Package: firefox-esr
Version: 60.6.1esr-1~deb9u1
Followup-For: Bug #928415
Dear Maintainer,
What is Debian's recommendation for users and administrators dealing
with this major snafu?
I've got a bunch of Debian Stable boxes with Firefox-esr and
installing the STUDIES "hotfix" from Mozilla by han
Package: perl6-zef
Version: 0.6.2-1
Severity: serious
Clarification: renders zef nearly unusable
Dear maintainer,
The URL list for p6c mirrors has already outdated:
53 "short-name" : "p6c",
54 "enabled" : 1,
55 "module" : "Zef::Repository::Ecosystems",
56
Your message dated Sun, 05 May 2019 02:33:30 +
with message-id
and subject line Bug#928452: fixed in python-acme 0.31.0-2
has caused the Debian Bug report #928452,
regarding POST-as-GET support needed in Buster
to be marked as done.
This means that you claim that the problem has been dealt wi
Processing commands for cont...@bugs.debian.org:
> block 928453 by 928452
Bug #928453 [release.debian.org] unblock: python-acme/0.31.0-2
928453 was not blocked by any bugs.
928453 was not blocking any bugs.
Added blocking bug(s) of 928453: 928452
> thanks
Stopping processing here.
Please contact
Processing commands for cont...@bugs.debian.org:
> reassign 928452 python-acme
Bug #928452 [src:python-certbot] POST-as-GET support needed in Buster
Bug reassigned from package 'src:python-certbot' to 'python-acme'.
No longer marked as found in versions python-certbot/0.31.0-1.
Ignoring request to
Source: python-certbot
Version: 0.31.0-1
Severity: serious
Tags: upstream
Because of changes to the ACME v2 standard, unauthenticated GET
requests to ACME compatible APIs must be performed as special
POST-as-GET requests to be valid. The primary ACME API, Let's
Encrypt, has deprecated support for
Hartmut Buhrmester wrote:
> So I think, that the setting xpinstall.signatures.required = false is
> not really needed.
>
> Enabling "studies" and using a short update interval of 5 seconds
> should do the trick.
I think the opposite is true.
I had xpinstall.signatures.required set to false bef
Hello,
I found a workaround for firefox-esr 60.6.1esr-1~deb9u1 from Debian 9.9
Stretch/stable, and uBlock origin 1.18.16 from
https://addons.mozilla.org (AMO).
When uBlock origin was suddenly disabled today, I first changed this
setting on the configuration page about:config :
xpinstall.si
While I agree an unknown disabling of plugins, not just noscript (there
are others like noscript) is a security concern...
There is a big, yellow banner that appears and stays at the top of your
browser, informing you if any plugins/add-ons are disabled.
So for me, the 'big deal' is being infor
Your message dated Sat, 04 May 2019 22:49:24 +
with message-id
and subject line Bug#927888: fixed in grub2 2.02+dfsg1-18
has caused the Debian Bug report #927888,
regarding Need to disable the devicetree command in Secure Boot mode
to be marked as done.
This means that you claim that the prob
On Sat, May 04, 2019 at 08:54:27AM +0200, Salvatore Bonaccorso wrote:
> tags 928417 - security
The fact that this bug allows Mozilla to disable remotely security
extensions like noscript is a major security issue.
When noscript get deactivated, firefox should default to disabling
javascript compl
Changing "xpinstall.signatures.required" to "false" will work on builds
without MOZ_REQUIRE_SIGNING.
This can be checking by going to resource://gre/modules/AppConstants.jsm
and checking the value of MOZ_REQUIRE_SIGNING, if it is false, the
signatures can be disabled with the above config.
Note it
On Sat, May 04, 2019 at 10:44:26PM +0100, Colin Watson wrote:
>On Fri, May 03, 2019 at 10:42:34PM +0100, Steve McIntyre wrote:
>> diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
>> index c9aee74ef..735c56e45 100644
>> --- a/grub-core/loader/efi/fdt.c
>> +++ b/grub-core/loader/e
Control: tag -1 pending
Hello,
Bug #927888 in grub2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/grub-team/grub/commit/000b835ba506ef3e0422c243209b2853cfb8c6
Processing control commands:
> tag -1 pending
Bug #927888 [src:grub2] Need to disable the devicetree command in Secure Boot
mode
Added tag(s) pending.
--
927888: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927888
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
On Fri, May 03, 2019 at 10:42:34PM +0100, Steve McIntyre wrote:
> diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
> index c9aee74ef..735c56e45 100644
> --- a/grub-core/loader/efi/fdt.c
> +++ b/grub-core/loader/efi/fdt.c
> @@ -123,6 +123,14 @@ grub_cmd_devicetree (grub_command_t
An immediate fix is to set xpinstall.signatures.required to false in
about:config
0xCEC1B8C7E51FC983.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Your message dated Sat, 04 May 2019 20:48:26 +
with message-id
and subject line Bug#927152: fixed in teeworlds 0.7.2-4
has caused the Debian Bug report #927152,
regarding teeworlds: CVE-2019-10877 CVE-2019-10878 CVE-2019-10879
to be marked as done.
This means that you claim that the problem h
On Sat, 04 May 2019 14:42:28 -0300 Niv Sardi wrote:
> mozilla is roling out a fix
>
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
> that said they are using the 'studies' infrastructure to do so, and
> they seem to be disabled in the debian build.
In that arti
Control: fixed -1 1.32.0+dfsg1-3
Control: fixed -1 1.25.0+dfsg1-1
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Processing control commands:
> fixed -1 1.32.0+dfsg1-3
Bug #928422 [rust-doc] rust-doc: unsatisfiable Depends: fonts-open-sans in
jessie
Marked as fixed in versions rustc/1.32.0+dfsg1-3.
> fixed -1 1.25.0+dfsg1-1
Bug #928422 [rust-doc] rust-doc: unsatisfiable Depends: fonts-open-sans in
jessie
M
Control: tags -1 + jessie
Control: notfound -1 1.32.0+dfsg1-3
Control: notfound -1 1.25.0+dfsg1-1
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Processing control commands:
> tags -1 + jessie
Bug #928422 [rust-doc] rust-doc: unsatisfiable Depends: fonts-open-sans in
jessie
Added tag(s) jessie.
> notfound -1 1.32.0+dfsg1-3
Bug #928422 [rust-doc] rust-doc: unsatisfiable Depends: fonts-open-sans in
jessie
Ignoring request to alter found ve
Processing control commands:
> tags + -1 jessie
Unknown command or malformed arguments to command.
> notfound -1 1.25
Bug #928422 [rust-doc] rust-doc: unsatisfiable Depends: fonts-open-sans in
jessie
There is no source info for the package 'rust-doc' at version '1.25' with
architecture ''
Unabl
Control: tags + -1 jessie
Control: notfound -1 1.25
Please be a bit more careful filing bugs for old versions in future. Without
the extra annotations I just added, this might have kicked rustc out of testing
if nobody else was paying attention.
Judging from https://packages.debian.org/sid/font
Package: dhcpcd5
Version: 7.1.0-1
Severity: serious
Tags: security upstream fixed-upstream
Dear Maintainer,
another week - another bug ;) Upstream released version 7.2.2 of dhcpcd5 fixing
another potential security issue in DHCPv6. All versions currently supported in
Debian (jessie, stretch, bu
Processing commands for cont...@bugs.debian.org:
> tags 891233 + patch fixed-upstream stretch
Bug #891233 [kamoso] kamoso: segmentation fault in kamoso in Debian 9 stable.
Application crashes while starting.
Added tag(s) stretch, fixed-upstream, and patch.
> thanks
Stopping processing here.
Plea
mozilla is roling out a fix
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
that said they are using the 'studies' infrastructure to do so, and
they seem to be disabled in the debian build.
Processing commands for cont...@bugs.debian.org:
> severity 928278 important
Bug #928278 [dmeventd] dmeventd: raid1 fails to automatically rebuild when
raid_fault_policy="allocate"
Severity set to 'important' from 'critical'
> thanks
Stopping processing here.
Please contact me if you need assist
Hello,
On Sat, 4 May 2019 09:43:12 -0500 Erik wrote:
> Firefox from the Debian package has data reporting disabled so using
> studies is not possible.
Neither with Tor Browser, which is also affected.
Just tried some workaround, it seems to work with both Firefox ESR from
Debian stable, and To
Official Mozilla response:
https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047
"Certificate issue causing add-ons to be disabled or fail to install:
10:50 a.m. UTC / 01:50 a.m. PDT: We rolled-out a fix for release, beta
and nightly users on
Hi,
This bug affect both firefox-esr in Stretch and firefox in
testing/unstable. Should they be kept separate ?
This bug does not affect packaged extensions within Debian despite some
of them having the expired certificate like webext-noscript 10.1.9.6-2
or webext-https-everywhere 2018.8.22-1~deb
Processing control commands:
> affects -1 + education-desktop-gnome education-desktop-mate
> education-desktop-xfce education-main-server education-networked
> science-geography
Bug #928429 [dpkg] dpkg: trigger cycle postgresql-common -> sgml-base while
upgrading from stretch to buster
Added in
Processing control commands:
> affects -1 + jython-stilts astro-all
Bug #924283 [jython] jython: does not run with older Java versions
Ignoring request to set affects of bug 924283 to the same value previously set
--
924283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924283
Debian Bug Tra
Followup-For: Bug #924283
Control: affects -1 + jython-stilts astro-all
Hi,
you need to bump the dependency to
default-jre-headless (>= 2:1.9) | java9-runtime-headless
^^
otherwise default-jre-headless allows incompatible versions.
Andreas
Processing commands for cont...@bugs.debian.org:
> unarchive 924283
Bug #924283 {Done: Gilles Filippini } [jython] jython: does
not run with older Java versions
Unarchived Bug 924283
> found 924283 2.7.1+repack1-2
Bug #924283 {Done: Gilles Filippini } [jython] jython: does
not run with older Jav
On Sat, Apr 20, 2019 at 01:39:36PM +0200, Guillem Jover wrote:
> Source: curl
> Source-Version: 7.64.0-2
> Severity: serious
> Control: affects -1 rtorrent
>
> Hi!
Hello,
> I've started noticing rtorrent busy-looping at some points after
> finishing a torrent. stracing and gdb'ing the process it
On Sat, May 04, 2019 at 01:59:36PM +0200, Andreas Beckmann wrote:
> nageru/experimental FTBFS on all platforms:
> https://buildd.debian.org/status/package.php?p=nageru&suite=experimental
It depends on newer bmusb, currently in NEW. I should probably add a
Build-Depends.
/* Steinar */
--
Homepage
Source: nageru
Version: 1.8.6-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
Hi,
nageru/experimental FTBFS on all platforms:
https://buildd.debian.org/status/package.php?p=nageru&suite=experimental
[68/260] c++ -Istream@sta -I. -I..
söndag 21 april 2019 kl. 19:55:10 CEST skrev Magnus Holmgren:
> But now that I look closer, it looks like the "spool format error" message
> is only triggered by malformed header files, and Thomas in https://
> lists.exim.org/lurker/message/20180726.174108.0620f3c0.en.html had narrowed
> it down
Hi,
Maybe https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926193 is same?
--
Hideki Yamane
Package: rust-doc
Version: 1.24.1+dfsg1-1~deb8u4
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package is not
installable in jessie:
The following packages have unmet dependencies:
rust-doc : Depends: fonts-open-sans but it
Processing commands for cont...@bugs.debian.org:
> # the same problem exists in jessie
> user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was a...@debian.org).
> unarchive 909000
Bug #909000 {Done: Daniel Kahn Gillmor } [enigmail]
Enigmail 2.0 needed in Stretch after Th
Source: php-imagick
Version: 3.4.3~rc2-2
Severity: grave
Tags: security upstream
Forwarded: https://bugs.php.net/bug.php?id=77791
Hi,
The following vulnerability was published for php-imagick.
CVE-2019-11037[0]:
| In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing
| to an arra
On Fri, 05 Apr 2019 11:58:24 +0800 Paul Wise wrote:
> I've done that in the attached patch.
I've now asked the release team for an unblock.
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
Processing commands for cont...@bugs.debian.org:
> found 928415 60.6.1esr-1
Bug #928415 [firefox-esr] firefox-esr: Bugzilla 1548973 All extensions disabled
due to expiration of intermediate signing cert
Marked as found in versions firefox-esr/60.6.1esr-1.
> thanks
Stopping processing here.
Pleas
46 matches
Mail list logo
