Hi
>> gpsim-0.20.14
>gui_regwin.c:1795: error: 'GTK_SHEET_CLIP_TEXT' undeclared (first use
>in this fu
This problem won't raise up if you build against libgtkextra17-dev as you need
this header file gtkextra/gtksheet.h
So I guess we can just use the patch from
http://bugs.debian.org/cgi-bin/bugr
s* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
ysV)
+ echo i386-pc-xenix
+ exit ;;
+i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>
Hi
Now the blocking bug is removed and I have prepared a NMU for gpsim-lcd.
I simply removed the xlibs-dev build-dependency.
You can find the finish NMU under
http://developer.skolelinux.org/~white/debs/nmu/gpsim-lcd/
I also attached the whole patch.
Greetings
Steffen
diff -u gpsim-lcd-0.1.1/con
Hi
I have prepared a NMU for gpsim-led to fix both RC bugs.
It fixes this bug by removing xlibs-dev from build-depends and the other one
by applying the patch to prevent segfaulting
(see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233275)
You can find the NMU under
http://developer.skoleli
Hi
I have prepared a NMU for gpsim-led to fix both RC bugs.
It fixes this bug by removing xlibs-dev from build-depends and the other one
by applying the patch to prevent segfaulting
(see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233275)
You can find the NMU under
http://developer.skoleli
Hi
The packages are prepared and should be ready for upload.
Let's wait for Florian to confirm it.
Packages available under:
http://developer.skolelinux.org/~white/debs/italc/
Greetings
Steffen
pgp64Ucj5PVqr.pgp
Description: PGP signature
Package: polyglot
Severity: serious
Hi
In polyglot's orig.tar.gz I found the following file:
polyglot.exe
file tells me:
polyglot.exe: PE executable for MS Windows (console) Intel 80386 32-bit
This is a binary and binaries are not allowed in orig.tar.gz's
Please remove all binaries from orig
Gr
Package: fruit
Severity: serious
Hi
I just downloaded the source package and inside the orig.tar.gz
I found a file called fruit_21_static
file fruit_21_static tells me:
fruit_21_static: ELF 32-bit LSB executable, Intel 80386, version 1
(SYSV), for GNU/Linux 2.2.5, statically linked, not stripp
package provided a binary without source, which broke the DFSG
I had to repack the old orig.tar.gz and bumped the version number to
2.1.0.1dfsg. Upstream only uses the first two digits so there
should never be a versioning problem. (Closes: #350033)
-- Steffen Joeris <[EMAIL PROTEC
Hi
Here is the patch for the build-dependency to make sure that your package
builds from source. The problem is that uudecode is not available which is
part of the package sharutils.
Here is the change in the control file:
--- control.old 2006-04-29 15:44:19.0 +0200
+++ control 200
Package: kdissert
Version: 1.0.5.debian-2
Severity: serious
Hi
The package needs to be rebuild against the new kdelibs4-dev so that the
dependency against kdelibs4c2 changes to kdelibs4c2a.
(This is because of the libstdc++ allocation transition).
Greetings
Steffen
-- System Information:
Debian
Package: php-log
Severity: serious
Hi
While installing php-log on sid I got the following error:
sudo apt-get install php-log
Reading package lists... Done
Building dependency tree... Done
Suggested packages:
php4-sqlite php5-sqlite
The following NEW packages will be installed
php-log
0 upgr
Package: horde3
Severity: serious
Tags: patch
Hi
Currently the horde3 package is not installable on sid.
I got the following error:
apt-get install horde3
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an
Hi
I tried to get rid of the cd device to make sure that autopartkit doesn't try
to do partitioning on this read-only device.
I am using the ped_device_destroy() function from libparted, please have a
look and comment, I guess this is a good workaround to exclude the cd device
from the list.
G
Package: autopartkit
Severity: grave
Hi
The second problem with autopartkit raises up when it tries to
call the print_list() function. As far as I can see it goes into the
if-clause and then gets a segmentation fault.
I need to do some further debugging to provide a patch, but I wanted
to report
Package: vym
Version: 1.7.0+cvs1.7.4-2
Severity: grave
Hi
There is a dependency on libqt3c102-mt which makes vym uninstallable on
i386 .
I think a rebuild is necessary.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'
Package: libgnomeprint15
Severity: serious
Hi
I can't install the package libgnomeprint15, because it depends on a
specific version of libgnomeprint-data, but the version of
libgnomeprint-data in unstable is newer than the dependency.
This makes libgnomeprint15 and other packages which are dependi
Package: guile-gnome0-dev
Severity: serious
Hi
Sorry but guile-gnome0-dev is uninstallable.
I need it for a package and under sid it failed to install with the
following warning:
The following packages have unmet dependencies:
guile-gnome0-dev: Depends: g-wrap (>= 1.9.4) but it is not going to
Package: cdbs
Version: 0.4.32
Severity: serious
Hi
It should never be possible to call a target named debian/control ,
which will build a control file during the build. But this is possible
with cdbs, because the target has the name of a file which exists and then
the rules will call this target.
Package: guile-1.6-slib
Severity: serious
Hi
The package depends on slib, but slib conlicts with guile-1.6-slib.
The changelog entry of the slib maintainer is:
* Conflict with libguile9 <= 1:1.4-26 and guile-1.6-libs <= 1.6.7-1.1.
These both contain a "slib.scm" (which is their version of the sli
Package: samba
Version: 3.0.20b-2
Severity: serious
Hi
The samba package is currently uninstallable, because the package
libdb4.1 is removed from the archive.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Archite
Package: yelp
Version: 2.10.0-3
Severity: serious
Hi
The package needs to be rebuild, because the package libdb4.1 is removed
from the archive and now your package is uninstallable.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (
Package: totem-xine
Version: 1.0.5-1
Severity: serious
Hi
The package needs to be rebuild, because the package libdb4.1 is removed
from the archive and now your package is uninstallable.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT poli
Package: sound-juicer
Version: 2.10.1-3
Severity: serious
Hi
The package needs to be rebuild, because the package libdb4.1 is removed
from the archive and now your package is uninstallable.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT p
Package: python2.4-gnome2
Version: 2.10.0-4
Severity: serious
Hi
The package needs to be rebuild, because the package libdb4.1 is removed
from the archive and now your package is uninstallable.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
A
Hi
Thanks for the hint ( shit i missed reading the mail on debian-devel ;( ).
I rebuild it and made the changelog entry, but i am not a DD so i can't upload
it and now i am waiting for my sponsor.
Package is available at:
http://developer.skolelinux.no/~white/debs/kgeography/
Greetings
Steffen
Package: ftp.debian.org
Severity: serious
Hi
Please remove this package because the provided binary now
exists in kdeedu from kde 3.5 which is now in unstable.
Greetings
Steffen
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Archit
Package: unsermake
Severity: grave
Hi
I build a package in pbuilder which needs unsermake to build and it stops with
the following error message:
unsermake
/usr/bin/unsermake: line 11: exec: python2.4: not found
make: *** [build-stamp] Error 127
pbuilder: Failed autobuilding of package
Curren
Package: debian-edu-artwork
Severity: serious
Justification: Policy 3.9
# This is not policy compilant, as $kdmrc is a conffile in
# the kdm package, and we are editing it in a package
# maintainer script. Need to come up with a better way to
# do it.
This is a quote from the update-artwork scri
Package: xscreensaver
Version: 4.24-5
Severity: grave
Tags: security
Justification: user security hole
Hi mate
Please have a look at the patch below I found in the Ubuntu version of
your package. Your package was showing up on the security tracker and I
found a CVE assigned for it. It seems that
Package: horde3
Severity: grave
Tags: security
Justification: user security hole
Hi mate
A possible security hole has been discovered in horde3.
The CVE[0] text says:
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php
in Horde Framework before 3.1.4 RC1, when the login page conta
4.4.cvs20060709-4.1) unstable; urgency=high
+
+ * Non-maintainer upload
+ * Set urgency to high due to RC bugfix and getting the package
+back into testing soon
+ * Remove the make tests, because they are causing an FTBFS and they
+are no longer needed (Closes: #425546)
+
+ -- Steffen Joeris <
update-inetd was moved into a seperate package (Closes: #43532)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 31 Jul 2007 17:31:11 +1000
+
gnats (4.1.0-0.2) unstable; urgency=high
* Non-maintainer upload during BSP
diff -u gnats-4.1.0/debian/control gnats-4.1.0/debian/control
--- gna
Package: vim
Version: 1:7.1-022+1
Severity: grave
Tags: security
Justification: user security hole
Hi mates
I found this CVE[0], which states:
The sandbox for vim allows dangerous functions such as (1) writefile,
(2) feedkeys, and (3) system, which might allow user-assisted attackers
to execute
+
+ * Non-maintainer upload
+ * Fix integer overflow in the StreamPredictor::StreamPredictor
+function by adding post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
+(Closes: #435462) Fixes: CVE-2007-3387
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 05 Aug 2007 10:03:53 +
+
r function
+Fixes: CVE-2007-3387
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 05 Aug 2007 11:18:08 +
+
cupsys (1.2.12-1) unstable; urgency=low
* New upstream release
only in patch2:
unchanged:
--- cupsys-1.2.12.orig/debian/patches/CVE-2007-3387.dpatch
+++ cupsys-1.2.12/debian/
tags 435460 patch
thanks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
/changelog
+++ poppler-0.5.4/debian/changelog
@@ -1,3 +1,12 @@
+poppler (0.5.4-6.1) unstable; urgency=high
+
+ * Non-maintainer upload
+ * Include upstream patch to fix integer overflow in the
+StreamPredictor::StreamPredictor function
+(Closes: #435460) Fixes: CVE-2007-3387
+
+ -- Steffen
Hi
Are there any problems with the upload?
Is there anything blocking you? The security fix is still blocked for testing
this way :/
Cheers
Steffen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: zziplib
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has be issued against zziplib.
The text says:
Stack-based buffer overflow in the zzip_open_shared_io function in
zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted
remote att
Hi
> http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#messag
>e326187
>
> Basically "zzcat $longfilename" crashes. I wouldn't have thought
> this would require a DSA.
Yes you are right, although I understood the CVE text in a different way. I
will downgrade the bug to "nor
Hi
The linux/compiler.h file was in the linux-kernel-headers package, which got
removed from unstable. The file as available for all archs, although afaik
the code is not absoluteley arch-indep. The best way would probably be to put
some ifdef conditions into the code and only use it, if it is
long SMTP commands
+(apply directly, because no patch system is used so far)
+(Closes: #435735) Fixes: CVE-2007-3791
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Wed, 08 Aug 2007 14:49:16 +
+
postfix-policyd (1.80-2.1) unstable; urgency=medium
* Non-maintainer upload.
only in
Hi
Any news on this one? viewvc does not make it into testing atm, because of
this bug and a missing build-depends. Can this patch be included? I noticed
that upstream changed the code in the trunk. I would very much like to get
that issue fixed for unstable and testing.
Thanks a lot for your e
Hi
I just built subversion in a sid-chroot and in my pbuilder/cowbuilder on i386.
It built through. The build log said that a few tests were skipped, but I do
not see any errors. Can we at least lower the severity of this bugreport,
because it blocks the migration of a security fix (CVE-2007-244
Package: lha
Severity: grave
Tags: security
Justification: user security hole
Hi
There is a CVE[0] issued against lha. It also leads to a patch[1], which
apparently fixes the problem. Could you please investigate this.
The CVE text says:
lharc.c in lha does not securely create temporary files, w
33861)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 21 Aug 2007 05:23:01 +
+
emacs21 (21.4a+1-5) unstable; urgency=low
* Move man pages back to emacs21-common. (closes: #414321) [rlb]
diff -u emacs21-21.4a+1/debian/control emacs21-21.4a+1/debian/control
--- emacs21-21.4a+1/deb
severity 439240 important
forwarded 439240 [EMAIL PROTECTED]
thanks
Hi
I tried it again here on an amd64 machine and a friend of mine started it on
an i386 machine and it worked without any problems. Therefore, I dare
lowering the bugreport to "important", so that it is not blocking the testing
Hi
This upload got lost in ftp-master's crash.
Can you please reupload?
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Package: ihu
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against ihu.
CVE-2007-6103:
I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a
denial of service (infinite loop) via a packet that contains zero in the
siz
Package: audacity
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against audacity.
CVE-2007-6061:
Audacity 1.3.2 creates a temporary directory with a predictable name
without checking for previous existence of that directory, which allo
Hi
> Patch: http://lists.mysql.com/commits/37098
> Patch: http://bugs.mysql.com/bug.php?id=29908
Please rather check the full bugreports, instead of the individual commit
messages, because there was more.
For references:
http://bugs.mysql.com/bug.php?id=28597
http://bugs.mysql.com/bug.php?id=29
Package: nagios-plugins
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against nagios-plugins.
CVE-2007-5198:
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbi
NULL pointer, which leads
+to a segfault
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 06 Oct 2007 09:12:18 +
+
nagios-plugins (1.4.8-2) unstable; urgency=low
* fix typo in upstream configure script which caused some plugins
diff -u nagios-plugins-1.4.8/debian/patches/00list
Hi
Just wondering about the packaging progress of the new upstream version.
Looking over the pennmush upstream changelog, it seems that a few buffer
overflows were fixed as well. It would be really nice to get the newest
upstream version into unstable (and then testing).
Cheers
Steffen
signa
Hi
I was just wondering, what the progress of the backporting effort is.
Does it work for you to backport the changes and upload a new package version
to unstable?
Thanks in advance for your efforts.
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
xy-1.0.5/debian/changelog
@@ -1,3 +1,12 @@
+dircproxy (1.0.5-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Backport upstream patch to fix a NULL pointer reference, which
+can lead to a DoS (Closes: #445883)
+Fixes: CVE-2007-5226
+
+ -- Steffe
+ * Fix stack-based buffer overflow in options.c, which allows arbitrary
+code execution or cause of a DoS through remote attackers
+Fixes: CVE-2007-5365
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 12 Oct 2007 12:33:17 +
+
dhcp (2.0pl5dfsg1-20) unstable; urgency=medium
* Takin
Hi
We were just wondering, if you need help with the upload. I think you said
that you want to upload yourself, but I thought quickly checking with you
would be a good idea :)
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Hi
There has been a CVE[0] issued for this bug. Please add a line to your
changelog file, when you close this bug by an upload and state that it fixes
the CVE.
Thanks in advance.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373
signature.asc
Description: This i
vulnerability in scripts/setup.php
+Fixes: CVE-2007-5386
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 13 Oct 2007 05:12:44 +
+
phpmyadmin (4:2.11.1-1) unstable; urgency=low
* New upstream release.
diff -u phpmyadmin-2.11.1/debian/patches/00list
phpmyadmin-2.11.1/debian/p
team
+ * Changed FCKeditor blacklists to whitelists in order to make sure
+that remote attackers cannot upload arbitrary PHP code via a file
+whose name contains unknown extensions (Closes: #444928)
+Fixes: CVE-2007-5156
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 14 Oct 20
Hi
Today, I had a look at the new upstream version 1.7.1, in order to fix
unstable and testing. Thew new upstream version uses a function called
mktempf () . There you generate the tempfile. However, you do not use
the "mktemp" program. I did not try it so far, but I think that it is
possible
Hi
> > I would suggest using mktemp instead, which creates unique temporary
> > filenames, which cannot be guessed.
>
> what would be the point ? $TMPDIR is 0700.
Bah, I overlooked the umask call. Thanks for the pointer.
Cheers
Steffen
signature.asc
Description: This is a digitally signed mes
+ * Include upstream patch to enable whitelisting, instead of
+insufficient blacklisting for file uploads (Closes: #429205)
+Fixes: CVE-2007-5156, CVE-2007-3163, CVE-2007-2630, CVE-2006-0658
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 21 Oct 2007 14:43:37 +
+
moin (1.5.8-4) un
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Wed, 24 Oct 2007 13:08:36 +
+
gnome-screensaver (2.20.0-1) unstable; urgency=low
[ Riccardo Setti ]
only in patch2:
unchanged:
--- gnome-screensaver-2.20.0.orig/src/gs-manager.c
+++ gnome-screensaver-2.20.0/src/gs-manager.c
@@ -1045,7 +
On Thu, 1 Nov 2007 05:37:43 am Robin Haunschild wrote:
> Hi, thanks for the answer,
>
> I forgot to check it, but today I noticed that by the upgrades in the
> meantime the seg faults disappeared.
> Therefore, the bug can be closed.
>
> Am Montag, 29. Oktober 2007 19:38 schrieb Cyril Brulebois:
> >
d.conf is 640 (Closes: #448873)
+(init script sets 600, when called with dump anyway)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 02 Nov 2007 03:23:17 +
+
iscsitarget (0.4.15-4) unstable; urgency=low
[ Frederik Schüler ]
diff -u iscsitarget-0.4.15/debian/rules iscsitarget-0.4.15/d
Hi
Anyone preparing a package upload or is a sponsor needed?
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 03 Nov 2007 00:33:48 +
+
compiz (0.5.2-2) unstable; urgency=low
* oops, shipping copies of a few .h and .pc files in both compiz-dev
diff -u compiz-0.5.2/debian/patches/series compiz-0.5.2/debian/patches/series
--- compiz-0.5.2/debian/patches/
prevent
+possible DoS attack (Closes: #448866)
+Fixes: CVE-2007-4351
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 03 Nov 2007 06:43:25 +
+
cupsys (1.3.2-1) unstable; urgency=low
* New upstream bug fix release.
diff -u cupsys-1.3.2/debian/patches/00list cupsys-1.3.2/debian/p
On Sat, 3 Nov 2007 06:49:17 pm Romain Francoise wrote:
> Steffen Joeris <[EMAIL PROTECTED]> writes:
> > Anyone preparing a package upload or is a sponsor needed?
>
> I can NMU if necessary. Do we have a CVE id for this?
Please go for it, saves me some time :)
Number is CVE-2
With this patch, xscreensaver fails to build:
lock.c: In function ‘update_passwd_window’:
lock.c:1082: error: ‘saver_screen_info’ has no member named ‘root_depth’
make[2]: *** [lock.o] Error 1
make[2]: Leaving directory
`/home/white/white/debian/debs/security/xscreensaver/new/xscreensaver-5.03/dr
On Tue, 6 Nov 2007 01:52:56 pm Jamie Zawinski wrote:
> On Nov 5, 2007, at 4:11 PM, Steffen Joeris wrote:
> > With this patch, xscreensaver fails to build:
>
> Sorry, typo: pw->prompt_screen should have been pw->prompt_screen-
>
> >screen. Revised patch:
The patch w
severity 449497 wishlist
tags 449497 wontfix
thanks
Hi Michael
To the best of my knowledge, not all printers need this firmware. Thus, the
package is operational without additional firmware. Unfortunately, some
printers need firmware, that is right. Please feel free to ask hp or the
other prin
Package: perl
Version: 5.8.8-11.1
Severity: grave
Tags: security
Justification: user security hole
Hi
There has been a DSA for perl.
Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in Perl's regular expression
compiler, probably allowing at
Hi
Another CVE[0] has been issued against bandersnatch.
CVE-2007-6001:
Multiple cross-site scripting (XSS) vulnerabilities in index.php in
Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or
HTML via the (1) func or (2) date parameter, or the jid parameter in a (3)
log o
@@
+gallery (1.5.5-pl1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload during BSP
+ * Fix unconditional use of debconf in postrm (Closes: #416747)
+ * Include Spanish debconf translation (Closes: #423703)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 18 May 2007 21:48:30 +1000
+
g
)
+Thanks to Steve Lord Flaubert
+ * Include German debconf translation (Closes: #413380)
+Thanks to Helge Kreutzmann
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 18 May 2007 23:15:14 +1000
+
hotway (1:0.8.4-2.1) unstable; urgency=low
* Non-maintainer upload to fix a longstandi
ts (Closes: #416754)
+ - Add a check in gnats.postrm.in
+ - Remove the manual debconf calls from gnats-user.postrm.in as they
+ are added by debhelper automatically
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Fri, 18 May 2007 22:35:36 +1000
+
gnats (4.1.0-0.1) unstable; urgency=low
+++ lirc-0.8.0/debian/changelog
@@ -1,3 +1,10 @@
+lirc (0.8.0-9.3) unstable; urgency=high
+
+ * Non-maintainer upload during BSP
+ * Fix unconditional use of debconf in postrm (Closes: #416930)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 19 May 2007 22:24:22 +1000
+
lirc (0.8.0-9.2) un
Hi All
From the testing-security point of view, I would not see any problem with
bumping the urgency and letting it migrate to lenny. The ppc buildd still
needs to pick it up and I guess that S390 is a matter of time.
Thanks for your efforts.
Cheers
Steffen
signature.asc
Description: This is
Hi
I was just wondering about the status of this security bug.
Shall we go ahead and deactivate the svn support via NMU and you can decide
what to do later or do you likely have the time to do the splitting?
Thanks for your feedback.
Cheers
Steffen
signature.asc
Description: This is a digitall
splitting the packages and providing
+ a binary package, which enables these features, but warns about
+ them and one, which is safe and has them disabled, like this
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 25 Sep 2007 10:06:31 +
+
scponly (4.6-1) unstable; urgency=high
Package: dibbler
Severity: grave
Tags: security
Justification: user security hole
Hi
There are three CVEs issued for dibbler.
CVE-2007-5028:
Dibbler 0.6.0 on Linux uses weak world-writable permissions for
unspecified files in /var/lib/dibbler, which has unknown impact and
local attack vectors.
Package: koffice
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.
CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler
Package: kdegraphics
Version: 4:3.5.7-3
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.
CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as
Package: snort
Severity: serious
Hi
When I checked snort for testing migration, I saw that it did not build
on a few archs (arm, hppa, ia64, s390 and sparc) and it always has this
error message:
ps2pdf faq.ps
make[1]: *** [faq.pdf] Bus error
make[1]: *** Deleting file `faq.pdf'
rm faq.ps faq.dvi
Hi
Any news on this bug yet?
Cheers
Steffen
signature.asc
Description: This is a digitally signed message part.
Package: wordnet
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) has been issued against wordnet.
CVE-2008-2149:
Stack-based buffer overflow in the searchwn function in Wordnet 2.0,
2.1, and 3.0 might allow context-dependent attackers to execute
arbitrar
81164)
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Wed, 14 May 2008 13:01:46 +
+
python-django (0.96.1-3) unstable; urgency=low
* Fix for bash completion (Upstream bug 6661)
only in patch2:
unchanged:
--- python-django-0.96.1.orig/debian/patches/04_XSS_fix.diff
+++ python-django-0.96.1/deb
On Thu, 15 May 2008 01:42:21 am Raphael Hertzog wrote:
> On Wed, 14 May 2008, Steffen Joeris wrote:
> > Attached you will find the patch from upstream. Please let me know, if
> > you have time for it or want me to upload.
> > Don't worry, I will wait a few days.
>
Hi Andreas
Sorry for the late reply.
> I've got no answer to this question for nearly 24 hours. Because I
> consider it more important to fix a known issue _now_ instead of doing a
> long research for other issues for perhaps weeks I will upload packages
> with the proposed fix in the next hour.
e; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix Cross-site request forgery (CSRF) vulnerability that allowed
+certain actions via HTTP requests without performing any validity
+checks (Closes: #481504) Fixes: CVE-2008-2276
+
+ -- Steffen Joeris <[EMAIL PROTECT
Somehow the mail was just sent to the maintainer, here is a copy for the
bugreport.
Hi Patrick
> I haven't looked deeper in your patch, but it seems reasonable.
> I have forwarded it to the developers, because they are currently
> or has been working on this issue recently and I wanted to hear t
"format=raw" parameter for raw disk images
+- Fixes possible privilege escalation, which could allow guest users
+ to read arbitrary files on the host by modifying the header to identify
+ a different format (Closes: #481204) Fixes: CVE-2008-2004
+
+ -- Steffen Joeris <[
Package: libvorbis0a
Version: 1.2.0.dfsg-3.1
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
The following CVEs(0,1,2) have been issued against libvorbis.
CVE-2008-1423:
Integer overflow in a certain quantvals and quantlist calculation in
Xiph.org libvorbis 1.2.0 and
Package: libxslt1.1
Version: 1.1.23-1
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
The following CVE(0) has been issued against libxslt.
CVE-2008-1767:
Buffer overflow in pattern.c in libxslt before 1.1.24 allows
context-dependent attackers to cause a denial of ser
Hi Mike
On Sun, 25 May 2008 01:01:52 am Mike Hommey wrote:
> On Sat, May 24, 2008 at 08:16:05PM +1000, Steffen Joeris wrote:
> > Package: libxslt1.1
> > Version: 1.1.23-1
> > Severity: grave
> > Tags: security, patch
> > Justification: user security hole
>
1 - 100 of 278 matches
Mail list logo
