package: pepperflashplugin-nonfree
version: 1.8
severity: serious
If ca-certificates isn't installed prior to installing this package,
it's triggers will be processed after pepperflash tries and fails its
download.
Since the plugin doesn't get fetched, the package is basically non-functional.
A
On Sat, Dec 20, 2014 at 11:34 PM, Michael Gilbert wrote:
> On Fri, Dec 12, 2014 at 7:16 AM, Aníbal Monsalve Salazar wrote:
>> I uploaded cpio 2.11+dfsg-3 to experimental with the upstream patches
>> listed above. Please test it. It didn't segfault when I run it on amd64
>> as reported in Red Hat's
control: reopen -1
On Sat, Dec 20, 2014 at 11:34 PM, Michael Gilbert wrote:
> In the meantime, I'm going to prepare the wheezy DSA.
While preparing it, I noticed that there are a couple commits missing
from the experimental package, commits fd262d11 and f6a8a2cb:
https://security-tracker.debian.o
Processing control commands:
> reopen -1
Bug #772793 {Done: Raphaël Hertzog } [cpio] cpio:
CVE-2014-9112
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions
On Fri, Dec 12, 2014 at 7:16 AM, Aníbal Monsalve Salazar wrote:
> I uploaded cpio 2.11+dfsg-3 to experimental with the upstream patches
> listed above. Please test it. It didn't segfault when I run it on amd64
> as reported in Red Hat's Bugzilla.
Hi,
I tested the update, and it seems to work fine
package: src:libav
version: 6:0.8.16-1
severity: serious
tags: security
Hi,
the following vulnerabilities were published for libav.
CVE-2014-8541[0]:
| libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
| differences, and not bits-per-pixel differences, when determining
| whet
package: src:nss
version: 3.12.8-1
severity: serious
tag: security
An information leak issue was disclosed for nss, fixed in 3.17.3:
https://security-tracker.debian.org/tracker/CVE-2014-1569
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of
Processing control commands:
> tag -1 patch, pending
Bug #773463 [src:jasper] jasper: CVE-2014-8137 CVE-2014-8138
Added tag(s) pending.
--
773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, e
control: tag -1 patch, pending
Hi,
I've uploaded an nmu to delayed/5 fixing these issues. Please see attached.
Best wishes,
Mike
diff -Nru jasper-1.900.1-debian1/debian/changelog jasper-1.900.1-debian1/debian/changelog
--- jasper-1.900.1-debian1/debian/changelog 2014-12-05 07:59:32.0 +0
Jean-Michel Nirgal Vourgère:
> This problem was introduced in commit 27848, where d/rules target
> override_dh_installdocs got an extraneous dh_installdocs: The second one
> try to make the link but fails because the first one created a directory
> with that name.
Actually, there is a problem when
On Sat, Dec 20, 2014 at 7:52 PM, Bálint Réczey wrote:
> The proper severity of this bug is grave as set by Moritz IMO. I'm
> restoring it wearing my maintainer hat.
It's not really constructive arguing over severity, so that's fine.
You've saved yourself from needing to write an unblock request.
Processing control commands:
> severity -1 grave
Bug #760385 [libv8-3.14] nodejs: CVE-2014-5256
Severity set to 'grave' from 'important'
--
760385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE,
Your message dated Sun, 21 Dec 2014 00:33:51 +
with message-id
and subject line Bug#773022: fixed in nettle 2.7.1-4
has caused the Debian Bug report #773022,
regarding libhogweed2: dependency on libnettle4 too weak
to be marked as done.
This means that you claim that the problem has been deal
On Tue, Dec 16, 2014 at 7:41 AM, Matthias Klose wrote:
> Control: found -1 2.24.90.20141128-1
> Control: notfound -1 2.24.90.20141209-1
>
> well, the rebuild was done using binutils_2.24.90.20141128-1 (at least on
> amd64). so it doesn't say anything. Please file a proper binNMU, or reopen
> the
Processing control commands:
> tags -1 + patch
Bug #773191 [python-ogg-dbg] python-ogg-dbg: unhandled symlink to directory
conversion: /usr/share/doc/PACKAGE
Added tag(s) patch.
--
773191: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773191
Debian Bug Tracking System
Contact ow...@bugs.debi
Control: tags -1 + patch
Dear morph
This problem was introduced in commit 27848, where d/rules target
override_dh_installdocs got an extraneous dh_installdocs: The second one
try to make the link but fails because the first one created a directory
with that name.
I've prepared a simple NMU for p
Il giorno sab, 20/12/2014 alle 10.37 +, Olly Betts ha scritto:
> On Sat, Dec 20, 2014 at 10:10:53AM +0100, Pietro Battiston wrote:
> > When I "fixed" #765487, I missed #757886, that is, the fact that the
> > transition
> > from 2.8 to 3.0 (of fontypython) had not been "spontaneous". As a
> >
On Thu, 11 Dec 2014 21:52:47 +0100 Guillem Jover wrote:
> Package: auctex
> Version: 11.88-1
> Severity: serious
>
> Hi!
>
> This package can get involved in a trigger cycle. The problem is that
> it installs interests on /usr/share/texmf with files there provided by
> preview-latex-style and tex-
Processing commands for cont...@bugs.debian.org:
> found 771700 freecol/0.10.7+dfsg-2
Bug #771700 {Done: Vincent Fourmond } [freecol] [freecol]
freecol freezes on intro
Ignoring request to alter found versions of bug #771700 to the same values
previously set
> thanks
Stopping processing here.
P
Hi Adrian (and others),
On 12/20/2014 04:52 PM, John Paul Adrian Glaubitz wrote:
> On 12/20/2014 04:41 PM, John Paul Adrian Glaubitz wrote:
>> Attaching the debdiff of my suggested NMU in any case.
>
> Attaching a revised version as my first patch contained a formatting
> error in the debian/chan
Hi Adrian (and others),
On 12/20/2014 04:52 PM, John Paul Adrian Glaubitz wrote:
> On 12/20/2014 04:41 PM, John Paul Adrian Glaubitz wrote:
>> Attaching the debdiff of my suggested NMU in any case.
>
> Attaching a revised version as my first patch contained a formatting
> error in the debian/chan
On Sat, Dec 20, 2014 at 08:54:53PM +0100, Florian Weimer wrote:
> * Arne Nordmark:
>
> > The wheezy-security upload breaks libapache2-svn in exactly the same
> > way as the previous upload 1.6.17dfsg-4+deb7u5, which was fixed in
> > 1.6.17dfsg-4+deb7u6, see bug number 741314 for more details.
>
>
Processing commands for cont...@bugs.debian.org:
> fixed 773576 1:4.2.6.p2+dfsg-1+deb6u1
Bug #773576 [src:ntp] ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295
CVE-2014-9296
Marked as fixed in versions ntp/1:4.2.6.p2+dfsg-1+deb6u1.
> thanks
Stopping processing here.
Please contact me if you need a
Processing commands for cont...@bugs.debian.org:
> close 773610 1.6.17dfsg-4+deb7u8
Bug #773610 [libapache2-svn] libapache2-svn: apache2 restart failed:
mod_dav_svn.so: undefined symbol:, dav_svn__new_error
There is no source info for the package 'libapache2-svn' at version
'1.6.17dfsg-4+deb7u8'
close 773610 1.6.17dfsg-4+deb7u8
thanks
This was fixed with the 1.6.17dfsg-4+deb7u8 upload.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Your message dated Sat, 20 Dec 2014 21:19:55 +
with message-id
and subject line Bug#773580: fixed in lzo2 2.08-1.2
has caused the Debian Bug report #773580,
regarding lzo2: FTBFS on mips powerpc s390x
to be marked as done.
This means that you claim that the problem has been dealt with.
If thi
Processing commands for cont...@bugs.debian.org:
> fixed 773576 1:4.2.6.p5+dfsg-2+deb7u1
Bug #773576 [src:ntp] ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295
CVE-2014-9296
The source 'ntp' and version '1:4.2.6.p5+dfsg-2+deb7u1' do not appear to match
any binary packages
Marked as fixed in versio
Processing commands for cont...@bugs.debian.org:
> reopen 773509
Bug #773509 {Done: Andrei POPESCU }
[src:mono-runtime-dbg] mono-runtime-dbg: missing debug symbols from
mono-runtime-dbg
Warning: Unknown package 'src:mono-runtime-dbg'
Bug reopened
Warning: Unknown package 'src:mono-runtime-dbg'
W
* Arne Nordmark:
> The wheezy-security upload breaks libapache2-svn in exactly the same
> way as the previous upload 1.6.17dfsg-4+deb7u5, which was fixed in
> 1.6.17dfsg-4+deb7u6, see bug number 741314 for more details.
Ugh, I'm building this now myself and will upload another version if
it passe
Package: libapache2-svn
Version: 1.6.17dfsg-4+deb7u7
Severity: grave
Justification: renders package unusable
The wheezy-security upload breaks libapache2-svn in exactly the same way
as the
previous upload 1.6.17dfsg-4+deb7u5, which was fixed in 1.6.17dfsg-4+deb7u6,
see bug number 741314 for more d
Your message dated Sat, 20 Dec 2014 20:55:09 +0200
with message-id <20141220185509.GC6987@sid.nuvreauspam>
and subject line Re: Bug#773509: mono-runtime-dbg: missing debug symbols from
mono-runtime-dbg
has caused the Debian Bug report #773509,
regarding mono-runtime-dbg: missing debug symbols from
On Vi, 19 dec 14, 10:58:40, Jo Shields wrote:
> Source: mono-runtime-dbg
> Version: 3.2.1+dfsg-1
> Justification: renders package unusable
> Severity: grave
...
> -- System Information:
> Debian Release: jessie/sid
> APT prefers trusty-updates
> APT policy: (500, 'trusty-updates'), (500, 'trus
Processing control commands:
> tags 773580 + patch pending
Bug #773580 [lzo2] lzo2: FTBFS on mips powerpc s390x
Added tag(s) pending and patch.
--
773580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773580
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBS
Control: tags 773580 + patch pending
On Sat, 20 Dec 2014 at 11:06:56 +, Simon McVittie wrote:
> On 20/12/14 10:57, Ivo De Decker wrote:
> > The latest upload of lzo2 failed on mips, powerpc, s390x (and sparc).
>
> In other words, on big-endian architectures (where byteswapping to fetch
> a LE
On Wed, 03 Dec 2014 08:52:39 +0100 Matthias Urlichs
wrote:
> Package: nut-client
> Version: 2.7.2-1+b3
> Severity: serious
> Justification: 10.7.3
>
> An unconfigured package is expected to not fail installation.
>
> Setting up nut-client (2.7.2-1+b3) ...
> Job for nut-monitor.service failed. Se
Your message dated Sat, 20 Dec 2014 17:49:18 +
with message-id
and subject line Bug#770608: fixed in maven 3.0.5-2
has caused the Debian Bug report #770608,
regarding maven: FTBFS: maven-install-plugin or one of its dependencies could
not be resolved
to be marked as done.
This means that you
Your message dated Sat, 20 Dec 2014 17:49:09 +
with message-id
and subject line Bug#771943: fixed in ifupdown 0.7.51
has caused the Debian Bug report #771943,
regarding ifupdown: boot hangs, interface won't raise
to be marked as done.
This means that you claim that the problem has been dealt
On 12/20/2014 04:41 PM, John Paul Adrian Glaubitz wrote:
> Attaching the debdiff of my suggested NMU in any case.
Attaching a revised version as my first patch contained a formatting
error in the debian/changelog file.
Cheers,
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer
On 12/20/2014 04:09 PM, Timothy Davenport wrote:
> I don't know how to reply on the Debian Bug report logs.
Just include @bugs.debian.org in the CC of your mail.
> I want to confirm that I too had segfaults using djmount on amd64.
> Applying the patch suggested by Bernhard Übelacker
> [004-avoid-
I don't know how to reply on the Debian Bug report logs.
I want to confirm that I too had segfaults using djmount on amd64.
Applying the patch suggested by Bernhard Übelacker
[004-avoid-crash-by-using-size_t.patch (text/x-patch, attachment)]
solved the problem for me.
--
Tim Davenport
Gatlinburg
Hi
On 18/12/14 20:07, Christian Kastner wrote:
> would you be willing to upload the fix to DELAYED/5 so that we can see
> this bug closed soon?
Yes, I just did.
Regards,
--
.''`. Philipp Huebner
: :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F
`. `'`
`-
signature.asc
Source: qprint
Version: 1.1.dfsg-1
Severity: serious
Justification: Policy §2.2
qprint.c was automatically generated from qprint.w, but the latter is
not included in the .orig.tar.
NB, this is a regression: qprint.w is included in the source tarball for
qprint_1.0.dfsg.2.
--
Jakub Wilk
--
On Sat, Dec 20, 2014 at 9:02 AM, Michael Gilbert wrote:
>
>>if [ -L /etc/X11/app-defaults/XScreenSaver ]; then
>> if [ "$(readlink /etc/X11/app-defaults/XScreenSaver)" =
>> "XScreenSaver-nogl" -o \
>> "$(readlink /etc/X11/app-defaults/XScreenSaver)" =
>> "XScreen
Processing commands for cont...@bugs.debian.org:
> # the diff between 98 and 99 is only translations
> found 768897 98
Bug #768897 [partman-lvm] quietly very aggressive WRT existing LVM-typed
partitions
Marked as found in versions partman-lvm/98.
> thanks
Stopping processing here.
Please contact
Your message dated Sat, 20 Dec 2014 13:23:06 +
with message-id
and subject line Bug#772863: fixed in pypy 2.4.0+dfsg-3
has caused the Debian Bug report #772863,
regarding pypy: Trigger cycle causes dpkg to fail processing
to be marked as done.
This means that you claim that the problem has be
Processing control commands:
> tags -1 + patch
Bug #773463 [src:jasper] jasper: CVE-2014-8137 CVE-2014-8138
Added tag(s) patch.
--
773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to
Control: tags -1 + patch
Hi Roland,
On Sat, Dec 20, 2014 at 06:08:54AM +0100, Salvatore Bonaccorso wrote:
> I will try to work again (as for the previous update) on the
> wheezy-security update. As the patches will be mostly the same I could
> also do again the unstable upload too. Just let me kn
Processing commands for cont...@bugs.debian.org:
> notfixed 768127 768127
Bug #768127 {Done: gregor herrmann } [dhelp] Fails to build
the index when invalid UTF-8 is met
There is no source info for the package 'dhelp' at version '768127' with
architecture ''
Unable to make a source version for v
Your message dated Sat, 20 Dec 2014 12:49:24 +
with message-id
and subject line Bug#773583: fixed in vim-tlib 1.12-3
has caused the Debian Bug report #773583,
regarding vim-tlib: purging removes directories owned by vim-common:
/var/lib/vim/addons/, /var/lib/vim/
to be marked as done.
This m
Hi,
On Sat, Dec 20, 2014 at 12:12:13PM +0100, Andreas Cadhalpun wrote:
> Control: tags 773041 security
> Control: severity 773041 grave
> Justification: causes remote denial of service
>
For info, I saw this a few days ago and reported it to the security
team. It is indeed available in the wild,
Package: phoneuid
Version: 0.1+git20130505-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
This is sort of a continuation of #766114 which to me seems rightfully closed.
There are four things to note in advance please:
1. I'm not sure whether phoneuid is the correct pa
Package: vim-tlib
Version: 1.12-2
Severity: serious
Justification: Policy 6.8
Hi,
same problem of bug #773184.
This part of the postrm is faulty:
case "$1" in
purge)
if [ -d /var/lib/vim/addons/samples/ ]; then
rmdir -p --ignore-fail-on-non-empty /var/lib/vim/addons/sample
Processing control commands:
> tags 773041 security
Bug #773041 [libmspack0] libmspack: hangs on a crafted CAB file
Added tag(s) security.
> severity 773041 grave
Bug #773041 [libmspack0] libmspack: hangs on a crafted CAB file
Severity set to 'grave' from 'minor'
--
773041: http://bugs.debian.or
Processing control commands:
> tags 773041 security
Bug #773041 [libmspack0] libmspack: hangs on a crafted CAB file
Ignoring request to alter tags of bug #773041 to the same tags previously set
> severity 773041 grave
Bug #773041 [libmspack0] libmspack: hangs on a crafted CAB file
Ignoring request
Control: tags 773041 security
Control: severity 773041 grave
Justification: causes remote denial of service
Hi James,
On 19.12.2014 23:12, James Cloos wrote:
Even w/ the milter not called, one of the MXs has one clamd thread
consuming 100% cpu right now. gdb says:
#0 0x7fd0b4791ed0 in ??
Hi James,
On 19.12.2014 23:07, James Cloos wrote:
"AC" == Andreas Cadhalpun writes:
AC> You mean it crashed?
AC> Please provide excerpts of /var/log/clamav/clamav.log and
AC> /var/log/syslog from around the time of the crashes.
Yes, the clamd process quit, so the milter process was rejecting
On 20/12/14 10:57, Ivo De Decker wrote:
> The latest upload of lzo2 failed on mips, powerpc, s390x (and sparc).
In other words, on big-endian architectures (where byteswapping to fetch
a LE value is not just a memcpy).
This seems likely to be a regression caused by the patch that I NMU'd;
I'll lo
package: lzo2
version: 2.08-1.1
severity: serious
Hi,
The latest upload of lzo2 failed on mips, powerpc, s390x (and sparc).
This will prevent migration to jessie.
https://buildd.debian.org/status/package.php?p=lzo2&suite=sid
Cheers,
Ivo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lis
On Sat, Dec 20, 2014 at 10:10:53AM +0100, Pietro Battiston wrote:
> When I "fixed" #765487, I missed #757886, that is, the fact that the
> transition
> from 2.8 to 3.0 (of fontypython) had not been "spontaneous". As a consequence
> of this, I assumed "Depends" were OK, which they are not, and the
2014-12-20 10:30 GMT+01:00 Bálint Réczey :
> Hi,
>
> 2014-12-19 22:51 GMT+01:00 Holger Levsen :
>> On Freitag, 19. Dezember 2014, Balint Reczey wrote:
>>> If you don't have time I would happily prepare an NMU with the fix.
>>
>> Please go ahead. Thanks!
> I just performed the NMU to DELAYED/2 with
Processing commands for cont...@bugs.debian.org:
> forwarded 772233 https://gnunet.org/bugs/view.php?id=3588
Bug #772233 [gnunet] gnunet: bashism in /bin/sh script
Set Bug forwarded-to-address to 'https://gnunet.org/bugs/view.php?id=3588'.
> tags 772233 upstream
Bug #772233 [gnunet] gnunet: bashis
Your message dated Sat, 20 Dec 2014 10:36:27 +0100
with message-id <20141220093627.GA3751@faye>
and subject line Re: transmission: build failure on mips
has caused the Debian Bug report #773556,
regarding transmission: build failure on mips
to be marked as done.
This means that you claim that the
Hi,
2014-12-19 22:51 GMT+01:00 Holger Levsen :
> On Freitag, 19. Dezember 2014, Balint Reczey wrote:
>> If you don't have time I would happily prepare an NMU with the fix.
>
> Please go ahead. Thanks!
I just performed the NMU to DELAYED/2 with the attached patch.
Cheers,
Balint
diff -Nru gnunet-0
Your message dated Sat, 20 Dec 2014 09:20:24 +
with message-id
and subject line Bug#771852: fixed in mdadm 3.3.2-5
has caused the Debian Bug report #771852,
regarding mdadm: postinst fails on rm --ignore-fail-on-non-empty
to be marked as done.
This means that you claim that the problem has be
Your message dated Sat, 20 Dec 2014 09:19:19 +
with message-id
and subject line Bug#772217: fixed in cmtk 3.2.2-1.3
has caused the Debian Bug report #772217,
regarding cmtk: bashism in /bin/sh script
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Your message dated Sat, 20 Dec 2014 09:20:24 +
with message-id
and subject line Bug#771852: fixed in mdadm 3.3.2-5
has caused the Debian Bug report #771852,
regarding package not installable due to postinst syntax error
to be marked as done.
This means that you claim that the problem has been
Package: fontypython
Version: 0.4.4-1.2
Severity: grave
When I "fixed" #765487, I missed #757886, that is, the fact that the transition
from 2.8 to 3.0 (of fontypython) had not been "spontaneous". As a consequence
of this, I assumed "Depends" were OK, which they are not, and the current
package is
Hi,
one option that doesn't seem to have been considered would be to create
a separate package (let's call it UEFIx) that installs an UEFI binary to
EFI/boot/bootx64.efi. That binary could then do what the UEFI BIOS
should've done (i.e. look at the EFI vars for bootorder, bootnext, etc
and then go
On Mon, Dec 15, 2014 at 11:06 PM, Torsten Rohlfing wrote:
> Thanks from me as well.
>
> It seems that your patch is more sophisticated than my upstream fix (which
> essentially just switches the scripts shebang to /bin/bash). Please let me
> know if you want me to deploy your patch instead.
It wou
Processing control commands:
> tag -1 -patch
Bug #767019 [xscreensaver] xscreensaver: postinst overwrites
/etc/X11/app-defaults/XScreenSaver without asking
Removed tag(s) patch.
--
767019: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767019
Debian Bug Tracking System
Contact ow...@bugs.debi
control: tag -1 -patch
> + * Non-maintainer upload.
> + * Remove old cruft in maitainer script, not compliant
> +with policy of the day:
> +- xscreensaver.preinst snippet used for lenny->squeeze
> + transition (move configuration file).
> +- xscreensaver*.post* snippet used for
71 matches
Mail list logo