Re: [SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution

Alexander Klauer wrote: > why has the installed-size of openoffice-org.bin been reduced by > almost 60M in this update? because 9sarge2 was built broken (autobuilder didn't strip it due to a bug and no one noticed). 9sarge3 was built on my i386 and did get stripped. Everything OK, we already got

Re: Bug#401969: please build using hunspell

Mike Hommey wrote: > On Thu, Dec 07, 2006 at 11:26:34AM +0100, Rene Engelhard <[EMAIL PROTECTED]> > wrote: > > There's no big difference in using hunspell and myspell, except that > > hunspell dictionaries > > then will also work. And you show that hunspel

Re: Bug#401969: please build using hunspell

Hi, Mike Hommey wrote: > On Fri, Dec 08, 2006 at 10:58:11PM +0100, Rene Engelhard <[EMAIL PROTECTED]> > wrote: > > Mike Hommey wrote: > > > On Thu, Dec 07, 2006 at 11:26:34AM +0100, Rene Engelhard <[EMAIL > > > PROTECTED]> wrote: > > > > T

Re: Bug#401969: please build using hunspell

Hi, Davide Prina wrote: > > MySpell is obsolete. > > Please build against Hunspell, which is an improved version of MySpell > > retaining full backwards compatibility. That also would make the usage > > of hunspell-de-* in iceweasel possible. > > probably not so full backwards compatibility. Proo

Re: [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities

Hi, Johannes Wiedersich wrote: > Florian Weimer wrote: > > * Martin Schulze: > > > >> Package: openoffice.org > >> Vulnerability : several > >> Problem type : local (remote) > >> Debian-specific: no > >> CVE IDs: CVE-2007-0002 CVE-2007-0238 CVE-2007-0239 > > > > Does this also

Re: Help on OpenOffice.org security upgrade requested

Hi, Manon Metten wrote: > For the testing distribution (etch) these problems have been fixed in > >version 2.0.4.dfsg.2-6. [...] > I checked with 'apt-cache show openoffice.org' and somewhere I found > 'Version: 2.0.4.dfsg.2-5'. [...]> > Is there anything wrong or missing in this sources.list? W

[EMAIL PROTECTED]: Re: Latest OOo Etch update -7etch1 depends on different libneon]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *sigh*. too late... Typoed the email address. Forward... - - Forwarded message from Rene Engelhard <[EMAIL PROTECTED]> - Date: Wed, 13 Jun 2007 01:43:30 +0200 From: Rene Engelhard <[EMAIL PROTECTED]> To: "Kevin B. McCarty&q

Re: Latest OOo Etch update -7etch1 depends on different libneon

[ resend, I just saw even -release and -openoffice were in the mail... ] Hi, Kevin B. McCarty wrote: > I noticed that the latest OpenOffice.org security update in Etch > (version 2.0.4.dfsg.2-7etch1, which fixed DSA 1307) depends on libneon25 > whereas the previous Etch version (2.0.4.dfsg.2-5etc

Bug#474265: iceape: use system expat?

Package: iceape Version: 1.1.9-1 Severity: wishlist Hi, While test building iceape against the soon-to-be-released hunspell 1.2.2 I noticed that iceape ships an own expat in parser/xml/expat/lib. Looking there, it seems 1.95.7 but I have no idea whether/how it is patched. Debian has 1.95.8. Can

Bug#474268: icedove: use system expat?

Package: icedove Version: 2.0.0.9-3 Severity: wishlist Hi, While test building icedove against the soon-to-be-released hunspell 1.2.2 I noticed that icedove ships an own expat in parser/xml/expat/lib. Looking there, it seems 1.95.7 but I have no idea whether/how it is patched. Debian has 1.95.8.

Bug#474266: iceweasel: use system expat?

Package: iceweasel Version: 2.0.0.13-1 Severity: wishlist Hi, While test building iceweasel against the soon-to-be-released hunspell 1.2.2 I noticed that iceweasel ships an own expat in parser/xml/expat/lib. Looking there, it seems 1.95.7 but I have no idea whether/how it is patched. Debian has

Bug#474267: xulrunner: use system expat?

Package: xulrunner Version: 1.8.1.13-1 Severity: wishlist Hi, While test building xulrunner against the soon-to-be-released hunspell 1.2.2 I noticed that xulrunner ships an own expat in parser/xml/expat/lib. Looking there, it seems 1.95.7 but I have no idea whether/how it is patched. Debian has

Re: [SECURITY] [DSA 3482-1] libreoffice security update

On Wed, Feb 17, 2016 at 07:29:59PM +, Sebastien Delafond wrote: > For the testing (stretch) and unstable (sid) distributions, these > problems have been fixed in version 1:5.1.1~rc1-1. Actually, as I said (and as said upstream, it's fixed in 5.0.5 release), it's fixed since 5.0.5 rc1, so the v

Re: [SECURITY] [DSA 3548-2] samba regression update

Hi, On Thu, Apr 14, 2016 at 10:58:05AM +, Salvatore Bonaccorso wrote: > The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging > regression causing an additional dependency on the samba binary package > for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules > bi

Re: Kernel: Fix for CVE-2017-1000364 (mm: enlarge stack guard gap) breaks java application

Hi, On Tue, Jun 27, 2017 at 10:13:25PM +0200, Salvatore Bonaccorso wrote: > We issued a regression update: > > https://lists.debian.org/debian-security-announce/2017/msg00160.html > > To answer your question still, if you set the kernel parameter to > stack_guard_gap=1 this wuould effectively re

fixing CVE-2010-0395 for testing

debian/rules: - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but to actually add it to OOO_MOZILLA_ARCHS -- Rene Engelhard Mon, 31 May 2010 22:50:07 +0200 (I of course will fix the .changes to contain testing or testing-security) The 1:3.2.0-11~bpo50+1 upload to le

Re: fixing CVE-2010-0395 for testing

Hi, On Sun, Jun 06, 2010 at 03:22:36PM +0200, Nico Golde wrote: > Would it be possible to upload a minimal version only carrying the security > patch to testing-security? Possible, yes. I'd like to avoid that, though if possible. It would need a rebuild, whereas I can upload -11 as-is already (a

Re: fixing CVE-2010-0395 for testing

Hi, On Sun, Jun 06, 2010 at 03:32:26PM +0200, Rene Engelhard wrote: > (and it fixes some other important stuff, too, as you see in the changelog. > No XML signing support *only* on kfreebsd-i386 is, umm, bad. Same as > dependency > differences because of the bashisms...) Oh, and

Re: fixing CVE-2010-0395 for testing

Hi, On Sun, Jun 06, 2010 at 09:17:58PM +0100, Adam D. Barratt wrote: > > * debian/rules: > > - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but > > to actually add it to OOO_MOZILLA_ARCHS Yes. (What you mentioned is debian/control regenerated with this) Grüße/Regards, Re

Re: fixing CVE-2010-0395 for testing

Hi, On Sun, Jun 06, 2010 at 03:32:26PM +0200, Rene Engelhard wrote: > > Would it be possible to upload a minimal version only carrying the security > > patch to testing-security? > > Possible, yes. I'd like to avoid that, though if possible. > It would need a rebuild

Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow

close 592399 2.3.7-2+lenny3 thanks On Tue, Oct 05, 2010 at 09:05:46AM +0200, Davide Mirtillo wrote: > Hello, i just ran the update via aptitude, and apt-listbug reported the > package as affected by bug #592399 [1]. Aptitude installed > 2.3.7-2+lenny4, and that version is not marked as bug-free in

Re: [SECURITY] [DSA 2151-1] New OpenOffice.org packages fix several vulnerabilities

Hi, On Wed, Jan 26, 2011 at 09:27:05PM +0100, Kurt Roeckx wrote: > 1:3.2.1-11+squeeze1 has been on security-master for a few days > now, but it's not visible yet. It seems it didn't even end up in t-s but directly propagated to t-p-u.. I at least did get the propagation mails but yes, it doesn't

Re: [SECURITY] [DSA 2315-1] openoffice.org security update

On Wed, Oct 05, 2011 at 02:51:03PM -0500, Chris Swenson wrote: >I assume this would include LibreOffice? Yes, actually the > For the testing distribution (wheezy), and the unstable distribution > (sid), > this problem will be fixed soon. is wrong and should read "For the test