Raoul | 1 Feb 01:00 2007

Bug#407706: ITA: ttf-dustin -- Various TrueType fonts from dustismo.com

I'm adopting ttf-dustin.

Ben Hutchings | 1 Feb 01:13 2007

Bug#409220: iceweasel: Password Manager may fill credentials into bogus login forms

Package: iceweasel
Severity: important
Tags: security, upstream

This is upstream bug #360493 and CVE-2006-6077.

The bug is architectural: the Password Manager associates login
credentials with domains and will fill them into any form in a page
from that domain that looks like a login form.  Some web sites host a
login page and user-provided pages in the same domain, with the latter
allowed to include forms.

This is generally fixable by the site operator filtering out password
fields from user-provided pages, as MySpace has now done, but we
cannot rely on all such sites to do this.  However there is no clear
way to fix this in the browser.

Proposed changes (from the upstream bug report) include:

1. Don't pre-fill forms.  This can be achieved trivially by a
preference change, but does not protect against forms that prompt for
a username and also contain a password field that's hidden by style
rules.  It also doesn't provide a cue as to whether a form will
submit credentials to the "expected" location.

2. Associate credentials with pages, not domains.  (IE 7 does this,
apparently.)  However, on many sites because there are many possible
login URLs (sometimes an infinite number) and each one that is used
will get its own set of credentials.  No single heuristic will work to
(Continue reading)

Drew Parsons | 1 Feb 01:04 2007

Bug#301649: closed by Mike Hommey <glandium <at> debian.org> (Bug#301649: fixed in iceape 1.0.7-3)

On Wed, 2007-01-31 at 14:48 -0800, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> #301649: update xprt dependency to xprint,
> which was filed against the iceape-browser package.
> It has been closed by Mike Hommey <glandium <at> debian.org>.
> >      + iceape is built without xprint support, drop outdated and useless
> >        Suggests to xprt. Thanks to Andreas Metzler. Closes: #301649.

Any particular reason why you dropped xprint support on iceape?  
"outdated and useless" are immensely inflammatory words.  


Mark Whitis | 1 Feb 01:31 2007

Bug#409221: /usr/bin/sort: sort produces incorrectly sorted output

Package: coreutils
Version: 5.97-5.2
Severity: important
File: /usr/bin/sort

The following is a snipet of the output from sort with no options (which
should sort the entire line):
(Continue reading)

Sune Vuorela | 1 Feb 01:29 2007

Bug#408270: onak: missing dep on adduser

On Wednesday 31 January 2007, Masami Ichikawa wrote:
> Hi.
> I wrote a patch.
> I added dependency on adduser and delete account.
> also added delete account to postrm file.


Please _only_ remove the user if you are 110% sure that the user does not own 
_any_ file or _any_ dir on the entire system.

Else something else later might get the same uid and suddenly can fill the 



How might I download from the port?

First you should never install on a mother board to send to the command prompt 
of a modem.

Bug#409222: linux-image-2.6.18-3-686: on system with absolutely no SATA drives - 'ata1: port is slow to respond, please be patient'

Package: linux-image-2.6.18-3-686
Severity: normal

adds nearly two minutes to the boot time as the timeouts on both
ata1 and ata2 are nearly 50 seconds - 30 seconds waiting time
each plus several 5 second retries.


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.16-1-686 #2 Mon Apr 10 22:16:40 UTC 2006 i686

Brice Goglin | 1 Feb 01:29 2007

Bug#145048: libxt6: XtAppInitialize() SEGVs if an app-defaults file #includes itself

Alexander Hosfeld wrote:
> * Brice Goglin wrote on 01 Feb 2007:
>> Hi,
>> About 4 years ago, you reported a bug to the Debian BTS regarding xterm
>> segfault when app-defaults #include itself. Did you reproduce this
>> problem recently? If not, I will close this bug in the next weeks.
> Yes, it is still reproducible. Testet with 
> - xserver-common 4.3.0.dfsg.1-14sarge2 on Sarge
> - xserver-xorg 7.1.0-5, xterm 210-3.1 on Debian Etch

Ok thanks.

> But I don't think, that this a xterm problem. Perhaps this bug should
> be assigned to xlibs, xlibs-data or something like that. 

It has already been reassigned to libxt6.


Mark Whitis | 1 Feb 01:49 2007

Bug#409223: /etc/skel/.bashrc: PROMPT_COMMAND not exported

Package: bash
Version: 3.1dfsg-8
Severity: normal
File: /etc/skel/.bashrc

The PROMPT_COMMAND definition in /etc/skel/.bashrc is missing "export".
   - If you type sh to get a subshell (or shell out of another program)
     you lose all the extra stuff in your prompt and the terminal
     window title will not reflect your title.
   - If you use "su", your terminal windows title will not reflect
     the fact that you are root or track your directory.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages bash depends on:
ii  base-files                   4           Debian base system miscellaneous f
ii  debianutils                  2.17.4      Miscellaneous utilities specific t
ii  libc6                        2.3.6.ds1-9 GNU C Library: Shared libraries
ii  libncurses5                  5.5-5       Shared libraries for terminal hand

bash recommends no packages.

(Continue reading)

Don Armstrong | 1 Feb 01:48 2007

Bug#408150: bugs.debian.org: debian-admin pseudo-package.

On Wed, 31 Jan 2007, Don Armstrong wrote:
> On Wed, 31 Jan 2007, Ryan Murray wrote:
> > Odd, I thought pseudopackages still came from ftpmaster?
> b.d.o gets all the bugs, and owner <at>  has the actual power to create
> them.

Ah; I understand what you're getting at now. Yes, the pseudopackages
currently do come from dak, but I think that's just because AJ had
both hats and it was easier to do? Previous to that it looks like they
were just created by concatenating the pseudo-package.maintainer file
and the Maintainers file from the archive.

In any event, I'll hold off since it seems like the RT is well on it's

Don Armstrong


The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair.
 -- Douglas Adams  _Mostly Harmless_

http://www.donarmstrong.com              http://rzlab.ucr.edu

Nelson A. de Oliveira | 1 Feb 01:56 2007

Bug#409225: Can't update from python-uno_2.1-2 to python-uno_2.1-3

Package: python-uno
Version: 2.1-3
Severity: serious
Tags: experimental


Today while trying to update python-uno from version 2.1-2 to 2.1-3,
I've got:

Preparing to replace python-uno 2.1-2 (using .../python-uno_2.1-3_i386.deb) ...
Traceback (most recent call last):
  File "/usr/bin/pycentral", line 1373, in ?
  File "/usr/bin/pycentral", line 1367, in main
    rv = action.run(global_options)
  File "/usr/bin/pycentral", line 952, in run
    pkg.remove(runtimes, remove_script_files=True)
  File "/usr/bin/pycentral", line 697, in remove
AttributeError: 'NoneType' object has no attribute 'remove_byte_code'
dpkg: warning - old pre-removal script returned error exit status 1
dpkg - trying script from the new package instead ...
Traceback (most recent call last):
  File "/usr/bin/pycentral", line 1373, in ?
  File "/usr/bin/pycentral", line 1367, in main
    rv = action.run(global_options)
  File "/usr/bin/pycentral", line 952, in run
    pkg.remove(runtimes, remove_script_files=True)
(Continue reading)