tags 517038 + confirmed upstream
forwarded 517038 http://bugzilla.icculus.org/show_bug.cgi?id=4035
thanks
Hi,
* HoverHell hoverh...@gmail.com [2009-03-09 19:17]:
Nico Golde wrote:
I can not reproduce this. I think this may be some problem
with your configuration. Can you upload your
: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow.
CHeers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpuvwbIdO0em.pgp
Description: PGP signature
2.6.26-1 on lenny and squezze installation medium do not.
Manually loading ixgbe does not help either.
Sincerly,
Nico
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.29 (SMP w/2 CPU cores
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642
http://security-tracker.debian.net/tracker/CVE-2009-0642
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpOolavT15hs.pgp
Description: PGP
Hi,
I forgot to edit all data in the template and missed the
other bug as it was missing in our security-tracker. merged
them and adapted severity.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double
tags 517639 + patch
tags 522939 + patch
Hi,
attached is a patch for an NMU to fix this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ruby1.8-1.8.7.72/debian/changelog
different protocols, fingerprint remote
operating systems, audit TCP/IP stacks, etc. hping3 is scriptable
using the Tcl language.
What is the reason for orphaning it? I might be interested
in taking it over.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
If I remember the behaviour correctly I've had my default network
disabled and set to another IP adress/subnet. After I've enabled the
network the guest started. But why I have to mantain an, unwanted default
network? Of course, I've configured my own DMZ virtual network. Or, do
I've undestood
Hi,
nope this is not covered by CVE-2009-1241, new CVE id/s
pending.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpO0OOoLwceE.pgp
Description: PGP signature
Hi,
what is the current status of this bug, anyone still working
on this?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3wKxK6LrVs.pgp
Description: PGP signature
is also the
upstream. Sorry but this workflow sucks! Debian can allocate
CVE ids if you need them and I see no reason why a fixed
package is not already in unstable.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry if we get one in time.
Cheers
Nico
Hi,
I intent to NMU this bug, quite some time passed since this
was initally reported.
Attached is a debdiff.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ruby1.9-1.9.0.2
/cvename.cgi?name=CVE-2009-0115
http://security-tracker.debian.net/tracker/CVE-2009-0115
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpHN1ZFfgY3l.pgp
Description: PGP signature
any good in any
sense (including the security POV).
As providing security support for the ice* suite is already
PITA and I see no reason why we should include this given
that we have ice* I strongly oppose to include this to
Debian.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
/tracker/CVE-2009-0583
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpgQkGJPWouQ.pgp
Description: PGP signature
Package: ftp.debian.org
Severity: normal
Hi,
please remove amaya from unstable. The reasons are available on:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522240#10 and
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
/exploits/8321
I suppose removing amaya from unstable would be the most elegant fix here.
I filed a removal bug for ftp.debian.org
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted
problems. So this would be a nice feature.
Cheers
Nico
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
in an in_play action.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1045
http://security-tracker.debian.net/tracker/CVE-2009-1045
--
Nico Golde - http
-next-20090324.
The obvious fix is to sort by mtime (ls -t1). All other algorithm trying to
guess which prefix is newer or older will fail sooner or later.
Sincerly,
Nico
-- Package-specific info:
*** BEGIN /proc/mounts
/dev/root / jfs rw,noatime 0 0
/dev/mapper/home /home
Hi,
* Christophe Mutricy xto...@chewa.net [2009-04-02 00:36]:
Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit :
CVE-2009-1045[0]:
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
| denial of service (stack consumption and crash) via a long input
| argument
Package: qemu
Version: 0.10.1-1
Please compile qemu with kvm integration.
See the qemu doc:
-enable-kvm
Enable KVM full virtualization support. This option is only available if
KVM support is enabled when compiling.
Thanks.
NicoP.
--
To UNSUBSCRIBE, email to
glibc specific is probably
not the best way to go, as there's already a messy #ifdef below
to catch the SO_PEERCRED case.
Maybe getting rid of the whole section and making the socket group
read/writable only is the better way?
Sincerly,
Nico
--
Think about Free and Open Source Software (FOSS
that in the security tracker:
http://security-tracker.debian.net/tracker/CVE-2009-0758
Nico, do you consider that important enough for a s-s-u upload?
As avahi is mostly used on end-user desktop machines and
this feature is switched off by default (and I don't expect
end-users and typical
-0887
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpRIxXezVNYj.pgp
Description: PGP signature
Package: ftp.debian.org
Severity: normal
Please remove iceweasel-firegpg, see #514386 for the
reasons.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpZwIKzpfDDs.pgp
Description
Hi,
I set the severity to important for now as this can't really
be triggered by an attacker but needs interaction from the
adminstrator. Maybe we should even handle this as a regular
bug rather than a security issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de
?name=CVE-2009-0876
http://security-tracker.debian.net/tracker/CVE-2009-0876
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp9noS7oY8eY.pgp
Description: PGP signature
Hi,
this bug was marked as pending on February 24th. What is
missing for the upload? Do you need an NMU?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpHSyAg1Q2kt.pgp
Hi,
I intent to upload a 0-day NMU for this in order to get this
fixed synchronized with the oldstable and stable DSAs.
A debdiff is attached and archived on:
http://people.debian.org/~nion/nmu-diff/curl-7.18.2-8_7.18.2-8.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
is the version before
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revrevision=16654
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpVk12vbeduy.pgp
Description: PGP
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6176
http://security-tracker.debian.net/tracker/CVE-2008-6176
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpAsqXhcvJlm.pgp
Description: PGP
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6176
http://security-tracker.debian.net/tracker/CVE-2008-6176
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgphdrwQov84Y.pgp
Description: PGP
Hi,
* HoverHell hoverh...@gmail.com [2009-02-26 16:14]:
Nico Golde wrote:
* hell h...@hell.orts.ru [2009-02-25 13:39]:
Configuration (rc.xml):
... followMouseyes/followMouse ...
... keybind key=W-Tab action name=ShowMenu
menuclient-list-combined-menu/menu ...
... keybind key=A-Tab
Hi,
sorry for the late reply, I was on vacation.
* Sam Hartman hartm...@debian.org [2009-02-28 12:32]:
Nico == Nico Golde n...@debian.org writes:
Nico Hi, * Eike Sauer eikesa...@t-online.de [2009-02-27 17:47]:
Am Freitag, 27. Februar 2009 schrieb Nico Golde: libkrb5-3
. was it fixed in unstable only, or also in stable (at the
time)?
At the time of doing this update I did not work on security
issues affecting stable, we still don't have one security
team for both.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
in
MSG_PEEK.
Feb 26 21:56:01 elrond kernel: TCP(fetchmail:22020): Application bug, race in
MSG_PEEK.
I should be able to catch this in a TCP dump if needed.
That would be nice, please do so.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security
.2 (0x7f737bbde000)
dpkg -S libgssapi_krb5.so.2
libkrb53: /usr/lib/libgssapi_krb5.so.2
libkrb53: /usr/lib/libgssapi_krb5.so.2.2
libkrb5-3 is in experimental so I dont see the problem on the fetchmail package
side.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
Hi,
* Eike Sauer eikesa...@t-online.de [2009-02-27 17:47]:
Am Freitag, 27. Februar 2009 schrieb Nico Golde:
libkrb5-3 is in experimental so I dont see the problem on the fetchmail
package side.
Ah, I see.
libkrb5-3 states it Replaces: libkrb53, but it doesn't provide
libgssapi_krb5
window.
Thanks for the report. I don't quite get the first part of
the problem. Would you be able to show in a screenshot or
screencast what you mean?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
Hi,
* Daniel Moerner dmoer...@gmail.com [2009-02-23 10:05]:
On Sun, Feb 22, 2009 at 2:39 PM, Maximilian Gaß m...@cloudconnected.org
wrote:
Upstream Author : Nico Golde and Andreas Krennmair
Nico Golde is a Debian Developer, and a member of the Testing Security
Team. I think this suggests
Package: libvirt-bin
Version:0.6.0-1
Hi,
After upgrade to libvirt-bin 0.6.0-1 I do get the following error message
when I try to start a guest:
internal error Failed to add tap interface 'vnet%d' to bridge 'virbr0' :
No such device
With libvirt-bin version 0.5.1-5 everything worked with the
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpkyNtUXDj5W.pgp
Description: PGP signature
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpOhBEVONvCl.pgp
Description: PGP signature
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYkotfFUe5F.pgp
Description: PGP signature
Hi,
any news on this one? We are about to release and it would
be sad to remove bugzilla from lenny. Cherrypicking the fix
from the diff doesn't seem to be an option its 40042 lines
of perl :/
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
by the
security team but please make sure this fix gets into lenny.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpWt6Lwj30qL.pgp
Description: PGP signature
Hi,
* Patrick Matthäi patr...@linux-dev.org [2009-02-07 18:28]:
Nico Golde schrieb:
I don't think this justifies a security update by the security team but
please
make sure this fix gets into lenny.
what about current stable?
That was what I was referring to. In my opinion the impact
reference the CVE id in the changelog if you fix
this.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp41vN3aqXqT.pgp
Description: PGP signature
Hi,
attached is a patch to fix this issue which I will upload as
a 0-day NMU.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u xchat-2.8.6/debian/changelog xchat-2.8.6/debian
Hi,
Ingo, what is the status of this? It would be nice to get
this fixed for lenny.
Did you check back with upstream?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* Samuel Thibault samuel.thiba...@ens-lyon.org [2009-02-01 14:28]:
Nico Golde, le Sun 01 Feb 2009 13:57:49 +0100, a écrit :
Thanks I saw this one when searching for the problem after
receiving the bug report. But it's missing replies ;-P
I'm wondering: maybe the issue is because
Hi,
* Samuel Thibault samuel.thiba...@ens-lyon.org [2009-02-01 02:29]:
Nico Golde, le Sat 31 Jan 2009 16:52:32 +0100, a écrit :
* Samuel Thibault samuel.thiba...@ens-lyon.org [2009-01-31 15:11]:
The linux kernel reports
TCP(fetchmail:5006): Application bug, race in MSG_PEEK.
I
to see the problem. Are there any ways to reproduce this?
Matthias, any idea what is going on here?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpVkW0vma8CV.pgp
Description: PGP
=0field[0]=viewcontains[0]=%field2[0]=viewcontains2[0]=
works even if injecting the order by order is not much of a
use but I am pretty sure that there are other sql
injections as well.
I would be in favor of removing this from lenny until
someone does a complete audit.
Rapphael? ;)
Cheers
Nico
value inputs.
Please mention the CVE id in the changelog if you fix this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpzSUASz8Ljn.pgp
Description: PGP signature
in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0318
http://security-tracker.debian.net/tracker/CVE-2009-0318
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
/tracker/CVE-2009-0317
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp0vzFWZl6OB.pgp
Description: PGP signature
changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0253
http://security-tracker.debian.net/tracker/CVE-2009-0253
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
Hi,
@@ -381,6 +380,9 @@
if (!q) q=pathend;
len = q-p;
+ element = malloc(len + 1);
Are you sure that this can't overflow?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double
update and didn't really caused the breakage by myself I
would be more happy if you could fix this via t-p-u.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp2J150nZTrB.pgp
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0242
http://security-tracker.debian.net/tracker/CVE-2009-0242
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpbuxpx3fifS.pgp
Description: PGP
, locale)
locale.Error: unsupported locale setting
Maybe warn, but not abort?
-- Package-specific info:
** Environment settings:
INTERFACE=text
** /root/.reportbugrc:
reportbug_version 3.48
mode expert
ui text
realname Nico Schottelius
email nico-debian-report...@schottelius.org
no-check-uid
suggest to downgrade it, until there is an approach to reproduce
this bug (don't think is security related, either.)
Looks like it's a 64 bit specific issue, at least I also
can't reproduce it on 32 bit.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
which is why the impact is rated as low.
So if you want to be helpful please provide us detailed information about your
claims and please don't abuse a bug affecting only stable to report your
problem.
[0] http://security-tracker.debian.net/
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
) depends on
libxcursor1 ( 1.1.2), but current 3.4.7.2-3 in Debian repository
does not.
So, please add libxcursor-dev to the Build-Depends field in
debian/control at your convenience. :-)
Thanks! Added in svn, will be included in 3.4.7.2-4.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
Hi,
* Kurt Roeckx k...@roeckx.be [2009-01-17 13:17]:
On Sun, Sep 23, 2007 at 01:56:15PM +0200, Nico Golde wrote:
I wrote a patch which should fix the issue. It is attached.
Kind regards
Nico
--- ircii-pana-1.1/source/hook.c2003-04-11 03:09:07.0 +0200
+++ check/ircii-pana
written to buff[80]. Please fix this by check for count being
= sizeof(buff) -1.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpG7E19hoQyn.pgp
Description: PGP signature
-tracker.debian.net/tracker/CVE-2008-5902
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpLvzBh40jFW.pgp
Description: PGP signature
retitle 511641 xrdp: CVE-2008-590{2,3} arbitrary code execution
thanks
Hi,
CVE-2008-5903 and CVE-2008-5902 have been assigned to these
vulnerabilities, please reference them in the changelog if
you fix this bug.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
and Firefox 3.0.5 download this file Ok.
Looks like wget doesn't follow symlinks.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp6lYBwiuXPt.pgp
Description: PGP signature
Hi,
attached is a patch for a 0-day NMU that fixes this issue.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u uw-imap-2007b~dfsg/debian/changelog uw-imap-2007b~dfsg/debian
.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://security-tracker.debian.net/tracker/CVE-2009-0025
and
https://www.isc.org/node/373
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text
Jonas wanted to prepare updates but I somehow
don't reach him anymore at the moment. I am currently
preparing updates for lenny and stable.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted
Hi,
* A Mennucc deb...@tonelli.sns.it [2008-12-23 22:08]:
On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
[...]
Since the aac vulnerability is fixed by building against the
system-wide faad copy, Andrea is there any issue in this bug
report missing then which is not fixed
Hi,
any news for this one?
This bug is preventing us from requesting an unblock to fix
the security issue avahi recently had for lenny.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted
this is not working.
Patch attached...
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
--- de.po 2008-11-07 17:14:46.0 +0100
+++ de.po.new 2009-01-07 19:08:43.0 +0100
@@ -1317,7
arbitrary code
without this fix. The output of the pixelate function is
just put into popen without any sanitization.
Cheers
NIco
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpXjkUBkO2tL.pgp
=afdccceefa30306cf720a27efd5a29bcc5a916c9
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpMfYpPRoIy5.pgp
Description: PGP signature
thing that is left over for the admin is
- setting the *passwords* !!!
^^^
- creating new users and databases
- read the rest of this text
I'd personally mark this as wishlist but that's up to the maintainer.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
would like to see is:
- all mail boxes with idle in idle it keep the connection open.
- The others get polled (every 300 sec).
Matthias, what do you think about that? Do I miss anything
and this is already possible?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
Hi,
* Diego Biurrun di...@biurrun.de [2008-12-25 22:19]:
On Wed, Dec 24, 2008 at 11:12:34PM +0100, Nico Golde wrote:
* Diego Biurrun di...@biurrun.de [2008-12-24 22:50]:
On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
[...]
Your patch is incorrect and insufficient. You should
, virus removal and some other
cases.
I currently don't Know when I will have the time to do this.
I have attached the diff against 4.68.8 debian package.
I'm afraid this is too late, mailscanner has already been
removed from lenny.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n
/
The coordination is a bit chaotic at the moment, spread over
private mails, irc queries, #xine-private and the bts :/
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpyNFiLQkpWw.pgp
Description
; I'm attaching their patch.
Is this different from CVE-2007-4829 which is fixed in
libarchive-tar-perl 1.38-1 referring to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449544?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text
Hi,
* Diego Biurrun di...@biurrun.de [2008-12-24 22:50]:
On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
I tracked the ogm file issue down to ffmpeg, it's not an
mplayer issue. I reported this as: #509616..
Your
Hi,
attached is a patch to fix this issue. I will upload this as
an NMU now.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u screenie-1.30.0/screenie screenie-1.30.0/screenie
evidently problems.
I'm not a DD, so these need a review and an upload.
I take care of sponsoring the upload for unstable. For
stable security the version looks wrong to me, please use
4.0.1-3.1etch1.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
)
Similar things are done at other places. Looking on the overall code quality I
suggest we remove amaya from lenny unless someone is willing to do a complete
audit.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
Hi,
* Irene Vatton irene.vat...@inria.fr [2008-12-23 17:46]:
Le mardi 23 décembre 2008 à 16:29 +0100, Nico Golde a écrit :
CCed upstream.
I am not sure if it is enough to just fix this CVE id.
Browsing a bit in the code reveals quite a lot of additional
buffer overflows.
The new
/CVE-2008-4610
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
--- libavcodec/vp3.c 2008-12-23 21:06:32.0 +0100
+++ libavcodec/vp3.c.new 2008-12-23 21:07:22.0 +0100
@@ -1165,7 +1165,7
Hi,
I tracked the ogm file issue down to ffmpeg, it's not an
mplayer issue. I reported this as: #509616..
Since the aac vulnerability is fixed by building against the
system-wide faad copy, Andrea is there any issue in this bug
report missing then which is not fixed?
Cheers
Nico
--
Nico
Hi,
as far as I know Ganneff deleted the tarball now from
klecker so we can upload a new one. An update which also
fixes another issue is in preparation.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail
Hi,
what is the status of this issue regarding lenny?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpaP42GdTCfW.pgp
Description: PGP signature
the same (so does pam-opie). But the issue itself is not an important
security issue, downgrading.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFl8rzFAxbm.pgp
Description: PGP
Hi,
* Nico Golde n...@debian.org [2008-12-21 14:00]:
[...]
On connection to the server via a client, if an invalid username is
supplied, a 530 error is immediately returned, instead of a password
prompt being returned before failure.
This is a quite common problem, your local login
-bin/cvename.cgi?name=CVE-2008-5647
http://security-tracker.debian.net/tracker/CVE-2008-5647
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5646
http://security-tracker.debian.net/tracker/CVE-2008-5646
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
they help others. I can
confirm that both fix the described issues.
Cheers
Nico
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240
http://security-tracker.debian.net/tracker/CVE-2008-5240
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
and heap-based buffer overflows.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239
http://security-tracker.debian.net/tracker/CVE-2008-5239
--
Nico
701 - 800 of 2532 matches
Mail list logo