Michael Gilbert | 21 Dec 21:19 2014
Picon

Bug#773671: libv8-3.14: multiple security issues

package: src:libv8-3.14
severity: grave
tags: security

Hi,

the following vulnerabilities were published for libv8-3.14.

CVE-2013-2632[0]:
| Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
| allows remote attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via crafted
| JavaScript code, as demonstrated by the Bejeweled game.

CVE-2013-2838[1]:
| Google V8, as used in Google Chrome before 27.0.1453.93, allows remote
| attackers to cause a denial of service (out-of-bounds read) via
| unspecified vectors.

CVE-2013-2882[2]:
| Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
| attackers to cause a denial of service or possibly have unspecified
| other impact via vectors that leverage "type confusion."

CVE-2013-2919[3]:
| Google V8, as used in Google Chrome before 30.0.1599.66, allows remote
| attackers to cause a denial of service (memory corruption) or possibly
| have unspecified other impact via unknown vectors.

CVE-2013-6638[4]:
(Continue reading)

Anthony DeRobertis | 21 Dec 21:11 2014
Picon

Bug#773669: See Also isrcsubmit-config(5) missing

Package: isrcsubmit
Version: 2.0.0-1
Severity: normal
File: /usr/share/man/man1/isrcsubmit.1.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The man page has:

SEE ALSO
       isrcsubmit-config(5)

but the package doesn't ship that manpage, nor does it appear any other
package does. I see a doc/isrcsubmit-config.5.rst in the source package, so
it appears that it just didn't make to the binary package.

- -- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (130, 'unstable'), (120, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages isrcsubmit depends on:
(Continue reading)

Askar Safin | 21 Dec 20:09 2014
Picon

Bug#773668: okular shows "jumping" letters in pdf documents generated using pdflatex with russian babel

Package: okular
Version: 4:4.8.4-3+b1
Severity: normal
Tags: l10n

Steps to reproduce:
* Create the following file tex.tex:
\documentclass[a4paper]{article}
\usepackage[russian]{babel}
\begin{document}
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed ...
\end{document}
* pdflatex tex.tex
* okular tex.pdf
* Adjust zoom until you will see ugly "jumping" letters (i. e. one letter is up, and the following letter in
the same word is down). For example, on my laptop with screen resolution 1600 x 900 pixels and physical size
214.8 cm x 381.9 cm zoom 100 % will go

What I see? Well, "jumping" letters. I see something like this: "LOrEm IpSum DOlOr SIT AmEt ...". See
screenshot: http://picpaste.com/y-gh3PH69b.png .

What I expected to see? Normal beautiful text.

Including [russian]{babel} is mandatory to reproduce the bug. [english]{babel} will not go.

But the text itself need not to be in Russian. You don't need even \usepackage[...]{inputenc}.

latex tex.tex + okular tex.dvi - no bug.

latex tex.tex + dvipdfm tex.dvi + okular tex.pdf - no bug.
(Continue reading)

Olly Betts | 21 Dec 21:08 2014

Bug#773579: fontypython: diff for NMU version 0.4.4-1.3

Control: tags 773579 + patch

Output from nmudiff showing the fix mentioned in my previous comment.

Cheers,
    Olly
Dario Minnucci | 21 Dec 20:58 2014
Picon

Bug#773667: unblock: djmount/0.71-7

Package: release.debian.org
Severity: normal
User: release.debian.org <at> packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package djmount

This version fixes RCs #674753 and #701680 (Segfault when attempting to read a file)

debdiff between 0.71-6 and 0.71-7:
- ----------------------------------

diff -Nru djmount-0.71/debian/changelog djmount-0.71/debian/changelog
- --- djmount-0.71/debian/changelog       2013-01-21 22:05:45.000000000 +0100
+++ djmount-0.71/debian/changelog       2014-12-21 19:35:47.000000000 +0100
 <at>  <at>  -1,3 +1,14  <at>  <at> 
+djmount (0.71-7) unstable; urgency=medium
+
+  * debian/patches:
+    + Added: 004-avoid-crash-by-using-size_t.patch:
+      - Fixes segfault on 64-bit architectures when reading files
+        from a mounted DLNA share (Closes: #674753, #701680)
+        Thanks to Bernhard √úbelacker <bernhardu <at> vr-web.de> and 
+        John Paul Adrian Glaubitz <glaubitz <at> physik.fu-berlin.de>
+
+ -- Dario Minnucci <midget <at> debian.org>  Sun, 21 Dec 2014 19:14:14 +0100
+
(Continue reading)

Mert Dirik | 21 Dec 20:55 2014
Picon

Bug#773666: [INTL:tr] Turkish debconf translation update for grub2

Package: grub2
Severity: wishlist
Tags: l10n patch

Please find the attached Turkish translation update of grub2 debconf 
messages.

Best regards
Attachment (grub2_tr.po): text/x-gettext-translation, 18 KiB
Reiner Herrmann | 21 Dec 20:49 2014
Picon

Bug#750838: tlf: Homepage field points to download file

Control: tag -1 + patch

Hi,

I attached a patch that changes the homepage and adds a watch file.

Regards,
 Reiner
Attachment (tlf.patch): text/x-patch, 913 bytes
Jakub Wilk | 21 Dec 20:46 2014
Picon

Bug#773665: DMD: misleading "already in experimental, but not in unstable"

Package: qa.debian.org
Severity: minor

https://udd.debian.org/dmd/?packages=afl#todo says "New upstream version 
available: 0.93b (already in experimental, but not in unstable)". But 
there's only afl 0.90b in the archive, so 0.93b is not "already in 
experimental".

--

-- 
Jakub Wilk

Thomas Vincent | 21 Dec 20:11 2014
Picon

Bug#752726: Bug #752726: Unable to reproduce

Hello,

Damien 'drazzib' Raude-Morvan and I tried to reproduce this bug in
chroots (with sbuild) in both jessie and sid:

* using the current stumpwm package from sid and setting clisp as the
   compiler
* creating a complete chroot from snapshot.debian.org (20140625)
   corresponding to the date this bug report was filled

We were in each case unable to reproduce this bug both about the build
and the command given in message #21.

Cheers,
Thomas

Mario Kothe | 21 Dec 19:58 2014

Bug#773646: Fwd: Re: Bug#773646: Backports : linux-image-3.16.0-0.bpo.4-amd64 not booting dracut fallback

The install of initramfs-tools replaced the dracut, but in the repository the Version of the dracut ist as follows:

Package: dracut
Version: 020-2
Installed-Size: 668


-------- Forwarded Message -------- Subject: Date: From: Reply-To: To:
Re: Bug#773646: Backports : linux-image-3.16.0-0.bpo.4-amd64 not booting dracut fallback
Sun, 21 Dec 2014 18:17:33 +0000
Ben Hutchings <ben <at> decadent.org.uk>
773646 <at> bugs.debian.org
Mario Kothe <mario.kothe <at> googlemail.com>


On Sun, 2014-12-21 at 19:04 +0100, Mario Kothe wrote: > On 21.12.2014 16:03, Ben Hutchings wrote: > > On Sun, 2014-12-21 at 15:13 +0100, Mario Kothe wrote: > >> I tried it with the initramfs-tools. Still no change. Error messsage is > >> the same: > >> > >> dracut Warning: Could not boot. > >> dracut Warning: "/dev/disk/by-uuid/...." does not exist > >> > >> Droping to debug shell. > >> > >> And yes it is a dracut bug. > >> > >> > >> Here the install messages from installing initramfs-tools > > [...] > >> Setting up initramfs-tools (0.115~bpo70+1) ... > >> update-initramfs: deferring update (trigger activated) > >> Processing triggers for initramfs-tools ... > >> update-initramfs: /boot/initrd.img-3.2.0-4-amd64 has been altered. > >> update-initramfs: Cannot update. Override with -t option. > >> root <at> nova:/etc# reboot > > Oh, well you need to tell initramfs-tools to rebuild the initramfs too: > > > > update-initramfs -u -t -k 3.16.0-0.bpo.4-amd64. > > > > Ben. > > > Ok, totally forgot that part with the update-initramfs. It works now > with kernel. > > Thank you for fast answers and replies. Please reply to the bug address (773646 <at> bugs.debian.org) and state which version of dracut you are using. Ben. -- -- Ben Hutchings Reality is just a crutch for people who can't handle science fiction.

Ian Campbell | 21 Dec 19:41 2014
Picon

Bug#773664: [I18N:de] Updated German translation of debconf templates

Package: src:grub2
Severity: wishlist
Tags: patch, l10n
Control: submitter -1 Martin Eberhard Schauer <Martin.E.Schauer <at> gmx.de>
Picon Picon
From: Martin Eberhard Schauer <Martin.E.Schauer <at> gmx.de>
Subject: grub2 2.02~beta2-18: German debconf template translation
Date: 2014-12-21 18:02:19 GMT
Hi Ian,
sorry for the late reply.

 > You are noted as the last translator of the debconf translation for
 > grub2.

I'm quite proud of this prominent contribution to Debian :-)

Unfortunately the two new strings did not get a review on 
debian-l10n-german.
But I had a second and a third glance at the translation.

Kind regards,
    Martin

Attachment (grub-de.po): text/x-gettext-translation, 17 KiB

Gmane