Debian Bug report logs - #678806
pu: package yaws/1.88-2+squeeze1

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Sergei Golovan <sgolovan@nes.ru>

Date: Sun, 24 Jun 2012 12:24:01 UTC

Severity: normal

Tags: confirmed, pending, squeeze

Fixed in version 6.0.6

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Sun, 24 Jun 2012 12:24:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sergei Golovan <sgolovan@nes.ru>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Jun 2012 12:24:25 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sergei Golovan <sgolovan@nes.ru>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pu: package yaws/1.88-2+squeeze1
Date: Sun, 24 Jun 2012 16:19:48 +0400
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi!

Recently, the random number generator predictability was discovered
in yaws_session_server module of YAWS web server (see [1] and [2]).

I'd like to fix this bug in stable (the debdiff is attached).

The change also fixes grave bug in the YAWS mail application (it
currently can't read its config).

[1] http://sourceforge.net/mailarchive/forum.php?thread_name=20120624072521.GA22850%40k2r.org&forum_name=erlyaws-list
[2] http://erlang.org/pipermail/erlang-questions/2012-June/067566.html

-- System Information:
Debian Release: 6.0.5
  APT prefers proposed-updates
  APT policy: (990, 'proposed-updates'), (990, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
[yaws_1.88-2_1.88-2+squeeze1.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Sun, 24 Jun 2012 15:24:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Jun 2012 15:24:07 GMT) Full text and rfc822 format available.

Message #10 received at 678806@bugs.debian.org (full text, mbox):

From: Cyril Brulebois <kibi@debian.org>
To: Sergei Golovan <sgolovan@nes.ru>, 678806@bugs.debian.org
Subject: Re: Bug#678806: pu: package yaws/1.88-2+squeeze1
Date: Sun, 24 Jun 2012 17:21:50 +0200
[Message part 1 (text/plain, inline)]
Hello,

Sergei Golovan <sgolovan@nes.ru> (24/06/2012):
> +yaws (1.88-2+squeeze1) stable-security; urgency=low
> +
> +  * Added a patch which fixes insufficient random numbers generator strength.
> +  * Fixed a grave bug with config loading in YAWS mail application.
> +
> + -- Sergei Golovan <sgolovan@debian.org>  Sun, 24 Jun 2012 12:36:19 +0400

if you want it through the security channels, please talk to the
security team.

Mraw,
KiBi.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Sun, 24 Jun 2012 16:09:32 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sergei Golovan <sgolovan@nes.ru>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Jun 2012 16:09:32 GMT) Full text and rfc822 format available.

Message #15 received at 678806@bugs.debian.org (full text, mbox):

From: Sergei Golovan <sgolovan@nes.ru>
To: Cyril Brulebois <kibi@debian.org>
Cc: 678806@bugs.debian.org
Subject: Re: Bug#678806: pu: package yaws/1.88-2+squeeze1
Date: Sun, 24 Jun 2012 20:04:17 +0400
On Sun, Jun 24, 2012 at 7:21 PM, Cyril Brulebois <kibi@debian.org> wrote:
>
> if you want it through the security channels, please talk to the
> security team.

I did already. The security team suggested to use the usual point update.

Cheers!
-- 
Sergei Golovan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Fri, 06 Jul 2012 20:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 06 Jul 2012 20:45:03 GMT) Full text and rfc822 format available.

Message #20 received at 678806@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Sergei Golovan <sgolovan@nes.ru>, 678806@bugs.debian.org
Cc: Cyril Brulebois <kibi@debian.org>
Subject: Re: Bug#678806: pu: package yaws/1.88-2+squeeze1
Date: Fri, 06 Jul 2012 21:41:50 +0100
tags 678806 + squeeze confirmed
thanks

On Sun, 2012-06-24 at 20:04 +0400, Sergei Golovan wrote:
> On Sun, Jun 24, 2012 at 7:21 PM, Cyril Brulebois <kibi@debian.org> wrote:
> >
> > if you want it through the security channels, please talk to the
> > security team.
> 
> I did already. The security team suggested to use the usual point update.

Then the changelog shouldn't say "stable-security"...

With that changed, please go ahead.

Regards,

Adam





Added tag(s) squeeze and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 06 Jul 2012 20:45:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Sat, 07 Jul 2012 07:51:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sergei Golovan <sgolovan@nes.ru>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 07 Jul 2012 07:51:14 GMT) Full text and rfc822 format available.

Message #27 received at 678806@bugs.debian.org (full text, mbox):

From: Sergei Golovan <sgolovan@nes.ru>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 678806@bugs.debian.org, Cyril Brulebois <kibi@debian.org>
Subject: Re: Bug#678806: pu: package yaws/1.88-2+squeeze1
Date: Sat, 7 Jul 2012 11:35:06 +0400
On Sat, Jul 7, 2012 at 12:41 AM, Adam D. Barratt
<adam@adam-barratt.org.uk> wrote:
>
> Then the changelog shouldn't say "stable-security"...
>
> With that changed, please go ahead.

Done.

-- 
Sergei Golovan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#678806; Package release.debian.org. (Fri, 13 Jul 2012 01:17:52 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 13 Jul 2012 01:20:10 GMT) Full text and rfc822 format available.

Message #32 received at 678806@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Sergei Golovan <sgolovan@nes.ru>, <678806@bugs.debian.org>
Subject: Re: Bug#678806: pu: package yaws/1.88-2+squeeze1
Date: Thu, 12 Jul 2012 23:50:58 +0100
tags 678806 + pending
thanks

On 07.07.2012 08:35, Sergei Golovan wrote:
> On Sat, Jul 7, 2012 at 12:41 AM, Adam D. Barratt
> <adam@adam-barratt.org.uk> wrote:
>>
>> Then the changelog shouldn't say "stable-security"...
>>
>> With that changed, please go ahead.
>
> Done.

Flagged for acceptance; thanks.

Regards,

Adam




Added tag(s) pending. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 13 Jul 2012 01:42:08 GMT) Full text and rfc822 format available.

Marked as fixed in versions 6.0.6. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 29 Sep 2012 14:03:16 GMT) Full text and rfc822 format available.

Marked Bug as done Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 29 Sep 2012 14:03:17 GMT) Full text and rfc822 format available.

Notification sent to Sergei Golovan <sgolovan@nes.ru>:
Bug acknowledged by developer. (Sat, 29 Sep 2012 14:03:17 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Oct 2012 07:25:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 02:06:58 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.