X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/b30f6580c48d882511055b5c9e0c271ba0100db2..94d9c0171a572c84c05135ed822e384077675483:/doc/LennyBugsAll diff --git a/doc/LennyBugsAll b/doc/LennyBugsAll index c8c43c2..bd822bb 100644 --- a/doc/LennyBugsAll +++ b/doc/LennyBugsAll @@ -116,10 +116,6 @@ Please read these reports and figure out what category they belong in. Or make in [http://packages.debian.org/lenny/installation-reports installation-reports] "cdrom: Most of the system's files have a future timestamp causing at least update/config problems." -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999] -in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt] -"kicker: crashes on startup" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293] in [http://packages.debian.org/lenny/installation-reports installation-reports] "installation-reports: Grub error: not a regular file..." @@ -132,14 +128,6 @@ in [http://packages.debian.org/lenny/quagga quagga] in [http://packages.debian.org/lenny/oss-compat oss-compat] "oss-compat: modules are not loaded" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800] -in [http://packages.debian.org/lenny/bind9 bind9] -"bind9: bind crashes with a list for allow-update" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751] -in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles] -"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303] in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports] "etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop" @@ -156,10 +144,6 @@ in [http://packages.debian.org/lenny/ghostscript ghostscript] in [http://packages.debian.org/lenny/sun-java6 sun-java6] "AWT_TOOLKIT=MToolkit causes java to segfault on amd64" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626 504626] -in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx] -"[nvidia-glx] Quietly drops support for several chipsets" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661] in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev] "nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken" @@ -202,14 +186,6 @@ in [http://packages.debian.org/lenny/wireshark wireshark] in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian] "ffmpeg-debian: Several security issues" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] -in [http://packages.debian.org/lenny/wordpress wordpress] -"wordpress can be subject of delayed attacks via cookies" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283] -in [http://packages.debian.org/lenny/egroupware-core egroupware-core] -"CVE-2007-3215: phpmailer issue (embedded code-copy)" - = Fresh bugs = These are very recent and presumably will get dealt with by the package maintainers without help. @@ -254,22 +230,10 @@ in [http://packages.debian.org/lenny/asterisk asterisk] in [http://packages.debian.org/lenny/mdadm mdadm] "mdadm: initramfs-tools script is broken, system with root on RAID won't boot" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947] -in [http://packages.debian.org/lenny/moodle moodle] -"moodle: html2text.php is not DFSG-free" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996 507996] in [http://packages.debian.org/lenny/uim-tcode uim-tcode] "mazegaki conversion cannot be used" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026] -in [http://packages.debian.org/lenny/phppgadmin phppgadmin] -"phpPgAdmin: Local File Inclusion Vulnerability" - -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091] -in [http://packages.debian.org/lenny/tuxguitar tuxguitar] -"maintainer address bounces" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508124 508124] in [http://packages.debian.org/lenny/python-m2crypto python-m2crypto] "Yum crashes when setting-up a CentOS chroot OS" @@ -282,10 +246,6 @@ in [http://packages.debian.org/lenny/libmad0 libmad0] in [http://packages.debian.org/lenny/sun-java5 sun-java5] "sun-java5: New upstream release fixes several security issues" -[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257] -in [http://packages.debian.org/lenny/twiki twiki] -"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution" - [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265] in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source] "sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)" @@ -347,6 +307,10 @@ in [http://packages.debian.org/lenny/libexif-gtk-dev libexif-gtk-dev] These look like good progress is being made and they'll get fixed soon. Do we need a DD to do an NMU on any of these? +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283] +in [http://packages.debian.org/lenny/egroupware-core egroupware-core] +"CVE-2007-3215: phpmailer issue (embedded code-copy)" + [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316] in [http://packages.debian.org/lenny/smarty smarty] "smarty: Non-free logo included in package" @@ -387,6 +351,18 @@ in [http://packages.debian.org/lenny/snmpd snmpd] "/etc/init.d/snmpd start reports error if already running" (Note: fixed, waiting on an upload?) +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257] +in [http://packages.debian.org/lenny/twiki twiki] +"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026] +in [http://packages.debian.org/lenny/phppgadmin phppgadmin] +"phpPgAdmin: Local File Inclusion Vulnerability" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800] +in [http://packages.debian.org/lenny/bind9 bind9] +"bind9: bind crashes with a list for allow-update" + = Not much of use one can do = @@ -408,6 +384,26 @@ in [http://packages.debian.org/lenny/amule-daemon amule-daemon] in [http://packages.debian.org/lenny/xml2rfc xml2rfc] "Yet another boilerplate change" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999] +in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt] +"kicker: crashes on startup" + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947] +in [http://packages.debian.org/lenny/moodle moodle] +"moodle: html2text.php is not DFSG-free" + +(misc) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091] +in [http://packages.debian.org/lenny/tuxguitar tuxguitar] +"maintainer address bounces" + +(legal issue involving non-free file) + +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751] +in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles] +"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading" + = Flamewars = You might enjoy reading these, but they may not be good targets to fix. @@ -416,6 +412,10 @@ You might enjoy reading these, but they may not be good targets to fix. in [http://packages.debian.org/lenny/otrs2 otrs2] "otrs2 - makes files in /usr writable by non-root" +[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771] +in [http://packages.debian.org/lenny/wordpress wordpress] +"wordpress can be subject of delayed attacks via cookies" + For this one, the actual flameware is off the bug report log. [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]