RC Bugs 2013/09

Again I did not much concrete RC bugs fixing, here is what I did in 2013/09:

• #701052 - isync: CVE-2013-0289: Incorrect server's SSL x509.v3 certificate validation when performing IMAP synchronization

  Prepared the package with upstream's patch for CVE-2013-0289 and uploaded to DELAYED/7 queue.

RC Bugs 2013/08

The work done on RC bugs directly is again minimal:

• #699615 - CVE-2013-0250 - corosync: Remote DoS due improper HMAC initialization

  Sent comment to the BTS.

RC Bugs 2013/07

Work done on RC bugs in 2013/07:

• #699724 - radicale: Insufficient dependency on python-radicale

  Propose to NMU in the BTS. Prepared the commits for collab-maint repository and test builded the package.

• #700548 - padre: Failed to start: Can't locate object method "select" via package "Padre::DB::SyntaxHighlight"

  Checked the report and replied to the reporter.

RC Bugs 2013/06

No much work on RC bugs itself again this week. I worked a bit on open issues to track in the security tracker and reported new issues.

• #700098 - cfingerd: CVE-2013-1049 remote buffer overflow

  Prepared package with Marc's patch and uploaded to DELAYED/5 queue.

RC Bugs 2013/05

No much work on actually fixing RC bugs done:

• #699316 - libupnp: Multiple stack buffer overflow vulnerabilities

  Sent debdiff (created with the patch found in Red Hat bugtracker) to the BTS.

RC Bugs 2013/04

Work done on RC bugs for 2013/04:

• #698231 - memcached: CVE-2013-0179

  Upload patch as NMU to DELAYED/5 queue.

• #698737 - owncloud: Multiple XSS vulnerabilities (oC-SA-2013-001)

  Sent patch to the BTS.

• #698940 - libcommon-sense-perl is not in the list of libev-perl dependencies

  Add missing Depends on libcommon-sense-perl.

RC Bugs 2013/03

My work done on RC bugs (only where I contributed to closing a bug):

• #696424 - sanlock: CVE-2012-5638

  Upload package prepared by David Weber.

• #698375 - gfs2-utils: fails to upgrade from squeeze: insserv: script gfs2-utils: service gfs2 already provided!

  Investigated the issue and sent a update to the BTS.

• #684810 - rgl: FTBFS: types.h:98:5: error: 'copy' was not declared in this scope, and no declarations were found by argument-dependent lookup at the point of instantiation [-fpermissive]

  Upload patch by Laszlo Kajan to testing-proposed-updates.

• #698231 - memcached: CVE-2013-0179

  Propose debdiff to the BTS.

• #683584 - ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution

  Investigated the issue for Squeeze and proposed a debdiff based on the changes done upstream between 3.1.7 and 3.1.8.

RC Bugs 2013/02

I tried to work again on security-tracker releated topics last week. For working on RC bugs, this is what I've done in 2013/02:

• #685061 - gfs2-utils: fails to install due to incorrect dependencies in init.d LSB header

  Add a Depends on gfs2-cluster for gfs2-utils binary package. Sent debdiff to the BTS. Uploaded the package to DELAYED/5 queue.

• #697870 - redhat-cluster-suite: Fails to install due to removed clvm package

  Sent patch for unstable to the BTS. Uploaded package to DELAYED/5 queue.

• #697186 - Missing dependency on libcollection-dev

  Upload package.

• #697895 - Update libextlib-ruby / ruby-extlib for vulnerabilities (Re: CVE-2013-0156)

  Propose debdiffs to the BTS.

• #697221 - motion: No longer has support for mysql

  Propose patch to the BTS.

RC Bugs 2013/01

Work done on RC bugs in 2013/01:

• #696736 - Insecure permissions on database files

  Upload NMU to the DELAYED/7 queue.

• Fix a FTBFS in libconfig-model-dpkg-perl (no bugreport) if there is no writable $HOME available during tests in build.

• #696424 - sanlock: CVE-2012-5638

  Sent proposed debdiff to the BTS.

• #697375 - rpm: CVE-2012-6088

  Sent proposed debdiffs to the BTS. After Michal's confirmation prepared uploads for unstable and testing.

RC Bugs 2012/52

For the last week of the year I have only worked on following RC issues:

• #695845 - open-vm-tools: Init script should Required-{Start,Stop} $remote_fs

  Sent proposed t-p-u debdiff to the BTS, and asked the release team for an approval to upload to t-p-u.

• #696691 - freetype: multiple vulnerabilities in freetype before 2.4.11

  Report the issues to the BTS and submit also the debdiff for the version in unstable with small comment.

  After an ACK by Steve Langasek on IRC uploaded the NMU without delay to unstable.

• #696304 - nmu: tsung_1.4.2-1

  Add a comment on the request to binNMU tsung.

• #649068 - rgmanager and resource-agents: error when trying to install together

  Upload the package targetting t-p-u prepared by Ivo Decker.

• #696736 - Insecure permissions on database files

  Looked at the patches in Ubuntu and submit a debdiff for unstable to the BTS.

• #654341 - inkscape reads .eps files from /tmp instead of the current directory

  Checked the issue and asked if this warrants a CVE. Furhermore sent a comment to the BTS.

Categories

• bugs (74)
• debconf (2)
• debconf12 (1)
• debconf13 (1)
• debian (76)
• rc (74)

Archive

• December 2013 (1)
• November 2013 (3)
• October 2013 (4)
• September 2013 (2)
• August 2013 (3)
• July 2013 (3)
• June 2013 (4)
• May 2013 (5)
• April 2013 (3)
• March 2013 (3)
• February 2013 (4)
• January 2013 (5)
• December 2012 (4)
• November 2012 (4)
• October 2012 (4)
• September 2012 (4)
• August 2012 (2)
• July 2012 (5)
• June 2012 (4)
• May 2012 (5)
• April 2012 (4)
• March 2012 (1)

Links

• My Debian QA Page
• Bug Counts
• Full lintian reports
• Bugstats
• Buildd Overview
• http://portfolio.debian.net

Copyright © 2013 Salvatore Bonaccorso. Powered by BlazeBlogger.