Archive for March 2013

RC Bugs 2013/13

2013-03-26 by Salvatore Bonaccorso, tagged as bugs, debian, rc

Again not much work done on concrete RC bugs in the week 2013/13:

#702905 - almanah: CVE-2013-1853: Almanah doesn't encrypt the database

Mark found versions correctly in BTS and did some small tests to check also regression from Squeeze to Wheezy updates. Comment on the corresponding unblock request bug.
#703862 - libnet-jabber-perl: Missing Digest::SHA1 dependency (replace with Digest::SHA)

Add patch to use Digest::SHA instead of Digest::SHA1.
#703933 - libxslt: CVE-2012-6139

Checked the bug and prepared debdiffs. Version in unstable uploaded.

2013-03-20 by Salvatore Bonaccorso, tagged as bugs, debian, rc

Work on RC bugs done in 2013/12:

#702775 - ganglia: limiting security support

Comment on proposed text for README.Debian.security.
#703348 - CVE-2013-1854

Manually close bug, as it was fixed in unstable.
#703349 - CVE-2013-1855 CVE-2013-1857

Manually close bug, as it was fixed in unstable.

2013-03-15 by Salvatore Bonaccorso, tagged as bugs, debian, rc

Here concrete contributions on RC fixes for the week 2013/10:

#701227 - nagios-nrpe: CVE-2013-1362: allows the passing of $() as command arguments to execute shell commands

Propose a patch to the BTS.
#698871 - CVE-2013-0219 CVE-2013-0220

Upload packages prepared by Timo Aaltonen.
#702525 - ruby1.9.1: CVE-2013-1821: entity expansion DoS vulnerability in REXML

Upload package to delayed queue but also asked maintainers for an upload.
#702526 - ruby1.8: CVE-2013-1821: entity expansion DoS vulnerability in REXML

Sent patch to the BTS.
#702821 libapache2-mod-perl2: FTBFS: the CVE-2013-1667 fix breaks t/perl/hash_attack.t

Helped in testbuild package with proposed patches.