[oCERT 2016-001] Jetty path sanitization issues

2016-05-30 Thread Daniele Bianco
0: contacted affected vendors 2016-05-30: advisory release References: http://www.eclipse.org/jetty/download.html Permalink: http://www.ocert.org/advisories/ocert-2016-001.html -- Daniele Bianco Open Source Computer Security Incident Response Team <dan...@ocert.org>

[oCERT 2015-012] Ganeti multiple issues

2015-12-30 Thread Daniele Bianco
w.ocert.org/advisories/ocert-2015-012.html -- Daniele Bianco Open Source Computer Security Incident Response Team <dan...@ocert.org> http://www.ocert.org GPG Key 0x9544A497 GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497

[oCERT 2015-011] PyAMF input sanitization errors (XXE)

2015-12-17 Thread Daniele Bianco
public pull request 2015-12-12: reporter confirms patch 2015-12-14: contacted affected vendors 2015-12-14: assigned CVE 2015-12-17: advisory release References: https://github.com/hydralabs/pyamf/pull/58 Permalink: http://www.ocert.org/advisories/ocert-2015-011.html -- Daniele Bianco Open

[oCERT 2014-008] libFLAC multiple issues

2014-11-25 Thread Daniele Bianco
=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Permalink: http://www.ocert.org/advisories/ocert-2014-008.html -- Daniele Bianco Open Source Computer Security Incident Response Team dan...@ocert.org http://www.ocert.org GPG Key 0x9544A497 GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D

[oCERT-2014-005] LPAR2RRD input sanitization errors

2014-07-23 Thread Daniele Bianco
: advisory release References: http://www.lpar2rrd.com Permalink: http://www.ocert.org/advisories/ocert-2014-005.html -- Daniele Bianco Open Source Computer Security Incident Response Team dan...@ocert.org http://www.ocert.org GPG Key 0x9544A497 GPG Key

[oCERT-2013-001] File Roller path sanitization errors

2013-07-08 Thread Daniele Bianco
/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 Permalink: http://www.ocert.org/advisories/ocert-2013-001.html -- Daniele Bianco Open Source Computer Security Incident Response Team dan...@ocert.org http://www.ocert.org GPG Key

[oCERT-2011-002] libavcodec insufficient boundary check

2011-08-10 Thread Daniele Bianco
-- Daniele Bianco Open Source Computer Security Incident Response Team dan...@ocert.org http://www.ocert.org GPG Key 0x9544A497 GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497

[oCERT-2010-001] multiple http client unexpected download filename vulnerability

2010-05-17 Thread Daniele Bianco
/A libwww-perl = 5.835 Credit: Vulnerability discovered and reported by Hank Leininger and Solar Designer under the Openwall Project, with further analysis by Daniele Bianco of oCERT. CVE: N/A Timeline: 2009-10-23: vulnerability report received 2010-01-08: further investigations