Processing commands for cont...@bugs.debian.org:
> found 870233 16.11.0~ds0-1
Bug #870233 [src:smplayer] smplayer: executes javascript code downloaded from
insecure URL
Marked as found in versions smplayer/16.11.0~ds0-1.
> thanks
Stopping processing here.
Please contact me if you need assistance
Source: smplayer
Version: 17.7.0~ds0-1
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
smplayer includes code in src/basegui.cpp to download and (I guess)
execute javascript code for parsing youtube paths. The download URL is
http:
Source: flex
Version: 2.6.1-1.3
Severity: serious
User: helm...@debian.org
Usertags: rebootstrap
flex fails to build from source in unstable amd64.
| dh_install
| dh_install: Cannot find (any matches for) "debian/tmp/include" (tried in .,
debian/tmp)
|
| dh_install: libfl-dev missing files: deb
Processing commands for cont...@bugs.debian.org:
> # thanks to LTS triage for older versions triaging
> found 870157 1.3.20-3
Bug #870157 {Done: Laszlo Boszormenyi (GCS) } [graphicsmagick]
graphicsmagick: CVE-2017-11643
Marked as found in versions graphicsmagick/1.3.20-3.
> found 870156 1.3.20-3
Package: physamp
Version: 1.0.2-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'sid' fails
because it tries to overwrite other packa
Package: manpages-dev
Version: 4.12-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite othe
Package: wixl-data
Version: 0.96-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite other p
Package: libmaven-plugin-testing-1.3-java
Version: 1.3-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it trie
Your message dated Mon, 31 Jul 2017 00:33:53 +
with message-id
and subject line Bug#869592: fixed in forked-daapd 25.0-1
has caused the Debian Bug report #869592,
regarding forked-daapd FTBFS: error: conflicting types for 'dmap_find_field'
to be marked as done.
This means that you claim that
Source: pajeng
Version: 1.3.4-2
Severity: serious
Tags: buster sid
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pajeng.html
...
Start 12: pj_validate_simu-mardi
1/12 Test #4: pj_dump_native_paje ..***Failed0.10 sec
Unescaped left brace in regex is ill
Processing commands for cont...@bugs.debian.org:
> tags 870075 buster
Bug #870075 [src:pdf-presenter-console] src:pdf-presenter-console: maintainer
address bounces
Added tag(s) buster.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
870075: https://bugs.debian.or
On Sat, Jul 29, 2017 at 03:53:28PM -0400, Paul Gevers wrote:
Hi,
Hello Paul,
On 29-07-17 10:15, Debian Bug Tracking System wrote:
The maintainer address for chrony bounces, see below.
Indeed, that seems to happen from time to time. Sadly, my provider
remains silent about these issues.
I’m
Source: mate-panel
Version: 1.18.4-1
Severity: serious
https://buildd.debian.org/status/package.php?p=mate-panel&suite=sid
...
Making all in data
make[3]: Entering directory '/<>/data'
glib-mkenums --comments '' --fhead "" --vhead "
<@type@ id='org.mate.panel.@EnumName@'>" --vprod "" --vtai
Package: Mudlet
Version: 1:3.2.0-1
Severity: grave
--- Please enter the report below this line. ---
ADVISORY FROM UPSTREAM:
A defect present in the Mudlet Version currently included in "Testing"
and "Unstable" causes user created content
("Triggers"/"Aliases"/"Buttons"/"Keys"/"Scripts") to be los
Package: light-locker
Version: 1.7.0-3
Severity: serious
Justification: breaks unrelated software
Dear Maintainer,
On my system, 'light-locker-command --lock' returns 0 without doing
anything. I presume that is because there no 'light-locker' process is
running (due to #858445). In case it's re
Processing commands for cont...@bugs.debian.org:
> severity 869900 serious
Bug #869900 [src:lua-event] lua-event: FTBFS with libevent 2.1.x
Severity set to 'serious' from 'important'
> severity 869902 serious
Bug #869902 [src:watchcatd] watchcatd: FTBFS with libevent 2.1.x
Severity set to 'serious
Source: dune-grid
Version: 2.5.1-1
Severity: serious
https://buildd.debian.org/status/fetch.php?pkg=dune-grid&arch=mips&ver=2.5.1-1&stamp=1500401835&raw=0
...
Start 31: test-ug
31/60 Test #31: test-ug
...***Timeout 300.02 sec
Testing UGGrid<2> an
Processing commands for cont...@bugs.debian.org:
> severity 651313 serious
Bug #651313 [desktopnova-module-gnome] desktopnova-module-gnome: desktopnova
seems to be not compatible with Gnome 3
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you n
On Wed, Jul 26, 2017 at 05:18:57AM -0400, Thomas Dickey wrote:
> On Tue, Jul 25, 2017 at 01:19:16PM +0300, Alexander V. Lukyanov wrote:
> > On Tue, Jul 25, 2017 at 04:55:54AM -0400, Thomas Dickey wrote:
> > > > > e) fix a different fail-to-build with the opaque TERMTYPE
> > > >
> > > > I don't see
Control: tags 790201 + patch
Control: tags 790201 + pending
Dear maintainer,
I've prepared an NMU for geany-plugins (versioned as 1.31+dfsg-1.1) and
uploaded it to DELAYED/14.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had be
Processing control commands:
> tags 790201 + patch
Bug #790201 [src:geany-plugins] geany-plugins: depends on libwebkitgtk-1.0-0
which is deprecated
Added tag(s) patch.
> tags 790201 + pending
Bug #790201 [src:geany-plugins] geany-plugins: depends on libwebkitgtk-1.0-0
which is deprecated
Added t
Processing commands for cont...@bugs.debian.org:
> fixed 868966 2.7.0+bzr6622-4
Bug #868966 [src:bzr] bzr: FTBFS: Test failures
Marked as fixed in versions bzr/2.7.0+bzr6622-4.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
868966: https://bugs.debian.org/cgi-bin
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870153: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870153,
regarding graphicsmagick: CVE-2017-11637
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870154: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870154,
regarding graphicsmagick: CVE-2017-11638
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870149: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870149,
regarding graphicsmagick: CVE-2017-11636
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870155: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870155,
regarding graphicsmagick: CVE-2017-11641
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870157: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870157,
regarding graphicsmagick: CVE-2017-11643
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870156: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870156,
regarding graphicsmagick: CVE-2017-11642
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870158: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870158,
regarding graphicsmagick: CVE-2017-11722
to be marked as done.
This means that you claim that the problem has been dealt with.
Processing commands for cont...@bugs.debian.org:
> forcemerge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Bug #870188 [src:supervisor] CVE-2017-11610
Bug #870188 [src:supervisor] CVE-2017-11610
Merged 870187 870188
> thank
Processing control commands:
> merge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Unable to merge bugs because:
forwarded of #870188 is '' not
'https://github.com/Supervisor/supervisor/issues/964'
package of #870188 is 'su
Control: merge 870187 870188
signature.asc
Description: OpenPGP digital signature
Processing commands for cont...@bugs.debian.org:
> reassign 870188 src:supervisor
Bug #870188 [supervisor] CVE-2017-11610
Bug reassigned from package 'supervisor' to 'src:supervisor'.
Ignoring request to alter found versions of bug #870188 to the same values
previously set
Ignoring request to alt
On Sun, Jul 30, 2017 at 10:07:42PM +0200, Salvatore Bonaccorso wrote:
> I should add: I have choosen severity grave due to the potential of
> code execution as root if the service is enabled. Am I right that in
> *any* version present in Debian the web interface is started?
>
> If so we might lowe
Processing commands for cont...@bugs.debian.org:
> forcemerge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Unable to merge bugs because:
package of #870188 is 'supervisor' not 'src:supervisor'
Failed to forcibly merge 87018
Package: supervisor
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerability was published for supervisor.
CVE-2017-11610[0]:
Authenticated RCE
This issue was fixed by upstream in version 3.3.3.
If you fi
I should add: I have choosen severity grave due to the potential of
code execution as root if the service is enabled. Am I right that in
*any* version present in Debian the web interface is started?
If so we might lower the severity.
Regards,
Salvatore
Source: supervisor
Version: 3.0r1-1
Severity: grave
Tags: upstream security patch
Forwarded: https://github.com/Supervisor/supervisor/issues/964
Hi,
the following vulnerability was published for supervisor.
CVE-2017-11610[0]:
Command injection via malicious XML-RPC request
If you fix the vulner
Processing commands for cont...@bugs.debian.org:
> severity 870184 important
Bug #870184 [src:libsass] libsass: CVE-2017-11605
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
870184: https://bugs.debian.org/cgi-bin/bugrepor
tag 868537 pending
--
We believe that the bug #868537 you reported has been fixed in the Git
repository. You can see the commit message below and/or inspect the
commit contents at:
http://anonscm.debian.org/cgit/collab-maint/abiword.git/diff/?id=38aa412
(This message was generated automatica
Source: libsass
Version: 3.4.3-1
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libass.
CVE-2017-11605[0]:
| There is a heap based buffer over-read in LibSass 3.4.5, related to
| address 0xb4803ea1. A crafted input will lead to a remote denial of
| service attac
Processing commands for cont...@bugs.debian.org:
> tag 868537 pending
Bug #868537 [src:abiword] File conflict between abiword-dbgsym and
abiword-plugin-grammar-dbgsym
Added tag(s) pending.
> --
Stopping processing here.
Please contact me if you need assistance.
--
868537: https://bugs.debian.or
Processing commands for cont...@bugs.debian.org:
> tags 869615 + sid buster
Bug #869615 [mitmproxy] mitmproxy: uninstallable in unstable (Depends:
python-hyperframe (< 5) but 5.1.0-1 is to be installed)
Added tag(s) buster and sid.
> tags 869126 + sid buster
Bug #869126 {Done: Sascha Steinbiss }
clone 849875 -1
reassign -1 network-manager
retitle -1 WPA usage error: Invalid passphrase character
thanks
On Sat, Jul 01, 2017 at 11:32:28PM +0200, Francesco Poli wrote:
> Dear Debian wpasupplicant Maintainers,
> I noticed that these 3 RC bugs (#849122, #849077, #849875) are marked
> as found in
Processing commands for cont...@bugs.debian.org:
> clone 849875 -1
Bug #849875 [wpasupplicant] broadcom-sta-dkms: Wifi association took too long,
failing activation
Bug 849875 cloned as bug 870171
> reassign -1 network-manager
Bug #870171 [wpasupplicant] broadcom-sta-dkms: Wifi association took t
Source: wolfssl
Version: 3.10.2+dfsg-2
Severity: grave
Tags: upstream security fixed-upstream
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-8855[0]:
| wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a
| malformed DH key.
If you fix the vulnerability please
Your message dated Sun, 30 Jul 2017 17:34:09 +
with message-id
and subject line Bug#847495: fixed in bzr 2.7.0+bzr6622-4
has caused the Debian Bug report #847495,
regarding bzr-doc: broken symlink /usr/share/doc/16.png
to be marked as done.
This means that you claim that the problem has been
Package: nikola
Version: 7.1.0-1
Severity: grave
Justification: renders package unusable
When running nikola I get the following message:
ERROR: You are using doit version 0.28.0, it is too new! This application
requires version <= 0.27.
Thus, nikola seems to currently be unusable.
Thanks!
ch
Processing commands for cont...@bugs.debian.org:
> close 869279
Bug #869279 [src:hdrhistogram] hdrhistogram FTBFS: java.lang.NoSuchMethodError:
org.apache.maven.archiver.MavenArchiver.getManifest
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Processing commands for cont...@bugs.debian.org:
> close 869278
Bug #869278 [src:jaxrs-api] jaxrs-api FTBFS: java.lang.NoSuchMethodError:
org.apache.maven.archiver.MavenArchiver.getManifest
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
869278
I tried to reinstall the following packages:
libreoffice-java-common (1:5.2.7-1)
openjdk-8-jre (8u141-b15-1~deb9u1)
openjdk-8-jre-headless (8u141-b15-1~deb9u1)
But nothing, it does not work :-(
I had to disable the "Use a Java Runtime Environment" option to run
LibreOffice Writer
LibreOffice >
Processing commands for cont...@bugs.debian.org:
> # better to split up the bug in individual CVEs since affected versions are
> not same
> clone 870149 -1 -2 -3 -4 -5 -6
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643,
Processing commands for cont...@bugs.debian.org:
> found 870149 1.3.26-3
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722
Marked as found in versions graphicsmagick/1.3.26-3.
> thanks
Stopping processing he
Your message dated Sun, 30 Jul 2017 15:50:54 +
with message-id
and subject line Bug#867653: fixed in ruby-license-finder 2.1.2-2
has caused the Debian Bug report #867653,
regarding ruby-license-finder: FTBFS: ERROR: Test "ruby2.3" failed:
/etc/ssl/certs/T?RKTRUST_Elektronik_Sertifika_Hizmet_S
Processing commands for cont...@bugs.debian.org:
> tag 867653 pending
Bug #867653 [src:ruby-license-finder] ruby-license-finder: FTBFS: ERROR: Test
"ruby2.3" failed:
/etc/ssl/certs/T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5.pem (No
such file or directory)
Added tag(s) pending.
> thank
tag 867653 pending
thanks
Hello,
Bug #867653 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-license-finder.git/commit/?id=42ddb7b
---
commit 42ddb7b956e12c
Processing commands for cont...@bugs.debian.org:
> tags 870149 + upstream
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you
Your message dated Sun, 30 Jul 2017 17:38:52 +0200
with message-id <20170730153852.dnszyjrar6qo4ykg@curuxu>
and subject line Re: Bug#868700: claws-mail: Segfaults when selected from
application menu or command line
has caused the Debian Bug report #868700,
regarding claws-mail: Segfaults when sele
Processing commands for cont...@bugs.debian.org:
> reassign 869159 syslog-ng-mod-getent 3.10.1-2
Bug #869159 {Done: SZALAY Attila }
[syslog-ng-mod-basicfuncs-plus,syslog-ng-mod-getent] syslog-ng-mod-getent and
syslog-ng-mod-basicfuncs-plus: error when trying to install together
Bug reassigned fr
Processing commands for cont...@bugs.debian.org:
> # unconfuse the bts, was this a transient error?
> notfixed 869250 1.1.3-1
Bug #869250 {Done: tony mancill } [src:dnssecjava]
dnssecjava FTBFS: Execution default-bundle of goal
org.apache.felix:maven-bundle-plugin:2.5.4:bundle failed: An API
in
On Sun, 30 Jul 2017 09:09:16 +0100, Neil Redgate wrote:
> Thank you for your calm and considered reply.
You're welcome!
> Please accept my apologies for the tone of my message - I hadn't
> realised how much my frustration was exhibited at the situation
> I did not look forward to having to find
Processing commands for cont...@bugs.debian.org:
> close 869250 1.1.3-1
Bug #869250 {Done: tony mancill } [src:dnssecjava]
dnssecjava FTBFS: Execution default-bundle of goal
org.apache.felix:maven-bundle-plugin:2.5.4:bundle failed: An API
incompatibility was encountered
Marked as fixed in versi
close 869250 1.1.3-1
thanks
Hi László,
Am 30.07.2017 um 16:30 schrieb László Böszörményi (GCS):
> Hi Markus,
>
> On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany wrote:
>> Package: graphicsmagick
>> Severity: grave
>> Tags: security
> [...]
>> the following vulnerabilities were published for graphicsmagick.
> Thanks for t
Hi Markus,
On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany wrote:
> Package: graphicsmagick
> Severity: grave
> Tags: security
[...]
> the following vulnerabilities were published for graphicsmagick.
Thanks for the heads-up - all of these are in the tracker since 26th
of July, committed by Salv
Package: graphicsmagick
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for graphicsmagick.
CVE-2017-11636[0]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()
|
On Sun, 30 Jul 2017 12:33:36 +0200
Ricardo Mones wrote:
>
> Once you have the debug archive just install claws-mail-dbgsym package
> and repeat the gdb steps and post back the output.
>
Hold everything: I have an old unstable i386 installation on a portable
hard drive. I haven't used it for
Your message dated Sun, 30 Jul 2017 12:36:25 +
with message-id
and subject line Bug#867295: fixed in npm2deb 0.2.7-2
has caused the Debian Bug report #867295,
regarding npm2deb: please automatically exclude certain files from
debian/install
to be marked as done.
This means that you claim tha
Your message dated Sun, 30 Jul 2017 11:48:57 +
with message-id
and subject line Bug#865577: fixed in cloud-init 0.7.9-2.1
has caused the Debian Bug report #865577,
regarding cloud-init FTBFS: recipe for target 'pep8' failed
to be marked as done.
This means that you claim that the problem has
On Sun, Jul 23, 2017 at 03:13:21PM +0100, Joe wrote:
> On Sat, 22 Jul 2017 23:14:15 +0200
> Ricardo Mones wrote:
>
> > On Tue, Jul 18, 2017 at 09:22:12PM +0100, Joe wrote:
> > > On Tue, 18 Jul 2017 18:57:24 +0200
> > > Ricardo Mones wrote:
> > [...]
> > > > Does this crash happen when you star
Package: linux-headers-amd64
Version: 4.11+83
Severity: grave
Tags: newcomer
Justification: renders package unusable
Dear Maintainer, linux-headers-amd64 depends on 4.11.0-2-amd64, wich depends on
4.11.0-2-common (version =4.11.11-1+b1), but only 4.11.11-1 is available on
Sid. In result, can't ins
On Sat, 29 Jul 2017 12:18:48 -0400 gregor herrmann
wrote:
> On Sat, 29 Jul 2017 08:12:28 +0100, Neil Redgate wrote:
>
> > Thank you for your quick reply.
>
> You're welcome.
>
> > I am disappointed to learn that this problem is not fixable but at
> > least I know what the situation is.
>
> "n
Your message dated Sun, 30 Jul 2017 07:49:50 +
with message-id
and subject line Bug#870040: fixed in eccodes 2.4.0-4
has caused the Debian Bug report #870040,
regarding eccodes FTBFS with cmake 3.9.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
Package: auto-multiple-choice
Version: 1.3.0-3
Severity: grave
Tags: patch
Justification: renders package unusable
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu artful ubuntu-patch
Hi Alexis, Georges,
The auto-multiple-choice package is broken in unstable now that perl 5.26
has land
74 matches
Mail list logo
