Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

On Fri, May 09, 2014 at 03:32:25AM +0200, Wilfried Klaebe wrote: > Kurt Roeckx wrote: > > I don't see how the severity of this is critical. > > The severity level "critical" is defined as: "makes unrelated software > on the system (or the whole system) break, or causes serious data loss, > or intr

Bug#747471: libnss: Arbitrary key size limitation for client certificate authenticaton causing out-of-memory error

Source: iceweasel Severity: critical Tags: security upstream When using client certificate authentication with client certificates with keys of 4097 bit RSA or larger you always get a diagnostic from the SSL layer saying that no memory was available which is funny because usinga key of the same si

Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

Kurt Roeckx wrote: > I don't see how the severity of this is critical. The severity level "critical" is defined as: "makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package."

Bug#747461: qpidd: postinst fails while running adduser

Package: qpidd Version: 0.16-7.1 Severity: grave Justification: renders package unusable postinst runs: adduser --system --home /var/run/qpid --group --no-create-home --disabled- password qpidd ... which errors out because /var/run/qpid doesn't exist and the postinst aborts. Repeating the post

Bug#731399: marked as done (jocaml: needs update for ocaml 4.01.0)

Your message dated Thu, 08 May 2014 22:48:31 + with message-id and subject line Bug#731399: fixed in jocaml 4.01.0-1 has caused the Debian Bug report #731399, regarding jocaml: needs update for ocaml 4.01.0 to be marked as done. This means that you claim that the problem has been dealt with.

Bug#747459: new mercurial makes tortoisehg uninstallable

package: tortoisehg version: 2.11-1 severity: serious Hi, The new version of mercurial (3.0-1) makes tortoisehg uninstallable, as it depends on mercurial (<< 2.10~) Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Conta

Processed: found 747166 in 3.2.41-2

Processing commands for cont...@bugs.debian.org: > # first common ancestor for stable and unstable > # kernels back to 2.6.31 are also affected, but that was linux-2.6, not linux > found 747166 3.2.41-2 Bug #747166 [linux] CVE-2014-0196: pty layer race condition memory corruption There is no sourc

Bug#747453: [Pkg-openssl-devel] Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

severity 747453 normal thanks I don't see how the severity of this is critical. On Thu, May 08, 2014 at 11:23:04PM +0200, Benny Baumann wrote: > Source: openssl > Severity: critical > Tags: security patch > > OpenSSL contains a set of arbitrary limitations on the size of accepted key > parameter

Bug#747457: acetoneiso: uninstallable on kfreebsd

package: acetoneiso version: 2.4-1 severity: serious Hi, It seems acetoneiso depends on fuse and fuse-iso. Both packages are not available on kfreebsd. Either the dependency needs to be removed on these architectures, or acetoneiso should switch back to linux-any. Cheers, Ivo -- To UNSUBSCRI

Bug#747402: marked as done (missing license in debian/copyright)

Your message dated Thu, 08 May 2014 22:04:11 + with message-id and subject line Bug#747402: fixed in libguestfs 1:1.26.2-1 has caused the Debian Bug report #747402, regarding missing license in debian/copyright to be marked as done. This means that you claim that the problem has been dealt wi

Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

Source: openssl Severity: critical Tags: security patch OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers with

Processed: your mail

Processing commands for cont...@bugs.debian.org: > tags 747428 upstream Bug #747428 [xbmc] [xbmc] passwords are stored in plain xml file Added tag(s) upstream. > forwarded 747428 http://trac.xbmc.org/ticket/15198 Bug #747428 [xbmc] [xbmc] passwords are stored in plain xml file Set Bug forwarded-to

Bug#733934: marked as done (libmikmatch-ocaml-dev: an attempt to compile a program using the provided library fails)

Your message dated Thu, 08 May 2014 19:04:00 + with message-id and subject line Bug#733934: fixed in mikmatch 1.0.7-1 has caused the Debian Bug report #733934, regarding libmikmatch-ocaml-dev: an attempt to compile a program using the provided library fails to be marked as done. This means t

Bug#747442: [Aptitude-devel] Bug#747442: aptitude: progs run by aptitude (apt-listbugs, how-can-I-help block apt when they crash

Hi Stephen, Stephen McGregor wrote: > Package: aptitude > Version: 0.6.10 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > the specific situation: > - [ already filed as #747406 against ruby] > - a ruby corruption is crashing both apt-listbugs AND how

Bug#725079: marked as done (ns2: FTBFS with upcoming changes in Tcl/Tk)

Your message dated Fri, 9 May 2014 02:09:29 +0800 with message-id and subject line has caused the Debian Bug report #725079, regarding ns2: FTBFS with upcoming changes in Tcl/Tk to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is n

Bug#747442: aptitude: progs run by aptitude (apt-listbugs, how-can-I-help block apt when they crash

Package: aptitude Version: 0.6.10 Severity: grave Justification: renders package unusable Dear Maintainer, the specific situation: - [ already filed as #747406 against ruby] -a ruby corruption is crashing both apt-listbugs AND how-can-I-help - thus aptitude returns a failure

Bug#747441: billiard: FTBFS on kfreebsd

package: billiard version: 3.3.0.17-1 severity: serious Hi, The latest upload of billiard fails on kfreebsd-*, but built successfully before: https://buildd.debian.org/status/package.php?p=billiard Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subjec

Bug#746278: marked as done (owncloud-client: FTBFS: tests fail when ran in parallel)

Your message dated Thu, 08 May 2014 17:48:57 + with message-id and subject line Bug#746278: fixed in owncloud-client 1.6.0~beta2+dfsg-2 has caused the Debian Bug report #746278, regarding owncloud-client: FTBFS: tests fail when ran in parallel to be marked as done. This means that you claim t

Bug#746577: closed by Michael Biebl (Re: Bug#746577: systemd-sysv: for upgrade safety, systemd-sysv and sysvinit-core must be coinstallable)

On 05/06/2014 08:08 AM, Tollef Fog Heen wrote: > ]] Zack Weinberg > >> On Mon, May 5, 2014 at 5:40 PM, Tollef Fog Heen wrote: >>> ]] Zack Weinberg Fundamentally what I want is a bulletproof procedure for reverting to sysvinit in case something goes wrong. >>> >>> Sounds like you're arg

Bug#746577: closed by Michael Biebl (Re: Bug#746577: systemd-sysv: for upgrade safety, systemd-sysv and sysvinit-core must be coinstallable)

On 05/06/2014 02:39 AM, Michael Stapelberg wrote: > Hi Zack, > > Zack Weinberg writes: >> Note that coinstallability is not enough -- the bulletproof procedure >> (e.g. "update-init-system") must also be implemented, shipped, and >> documented. > Your tone is way out of line. Who are you to tell

Bug#747397: policykit-1 forces using systemd and may break systems with sysvinit after update

Hi, > As explained on #747105 policykit-1 only depends against libpam-systemd > which in turns depends against "systemd-sysv | systemd-shim". But systemd package will be installed in any case. Not a big problem though... > If you don't want to use systemd as PID1 you can install systemd-shim. O

Bug#742493: [Pkg-postgresql-public] Bug#742493: Bug#742493: pgmemcache segfaults with libmemcached11

Re: Hannu Valtonen 2014-05-08 <536bad38.7090...@ohmu.fi> > http://bazaar.launchpad.net/~tangent-trunk/libmemcached/1.0/revision/1121.1.13 > > You're misreading the change. Basically libmemcached stopped using the > custom memory allocator and changed to using malloc unconditionally, > breaking bac

Bug#744337: marked as done (gradle: FTBFS: java.lang.OutOfMemoryError: Java heap space)

Your message dated Thu, 8 May 2014 13:14:16 -0300 with message-id <20140508161416.ga20...@alice.nomadium.lan> and subject line Re: gradle: FTBFS: java.lang.OutOfMemoryError: Java heap space has caused the Debian Bug report #744337, regarding gradle: FTBFS: java.lang.OutOfMemoryError: Java heap spac

Processed: Re: policykit-1 forces using systemd and may break systems with sysvinit after update

Processing commands for cont...@bugs.debian.org: > forcemerge 747105 747397 Bug #747105 {Done: Michael Biebl } [policykit-1] policykit-1: depends on systemd Bug #747397 [policykit-1] policykit-1 forces using systemd and may break systems with sysvinit after update Marked Bug as done Merged 74710

Bug#742493: [Pkg-postgresql-public] Bug#742493: Bug#742493: pgmemcache segfaults with libmemcached11

Hi, http://bazaar.launchpad.net/~tangent-trunk/libmemcached/1.0/revision/1121.1.13 You're misreading the change. Basically libmemcached stopped using the custom memory allocator and changed to using malloc unconditionally, breaking backwards compatibility. Before the change it used the custom

Bug#746577: closed by Michael Biebl (Re: Bug#746577: systemd-sysv: for upgrade safety, systemd-sysv and sysvinit-core must be coinstallable)

On 05/06/2014 01:37 AM, Martin Pitt wrote: > Zack Weinberg [2014-05-05 20:29 -0400]: >> I contend that, therefore, "systemd-sysv", "sysvinit-core", *and* >> "systemd-shim" (and "upstart" as well) (quotation marks indicate package >> names) should *all* be coinstallable; an upgrade from wheezy shoul

Bug#747428: [xbmc] passwords are stored in plain xml file

Package: xbmc Version: 2:13.0+dfsg1-1 Severity: grave Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Hi, I just add a webdav source in xbmc, so it asks for a username and password. But these informations are then stored in a plain XML file: ~/.xbmc/userdata/sources.xml

Processed: mark 732424 serious

Processing commands for cont...@bugs.debian.org: > severity 732424 serious Bug #732424 [gstreamer0.10] gstreamer0.10: deprecated option YYLEX_PARAM has been removed from bison leading to FTBFS Severity set to 'serious' from 'important' > stop Stopping processing here. Please contact me if you ne

Processed: Re: pacemaker: FTBFS: configure: error: Unable to support SNMP

Processing commands for cont...@bugs.debian.org: > # the FTBFS also happens with the version in jessie, when trying to build it > # in jessie or sid > found 746141 1.1.7-2.1 Bug #746141 [src:pacemaker] pacemaker: FTBFS: configure: error: Unable to support SNMP Marked as found in versions pacemake

Processed: LO 4.2 now in sid - bug now RC

Processing commands for cont...@bugs.debian.org: > severity 743634 serious Bug #743634 [libreoffice-accessodf] libreoffice-accessodf: MessageBox API changed in LO 4.2 :/ Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 74

Bug#742493: [Pkg-postgresql-public] Bug#742493: Bug#742493: pgmemcache segfaults with libmemcached11

Re: To Hannu Valtonen 2014-05-02 <20140502135529.gb14...@msgid.df7cb.de> > Re: Hannu Valtonen 2014-05-02 <53639ce0.30...@ohmu.fi> > > Hi, > > > > This has now been fixed by: > > https://github.com/ohmu/pgmemcache/commit/47623a545be485d6dd1ffb917e990d267ad57f35 Hi, we've had a closer look at thi

Bug#742493: marked as done (Segfault with libmemcached11)

Your message dated Thu, 08 May 2014 13:26:16 + with message-id and subject line Bug#742493: fixed in pgmemcache 2.1.2-2 has caused the Debian Bug report #742493, regarding Segfault with libmemcached11 to be marked as done. This means that you claim that the problem has been dealt with. If thi

Bug#702005: Bug #702005: Where can i get more attention on this?

Thanks, Ian. I will be following the steps you pinted out so that this fix lands on stable. I will email you privately in a couple of hours. Greetings, Luis. > From: ijack...@chiark.greenend.org.uk > Date: Thu, 8 May 2014 13:03:11 +0100 > To: l...@huntingbears.com.ve > CC: debian-de...@lists.debia

Bug#745307: Re-assigning to OCamlgraph

Le 2014-05-07 21:51, Peter Michael Green a écrit : This bug is due to an API change appeared in OCamlgraph 1.8.4 and then reverted back in 1.8.5. OCamlgraph 1.8.3 (present testing's version) is not affected. Am I correct in thinking that means that the binnmus for dose3 should be given back? Y

Bug#715569: Ack

Just hit this bug also. Was testing out vroot, and had some weird issues (not chrooting), and it wasn't clear why. Then I found this report. Did rebuild the package with pbuilder and installed it. And now it just works fine! Could this package just be rebuild? Thanks Jean-Louis -- To UNSU

Bug#747420: libsword-dev: libsword.so is a broken symlink

Package: libsword-dev Version: 1.7.2+dfsg-1 Severity: grave Justification: renders package unusable libsword10 ships libsword.so.10. libsword-dev ships libsword.so as a symlink to libsword.so.9. Cheers, Julien signature.asc Description: Digital signature

Bug#747418: belle-sip: FTBFS on kfreebsd-i386 (internal error: belle_sdp.g : java.lang.NullPointerException)

Source: belle-sip Version: 1.3.0-1 Severity: serious Justification: fails to build from source (but built successfully in the past) Hi, your package no longer builds on kfreebsd-i386 in sid: https://buildd.debian.org/status/fetch.php?pkg=belle-sip&arch=kfreebsd-i386&ver=1.3.0-1%2Bb1&stamp=1399545

Bug#702005: Bug #702005: Where can i get more attention on this?

Luis Alejandro Martínez Faneyth writes ("Bug #702005: Where can i get more attention on this?"): > I'm a little worried about bug #702005 and the lack of attention > it's getting. This bug is marked as resolved, and indeed it has > been resolved for jessie and sid, but not for wheezy. This bug >

Bug#702005: Bug #702005: Where can i get more attention on this?

Ian Jackson writes ("Re: Bug #702005: Where can i get more attention on this?"): > [some stuff to Luis Alejandro Martínez Faneyth ] Unfortunately, Luis's mail domain is hosted at Hotmail which hates chiark: l...@huntingbears.com.ve SMTP error from remote mail server after MAIL FROM: SIZE=4

Processed: meep: please migrate to guile-2.0

Processing commands for cont...@bugs.debian.org: > severity 746007 serious Bug #746007 [meep] meep: please migrate to guile-2.0 Severity set to 'serious' from 'normal' > retitle 746007 meep: FTBFS with guile-2.0 Bug #746007 [meep] meep: please migrate to guile-2.0 Changed Bug title to 'meep: FTBFS

Bug#747410: meep: ignores errors from ./configure

Source: meep Version: 1.1.1-9 Severity: serious Your package ignores errors from ./configure. You shouldn't do that. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'experimental'), (650, 'testing') Architecture: amd64 (x86_64) Forei

Bug#744809: marked as done (FTBFS: writes to file outside package build dir)

Your message dated Thu, 08 May 2014 11:00:30 + with message-id and subject line Bug#744809: fixed in ruby-gnome2 2.2.0-1 has caused the Debian Bug report #744809, regarding FTBFS: writes to file outside package build dir to be marked as done. This means that you claim that the problem has bee

Bug#747405: missing license in debian/copyright

Package: ruby-gnome2 Version: 2.2.0-1 Severity: serious User: alteh...@debian.org Usertags: ftp X-Debbugs-CC: ftpmas...@ftp-master.debian.org thanks Dear Maintainer, please add the missing license of: goocanvas/sample/demo-fifteen.rb goocanvas/sample/demo-primitives.rb goocanvas/sample/demo.r

Processed (with 5 errors): Re: Debian BTS #744099 and #747342

Processing commands for cont...@bugs.debian.org: > unblock 746034 by 744099 Bug #746034 {Done: Andreas Cadhalpun } [chromium] chromium 34.0.1847.116-1~deb7u1 depends on libudev0 which is no longer in the testing archive 746034 was blocked by: 744099 747135 746034 was not blocking any bugs. Remov

Processed (with 5 errors): Re: Debian BTS #744099 and #747342

Processing commands for cont...@bugs.debian.org: > unmerge 744099 Bug #744099 [chromium] update chromium Bug #747135 [chromium] chromium: FTBFS on i386 due to 32bit linker Disconnected #744099 from all other report(s). > severity 744099 normal Bug #744099 [chromium] update chromium Severity set to

Bug#700758: bcrypt: Bcrypt exposes patterns in data, it is broken

On Wed, Apr 09, 2014 at 01:09:40PM +0200, Agustin Martin wrote: > On Mon, Apr 07, 2014 at 12:38:16PM +0200, Agustin Martin wrote: > > If something Debian-only is to be done with this package to keep it > > available, it could be disabling encryption, together with a descriptive > > error message. T

Processed (with 4 errors): Re: Debian BTS #744099 and #747342

Processing commands for cont...@bugs.debian.org: > severity 747135 grave Bug #747135 [chromium] chromium: FTBFS on i386 due to 32bit linker Bug #744099 [chromium] update chromium Severity set to 'grave' from 'normal' Severity set to 'grave' from 'normal' > block 746034 by 747135 Bug #746034 {Done:

Bug#747402: missing license in debian/copyright

Package: libguestfs Version: 1:1.26.1-3 Severity: serious User: alteh...@debian.org Usertags: ftp X-Debbugs-CC: ftpmas...@ftp-master.debian.org thanks Dear Maintainer, please add the missing licenses of: gnulib/* to debian/copyright. Thanks! Thorsten -- To UNSUBSCRIBE, email to debian-bugs

Processed (with 1 errors): Debian BTS #744099 and #747342

Processing commands for cont...@bugs.debian.org: > severity 744099 normal Bug #744099 [chromium] update chromium Bug #747135 [chromium] chromium: FTBFS on i386 due to 32bit linker Severity set to 'normal' from 'grave' Severity set to 'normal' from 'grave' > unblock 746034 by 744099 Bug #746034 {Do

Bug#744099: Not grave!

How this bug can be considered GRAVE? Read here: https://www.debian.org/Bugs/Developer#severities Marking this as grave is preventing the version 34.0.1847.132-1 migrating to testing, thus many people cannot install the newer version due to #746034. And how this bug is blocking #746034? They a

Bug#745307: Re-assigning to OCamlgraph

On Wed, May 07, 2014 at 08:51:48PM +0100, Peter Michael Green wrote: > >This bug is due to an API change appeared in > >OCamlgraph 1.8.4 and then reverted > >back in 1.8.5. OCamlgraph 1.8.3 (present > >testing's version) is not affected. > Am I correct in thinking that means that the binnmus for do

Bug#747054: FTBFS: package javax.servlet.http does not exist

Hi, I've rebuilt eclipse package in current sid using pbuilder and didn't encounter any error. Can someone please confirm this bug is still relevant? Regards, Jakub -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas..

Processed (with 1 errors): gah

Processing commands for cont...@bugs.debian.org: > reopen 665720 Bug #665720 {Done: Jonathan Wiltshire } [iptables-persistent] iptables-persistent: unusable with systemd Bug reopened Ignoring request to alter fixed versions of bug #665720 to the same values previously set > severity 665720 criti

Processed (with 1 errors): merge 708459 743270

Processing commands for cont...@bugs.debian.org: > merge 708459 743270 Bug #708459 [src:cairo-5c] cairo-5c: FTBFS: make[3]: *** [check-TESTS] Error 1 Unable to merge bugs because: severity of #743270 is 'normal' not 'serious' package of #743270 is 'cairo-5c' not 'src:cairo-5c' Failed to merge 7084

Bug#747397: policykit-1 forces using systemd and may break systems with sysvinit after update

Package: policykit-1 Version: 0.105-5 Severity: critical Justification: makes unrelated software on the system (or the whole system) break Hi, I have just found that new version of policykit-1 forces using systemd on users systems: $ sudo apt-get install policykit-1 -V --no-install-recommends

Bug#747393: libsdformat2 and libsdformat1: error when trying to install together

Package: libsdformat1,libsdformat2 Version: libsdformat1/1.4.11-1 Version: libsdformat2/2.0.0-2 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2014-05-08 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at th

Processed: Reasons for this bug to be RC are very vague

Processing commands for cont...@bugs.debian.org: > severity 659878 important Bug #659878 [login] cannot set terminal process group (-1): Inappropriate ioctl for device Bug #663200 [login] login: "su -c" breaks the shell's job control Severity set to 'important' from 'grave' Severity set to 'impor

Bug#659878: Reasons for this bug to be RC are very vague

severity 659878 important thanks The rationale for setting this bug report as release critical is really vague for me. "breaks other software" hasn't been really explained in details : it "breaks" su for some specific uses of it, so it may fit the definition of important but certainly not the one

Bug#737803: chocolate-doom: FTBFS: race during parallel installation

Am Montag, den 05.05.2014, 23:15 -0700 schrieb Vincent Cheng: > Don't forget that the Debian Games team > has a sponsorship queue [1] that you can use if you're looking for a > sponsor within the team; I aim to regularly check the queue for > packages to sponsor. Alright, I have added my pending