Aidas Kasparas wrote:
> Please find bellow a patch which check EOF condition instead of no
> input. Without fix for this bug package is virtually not useable (I
> experienced mysterious attachment cuts, so I can not relay on it at it's
> present form :-( Please consider importance of this bug as "s
Adeodato Simó wrote:
> severity 325254 serious
> reassign 325254 kdegraphics,security.debian.org
> retitle 325254 kdegraphics 3.3.2-2sarge1/powerpc uninstallable because of
> dependency on kdelibs4 (>= 4:3.3.2-6.2)
> notfound 325254 4:3.3.2-2
> found 325254 4:3.3.2-2sarge1
> thanks
>
> * Jochen A
Max Vozeler wrote:
> Short description:
> lockmail.maildrop (setgid mail) lets the user specify a program and
> execvp()s it, but does not drop egid mail privilege before doing so.
> This opens a trivial privilege escalation (see "poc") to group mail.
Thanks a lot for the report. This is CAN-200
Andres Salomon wrote:
> On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote:
> > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote:
> >
> > > Thanks a lot for the report. This is CAN-2005-2655.
> > >
> > > > The bug affects 1.5.3-1
Andres Salomon wrote:
> On Sun, 2005-08-28 at 10:22 +0100, Steve Kemp wrote:
> > On Sat, Aug 27, 2005 at 07:03:55PM -0400, Andres Salomon wrote:
> >
> > > > Certainly. Once the advisory is out I can make an upload if Joy
> > > > hasn't already made one.
> > > >
> > >
> > > I can also do an u
Florian Weimer wrote:
> As far as I understand it, from the perspective of the security team,
> it is not clear if the upstream change breaks existing user
> configurations. Users might rely on the current behavior and use it
> to deliberately weaken the filter policy. This is a reasonable
> ques
Florian Weimer wrote:
> * Martin Schulze:
>
> > So a summary would be to leave the package as it is in sarge, right?
>
> Based on the facts, I reach the opposite conclusion. The upstream
> changes should be merged. However, since easy workarounds are
> possible, we mig
Florian Weimer wrote:
> * Martin Schulze:
>
> > What was the behaviour pre-sarge?
> > What is the behaviour post-sarge (or rather in sarge)?
>
> Do you mean "before and after the upstream security update"? The
> terms pre-sarge/post-sarge do not make mu
Héctor García Álvarez wrote:
> El vie, 25-03-2005 a las 21:54 +0100, Moritz Muehlenhoff escribió:
> > Package: smail
> > Severity: grave
> > Tags: security patch
> > Justification: user security hole
> >
> > [Dear security-team, this should affect Woody as well]
> >
> > Sean <[EMAIL PROTECTED] ha
Christian Hammers wrote:
> Hello
>
> Last comment regarding this bug report was:
> "CAN-2004-1284 Buffer overflow in the find_next_file function"
> > Date: Tue, 18 Jan 2005 10:00:37 +0100
> > From: Daniel Kobras <[EMAIL PROTECTED]>
> >
> > An update for woody is pending.
>
> Has there b
Branden Robinson wrote:
> On Fri, Mar 11, 2005 at 03:35:32AM -0500, Branden Robinson wrote:
> > The following URL contains source and binary packages for powerpc resolving
> > CAN-2005-0605[1], which is described as:
> >
> > The XPM library's scan.c file may allow attackers to execute arbitrary
Daniel Kobras wrote:
> On Wed, Apr 20, 2005 at 07:50:33PM +0200, Martin Schulze wrote:
> > I have no information about this.
>
> I've provided as much information as I got in
> <[EMAIL PROTECTED]>, addressed
> to [EMAIL PROTECTED], and was basically waiting for
Helge Kreutzmann wrote:
> Hello,
> On Wed, Feb 09, 2005 at 02:02:41AM +0900, OHURA Makoto wrote:
> > tags 294223 woody unreproducible
> > thanks
>
> > In my woody machine,
>
> Since it works fine on our x86-based woody machines, and another
> recent security update was misbuild on alpha (#289670)
Martin Pitt wrote:
> Hi Joey!
>
> I prepared new PostgreSQL woody packages to fix CAN-2005-024[57], here
> is the interdiff:
Thanks.
Regards,
Joey
--
GNU GPL: "The source will be with you... always."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Tro
Package: gforge
Version: 3.1-26
Severity: grave
Tags: security sarge sid patch
The sid/sarge version seems to be vulnerable to this. Please correct it.
The correction should be in the GForge CVS, otherwise sanitising the dir
should be easy (i.e. recursively strip "../").
Candidate: CAN-2005-0299
Package: jsboard
Version: 2.0.10-2
Severity: grave
Tags: sarge sid security patch
Please fix the directory traversal vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
Details
===
PHP has a feature discarding the input values containing null characters
when magic_qu
Thanks.
Martin Pitt wrote:
> Here is the patch used for the Ubuntu security update:
>
> http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
CAN-2005-0016 is the gatos problem Debian fixed in DSA 640
> awstats (6.2-1.1ubuntu1) hoary; urgency=low
> .
>* SECURITY UPDATE: fix
Use CAN-2005-0362 for fixing *plugin* variables
Use CAN-2005-0363 for fixing the config variable
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIB
Package: kdelibs
Version: 3.2.3-3.sarge.2 3.3.2-1
Severity: grave
Tags: security sarge sid patch
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. you probably need to upload into testing-proposed-updates as well
Regards,
Package: mc
Version: 4.6.0-4.6.1-pre1-3
Severity: grave
Tags: sarge sid security patch
I'm awfully sorry but when releasing DSA 639 I was under the impression
that the version of mc was sufficiently new and contained all security
fixes already. However, Gerardo Di Giacomo denied that, so attached
Package: kdeedu
Severity: grave
Tags: security sid patch sarge
Erik Sjölund discovered that a buffer overflow in fliccd which is
installed setuid root (at least on Debian/unstable) can be exploited
quite easily and will probably allow arbitrary code to be executed.
Patch:
ftp://ftp.kde.org/pub/kd
Martin Pitt wrote:
> Hi again,
>
> Martin Pitt [2005-02-16 11:28 +0100]:
> > Hi!
> >
> > Please note that the new upstream only fixes lesstif2, not lesstif1:
> >
> > This directory contains fixed sources:
> >
> > http://cvs.sourceforge.net/viewcvs.py/lesstif/lesstif/lib/Xm-2.1/
> >
> > Howev
This has been assigned CAN-2005-0448.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Dafydd Harries wrote:
> > Filing this bug to track the security hole in the DSA below. Apparently
> > a fix for unstable has not yet been uploaded.
>
> Since I don't have a copy of the original security patch, I tried to
> extract the changes by interdiffing the fixed stable version with the
> lat
Jeroen van Wolffelaar wrote:
> > These bugs are the same, and it seems that indeed there was a mistake when
> > making the package. I hope it can be fixed soon.
>
> Security team, Joey,
>
> It seems the most recent evolution security update had a regression
> w.r.t. SSL support, not unlikely cau
the lowest requirement for
+mailman in Debian/stable and since Python 1.5.2 doesn't do list
+comprehensions [Mailman/Cgi/private.py]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18 Feb 2005 12:57:31 +0100
+
mailman (2.0.11-1woody10) stable-security; urgency=high
* Non-maintainer upload by the Security Team
Steve Langasek wrote:
> On Sun, Feb 27, 2005 at 10:28:27PM +0100, Martin Pitt wrote:
> > In the light of #291700 I prepared a new PostgreSQL stable upload. It
> > fixes a grave misbehaviour if a database is called "peer", and fixes
> > the calling of dpkg --compare-versions which caused the help sc
Package: distcc
Version: 2.18.1-5
Severity: grave
Tags: sarge sid security
Saw this on bugtraq:
XCode ships with version 2.0.1 of distcc. We also tried updating to
2.18.3 and had similar issues with that version as well.
Apple was not contacted prior to this release because the exploit for
distcc
Branden Robinson wrote:
> The following URL contains source and binary packages for powerpc resolving
> CAN-2005-0605[1], which is described as:
>
> The XPM library's scan.c file may allow attackers to execute arbitrary code
> by crafting a malicious XPM image file containing a negative bitmap
Martin Pool wrote:
> Hi Frank, Martin,
>
> I don't think there is any new information in this report beyond what
> has been on the web site for many months. distcc is secure when used as
> directed.
If this report is irrelevant for Debian, feel free to close it right
away.
Regards,
Joe
.17.0/debian/changelog
@@ -1,3 +1,14 @@
+xli (1.17.0-11woody1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied patch from DSA 069 to fix buffer overflow in faces decoder
+[faces.c, CAN-2001-0775]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18
sean finney wrote:
> On Fri, Mar 11, 2005 at 09:39:10AM +0100, Christian Hammers wrote:
> > Wasn't it the one where a privilege granted to "table_name" also grants
> > rights on "tableXname", "tableYname" as '_' was considered as something
> > like a dot in a RegEx? This should be fairly easy to te
Christian Hammers wrote:
> Hello
>
> The bug has been reported more than a week ago and the last status from
> the same date is that the Woody package is beeing investigated.
>
> Are there any news regarding the vulnerability status of the Woody
> package or the preparation of a DSA?
Luigi is ta
Christian Hammers wrote:
> On Fri, Apr 29, 2005 at 02:56:38PM +0200, Martin Schulze wrote:
> > > Are there any news regarding the vulnerability status of the Woody
> > > package or the preparation of a DSA?
> >
> > Luigi is taking a look. It's not yet clea
Moritz Muehlenhoff wrote:
> Package: oops
> Severity: grave
> Tags: security patch sid woody
> Justification: user security hole
>
> [Cc:ing security@, should affect woody as well]
It does.
> A format string vulnerability in the auth() function for SQL database
> user handling possibly permits e
Branden Robinson wrote:
> Hi Joey,
>
> xfree86's fix for CAN-2005-0609 has not yet been uploaded to
> testing/unstable. I expect to make an upload soon, however; the packages
> are currently in preparation, and you can view the current status of the
> SVN trunk at:
>
> http://necrotic.deadbeas
Florian Ernst wrote:
> On Sat, May 28, 2005 at 12:32:39AM +0200, Florian Ernst wrote:
> > Find attached the backported patch I sent to the security team.
>
> Well, now, really, that is.
I may be stupid, but how can this prevent an integer overflow:
- thunk_table=(PE_THUNK_DATA*)mal
Florian Ernst wrote:
> Hello there,
>
> On Thu, Jun 02, 2005 at 05:53:19PM +0200, Martin Schulze wrote:
> > Florian Ernst wrote:
> > > On Sat, May 28, 2005 at 12:32:39AM +0200, Florian Ernst wrote:
> > > > Find attached the backported patch I sent to the s
I've looked at the patch you've provided and I must say that I believe
that it is utterly broken with regards to the "integer overflow". I
don't think that I've discovered a single integer overflow that's
been prevented. Attached is what was left over after the investigation.
Several conditions
Florian Ernst wrote:
> On Thu, Jun 02, 2005 at 07:57:06PM +0200, Martin Schulze wrote:
> > I've looked at the patch you've provided and I must say that I believe
> > that it is utterly broken with regards to the "integer overflow". I
> > don't think
Florian Ernst wrote:
> On Sat, Jun 04, 2005 at 07:04:42PM +0200, Martin Schulze wrote:
> > Below please find the real patch and ensure it is applied to the
> > version in unstable as well (or a similar patch). This one was
> > even missing from your patchset so I'm
sean finney wrote:
> hi,
>
> i've prepared a new version which addresses both the previous issues
> addressed in sarge0 and the new hardened-php reported issues:
>
> deb http://people.debian.org/~seanius/cacti/sarge ./
> deb-src http://people.debian.org/~seanius/cacti/sarge ./
>
> version: 0.8.6
Jay Berkenbilt wrote:
>
> Some time ago, a bug was posted about tiff being vulnerable to
> CAN-2005-1544: a bug that caused and exploitable segmentation fault on
> files with certain bad BitsPerSample values (making it a potential DOS
> bug). The fix is already in sarge. I had posted a patch aga
sean finney wrote:
> another update,
>
> the security release for cacti has been delayed due to complications
> backporting the security fix into the version in woody, which is a major
> release (and rewrite) behind the versions in sarge and sid.
>
> joey from the security team provided an init
Sean Finney wrote:
> i guess i didn't in the email updating this, but did so in sanitize.php
> itself:
Yes, I saw that later. I hope, my tone wasn't too harsh.
> > Additionally you seem to be using get_request_var only which
> > uses the $_GET array, but not the $_REQUEST array, and hence
> > ca
Martin Schulze wrote:
> However, as I don't like the "next week" part too much, I'll try to
> work on the update on my own and send you the diff for comments.
> Should reduce the time you need to spend on the issue as well.
Ok, here is an update.
Regards,
sean finney wrote:
> On Fri, Jul 15, 2005 at 04:15:22PM +0200, Martin Schulze wrote:
> > > However, as I don't like the "next week" part too much, I'll try to
> > > work on the update on my own and send you the diff for comments.
> > > Should redu
Sean Finney wrote:
> hi,
>
> On Mon, Jul 18, 2005 at 07:21:29PM +0200, Martin Schulze wrote:
> > > i'll try and set some time aside tonight or tomorrow to test, but
> > > it looks good from an initial glance.
> >
> > Any outcome? In other words,
Stephen Gran wrote:
> Hello all,
Thanks a lot for contacting us.
> There is a security bug in webcalendar (#315671 and
> http://www.securityfocus.com/bid/14072, for reference). Tim is the
> maintainer, but does not yet have a debian account, and cannot upload.
> We have a fixed version for sarge
Sean Finney wrote:
> On Tue, Jul 19, 2005 at 07:54:31AM +0200, Martin Schulze wrote:
> > Ok, I'll wait.
>
> so, a 6 hour plane flight later, i've learned 3 things:
>
> 1 - there are a number of other variables that also need to be included.
> 2 - there are a n
Package: libapache-mod-auth-radius
Version: 1.5.7-5
Severity: grave
Tags: woody sid security
I haven't checked if this problem exists in the Debian package. Please check.
If the Debian package is fixed, too old or too new, please close this bug
report.
Regards,
Joey
- Forwarded m
Fabio Massimo Di Nitto wrote:
> The package was not released with woody. I am working right now to check sid.
What about the attached patch?
Regards,
Joey
--
MIME - broken solution for a broken design. -- Ralf Baechle
Please always Cc to me when replying to me on the lists.
--- mod_a
Fabio Massimo Di Nitto wrote:
> I did talk with upstream that is working on a fix and will release soon.
Great.
> The patch looks ok, but i am going to give one or two days to upstream
> before going with this fix.
Feel free to forward upstream.
Regards,
Joey
--
MIME - broken solutio
Package: maxdb-webtools
Version: 7.5.00.19-1
Severity: grave
Tags: security sarge sid
Please see the advisory below and update the package in sarge with
the priority elevated to high.
Regards,
Joey
- Forwarded message from customer service mailbox <[EMAIL PROTECTED]> -
Subject
Package: dillo
Version: 0.8.1-1
Severity: grave
Tags: pending security sarge
The problem below seems to be fixed in the version in sid (0.8.3-1) but
not yet in the version in sarge), hence this bug report. This bug report
is meant to track this issue. Please close it when the fixed pacakge
enter
Just for references, this issue has been assigned CAN-2005-0079.
A Debian advisory will follow.
Regards,
Joey
--
MIME - broken solution for a broken design. -- Ralf Baechle
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
Justin Pryzby wrote:
> reopen 278191
> tag 278191 woody
> thanks
>
> Correct?
In generall yes and only if the security team is contacted in parallel,
but please close them as I surely forget this.
Regards,
Joey
--
MIME - broken solution for a broken design. -- Ralf Baechle
Please al
Justin Pryzby wrote:
> Bug#278191: CAN-2005-0079: authentication bypass via integer overflow
>
>
> Its not an integer overflow, btw, though its not really a buffer
> overflow either; its an set-an-arbitrary-byte-of-memory-to-zer
Package: awstats
Version: 6.2-1
Severity: grave
Tags: security sarge sid patch
Please see this advisory at iDEFENSE for details
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
VI. VENDOR RESPONSE
This vulnerability is addressed in AWStats 6.3,
==
Candidate: CAN-2005-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0111
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050118
Category: SF
Reference: IDEFENSE:20050113 MySQL MaxDB WebAgent websql logon Buffe
Package: jabber
Version: 1.4.3-3
Severity: grave
Tags: security sid sarge
I can only guess that our version is vulnerable as well. If not, please close
this bug report. If you've included a fixe, please add the CVE id to the
proper changelog item.
===
Martin Schulze wrote:
> --- mod_auth_radius.c~2003-03-24 20:16:15.0 +0100
> +++ mod_auth_radius.c 2005-01-13 13:01:42.0 +0100
> @@ -971,8 +971,11 @@ find_attribute(radius_packet_t *packet,
>}
>return attr;
> }
> -#define radcpy(STRING, ATTR)
Michael Banck:
The package builds fine like that, it's just the additional kernel
modules which need to be built by a different script, AIUI
Steve Langasek:
well, here's the thing. the source package does build if you run
the normal debian/rules commands; but those binary packages that
Sven Luther wrote:
> severity 242068 grave
> thanks
Maybe this explanation should be added here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286305&msg=7
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
Package: gpdf
Severity: grave
Tags: security sarge sid
This problem also affects gpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
URL:http://www.idefense.com/application/po
Package: kpdf
Severity: grave
Tags: security sarge sid
This problem also affects kpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
URL:http://www.idefense.com/application/po
This problem has been assigned CAN-2005-0116:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116
Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
Joey Hess wrote:
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
>
> I've attached a patch that adds bounds che
Package: maxdb
Severity: grave
Tags: sarge security
# sid is already fixed, so this is a reminder.
Two CVE ids have been assigned to this advisory:
Candidate: CAN-2005-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0081
Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent Multip
Package: konversation
Version: 0.15-2
Severity: grave
Tags: security sarge sid
These problems have been discovered by Wouter Coekaerts in the konversation
IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
some older versions too. They are fixed in 0.15.1.
When you fix these pro
tags 291503 patch
thanks
Whoops, didn't notice the last paragraph of Wouter's mail:
Solution
These problems are fixed in version 0.15.1, which was released 19/01/05
Individual patches can be downloaded at:
http://wouter.coekaerts.be/konversation.html :
http://wouter.coekaerts.be/files/ko
Nathaniel W. Turner wrote:
> On Friday 21 January 2005 02:09 am, Martin Schulze wrote:
> > These problems have been discovered by Wouter Coekaerts in the konversation
> > IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
> > some older versions too. The
Moritz Muehlenhoff wrote:
> Package: libavcodec-dev
> Version: 0.cvs20050106-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> [Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
> more, I haven't investigated whether they are affected, but I assume i
Package: openswan
Severity: grave
Tags: security sarge sid patch
Please see the advisory and patch here:
http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
Even though iDEFENSE wrote:
iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All pre
Rene Mayrhofer wrote:
> > http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
> >
> > Even though iDEFENSE wrote:
> >
> >iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All previous
> >versions of Openswan also contain the vulnerable code.
==
Candidate: CAN-2005-0162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162
Reference: IDEFENSE:20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=190&type
Rene Mayrhofer wrote:
> Hi Joey,
>
> On Friday 28 January 2005 07:28, Martin Schulze wrote:
> > Stack-based buffer overflow in the get_internal_addresses function in
> > the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x
> > before 2.3.0, when com
This problem has been assigned
Candidate: CAN-2004-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1388
Reference: BUGTRAQ:20050126 DMA[2005-0125a] - 'berlios gpsd format string
vulnerability'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110677341711505&w=2
Reference
Package: uw-imap
Version: 2002edebian1-5
Severity: grave
Tags: security sarge sid patch
A vulnerability was discovered in the CRAM-MD5 authentication in
UW-IMAP where, on the fourth failed authentication attempt, a user
would be able to access the IMAP server regardless. This problem
exists only
Package: kleopatra
Version: 3.3.1-3
Tags: sid sarge
Severity: serious
The package should at least be installable when it is in the Debian archive,
even if it is a contrib package.
# apt-get install kleopatra
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be
Tobias Vogel wrote:
> Package: klogd
> Version: 1.4.1
> Severity: grave
>
> klogd randomly starts using 99& cpu.if work
> on the certain vserver is still possible, then
> killing the klogd (-9) is the only thing to stop the
> process.
I assume that you don't have an idea on what's going on there,
Bdale Garbee wrote:
> tags 429462 +unreproducible +moreinfo
> thanks
>
> On Mon, 2007-06-18 at 11:24 +0200, Joey Schulze wrote:
> > Package: gzip
> > Version: 1.3.12-2
> > Severity: grave
> >
> > I'm sorry to report but the new version of gzip breaks dpkg-source in
> > sid and thus cannot be used
Bdale Garbee wrote:
> > Any idea at where to look?
>
> Not really. I freshened my machine to latest unstable this morning...
> maybe an strace would point to something? [shrug]
Does this help?
finlandia!joey(tty6):/tmp/work> dpkg -l gzip
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/I
Bdale Garbee wrote:
> On Mon, 2007-06-18 at 17:47 +0200, Martin Schulze wrote:
> > Bdale Garbee wrote:
> > > > Any idea at where to look?
> > >
> > > Not really. I freshened my machine to latest unstable this morning...
> > > maybe an strace would
Bdale Garbee wrote:
> Also just talked to James Troup who is in the same room here at Debconf,
> and he's running this version of gzip on various buildd systems... so
> I'm confused about what might be wrong.
Err, since when are source packages *built* on buildd systems? They
are unpacked - which
Steve Kemp wrote:
> > Hiki 0.8.0 - 0.8.6 is affected, it means that stable, testing and unstable
> > pacakges in Debian are affected. Please update hiki package.
> >
> > For more detail, see http://hikiwiki.org/en/advisory20070624.html
>
> Joey if you could allocate an ID I'll upload a fixed
Mike Hommey wrote:
> > On my OOo build on etch:
> >
> > /home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base
> > dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags
> > $(PKGCONFIG_MODULES)
> > Package 'Mozilla Plug-
Julien Cristau wrote:
> tags 427596 + patch
Thanks, fixed in source.
Regards,
Joey
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to
Faidon Liambotis wrote:
> Granted, we have a very very bad record as maintainers of supporting
> this security-wise but I think we can try to change that. I certainly
> will try my best to provide you with patched versions to upload.
> I haven't discuss this with the rest of the team yet but I thin
Nikolaus Schulz wrote:
> Package: libid3-3.8.3c2a
> Version: 3.8.3-6
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> when tagging file $foo, a temporary copy of the file is created, and for some
> reason, libid3 doesn't use mkstemp but just creates $foo.XX
Bug confirmed
Recompile sufficient not confirmed
Regards,
Joey
--
The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? C
[EMAIL PROTECTED] wrote:
> Package: sysklogd
> Version: 1.5-1
> Severity: critical
> Justification: breaks unrelated software
>
> I don't really know if it is new sendmail config, proftpd config or new
> sylogd config, but many of my log files have been deactivated and replaced by
> others in o
Philipp Kern wrote:
> On Tue, Apr 15, 2008 at 08:39:03AM +0200, Pierre Habouzit wrote:
> > Dear security team, you broke lighttpd badly with your last upload,
> > because you use a broken patch to fix the last CVE on it. Please update
> > the patch, using e.g. the one in the unstable version inst
Michael Kerrisk wrote:
> Just for debian's info: you definitely want the man-pages page. The
> pthreads pages that I have been recently adding to man-pages are far
> better than the ancient glibc pages.
Ack. I've opened Bug#506515 requesting this.
Regards,
Joey
--
No question is too
Please use CVE-2006-5876.
Regards,
Joey
--
GNU GPL: "The source will be with you... always."
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
merge 409147 409148
thanks
David Broome wrote:
> Package: glibc
> Version: glibc-2.3.2.ds1-22sarge4
> Severity: critical
>
> Hello - tzdata in glibc for stable is based on tzdata2006b (from edits
> in 2.3.2.ds1-22sarge1), this does not have the correct PST changes for
> this year for 4 Canadian
Finn-Arne Johansen wrote:
> Package: gosa
> Version: 2.5.6-2
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> The documentation in gosa tells the admin to install gosa.conf under
> /etc/gosa/gosa.conf, and to make it readable by the group www-data.
> In this configu
Josselin Mouette wrote:
> Le jeudi 28 décembre 2006 à 17:29 -0800, Thomas Bushnell BSG a écrit :
> > On Fri, 2006-12-29 at 01:56 +0100, Josselin Mouette wrote:
> > > Now, if you don't provide us with the necessary data, we won't be able
> > > to fix the regression it introduces in gnucash.
> >
> >
Julien Cristau wrote:
> Hi,
>
> do the security@ people have a DSA in preparation for links and/or
> elinks for CVE-2006-5925, or should I prepare a patch for the stable
> versions too?
As far as I know, no. Please prepare an update.
Regards,
Joey
--
Given enough thrust pigs will fly
Package: asterisk
Version: 1.2.10.dfsg-1
Severity: grave
Tags: security patch
A problem has been discovered in the IAX2 channel driver of Asterisk,
an Open Source Private Branch Exchange and telephony toolkit, which
may allow a remote to cause au crash of the Asterisk server.
The patch used for s
101 - 200 of 211 matches
Mail list logo
