Hamm Bug Stamp-Out List for June 25, 1998
Welcome to the nem Hamm Bugs Stamp-Out List.
Since Richard Braakman is currently on vacation, I will be maintaining
this for two weeks.
Major changes:
- Debian 2.0 beta has been released, creating a frenzy of last-minute uploads.
Unfortunately most bugreports haven't been updated to reflect this.
- Fixed packages were uploaded for: sysvinit, sendmail, xfree86, dhcp,
kernel-image-2.0.34, cdwrite and libtool . Also uploads were made to fix
security and non-i386 problems.
- Brian White did a nice cleanup of ftp.debian.org
- Bugs were filed for emacs add-on packages not depending on emacs
There are now 13 bugs marked fix, leaving 44 bugs to work on
==============================================================================
Thu, 25 Jun 1998 14:42:07 GMT: 57 release-critical bugs in hamm.
Package: boot-floppies
Maintainer: Enrique Zanardi <sr1-boot-floppies@debian.org>
[FIX] 2.0.8 has been installed, which fixes these bugs.
23842 install.html missing from boot-floppies
Package: bootdisk (pseudo)
Maintainer: Maintainer Group <sr1-boot-floppies@debian.org>
23171 PCMCIA modules don't match kernel version on boot disks
[STRATEGY] Luis Francisco Gonzalez: "This bug is not in the
boot-floppies. The idea was to make sure we knew that there
is need to wait for the new pcmcia-packages but the bug is
in those packages as we only use the standard
kernel/pcmcia-modules."
Package: cvs-pcl
Maintainer: Tom Lees <tom@lpsg.demon.co.uk>
23812 Emacsen add-on packages must depend on emacsen, not emacsen
Package: cwnn
Maintainer: Keita Maehara <maehara@debian.org>
20539 Overlap between cwnn, wnn, and kwnn
[FIX] wnn 4.2-4 has been installed, bug should be closed
Package: debian-policy
Maintainer: Debian QA <debian-qa@lists.debian.org>
23661 Security issue when accessing documentation through an http
Package: dhttpd
Maintainer: Nicolás Lichtmaier <nick@feedback.com.ar>
23659 /var/www/doc symlink introduces a security weakness
This is probably the as bug 23661.
Package: dpkg
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
1797 upgrade/downgrade dependency calculation problem
17381 dpkg: please add --force-overwrite-inexistant-files and def
17624 dpkg: installs regular dir when .deb contains symlink !
20401 Problems updating bo -> hamm
21182 dpkg: dpkg can go into an infinite loop with --force-config
23520 dpkg dumps core while reading /var/lib/dpkg/status
Package: dpkg-dev
Maintainer: Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
20776 dpkg-dev: dpkg-dev does not use emacsen-commen method of in
21186 dpkg-dev: dpkg-dev has a file also provided in dpkg
Package: dpkg-python
Maintainer: Klee Dienes <klee@debian.org>
23059 .py files must not install files into /usr/lib/python
[FIX] Fixing this would break other packages in hamm. Gregor Hoffleit
(python maintainer) said he would change the severity level of
the bug to 'normal'. Matthias Klose will fix it in slink.
Package: elib
Maintainer: Tom Lees <tom@lpsg.demon.co.uk>
23810 Emacsen add-on packages must depend on emacsen, not emacsen
Package: emacs19
Maintainer: eichin@kitten.gen.ma.us (Mark W. Eichin)
23742 emacs19 should probably be just "emacs"
Package: emacs20
Maintainer: Rob Browning <rlb@cs.utexas.edu>
22577 compile of pcl-cvs.el fails (cannot load "cookie")
Package: ftp.debian.org (pseudo)
Maintainer: Guy Maor <ftpmaster@debian.org>
16652 javalex: bad dependencies
22946 We have two priority: standard emacs.
Package: general (pseudo)
Maintainer: debian-devel@lists.debian.org
23867 Critical permissions bug on /lib and /tmp
Package: hyperlatex
Maintainer: Matthias Klose <doko@debian.org>
23809 Emacsen add-on packages must depend on emacsen, not emacsen
Package: infocom
Maintainer: Brian White <bcwhite@pobox.com>
23563 infocom: /usr/doc/infocom/copyright doesn't include a licen
Package: kdebase (i386 contrib)
Maintainer: Stephan Kulow <coolo@kde.org>
23655 kdebase includes /etc/X11/Xsession
Package: libc5-dev (m68k main)
Maintainer: Helmut Geyer <Helmut.Geyer@iwr.uni-heidelberg.de>
19347 libc5-dev: no-copyright-file LI#82
[STRATEGY] libc5-dev can be removed from m68k once libc5 5.4.38-1.1 has
been compiled for it.
Package: libc6
Maintainer: Dale Scheetz <dwarf@polaris.net>
20714 Current libc6 is a beta.
[FIX] Dale Scheetz uploaded 2.0.7 on June 20
20799 getgrnam does not return when group name does not exist
[FIX] Fixed in 2.0.7, which Dale Scheetz uploaded on June 20
22626 netbase: bugtraq says: RPC services are subject to Denial o
[FIX] Fixed in 2.0.7, which Dale Scheetz uploaded on June 20
22790 libc6: login(3) does not reuse dead entries
[FIX] Fixed in 2.0.7, which Dale Scheetz uploaded on June 20
23698 Linux-security says: Beware of dangerous enviroment (libc6)
[STRATEGY] Merge a patch from Ulrich Drepper which he posted on linux-security
a month ago.
Package: libc6-dev
Maintainer: Dale Scheetz <dwarf@polaris.net>
[HELP] Dale Scheetz: "I have not had a chance to even read these
reports yet. Some outside help determining what should, or
shouldn't change would be helpful here."
(My translation: send him patches :-)
19797 libc6-dev: use of /tmp/*$$ in an insecure fashion
[FIX] Fixed in 2.0.7, which Dale Scheetz uploaded on June 20
21884 libc6-dev: relative links between top-level dirs
Package: libdb1-dev (alpha main)
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
[FIX] Handle bug#23245 to ftp.debian.org, which requests removal of libdb
from hamm.
19351 libdb1-dev: no-copyright-file LI#86
Package: libreadline2
Maintainer: Guy Maor <maor@debian.org>
22941 libreadline2 depends on libc6
Package: libreadlineg2
Maintainer: Guy Maor <maor@debian.org>
23035 bash: Not 8-bit clean.
Package: libtool
Maintainer: Frederic Lepied <Lepied@debian.org>
23884 libtool: Insecure use of /tmp (?)
Package: login
Maintainer: Guy Maor <maor@debian.org>
22191 login: does not chown /dev/vcs* anymore
[NOTE] This was recently discussed on debian-devel.
Package: mailx
Maintainer: Loic Prylli <lprylli@graville.fdn.fr>
23880 [alvaro@lander.es: [linux-security] security hole in mailx]
Package: modutils
Maintainer: Wichert Akkerman <wakkerma@debian.org>
22612 modutils package is difficult to upgrade from bo
[HELP] Need people to upgrade from bo machines, try to reproduce.
Wichert: "I can't reproduce that one. I found a glitch in the
postinst though which I fixed. I guess I have to wait for some
people to upgrade more bo machines to check if it works."
Update: 1 success report received.
Package: mtools
Maintainer: Mark Eichin <eichin@kitten.gen.ma.us>
23604 mtools: insecure use of /tmp
Package: nas
Maintainer: Steve McIntyre <stevem@chiark.greenend.org.uk>
23841 nas: init.d script fails to start au because of missing pat
Package: nonus.debian.org (pseudo)
Maintainer: Sven Rudolph <sr1@inf.tu-dresden.de>
This is being maintained by Heiko Schlittermann <heiko@lotte.sax.de>.
18572 nonus.debian.org: remove des-solnet_1.03-5.deb
18785 nonus.debian.org: incoming backlog
20773 nonus.debian.org: please remove gnupg from frozen
21423 Dpkg-ftp can't handle alternative distributions
[HELP] Yann Dirson: "This used to work until some date I don't know
exactly. I guess that non-us has changed the paths they use
in the Packages file." (more info, and workaround, in the bug
entry itself)
(Bug has been reassigned from dpkg-ftp to nonus.debian.org)
22287 nonus.debian.org with incorrect layout
Package: passwd
Maintainer: Guy Maor <maor@debian.org>
21275 passwd: useradd violates base-passwd's rules
Package: plan
Maintainer: telmerco@debian.org (Colin R. Telmer)
23483 plan: does not register user+group `netplan'
Package: smail
Maintainer: Soenke Lange <soenke@escher.north.de>
23717 smail: smtp entry in inetd.conf gone after smail upgrade
Package: ssh (i386 non-us)
Maintainer: Philip Hands <phil@hands.com>
[FIX] Philip Hands uploaded 1.2.25-1 on June 18, which fixes both the debug
message and the security fix.
22470 ssh: ssh spits out debugging messages because of socks4
[FIX] "I just uploaded 1.2.23-1 without socks support. I'll wait for
the problem to be resolved in libsocks before putting it back
in again."
Package: svgalib-bin
Maintainer: Andy Mortimer <andy.mortimer@poboxes.com>
23601 svgalib-bin: insecure use of /tmp
[FIX] Install 1.2.13-3.3
Package: wu-ftpd-academ
Maintainer: Heiko Schlittermann <heiko@lotte.sax.de>
17401 netstd overwrites ftpd.8.gz
20355 wu-ftpd: contains ftpd.8.gz which is also present in netstd
Package: xbase
Maintainer: Branden Robinson <branden@debian.org>
[HELP] See http://master.debian.org/~branden/xsf.html for detailed
discussion of these problems and ways you can help.
22877 xbase: xdm port, and X applications
[HELP] "These have been forwarded upstream but I haven't heard anything
from XFree86 about them to date. Fixing them is beyond my knowledge."
Package: xinetd
Maintainer: Norbert Veber <nveber@debian.org>
23866 xinetd: problems while installing
Package: xlib6g
Maintainer: Branden Robinson <branden@debian.org>
23274 xlib6g: Upgrading to 3.3.2.1-1 breaks keyboard
[FIX] Probably fixed in 3.3.2.2-1, which has been installed in hamm
Package: xviewg-dev
Maintainer: Martin Buck <mbuck@debian.org>
23598 xviewg-dev (cv2xview): insecure use of /tmp
--
To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: