit doesn't have any dependencies it can be installed from > unstable on even a potato system easily. Since sarge has been released, do you think it would be tim

Bug#267648: 1.1.1 ist too old and should not be released with sarge while my current 1.3.2 package is not yet in release condition

Hello Martin, > too old for release, package of new upstream version 1.3.2 not yet in > releaseable condition. I think it would be good to either upload the new upstream to unstable and let it propagate to testing, or if this is not possible remove the package from unstable aswell. This intermedi

Bug#299144: Keep PHPWiki out of Sarge

On Sat, 2006-01-07 at 23:38 +1300, Matt Brown wrote: > On Sat, 2006-01-07 at 11:07 +0100, Thijs Kinkhorst wrote: > > > Sarge has been released by now; the package has been adopted by a new > > maintainer who made quite some progress in reducing the bug list. Is it > > now

Bug#346710: gnokii: FTBFS: build-depends on removed xlibs-dev

Hello Bradley, George, gnokii now has an RC bug. However, Bradley offered it up for adoption in <[EMAIL PROTECTED]>, and George responded that he would take it, so that's great. This would be a good time for George to make a new upload :) > This is a serious bug filed against your package becau

Bug#332784: Diff for NMU 2.2.3-4.1

Hello Loïc, Since you are now a comaintainer for evolution and there have been several MU's since your NMU, this bug can be closed/acknowledged? bye, Thijs signature.asc Description: This is a digitally signed message part

Bug#332784: Diff for NMU 2.2.3-4.1

Hello Loïc, Since you are now a comaintainer for evolution and there have been several MU's since your NMU, this bug can be closed/acknowledged? bye, Thijs signature.asc Description: This is a digitally signed message part

Bug#347368: Package not found when looking for "mysql-administrator"

Package: mysql-admin Version: 1.1.5-1 Severity: minor Upstream calls this package "mysql-administrator". For example in the source tarball name and in the binary RPM packages. So I would expect to find the package when I searched in Debian for mysql-administrator. My first question would be why n

Bug#340271: "Essential: no" gives "This package is marked Essential..." warning

On Tue, 2005-11-22 at 11:01 +0100, Thijs Kinkhorst wrote: > W: keylookup; Packages's control file contains 'Essential: no'. > W: keylookup; This package is marked Essential, without being known as > such. Here's a patch that solves the issue. Thijs --- checks/con

Bug#346710: gnokii: FTBFS: build-depends on removed xlibs-dev

On Tue, 2006-01-10 at 20:18 +, George Wright wrote: > On Mon, 2006-01-09 at 12:24 +0100, Thijs Kinkhorst wrote: > > Hello Bradley, George, > > > However, since there hasn't been concrete action from George yet, I plan > > to NMU this package after a week from no

Bug#346710: Patch for 346710

tags 346710 +patch thanks Hello, Here's the patch. Thijs

Bug#346710: gnokii: Here's the patch

Package: gnokii Version: 0.6.8-0.2 Followup-For: Bug #346710 Patch now attached. --- control.orig2006-01-12 16:33:08.0 +0100 +++ control 2006-01-12 16:33:26.0 +0100 @@ -2,7 +2,7 @@ Section: comm Priority: optional Maintainer: Bradley Marshall <[EMAIL PROTECTED]> -Bui

Bug#334070: gnokii: Here's a patch

Package: gnokii Version: 0.6.8-0.2 Followup-For: Bug #334070 A patch for this bug. Thijs --- control.orig2006-01-12 16:48:48.0 +0100 +++ control 2006-01-12 16:49:12.0 +0100 @@ -7,7 +7,8 @@ Package: gnokii Architecture: any -Depends: ${shlibs:Depends}, liblockfile1

Bug#343813: gnokii: Here's a patch

Package: gnokii Version: 0.6.8-0.2 Followup-For: Bug #343813 Here's a patch to upgrade to libmysqlclient15-dev. Thijs --- control.orig2006-01-12 16:50:29.0 +0100 +++ control 2006-01-12 16:51:15.0 +0100 @@ -2,7 +2,7 @@ Section: comm Priority: optional Maintainer: Br

Bug#269790: the problem still exists in sarge and etch

Hello Jorge, On Tue, December 27, 2005 22:43, Jorge Salamero Sanz wrote: > i'm still having the same problem in sarge and etch packages of > squirrelmail. Can you tell us a bit more about the specifics of your problem and why you think it's the same as this bug which has already been closed? The

Bug#269790: the problem still exists in sarge and etch

On Tue, December 27, 2005 23:36, Jorge Salamero Sanz wrote: > maybe i read this bug too quick ... > > my problem is whatever i put in squirrelmail default locale or options > > display preferences > languagem squirrelmail is always in english. i try > spanish, basque, french ... and always in enlig

Bug#344674: CVE-2005-4357: phpbb2: XSS with onmouseover

Hello Moritz, On Sat, December 24, 2005 16:02, Moritz Muehlenhoff wrote: > The mentioned path disclosure is obviously not a problem, but does > the described XSS issue have real-world security implications? Sorry for not getting back to you earlier, this is due to the holidays. Hope you had a nic

Bug#341195: Correct link

> The link to packages-arch-specific is broken. The correct link is: http://cvs.debian.org/srcdep/Packages-arch-specific?rev=HEAD&cvsroot=dak&content-type=text/vnd.viewcvs-markup It's appearently mangled by something when generating the document. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROT

Bug#345288: mantis: Plethora of vulnerabilities

On Fri, 2005-12-30 at 05:02 +0100, Moritz Muehlenhoff wrote: > Lots of vulnerabilites have yet again been found in Mantis: Since I've taken care of the previous round of vulnerabilities, I'll take a look to see what I can do here, but provide no guarantees at this point. > [Hilko, in another bug

Bug#345359: phpBB 2.0.19 released, Debian appears not vulnerable

Package: phpbb2 Severity: wishlist Hello all, The phpBB authors have released 2.0.19 today which lists the following issues labeled as security: 1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode 2 * [Sec] fixed XSS issue (only valid for Internet Explorer) if

Bug#341958: dbconfig-common: Support for table prefix

On Sun, 2005-12-04 at 13:56 -0500, sean finney wrote: > at the very least, dbconfig-common could hold the common debconf > template, so that multiple packages could benefit from having the text > pre-translated. I guess that would create confusion if dbconfig-common doesn't also provide function

Bug#335997: flyspray: Multiple XSS vulnerabilities

reopen 335997 found 335997 0.9.7-2 thanks Hello Pierre, Sorry, didn't have time to get back to this earlier. I've verified that unstable is indeed completely fixed for CVE-2005-3334 (which contains some typos in the names of the affected variables). > Though, please note that this XSS vulneratib

Bug#334738: phpbb2: Fix Swedish language

tags 334738 upstream thanks Hello Reine, > As Danish, Swedish and Finnish translations is broke upstreams, these were > dropped from the package. My wish is that those will be fixed, and > distributed > together with the next update to the debianzied package. The upstream packages contain bor

Bug#342082: phpbb2: Database export doesn't work

Hello Nigel, On Mon, 2005-12-05 at 14:34 +, Nigel Horne wrote: > I will look into it and try your suggestion. For what it is worth, I am > using the default settings for everything that I can, and IMHO defaults > should work! I've checked this, and the default for gzip is Off on a brand clea

Bug#343233: PHPBB2 broken multiple boards via virtual hosts

Hello Ian, > The recomended solution for having multiple boards on the same debian > system seems to be to use a single instalation of the site files, and > simply point each virtual host to a different database. This is > acomplished by placing a 'php_value auto_prepend_file ...' line within

Bug#345445: bugs.debian.org: please don't bold forwarded-to links

Package: bugs.debian.org Severity: wishlist The titles of bugs are bolded links. However, if you mark a bug as forwarded to some http-location (eg an upstream bts), you get two bolded, long links for the same bug entry on the overview page. That makes the section Forwarded Bugs very noisy. Examp

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

On Wed, October 26, 2005 23:30, Moritz Muehlenhoff wrote: > Another security problem has been found in mantis. Insufficient > input sanitising of the t_core_path parameter may be exploited to perform > arbitrary file inclusion. Please see > http://secunia.com/secunia_research/2005-46/advisory/ for

Bug#335992: RFA: mantis -- web-based bug tracking system

On Thu, October 27, 2005 09:38, Hilko Bengen wrote: > I request an adopter for the mantis package since I no longer use it. > A few security-related bugs have been filed for which the status quo > is unclear. Please note that I've already prepared an NMU for these security bugs for unstable which

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

On Thu, October 27, 2005 11:26, Moritz Muehlenhoff wrote: > I assume you've prepared packages of 0.19.3? > This would address the SQL injection issue and the other XSS in > view_all_set as well, which are both not yet in the BTS. Yes, I have. Thijs

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

On Thu, October 27, 2005 14:56, Martin Schulze wrote: >> I assume you've prepared packages of 0.19.3? >> This would address the SQL injection issue and the other XSS in >> view_all_set as well, which are both not yet in the BTS. >> >> The latest issues have been assigned CVE-2005-333[6789], BTW. >>

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

ields errors. Hence, I can't test them, but agree with Moritz assertions that woody is most probably not vulnerable. regards Thijs Kinkhorst signature.asc Description: This is a digitally signed message part

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote: > The included patches look fine and correlate to what I extracted from the > interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959? > > The mantis bug is non-public, but according to the description it's > a cross-site-scrip

Bug#335662: phpbb2: Cookie disclosure when using IE as a browser

Hello Moritz, On Tue, 2005-10-25 at 10:54 +0200, Moritz Muehlenhoff wrote: > There's been a report about an exploit for an Internet Explorer > flaw that may lead to disclosure of cookie information. This seems > to be different than #317739. Please see > http://cert.uni-stuttgart.de/archive/bugtr

Bug#336582: New round of security issues

On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote: > | After these weaknesses were found and disclosed to the vendor > | nearly 80 days ago, several problems with unitialised variables > | were discovered that allow XSS, SQL injection and even remote > | execution of arbitrary PHP code, wh

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

On Mon, 2005-10-31 at 17:22 +0100, Moritz Muehlenhoff wrote: > It's hard to tell, whether it's the same issue as #5959 is non-public, but at > least there are two different CVE mappings. (CVE-2005-2557 and CVE-2005-3337). > But it might very well be that the CVE description is wrong, as all these

Bug#333835: ctrlproxy: Eats up memory making the system unusable

On Mon, 24 Oct 2005 18:46:13 +0300, Faidon Liambotis <[EMAIL PROTECTED]> writes: > upstream's SVN log shows several bugfixes, including memory leak > fixes. An update to the latest version will probably fix these > problems. Actually, Debian already contains the most recent upstream release, 2.6.2

Bug#336582: New round of security issues

On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote: > A new round of security issues in phpBB has been disclosed. Hello people, Here's an update on the current state of affairs of the issues fixed in 2.0.18. UNSTABLE Packages for 2.0.18 for sid are nearly ready, we only need some code to ad

Bug#335938: Request to open up bug reports

these bugs, that would also suffice. Thanks in advance. Thijs Kinkhorst

Bug#337085: squirrelmail: failed to connect to SSL imap

p_server_address = 'ssl://' . $imap_server_address; Otherwise, thank you for your report, I will check this out with upstream to see what's going on here. regards, Thijs Kinkhorst signature.asc Description: This is a digitally signed message part

Bug#337235: libjdom-java: Typo in uploader name "Vandyk"

Package: libjdom-java Severity: minor Arnaud Vandyck is spelled as "Arnaud Vandyk", yields an extra entry in http://www.debian.org/devel/people bye, Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#337391: libcgi-ssi-perl: FTBFS: Missing Build-Depends on netbase

Hello people, > Also, you need to make sure the package builds on a machine which is > offline, since requiring network access during a package build is a > serious problem -- although I haven't yet been able to check whether > that's the case here. I can confirm that the package doesn't build co

Bug#339530: Please add man page for rnano

Package: nano Severity: wishlist Hello Jordi, Here's a man page I've written for the 'rnano' command as supplied by the nano package. If you think the page is correct, could you please include it in the package, and maybe forward it upstream? regards, Thijs Kinkhorst

Bug#339538: Please include man page for midentd

Package: midentd Servity: wishlist Tags: patch Hello, I've noticed that the midentd package misses a man page, so I created one based on the documentation that comes with the package, see attachment. Could you please consider including it in the next upload? Thanks, Thijs Kinkhorst mide

Bug#339540: Please include man page for qalc

hanks, Thijs Kinkhorst qalc.1 Description: Troff document signature.asc Description: This is a digitally signed message part

  1   2   3   4   5   6   7   8   9   10   >