Package: cacti
Version: 0.8.6d-1
Severity: critical
Tags: sarge
Justification: root security hole
Multiple Vendor Cacti Remote File Inclusion Vulnerability:
http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities
Multiple Vendor Cacti config_settings.php Remote Code Execution
Package: findimagedupes
Version: 0.1.3-5
Severity: serious
Justification: Policy 3.5
This tool requires libltdl3 to run, and does not depend on it:
~/pics % findimagedupes -v
Can't load '/usr/lib/perl5/auto/Image/Magick/Magick.so' for module
Image::Magick: libltdl.so.3: cannot open shared object
Package: proftpd
Version: 1.2.10-17
Severity: critical
Justification: root security hole
In the most recent (1.2.10-17) version of proftpd, the permissions used
by the daemon are somehome mixed up: both anonymous and authenticated
connections are mapped to uid 0/gid 0 in the filesystem. New files
On Fri, Jun 24, 2005 at 07:20:19AM +0200, Christian Perrier wrote:
> Steve, do you think it's worth for us to post a call for "Debian
> developers/contributors with access to an ADS domain anhd willing to
> help on Samba" in the Debian ML?
That sounds like a good idea to me.
--
Steve Langasek
p
On Fri, Jun 24, 2005 at 07:49:03PM +0200, Klaus Ethgen wrote:
> Package: debian-keyring
> Version: 2004.07.05
> Severity: serious
> Justification: Policy 9.1.1
> The package tryes to install to
> './usr/share/keyrings/debian-keyring.pgp'. (Note the dot in front!)
Uh?
$ dpkg -c /var/cache/apt/arc
On Fri, Jun 24, 2005 at 08:40:42AM -0400, Lennart Sorensen wrote:
> On Fri, Jun 24, 2005 at 02:29:19AM -0700, Steve Langasek wrote:
> > So are there any porters alive out there on debian-arm? Being unable to use
> > cp, mv, and install after upgrading from woody to sarge is a rather serious
> > pr
On Wed, Jun 22, 2005 at 02:56:12PM +0930, Arthur Marsh wrote:
> Hi, this is the patch log where the error occurred.
> can't find file to patch at input line 46475
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --
> |diff -urN -x CVS -
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.8.14
> tags 315676 sid
Bug#315676: libapache2-mod-perl2: perl.conf incorrectly handled
There were no tags set.
Tags added: sid
>
End of message, stopping processing here.
Please contact me
Hi Steve
Steve Langesek wrote:
>It's not clear to me from your message whether this bug affects only the
>version in woody, or if it also affects the version in sarge. Could you
>please clarify, so that we can tag this bug correctly?
The version in Sarge does not seem to be affected - only Wo
On Sat, 2005-06-25 at 00:02 +0530, Ramakrishnan Muthukrishnan wrote:
> I upgraded all gstreamer packages, still getting the same error. The
> libgstaudioconvert.so file is part of gstreamer-misc which is also
> latest version on my system.. I will keep experimenting and will keep
> you posted.
To
So, about that delay you're seeing. You said that there is a
noticable delay on 8 servers. Are they using any kind of special
account/authentication system? Can you reproduce it with, like, a
fresh install? Or with some minimal change?
Justin
On Fri, Jun 24, 2005 at 02:28:41PM -0400, pryzbyj
|| On Fri, 24 Jun 2005 17:56:09 +0100
|| Ross Burton <[EMAIL PROTECTED]> wrote:
ross> Where Sarge has gst-gconf 0.8.8-2. Can you do a full upgrade, including
ross> upgrading any held back packages?
I upgraded all gstreamer packages, still getting the same error. The
libgstaudioconvert.so f
Announcing the second installment of "SSH Username / Password Mapping
Used By Scanners".
This list includes the previous list (which ends at "resin").
For my own reference, the script I am using to generate it:
grep -i 'ailed pass' auth.log |tail +4 |awk '{ if ($9 ~ /invalid/) { print $11
} els
|| On Fri, 24 Jun 2005 17:56:09 +0100
|| Ross Burton <[EMAIL PROTECTED]> wrote:
ross> I've been told by a GStreamer developer that you'll only get this
ross> message if you have mixed versions of gstreamer installed.
ross> Indeed:
>> ii libgstreamer-gconf0.8-0 0.8.2-3GConf supp
Package: libapache2-mod-perl2
Version: 2.0.1-1
Severity: grave
Justification: renders package unusable
Hi,
The new libapache2-mod-perl2 (which I thank you for) does not contain a
perl.conf, yet it attempts to install one in rules:
-install -m644 $(CURDIR)/debian/perl.conf
debian/liba
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: debian-keyring
Version: 2004.07.05
Severity: serious
Justification: Policy 9.1.1
The package tryes to install to
'./usr/share/keyrings/debian-keyring.pgp'. (Note the dot in front!)
- -- System Information:
Debian Release: testing/unstable
On Thu, 2005-06-23 at 19:28 +0530, Ramakrishnan Muthukrishnan wrote:
> sound-juicer: relocation error: /usr/lib/gstreamer-0.8/libgstaudioconvert.so:
> undefined symbol: gst_audio_set_caps_channel_positions_list
I've been told by a GStreamer developer that you'll only get this
message if you have
Package: webcalendar
Version: 0.9.45-4
Severity: grave
Tags: security
Justification: user security hole
According to http://freshmeat.net/projects/webcalendar there is a new
version 1.0.0 available, which includes "major security fixes" of
version 1.0RC3 ("all users should upgrade").
Regards
Hey blarson,
The bug you submitted, 312947, I believe to be upstream in perl. (bod
is perl's maintainer) Check and the bug reports linked from:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=312419
Try and build it again. It should work fine now.
-jay
signature.asc
Descripti
On Fri, Jun 24, 2005 at 02:29:19AM -0700, Steve Langasek wrote:
> So are there any porters alive out there on debian-arm? Being unable to use
> cp, mv, and install after upgrading from woody to sarge is a rather serious
> problem. If anyone has any ideas about this, or can test the problem with a
tags 312958 sid
thanks
I don't seem to be able to reproduce this bug on merulo in a testing chroot,
only in unstable.
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
Processing commands for [EMAIL PROTECTED]:
> tags 312958 sid
Bug#312958: FTBFS on ia64
There were no tags set.
Tags added: sid
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
To UNS
severity 314408 important
thanks
Given that this bug is specific to amd64, it is not actually a
release-critical bug for Debian (yet); there's no sense in letting this bug
block glibc updates from reaching testing when amd64 isn't even in the
archive...
Does http://sources.redhat.com/ml/libc-hack
Processing commands for [EMAIL PROTECTED]:
> package ipkungfu
Ignoring bugs not assigned to: ipkungfu
> # Bug 315076 is in my opinion not a RC Bug
> severity 315076 important
Bug#315076: initscript attempts to source defaults, but sources directory
instead
Severity set to `important'.
> # Bugs
Processing commands for [EMAIL PROTECTED]:
> severity 314408 important
Bug#314408: libc6: Fix pthread_rwlock_wrlock hang with nptl
Severity set to `important'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, D
tags 311712 sarge
thanks
The practical impact of this bug is limited to partial upgrades from woody
to sarge; tagging appropriately.
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digital signature
Processing commands for [EMAIL PROTECTED]:
> tags 311712 sarge
Bug#311712: kwifimanager: Does not have a versioned dependency on libmad0
Tags were: sarge-ignore
Tags added: sarge
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrato
severity 313390 important
retitle 313390 quanta crashes when previewing frame sets
thanks
Well, if the worst that happens is that quanta crashes when using HTML
*frames*, then this doesn't sound grave to me -- indeed, it seems quite
usable as long as you avoid certain ugly and deprecated HTML tags
Processing commands for [EMAIL PROTECTED]:
> severity 313390 important
Bug#313390: quanta crashes by pressing the preview button
Severity set to `important'.
> retitle 313390 quanta crashes when previewing frame sets
Bug#313390: quanta crashes by pressing the preview button
Changed Bug title.
>
Hi
I tried your latest patched 2.6.8 and 2.6.11 kernels on my home firewall.
(The home firewall was working fine with a 2.4 kernel last week, and
had been for many months. The hard disk failed, so I thought I would
test the new distribution and 2.6 kernel with the new disk. Apart from
a replacem
tags 311710 sarge
thanks
The practical impact of this bug is not release-critical for etch, since
partial upgrades from sarge->etch will not be affected: only partial
upgrades from woody to sarge can be. Tagging it appropriately.
Thanks,
--
Steve Langasek
postmodern programmer
signature.asc
D
So are there any porters alive out there on debian-arm? Being unable to use
cp, mv, and install after upgrading from woody to sarge is a rather serious
problem. If anyone has any ideas about this, or can test the problem with a
woody vs. a sarge kernel, please speak up so that we can at the very
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.8.14
> tags 314700 woody
Bug#314700: f2c: segfaults on i386 since last security update
There were no tags set.
Tags added: woody
>
End of message, stopping processing here.
Please contact
Processing commands for [EMAIL PROTECTED]:
> tags 311710 sarge
Bug#311710: kdelibs: Does not have a versioned dependency on libmad0
Tags were: sarge-ignore
Tags added: sarge
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(ad
Hi Jonathan,
It's not clear to me from your message whether this bug affects only the
version in woody, or if it also affects the version in sarge. Could you
please clarify, so that we can tag this bug correctly?
Thanks,
--
Steve Langasek
postmodern programmer
signature.asc
Description: Digit
Thanks for the info. I'll try to talk with upstream on this.
I'm putting the relevant part here:
0x2d633a26 in waitpid () from /lib/libpthread.so.0
#0 0x2d633a26 in waitpid () from /lib/libpthread.so.0
#1 0x2ac1eeae in libgnomeui_module_info_get ()
from /usr/lib/libgno
Bug#315074:
> Simplest fix: add /etc/default/ipkungfu with ENABLED=false, source the
> file in the init script and only start if ENABLED is not "false".
After the last upload I have been planning to create something like
this, as well as using debconf for default values which would indeed
stop thi
tags 315582 + pending
tags 315582 + pending
thanks
Those two security issues are pending upload.
The security team has been contacted for uploading a fixed package to
stable.
Thanks for the report and the patches.
For testers, pending packages are available here:
For sarge:
http://www.sukria.n
Hi Manolo,
You don't need to send reports for the two bugs you reported, they have
been merged.
I see many error about your theme: SphereCrystal. But that doesn't
what's crashing the program.
I'm not sure about what's crashing it:
open("/usr/X11R6/lib/X11/icons/default/index.theme", O_RDONLY) =
Processing commands for [EMAIL PROTECTED]:
> tags 315582 + pending
Bug#315582: backup-manager: insecure handling of temporary files
Tags were: etch sarge security patch
Tags added: pending
> tags 315582 + pending
Bug#315582: backup-manager: insecure handling of temporary files
Tags were: pending
unmerge 315582
thanks
That's not the same problem as the one in #308897.
--
Alexis Sukrieh <[EMAIL PROTECTED]>
http://www.sukria.net
« Quidquid latine dictum sit, altum sonatur. »
Whatever is said in Latin sounds
Processing commands for [EMAIL PROTECTED]:
> unmerge 315582
Bug#315582: backup-manager: insecure handling of temporary files
Bug#308897: backup-manager: insecure default configuration
Disconnected #315582 from all other report(s).
> thanks
Stopping processing here.
Please contact me if you need
Hi Anthony,
I've prepared an NMU for this issue, which I have uploaded to the
DELAYED/4-day queue on gluck. Please find the (trivial) diff attached.
Cheers,
--
Steve Langasek
postmodern programmer
diff -u ttf2pt1-3.4.4/debian/control ttf2pt1-3.4.4/debian/control
--- ttf2pt1-3.4.4/debian/control
43 matches
Mail list logo
