Package: auto-multiple-choice
Version: 1.3.0-3
Severity: grave
Tags: patch
Justification: renders package unusable
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu artful ubuntu-patch
Hi Alexis, Georges,
The auto-multiple-choice package is broken in unstable now that perl 5.26
has land
Your message dated Sun, 30 Jul 2017 07:49:50 +
with message-id
and subject line Bug#870040: fixed in eccodes 2.4.0-4
has caused the Debian Bug report #870040,
regarding eccodes FTBFS with cmake 3.9.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this
On Sat, 29 Jul 2017 12:18:48 -0400 gregor herrmann
wrote:
> On Sat, 29 Jul 2017 08:12:28 +0100, Neil Redgate wrote:
>
> > Thank you for your quick reply.
>
> You're welcome.
>
> > I am disappointed to learn that this problem is not fixable but at
> > least I know what the situation is.
>
> "n
Package: linux-headers-amd64
Version: 4.11+83
Severity: grave
Tags: newcomer
Justification: renders package unusable
Dear Maintainer, linux-headers-amd64 depends on 4.11.0-2-amd64, wich depends on
4.11.0-2-common (version =4.11.11-1+b1), but only 4.11.11-1 is available on
Sid. In result, can't ins
On Sun, Jul 23, 2017 at 03:13:21PM +0100, Joe wrote:
> On Sat, 22 Jul 2017 23:14:15 +0200
> Ricardo Mones wrote:
>
> > On Tue, Jul 18, 2017 at 09:22:12PM +0100, Joe wrote:
> > > On Tue, 18 Jul 2017 18:57:24 +0200
> > > Ricardo Mones wrote:
> > [...]
> > > > Does this crash happen when you star
Your message dated Sun, 30 Jul 2017 11:48:57 +
with message-id
and subject line Bug#865577: fixed in cloud-init 0.7.9-2.1
has caused the Debian Bug report #865577,
regarding cloud-init FTBFS: recipe for target 'pep8' failed
to be marked as done.
This means that you claim that the problem has
Your message dated Sun, 30 Jul 2017 12:36:25 +
with message-id
and subject line Bug#867295: fixed in npm2deb 0.2.7-2
has caused the Debian Bug report #867295,
regarding npm2deb: please automatically exclude certain files from
debian/install
to be marked as done.
This means that you claim tha
On Sun, 30 Jul 2017 12:33:36 +0200
Ricardo Mones wrote:
>
> Once you have the debug archive just install claws-mail-dbgsym package
> and repeat the gdb steps and post back the output.
>
Hold everything: I have an old unstable i386 installation on a portable
hard drive. I haven't used it for
Package: graphicsmagick
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for graphicsmagick.
CVE-2017-11636[0]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()
|
Hi Markus,
On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany wrote:
> Package: graphicsmagick
> Severity: grave
> Tags: security
[...]
> the following vulnerabilities were published for graphicsmagick.
Thanks for the heads-up - all of these are in the tracker since 26th
of July, committed by Salv
Hi László,
Am 30.07.2017 um 16:30 schrieb László Böszörményi (GCS):
> Hi Markus,
>
> On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany wrote:
>> Package: graphicsmagick
>> Severity: grave
>> Tags: security
> [...]
>> the following vulnerabilities were published for graphicsmagick.
> Thanks for t
close 869250 1.1.3-1
thanks
Processing commands for cont...@bugs.debian.org:
> close 869250 1.1.3-1
Bug #869250 {Done: tony mancill } [src:dnssecjava]
dnssecjava FTBFS: Execution default-bundle of goal
org.apache.felix:maven-bundle-plugin:2.5.4:bundle failed: An API
incompatibility was encountered
Marked as fixed in versi
On Sun, 30 Jul 2017 09:09:16 +0100, Neil Redgate wrote:
> Thank you for your calm and considered reply.
You're welcome!
> Please accept my apologies for the tone of my message - I hadn't
> realised how much my frustration was exhibited at the situation
> I did not look forward to having to find
Processing commands for cont...@bugs.debian.org:
> # unconfuse the bts, was this a transient error?
> notfixed 869250 1.1.3-1
Bug #869250 {Done: tony mancill } [src:dnssecjava]
dnssecjava FTBFS: Execution default-bundle of goal
org.apache.felix:maven-bundle-plugin:2.5.4:bundle failed: An API
in
Processing commands for cont...@bugs.debian.org:
> reassign 869159 syslog-ng-mod-getent 3.10.1-2
Bug #869159 {Done: SZALAY Attila }
[syslog-ng-mod-basicfuncs-plus,syslog-ng-mod-getent] syslog-ng-mod-getent and
syslog-ng-mod-basicfuncs-plus: error when trying to install together
Bug reassigned fr
Your message dated Sun, 30 Jul 2017 17:38:52 +0200
with message-id <20170730153852.dnszyjrar6qo4ykg@curuxu>
and subject line Re: Bug#868700: claws-mail: Segfaults when selected from
application menu or command line
has caused the Debian Bug report #868700,
regarding claws-mail: Segfaults when sele
Processing commands for cont...@bugs.debian.org:
> tags 870149 + upstream
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you
tag 867653 pending
thanks
Hello,
Bug #867653 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-license-finder.git/commit/?id=42ddb7b
---
commit 42ddb7b956e12c
Processing commands for cont...@bugs.debian.org:
> tag 867653 pending
Bug #867653 [src:ruby-license-finder] ruby-license-finder: FTBFS: ERROR: Test
"ruby2.3" failed:
/etc/ssl/certs/T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5.pem (No
such file or directory)
Added tag(s) pending.
> thank
Processing commands for cont...@bugs.debian.org:
> found 870149 1.3.26-3
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722
Marked as found in versions graphicsmagick/1.3.26-3.
> thanks
Stopping processing he
Your message dated Sun, 30 Jul 2017 15:50:54 +
with message-id
and subject line Bug#867653: fixed in ruby-license-finder 2.1.2-2
has caused the Debian Bug report #867653,
regarding ruby-license-finder: FTBFS: ERROR: Test "ruby2.3" failed:
/etc/ssl/certs/T?RKTRUST_Elektronik_Sertifika_Hizmet_S
Processing commands for cont...@bugs.debian.org:
> # better to split up the bug in individual CVEs since affected versions are
> not same
> clone 870149 -1 -2 -3 -4 -5 -6
Bug #870149 [graphicsmagick] CVE-2017-11636, CVE-2017-11637, CVE-2017-11638,
CVE-2017-11641, CVE-2017-11642, CVE-2017-11643,
I tried to reinstall the following packages:
libreoffice-java-common (1:5.2.7-1)
openjdk-8-jre (8u141-b15-1~deb9u1)
openjdk-8-jre-headless (8u141-b15-1~deb9u1)
But nothing, it does not work :-(
I had to disable the "Use a Java Runtime Environment" option to run
LibreOffice Writer
LibreOffice >
Processing commands for cont...@bugs.debian.org:
> close 869278
Bug #869278 [src:jaxrs-api] jaxrs-api FTBFS: java.lang.NoSuchMethodError:
org.apache.maven.archiver.MavenArchiver.getManifest
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
869278
Processing commands for cont...@bugs.debian.org:
> close 869279
Bug #869279 [src:hdrhistogram] hdrhistogram FTBFS: java.lang.NoSuchMethodError:
org.apache.maven.archiver.MavenArchiver.getManifest
Marked Bug as done
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
Package: nikola
Version: 7.1.0-1
Severity: grave
Justification: renders package unusable
When running nikola I get the following message:
ERROR: You are using doit version 0.28.0, it is too new! This application
requires version <= 0.27.
Thus, nikola seems to currently be unusable.
Thanks!
ch
Your message dated Sun, 30 Jul 2017 17:34:09 +
with message-id
and subject line Bug#847495: fixed in bzr 2.7.0+bzr6622-4
has caused the Debian Bug report #847495,
regarding bzr-doc: broken symlink /usr/share/doc/16.png
to be marked as done.
This means that you claim that the problem has been
Source: wolfssl
Version: 3.10.2+dfsg-2
Severity: grave
Tags: upstream security fixed-upstream
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-8855[0]:
| wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a
| malformed DH key.
If you fix the vulnerability please
Processing commands for cont...@bugs.debian.org:
> clone 849875 -1
Bug #849875 [wpasupplicant] broadcom-sta-dkms: Wifi association took too long,
failing activation
Bug 849875 cloned as bug 870171
> reassign -1 network-manager
Bug #870171 [wpasupplicant] broadcom-sta-dkms: Wifi association took t
clone 849875 -1
reassign -1 network-manager
retitle -1 WPA usage error: Invalid passphrase character
thanks
On Sat, Jul 01, 2017 at 11:32:28PM +0200, Francesco Poli wrote:
> Dear Debian wpasupplicant Maintainers,
> I noticed that these 3 RC bugs (#849122, #849077, #849875) are marked
> as found in
Processing commands for cont...@bugs.debian.org:
> tags 869615 + sid buster
Bug #869615 [mitmproxy] mitmproxy: uninstallable in unstable (Depends:
python-hyperframe (< 5) but 5.1.0-1 is to be installed)
Added tag(s) buster and sid.
> tags 869126 + sid buster
Bug #869126 {Done: Sascha Steinbiss }
Source: libsass
Version: 3.4.3-1
Severity: grave
Tags: security
Hi,
the following vulnerability was published for libass.
CVE-2017-11605[0]:
| There is a heap based buffer over-read in LibSass 3.4.5, related to
| address 0xb4803ea1. A crafted input will lead to a remote denial of
| service attac
Processing commands for cont...@bugs.debian.org:
> tag 868537 pending
Bug #868537 [src:abiword] File conflict between abiword-dbgsym and
abiword-plugin-grammar-dbgsym
Added tag(s) pending.
> --
Stopping processing here.
Please contact me if you need assistance.
--
868537: https://bugs.debian.or
tag 868537 pending
--
We believe that the bug #868537 you reported has been fixed in the Git
repository. You can see the commit message below and/or inspect the
commit contents at:
http://anonscm.debian.org/cgit/collab-maint/abiword.git/diff/?id=38aa412
(This message was generated automatica
Processing commands for cont...@bugs.debian.org:
> severity 870184 important
Bug #870184 [src:libsass] libsass: CVE-2017-11605
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
870184: https://bugs.debian.org/cgi-bin/bugrepor
Source: supervisor
Version: 3.0r1-1
Severity: grave
Tags: upstream security patch
Forwarded: https://github.com/Supervisor/supervisor/issues/964
Hi,
the following vulnerability was published for supervisor.
CVE-2017-11610[0]:
Command injection via malicious XML-RPC request
If you fix the vulner
Package: supervisor
X-Debbugs-CC: t...@security.debian.org
secure-testing-t...@lists.alioth.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerability was published for supervisor.
CVE-2017-11610[0]:
Authenticated RCE
This issue was fixed by upstream in version 3.3.3.
If you fi
I should add: I have choosen severity grave due to the potential of
code execution as root if the service is enabled. Am I right that in
*any* version present in Debian the web interface is started?
If so we might lower the severity.
Regards,
Salvatore
On Sun, Jul 30, 2017 at 10:07:42PM +0200, Salvatore Bonaccorso wrote:
> I should add: I have choosen severity grave due to the potential of
> code execution as root if the service is enabled. Am I right that in
> *any* version present in Debian the web interface is started?
>
> If so we might lowe
Processing commands for cont...@bugs.debian.org:
> forcemerge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Unable to merge bugs because:
package of #870188 is 'supervisor' not 'src:supervisor'
Failed to forcibly merge 87018
Control: merge 870187 870188
signature.asc
Description: OpenPGP digital signature
Processing commands for cont...@bugs.debian.org:
> reassign 870188 src:supervisor
Bug #870188 [supervisor] CVE-2017-11610
Bug reassigned from package 'supervisor' to 'src:supervisor'.
Ignoring request to alter found versions of bug #870188 to the same values
previously set
Ignoring request to alt
Processing control commands:
> merge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Unable to merge bugs because:
forwarded of #870188 is '' not
'https://github.com/Supervisor/supervisor/issues/964'
package of #870188 is 'su
Processing commands for cont...@bugs.debian.org:
> forcemerge 870187 870188
Bug #870187 [src:supervisor] supervisor: CVE-2017-11610: Command injection via
malicious XML-RPC request
Bug #870188 [src:supervisor] CVE-2017-11610
Bug #870188 [src:supervisor] CVE-2017-11610
Merged 870187 870188
> thank
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870156: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870156,
regarding graphicsmagick: CVE-2017-11642
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870149: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870149,
regarding graphicsmagick: CVE-2017-11636
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870155: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870155,
regarding graphicsmagick: CVE-2017-11641
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870157: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870157,
regarding graphicsmagick: CVE-2017-11643
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870154: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870154,
regarding graphicsmagick: CVE-2017-11638
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870158: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870158,
regarding graphicsmagick: CVE-2017-11722
to be marked as done.
This means that you claim that the problem has been dealt with.
Your message dated Sun, 30 Jul 2017 21:04:22 +
with message-id
and subject line Bug#870153: fixed in graphicsmagick 1.3.26-4
has caused the Debian Bug report #870153,
regarding graphicsmagick: CVE-2017-11637
to be marked as done.
This means that you claim that the problem has been dealt with.
Processing commands for cont...@bugs.debian.org:
> fixed 868966 2.7.0+bzr6622-4
Bug #868966 [src:bzr] bzr: FTBFS: Test failures
Marked as fixed in versions bzr/2.7.0+bzr6622-4.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
868966: https://bugs.debian.org/cgi-bin
Processing control commands:
> tags 790201 + patch
Bug #790201 [src:geany-plugins] geany-plugins: depends on libwebkitgtk-1.0-0
which is deprecated
Added tag(s) patch.
> tags 790201 + pending
Bug #790201 [src:geany-plugins] geany-plugins: depends on libwebkitgtk-1.0-0
which is deprecated
Added t
Control: tags 790201 + patch
Control: tags 790201 + pending
Dear maintainer,
I've prepared an NMU for geany-plugins (versioned as 1.31+dfsg-1.1) and
uploaded it to DELAYED/14.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had be
Processing commands for cont...@bugs.debian.org:
> severity 651313 serious
Bug #651313 [desktopnova-module-gnome] desktopnova-module-gnome: desktopnova
seems to be not compatible with Gnome 3
Severity set to 'serious' from 'important'
> thanks
Stopping processing here.
Please contact me if you n
On Wed, Jul 26, 2017 at 05:18:57AM -0400, Thomas Dickey wrote:
> On Tue, Jul 25, 2017 at 01:19:16PM +0300, Alexander V. Lukyanov wrote:
> > On Tue, Jul 25, 2017 at 04:55:54AM -0400, Thomas Dickey wrote:
> > > > > e) fix a different fail-to-build with the opaque TERMTYPE
> > > >
> > > > I don't see
Source: dune-grid
Version: 2.5.1-1
Severity: serious
https://buildd.debian.org/status/fetch.php?pkg=dune-grid&arch=mips&ver=2.5.1-1&stamp=1500401835&raw=0
...
Start 31: test-ug
31/60 Test #31: test-ug
...***Timeout 300.02 sec
Testing UGGrid<2> an
Processing commands for cont...@bugs.debian.org:
> severity 869900 serious
Bug #869900 [src:lua-event] lua-event: FTBFS with libevent 2.1.x
Severity set to 'serious' from 'important'
> severity 869902 serious
Bug #869902 [src:watchcatd] watchcatd: FTBFS with libevent 2.1.x
Severity set to 'serious
Package: light-locker
Version: 1.7.0-3
Severity: serious
Justification: breaks unrelated software
Dear Maintainer,
On my system, 'light-locker-command --lock' returns 0 without doing
anything. I presume that is because there no 'light-locker' process is
running (due to #858445). In case it's re
Package: Mudlet
Version: 1:3.2.0-1
Severity: grave
--- Please enter the report below this line. ---
ADVISORY FROM UPSTREAM:
A defect present in the Mudlet Version currently included in "Testing"
and "Unstable" causes user created content
("Triggers"/"Aliases"/"Buttons"/"Keys"/"Scripts") to be los
Source: mate-panel
Version: 1.18.4-1
Severity: serious
https://buildd.debian.org/status/package.php?p=mate-panel&suite=sid
...
Making all in data
make[3]: Entering directory '/<>/data'
glib-mkenums --comments '' --fhead "" --vhead "
<@type@ id='org.mate.panel.@EnumName@'>" --vprod "" --vtai
On Sat, Jul 29, 2017 at 03:53:28PM -0400, Paul Gevers wrote:
Hi,
Hello Paul,
On 29-07-17 10:15, Debian Bug Tracking System wrote:
The maintainer address for chrony bounces, see below.
Indeed, that seems to happen from time to time. Sadly, my provider
remains silent about these issues.
I’m
Processing commands for cont...@bugs.debian.org:
> tags 870075 buster
Bug #870075 [src:pdf-presenter-console] src:pdf-presenter-console: maintainer
address bounces
Added tag(s) buster.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
870075: https://bugs.debian.or
Source: pajeng
Version: 1.3.4-2
Severity: serious
Tags: buster sid
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/pajeng.html
...
Start 12: pj_validate_simu-mardi
1/12 Test #4: pj_dump_native_paje ..***Failed0.10 sec
Unescaped left brace in regex is ill
Your message dated Mon, 31 Jul 2017 00:33:53 +
with message-id
and subject line Bug#869592: fixed in forked-daapd 25.0-1
has caused the Debian Bug report #869592,
regarding forked-daapd FTBFS: error: conflicting types for 'dmap_find_field'
to be marked as done.
This means that you claim that
Package: libmaven-plugin-testing-1.3-java
Version: 1.3-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it trie
Package: wixl-data
Version: 0.96-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite other p
Package: manpages-dev
Version: 4.12-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'buster' fails
because it tries to overwrite othe
Package: physamp
Version: 1.0.2-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package fails to upgrade from
'stretch'.
It installed fine in 'stretch', then the upgrade to 'sid' fails
because it tries to overwrite other packa
Processing commands for cont...@bugs.debian.org:
> # thanks to LTS triage for older versions triaging
> found 870157 1.3.20-3
Bug #870157 {Done: Laszlo Boszormenyi (GCS) } [graphicsmagick]
graphicsmagick: CVE-2017-11643
Marked as found in versions graphicsmagick/1.3.20-3.
> found 870156 1.3.20-3
Source: flex
Version: 2.6.1-1.3
Severity: serious
User: helm...@debian.org
Usertags: rebootstrap
flex fails to build from source in unstable amd64.
| dh_install
| dh_install: Cannot find (any matches for) "debian/tmp/include" (tried in .,
debian/tmp)
|
| dh_install: libfl-dev missing files: deb
Source: smplayer
Version: 17.7.0~ds0-1
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
smplayer includes code in src/basegui.cpp to download and (I guess)
execute javascript code for parsing youtube paths. The download URL is
http:
Processing commands for cont...@bugs.debian.org:
> found 870233 16.11.0~ds0-1
Bug #870233 [src:smplayer] smplayer: executes javascript code downloaded from
insecure URL
Marked as found in versions smplayer/16.11.0~ds0-1.
> thanks
Stopping processing here.
Please contact me if you need assistance
74 matches
Mail list logo
