On Sat, November 19, 2016 07:24, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-cas-dummy : Depends:
>> libssl-dev but it is not going to be installed
>> E: Unable to correct problems, you have held broken packages.
>> apt-get f
On Sat, November 19, 2016 07:25, Lucas Nussbaum wrote:
>> The following packages have unmet dependencies:
>> sbuild-build-depends-libapache2-mod-auth-mellon-dummy : Depends:
>> liblasso3-dev (>= 2.1.0) but it is not going to be installed
>> E: Unable to correct problems, you have held broken packa
On Mon, November 28, 2016 13:56, Scott Kitterman wrote:
> On Sun, 13 Nov 2016 18:31:48 +0100 Thijs Kinkhorst
> wrote:
>> Package: squirrelmail
>> Severity: serious
>>
>> SquirrelMail has been missing from Stretch for a while now and I intend
>> to leave it th
loses: #849626).
+
+ -- Thijs Kinkhorst Wed, 04 Jan 2017 16:31:03 +
+
libphp-swiftmailer (5.4.2-1) unstable; urgency=medium
* Imported Upstream version 5.4.2
diff -Nru libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE-2016-10074.patch libphp-swiftmailer-5.4.2/debian/patches/0001-fix-CVE
Package: rst2pdf
Version: 0.93-7
Severity: serious
Hi,
rst2pdf calls fc-match in findfonts.py, but does not list a dependency
on fontconfig. If you don't have it installed, building the document
will succeed but the document itself is empty.
Cheers,
Thijs
Hi Chris,
On Thu, March 25, 2021 02:42, Chris Hofstaedtler wrote:
> Source: cpqarrayd
> Version: 2.3.6
> Severity: serious
>
> Linux upstream has removed the "cciss" driver in 4.14-rc1. cpqarrayd
> needs the cciss driver to function.
>
> I imagine we shouldn't ship software that did not work with
10045): apply commits
+4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
+
+ -- Thijs Kinkhorst Fri, 30 Dec 2016 11:22:28 +
+
libphp-phpmailer (5.2.14+dfsg-2) unstable; urgency=medium
* Team upload
diff -Nru libphp-phpmailer-5.2.14+dfsg/debian/patches/0002-Fix-CVE-2016-10033-CVE
ibphp-phpmailer (5.2.14+dfsg-2.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix regression in previous update: remove check for
+Sendmail binary, upstream commit ed4e7ce8.
+
+ -- Thijs Kinkhorst Mon, 02 Jan 2017 14:21:27 +
+
libphp-phpmailer (5.2.14+dfs
close 828378 1.1-2
thanks
Package: squirrelmail
Severity: serious
SquirrelMail has been missing from Stretch for a while now and I intend
to leave it that way. This bug is to document this explicit choice (and
room for any concerns).
Upstream (of which I'm, at least on paper) part, has not made any new
release of Squirrel
On Tue, May 29, 2018 23:08, Moritz Muehlenhoff wrote:
> On Sat, Oct 14, 2017 at 08:03:27AM +0200, Thijs Kinkhorst wrote:
>> Hi,
>>
>> On Thu, October 12, 2017 23:44, Sebastian Andrzej Siewior wrote:
>> > this is a remainder about the openssl transition [0]. We
On Wed, May 30, 2018 20:22, Michael Shuler wrote:
> On 05/30/2018 12:46 PM, Sebastian Andrzej Siewior wrote:
>>
>> I've read about this bug (and the other one) on d-devel. I uploaded
>> recently a new version of openssl to unstable (1.1.0h-3)which changes
>> the exit code of "openssl rehash" to zer
Hi Thorsten,
On Sat, August 26, 2017 16:44, Thorsten Alteholz wrote:
> Hi,
>
> I just wanted to tell everybody that oysttyer just entered unstable.
>
> Thorsten
Thanks!
Do you think it would be useful if oysttyer would also provide a
transitional package ttytter, or should we remove ttytter wh
forcemerge 838288 873505
thanks
On Wed, August 30, 2017 00:58, Pete Donnell wrote:
> Apologies, turns out that this is a duplicate of
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838288
>
> Applying the patch included there fixed it.
Thanks for the extra confirmation.
I've uploaded a fixe
>> I plan to release Mailman 2.1.26 along with a patch for older releases
>> to fix this issue on Feb 4, 2018. At that time, full details of the
>> vulnerability will be public.
I've reserved time on Sunday to in any case to sid when the fix is
released, and depending on the details/severity look
Hi Brian,
> Currently getting this error building the latest version - as in the
> Debian git package.
>
> Possibly this is because we depend on a package that needs updating -
> mostly likely mkdocs or jinja2 - but wonder which one? Maybe we should
> just update both anyway.
We're half a year o
Hi,
On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
> Package: src:mailman
> Version: 1:2.1.29-1
> Severity: serious
> Justification: Policy 2.2.1
>
> This package Depends/Build-Depends on python-dnspython which is an NBS
> cruft package. Please update your package to use python3-dnspython, w
On Tue, April 21, 2020 18:02, Andrew Hodgson wrote:
> Thijs Kinkhorst wrote:
>>On Sun, March 8, 2020 20:01, Scott Kitterman wrote:
>>> Package: src:mailman
>>> Version: 1:2.1.29-1
>>> Severity: serious
>>> Justification: Policy 2.2.1
>>>
>
On Tue, 2006-05-23 at 12:36 +0200, Thijs Kinkhorst wrote:
> Problem is that Jeroen announced that he's on a trip through Mexico
> now,
> so I'm left without someone to upload. Maybe the (testing) security
> team
> or any other DD interested in getting this bug fixed, can
On Sun, 2006-05-28 at 22:11 +0100, Steve Kemp wrote:
> Uploaded.
Thanks! But... can't find the upload anywhere? Maybe something went
wrong or am I looking the wrong way?
Thijs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello Matthew,
This package hasn't seen an update in 1.5 years and now has this RC bug.
I intend to NMU debroster anytime soon for this RC-bug with the attached
patch. I've completely removed the key specification for sort because it
eliminates valid contributors. The only possible risk is that a
On Fri, 2006-06-02 at 16:44 +0200, Julien Danjou wrote:
> On Mon, May 15, 2006 at 12:14:48PM -0300, Jose Carlos Medeiros wrote:
> Hello Jose,
>
> > You are right.
> > I will upload webalizer patched today.
>
> Any news ?
I'm also waiting a bit... :) Thanks in advance for your work.
Thijs
sig
Hello all,
> up until the first nul byte. I see that the plugins[] array is actually
> never reset in the squirrelmail source or configuration, allowing for
> this kind of things.
Right, I agree that the bug exists; it has been discussed on the
upstream [EMAIL PROTECTED] list but I appearently mi
severity 373731 important
thanks
On Thu, 2006-06-15 at 14:49 +0200, Moritz Muehlenhoff wrote:
> I don't think this warrants a security update for stable.
Thanks. I'm downgrading it to important - I expect a new upstream at the
end of this month that will resolve the bug. I'll check whether or not
On Wed, April 5, 2006 23:20, Erich Schubert wrote:
> Hi,
>
>> Erich, will you request removal from unstable, or do you want me to do
> I had someone who mentioned interest in maintaining minit once, I think
> this year, and way past I had orphaned it. I'll ask him if he still wants
> to become the
On Sun, 2006-04-30 at 21:31 +0200, Stefan Fritsch wrote:
> Unspecified vulnerability in phpBB allows remote authenticated users
> with Administration Panel access to execute arbitrary PHP code via
> crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature
> values, possibly involving th
Hello Jose Carlos,
On Wed, 26 Apr 2006 18:24:09 -0300, you wrote:
> I have one sponsor, Im solving another bugs before send him webalizer.
> I will send this package tomorrow.
Did you make any progress on this? I'd prefer if you uploaded the new
webalizer version quickly than if it takes longer
Hello,
> I'll make the valgrind dependency architecture dependent. I'll
> have to do some reading to figure out how to do that.
Here's a patch.
Thijs
--- poker-network-1.0.19.orig/debian/control 2006-05-15 14:26:52.0 +0200
+++ poker-network-1.0.19/debian/control 2006-05-15 14:20
On Mon, 2006-05-15 at 08:31 +0200, Jeroen van Wolffelaar wrote:
> On Wed, May 03, 2006 at 10:56:33AM +0200, Thijs Kinkhorst wrote:
> > Thanks for the report. While I think that people who are admin can
> > already do a lot of damage and should hence be considered trusted,
> >
tags 365533 pending
thanks
On Thu, 2006-05-18 at 05:21 +0200, Moritz Muehlenhoff wrote:
> > W.r.t. unstable, I will look into that very soon, we'll need to be
> > upgrading to a new upstream aswell. I'll check whether that can be done
> > in the short term, if not, I'll prepare a patched package.
Hello,
Stefan Fritsch has prepared a QA upload that fixes this RC bug, and
awaits a sponsor. The packages can be found at this URL;
signature.asc
Description: This is a digitally signed message part
On Tue, 2005-11-22 at 10:22 +0100, Thijs Kinkhorst wrote:
> Hello,
>
> Stefan Fritsch has prepared a QA upload that fixes this RC bug, and
> awaits a sponsor. The packages can be found at this URL:
The packages can be found at this URL:
http://tuco.sfritsch.de/~stf/squidguard/
Richard Antony Burton <[EMAIL PROTECTED]> wrote:
> Until recently this worked fine, but now I'm getting:
> Connecting to master.debian.org via SMTP...
> SMTP send failure: {'[EMAIL PROTECTED]': (550, 'relay not permitted')}
Don't you think this bug could be better solved by having master relay
mai
On Tue, 2005-11-22 at 12:59 +0100, Stefan Fritsch wrote:
> There is also a possible license problem (a weird interpretation of GPL
> on the upstream homepage). But maybe this can be ignored for the moment to
> get rid of libdb4.1.
Let's take a look...
Jeroen van Wolffelaar <[EMAIL PROTECTED]> w
5-2967, Closes: #332919, #333682).
+ * Fix bashism in debian/rules causing a FTBFS (Closes: #337996).
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]> Wed, 23 Nov 2005 09:42:39 +0100
+
xine-lib (1.0.1-1.3) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- xine-
retitle 337391 libcgi-ssi-perl: requires net access to build
tags 337391 +pending
thanks
While the build-depends on netbase indeed solves this bug for networked
build hosts, the real problem was that 'make test' tried to access network
resources. I've disabled those tests that require network acce
think that it might be better to remove this package
from Debian? Or is there still a need to keep it?
If you think it's right to remove it, please reassign this bug to
ftp.debian.org.
thanks,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Hello Laurent,
> Could you upgrade quickly? This bug is open for 29 days and involve
> security problems...
Coincidentally we were already working on it, and the fix has been
uploaded to Debian last night.
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
On Tue, 2005-11-01 at 20:52 +0100, Thijs Kinkhorst wrote:
> Packages for 2.0.18 for sid are nearly ready, we only need some code to
> add a new database table. Jeroen is working on this, and will upload as
> soon as this is fixed.
Packages for sid have been uploaded. CVE-names were no
On Wed, November 30, 2005 18:02, Thijs Kinkhorst wrote:
> CVE-2005-3418: Multiple cross-site scripting (XSS) vulnerabilities
> - 1. error_msg parameter to usercp_register.php
> - 2. forward_page parameter to login.php
> - 3. list_cat parameter to search.php
> - Only relevant when r
e only a vulnerability when running with the
+heaviliy discouraged register_globals = off setting)
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]> Wed, 30 Nov 2005 11:52:53 +0100
+
phpbb2 (2.0.13+1-6sarge1) stable-security; urgency=high
* Security update by phpBB maintainers
only in patch
retitle 320961 RM: cabot (orphaned, never part of a stable release, never part
of testing, dead upstream, better alternatives exist)
reassign 320961 ftp.debian.org
thanks
Dearest ftp-masters,
I'm requesting the removal of cabot from Debian for the following
reasons:
- The package has been orpha
On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote:
> You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable
> to it? Or did you miss it? Or did you just didn't document this?
This has been fixed but indeed isn't documented in the changelog. The
fact is that CVE-2005-341{
y; urgency=high
+
+ * NMU for security bug
+ * CVE-2005-3334: Sanitize incoming GET parameters in index.php.
+Patch from unstable package (Closes: #335997).
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]> Mon, 19 Dec 2005 13:15:26 +0100
+
flyspray (0.9.7-2) unstable; urgency=high
* Let t
On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote:
> For stable:
> I've extracted the right patch from the unstable version (which has been
> present without any bugreports since the end of October), and that is
> attached. I've also prepared updated package
On Mon, 2005-12-19 at 15:04 +0100, Florian Weimer wrote:
> * Thijs Kinkhorst:
>
> > For the testing (etch) and unstable distribution (sid) this problem has
> > been fixed in version 0.9.8-5.
>
> > close 335997 0.9.8-4
>
> -4 or -5?
The changelog for -4 l
On Mon, 2005-12-19 at 16:26 +0100, Pierre Habouzit wrote:
> > > Multiple Cross-Site-Scripting vulnerabilties have been found in
> > > Flyspray. Have a look at
> > > http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-va
> > >riable.html for more details. This has been assigned CVE-2005
On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote:
> -6 is the package that will fix all that should be, and it'll enter etch
> in 10 days from now.
Great, my interest is that the problem is addressed in the best way
possible :) What about stable, do you want to prepare new updated
package
On Wed, 2006-04-05 at 19:45 +0200, Erich Schubert wrote:
> Hi,
> > There's of course the question whether it should be removed altogether
> > since it's orphaned, but that's a different one, and I don't see a
> > pressing reason for that (there are a handful of users and no bugs).
>
> A couple of
reopen 263358
thanks
On Wed, 2006-04-05 at 14:04 -0400, Justin Pryzby wrote:
> As it stands, this package will move to testing. Do you really want
> that to happen? I think an RC bug about "don't move to sarge" should
> remain RC even after sarge released, unless someone agreeing to
> maintain t
> libmysqlclient14-dev no longer exists in unstable; you have to move to
> version 15.
As noted in #357069, you just need to remove the build dependency since
it's unneeded.
Thijs
signature.asc
Description: This is a digitally signed message part
Hello,
Thanks for your report.
On Sun, 2006-03-05 at 16:34 +0100, Jochen Topf wrote:
> There are several security fixes in squirrel mail 1.4.6 which came out
> 23 February 2006.
Yes, indeed. There are bugs filed about that. I'm already working on
packages that fix those issues, it's taken a litt
On Mon, 2006-03-06 at 18:40 +0100, Jochen Topf wrote:
> On Mon, Mar 06, 2006 at 06:10:19PM +0100, Thijs Kinkhorst wrote:
> > > But the stable version 1.4.4 hasn't changed since
> > > August of last year.
> >
> > There has been an update of the stable vers
Hello all,
I've prepared updated packages for these bugs for oldstable, stable and
unstable. Please find those packages here:
http://www.a-eskwadraat.nl/~kink/squirrelmail/
The unstable packages are awaiting review and upload by Jeroen. Testing
will be updated within a few days after the unstable
On Tue, 2006-06-27 at 10:02 +0200, Pierre Habouzit wrote:
> Le lun 26 juin 2006 21:53, Petr Vandrovec a écrit :
> > Maybe it could be default for tar's POSIX mode, but I have no idea
> > why GNU mode behavior should be changed in any way.
>
> I second that. it's now completely unpossible to do bas
On Tue, 2006-06-27 at 13:00 +0100, Neil Williams wrote:
> It's not so much packages already in the archive, it's every package
> that is being prepared to be uploaded.
>
> Lintian *always* fails for all packages that I build on a system with
> the updated tar. None of those packages failed prior t
> > For example, who can say who is the copyright holder for
> > img/icons/clear.gif and what are its
> > conditions of use ?
>
> Well, the one who committed it to CVS should definitely have checked,
> and documented, if an icon is covered by copyright. If someone just took
> a bunch of icons off
Hello all,
> In other words, if distributing the jar 'svn-javahl.jar', the package
> should be named 'libsvn-javahl-java'. Though I can't help but wondering
> about the value of the javahl part of the package name.
I really doubt that this issue is release critical. I've looked through this
file
On Thu, October 27, 2005 14:56, Martin Schulze wrote:
>> I assume you've prepared packages of 0.19.3?
>> This would address the SQL injection issue and the other XSS in
>> view_all_set as well, which are both not yet in the BTS.
>>
>> The latest issues have been assigned CVE-2005-333[6789], BTW.
>>
ields errors. Hence, I can't test
them, but agree with Moritz assertions that woody is most probably not
vulnerable.
regards
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
> The included patches look fine and correlate to what I extracted from the
> interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
>
> The mantis bug is non-public, but according to the description it's
> a cross-site-scrip
On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote:
> | After these weaknesses were found and disclosed to the vendor
> | nearly 80 days ago, several problems with unitialised variables
> | were discovered that allow XSS, SQL injection and even remote
> | execution of arbitrary PHP code, wh
On Mon, 2005-10-31 at 17:22 +0100, Moritz Muehlenhoff wrote:
> It's hard to tell, whether it's the same issue as #5959 is non-public, but at
> least there are two different CVE mappings. (CVE-2005-2557 and CVE-2005-3337).
> But it might very well be that the CVE description is wrong, as all these
On Mon, 24 Oct 2005 18:46:13 +0300, Faidon Liambotis <[EMAIL PROTECTED]>
writes:
> upstream's SVN log shows several bugfixes, including memory leak
> fixes. An update to the latest version will probably fix these
> problems.
Actually, Debian already contains the most recent upstream release,
2.6.2
On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote:
> A new round of security issues in phpBB has been disclosed.
Hello people,
Here's an update on the current state of affairs of the issues fixed in
2.0.18.
UNSTABLE
Packages for 2.0.18 for sid are nearly ready, we only need some code to
ad
these bugs, that would also suffice.
Thanks in advance.
Thijs Kinkhorst
p_server_address = 'ssl://' . $imap_server_address;
Otherwise, thank you for your report, I will check this out with
upstream to see what's going on here.
regards,
Thijs Kinkhorst
signature.asc
Description: This is a digitally signed message part
Hello people,
> Also, you need to make sure the package builds on a machine which is
> offline, since requiring network access during a package build is a
> serious problem -- although I haven't yet been able to check whether
> that's the case here.
I can confirm that the package doesn't build co
NMU this. Of course this is not
intended as an offence; it's part of my NM-process to fix an RC bug and
prepare an NMU for it.
regards,
Thijs Kinkhorst
diff -u libcgi-ssi-perl-0.88/debian/changelog libcgi-ssi-perl-0.88/debian/changelog
--- libcgi-ssi-perl-0.88/debian/changelog
+++ lib
retitle 242117 Should cabot be removed?
thanks
Hello all,
I propose to remove cabot from Debian for the following reasons:
* Has been orphaned for nearing four months now.
* Has never been part of stable or testing.
* Is not maintained upstream.
* Functionality is provided by caff from the signi
On Fri, 2005-12-30 at 05:02 +0100, Moritz Muehlenhoff wrote:
> Lots of vulnerabilites have yet again been found in Mantis:
Since I've taken care of the previous round of vulnerabilities, I'll
take a look to see what I can do here, but provide no guarantees at this
point.
> [Hilko, in another bug
reopen 335997
found 335997 0.9.7-2
thanks
Hello Pierre,
Sorry, didn't have time to get back to this earlier. I've verified that
unstable is indeed completely fixed for CVE-2005-3334 (which contains
some typos in the names of the affected variables).
> Though, please note that this XSS vulneratib
severity 346255 minor
thanks
Hello Frederik,
On Fri, January 6, 2006 18:18, Frederik Reiss wrote:
> on http://qa.debian.org/developer.php it is possible to inject javascript
> and html tags:
>
> http://qa.debian.org/developer.php?excuse=%3Cscript%20type=text/javascript%3Ealert(this)%3C/script%3E
On Fri, January 6, 2006 06:48, Igor Genibel wrote:
> Please read the bugs filled against wnpp concerning mantis. It is already
> adopted and uploaded.
Good to hear that. Especially with those vulnerabilities it's good when
there's an active maintainer.
BTW, are you considering of moving the data
Hello Mike,
> After discussing the situation with upstream, we agreed that vegastrike
> would better serve our users if it was not shipped in sarge.
Sarge has been released, will vegastrike be ready at the time of etch?
Thijs
signature.asc
Description: This is a digitally signed message part
Hello Hugo,
> I feel kmatplot should not release with sarge. The project is dead
> upstream, qmatplot should be considered at least, but even that is just
> a "make kmatplot build with gcc3" patched kmatplot 0.4.
Sarge has been released. I think it would be good to either decide to
let the packa
> This package is not ready for a stable release yet so this bug will
> keep it out of Sarge.
Sarge has been released; time to let the package flow to testing,
preparing it for etch?
Thijs
signature.asc
Description: This is a digitally signed message part
> I do not believe that the phpwiki package, as-is, is suitable for testing.
> It is several minor releases behind upstream, will take significant work to
> ensure easy upgrades to the latest upstream version, and has lots of minor
> things that make it quirky in live use.
Sarge has been release
Hello Erich,
> Minit should not be included in sarge.
> The packaging is experimental and i did not recieve any feedback yet.
> Since minit doesn't have any dependencies it can be installed from
> unstable on even a potato system easily.
Since sarge has been released, do you think it would be tim
Hello Martin,
> too old for release, package of new upstream version 1.3.2 not yet in
> releaseable condition.
I think it would be good to either upload the new upstream to unstable
and let it propagate to testing, or if this is not possible remove the
package from unstable aswell. This intermedi
On Sat, 2006-01-07 at 23:38 +1300, Matt Brown wrote:
> On Sat, 2006-01-07 at 11:07 +0100, Thijs Kinkhorst wrote:
>
> > Sarge has been released by now; the package has been adopted by a new
> > maintainer who made quite some progress in reducing the bug list. Is it
> > now
Hello Bradley, George,
gnokii now has an RC bug. However, Bradley offered it up for adoption in
<[EMAIL PROTECTED]>, and George responded that he
would take it, so that's great. This would be a good time for George to
make a new upload :)
> This is a serious bug filed against your package becau
On Tue, 2006-01-10 at 20:18 +, George Wright wrote:
> On Mon, 2006-01-09 at 12:24 +0100, Thijs Kinkhorst wrote:
> > Hello Bradley, George,
>
> > However, since there hasn't been concrete action from George yet, I plan
> > to NMU this package after a week from no
tags 346710 +patch
thanks
Hello,
Here's the patch.
Thijs
Package: gnokii
Version: 0.6.8-0.2
Followup-For: Bug #346710
Patch now attached.
--- control.orig2006-01-12 16:33:08.0 +0100
+++ control 2006-01-12 16:33:26.0 +0100
@@ -2,7 +2,7 @@
Section: comm
Priority: optional
Maintainer: Bradley Marshall <[EMAIL PROTECTED]>
-Bui
tags 348044 moreinfo
thanks
Hello Lewis,
> Unable to install the process exits with sub-process error.
> apt-get remove --purge ca-certificates and later re-installation also fails.
I have tried and can install the package here just fine. The
'sub-process error' is not the real error but an indi
Hello Pierre & security team,
While this issue has been addressed in unstable before the holidays,
CVE-2005-3334 (multiple xss in flyspray) is still open in sarge. I've
taken the liberty to prepare a patch and updated packages.
In short:
Taken patch from sid(/upstream), updated it to match the st
Hello Pierre,
On Mon, January 16, 2006 18:44, Pierre Habouzit wrote:
> thanks a lot to have it sorted out !
>
> should I prepare a security upload aimed to sarge ? or do the security
> team will handle it ? I must say I'm not very used to security uploads
> (this one beeing almost my first one).
>
tags 317739 fixed-upstream
thanks
On Thu, 2005-07-14 at 09:16 +0200, Thijs Kinkhorst wrote:
> This is CAN-2005-2161.
Upstream has released 2.0.17 with a patch for this vulnerability. I'll
prepare updated packages for our current Debian versions, and after that
we'll probably also
Hello Kurt, Thomas,
Since aspell-nl now has an RC bug (#319156) it might be the right time
to adopt the package?
regards,
Thijs
signature.asc
Description: OpenPGP digital signature
On Tue, 2005-10-11 at 22:58 +0200, Bastian Blank wrote:
> Package: dutch
> Version: 1:0.1e-39
> Severity: serious
>
> There was an error while trying to autobuild your package:
Thank you for your report.
> > Automatic build of dutch_1:0.1e-39 on debian01 by sbuild/s390 69
> [...]
> > ** Using bu
Hello,
> I will upload a new release to correct the 'minor' and 'normal' bugs
> soon.
Since the maintainer indicated he is working on the package and it is
still relevant, is it still necessary to keep this bug release critical
or can the severity be lowered?
Thijs
signature.asc
Description:
Hello,
On Thu, 29 Sep 2005, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
> the latest DSA upload that fixed several others:
>
> - 0006097: [security] user ID is cached indefinately (thraxisp)
> - 0006189: [security] Lis
On Wed, October 26, 2005 23:30, Moritz Muehlenhoff wrote:
> Another security problem has been found in mantis. Insufficient
> input sanitising of the t_core_path parameter may be exploited to perform
> arbitrary file inclusion. Please see
> http://secunia.com/secunia_research/2005-46/advisory/ for
On Thu, October 27, 2005 11:26, Moritz Muehlenhoff wrote:
> I assume you've prepared packages of 0.19.3?
> This would address the SQL injection issue and the other XSS in
> view_all_set as well, which are both not yet in the BTS.
Yes, I have.
Thijs
Hello people,
Just for the record here, the eAccelerator upstream website lists the
following news item:
> 2005/07/11 - License Issue
> Frank Alcantara is now speaking directly to Mr. Turck, the owner of
> the copyright. We are making progress. Thanks for all people who have
> helped us. We will
severity 325215 normal
close 325215 2:1.4.5-1
thanks
On Fri, 2005-08-26 at 18:16 -0300, Ezequiel Larrarte wrote:
> Package: squirrelmail
> Version: 2:1.4.4-6sarge1
> Severity: grave
> Justification: renders package unusable
Please, this is not a grave bug. That in some cases some attachments
don'
tags 222664 pending
thanks
Hello,
This bug has been fixed and will appear in the next upload of
signing-party. Thank you for reporting!
Thijs Kinkhorst
signature.asc
Description: OpenPGP digital signature
Hello,
Please find attached a patch to fix this bug.
Since there was nu response from the maintainer at all, for 10 days now,
is a NMU warranted?
regards,
Thijs
--- include/functions.inc.php.orig 2005-05-10 18:59:08.805797600 +0200
+++ include/functions.inc.php 2005-05-10 18:58:52.2873087
On Tue, May 10, 2005 14:55, Ulf Harnhammar wrote:
> Protecting against this type of attack is much more complicated than
> this. As Jeroen noted, HTML entities are interpreted, so you have to
> protect against things like "javascript:". Some browsers allow varying
> amounts of whitespace inside pro
1 - 100 of 737 matches
Mail list logo
