Control: retitle -1 TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection
in TYPO3 Core (CVE-2013-1842, CVE-2013-1843)
Hi
Only for reference, CVE's where assigned to it now:
CVE-2013-1842 for Typo3 Extbase Framework SQL Injection
Processing control commands:
> retitle -1 TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in
> TYPO3 Core (CVE-2013-1842, CVE-2013-1843)
Bug #702574 {Done: "Adam D. Barratt" } [typo3-src]
TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 Core
Bug #702669 {Done: "Adam
On 09/03/13 at 14:01 +0100, Salvatore Bonaccorso wrote:
> Control: tags -1 + patch
>
> Hi
>
> Attached is a proposed debdiff, based also on the changes done for
> ruby1.9.1. But there is one thing which might be sorted out first:
>
> The binary debdiff shows:
>
> cut-cut-cut
Your message dated Tue, 12 Mar 2013 08:47:53 +
with message-id
and subject line Bug#702526: fixed in ruby1.8 1.8.7.358-7
has caused the Debian Bug report #702526,
regarding ruby1.8: CVE-2013-1821: entity expansion DoS vulnerability in REXML
to be marked as done.
This means that you claim that
-=| Salvatore Bonaccorso, 10.03.2013 22:14:30 +0100 |=-
> Source: firebird2.5
> Severity: grave
> Tags: security
>
> Hi
>
> the following vulnerability was published for firebird2.5.
>
> CVE-2013-2492[0]:
> Request Processing Buffer Overflow Vulnerability
>
> If you fix the vulnerability please
Your message dated Tue, 12 Mar 2013 09:02:28 +
with message-id
and subject line Bug#699848: fixed in sks 1.1.3-2
has caused the Debian Bug report #699848,
regarding sks: sks_build.sh hangs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the
(not a duplicate, firebird has two versions in squeeze)
-=| Salvatore Bonaccorso, 10.03.2013 22:13:22 +0100 |=-
> Source: firebird2.1
> Severity: grave
> Tags: security
>
> Hi
>
> the following vulnerability was published for firebird2.1.
>
> CVE-2013-2492[0]:
> Request Processing Buffer Overfl
On Tue, Mar 12, 2013 at 10:49:00AM +0200, Damyan Ivanov wrote:
> -=| Salvatore Bonaccorso, 10.03.2013 22:14:30 +0100 |=-
> > Source: firebird2.5
> > Severity: grave
> > Tags: security
> >
> > Hi
> >
> > the following vulnerability was published for firebird2.5.
> >
> > CVE-2013-2492[0]:
> > Requ
-=| Moritz Muehlenhoff, 12.03.2013 10:36:30 +0100 |=-
> Please upload to security-master. The package needs to be build with
> "-sa", since firebird is new in stable-security.
Done.
> Is there a reason why firebird2.1 is still present in Wheezy in
> addition to 2.5? Both were present in squeeze,
Package: php5-radius
Version: 1.2.5-2.2
Severity: grave
On a 64 bit wheezy system, the radius module immediately segfaults
when attempting Radius authentication. The following minimal testcase
reproduces the problem:
thijs@solrock:~$ cat radtest.php
On Sat, Mar 09, 2013 at 07:37:32AM +0100, Salvatore Bonaccorso wrote:
> tags 702525 + pending
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for ruby1.9.1 (versioned as 1.9.3.194-8.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
Hello Salvato
Hi Carlos,
Worked for me as per your test.
Many Thanks
Chris
--
Chris Lewis
Systems Administrator
Inview Technology Ltd.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Mon, March 11, 2013 21:47, Niko Tyni wrote:
> Cc'ing the security team. Once we have a fix, I suppose we'll need to
> fix libapache2-mod-perl2 via stable-security?
Yes please.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe".
IMHO, this is one of those changes that should be noted in NEWS.Debian.gz
Automatically changing a configuration is IMHO not a good idea
especially as configuration statements can be quite complex and also
because there are these people who maintain their configurations in a
repository...
Greets,
Package: pulseaudio
Version: 2.0-6
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
after installing kde-telepathy, amarok went silent.
so kde-telepathy uses gstreamer, and it installed pulseaudio as a dependence
then no audio could be heard (I suppose mplayer would st
Package: openssl
Version: 1.0.1c-4
Severity: serious
Hello,
I had some curious problems on commiting data at my subversion repository, where
the server (apache with libapache2-svn) is also the client (I am working on this
server).
Here are some snippets of my history which will show you the prob
Hi,
> On a 64 bit wheezy system, the radius module immediately segfaults
> when attempting Radius authentication.
I found the issue. In radius-1.2.5/radius.c
PHP_FUNCTION(radius_create_request), 'code' is declared an int, but
zend_parse_parameters is passed "rl", asking to parse the parameter i
found #702888 1.0.1e-1
notfound #702888 1.0.1c-4
thanks
Am 12.03.2013 15:36, schrieb Patrick Matthäi:
Package: openssl
Version: 1.0.1c-4
Severity: serious
Whops reported against the working version ;-)
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Develo
Processing commands for cont...@bugs.debian.org:
> found #702888 1.0.1e-1
Bug #702888 [openssl] openssl 1.0.1e-1 upgrade breaks subversion client/server
Marked as found in versions openssl/1.0.1e-1.
> notfound #702888 1.0.1c-4
Bug #702888 [openssl] openssl 1.0.1e-1 upgrade breaks subversion client
Your message dated Tue, 12 Mar 2013 15:02:36 +
with message-id
and subject line Bug#702872: fixed in php-radius 1.2.5-2.3
has caused the Debian Bug report #702872,
regarding Segfaults immediately on attempting a radius connection
to be marked as done.
This means that you claim that the proble
Package: afpfs-ng
Version: 0.8.1-5
Severity: critical
Tags: security
Justification: user-controllable pointer value
Usertags: goto-cc
When typechecking the linked binary using our research compiler infrastructure
it became apparent that various calls to remove_opened_fork pass a struct (of
type st
To the release team (and Prach):
Dear release team,
Prach Pongpanich in the mentors list is trying to fix #701134.
He is removing the Pre-Depends which was added for the
release of Squeeze, because of #605867, which I filled, but
can't remember what it was about. The bug repor
Processing commands for cont...@bugs.debian.org:
> close 682218 4.6.4-6
Bug #682218 [strongswan-ikev2] charon: leftfirewall=yes broken
Marked as fixed in versions strongswan/4.6.4-6.
Bug #682218 [strongswan-ikev2] charon: leftfirewall=yes broken
Marked Bug as done
> thanks
Stopping processing here
close 682218 4.6.4-6
thanks
Hi,
Root privileges drop has been reverted in 4.6.4-6
Closing this bug report then
Cheers
Laurent Bigonville
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Your message dated Tue, 12 Mar 2013 16:32:48 +
with message-id
and subject line Bug#702801: fixed in cp2k 2.2.426-7
has caused the Debian Bug report #702801,
regarding cp2k: dependence of DFTB-results on the input-sequence of heavy atoms
to be marked as done.
This means that you claim that th
Processing control commands:
> tag -1 + patch
Bug #702790 [service-wrapper-java] FTBFS: local changes detected
Added tag(s) patch.
--
702790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email
Control: tag -1 + patch
On Mon, 11 Mar 2013 17:59:53 -0700, tony mancill wrote:
> > I think I found something -- the .orig.tar.gt contain a .pc directory
> > with debian-changes-3.5.3-1. D'oh.
> Yop, that's a mess - sorry about that. Trying to prevent the upstream
> source from modifying itself
Your message dated Tue, 12 Mar 2013 16:47:49 +
with message-id
and subject line Bug#702436: fixed in graphviz 2.26.3-14
has caused the Debian Bug report #702436,
regarding Ships and uses an ancient version of libtool
to be marked as done.
This means that you claim that the problem has been de
On Tue, Mar 12, 2013 at 03:36:22PM +0100, Patrick Matthäi wrote:
> Package: openssl
> Version: 1.0.1c-4
> Severity: serious
>
> Hello,
>
> I had some curious problems on commiting data at my subversion repository,
> where
> the server (apache with libapache2-svn) is also the client (I am working
On Mon, 11 Mar 2013 22:15:44 +0100, Andreas Beckmann wrote:
> On 2013-03-11 21:23, gregor herrmann wrote:
> > Or maybe we should ask Andreas with his piuparts hat on for a review
> > :)
> That would be very easy if you upload the binary packages (for amd64)
> somewhere and add a Packages file.
Th
Processing commands for cont...@bugs.debian.org:
> # there is no python3.2 in squeeze
> tags 700996 + wheezy sid
Bug #700996 {Done: Matthias Klose } [python3-bsddb3]
python3-bsddb3: directory vs. symlink conflict: /usr/include/python3.2
Added tag(s) sid and wheezy.
> thanks
Stopping processing he
Your message dated Tue, 12 Mar 2013 17:02:38 +
with message-id
and subject line Bug#683075: fixed in spatialite 3.0.0~beta20110817-3+deb7u1
has caused the Debian Bug report #683075,
regarding spatialite: FTBFS: configure: error: 'libgeos_c' is required but it
doesn't seems to be installed on
Your message dated Tue, 12 Mar 2013 17:02:38 +
with message-id
and subject line Bug#683075: fixed in spatialite 3.0.0~beta20110817-3+deb7u1
has caused the Debian Bug report #683075,
regarding spatialite in wheezy FTBFS
to be marked as done.
This means that you claim that the problem has been
On 09.03.2013 20:27, Laszlo Boszormenyi (GCS) wrote:
> On Wed, 2013-03-06 at 22:31 +0100, Michael Biebl wrote:
>> I think something like this should do:
>> if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt "3.3.5-3"; then
>> ..
>> fi
> Done.
>
> On Thu, 2013-03-07 at 15:53 +0100, Gergely
Processing commands for cont...@bugs.debian.org:
> tags 702646 + pending
Bug #702646 [cil] FTBFS: Can't locate File/Slurp.pm
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702646: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702646
Debia
On 2013-03-12 17:57, gregor herrmann wrote:
> http://people.debian.org/~gregoa/ocsinventory-server/
> contains (hopefully) everything.
looks like apt (at least some versions) needs a Packages.gz ... and only
accepts a Packages for file:// URLs ... anyway, just downloaded the two
.debs and put them
Processing commands for cont...@bugs.debian.org:
> tags 698068 pending
Bug #698068 [mysql-server-5.5] mysql-server-5.5: Serious regression in
replication caused by fix for CVE-2012-4414
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
698068:
Package: adequate
Version: 0.4.3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package failed to install,
remove (but not purge), and install again.
Before the second installation the package is in config-files-remaining
state
Package: almanah
Version: 0.9.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
Dear Maintainer,
GApplication doesn't use "quit_mainloop" event since GIO 2.32[1], so Almanah
doesn't encrypt the database[2] when the user close the application.
Cheers,
-- System Informa
On 2013-03-07 20:04 +0100, Sven Joachim wrote:
> Package: gawk
> Version: 1:4.0.1+dfsg-2
> Severity: serious
>
> The Debian changelog for this version mentions:
>
> ,
> | -Change Pre-Depends to Depends (OK now that base-files Pre-Depends: awk)
> `
>
> This is not correct and needs to be re
Processing commands for cont...@bugs.debian.org:
> forwarded 702905 https://bugzilla.gnome.org/show_bug.cgi?id=695117
Bug #702905 [almanah] almanah: Almanah doesn't encrypt the database
Set Bug forwarded-to-address to
'https://bugzilla.gnome.org/show_bug.cgi?id=695117'.
> tags 702905 +fixed-upstr
Hi,
On Dienstag, 12. März 2013, Andreas Beckmann wrote:
> Package: adequate
> during a test with piuparts I noticed your package failed to install,
> remove (but not purge), and install again.
[...]
> Do you install some apt hook conffile that does in-adequately check whether
> adequate is actuall
On Tue, 2013-03-12 at 23:28 +0800, Thomas Goirand wrote:
> Prach Pongpanich in the mentors list is trying to fix #701134.
> He is removing the Pre-Depends which was added for the
> release of Squeeze, because of #605867, which I filled, but
> can't remember what it was about. The bug report says:
>
Hi,
i plan to upload a fixed tinyca package before the weekend.
Cheers,
Martin
--
Martin Zobel-Helas Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B1
Control: tag -1 + confirmed help
* Andreas Beckmann , 2013-03-12, 20:25:
Do you install some apt hook conffile that does in-adequately check
whether adequate is actually installed?
In fact it does no checking at all:
DPkg::Pre-Install-Pkgs {"adequate --user nobody --apt-preinst";};
DPkg::Post
Processing control commands:
> tag -1 + confirmed help
Bug #702904 [adequate] adequate: fails to install, remove, and install again
Added tag(s) confirmed and help.
--
702904: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702904
Debian Bug Tracking System
Contact ow...@bugs.debian.org with pr
On Tue, 12 Mar 2013 19:57:23 +0100, Andreas Beckmann wrote:
> On 2013-03-12 17:57, gregor herrmann wrote:
> > http://people.debian.org/~gregoa/ocsinventory-server/
> looks like apt (at least some versions) needs a Packages.gz ... and only
> accepts a Packages for file:// URLs ... anyway, just down
Your message dated Tue, 12 Mar 2013 20:32:31 +
with message-id
and subject line Bug#702905: fixed in almanah 0.9.1-1
has caused the Debian Bug report #702905,
regarding almanah: Almanah doesn't encrypt the database
to be marked as done.
This means that you claim that the problem has been deal
Your message dated Tue, 12 Mar 2013 20:32:54 +
with message-id
and subject line Bug#702821: fixed in libapache2-mod-perl2 2.0.7-3
has caused the Debian Bug report #702821,
regarding libapache2-mod-perl2: FTBFS: the CVE-2013-1667 fix breaks
t/perl/hash_attack.t
to be marked as done.
This mean
Your message dated Tue, 12 Mar 2013 20:32:37 +
with message-id
and subject line Bug#702905: fixed in almanah 0.10.1-1
has caused the Debian Bug report #702905,
regarding almanah: Almanah doesn't encrypt the database
to be marked as done.
This means that you claim that the problem has been dea
Dear all,
Thanks for the time you've dedicated to this package. I have
included the proposed patch in the next maintainer upload,
for which I've contacted my original sponsor. I have
acknowledged both the original reporter and the patch
submitter in the new changelog.
I am sorry for this huge FTB
Processing commands for cont...@bugs.debian.org:
> tags 702071 + moreinfo
Bug #702071 [poppler] CVE-2013-1788, CVE-2013-1789 and CVE-2013-1790
Added tag(s) moreinfo.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702071: http://bugs.debian.org/cgi-bin/bugreport.c
Package: akonadi-server
Version: 1.7.2-2
Severity: grave
Justification: renders package unusable
Dear Maintainer,
Akonadi does not start, so I cant use any kdepim app.
First it did not install mysql-server allthough it was configured to use mysql.
I can not select sqlite allthough it is instal
tag 702821 + pending
thanks
Some bugs in the libapache2-mod-perl2 package are closed in revision
c71d0917fc72cc5bb1f0c017c917be80e5206e0f in branch '
dom/squeeze-702821' by Dominic Hargreaves
The full diff can be seen at
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libapache2-mod-perl2.
Processing commands for cont...@bugs.debian.org:
> tag 702821 + pending
Bug #702821 {Done: Dominic Hargreaves } [libapache2-mod-perl2]
libapache2-mod-perl2: FTBFS: the CVE-2013-1667 fix breaks t/perl/hash_attack.t
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you
Hello,
When trying to fix this issue in Debian stable, I found that the
patch at
http://svn.apache.org/viewvc?view=revision&revision=1455340
does not stop the test failing when applied to 2.0.4 (as currently
found in Debian stable) and built against the current perl package
in Debian stable (5.1
Hi,
Alle mercoledì 13 marzo 2013, Hendrik Naumann ha scritto:
> First it did not install mysql-server allthough it was configured to
> use mysql. I can not select sqlite allthough it is installed.
So you had akonadi manually configured to use sqlite3?
> So I installed mysql-server but I get the
Processing commands for cont...@bugs.debian.org:
> tag 702919 moreinfo
Bug #702919 [akonadi-server] akonadi-server: akonadi fails to start after
upgrade from squeeze
Added tag(s) moreinfo.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
702919: http://bugs.debian
Hu?
What kind of ODBC operation were you doing?
What do you call "non-JET3 compressed data"? Jet4 databases are UCS2 encoded
while Jet3 use a local charset. How is compression involved there?
Do you have an exemple database?
signature.asc
Description: This is a digitally signed message part.
Your message dated Wed, 13 Mar 2013 00:17:58 +
with message-id
and subject line Bug#702296: fixed in perl 5.16.3-1
has caused the Debian Bug report #702296,
regarding perl: CVE-2013-1667: rehashing flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If t
Package: gedit
Version: 3.4.2-1
Severity: critical
Tags: d-i
Justification: causes serious data loss
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
gedit not save unsaved document even with autosave option on 1 minute
*
On 02/14/2013 08:42 PM, Josselin Mouette wrote:
...
> Just poke me when you’re done and I’ll add a Breaks in libgconf2-4
> against unfixed versions.
Hi Josselin,
The cloned bug, #702138 has been fixed.
Cheers,
Balint
Package: mount
Version: 2.20.1-5.3
Severity: serious
Justification: breaks handling of network-based filesystems on shutdown
The use of a symlink for /etc/mtab in wheezy means that 'mount -f' no longer
works. As a consequence, extra mount options that libmount *should* record
in /run/mount/utab a
On 03/13/2013 04:12 AM, Adam D. Barratt wrote:
> On Tue, 2013-03-12 at 23:28 +0800, Thomas Goirand wrote:
>> Prach Pongpanich in the mentors list is trying to fix #701134.
>> He is removing the Pre-Depends which was added for the
>> release of Squeeze, because of #605867, which I filled, but
>> can
64 matches
Mail list logo
