Bug#892520: libpodofo: CVE-2018-8000 CVE-2018-8001 CVE-2018-8002

Package: libpodofo X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the following vulnerabilities were published for libpodofo. CVE-2018-8000[0]: | In PoDoFo 0.9.5, there exists a heap-based buffer overflow | vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in | Pdf

Bug#889892: mpv: fix for CVE-2018-6360 breaks youtube playlists

On 2018-02-08 09:01, James Cowgill wrote: > I think the attached patch will fix this (which I have also just > uploaded to unstable). Uploaded. Thanks! /luciano signature.asc Description: OpenPGP digital signature

Bug#888654: mpv: CVE-2018-6360

d be good if anyone could check it over. I tested the PoC (probably as you) and seems fixed. I tried to cover under branches and they also look sanitized. I feel as confident as somebody can be that the patch is complete. It seems functionally safe. Thanks for your work, please uploa

Bug#862787: debconf: Passwords do not match.

Package: debconf Version: 1.5.56 Severity: grave Tags: security Justification: user security hole Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** During the installation of ddclient, Debconf display the error "Passwords do not match. The two passwo

Bug#844121: Remote crash in MaraDNS 2.0.13

to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry, if it is assigned soon. Please adjust the affected versions in the BTS as needed. Regards,luciano

Bug#828433: marked as pending

5bbb610b06e1b8fff2c33c5feced2c8bbe24b11c Author: Luciano Bello Date: Sat Nov 5 00:53:45 2016 -0400 openssl 1.1 diff --git a/debian/changelog b/debian/changelog index eb3e6af..9958fc8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +medusa (2.2-4) unstable; urgency=high + + * OpenSSL 1.1 support (RC

Bug#825799: [Pkg-gmagick-im-team] Bug#825799: imagemagick: CVE-2016-5118

Thanks a lot for your help! /luciano

Bug#750050: ieee-data: updated files should be placed in /var

ks to the var files? /luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#702410: additional information incomplete fix for CVE-2012-6122

Take a look to http://seclists.org/oss-sec/2013/q2/295 Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#702217: proposition for libopenid-ruby/2.1.8debian-1+squeeze1 [CVE-2013-1812]

nks for your patch! In my opinion, this can be handle via s-p-u. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS

stable or testings are affected too? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#699230: Mahara: [CVE-2011-3642] (Flowplayer upstream) unpatched vulnerability

Package: mahara Severity: critical Tags: security Justification: user security hole Hi there, Melissa Draper pointed that the embedded copy of flowplayer-core in Mahara is affected by http://code.google.com/p/flowplayer-core/issues/detail?id=441 Cheers, luciano -- To UNSUBSCRIBE, email

Bug#699224: libvirt [CVE-2013-0170]: libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code

you check if the stable version is affected too? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#692899: zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix

Package: zope2.12 Severity: grave Tags: security Justification: user security hole Hi, please see : http://seclists.org/oss-sec/2012/q4/249 Can you confirm if any of the Debian packages are affected? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a

Bug#692608: [CVE-2012-4540] icedtea-web: buffer overflow in IcedTeaScriptableJavaObject::invoke

Package: icedtea-web Severity: grave Tags: security Justification: user security hole Hi, please see : http://seclists.org/oss-sec/2012/q4/237 Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Conta

Bug#692435: gegl: CVE-2012-4433 - Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers

Package: gegl Severity: grave Tags: security Justification: user security hole Hi, please see : http://seclists.org/oss-sec/2012/q4/215 Can you confirm if any of the Debian packages are affected? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a

Bug#692434: yui: CVE-2012-5475 - YUI 2.x security issue regarding embedded SWF files

Package: yui Severity: grave Tags: security Justification: user security hole Hi, please see : http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability- in-yui-2/ Are vulnerable versions in Debian? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ

Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

0-2482 should be fixed in 3.9.4. Did I missed something? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688153: XSS in Smarty exception messages

s not present. Can you confirm that? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#688151: fwknop: Multiple security issues

Package: fwknop Severity: grave Tags: security patch The new fwknop fixes many security problems: http://seclists.org/oss-sec/2012/q3/509 It's fixed in 2.0.3. The link include the patches too. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a su

Bug#687998: OptiPNG Palette Reduction Use-After-Free Vulnerability

Package: optipng Severity: grave Tags: security patch The following vulnerability has been reported against optipng. http://seclists.org/oss-sec/2012/q3/499 It's fixed in 0.7.3. The link include a patch too. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debia

Bug#683984: libapache2-mod-rpaf: potential Denial of Service

e taken notes for myself and people I am working with. > You can find these notes on > http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial > > From my experiments, version 0.6 fixes the issue (IPv6 patched or unpatched). Please, prepare a minimal patch for stable a

Bug#678529: [CVE-2012-2751] mod_security multi-part bypass

Package: libapache-mod-security Severity: grave Tags: security patch The following vulnerability had been reported against mod-security: http://www.openwall.com/lists/oss-security/2012/06/22/1 The patch can be found in the report. Please use CVE-2012-2751 for this issue. Cheers, luciano

Bug#678527: [CVE-2012-2751] mod_security multi-part bypass

Package: modsecurity-apache Severity: grave Tags: security patch The following vulnerability had been reported against mod-security: http://www.openwall.com/lists/oss-security/2012/06/22/1 The patch can be found in the report. Please use CVE-2012-2751 for this issue. Cheers, luciano -- To

Bug#671264: [CVE-2012-2151] spip: multiple XSS

Package: spip Severity: grave Tags: security The following vulnerability has been reported against spip: http://www.openwall.com/lists/oss-security/2012/05/01/4 Please use CVE-2012-2151 for this issue. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#664411: [CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and AST-2012-003 flaws

and CVE-2012-1184, respectably. Cheers, luciano signature.asc Description: This is a digitally signed message part.

Bug#664137: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers

On Friday 16 March 2012, Kartik Mistry wrote: > Which one? :) Hehhe... please, upload. -l signature.asc Description: This is a digitally signed message part.

Bug#664137: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers

On Friday 16 March 2012, Kartik Mistry wrote: > Do you want me to upload it directly to stable or want to send email > to security with debdiff etc? Yes, please. Thank you :) /luciano signature.asc Description: This is a digitally signed message part.

Bug#664137: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers

On Thursday 15 March 2012, Cyril Lavier wrote: > For old-stable, I don't have time tonight, so if anybody is willing to > do it, don't hesitate :). Security does not support old-stable since Febrary. Thanks a lot for your work! -l -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.deb

Bug#664137: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers

On Thursday 15 March 2012, Cyril Lavier wrote: > The 1.1.17 will be uploaded tomorrow, we already done the needed test > for the upload (build and functionality). Great! Can you check if stable is affected? The bug looks quite important. Do you think that stable should be updated by a DSA? Th

Bug#664137: [CVE-2012-1180] nginx fix for malformed HTTP responses from upstream servers

, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#664032: [CVE-2012-1177] libgdata do not verify SSL certs

://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c Please use CVE-2012-1177 for this issue. Since the bug affects other applications (like evolution) and looks quite important, please contact the security team if it also affects stable. Cheers, luc

Bug#664030: [CVE-2012-1178] pidgin: Possible MSN remote crash

Package: pidgin Severity: grave Tags: security patch The following vulnerability had been reported against pidgin: http://pidgin.im/news/security/?id=61 The patch can be found in the report. Please use CVE-2012-1178 for this issue. Can you check if stable is also affected? Cheers, luciano

Bug#664028: [CVE-2011-4939] pidgin: XMPP remote crash

I could see. Cheers, luciano signature.asc Description: This is a digitally signed message part.

Bug#664023: [CVE-2012-1175] gnash integer overflow

affected. If it's the case, can you prepare and patch for it? I can take care of the DSA. Cheers, luciano signature.asc Description: This is a digitally signed message part.

Bug#663644: [CVE-2012-1164] openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry

Package: openldap Severity: grave Tags: security patch The following vulnerability had been reported against openssl: http://www.openwall.com/lists/oss-security/2012/03/12/4 The upstream patch can be found in the report. Please use CVE-2012-1164 for this issue. Cheers, /luciano

Bug#663642: [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers

, /luciano signature.asc Description: This is a digitally signed message part.

Bug#657217: bip: buffer overflow (CVE-2012-0806)

is present in 0.8.8 and previous versions and, according to reporter, remote execution of code should be possible. Please use CVE-2012-0806 for this issue. /luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Conta

Bug#650937: CVE-2011-4090: serendipity before 1.6 backend XSS in karma plugin

gelog. The patch is available here: https://github.com/s9y/Serendipity/commit/a7861fabd328c3c468f0853355686dd7e39cc4ac#plugins/serendipity_event_karma/serendipity_event_karma.php Regards, /luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "u

Bug#650678: fail2ban: Random iptables errors on start

Hi Yaroslav, If you consider this problem a security hole, it can be fixed through a point update. Take a look to: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable Regards, /luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#650621: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys

regards, -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#650434: mediawiki: two security issues (fixed in 1.17.1)

wikimedia bugzilla: https://bugzilla.wikimedia.org/show_bug.cgi?id=32276 https://bugzilla.wikimedia.org/show_bug.cgi?id=32616 Please, consider backport those patches to stable and oldstable since they look affected. Coordinate with the security team a DSA release. Regards, /luciano -- To

Bug#650430: Mojarra: CVE-2011-4358

Package: mojarra Severity: grave Tags: security patch Hi there, A vulnerability against mojarra have been reported. http://www.openwall.com/lists/oss-security/2011/11/29/1 Please, check the reference to a get a patch and a PoC. Best Regards, /luciano -- To UNSUBSCRIBE, email to

Bug#645516: hardlink has buffer overflows, is unsafe on changing trees

Package: hardlink Severity: grave Tags: security Hi Julian, A security problem in hardlink had been reported: http://www.openwall.com/lists/oss-security/2011/10/15/2 The report refers to Fedora. Can you check if any Debian version is affected? Thanks a lot! -luciano -- To UNSUBSCRIBE

Bug#631347: CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

http://www.openwall.com/lists/john-dev/2011/06/20/3 [3] http://www.openwall.com/lists/john-dev/2011/06/20/5 [4] https://bugzilla.redhat.com/show_bug.cgi?id=715025 -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? C

Bug#631345: opie: missing setuid() retval check in opielogin

, luciano [1] http://www.openwall.com/lists/oss-security/2011/06/22/6 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#631344: opie: off by one in opiesu

, luciano [1] http://www.openwall.com/lists/oss-security/2011/06/22/6 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#631285: CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

http://www.openwall.com/lists/john-dev/2011/06/20/5 [4] https://bugzilla.redhat.com/show_bug.cgi?id=715025 [5] http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=ca59dfa6f727fe3bf3a01904ec30e87f7fa5a67e -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org wi

Bug#631283: CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

ttps://bugzilla.redhat.com/show_bug.cgi?id=715025 -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#619157: xserver-xorg-video-intel: The Xorg freeze, crash and reboot with blank screen without prompt for login on Squeeze.

Package: xserver-xorg-video-intel Version: 2:2.13.0-6 Severity: critical Tags: squeeze Justification: causes serious data loss Hi, I upgrade my system from Lenny to Squeeze. The Xorg freeze and after the message on console tty1: [29266.416011][drm:i915_angcheck_elapsed] *ERROR* Hangcheck time

Bug#614580: asterisk: AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

Please, use CVE-2011-1147 -luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#597254: mrtgutils test

It would be great if you try it and report any new bug. Thanks for your feedback, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#597254: mrtgutils: Should mrtg-sensors be a separate package?

package during the next week. NMU are welcome meanwhile. Thanks for your bug report, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#581194: libpoe-component-irc-perl: Insufficient stripping of CR/LF allows arbitrary IRC command execution

rele...@lists.d.o attaching the debdiff. Thanks you for all your contributions Luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#578275: CVE-2010-1163: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426

y affects when ignore_dot value is on. Lenny is not affected since the default value is off and can be changed. The patch: https://bugzilla.redhat.com/attachment.cgi?id=405247&action=diff thanks, luciano signature.asc Description: This is a digitally signed message part.

Bug#576825: #576825: w3af - Fatal error in post-inst

tags 576825 = moreinfo unreproducible severity 576825 normal thank you Hi Pierre, I tried to reproduce the bug without lucky. I ran it in a chroot create by pbuilder login. Can you give more info? I lowered the severity meanwhile. ---8<8<--

Bug#576825: Fatal error in post-inst

El Mié 07 Abr 2010, Pierre THIERRY escribió: > Latest w3af seems uninstallable: I'm checking this. You will probably have an answer in two or three days. Thanks for the report. l. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Con

Bug#571110: patch for w3af-console version 1.0~rc2svn3180-1.1

El Jue 18 Mar 2010, Stefano Zacchiroli escribió: > PS Luciano, this is also an offer for help, if you approve the proposed >    patch, I'd be happy to contribute an NMU of this. After few tests, I notice that w3af is not working for 2.6 anyway (few deps are not for 2.6). So I

Bug#538402: CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit

Package: webkit Version: 1.1.10-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit. CVE-2009-1724[0]: | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari | before 4.0.2 allows remote attackers to inject arbitrar

Bug#538403: CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit

Package: qt4-x11 Version: 4:4.5.2-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for qt4-x11. CVE-2009-1724[0]: | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari | before 4.0.2 allows remote attackers to inject arbit

Bug#538350: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

Package: kdelibs Version: 4:3.5.10.dfsg.1-2 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit. CVE-2009-1725[0]: | WebKit in Apple Safari before 4.0.2 does not properly handle numeric | character references, which allows re

Bug#538349: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

Package: kde4libs Version: 4:4.2.96-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit. CVE-2009-1725[0]: | WebKit in Apple Safari before 4.0.2 does not properly handle numeric | character references, which allows remote a

Bug#538347: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

Package: qt4-x11 Version: 4:4.5.2-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit. CVE-2009-1725[0]: | WebKit in Apple Safari before 4.0.2 does not properly handle numeric | character references, which allows remote att

Bug#538346: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

Package: webkit Version: 1.1.10-2 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit. CVE-2009-1725[0]: | WebKit in Apple Safari before 4.0.2 does not properly handle numeric | character references, which allows remote attac

Bug#532725: libqt4-webkit: CVE-2009-0945

In order to be strict, libwebkit-1.0-2 does not fix the bug... it's just not affected. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#532718: libqt4-webkit: CVE-2009-0945

Oppss... I forgot, you can find a PoC here http://bugs.gentoo.org/271863 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#532725: libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit

Package: libwebkit-1.0-1 Version: 1.0.1-4+b1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libwebkit-1.0-1. CVE-2009-0945[0]: | Array index error in the insertItemBefore method in WebKit, as used in | Safari before 3.2.3 and 4 Publi

Bug#532718: libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit

Package: libqt4-webkit Version: 4.5.1-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libqt4-webkit. CVE-2009-0945[0]: | Array index error in the insertItemBefore method in WebKit, as used in | Safari before 3.2.3 and 4 Public Beta,

Bug#528389: CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty

Package: jetty Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for jetty. CVE-2009-1523[0]: | Directory traversal vulnerability in the HTTP server in Mort Bay Jetty | before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote |

Bug#527634: ipsec-tools: CVE-2009-1574 remote denial of service

http://security-tracker.debian.net/tracker/CVE-2009-1574 This looks like the patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#442643: dsniff: newer BDB

El Sáb 27 Sep 2008, Luk Claes escribió: > Can you please look into getting dsniff built with libdb-dev (bdb 4.6)? done signature.asc Description: This is a digitally signed message part.

Bug#315322: Du hast noch mehr SpaB beim x ..

Mein Kumpel hat es ausprobiert: Original VV rezf im Internet bestellen ist ganz einfach und ja seitdem er VV nimmt, ist seine Frau wieder richtig zufrieden mit ihm.http://describerich.com

Bug#474411: nepenthes - FTBFS: error: 'free' was not declared in this scope

tag 474411 -unreproducible thanks... The problem is the g++ version. I'm working on it. Please, next time include more details about the building conditions. luciano signature.asc Description: This is a digitally signed message part.

Bug#474411: nepenthes - FTBFS: error: 'free' was not declared in this scope

tag 474411 +unreproducible thank... In my pbuilder I have no any problem. Can you include the bugreport footer o more information about in which conditions can I reproduce the problem? luciano signature.asc Description: This is a digitally signed message part.

Bug#399892: #399892 nepenthes_0.2.0-1(hppa/experimental): FTBFS: tries to use static library compiled without -fPIC

CCing to the BTS this time. Please, CC in to BTS in your response. If you prefer to discuss this in [EMAIL PROTECTED], please fell free. luciano signature.asc Description: This is a digitally signed message part.

Bug#451455: nepenthes: FTBFS: Deprecated conversion from string constant to 'char*'

Hi daniel! Please, check the experimental version. luciano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#369030: why is fixed package not uploaded yet?

Upstrem is working in a new version. luciano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#399892: nepenthes_0.2.0-1(hppa/experimental): FTBFS: tries to use static library compiled without -fPIC

El Mar 17 Jul 2007, Jan Wagner escribió: > Hi Luciano, > > On Wednesday 20 June 2007 19:15, Luciano Bello wrote: > > I need your opinion and comments about: http://bugs.debian.org/399892 > > Nepenthes has a module (modulehoneytrap.so) linked with libipq (IPQ >

Bug#437621: CVE-2007-2030: unsecure tempfile handling

Sorry, the problem is that the tempfile is reused. From https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585 : "lha doesn't open temporary files *exclusively*" Ignore the prior message. luciano signature.asc Description: This is a digitally signed message part.

Bug#437621: CVE-2007-2030: unsecure tempfile handling

pp doesn't look vulnerable at all. I propose, with the attached patch, avoid any mktemp possibility. luciano --- lharc.c.orig 2007-08-14 00:21:24.0 -0300 +++ lharc.c 2007-08-14 00:22:07.0 -0300 @@ -905,12 +905,8 @@ else { sprintf(temporary_name, "%s/lhXX

Bug#399892: nepenthes_0.2.0-1(hppa/experimental): FTBFS: tries to use static library compiled without -fPIC

t PIC. Frank Lichtenheld <[EMAIL PROTECTED]> proposed to ask here. Please CC to the bug if you think is proper. luciano signature.asc Description: This is a digitally signed message part.

Bug#404747: When using fuse file system, kernel version 7, davfs2 crashed

Hi vorlon, I will uploading a patched version to sid this night. >From upstream Why is it critical: davfs holds unsynchronized data in memory as well as in the cache on disk. These will be lost in case of a crash. In more detail: 1) mount.davfs will crash when using fuse (but not immediately,

Bug#404747: When using fuse file system, kernel version 7, davfs2 crashed

Package: davfs2 Version: 1.1.2-2 Severity: serious From an upstream e-mail report --- start When using fuse file system, kernel version 7, davfs2 crashed. But this is the fuse version that will be included in the standard kernel of etch. I believe the bug is serious and it is in 1.1.3 too. But

Bug#386305: #386305 iacd won't start if the pidfile already exists

tags 386305 + patch thanks Many packages solve the problem with a rm in the stop case. CaFeLUG September BTS luciano --- init.d.orig 2006-09-10 23:43:35.0 -0300 +++ init.d 2006-09-10 23:48:47.0 -0300 @@ -26,6 +26,7 @@ echo -n "Stopping $DESC: $NAME" start-s

Bug#378759: Patch for nepenthes: dpkg-buildpackage erases y.tab.c if run a second time

tags 378759 +patch +pending thank you the patch from José Parrella works fine. Will be upload tomorrow. thx, luciano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#378759: Patch for nepenthes: dpkg-buildpackage erases y.tab.c if run a second time

lcode-signatures/Makefile.in: -rm -f *.tab.c nepenthes-core/src/Makefile.in: -rm -f *.tab.c Thanks, luciano. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#365558: [#365558] davfs2: Garbage is displayed in some directories of mounted WebDAV directory

davfs2's source code. Are you sure that the server wasn't be compromised? Please, contact me if you can provide user/pass/server. luciano signature.asc Description: Esta parte del mensaje está firmada digitalmente

Bug#339095: [Pkg-mailman-hackers] Bug#339095: Re: Mailman DoS CVE-2005-3573, debbug #339095

El vie, 20-01-2006 a las 11:43 -0300, Luciano Bello escribió: > AFAIK, the bug is steel there :) s/steel/still sorry :) luciano -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#339095: [Pkg-mailman-hackers] Bug#339095: Re: Mailman DoS CVE-2005-3573, debbug #339095

El vie, 20-01-2006 a las 12:30 +0100, Lionel Elie Mamane escribió: > On Thu, Jan 19, 2006 at 03:33:21PM -0300, Luciano Bello wrote: > > > I just want to know what happened with the CVE-2005-3573[1], > > particularly in stable/sarge. > > We (mailman Debian package ma

Bug#339095: Re: Mailman DoS CVE-2005-3573, debbug #339095

Hi everyone! I just want to know what happened with the CVE-2005-3573[1], particularly in stable/sarge. Thanks for all your help. Luciano [1] http://bugs.debian.org/339095 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292002: "Decrypt::makeFileKey2()" Buffer Overflow

Package: kpdf Version: 3.x Severity: grave Tags: security patch TITLE: KOffice "Decrypt::makeFileKey2()" Buffer Overflow SECUNIA ADVISORY ID: SA13934 VERIFY ADVISORY: http://secunia.com/advisories/13934/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: KOffice 1.

Bug#291994: "Decrypt::makeFileKey2()" Buffer Overflow

Package: kpdf Version: 3.x Severity: grave Tags: security sarge sid patch The version in woody is not affected by this problem. TITLE: KDE kpdf "Decrypt::makeFileKey2()" Buffer Overflow SECUNIA ADVISORY ID: SA13916 VERIFY ADVISORY: http://secunia.com/advisories/13916/ CRITICAL: Highly critical