On 11/18/2016 01:46 AM, Hon Ching(Vicky) Lo wrote:
> On Thu, 2016-11-17 at 14:18 -0500, Hon Ching(Vicky) Lo wrote:
>> The patch that supports OpenSSL 1.1 (backward-compatible) is upstream:
>> https://sourceforge.net/p/trousers/trousers/ci/05411ea68746acbaf4e69295be50b9a47cddb2fd/
>>
>>
>> Vicky
>
On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > Hi
> >
> > The patch is upstream:
> > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> >
> >
> > Thanks,
> > Vicky
>
Package: iptables
Version: 1.8.1-2
Severity: grave
Tags: security
Justification: breaks rules, inserts pass-all rules
X-Debbugs-Cc: t...@security.debian.org,
secure-testing-t...@lists.alioth.debian.org
Hi,
The debian package for iptables now transparently converts inserted
rules to nftables, whi
On Tue, Nov 06, 2018 at 02:02:06PM +0100, Arturo Borrero Gonzalez wrote:
> Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290
>
> Hopefully next upstream release will contain a fix.
Hi,
Thanks Arturo.
After some more testing, it seems the bug would be less severe than it
tags 897465 - moreinfo unreproducible
severity 897465 normal
thanks
Hi Lucas,
I cannot reproduce this FTBFS here (in pbuilder), nor in a porter box.
However, I just uploaded sagan-1.1.8-2, where a build-dep was missing.
These issues may be related (though I don't see how). Can you test again
and
tags 372531 sarge
found 372531 0.5.2-1.1sarge1
notfound 372531 0.7.2-2
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Jul 04, 2006 at 02:30:10PM +0200, Julien Danjou wrote:
> Hello,
>
> The fix for DSA-1006-1 on wzdftpd broke dependencies as explained in bug
> report #372531.
> We would like to see this bug fixed in the next stable point-release.
>
> Would it be possible to the security team to fix this
reassign 465085 libprelude
tags 465085 +pending
thanks
The problem is caused by the libgnutls transition: libprelude is build
against libgnutls13 (2.0.4), while the new prelude-manager is build
against libgnutls26 (2.2.1).
I'll upload a new libprelude package to trigger the rebuild (it fixes
the
tag 429192 +pending
tag 429344 +pending
thanks
The problem has been discussed with upstream. Actually, the library is
not used, so GLPI is not really vulnerable.
A new version has been released including the fix, and has been uploaded
to my sponsor (it will be uploaded ASAP).
A discussion is in p
severity 429344 wishlist
tags 429344 +upstream
thanks
GLPI does actually not use PHPMailer, it only includes a patched copy
(so the bug is not RC). As explained in the previous mail, a change is
in progress in the upstream release.
Regards,
Pierre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
On Fri, Aug 10, 2007 at 10:50:29AM +0200, Michael Ablassmeier wrote:
> found 427973 2.2.3-1
> thanks
>
> hi,
>
> nuauth and nuauth-extra *still* have conflicting files:
>
> > Unpacking nuauth-extra (from .../nuauth-extra_2.2.3-1_amd64.deb) ...
> > dpkg: error processing
> /var/cache/apt/arch
On Thu, Oct 11, 2007 at 01:27:17AM +0200, Nico Golde wrote:
> Package: wzdftpd
> Version: 0.5.2-1.1sarge2
> Severity: grave
> Tags: security
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for wzdftpd.
>
> CVE-2007-5300[0]:
> | Off-by-one error in the do_login_
tag 449197 +pending
thanks
Package is ready for upload, just waiting for ftp-master to be repaired.
Regards,
Pierre
On Sun, Nov 04, 2007 at 01:02:20AM +0100, Bastian Blank wrote:
> Package: nuapplet
> Version: 2.0-1
> Severity: serious
>
> There was an error while trying to autobuild your packa
On Sun, Sep 09, 2007 at 10:39:34PM +0300, Nick Shaforostoff wrote:
> is it so hard to upload fixed vesrion of a package?
>
Bug is currently under resolution.
Sorry for the delay.
Pierre
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PRO
severity 501882 normal
retitle 501882 pgsnap: relative path does not work
thanks
Indeed, pgsnap does not actually work with relative paths. I'm
contacting upstream about that.
I consider this more as a lack of documentation (which I will fix
shortly) than a critical bug, so I'm setting the priori
reassign 502134 python-matplotlib
retitle 502134 matplotlib: undefined symbol: __gxx_personality_v0
thanks
Reassigning bug, since it is not related to NuLog, and easily reproduced
on a clean Lenny install:
# aptitude install python-matplotlib
$ python
Python 2.5.2 (r252:60911, Sep 29 2008, 21:15:
On Fri, Oct 24, 2008 at 10:27:09PM +0200, Florian Weimer wrote:
> * Luca Bruno:
>
> > A full disclosure bulletin has been posted today, reporting various
> > security vulnerabilities in websvn.
>
> Thanks, I'm not sure if the source is in our public monitoring.
>
> > The remote code execution s
On Wed, Aug 27, 2008 at 04:10:06PM +0200, Thijs Kinkhorst wrote:
> Hi Pierre,
>
> This RC bug has now been open for two weeks. I'm uploading an NMU to the
> delayed-5 queue according to the attached patch. I hope this helps to keep
> websvn in good shape in lenny.
>
>
Hi Thijs,
I'm merging y
Package: python-sepolgen
Version: 1.0.11-3
Severity: grave
Justification: renders package unusable
Hi,
Package python-sepolgen should create a module named differently, since
the dash (-) is forbidden in Python modules names.
[~] python
Python 2.5.2 (r252:60911, May 28 2008, 19:19:25)
[GCC 4.2
On Sat, Apr 26, 2008 at 02:23:08AM +0200, Lucas Nussbaum wrote:
> severity 477020 serious
> thanks
>
At first, I thought the build failure was caused by gcc 4.3, so I
downgraded the severity. The real cause was a missing build dependency
on pkg-config.
I'm uploading a fixed package.
Regards,
Pi
On Tue, Apr 15, 2008 at 12:06:57PM +0200, Adeodato Simó wrote:
> clone 476173 -1
> retitle -1 nuauth-utils: needs rebuid on each python transition
> severity -1 important
> thanks
>
Can you explain to me why you reopen this bug, while the package has
been re-uploaded ? The new package _is_ linked
On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
> Pierre,
>
> The bug in download.php is still there in lenny, why did you close
> the bug?
Hi James,
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
Additionally, this injection does not work here:
ht
On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote:
> Hi Pierre,
>
> Pierre Chifflier ha scritto:
> > I closed the bug because the advisory [1] stated 1.02 while Lenny
> > version is 1.01.
>
> This doesn't imply that 1.01 isn't affected.
>
I ful
severity 504374 normal
tag 504374 +upstream
thanks
Hi,
I'm downgrading bug severity according to
http://www.debian.org/Bugs/Developer#severities
The bug, even if annoying, does not introduce security problems or
render the application unusable. Please, do not raise severity without
reasons, it w
On Mon, Nov 03, 2008 at 12:40:26PM +0100, Thijs Kinkhorst wrote:
> Hi,
>
> It seems that the following are upstream's handling of the issue. I
> haven't checked them out in detail yet so can't vouch for their
> completeness.
>
Thanks for the links. It seems indeed that there is some activity on
On Sun, Nov 09, 2008 at 12:39:10AM +0100, Philipp Kern wrote:
> On Fri, Nov 07, 2008 at 11:13:57AM +0100, Pierre Chifflier wrote:
> > Please allow glpi 0.68.2-1etch0.2 (etch) and 0.70.2-2 (testing) updates,
> > They close a RC bug by updating a file to a version covered by a
> &
Hi,
These two updates occurs after a discussion with websvn upstream, to
validate the corrections. Security problem is described at:
http://www.gulftech.org/?node=research&article_id=00132-10202008
(I haven't found any related CVE, but a Secunia advisory:
http://secunia.com/advisories/32338/
)
Th
severity 512660 normal
tags 512660 +wontfix
thanks
On Thu, Jan 22, 2009 at 05:33:59PM +0100, root wrote:
> Package: ocsinventory-server
> Version: 1.01-6
> Severity: grave
> Justification: renders package unusable
>
> After installing ocsinventory-server, it doesn't work, because while the
> da
On Wed, Jan 28, 2009 at 08:04:20PM +0100, Andreas Henriksson wrote:
> Hello!
>
> I had a really quick look and there seems to be several issues.
>
> Next after parsing the command line options, the server forks and kills
> off the parent (in wzdftpd/wzd_main.c line 402). This leaves no room for
>
Package: pyqt4-dev-tools
Version: 4.4.4-5
Severity: grave
Justification: pyuic4 does not work anymore
Hi,
After upgrading pyqt4-dev-tools (and python-qt4 etc.) from
4.4.4-4 to 4.4.4-5 (which should be a minor upgrade),
pyuic4 stopped working.
Error:
pyuic4 -o auth_ui.py auth.ui
An unexpecte
On Fri, Aug 14, 2009 at 11:01:53PM +0100, peter green wrote:
> tags 529841 +patch
> thanks
>
> Patch is attached (gzipped because of size) , the changes are
>
> * fixed mysql build-depends
> * fixed gnutls detection in configure.ac (the existing detection
> system seemed to rely on a autotools te
On Thu, Dec 14, 2006 at 03:45:27PM +0100, Frederik Reiß wrote:
> It looks like that /var/run/wzdftpd/ is not created or deleted during or
> after the package installation. After creating /var/run/wzdftpd/ manualy
> everything works fine.
>
Thanks for your help. I'll fix this in the next upload, a
On Tue, Mar 27, 2007 at 07:09:42PM +0200, Marc Dequènes wrote:
>
> Package: wzdftpd-mod-avahi
> Version: 0.8.1-1
> Severity: serious
>
>
> Coin,
>
> wzdftpd start, then crash 2s later with the following message:
> wzdftpd: libwzd_avahi.c:182: publish_reply: Assertion `g == ctx->group'
> failed
On Sun, Oct 25, 2009 at 12:05:46PM +0100, Michael Prokop wrote:
> Package: xtables-addons-source
> Version: 1.19-1
> Severity: grave
> Justification: renders package unusable
>
>
> Note: choosing severity grave as I think it renders the package
> unusable, please feel free to downgrade if you thi
Hi all,
I'm adding David (pgTAP author) in CC: of this discussion.
David: this is about finding if binaries (pg_prove and pg_tapgen) should
be stored in /usr/bin (if it is common to all postgresql versions) or in
/usr/lib/postgresql/*/bin if it is version-specific.
The complete discussion can be
On Sun, Feb 21, 2010 at 11:57:52AM +0100, Stefano Zacchiroli wrote:
> On Sun, Feb 21, 2010 at 11:39:43AM +0100, Martin Pitt wrote:
> > It's not a question of how many versions are supported in a current
> > release, since on upgrades people will have more than one major
> > version installed. But s
Hi Lucas,
It seems the problem is on your buildd:
[~] uname -a
Linux piche2 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64
GNU/Linux
[~] apt-cache policy libpreludedb0
libpreludedb0:
Installed: 1.0.0~rc1-1
Candidate: 1.0.0~rc1-1
Version table:
*** 1.0.0~rc1-1 0
500
On Sun, Feb 28, 2010 at 06:48:27PM -0300, Gustavo Franco wrote:
> Hi Pierre,
>
> I understand you may be busy, but Jakub wrote a patch for this bug.
> You've submitted without acknowledging the work. Thank you both for
> contributing to Debian!
>
Oh, that was not my intention.
Sorry, and thank y
severity 548752 important
thanks
On Mon, Sep 28, 2009 at 11:50:22AM -0400, David Gibson wrote:
> Package: glpi
> Version: 0.72.2-1
> Severity: grave
> Justification: renders package unusable
>
> When upgrading to from 0.72-1 to 0.72.2-1, I'm prompted to let
> dbconfig-common update the database.
> Hi.
>
> I've just done an NMU for the DELAYED-2 queue of this fix.
>
> Pierre, are you still interested in this package? I ask this because there's
> another patch in other bug report. I'd be happy to be the (a)
> (Co-)Maintainer if it's ok to you.
>
Hi Marco,
Thanks for the upload (and pa
On Mon, Jan 04, 2010 at 11:12:16AM +0100, Modesto Alexandre wrote:
> Package: xtables-addons-source
> Version: 1.19-3
> Severity: grave
> Justification: renders package unusable
>
>
> After apt-get upgrade on my debian testing, i have this message :
>
> iptables: match "ipp2p" has version "libxt
On 01/10/2011 12:06 PM, Julien Cristau wrote:
> user release.debian@packages.debian.org
> usertag 609336 squeeze-will-remove
> kthxbye
>
> On Sun, Jan 9, 2011 at 01:13:56 +0800, Paolo Scarabelli wrote:
>
>> Package: pgdesigner
>> Version: 1.2.17-1
>> Severity: grave
>>
>> --- Please enter th
On Tue, Jun 15, 2010 at 08:19:39PM +0200, Luca Bruno wrote:
> Hi,
> attached a patch for this. If Pierre doesn't step up in the meantime,
> I'll do a deferred NMU in a couple of days.
>
> No high priority, as the internal copy of scapy shouldn't be currently
> in use.
>
Hi Luca,
Thanks for the
Hi,
Suricata 1.0.2 was released after the freeze, and it fixes several
bugs (exactly, "half a dozen TCP evasions").
See http://www.packetstan.com/2010/09/suricata-tcp-evasions.html
The git commits are more or less exactly the fixes, so I am proposing to unblock
suricata 1.0.2 since porting the fi
On 12/01/2010 10:48 PM, Adam D. Barratt wrote:
> I've just had a quick look at your t-p-u upload for suricata. Without
> getting too far in to checking the patches themselves, one thing that I
> noticed is that the diff adds nine new patches to debian/patches but
> debian/patches/series is only ei
Hi,
I have merged the patch from Alban Browaeys (thanks to him for writing
it) in version 0.6.6-2, just uploaded a few moments ago.
Thanks,
Pierre
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Tue, Oct 30, 2012 at 06:21:07PM +0100, Moritz Muehlenhoff wrote:
> On Sun, Oct 21, 2012 at 10:57:38PM +0200, Arthur de Jong wrote:
> > On Tue, 2012-10-02 at 14:37 +0200, Moritz Muehlenhoff wrote:
> > > Please see the thread starting at
> > > http://www.openwall.com/lists/oss-security/2012/09/07/
y=high
+
+ * Fix crash when malformed packet is received (CVE-2012-0698)
+Closes: #692649
+
+ -- Pierre Chifflier Thu, 08 Nov 2012 22:08:58 +0100
+
trousers (0.3.5-2) unstable; urgency=low
* QA upload.
diff -Nru trousers-0.3.5/debian/patches/04-security-cve-2012-0698.patch trousers-0
On Sat, Nov 17, 2012 at 03:00:04PM +0100, Yves-Alexis Perez wrote:
> On sam., 2012-11-17 at 11:30 +0100, Pierre Chifflier wrote:
> > Hi Security Team,
> >
> > I'm forwarding this email to ask for review on the correction for
> > CVE-2012-0698 in stable
>
> Sorry for the late reply. This seems to have fallen through the cracks
> and I'm currently catching up with old mail.
>
> I think this doesn't warrant a DSA, but could you fix this through
> a stable point update?
> http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stabl
On Tue, Aug 17, 2010 at 09:51:13PM +0200, Luca Bruno wrote:
> Adam D. Barratt scrisse:
>
> > This has been tagged pending for a few weeks; are you planning on
> > uploading the fix in the near future?
>
> I marked this as pending, as I was ready to NMU.
> Original maintainer said he would have ta
On Sat, May 15, 2010 at 10:02:09PM +0200, Kurt Roeckx wrote:
> Source: xtables-addons
> Version: 1.26-1
> Severity: serious
>
> [...]
>
> > /usr/bin/make -C extensions clean
> > make[1]: Entering directory
> > `/build/buildd-xtables-addons_1.26-1-i386-Fgk0n0/xtables-addons-1.26/extensions'
> > r
On Sun, May 16, 2010 at 11:40:52AM +0200, Kurt Roeckx wrote:
> On Sun, May 16, 2010 at 09:31:56AM +0200, Pierre Chifflier wrote:
> > On Sat, May 15, 2010 at 10:02:09PM +0200, Kurt Roeckx wrote:
> > > Source: xtables-addons
> > > Version: 1.2
On 04/26/2011 11:33 PM, Michael Biebl wrote:
Hi Pierre,
I've prepared an NMU and uploaded it to DELAYED/7. The changelog reads:
pgdesigner (1.2.17-2.1) unstable; urgency=low
* Non-maintainer upload.
* Drop dependency on gambas2-gb-qt-kde and gambas2-gb-qt-kde-html.
See http://wiki.d
Hi,
pgdesigner is actually uninstallable due to the removal of
gambas2-gb-qt-kde and gambas2-gb-qt-kde-html (See #620646).
After some discussions with the gambas maintainer (#620646) and
upstream, it seems there is no solution since upstream is not really
willing to port gambas to Qt4 [1]
Withou
severity 767690 normal
tags 767690 + unreproducible moreinfo
thanks
Hi,
I tried for a few days to reproduce the bug on different hosts, without
any luck. I'm therefore lowering the severity to normal, until having
more information.
Preparing to unpack .../trousers_0.3.13-2_amd64.deb ...
Unpackin
severity 772685 normal
thanks
Hi,
While it's true the packaging is late (mainly due to the fact that
upstream completely changed the relation with libee/liblogorm, and that
the released versions did not compile because the autotools files were
broken), the severity of this bug is absolutely not c
tags 772551 + pending
block 772551 by 777042
thanks
Hi,
This bug is solved by the next (pending) uploading, to be validated by
the release team.
The two bug reports for the unblock requests are:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777040 (libhtp)
https://bugs.debian.org/cgi-bin/bug
On Mon, Feb 09, 2015 at 10:42:26PM +0100, Arturo Borrero Gonzalez wrote:
> On 9 February 2015 at 15:05, Pierre Chifflier wrote:
> > This bug is solved by the next (pending) uploading, to be validated by
> > the release team.
>
> I have a some questions:
>
> * How this
On 03/24/2016 09:38 AM, Yves-Alexis Perez wrote:
> control: affects -1 suricata
> On jeu., 2016-03-24 at 07:20 +0100, Florian Weimer wrote:
>> * Hilko Bengen:
>>
>>>
>>> the original report may not have been 100% clear on this, but the bug is
>>> the main cause of a vulnerability in Suricata (a net
retitle 652756 sslsniff: does not build with boost 1.48
severity 652756 normal
thanks
Hi,
This was caused by the temporary upload of boost-dev defaulting to 1.48,
which was reverted to 1.46 (so not affecting the current version anymore).
I'm keeping the bug open to track the compatibility with bo
script expects -patch|-unpatch as argument"
+ exit 1
+esac
+exit 0
+
+# DP:
+
+Author: Pierre Chifflier
+Description: Fix build error with -Werror=format-security hardening flag.
+
+diff -ruN bash-4.1.orig/print_cmd.c bash-4.1/print_cmd.c
+--- bash-4.1.orig/print_cmd.c 2009-09-16 21:32:26.0
On Mon, Oct 17, 2011 at 01:20:53PM +0200, Ralf Treinen wrote:
> Package: libopenscap0,libopenscap1
> Version: libopenscap0/0.7.3-1
> Version: libopenscap1/0.8.0-1
> Severity: serious
> User: trei...@debian.org
> Usertags: edos-file-overwrite
>
> Date: 2011-10-17
> Architecture: amd64
> Distributio
On Mon, Oct 17, 2011 at 02:39:52PM +0200, Julien Cristau wrote:
> On Mon, Oct 17, 2011 at 14:13:03 +0200, Pierre Chifflier wrote:
>
> > On Mon, Oct 17, 2011 at 01:20:53PM +0200, Ralf Treinen wrote:
> > > Package: libopenscap0,libopenscap1
> > > Version: libo
tags 666330 + moreinfo unreproducible
severity 666330 normal
thanks
On Fri, Mar 30, 2012 at 11:21:15AM +0200, Lucas Nussbaum wrote:
> Source: suricata
> Version: 1.2.1-1
> Severity: serious
> Tags: wheezy sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20120330 qa-ftbfs qa-ftbfs-builda
On Tue, Aug 20, 2013 at 03:23:33PM +0200, gregor herrmann wrote:
> On Mon, 12 Aug 2013 16:46:41 +0200, Dominic Hargreaves wrote:
>
> > This bug still appears to exist in unstable, and since glibc > 2.16 is
> > now in unstable, should probably be upgraded. It also blocks the perl
> > 5.18 transitio
On 01/06/2016 11:49 AM, Thijs Kinkhorst wrote:
> Package: websvn
> Severity: serious
>
> I propose to remove websvn from Debian.
>
> The package is unmaintained with last maintainer upload in 2011. There was
> also
> no response to a security issues which I fixed in an NMU one year ago. I then
>
On Sun, Jun 05, 2011 at 02:49:30PM +0200, Jakub Wilk wrote:
> severity 629280 serious
> tags 629280 + patch
> unarchive 580503
> found 580503 2.8.4-1
> thanks
>
> * Vangelis Koukis , 2011-06-05, 13:22:
> >python-nfqueue only provides packages for Python v2.7, so one
> >cannot import nfqueue when u
Hi Alexandr,
Bug #736309:
libnetfilter-queue-{dev, dbg}: unhandled symlink to directory conversion:
/usr/share/doc/PACKAGE
is marked as serious, and is causing several packages (in my cast,
suricata and nfqueue-bindings) to be scheduled for autoremove.
Do you plan to upload a fixed version ?
T
69 matches
Mail list logo
