Processing control commands:
> retitle -1 groonga-httpd: Privilege escalation due to insecure use of
> logrotate (CVE-2019-11675)
Bug #928304 [groonga-httpd] groonga-httpd: Privilege escalation due to insecure
use of logrotate
Changed Bug title to 'groonga-httpd: Privilege escalation due to inse
Control: retitle -1 groonga-httpd: Privilege escalation due to insecure use of
logrotate (CVE-2019-11675)
On Wed, May 01, 2019 at 05:29:58PM +0200, Wolfgang Hotwagner wrote:
> Package: groonga-httpd
> Version: 6.1.5-1
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
Please also check if you have any configuration file in /etc/xdg/qtchooser
El jueves, 2 de mayo de 2019 00:34:14 -03 Lisandro Damián Nicanor Pérez Meyer
escribió:
> tag 928315 unreproducible moreinfo
> thanks
>
> Hi Stuart!
>
> El miércoles, 1 de mayo de 2019 22:03:55 -03 Stuart Prescott escribió:
> > Package: qtchooser
> > Version: 66-1
> > Severity: serious
> > Justi
Processing commands for cont...@bugs.debian.org:
> tag 928315 unreproducible moreinfo
Bug #928315 [qtchooser] qtchooser: qdbus does not find qt5 qdbus
Added tag(s) moreinfo and unreproducible.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
928315: https://bugs.de
tag 928315 unreproducible moreinfo
thanks
Hi Stuart!
El miércoles, 1 de mayo de 2019 22:03:55 -03 Stuart Prescott escribió:
> Package: qtchooser
> Version: 66-1
> Severity: serious
> Justification: Policy 9.9 Programs installed on PATH must not depend on
> environment to get reasonable defaults
>
Package: qtchooser
Version: 66-1
Severity: serious
Justification: Policy 9.9 Programs installed on PATH must not depend on
environment to get reasonable defaults
Dear Maintainer,
On two systems I have running buster, I get the following:
$ qdbus
qdbus: could not exec '/usr/lib/x86_64-linux-gnu/
On Thursday, April 11 2019, Santiago Vila wrote:
> On Sun, 7 Apr 2019, Chris Lamb wrote:
>
>> Santiago Vila wrote:
>>
>> > I tried to build this package in buster but it failed:
>>
>> Hm, I've just built this package 20 times in sid and the tests pass
>> every time.
>
> Well, but I can't build p
I can confirm that the bug is fixed on version uploaded to testing
I CC Juhani Numminen
Regards
--
Arias Emmanuel
http://eamanu.com
Github/Gitlab; @eamanu
Debian: @eamanu-guest
Package: geany-plugin-spellcheck
Version: 1.33+dfsg-1+b1
Severity: grave
Tags: a11y
Justification: renders package unusable
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do)
Hi,
On 2019-05-01 00:04, Aurelien Jarno wrote:
> On 2019-04-30 10:12, Uwe Kleine-König wrote:
> > > > More precisely the board is a "Marvell Armada XP Development Board
> > > > DB-MV784MP-GP"
> > > >
> > > > > anymore. Using tcpdump on both the buildd and a remote host, it
> > > > > appears
> >
Your message dated Wed, 01 May 2019 20:34:25 +
with message-id
and subject line Bug#928240: fixed in etw 3.6+svn162-5
has caused the Debian Bug report #928240,
regarding etw: Segmentation fault at start
to be marked as done.
This means that you claim that the problem has been dealt with.
If t
Thank you very much. I have uploaded a new revision with your patch a
few minutes ago. The game itself appears to work, the settings menu for
the controls is a bit hidden. ETW was originally developed for the
AMIGA, so that may explain some of the oddities.
Regards,
Markus
signature.asc
Descri
Processing control commands:
> tag -1 pending
Bug #928240 [etw] etw: Segmentation fault at start
Added tag(s) pending.
--
928240: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928240
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 pending
Hello,
Bug #928240 in etw reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/games-team/etw/commit/6b4e59c19a33ff38a98e0802d849ecf42277a9cd
Hi eamanu,
* eamanu [2019-05-01 14:03]:
The package is still fail on testing:
Should be fixed in -4, thanks for the ping.
Cheers Jochen
signature.asc
Description: PGP signature
Package: groonga-httpd
Version: 6.1.5-1
Severity: critical
Tags: security
Justification: root security hole
Dear Maintainer,
The path of the logdirectory of groonga-httpd can be manipulated by user
groonga:
ls -l /var/log/groonga
total 8
-rw-r--r-- 1 rootroot1296 Apr 25 18:44 groonga.log
Processing commands for cont...@bugs.debian.org:
> block 926878 by 926952
Bug #926878 [release.debian.org] unblock: exim4/4.92-5
926878 was not blocked by any bugs.
926878 was not blocking any bugs.
Added blocking bug(s) of 926878: 926952
> thanks
Stopping processing here.
Please contact me if yo
Hi Nicoo,
Ping.
On Sun, 14 Apr 2019 06:27:00 + Niels Thykier wrote:
> I cannot see these changes in unstable, so we cannot unblock them (nor
> do I see them NEW). Please upload this and remove the moreinfo tag once
> it is in unstable and ready for unblocking.
I noticed in the other bug yo
Processing commands for cont...@bugs.debian.org:
> close 928103 0.9.19-3
Bug #928103 [python-pythonmagick] python-pythonmagick, python3-pythonmagick:
import PythonMagick fails with undefined symbol:
_Z41Export_pyste_src_DrawableStrokeDashOffsetv
There is no source info for the package 'python-py
close 928103 0.9.19-3
thanks
Missed to add this to the changelog, sorry.
On Tue, 30 Apr 2019 23:20:41 +0200 Andreas Beckmann wrote:
> that error seems to be unrelated to the bundler version used:
This seems unrelated to diaspora-installer then. As I was able to
reproduce it with bundler 2.0 and after changing to bundler 1.17.3 it
worked. So it seems a fresh installat
Control: tags 925986 + patch
Control: tags 925986 + pending
Dear maintainer,
I've prepared an NMU for jruby (versioned as 9.1.17.0-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
The reason for this NMU although there are more open unfixed CVEs is
tha
Processing control commands:
> tags 925986 + patch
Bug #925986 [jruby] CVE-2018-173: directory Traversal vulnerability in
install_location
Added tag(s) patch.
> tags 925986 + pending
Bug #925986 [jruby] CVE-2018-173: directory Traversal vulnerability in
install_location
Added tag(s) pend
Your message dated Wed, 1 May 2019 13:24:00 +0100
with message-id <20190501122400.ga10...@espresso.pseudorandom.co.uk>
and subject line Re: Bug#928264: [gnome-maps] Gnome Maps crashes as soon as you
search for a city.
has caused the Debian Bug report #928264,
regarding [gnome-maps] Gnome Maps cras
Processing commands for cont...@bugs.debian.org:
> notfixed 928264 libgeocode-glib0/3.26.1-1
Bug #928264 [libgeocode-glib0] [gnome-maps] Gnome Maps crashes as soon as you
search for a city.
The source libgeocode-glib0 and version 3.26.1-1 do not appear to match any
binary packages
No longer mark
Processing control commands:
> reassign 928264 libgeocode-glib0 3.20.1-2
Bug #928264 [gnome-maps] [gnome-maps] Gnome Maps crashes as soon as you search
for a city.
Bug reassigned from package 'gnome-maps' to 'libgeocode-glib0'.
No longer marked as found in versions 3.22.2.
Ignoring request to alt
Control: reassign 928264 libgeocode-glib0 3.20.1-2
Control: tags 928264 + upstream fixed-upstream patch
Control: affects 928264 gnome-maps
Control: fixed 928264 libgeocode-glib0/3.26.1-1
Dear Maintainer,
I just tried to reproduce and hit the segfault below [3].
This seems to be reported in bugs [
On Tue, 30 Apr 2019 10:59:16 -0400 Sam Hartman wrote:
>
> I realize that we normally don't care about packages only in sid, but
> the version of electrum in sid is apparently only useful to funnel your
> bitcoin to attackers.
> The issue is that versions prior to 3.3 are vulnerable to mallware, a
Your message dated Wed, 1 May 2019 10:56:54 +0200
with message-id
and subject line Re: Bug#927824: Grisbi 1.2.1-1 always crashes when creating a
new transaction
has caused the Debian Bug report #927824,
regarding Grisbi 1.2.1-1 always crashes when creating a new transaction
to be marked as done.
Thanks Ludovic, the updated version has been unblocked and has now
migrated to testing, this fixes the issue.
Le mer. 24 avr. 2019 à 17:10, Ludovic Rousseau
a écrit :
>
> Le 24/04/2019 à 15:51, Ludovic Rousseau a écrit :
> > debian-release will not accept to migrate 1.2.2 into testing.
>
> Maybe
On Wed, May 01, 2019 at 01:11:32AM +0200, Markus Koschany wrote:
> Thanks for providing a solution and a way forward. Could you provide a
> trivial fix/patch as well? I'm willing to test it and ask the release
> team for an unblock. I currently don't understand the underlying issue
> and why it was
Source: filezilla
Version: 3.39.0-2
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for filezilla.
CVE-2019-5429[0]:
| Untrusted search path in FileZilla before 3.41.0-rc1 allows an
| attacker to gain privileges via a malicious 'fzsftp' binary in the
| user'
33 matches
Mail list logo
