Hi,
On Mon, Aug 25, 2008 at 01:12:11AM +0200, W. Martin Borgert wrote:
> On 2008-08-24 20:36, Luk Claes wrote:
> > I guess bug submitters and/or patch providers would also count as
> > contributor?
>
> Yes. There are 16 bugs with a "patch" tag:
>
> #404891 - patch by Steve Langasek <[EMAIL PROT
Your message dated Mon, 25 Aug 2008 12:02:20 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#496418: fixed in r-base 2.7.2-1
has caused the Debian Bug report #496418,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This m
Processing commands for [EMAIL PROTECTED]:
> # same player shoot again (again, with correct "To:" this time)
> forcemerge 494969 496405
Bug#494969: sympa: Leftover debug code may lead to data loss
Bug#496405: The possibility of attack with the help of symlinks in some Debian
packages
Forcibly Mer
Processing commands for [EMAIL PROTECTED]:
> severity 496430 wishlist
Bug#496430: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `wishlist' from `grave'
> retitle 496430 please replace insecure debug code in redirect.pl
Bug#496430: The possibility of
FYI, I have checked the code and filed 2 more bugs (the rest being false
positives, I think).
#496518 : Insecure use of /tmp in sympa_wizard may lead to system damage
#496520 : Insecure use of /tmp in sympa scripts
The first one is the most serious. The second one is minor.
Thanks for spotting t
severity 496430 wishlist
retitle 496430 please replace insecure debug code in redirect.pl
thanks
The code is insecure but only used when $debug=1, which is hardcoded to 0, so
only the user editing files under /usr/lib is affected by this, which we
don't support. Still, it would be good if this c
Package: gstreamer0.10-ffmpeg
Version: 0.10.4.2-1
Severity: serious
Hi,
your package failed to build from source.
| Automatic build of gstreamer0.10-ffmpeg_0.10.4.2-1 on signy by sbuild/mips
98-farm
| Build started at 20080825-0354
# Automatically generated email from bts, devscripts version 2.10.35
# should probably be closed, but in any case not RC, upgrades from etch aren't
affected
severity 469221 important
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECT
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> # should probably be closed, but in any case not RC, upgrades from etch
> aren't affected
> severity 469221 important
Bug#469221: apt-listchanges: Failed with "bsddb.db.DBRunRecover
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> # missing colon after closes in the changelog prevented this from getting
> properly marked as fixed
> close 495006 2.40-2.2
Bug#495006: listadmin: 2.40 update broke it against Mail
# Automatically generated email from bts, devscripts version 2.10.35
# missing colon after closes in the changelog prevented this from getting
properly marked as fixed
close 495006 2.40-2.2
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL
Your message dated Mon, 25 Aug 2008 13:17:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494097: fixed in git-core 1:1.6.0-1
has caused the Debian Bug report #494097,
regarding git-core: stack-based buffer overflow in git-diff and git-grep
to be marked as done.
This means that
Package: libbotan1.7
Version: 1.7.8-2
Severity: serious
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:
Date: 2008-08-25
Architecture: amd64
Distribution: lenny
Comm
Processing commands for [EMAIL PROTECTED]:
> severity 495244 important
Bug#495244: xcompmgr: causes x applications to stop updating
Severity set to `important' from `grave'
> tag 495244 moreinfo
Bug#495244: xcompmgr: causes x applications to stop updating
There were no tags set.
Tags added: morei
severity 495244 important
tag 495244 moreinfo
kthxbye
On Fri, Aug 15, 2008 at 13:39:32 -0400, Benjamin Seidenberg wrote:
> Julien Cristau wrote:
> > On Fri, Aug 15, 2008 at 12:32:01 -0400, Benjamin Seidenberg wrote:
> >
> >> Package: xcompmgr
> >> Version: 1.1.4-0.1
> >> Severity: grave
> >> Jus
In fact /usr/bin/zap is also ibncluded in the package libxdb-dev:
Date: 2008-08-25
Architecture: amd64
Distribution: lenny
Command: apt-get --assume-yes --allow-unauthenticated install dvb-apps
libxdb-dev
Reading package lists...
Building dependency tree...
The following extra packages will be in
Processing commands for [EMAIL PROTECTED]:
> reassign 496529 libbotan1.6,libbotan1.7
Bug#496529: libbotan1.7: tries to overwrite file owned by libbotan1.6
Bug reassigned from package `libbotan1.7' to `libbotan1.6,libbotan1.7'.
>
End of message, stopping processing here.
Please contact me if you
This one time, at band camp, Julien Valroff said:
> What can I do to prevent this? Dmitry suggested using mktemp, but
> this would only *reduce* the probability of exploiting this race
> condition.
No, it pretty much eliminates it. mktemp is clever enough to give you a
unique filename that doesn
On Sat, Aug 9, 2008 at 10:57:24 +0200, Andreas Metzler wrote:
> I intend to NMU with the attached diff.gz/dsc on August 16.
Ping Andreas?
Cheers,
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Your message dated Mon, 25 Aug 2008 16:24:16 +0200
with message-id <[EMAIL PROTECTED]>
and subject line CLOSED - Re: Bug#496518: Insecure use of /tmp in sympa_wizard
may lead to system damage
has caused the Debian Bug report #496518,
regarding Insecure use of /tmp in sympa_wizard may lead to syst
Processing commands for [EMAIL PROTECTED]:
> reopen 496518
Bug#496518: Insecure use of /tmp in sympa_wizard may lead to system damage
Bug reopened, originator not changed.
> severity 496518 wishlist
Bug#496518: Insecure use of /tmp in sympa_wizard may lead to system damage
Severity set to `wishli
reopen 496518
severity 496518 wishlist
retitle 496518 please remove traces of insecure tempfile use
tags 496518 patch
thanks
On Monday 25 August 2008 16:24, Olivier Berger wrote:
> Thus, the attached patch may be better, to finally get rid of the /tmp
> path.
>
> Too bas, this wasn't really obviou
tag 496366 patch
tag 496366 - help
thanks
Le Mon, Aug 25, 2008 at 09:01:53AM +0200, Thijs Kinkhorst a écrit :
>
> In the attachment is an example patch which solves the first occurrence. As
> you can see its very simple.
Many thanks, Thijs.
With your example it was much more simple than I thou
Processing commands for [EMAIL PROTECTED]:
> tag 496366 patch
Bug#496366: The possibility of attack with the help of symlinks in some Debian
packages
Tags were: confirmed help
Tags added: patch
> tag 496366 - help
Bug#496366: The possibility of attack with the help of symlinks in some Debian
pa
On Monday 25 August 2008 16:52, Charles Plessy wrote:
> Many thanks, Thijs.
>
> With your example it was much more simple than I thought. I prepared a
> patch that I will forward upstream:
Looks good!
Thijs
pgpzbti7o9DLL.pgp
Description: PGP signature
Package: openchange
Version: 1.0~svn679-1
Severity: serious
Tags: experimental
Heya,
Building your package failed on my buildd:
| Automatic build of openchange_1.0~svn679-1 on moiro by sbuild/mipsel 98-farm
| Build started at 20080825-0823
Guus Sliepen wrote:
> I'm already working on it, and I'm going for option 2. I don't have too much
> free time at the moment, so it might take a few days before I'll upload the
> results.
>
Ok, right.
Almacha
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trou
On 2008-08-24 23:54, Steve Langasek wrote:
> Translations being copyrightable works in their own right, their authors
> should be asked to ratify the GPLv2 license to give us the best chance of
> reusing material; or is there another reason you mention here that he's a
> translator?
Of course, it'
On Sun, Aug 24, 2008 at 22:31:19 +0200, Moritz Muehlenhoff wrote:
> severity 492414 grave
> thanks
>
> On Mon, Jul 28, 2008 at 08:03:35PM +0200, Nicolas Adenis-Lamarre wrote:
> > i can reproduce the bug with 0.4.2
> > the bug dissappear with svn version.
>
> I've updated my Etch workstation to L
Processing commands for [EMAIL PROTECTED]:
> tags 496411 security confirmed patch
Bug#496411: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: security, confirmed, patch
> thanks
Stopping processing here.
Please contact me if you ne
tags 496411 security confirmed patch
thanks
Hi,
Yes, the bug is indeed present. Attached patch fixes it.
Thijs
--- fwb_install.orig 2008-08-25 17:11:20.0 +0200
+++ fwb_install 2008-08-25 17:12:43.0 +0200
@@ -93,9 +93,10 @@
start_agent() {
test -z "$SSH_AUTH_SOCK" && {
-
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> reassign 496541 samba4
Bug#496541: openchange_1.0~svn679-1(experimental/mipsel/moiro): Can't locate
Parse/Yapp/Driver.pm
Bug reassigned from package `openchange' to `samba4'.
>
End
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> fixed 496541 4.0.0~alpha4~20080727-1
Bug#496541: openchange_1.0~svn679-1(experimental/mipsel/moiro): Can't locate
Parse/Yapp/Driver.pm
Bug marked as fixed in version 4.0.0~alpha4~20
Package: reportbug-ng
Version: 1.1
Severity: serious
File: /usr/bin/reportbug-ng
Justification: http://wiki.debian.org/DebianPython/NewPolicy
Hi there,
reportbug-ng installs its private modules in
/usr/share/python-support/reportbug-ng/, which violates the debian python
policy:
"private extensio
tags 496403 confirmed security
thanks
Hi,
I believe there are two occurences in faxspool.in. The first uses faxq-helper
to get a filename, but that filename doesn't seem secure. The second just
directly writes to a file only having a pid as random element. Perhaps an own
spool directory would
On Mon, Aug 25, 2008 at 17:10:25 +0200, Julien Cristau wrote:
> Looking at frame 3:
> #3 0x080f83a5 in StateMainMenu::updateStats (this=0x8872d10)
> at states/StateMainMenu.cpp:700
> 700 v_totalPlayedTime = atoi(pDb->getResult(v_result, 8, 0, 2));
>
> (gdb) p pDb->getResult(v_result, 8
Processing commands for [EMAIL PROTECTED]:
> tags 496403 confirmed security
Bug#496403: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed, security
> thanks
Stopping processing here.
Please contact me if you need assistance
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> tags 496397 confirmed
Bug#496397: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed
>
End of message, stoppi
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.29~bpo40+1
> tags 496397 confirmed
Bug#496397: The possibility of attack with the help of symlinks in some Debian
packages
Tags were: confirmed
Tags added: confirmed
>
End of message, s
Thijs Kinkhorst wrote:
> Hi,
>
>> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
>
> I don't think closing this is the appropriate action. Sure, debug code is not
> top priority. But still, the fix is straghtforward and puts extra protection
> on those running in deb
On Monday 25 August 2008 17:28, Thomas Goirand wrote:
> Second, do you guys think that setting the variable to DEBUG=0 by
> default, then writing a BIG BIG BIG warning next to it in the code is
> enough? Like: "WARNING: high security risk here if you set to DEBUG=1,
> high risk of symlink attack" t
tags 496422 confirmed security
thanks
Hi,
The issue is indeed clearly present in asciiview, for example:
myconvert $name >/tmp/aview$$.pgm
Since it's a shell script this can probably be quite easily addressed by using
the essential 'mktemp' to create the temporary file.
cheers,
Thijs
tags 494648 + pending
thanks
On Sun, Aug 24, 2008 at 11:33:38PM +1000, Sven Dowideit wrote:
> Vincent, and DD's
>
Any reason why not having usual sponsor (Ardo ?) in CC: ? He may be subscribed
to the package and readin us though.
> I've finally placed a new twiki 4.1.2-4 deb at
>
> http://dis
Hi,
> It's still very useful, but I don't have the time to maintain it myself.
> Unless it becomes unusable for some reason I'd like to see it kept.
Well, it now has an RC bug about a temp file issue. No-one has turned up in
two years of orphaning. Should we keep it?
Thijs
pgpiE7dmHFgX5.pgp
Processing commands for [EMAIL PROTECTED]:
> tags 494648 + pending
Bug#494648: The possibility of attack with the help of symlinks in some Debian
packages
Tags were: patch security
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug track
Processing commands for [EMAIL PROTECTED]:
> tags 496422 confirmed security
Bug#496422: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed, security
> thanks
Stopping processing here.
Please contact me if you need assistance
tags 496407 confirmed security
thanks
Hi,
sng_regress indeed uses insecure temp files on several different occasions.
Because it's a shell script, it can probably be fixed in a straightforward
way by using essential 'mktemp'.
I wondered whether a regression testing script should be installed i
Processing commands for [EMAIL PROTECTED]:
> tags 496407 confirmed security
Bug#496407: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: confirmed, security
> thanks
Stopping processing here.
Please contact me if you need assistance
Package: smpeg
Version: 0.4.5+cvs20030824-2.1
Severity: serious
Hi,
your package failed to build from source.
| On Mon, Aug 25, 2008 at 08:16:39AM -0500, [EMAIL PROTECTED] wrote:
| Automatic build of smpeg_0.4.5+cvs20030824-2.1 on hedges by sbuild/arm 98
| Build started at 20080825-0756
I tested the epiphany package from SVN and text is still tiny, at least
in the print preview.
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
signature.asc
Description: This is a digitally signed message part
# Automatically generated email from bts, devscripts version 2.10.35
# versioned closes for binNMUs do not DTRT
reopen 458949
close 458949
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> reassign 496163 libxml2
Bug#496163: AI-written SVG icons cause segfaults?!
Bug reassigned from package `librsvg2-2' to `libxml2'.
> forcemerge 496125 496163
Bug#496125: libxml2: sec
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> # versioned closes for binNMUs do not DTRT
> reopen 458949
Bug#458949: twinkle: Not installable in sid on x86: mising dependances on
libccrtp1-1.5-1 and libcommoncpp2-1.5.3-0
'reope
Your message dated Mon, 25 Aug 2008 18:41:04 +0200
with message-id <[EMAIL PROTECTED]>
and subject line not a bug
has caused the Debian Bug report #496417,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means that you claim that t
Hi Thijs,
On Monday 25 August 2008 17:44, Thijs Kinkhorst wrote:
> Well, it now has an RC bug about a temp file issue.
Which has been filed as part of some badly done mass bug filing...
regards,
Holger
pgpejg1vB1e0v.pgp
Description: PGP signature
On Mon, 25 Aug 2008, Morten Werner Forsbring wrote:
Cfengine2 2.2.8-1 was uploaded to unstable a few days ago, are you able
to test this version as well? Upstream claims that they have been
"fixing an important threading error that has become apparent with the
influx of multicore processors".
Your message dated Mon, 25 Aug 2008 18:48:48 +0200
with message-id <[EMAIL PROTECTED]>
and subject line not a bug
has caused the Debian Bug report #496373,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This means that you claim that t
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> severity 451791 grave
Bug#451791: [965G EXA] Fonts and many other items fail to render legibly
Bug#452268: [965G EXA] all fonts are unreadable
Bug#462921: xserver-xorg-video-intel: e
OoO En ce début d'après-midi ensoleillé du dimanche 24 août 2008, vers
15:33, Sven Dowideit <[EMAIL PROTECTED]> disait :
> I've finally placed a new twiki 4.1.2-4 deb at
> http://distributedinformation.com/TWikiDebian/twiki_4.1.2-4_i386.changes
> I have put the session files into /var/lib/twik
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> forcemerge 451791 496543
Bug#451791: [965G EXA] Fonts and many other items fail to render legibly
Bug#496543: [82G965] fonts not rendered due to EXA bug
Bug#452268: [965G EXA] all fo
Your message dated Mon, 25 Aug 2008 16:32:06 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#490272: fixed in ffmpeg-debian 0.svn20080206-12
has caused the Debian Bug report #490272,
regarding symbol lookup error: ffmpeg: undefined symbol: frame_hook_process
to be marked as done.
T
Does anyone know of any reverse-dependencies that were broken by the
libxml2 update other than strigi and librsvg?
librsvg should certainly be fixed to use the public API for creating
xmlEntity objects... has anyone investigated strigi/qt to see whether it
is guilty of the same crime? :)
--
Sam
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> found 496520 5.3.4-5
Bug#496520: Insecure use of /tmp in sympa scripts
Bug marked as found in version 5.3.4-5.
>
End of message, stopping processing here.
Please contact me if you
d/mips
> 98-farm
> | Build started at 20080825-0354
> |
> **
> | Checking available source versions...
> | Fetching source files...
> | Reading package lists...
> | Building dependency tree...
&
g System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: openchange
Version: 1.0~svn679-1
Severity: serious
Tags: experimental
Heya,
Building your package failed on my buildd:
| Automatic build of openchange_1.0~svn679-1 on moiro by sbuild/mipsel 98-farm
| Build started
Your message dated Mon, 25 Aug 2008 17:02:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494648: fixed in twiki 1:4.1.2-4
has caused the Debian Bug report #494648,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This
Your message dated Mon, 25 Aug 2008 17:17:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#496375: fixed in rkhunter 1.3.2-6
has caused the Debian Bug report #496375,
regarding The possibility of attack with the help of symlinks in some Debian
packages
to be marked as done.
This
Package: gstreamer0.10-plugins-ugly
Version: 0.10.8-1
Severity: serious
Justification: Policy 2.2
The description states at the end: "This packages contains plugins from
the "ugly" set, a set of good-quality plug-ins that might pose
distribution problems.". If this is correct, then the package is
Package: nautilus
Version: 2.20.0-6
Severity: grave
Justification: renders package unusable
Hi, when I click to browse "Home" or whatever there is no response,
desktop icons disappear and no context menu is shown if i click on
desktop. Click on Place's bookmarks has no effect and i try to kill
Processing commands for [EMAIL PROTECTED]:
> package nvi
Ignoring bugs not assigned to: nvi
> tags 496462 = security pending
Bug#496462: nvi: security vulnerability in creation of shared directory in
postinst
Tags were: patch security
Tags set to: security, pending
> thankyou
Stopping processin
On Mon, Aug 25, 2008 at 05:57:33PM +0100, Sam Morris wrote:
> Does anyone know of any reverse-dependencies that were broken by the
> libxml2 update other than strigi and librsvg?
>
> librsvg should certainly be fixed to use the public API for creating
> xmlEntity objects... has anyone investigated
Package: zeroc-ice
Version: 3.3.0-7
Severity: serious
Justification: no longer builds from source
According to buildd.debian.org package zeroc-ice fails to compile on hppa
due to missing POSIX monotonic clocks on libc6. It seems Linux/HPPA still
uses LinuxThreads instead of NPTL.
A possible solut
I'm a bit confused by the statement that kernel-package does not work
with the current set of kernels; I built a 2.6.27-rc4 kernel from
vanilla upstream sources using it over the weekend (on i386) and tend to
build the latest vanilla kernels as they come out on my AMD64 box. I
haven't hit any issue
On 2008-08-09 Andreas Metzler <[EMAIL PROTECTED]> wrote:
> On 2008-08-08 Lucas Nussbaum <[EMAIL PROTECTED]> wrote:
>> Package: gmpc
>> Version: 0.15.5.0-2.1
> [...]
>> Justification: FTBFS on i386
>> During a rebuild of all packages in sid, your package failed to build on
>> i386.
> [...]
>>> cd .
Your message dated Mon, 25 Aug 2008 18:17:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494241: fixed in gmpc 0.15.5.0-2.2
has caused the Debian Bug report #494241,
regarding gmpc: FTBFS: configure.ac:28: error: possibly undefined macro:
AC_PROG_LIBTOOL
to be marked as done.
Chris,
I've just been away on a trip, so didn't upload a fixed package earlier. I'm
doing it now. There is a patch on the lprof-dev list that I pulled and
applied. It's vetted by Hal and is pretty simple, so I used it.
Regards,
Alex.
* Chris Lamb <[EMAIL PROTECTED]> [2008-08-24 16:14:47 +0100]:
Oleksandr Moskalenko wrote:
> I've just been away on a trip, so didn't upload a fixed package earlier.
> I'm doing it now.
Great stuff. Don't forget to ask for a freeze exemption. :)
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> tags 492414 patch
Bug#492414: xmoto segfaults
There were no tags set.
Tags added: patch
>
End of message, stopping processing here.
Please contact me if you need assistance.
Debia
[also posted to oss-security.]
It's unclear if struct xmlEntity (especially its external allocation) is
part of the public API or not.
liferea 1.4.16b has this:
src/xml.c:entity = (xmlEntityPtr)g_new0 (xmlEntity, 1);
PHP 5.2.6 has this:
ext/dom/dom_iterators.c:61:
On Mon, August 25, 2008 18:43, Holger Levsen wrote:
> Hi Thijs,
>
>
> On Monday 25 August 2008 17:44, Thijs Kinkhorst wrote:
>
>> Well, it now has an RC bug about a temp file issue.
>
> Which has been filed as part of some badly done mass bug filing...
I'm aware of that, that's why I first checked
Your message dated Mon, 25 Aug 2008 19:02:13 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#496562: fixed in zeroc-ice 3.3.0-8
has caused the Debian Bug report #496562,
regarding zeroc-ice: FTBFS on hppa
to be marked as done.
This means that you claim that the problem has been dea
Mike Hommey wrote:
> On Mon, Aug 25, 2008 at 05:57:33PM +0100, Sam Morris wrote:
>
>> Does anyone know of any reverse-dependencies that were broken by the
>> libxml2 update other than strigi and librsvg?
>>
>> librsvg should certainly be fixed to use the public API for creating
>> xmlEntity obje
tags 496406 security confirmed patch
thanks
Hi,
Yes, the bug is indeed present. Attached patch fixes it.
Thijs
--- fwb_install.orig 2008-08-25 17:11:20.0 +0200
+++ fwb_install 2008-08-25 17:12:43.0 +0200
@@ -93,9 +93,10 @@
start_agent() {
test -z "$SSH_AUTH_SOCK" && {
-
On Mon, Aug 25, 2008 at 01:36:15PM -0600, Chris Burkhardt wrote:
> Mike Hommey wrote:
> > On Mon, Aug 25, 2008 at 05:57:33PM +0100, Sam Morris wrote:
> >
> >> Does anyone know of any reverse-dependencies that were broken by the
> >> libxml2 update other than strigi and librsvg?
> >>
> >> librsvg
Processing commands for [EMAIL PROTECTED]:
> tags 496406 security confirmed patch
Bug#496406: The possibility of attack with the help of symlinks in some Debian
packages
There were no tags set.
Tags added: security, confirmed, patch
> thanks
Stopping processing here.
Please contact me if you ne
Processing commands for [EMAIL PROTECTED]:
> severity 496411 important
Bug#496411: The possibility of attack with the help of symlinks in some Debian
packages
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracki
Processing commands for [EMAIL PROTECTED]:
> tag 496125 + moreinfo
Bug#496125: libxml2: security fix does double free / segfaults (breaks Gnome
apps)
Tags were: confirmed
Bug#496163: AI-written SVG icons cause segfaults?!
Bug#496178: debian lenny: after upgrade, gdm failed to start
Bug#496190: gn
severity 496411 important
thanks
Hi,
Please ignore that previous patch, I sent it to the wrong bug report.
The issue is present in the mentioned files. As a matter of fact, there are
many more issues, the testset seems to be built around writing things in /tmp
with hardcoded filenames.
This i
Processing commands for [EMAIL PROTECTED]:
> # Mon Aug 25 20:03:30 UTC 2008
> # Tagging as pending bugs that are closed by packages in NEW
> # http://ftp-master.debian.org/new.html
> #
> # Source package in NEW: qemu
> tags 496394 + pending
Bug#496394: The possibility of attack with the help of sy
Package: nautilus
Version: 2.20.0-6
Followup-For: Bug #496558
I can confirm the existance of this problem as exactly the same issue
exists for me.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Ke
Package: gnome-app-install
Version: 0.5.5.1-1
Severity: grave
Justification: renders package unusable
While searching for a package gnome-app-installer hangs with the following
message:
$ gnome-app-install
** (gnome-app-install:10698): WARNING **: return value of custom widget handler
was not a
Hi Thijs!
Just out of curiosity, why bother with temp file and not use:
eval `ssh-agent -s` > /dev/null
? (I haven't checked the actual script, just the patch, so apologies
if I'm missing some important bits.)
--
Tomas Hoger
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject o
Hi Tomas,
On Monday 25 August 2008 22:21, Tomas Hoger wrote:
> Just out of curiosity, why bother with temp file and not use:
>
> eval `ssh-agent -s` > /dev/null
>
> ? (I haven't checked the actual script, just the patch, so apologies
> if I'm missing some important bits.)
Thank you for your co
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> tags 496361 + security
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
Tags were: confirmed
Tags added: security
>
End of message, stopping
On Mon, Aug 25, 2008 at 07:06:41PM +0200, Sebastian Dröge wrote:
> Am Montag, den 25.08.2008, 14:57 +0200 schrieb Frank Lichtenheld:
> Could you get a backtrace of
>
> GST_REGISTRY_FORK="no" gst-codec-info-0.10
> debian/gstreamer0.10-ffmpeg/usr/lib/gstreamer-0.10/libgstffmpeg.so
>
> Best would be
Hello,
Thank you very much for your patch.
It has been added [1] but fwbuilder is currently in NEW (for a new
package).
Torsten or I are going to upload it in unstable when the version -4 will
be processed.
Thanks again,
Sylvestre
[1] https://bollin.googlecode.com/svn/fwbuilder/trunk
> tags 49
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> forwarded 496361 http://www.openoffice.org/issues/show_bug.cgi?id=93119
Bug#496361: The possibility of attack with the help of symlinks in some Debian
packages
Noted your statement
Processing commands for [EMAIL PROTECTED]:
> # Automatically generated email from bts, devscripts version 2.10.35
> fixed 496213 0.4.11~rc1-3
Bug#496213: bzr-svn_0.4.11~rc1-2(ia64/experimental): FTBFS: python2.4 not found
Bug marked as fixed in version 0.4.11~rc1-3.
>
End of message, stopping pro
Processing commands for [EMAIL PROTECTED]:
> reopen 496562
Bug#496562: zeroc-ice: FTBFS on hppa
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Bug reopened, originator not changed.
> thanks
Stopping processing here.
reopen 496562
thanks
Build log for 3.3.0-8 reveals that the bug is not yet fixed.
http://buildd.debian.org/fetch.cgi?pkg=zeroc-ice;ver=3.3.0-8;arch=hppa;stamp=1219692046
F. Moya <[EMAIL PROTECTED]>
101 - 200 of 248 matches
Mail list logo
