X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/11427f619eb2c7181d3a7eb8b81779c7d40d96fb..8324c10ec9933d0c75e0dd3749e94acf31a35bee:/doc/LennyBugs diff --git a/doc/LennyBugs b/doc/LennyBugs index 08a42b1..915808c 100644 --- a/doc/LennyBugs +++ b/doc/LennyBugs @@ -31,113 +31,26 @@ Contact the SIPB Chair, Greg Price (`price@mit.edu`), or Vice-Chair, Nelson Elha == The Bugs == -Coming soon: this list formatted better and with links to the bug pages. - -{{{ -507927 acpi-support Fix suspend-resume in Thinkpad R50e (intel 855gm card) -507242 amule-daemon amule-daemon: causes OOM's by leaking lots of memory -507883 asterisk asterisk: Very frequent segfaults on startup -506961 auctex auctex: reuses old logfile on emacsen upgrades, enabling symlink attack -496954 bind9 bind9: Fails to start due to SIGSEGV -501800 bind9 bind9: bind crashes with a list for allow-update -497471 cdimage.debian.org sarge images have syslinux binaries without source -507706 cdimage.debian.org Missing sources for d-i components/kernel of etch-n-half images -502751 clamav-getfiles clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading -507721 cryptsetup cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it -503532 dbus send_requested_reply="true" allows all non-reply messages -504340 djvulibre-plugin djvulibre-plugin: Iceweasel crashes when loading DjVu documents -481072 dk-filter dk-filter reliably crashes upon connection from postfix -505929 egroupware egroupware incompatible with php 5.2.6 -504283 egroupware-core CVE-2007-3215: phpmailer issue (embedded code-copy) -456037 fenix fenix: not 64 bit clean -504977 ffmpeg-debian ffmpeg-debian: Several security issues -451628 ftp.debian.org Packages might enter the archive from security without source -497823 ftp.debian.org longstanding DFSG violations in linux-2.6 package -506152 ftp.debian.org libept0 should have priority important -507675 ftp.debian.org python2.5 should have priority standard -507678 ftp.debian.org libsqlite3-0 should have priority standard -507775 ftp.debian.org libkeyutils1 should have priority standard -507778 ftp.debian.org libldap-2.4-2 should have priority standard -507779 ftp.debian.org [Priorities] libustr-1.0-1 -> standard -507780 ftp.debian.org python-sepolgen should have priority standard -507783 ftp.debian.org libxml2 should have priority standard -507784 ftp.debian.org python2.5-minimal should have priority standard -507796 ftp.debian.org libisccfg40 should have priority standard -507797 ftp.debian.org libisccc40 should have priority standard -507798 ftp.debian.org libedit2 should have priority standard -507799 ftp.debian.org libgssglue1 must have priority standard -507800 ftp.debian.org ucf must have priority standard -507801 ftp.debian.org libpci3 must have priority standard -503712 ghostscript etch->lenny upgrade left the system in broken state -504747 gnu-fdisk gnu-fdisk: wipes out MBR when used on GPT partitions -506684 guile-1.8-dev guile-1.8: includes own definition of jmp_buf type in public header -507021 helpdeco Fails to work on amd64 -507558 hibernate ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen) -505563 icedove Mozilla Thunderbird Multiple Vulnerabilities -426465 initramfs-tools /init exports MODPROBE_OPTIONS=-qb -507059 initramfs-tools initramfs-tools: Wrong check for udevadm in functions -394963 installation-reports installation: Problems with dual booting Dell D600 with winXP pro in the first partition (hd0, 0). After installing the Dell Etch Beta 3, Windows fails to boot and I get the blue screen of death. -418972 installation-reports cdrom: Etch does not detect CD-ROM on Acer Aspire 7100 -436140 installation-reports cdrom: Most of the system's files have a future timestamp causing at least update/config problems. -494293 installation-reports installation-reports: Grub error: not a regular file... -495603 installation-reports grub-installer fails on a FSC Primergy RX300 with a level 5 RAID -501804 installation-reports installation-reports: Lenny b2 install on ThinkPad X61 - fails to detect hard disk -507072 ipsec-tools libipsec0 packaged in ipsec-tools without development headers -499078 jfsutils jfsutils: Bus Error when running fsck.jfs on sparc -506853 libgnutls26 libgnutls26: 2.4.2-3 breaks OpenLDAP access -495178 libjs-jquery libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js -508133 libmad0 audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0 -490999 libqt3-mt kicker: crashes on startup -504373 libtemplate-perl libtemplate-perl: Upgrade from etch breaks code using DBI plugins -503907 libwebkit-1.0-1 epiphany-webkit: Crashes at startup whenever I go to a site. -506353 mailscanner CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack -496334 mdadm mdadm segfault on --assemble --force with raid10 -507889 mdadm mdadm: initramfs-tools script is broken, system with root on RAID won't boot -507818 mldonkey-server mldonkey-server: mlnet does not start, logs syntax error in downloads.ini -507947 moodle moodle: html2text.php is not DFSG-free -504918 network-manager Updating to lenny failed when NetworkManager got updated504626 nvidia-glx [nvidia-glx] Quietly drops support for several chipsets -504661 nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken -507003 open-iscsi initiatorname.iscsi should maybe not be in /etc -508351 open-iscsi open-iscsi: will not install, looking for missing /sys/module/scsi_transport_iscsi/version file -507865 openoffice.org-writer openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong) -500460 oss-compat oss-compat: modules are not loaded -475737 otrs2 otrs2 - makes files in /usr writable by non-root -502140 pam cannot unlock screen during etch -> lenny transition -508026 phppgadmin phpPgAdmin: Local File Inclusion Vulnerability -507915 povray Povray unusable with non-ascii filenames -476525 python-hid python-hid: hid module will not import since python policy transition -495232 quagga quagga: zebra ignores routes added via command line -507071 racoon racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt -332782 release-notes release-notes: Where's the license? -475958 release-notes document procedure to recover from "/dev/hda became /dev/sda" boot failure -506977 release.debian.org FPC: copyright infringement in pre 2.2.2 sources507239 release.debian.org RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code -490171 rtorrent rtorrent: random crash -506748 rtorrent crash rtorrent by scgi-interface (function: 'fi.get_filename_last') -478717 ruby1.9 ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault -507316 smarty smarty: Non-free logo included in package -505237 snmpd /etc/init.d/snmpd start reports error if already running -506057 splashy splashy: Splashy fails to install due to missing default theme -508194 sun-java5 sun-java5: New upstream release fixes several security issues -504524 sun-java6 AWT_TOOLKIT=MToolkit causes java to segfault on amd64 -508265 sysprof-module-source sysprof-module-source: doesn't compile on AMD64 arch (wrong register names) -506883 tuxguitar tuxguitar: hard-codes dependencies on libraries -508091 tuxguitar maintainer address bounces -508257 twiki CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution -507996 uim-tcode mazegaki conversion cannot be used -503303 upgrade-reports etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop -506741 wireshark wireshark: DoS caused by sending a SMTP request with large content -323473 wnpp ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux -508322 wodim wodim: Cannot load media. Cannot init drive. -504771 wordpress wordpress can be subject of delayed attacks via cookies -476210 xbat xbat: game elements do not display properly -507576 xbattbar-acpi missing dependency: libconfig -507165 xine-lib xine-lib: CVE-2008-5242 heap-based buffer overflow -507184 xine-lib xine-lib: CVE-2008-5246 heap overflow -508313 xine-lib xine-lib: CVE-2008-5234 heap overflow in atom parsing -374644 xine-ui xine-ui: ctrl/shift key press emulation implementation broken -506652 xml2rfc Yet another boilerplate change -507944 xwhois xwhois: segfaults on start in get_servers() -507579 yocto-reader Package installation results in license violation -508124 yum Yum crashes when setting-up a CentOS chroot OS -}}} -(list as of 2008-12-10 at 2240) +See LennyBugsAll for a complete list. Attack one of the bugs that look good, or read through the unclassified ones to find the good ones. + +Below, a snapshot of the bugs identified as probable good targets. It may be out of date, so check LennyBugsAll. + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui] +"xine-ui: ctrl/shift key press emulation implementation broken" +[[BR]](Note: have patch but it's broken. Test? Find a fix?) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465] +in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools] +"/init exports MODPROBE_OPTIONS=-qb" +[[BR]](Note: real bug report is near bottom.) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525] +in [http://packages.debian.org/lenny/python-hid python-hid] +"python-hid: hid module will not import since python policy transition" +[[BR]](Note: have patch, looks messy, looks like not-too-hard bug to fix well.) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072] +in [http://packages.debian.org/lenny/dk-filter dk-filter] +"dk-filter reliably crashes upon connection from postfix" +[[BR]](Note: bug report, little followup. Test, reproduce, debug, fix.) +