Re: Bug Severity Help

2014-10-07 Thread Bill Blough
On Wed, Oct 08, 2014 at 02:12:30PM +0800, Paul Wise wrote: > On Wed, Oct 8, 2014 at 2:08 PM, Bill Blough wrote: > > > Probably so. And while it's an intriguing idea to think about, in my > > opinion > > it defeats the purpose, since xalan is an xlst implementation that > > provides an > > alte

Re: Bug Severity Help

2014-10-07 Thread Paul Wise
On Wed, Oct 8, 2014 at 2:08 PM, Bill Blough wrote: > Probably so. And while it's an intriguing idea to think about, in my opinion > it defeats the purpose, since xalan is an xlst implementation that provides > an > alternative to libxslt. I think I wasn't clear enough in my suggestion wording.

Re: Bug Severity Help

2014-10-07 Thread Bill Blough
On Wed, Oct 08, 2014 at 12:21:57PM +0800, Paul Wise wrote: > On Wed, Oct 8, 2014 at 11:40 AM, Bill Blough wrote: > > > That's an interesting thought. That would likely resolve the issue as > > filed in > > the bug report against the xalan executables. However the same problem > > would > > sti

Re: Bug Severity Help

2014-10-07 Thread Adam Borowski
On Tue, Oct 07, 2014 at 11:40:53PM -0400, Bill Blough wrote: > In my opinion, people *shouldn't* be running untrusted stylesheets any more > than they should run untrusted shell scripts or other code. If we > conveniently > ignore that sometimes people do things that are unwise, then I would say

Bug#741649: marked as done (RFS: tegrarcm/1.6-1)

2014-10-07 Thread Debian Bug Tracking System
Your message dated Wed, 08 Oct 2014 04:24:29 + with message-id and subject line closing RFS: tegrarcm/1.6-1 has caused the Debian Bug report #741649, regarding RFS: tegrarcm/1.6-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it

Re: Bug Severity Help

2014-10-07 Thread Paul Wise
On Wed, Oct 8, 2014 at 11:40 AM, Bill Blough wrote: > That's an interesting thought. That would likely resolve the issue as filed > in > the bug report against the xalan executables. However the same problem would > still technically exist in the underlying library code (libxalan-c). Though, >

Re: Bug Severity Help

2014-10-07 Thread Bill Blough
On Wed, Oct 08, 2014 at 10:53:04AM +0800, Paul Wise wrote: > That sounds of a potential denial of service vulnerability. > > How likely is it that Xalan would be used with untrusted stylesheets > supplied by attackers? In my opinion, people *shouldn't* be running untrusted stylesheets any more th

Re: Bug Severity Help

2014-10-07 Thread Paul Wise
That sounds of a potential denial of service vulnerability. How likely is it that Xalan would be used with untrusted stylesheets supplied by attackers? If you don't think it would be possible to fix it you can ask the release team for a jessie-ignore tag, reportbug release.debian.org, choose "3 o

Bug Severity Help

2014-10-07 Thread Bill Blough
Hi mentors, I am the current maintainer for Xalan [1] and could use some feedback with regard to a particular bug [2]. The bug is currently tagged grave severity due to the possibility of a user-supplied stylesheet causing an out-of-memory condition (due to infinite recursion) and crashing the

Bug#764383: RFS: ddate/0.2.2-1 [ITP]

2014-10-07 Thread Christoph Egger
Hi! Sebastian Schmidt writes: > Alternatively, one can download the package with dget using this command: > > dget -x http://mentors.debian.net/debian/pool/main/d/ddate/ddate_0.2.2-1.dsc Looks good so far although I think lintian's right with this one (of course without the replaces): I: ddat

Bug#759796: RFS: gemrb/0.8.1-1

2014-10-07 Thread Stephen Kitt
Control: owner -1 ! Hi Beren, On Thu, 25 Sep 2014 23:21:20 +0200, Beren Minor wrote: > I am still looking for a sponsor for my GemRB package. > The details are in the OP of this bug report (#759796 > ). I've taken a look at this, and

Re: jellyfish: Syntax error in configure when using autoreconf

2014-10-07 Thread Andreas Tille
Hi Jakub (and Ansgar) On Tue, Oct 07, 2014 at 10:46:10PM +0200, Jakub Wilk wrote: > * Andreas Tille , 2014-10-07, 22:39: > >./configure: line 15474: syntax error near unexpected token `VALGRIND,' > >./configure: line 15474: ` PKG_CHECK_MODULES(VALGRIND, valgrind >= > >1.8.0)' > > It looks l

Re: jellyfish: Syntax error in configure when using autoreconf

2014-10-07 Thread Jakub Wilk
* Andreas Tille , 2014-10-07, 22:39: ./configure: line 15474: syntax error near unexpected token `VALGRIND,' ./configure: line 15474: ` PKG_CHECK_MODULES(VALGRIND, valgrind >= 1.8.0)' It looks like missing build-dependency on pkg-config. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-

Re: jellyfish: Syntax error in configure when using autoreconf

2014-10-07 Thread Ansgar Burchardt
Hi, Andreas Tille writes: > I'm trying to ugrade jellyfish which is maintained here > >Vcs-Git: git://anonscm.debian.org/debian-med/jellyfish.git > > I'm using autoreconf and when building the package this leads to > > ... > checking how to hardcode library paths into programs... immediate >

jellyfish: Syntax error in configure when using autoreconf

2014-10-07 Thread Andreas Tille
Hi, I'm trying to ugrade jellyfish which is maintained here Vcs-Git: git://anonscm.debian.org/debian-med/jellyfish.git I'm using autoreconf and when building the package this leads to ... checking how to hardcode library paths into programs... immediate checking for md5sum... md5sum checking

Bug#764383: RFS: ddate/0.2.2-1 [ITP]

2014-10-07 Thread Sebastian Schmidt
Package: sponsorship-requests Severity: normal Dear mentors, I'm looking for a sponsor for the "ddate" package which isn't present in util-linux as of 2.25. It builds those binary packages: ddate - convert Gregorian dates to Discordian dates To access further information about this package,

Bug#764381: RFS: binwalk/2.0.1+dfsg-1 [RC]

2014-10-07 Thread Gianfranco Costamagna
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "binwalk" * Package name: binwalk Version : 2.0.1+dfsg-1 Upstream Author : Craig Heffner * URL : ttps://github.com/devttys0/binwalk/ * License : Expat It

Bug#764150: marked as done (RFS: proj/4.9.0~rc2-1~exp1)

2014-10-07 Thread Debian Bug Tracking System
Your message dated Tue, 07 Oct 2014 16:25:33 + with message-id and subject line closing RFS: proj/4.9.0~rc2-1~exp1 has caused the Debian Bug report #764150, regarding RFS: proj/4.9.0~rc2-1~exp1 to be marked as done. This means that you claim that the problem has been dealt with. If this is no

Vodafone ADSL: Naviga e chiama senza limiti e in più una SIM da 1GB

2014-10-07 Thread Vodafone partner
Vodafone Wifor [http://ds.databaseacross.it/frd.php?c=eyJpZENsaSI6Ijk1MSIsImlkQ2FtcCI6IjMxNjY4NyIsImNvZCI6NjAxOTg1MywiY2F0IjoiMzIiLCJjbnQiOiJJVEEiLCJsaXN0IjoibGlzdF9BbHBoYTU3XyIsImVtYWlsIjoiZGViaWFuLW1lbnRvcnNAbGlzdHMuZGViaWFuLm9yZyJ9 Ricevi questa email perchè hai dato il tuo consenso al tratta

Bug#764261: RFS: librocket/1.3-1 [ITP]

2014-10-07 Thread whey bags
Thanks very much, I'll have a look at those issues soon. Re: pushing upstream, I am an upstream maintainer, so it should be relatively painless. On 7 Oct 2014 11:13, "Paul Wise" wrote: > On Mon, 2014-10-06 at 22:13 -0400, Harlan Lieberman-Berg wrote: > > > Thanks for packaging librocket for Debia

Bug#764261: RFS: librocket/1.3-1 [ITP]

2014-10-07 Thread Paul Wise
On Mon, 2014-10-06 at 22:13 -0400, Harlan Lieberman-Berg wrote: > Thanks for packaging librocket for Debian. I've got a couple things for > you to fix as the next steps. Good review Harlan, you missed some important things though, see below. > 2. Your changelog should close an ITP bug - in your

Bug#750708: RFS: audiotools/2.21-3 [ITP] -- Collection of audio handling programs for the command line

2014-10-07 Thread Eric Shattow
On Sun, 3 Aug 2014 22:27:11 -0700 Vincent Cheng wrote: > > Sorry for not following up on my earlier debian-mentors review until now! > > Agreed with Eriberto, your package is in pretty good shape, however > there are a few more issues: > > Blockers: > - debian/copyright needs the full text of CC-B