Okay, I sorted it out. The reason the city DB was corrupted is
because we were putting so many locations into the location file that
we were overflowing the addressable places to put them. The Maxmind
format uses 3 bytes to store offsets, so when we exceed offset
0xFF our offsets wrap around
Source: tiff
Version: 4.0.3-12
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for tiff.
CVE-2014-8127[0]:
various out-of-bound reads
CVE-2014-8128[1]:
various out-of-bounds write
CVE-2014-8129[2]:
various out-of-bound
On Mon, Oct 27, 2014 at 11:55 AM, Rémi Denis-Courmont wrote:
> Le lundi 27 octobre 2014, 15:20:37 Raphael Hertzog a écrit :
>> On Fri, 07 Mar 2014, Frank Heckenbach wrote:
>> > The merge-hook script overwrites /etc/resolv.conf when
>> > /sbin/resolvconf is not installed, thereby erasing additional
On Sunday, January 25, 2015 01:20:01 Andreas Beckmann wrote:
> Followup-For: Bug #775894
> Control: severity -1 serious
>
> Hi,
>
> after the upgrade sequence lenny -> squeeze -> wheezy -> jessie the
> situation of rbqtapi is as follows:
>
> # l /usr/bin/rbqt*
> lrwxrwxrwx 1 root root7 May 1
Processing commands for cont...@bugs.debian.org:
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> usertags 755876 piuparts
There were no usertags set.
Usertags are now: piuparts.
> tags 719104 + pending
Bug #719104 [topgit] Please remove me from
Your message dated Sun, 25 Jan 2015 01:35:50 +
with message-id
and subject line Bug#770008: fixed in icedove 31.4.0-2
has caused the Debian Bug report #770008,
regarding calendar-google-provider: Can no longer connect to Google calendars
to be marked as done.
This means that you claim that th
Niko Tyni writes ("Re: Bug#774844: xfonts-traditional: fails to upgrade from
'wheezy': Can't locate File/Find.pm in @INC"):
> reassign 774844 perl 5.20.1-4
> thanks
...
> Fine by me, I'm not arguing against that. Clearly it's time to
> stop/postpone the discussion about theoretical wider effects a
Processing commands for cont...@bugs.debian.org:
> tags 776063 - moreinfo
Bug #776063 [apt] dbus fails to upgrade rendering entire apt unusable
Bug #771428 [apt] apt tries to configure dbus before libdbus-1-3, fails to
upgrade
Bug #774124 [apt] apt tries to configure dbus before libdbus, fails to
Control: reassign 776063 apt
Control: severity 771428 critical
Control: forcemerge 771428 776063
Control: affects 771428 dbus
On Fri, 23 Jan 2015 at 19:04:33 +0100, Guillem Jover wrote:
> I think this one should be merged with the other dbus+triggers+apt
> bugs.
Merging it, using the higher of th
Processing control commands:
> reassign 776063 apt
Bug #776063 [dbus] dbus fails to upgrade rendering entire apt unusable
Bug reassigned from package 'dbus' to 'apt'.
No longer marked as found in versions dbus/1.8.12-1.
Ignoring request to alter fixed versions of bug #776063 to the same values
pr
Processing control commands:
> severity -1 serious
Bug #775894 [libqt4-ruby1.8] libqt4-ruby1.8: leaves diversion after upgrade
from from lenny -> squeeze -> wheezy -> jessie
Bug #692956 [libqt4-ruby1.8] libqt4-ruby1.8: leaves diversion after upgrade
from squeeze
Severity set to 'serious' from 'i
Your message dated Sun, 25 Jan 2015 00:18:36 +0100
with message-id <54c4284c.5060...@debian.org>
and subject line Re: openjdk-7: FTBFS: java.lang.RuntimeException: time is more
than 10 years from present: 110453040
has caused the Debian Bug report #775044,
regarding openjdk-7: FTBFS: java.lang
Your message dated Sat, 24 Jan 2015 22:48:25 +
with message-id
and subject line Bug#775418: fixed in pcmanfm 1.2.3-1.1
has caused the Debian Bug report #775418,
regarding pcmanfm-dbg: copyright file missing after upgrade (policy 12.5)
to be marked as done.
This means that you claim that the p
Your message dated Sat, 24 Jan 2015 21:20:20 +
with message-id
and subject line Bug#776136: fixed in wireshark 1.12.1+g01b65bf-3
has caused the Debian Bug report #776136,
regarding wireshark: Crashes when filter string is edited on Broadway
to be marked as done.
This means that you claim that
Your message dated Sat, 24 Jan 2015 21:18:46 +
with message-id
and subject line Bug#776075: fixed in ats2-lang 0.1.8-1
has caused the Debian Bug report #776075,
regarding ats2-lang: FTBFS on most architectures
to be marked as done.
This means that you claim that the problem has been dealt wit
Your message dated Sat, 24 Jan 2015 21:20:20 +
with message-id
and subject line Bug#776135: fixed in wireshark 1.12.1+g01b65bf-3
has caused the Debian Bug report #776135,
regarding wireshark: Multiple security issues in 1.12.3 and prior versions
to be marked as done.
This means that you claim
reassign 774844 perl 5.20.1-4
thanks
On Sat, Jan 24, 2015 at 06:39:02PM +, Ian Jackson wrote:
> It would be better if dpkg would avoid configuring (or invoking
> trigger processing for) A when A->B->C and C is not configured, but B
> is. That's not a practical solution for jessie.
>
> I sti
Processing commands for cont...@bugs.debian.org:
> reassign 774844 perl 5.20.1-4
Bug #774844 [xfonts-traditional] xfonts-traditional: fails to upgrade from
'wheezy': Can't locate File/Find.pm in @INC
Bug reassigned from package 'xfonts-traditional' to 'perl'.
No longer marked as found in versions
Followup-For: Bug #774872
Hi Bernd,
can we get this fixed for /etc/default/gpsd from lenny, too?
Tested patch attached. Somewhere on the upgrade patch
jessie->squeeze->wheezy the config file gets modified, so I added both
md5sums.
Andreas
>From a5b4b78059cff72a63a3ed21aa662c89bbae8801 Mon Sep 1
Processing commands for cont...@bugs.debian.org:
> severity 776159 normal
Bug #776159 [freeorion] freeorion: Keyboard seems to be undetected, not
responding to key entered.
Severity set to 'normal' from 'grave'
> reassign 776159 libois-1.3.0
Bug #776159 [freeorion] freeorion: Keyboard seems to be
severity 776159 normal
reassign 776159 libois-1.3.0
forcemerge 776159 730405
thanks
On 24.01.2015 19:42, Eric Boucher wrote:
> Package: freeorion
> Version: 0.4.4-2+b1
> Severity: grave
> Justification: renders package unusable
>
> Dear Maintainer,
>
> *** Reporter, please consider answering the
Niko Tyni writes ("Re: new pre-dependency: perl{,-base,-modules} -> dpkg (>=
1.17.17)"):
> On Mon, Jan 19, 2015 at 11:15:04AM +0100, Guillem Jover wrote:
> > I've not looked into the details yet, but just to comment that there's
> > been talk about possibly reverting that fix, because in some erro
Your message dated Sat, 24 Jan 2015 19:18:38 +
with message-id
and subject line Bug#775682: fixed in websvn 2.3.1-1+deb6u1
has caused the Debian Bug report #775682,
regarding websvn: CVE-2013-6892: arbitrary file access when downloads enabled
for users with commit access
to be marked as done.
Seems to need to be merged to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730405
> From: ow...@bugs.debian.org
> To: bouchereric0...@hotmail.com
> Subject: Bug#776159: Acknowledgement (freeorion: Keyboard seems to be
> undetected, not responding to key entered.)
> Date: Sat, 24 Jan 2015 18
Package: freeorion
Version: 0.4.4-2+b1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Simply start the game.
* What exactly did you do (or not do) that w
Niko Tyni writes ("Bug#774844: xfonts-traditional: fails to upgrade from
'wheezy': Can't locate File/Find.pm in @INC"):
> In that case the dependency on perl would be direct, but the script would
> fail in exactly the same way when a newer perl-modules is unpacked -
> because Time::Piece needs Tim
Your message dated Sat, 24 Jan 2015 18:33:22 +
with message-id
and subject line Bug#775635: fixed in chiark-tcl 1.1.3
has caused the Debian Bug report #775635,
regarding chiark-tcl: FTBFS in jessie: build-dependency not installable:
tcl8.4-dev
to be marked as done.
This means that you claim
Bug confirmed for me, as signified by the "warning: key not found" when
running. Please update.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Thank you for the patch, I hope it works and fixes the problem.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Your message dated Sat, 24 Jan 2015 17:18:23 +
with message-id
and subject line Bug#775873: fixed in patch 2.7.3-1
has caused the Debian Bug report #775873,
regarding patch: directory traversal via file rename
to be marked as done.
This means that you claim that the problem has been dealt wit
Processing commands for cont...@bugs.debian.org:
> forwarded 745835
> http://lists.nongnu.org/archive/html/lynx-dev/2015-01/msg00029.html
Bug #745835 [lynx-cur] lynx-cur: certificate revocation is not checked
Bug #776073 [lynx-cur] lynx-cur: can connect to site with expired certificate
Set Bug fo
Control: reassign -1 ftp.debian.org
Control: retitle -1 RM: emacs23-common-non-dfsg -- RoM: obsolete; superseeded
by emacs24-common-non-dfsg
Control: severity -1 normal
Hi Rob,
thanks for the prompt answer!
Rob Browning wrote:
> Axel Beckert writes:
> > emacs23 has been removed from Unstable l
Processing control commands:
> reassign -1 ftp.debian.org
Bug #776113 [emacs23-common-non-dfsg] emacs23-common-non-dfsg: Useless without
emacs23
Bug reassigned from package 'emacs23-common-non-dfsg' to 'ftp.debian.org'.
No longer marked as found in versions emacs23-non-dfsg/23.4+1-1.
Ignoring req
Axel Beckert writes:
> emacs23 has been removed from Unstable like three months ago. So IMHO
> its non-free components are useless to keep in Debian and especially
> useless to release with Jessie.
>
> Filing as RC-level bug against the package to hear some other opinions,
> especially the mainta
Le Sat, 24 Jan 2015 11:33:23 +,
Neil Williams a écrit :
>
> That doesn't seem to be part of the original bug which was for a clean
> install of nut-client.
>
> If you think this second issue is RC, then a new bug could be opened
> but that depends on whether this affects the version current
Processing commands for cont...@bugs.debian.org:
> severity 775175 normal
Bug #775175 [congruity] congruity: Unable to login with mhgui or executing
EZHex Files because of changes in the MyHarmony website.
Severity set to 'normal' from 'grave'
> thanks
Stopping processing here.
Please contact me
Hi Michael,
> That means, depending on the timing, anacron-resume.service might be
> triggered just before suspend not on resume, and it's not guaranteed
> that anacron has finished before systemd-sleep is called.
>
> I don't think the patch was intended this way?
thanks for the analysis. Is ther
Processing control commands:
> retitle -1 linux-image-3.16.0-4-686-pae: chown removes security.capability
> xattr on other users' files (CVE-2015-1350)
Bug #770492 [src:linux] linux-image-3.16.0-4-686-pae: chown removes
security.capability xattr on other users' files
Changed Bug title to 'linux-
Control: retitle -1 linux-image-3.16.0-4-686-pae: chown removes
security.capability xattr on other users' files (CVE-2015-1350)
Hi,
In http://www.openwall.com/lists/oss-security/2015/01/24/5 there was
a CVE assignment for this issue, CVE-2015-1350.
Regards,
Salvatore
--
To UNSUBSCRIBE, email
tags 776145 + patch
thanks
On Sat, Jan 24, 2015 at 2:41 PM, Mirco Bauer wrote:
> ...
> [this is a shortened version of my original report that was eaten by
> reportbug which deserves a critical bugreport for the data loss]
> ...
[nevermind: I have found the initial report in /tmp/reportbug-*]
T
Processing commands for cont...@bugs.debian.org:
> tags 776145 + patch
Bug #776145 [libglib2.0-cil] GLib-CRITICAL spam on STDERR
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
776145: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776145
Deb
Hi,
Axel Beckert wrote:
> Axel Beckert wrote:
> > Axel Beckert wrote:
> > > I've pushed a prelimiary NMU to the git branch "nmu":
> > > https://anonscm.debian.org/cgit/collab-maint/debsums.git/log/?h=nmu
> > >
> > > I intend to upload that one as NMU to DELAYED/2 after some testing.
> > > Will po
Package: libglib2.0-cil
Severity: serious
[this is a shortened version of my original report that was eaten by
reportbug which deserves a critical bugreport for the data loss]
Since a change in glib warnings are printed to STDERR for /each/
g_source_remove call if the item wasn't in the list. Thi
Your message dated Sat, 24 Jan 2015 13:33:23 +
with message-id
and subject line Bug#775682: fixed in websvn 2.3.3-1.2
has caused the Debian Bug report #775682,
regarding websvn: CVE-2013-6892: arbitrary file access when downloads enabled
for users with commit access
to be marked as done.
Thi
Hi,
I've NMU'ed websvn for this security issue with attached debdiff.
Cheers,
Thijs
websvn_nmudiff.debdiff
Description: Binary data
Processing commands for cont...@bugs.debian.org:
> merge 745835 776073
Bug #745835 [lynx-cur] lynx-cur: certificate revocation is not checked
Bug #776073 [lynx-cur] lynx-cur: can connect to site with expired certificate
Marked as found in versions lynx-cur/2.8.8pre5-1.
Added tag(s) jessie-ignore.
Processing commands for cont...@bugs.debian.org:
> limit source lintian
Limiting to bugs with field 'source' containing at least one of 'lintian'
Limit currently set to 'source':'lintian'
> tags 775467 + pending
Bug #775467 [lintian] Elaborate info for
script-in-etc-init.d-not-registered-via-upd
On Wed, 21 Jan 2015 23:55:03 +0100
Laurent Bigonville wrote:
> On Sat, 17 Jan 2015 11:14:32 + Neil Williams
> wrote:
>
> > Dear maintainer,
>
> Hello,
>
> > I've prepared an NMU for nut (versioned as 2.7.2-1.1), taking
> > Martin's third option of porting the Ubuntu change to debian/rule
Processing commands for cont...@bugs.debian.org:
> tags 776113 + sid jessie
Bug #776113 [emacs23-common-non-dfsg] emacs23-common-non-dfsg: Useless without
emacs23
Added tag(s) sid and jessie.
> tags 775062 + sid jessie
Bug #775062 {Done: Neil Williams } [grok] grok doesn't
grok group name ('grou
Package: sudo
Version: 1.8.10p3-1
Severity: serious
Hi,
actually I only wanted to check whether sudo-ldap/wheezy leaving the
obsolete conffile /etc/init.d/sudo after upgrades to jessie could cause
problems. (Does not look like this, but you could consider using
dpkg-maintscript-helper rm_conffi
Processing commands for cont...@bugs.debian.org:
> user debian-secur...@lists.debian.org
Setting user to debian-secur...@lists.debian.org (was car...@debian.org).
> usertags 776135 + tracked
There were no usertags set.
Usertags are now: tracked.
> tags 776135 + upstream
Bug #776135 [wireshark] wir
Package: wireshark
Severity: serious
Tags: fixed-upstream pending
>From https://code.wireshark.org/review/#/c/6494/ :
The Broadway GDK backend does never sets event->string. This results in
a crash when filter_string_te_key_pressed_cb tries to read its
contents.Since the documentation marks readi
Package: wireshark
Severity: serious
Tags: security fixed-upstream pending
Please see release notes:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html
Cheers,
Balint
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contac
Hi!
On Sat, Jan 24, 2015 at 11:17:03AM +0100, László Böszörményi (GCS) wrote:
> On Sat, Jan 24, 2015 at 11:04 AM, Salvatore Bonaccorso
> wrote:
> > On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote:
> >> and the directory traversal via file rename does not seem to have a
> >> C
Axel Beckert writes:
> And when we're at it: A similar issue showed up with notmuch-emacs. I
> though found no obvious changelog entry in notmuch's changelog
> either. The latest changelog entry talks about "Emacs 24.4 related bug
> fixes", so maybe "Breaks: notmuch-emacs (<< 0.18.2-1~)" would he
On Sat, Jan 24, 2015 at 11:04 AM, Salvatore Bonaccorso
wrote:
> On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote:
>> and the directory traversal via file rename does not seem to have a
>> CVE yet? (retitling back this subject just to avoid confusion).
>
> I have requested a CVE
Hi,
On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote:
> Control: retitle -1 patch: directory traversal via file rename
>
> Hi Jonathan,
>
> On Thu, Jan 22, 2015 at 09:56:20PM +, Jonathan Wiltshire wrote:
> > On Thu, Jan 22, 2015 at 09:49:39PM +, Jonathan Wiltshire wro
Processing commands for cont...@bugs.debian.org:
> # support for git-style patches introduced in 2.7.
> found 775873 2.7.1-1
Bug #775873 [patch] patch: directory traversal via file rename
Marked as found in versions patch/2.7.1-1.
> thanks
Stopping processing here.
Please contact me if you need a
Processing control commands:
> retitle -1 patch: directory traversal via file rename
Bug #775873 [patch] patch: CVE-2015-1196 directory traversal via file rename
Changed Bug title to 'patch: directory traversal via file rename' from 'patch:
CVE-2015-1196 directory traversal via file rename'
--
Control: retitle -1 patch: directory traversal via file rename
Hi Jonathan,
On Thu, Jan 22, 2015 at 09:56:20PM +, Jonathan Wiltshire wrote:
> On Thu, Jan 22, 2015 at 09:49:39PM +, Jonathan Wiltshire wrote:
> > This issue was assigned CVE-2015-1196. If you upload fixed packages, please
> >
Your message dated Sat, 24 Jan 2015 09:20:23 +
with message-id
and subject line Bug#728365: fixed in rhn-client-tools 1.8.26-4
has caused the Debian Bug report #728365,
regarding python-rhn: Running rhn_reg fails with a TypeError exception.
to be marked as done.
This means that you claim that
Processing commands for cont...@bugs.debian.org:
> severity 728365 serious
Bug #728365 [rhn-client-tools] python-rhn: Running rhn_reg fails with a
TypeError exception.
Severity set to 'serious' from 'normal'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
728365:
❦ 24 janvier 2015 18:50 +1100, Craig Small :
> I'm not sure if you are able to, but if you could apply the
> attached patch to see if the test works now that would be
> great.
>
> make
> make test (fails)
> apply patch
> make
> make test (works)
Yes, the patch makes the tests pass.
--
Write an
63 matches
Mail list logo
