Re: Preparation of the next stable Debian GNU/Linux update (I)

This one time, at band camp, Martin Zobel-Helas said: > Preparation of Debian GNU/Linux 3.1r5 > = > > An up-to-date version is at . > > We are preparing the next revision of the current stable Debian > distribution (

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Matthijs, > Hi, > > What about #375494 and #377047, those are security bugs in the current > stable distribution (Sarge) and according to the Security Team it > didn't warrant an upload. Although it has a CVE so I think it's worth > an upload to stable. > > What do you think ? If you are the

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi, On Saturday 16 September 2006 19:39, Moritz Muehlenhoff wrote: > > Please explain why you think that putting arbitrary long strings into > > fixed= sized buffers is not a security problem, preferedly in the > > bugreport. > The buffer overflow can only be triggered through a file only root can

Re: Preparation of the next stable Debian GNU/Linux update (I)

Holger Levsen wrote: > On Saturday 16 September 2006 08:50, Martin Schulze wrote: > > The first one doesn't look like a real security problem. > > Please explain why you think that putting arbitrary long strings into fixed > sized buffers is not a security problem, preferedly in the bugreport. P

Re: Preparation of the next stable Debian GNU/Linux update (I)

Holger Levsen wrote: >> The first one doesn't look like a real security problem. > > Please explain why you think that putting arbitrary long strings into fixed= > sized buffers is not a security problem, preferedly in the bugreport. The buffer overflow can only be triggered through a file only ro

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi, On Saturday 16 September 2006 08:50, Martin Schulze wrote: > The first one doesn't look like a real security problem. Please explain why you think that putting arbitrary long strings into fixed sized buffers is not a security problem, preferedly in the bugreport. Thanks, Holger p

Re: Preparation of the next stable Debian GNU/Linux update (I)

Matthijs Mohlmann wrote: > Hi, > > What about #375494 and #377047, those are security bugs in the current > stable distribution (Sarge) and according to the Security Team it didn't > warrant an upload. Although it has a CVE so I think it's worth an upload > to stable. The first one doesn't look l

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Fri, 15 Sep 2006 00:45:35 +0200 Martin Zobel-Helas <[EMAIL PROTECTED]> wrote: > Preparation of Debian GNU/Linux 3.1r4 > = > > An up-to-date version is at . > > We are preparing the next revision of the current st

Re: Preparation of the next stable Debian GNU/Linux update (I)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Zobel-Helas wrote: > Hi Kevin, > > On Fri, Aug 25, 2006 at 09:59:53AM -0700, Kevin B. McCarty <[EMAIL > PROTECTED]> wrote: >>Second, is it planned to include the next round of security updates to >>the Mozilla family by Alexander Sack? (cf.

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Kevin, On Fri, Aug 25, 2006 at 09:59:53AM -0700, Kevin B. McCarty <[EMAIL PROTECTED]> wrote: > Martin Zobel-Helas wrote: > > > > mozilla-thunderbird-devstable1.0.2-2.sarge1.0.7 alpha arm > > hppa i386 ia64 m68k mips mipsel powerpc s390 sparc > > mozilla-thunderbird-dev

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Fri, Aug 25, 2006 at 09:59:53AM -0700, Kevin B. McCarty wrote: > > First of all, the above should also mention DSA 1134. > > Second, is it planned to include the next round of security updates to > the Mozilla family by Alexander Sack? (cf. [0] [1]) For some reason > these don't seem to have

Re: Preparation of the next stable Debian GNU/Linux update (I)

Kevin B. McCarty wrote: > Second, is it planned to include the next round of security updates to > the Mozilla family by Alexander Sack? (cf. [0] [1]) For some reason > these don't seem to have gone into security.d.o yet and it would be very > nice to ship mozilla* packages that are up-to-date wi

Re: Preparation of the next stable Debian GNU/Linux update (I)

Martin Zobel-Helas wrote: > libnspr-devstable2:1.7.8-1sarge3alpha arm hppa i386 ia64 > m68k mips mipsel powerpc s390 sparc > libnspr-devupdates 2:1.7.8-1sarge7.1 alpha arm hppa i386 ia64 > m68k mips mipsel powerpc s390 sparc > libnspr4 stable2

Re: Preparation of the next stable Debian GNU/Linux update (I)

Rene Engelhard wrote: > Martin Zobel-Helas wrote: > > Accepted Packages > > - > > > > These packages will be installed into the stable Debian distribution > > and will be part of the next revision. > [...] > > freetype2-demosstable2.1.7-2.4 alpha arm hppa i386 ia64 m68k m

Re: Preparation of the next stable Debian GNU/Linux update (I)

This one time, at band camp, Martin Zobel-Helas said: > > clamav-base stable0.84-2.sarge.8 all > clamav-base updates 0.84-2.sarge.9 all > clamav-daemon stable0.84-2.sarge.8 alpha arm hppa i386 ia64 m68k > mips mipsel powerpc s390 sparc > clamav-daemon updates 0.

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Rene, On Thu, Aug 24, 2006 at 08:24:35PM +0200, Rene Engelhard <[EMAIL PROTECTED]> wrote: > Martin Zobel-Helas wrote: > > Accepted Packages > > - > > > > These packages will be installed into the stable Debian distribution > > and will be part of the next revision. > [...] >

Re: Preparation of the next stable Debian GNU/Linux update (I)

Martin Zobel-Helas wrote: > Accepted Packages > - > > These packages will be installed into the stable Debian distribution > and will be part of the next revision. [...] > freetype2-demosstable2.1.7-2.4 alpha arm hppa i386 ia64 m68k mips > mipsel powerpc s390 sparc > fre

Re: Preparation of the next stable Debian GNU/Linux update (I)

Martin Schulze wrote: >>would you entertain a one-line fix removing the deluser command from the >>postrm of chipcard-tools (source package libchipcard). [...] > Please go ahead. Normally, such a change wouldn not warrant a fix in > a stable release, but in this case the package in question is not

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Thu, Feb 09, 2006 at 10:37:38 +0100, Martin Schulze wrote: > Martin Zobel-Helas wrote: > > there was some discussion[1] wether the next stable update could have > > some timezone data updated in the glibc package. > > Show me the changes. > > Unless large chunks of the world are affected I don

Re: Preparation of the next stable Debian GNU/Linux update (I)

Steve Langasek wrote: > > * Accepted albatross > > * Accepted antiword > > * Investigation of cernlib > > * Investigation of clamav > > * Accepted crawl > > * Moved evms from further to accept > > * Accepted mantis > > * Accepted perl > > * Accepted sudo > > Are you aware of the complaint

Re: Preparation of the next stable Debian GNU/Linux update (I)

Thomas Viehmann wrote: > would you entertain a one-line fix removing the deluser command from the > postrm of chipcard-tools (source package libchipcard). > I'm having trouble with this on #346527 (still need to figure out how to > fix this for users upgrading from original sarge) and think that th

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Joey, would you entertain a one-line fix removing the deluser command from the postrm of chipcard-tools (source package libchipcard). I'm having trouble with this on #346527 (still need to figure out how to fix this for users upgrading from original sarge) and think that this could be simple en

Re: Preparation of the next stable Debian GNU/Linux update (I)

Martin Zobel-Helas wrote: > Hi Joey, > > there was some discussion[1] wether the next stable update could have some > timezone data updated in the glibc package. Show me the changes. Unless large chunks of the world are affected I don't consider timezone details to warrant an update in our stabl

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Joey, there was some discussion[1] wether the next stable update could have some timezone data updated in the glibc package. Greetings [1] http://lists.debian.org/debian-volatile/2006/02/msg0.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? C

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Mon, Feb 06, 2006 at 09:53:14AM +0100, Martin Schulze wrote: > 2006/01/21 21:45 MET > * Accepted albatross > * Accepted antiword > * Investigation of cernlib > * Investigation of clamav > * Accepted crawl > * Moved evms from further to accept > * Accepted mantis > * Accepted perl > * A

Re: Preparation of the next stable Debian GNU/Linux update (I)

* Martin Schulze [Mon, 06 Feb 2006 09:53:14 +0100]: > Rejected Packages > - > muttstable1.5.9-2alpha arm hppa i386 ia64 m68k mips > mipsel powerpc s390 sparc source > muttupdates 1.5.9-2sarge1 alpha arm hppa i386 ia64 m68k mips > mipsel powerpc s39

Re: Preparation of the next stable Debian GNU/Linux update (I)

I see that the preparations for releasin 3.1r1 are well underway, and I may be too late for this, but I though I would ask. I realize (after having it gently pointed out to me in #338004) that this patch is incomplete, as it missed a stray db_stop. This one time, at band camp, Stephen Gran said:

Re: Preparation of the next stable Debian GNU/Linux update (I)

This one time, at band camp, Martin Schulze said: > These packages will be installed into the stable Debian distribution > and will be part of the next revision. > > clamav-base stable0.84-2 all > clamav-base updates 0.84-2.sarge.1 all > clamav-daemon stable0.84

Re: Preparation of the next stable Debian GNU/Linux update (I)

Thomas Viehmann wrote: > Martin Schulze wrote: > > 3. The stable version of the package is not installable at all due to > > broken or unmet dependencies or broken installation scripts. > Would you consider a fix for #315946 if uploaded to s-p-u? I'd like to see your proposed fix. Regards,

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi, On Fri, Jul 08, 2005, Martin Schulze wrote: > Preparation of the next stable Debian GNU/Linux update > == > An up-to-date version is at . There's no trace of gnome-system-monitor on that page.

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Fri, 08 Jul 2005 09:18:16 +0200, Martin Schulze wrote: > Preparation of the next stable Debian GNU/Linux update > == > > An up-to-date version is at . > > I am preparing the (most probably) last revisio

Re: Preparation of the next stable Debian GNU/Linux update (I)

Martin Schulze wrote: > 3. The stable version of the package is not installable at all due to > broken or unmet dependencies or broken installation scripts. Would you consider a fix for #315946 if uploaded to s-p-u? Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UN

Re: Preparation of the next stable Debian GNU/Linux update (I)

Am 2005-07-08 09:18:16, schrieb Martin Schulze: > Preparation of the next stable Debian GNU/Linux update > == > > An up-to-date version is at . ^

Re: Preparation of the next stable Debian GNU/Linux update (I)

On Fri, Jul 08, 2005 at 09:18:16AM +0200, Martin Schulze wrote: > > The requirements for packages to get updated in stable are: > > 1. The package fixes a security problem. An advisory by our own > Security Team is required. Updates need to be approved by the > Security Team. > > 2.

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi, On Fri, Jul 08, 2005, Martin Schulze wrote: > 2. The package fixes a critical bug which can lead into data loss, > data corruption, or an overly broken system, or the package is > broken or not usable (anymore). I've sent an updated package for gnome-system-monitor in my mes

Re: Preparation of the next stable Debian GNU/Linux update (I)

Steffen Grunewald wrote: > Hi Joey, > > On Fri, Jul 08, 2005 at 09:18:16AM +0200, Martin Schulze wrote: > > Preparation of the next stable Debian GNU/Linux update > > == > > > > An up-to-date version is at

Re: Preparation of the next stable Debian GNU/Linux update (I)

Hi Joey, On Fri, Jul 08, 2005 at 09:18:16AM +0200, Martin Schulze wrote: > Preparation of the next stable Debian GNU/Linux update > == > > An up-to-date version is at . > > I am preparing the (most probabl