Package: dpkg
Version: 1.21.4
Severity: critical
Justification: breaks the whole system
I ran dpkg-fsys-usrunmess using sudo under umask 077. Several
directories including /bin /sbin /lib64 /lib32 /libx32 became mode 700.
I had to boot with rw init=/bin/bash to chmod them back to 755.
-- Package
Package: hime
Version: 0.9.10+git20150916+dfsg1-6
Followup-For: Bug #827927
Unfortunately, the bug still exists. Please see my original bug
report for the change that needs to be made. I am encountering
this bug upgrading from hime:amd64 0.9.10+git20150916+dfsg1-5 to
0.9.10+git20150916+dfsg1-6.
On 2016-06-23T19:16:54+0800, ChangZhuo Chen (陳昌倬) wrote:
> I cannot reprocedure the issue when doing flash install on
> 0.9.10+git20150916+dfsg1-4. The only way to reprocedure the issue is to
> upgrade from 0.9.10+git20150916+dfsg1-3 to 0.9.10+git20150916+dfsg1-4.
> Could you help to confirm that?
Package: hime
Version: 0.9.10+git20150916+dfsg1-4
Severity: serious
Tags: patch
Justification: Policy 6.4
"hime.postinst configure" fails because it performs "set -e" at the top
then tests "dpkg --compare-versions". The lines
dpkg --compare-versions $2 lt 0.9.10+git20150916+dfsg1-3~
if [
Michael Gilbert wrote:
> Ok, I see now. Then the root cause is that tempfile will "listen to"
> the TMPDIR setting. So, to fix that core problem, shouldn't we disable
> it? Note functionality shouldn't be lost since there is still the
> "--directory" option; although some scripts may need to be
On 2011-08-28T20:08:27-0500, Jonathan Nieder wrote:
> Wasn't the original intent closer to
> trap "rm -f -- \"\$tmp\"" EXIT HUP INT QUIT TERM
> which prevents the variable from being interpolated in advance at all?
Yes, that's the (a) right fix.
signature.asc
Description: Digital signature
Vincent Lefevre wrote:
> One can even execute commands up to 3 characters! e.g.
Oh, I see. I also just realized that the single-letter file name to delete can
be *
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...
Package: xpdf
Version: 3.02-18
Severity: critical
Justification: causes serious data loss
Using a crafted .pdf.gz file name (which could be sent from a Web
server to a browser, for example), xpdf can be fooled into deleting an
unrelated file as long as its name is a single letter.
$ touch y
Package: viewvc
Version: 1.0.3-2
Severity: critical
Tags: security patch
Justification: causes serious data loss
Hello,
viewvc provides a "forbidden" configuration option to forbid access to
parts of a repository, but only *directory* listing is forbidden. An
attacker who guesses a file name can
Package: subversion
Version: 1.2.0-1
Followup-For: Bug #316143
Unfortunately, I have exactly the same dependent package versions
(including libc6 2.3.2.ds1-22) as indicated in the original bug report,
yet I see the same problem (tested with a freshly created, local fsfs
repository).
Ken
Package: pptp-linux
Version: 1.5.0-5
Severity: serious
Justification: Policy 2.2.1
/usr/share/doc/pptp-linux includes specification documents like
pptp-draft.txt.gz, rfc1701.txt.gz, rfc1702.txt.gz, and rfc1990.txt.gz.
I thought RFCs were not free?
Thanks,
Ken
-- System Information:
Debia
11 matches
Mail list logo
