Hi! The changes I had made were based on a patch that was sent to the
mailing list thread at [1], aand here's a link to the patch[2].
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794
[2]
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=24;filename=nmudiff.atop;att=1;bug=622794
--
Hi, I'm uploading a second debdiff file with changes as in the above
link and a corrected changelog.
** Patch added: updated patch for maverick
https://bugs.launchpad.net/ubuntu/+source/atop/+bug/820497/+attachment/2729207/+files/atop_1.23-1ubuntu1.debdiff
** Changed in: atop (Ubuntu
Public bug reported:
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in
the LD_LIBRARY_PATH, which allows local users to gain privileges via a
Trojan horse shared library in the current working directory.
The bug exists in src/gnome-shell.in in the following snippet.
232
The patch for the same would be as follows :-
LD_LIBRARY_PATH = os.environ.get('LD_LIBRARY_PATH')
if LD_LIBRARY_PATH:
env['LD_LIBRARY_PATH'] = os.environ.get('LD_LIBRARY_PATH', '') + ':' +
mozjs_libdir
else:
env['LD_LIBRARY_PATH'] = mozjs_libdir
** CVE added:
For some reason I'm not able to build the source I get via apt-get
source, so I'm attaching the patch instead of the debdiff. Please find
attached a file which is to be patched against src/gnome-shell.in
Hope this helps, Cheers!
** Patch added: cve-2010-4000.patch
Public bug reported:
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands
via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-0996.
This is how opensuse patches it(check out dhcpcd-3.2.3-option-
checks.diff) in the following link :-
** Changed in: dhcpcd (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/931036
Title:
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary
Please find attached a debdiff for maverick based on the patch used for
opensuse(linked above). The netbios message related stuff has been
omitted.
** Patch added: dhcpcd_3.2.3-7ubuntu1.debdiff
Oh, as they were not included in any formal released version I too think
now that a CVE would be unnecessary. I'll attach a debdiff for the same
asap.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
My apologies, the patch I had attached were from another testing
directory I had and not the final one. Please find attached the correct
defdiff file.
As part of testing :-
= I tried building the deb file debuild
= installing it dpkg -i debfile
=I tried running the it as sudo dhcpcd eth0 and the
Please find attached the debdiff for the same.
** Patch added: vdr_1.6.0-18ubuntu2.debdiff
https://bugs.launchpad.net/ubuntu/+source/vdr/+bug/930700/+attachment/2739154/+files/vdr_1.6.0-18ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I just attached another debdiff in which I've corrected maverick to
maverick-security.
** Patch added: dhcpcd_3.2.3-7ubuntu1.debdiff
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/931036/+attachment/2740798/+files/dhcpcd_3.2.3-7ubuntu1.debdiff
--
You received this bug notification
A minor update on the patch, with maverick changed to maverick-
security.
** Patch added: ktsuss_1.4-1ubuntu1.debdiff
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/931036/+attachment/2740805/+files/ktsuss_1.4-1ubuntu1.debdiff
--
You received this bug notification because you are a
** Patch removed: ktsuss_1.4-1ubuntu1.debdiff
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/931036/+attachment/2740805/+files/ktsuss_1.4-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3618
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or
Please find attached, debdiff for 10.10 Maverick.
** Patch added: atop_1.23-1ubuntu1.debdiff
https://bugs.launchpad.net/ubuntu/+source/atop/+bug/820497/+attachment/2725991/+files/atop_1.23-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Hi Steve,
I've corrected the above mentioned issues; please find attached a patch
for lucid; I'll attach a patch for maverick and pass it over upstream
asap.
Cheers!
** Patch added: icecast2_2.3.2-5ubuntu1.10.04.1.debdiff
Hi,
I've attached the patch for maverick along.
** Patch added: icecast2_2.3.2-5ubuntu1.10.10.1.debdiff
https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782/+attachment/2787444/+files/icecast2_2.3.2-5ubuntu1.10.10.1.debdiff
--
You received this bug notification because you are a
Please find attached, a debdiff that patches the issue by trimming at
occurances of \r or \n. Tested on lenny. After applying the, you
have :-
$ echo -ne GET
/non-existent''%20No%20such%20file%20or%20directory%0d%0a[1970-01-01%20%2000:00:00]%20PHUN%20I'm%20feeling%20phunny%0d%0a[`date
Please find attached a new debdiff which replaces \r and \n with '_',
rather than trim the string.
** Patch added: icecast2_2.3.2-5ubuntu2.debdiff
https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/894782/+attachment/2767108/+files/icecast2_2.3.2-5ubuntu2.debdiff
--
You received this
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: avra
There is a buffer overflow bug in avra1.2.3a which might lead to memory
corruption, at the very most. Privilege escalation nor any kind of local
exploitation is expected as it runs with the
21 matches
Mail list logo