Re: duplicity stable update for CVE-2007-5201

2008-01-18 Thread Alexander Zangerl
On Sun, 13 Jan 2008 19:03:23 +0100, Nico Golde writes: >the following CVE (Common Vulnerabilities & Exposures) id was >published for duplicity some time ago. > >CVE-2007-5201[0]: >| The FTP backend for Duplicity sends the password as a command line >| argument when calling ncftp, which might allow

Re: Proposed release goal: Switch to dash as /bin/sh to speed up the boot

2008-01-18 Thread Petter Reinholdtsen
[Petter Reinholdtsen 2007-07-04] > Please consider making such switch a release goal or release target > for Lenny. What is the Lenny release teams opinion on this now? Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Troubl

asterisk give-back on sparc

2008-01-18 Thread Faidon Liambotis
Hi, asterisk 1:1.4.17~dfsg-2 has been built on sparc since Jan 4 but hasn't been uploaded yet. Normally, I wouldn't mind too much, but it's the only thing that is holding asterisk from migrating to testing and the last migration was over a year ago :-) Could someone (a buildd maintainer, pr

Please give-back mclibs on ia64

2008-01-18 Thread Kevin B. McCarty
Hi release team, Please retry building "mclibs" source package 2006.dfsg.2-3 on ia64. The previous build failed in a strange way [1], most likely because it was simply interrupted [2]. [1] http://buildd.debian.org/build.php?&pkg=mclibs&ver=2006.dfsg.2-3&arch=ia64 [2] http://lists.debian.org/debia

Re: Memory leak in SUNRPC code

2008-01-18 Thread Martin Zobel-Helas
Hi, On Sat Jan 12, 2008 at 13:41:12 +0100, Aurelien Jarno wrote: > Hi release managers, > > On Fri, Jan 11, 2008 at 11:59:53AM +, Andre Cruz wrote: > > Package: libc6 > > Version: 2.3.6.ds1-13etch2 > > Severity: serious > > Tags: patch > > > > I've already submitted a patch upstream and it

Re: dcc removal?

2008-01-18 Thread Nico Golde
Hi Moritz, * Moritz Muehlenhoff <[EMAIL PROTECTED]> [2008-01-18 10:08]: > Nico Golde wrote: > > currently there is one medium severe security issue in the=20 > > dcc software (CVE-2007-1047[0]) which is currently unfixed=20 > > in all Debian distributions. > > > > I had a private conversation[1] wi

Re: Please binNMU kildclient

2008-01-18 Thread Steve Langasek
On Fri, Jan 18, 2008 at 08:35:34AM +0100, Philipp Kern wrote: > kildclient_2.6.0-2, libgnutls11 was crufted, 1, i386 > All other architectures built the package *much* later (Jul vs. Dec) and > are thus not affected. Scheduled. Cheers, -- Steve Langasek Give me a lever long en