Bug#580342: sudo: Memory access after free()

Bdale, what's your stance on this? Regards, Joey Alexandra N. Kossovsky wrote: > Package: sudo-ldap > Version: 1.6.9p17-2+lenny1 > Severity: grave > Tags: security patch > Justification: user security hole > > Hello. > > Following patch fixes memory access after free(): > > --- pars

Bug#506479: manpages-dev: tries to overwrite /usr/share/man/man3/pthread_attr_setschedpolicy.3.gz from glibc-doc

Michael Kerrisk wrote: > Just for debian's info: you definitely want the man-pages page. The > pthreads pages that I have been recently adding to man-pages are far > better than the ancient glibc pages. Ack. I've opened Bug#506515 requesting this. Regards, Joey -- No question is too

Bug#474951: [pkg-lighttpd] Bug#474951: Is a fix for etch planned?

Philipp Kern wrote: > On Tue, Apr 15, 2008 at 08:39:03AM +0200, Pierre Habouzit wrote: > > Dear security team, you broke lighttpd badly with your last upload, > > because you use a broken patch to fix the last CVE on it. Please update > > the patch, using e.g. the one in the unstable version inst

Bug#461804: Confirmed not confirmed

Bug confirmed Recompile sufficient not confirmed Regards, Joey -- The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? C

Bug#440160: sysklogd uses /var/log/mail.log .err .info instead of /var/log/mail/mail.log .err .info

[EMAIL PROTECTED] wrote: > Package: sysklogd > Version: 1.5-1 > Severity: critical > Justification: breaks unrelated software > > I don't really know if it is new sendmail config, proftpd config or new > sylogd config, but many of my log files have been deactivated and replaced by > others in o

Bug#438540: libid3-3.8.3c2a: creates insecure temporary files

Nikolaus Schulz wrote: > Package: libid3-3.8.3c2a > Version: 3.8.3-6 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > when tagging file $foo, a temporary copy of the file is created, and for some > reason, libid3 doesn't use mkstemp but just creates $foo.XX

Bug#435521: closed by Mark Purcell <[EMAIL PROTECTED]> (Re: Asterisk SIP DOS Vulnerability)

Faidon Liambotis wrote: > Granted, we have a very very bad record as maintainers of supporting > this security-wise but I think we can try to change that. I certainly > will try my best to provide you with patched versions to upload. > I haven't discuss this with the rest of the team yet but I thin

Bug#427596: sysklogd: patch for #427596

Julien Cristau wrote: > tags 427596 + patch Thanks, fixed in source. Regards, Joey -- The good thing about standards is that there are so many to choose from. -- Andrew S. Tanenbaum Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to

Bug#434844: security update broke xulrunner-xpcom.pc

Mike Hommey wrote: > > On my OOo build on etch: > > > > /home/rene/Debian/Pakete/openoffice.org/openoffice.org-2.3.0/ooo-build/build/current/extensions/source/plugin/base > > dmake: Executing shell macro: $(PKGCONFIG) $(PKGCONFIG_PREFIX) --cflags > > $(PKGCONFIG_MODULES) > > Package 'Mozilla Plug-

Bug#430691: hiki: [security] vulnerability that arbitrary files would be deleted

Steve Kemp wrote: > > Hiki 0.8.0 - 0.8.6 is affected, it means that stable, testing and unstable > > pacakges in Debian are affected. Please update hiki package. > > > > For more detail, see http://hikiwiki.org/en/advisory20070624.html > > Joey if you could allocate an ID I'll upload a fixed

Bug#429462: gunzip does not uncompress anymore, breaks dpkg-source

Bdale Garbee wrote: > Also just talked to James Troup who is in the same room here at Debconf, > and he's running this version of gzip on various buildd systems... so > I'm confused about what might be wrong. Err, since when are source packages *built* on buildd systems? They are unpacked - which

Bug#429462: gunzip does not uncompress anymore, breaks dpkg-source

Bdale Garbee wrote: > On Mon, 2007-06-18 at 17:47 +0200, Martin Schulze wrote: > > Bdale Garbee wrote: > > > > Any idea at where to look? > > > > > > Not really. I freshened my machine to latest unstable this morning... > > > maybe an strace would

Bug#429462: gunzip does not uncompress anymore, breaks dpkg-source

Bdale Garbee wrote: > > Any idea at where to look? > > Not really. I freshened my machine to latest unstable this morning... > maybe an strace would point to something? [shrug] Does this help? finlandia!joey(tty6):/tmp/work> dpkg -l gzip Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/I

Bug#429462: gunzip does not uncompress anymore, breaks dpkg-source

Bdale Garbee wrote: > tags 429462 +unreproducible +moreinfo > thanks > > On Mon, 2007-06-18 at 11:24 +0200, Joey Schulze wrote: > > Package: gzip > > Version: 1.3.12-2 > > Severity: grave > > > > I'm sorry to report but the new version of gzip breaks dpkg-source in > > sid and thus cannot be used

Bug#428964: klogd freaks in vservers

Tobias Vogel wrote: > Package: klogd > Version: 1.4.1 > Severity: grave > > klogd randomly starts using 99& cpu.if work > on the certain vserver is still possible, then > killing the klogd (-9) is the only thing to stop the > process. I assume that you don't have an idea on what's going on there,

Bug#423368: iSCSI cannot be installed

Package: open-iscsi Version: 2.0.730-1 Severity: serious The installation of open-iscsi leads to: honey:~# date Fri May 11 11:58:48 CEST 2007 honey:~# apt-get update Get:1 http://ftp.de.debian.org etch Release.gpg [378B] Hit http://ftp.de.debian.org etch Release

Bug#409147: glibc tzdata2005b out of date for 4 Canadian Provinces.

merge 409147 409148 thanks David Broome wrote: > Package: glibc > Version: glibc-2.3.2.ds1-22sarge4 > Severity: critical > > Hello - tzdata in glibc for stable is based on tzdata2006b (from edits > in 2.3.2.ds1-22sarge1), this does not have the correct PST changes for > this year for 4 Canadian

Bug#405197: CVE name

Please use CVE-2006-5876. Regards, Joey -- GNU GPL: "The source will be with you... always." Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#404888: glib2.0: cannot go into testing; causes gnucash regrsession

Josselin Mouette wrote: > Le jeudi 28 décembre 2006 à 17:29 -0800, Thomas Bushnell BSG a écrit : > > On Fri, 2006-12-29 at 01:56 +0100, Josselin Mouette wrote: > > > Now, if you don't provide us with the necessary data, we won't be able > > > to fix the regression it introduces in gnucash. > > > >

Bug#402010: gosa leaves the ldap admin password readable by any web application

Finn-Arne Johansen wrote: > Package: gosa > Version: 2.5.6-2 > Severity: critical > Tags: security > Justification: root security hole > > > The documentation in gosa tells the admin to install gosa.conf under > /etc/gosa/gosa.conf, and to make it readable by the group www-data. > In this configu

Bug#399187: CVE-2006-5925: ELinks "smb" Protocol File Upload/Download Vulnerability

Julien Cristau wrote: > Hi, > > do the security@ people have a DSA in preparation for links and/or > elinks for CVE-2006-5925, or should I prepare a patch for the stable > versions too? As far as I know, no. Please prepare an update. Regards, Joey -- Given enough thrust pigs will fly

Bug#387089: Sorry, not fixed

reopen 387089 thanks I'm sorry to tell you, but this problem is not yet fixed. Installed version of ca-certificates: ii ca-certificates 20061027Common CA Certificates PEM files There should be a link, but isn't: finlandia!joey(tty1):/etc/ssl/certs> l |grep luo

Bug#358575: mailman 2.1.5-8sarge3: screwup between security and maintainer upload

Lionel Elie Mamane wrote: > let a be an architecture in sarge. Then one of the following holds for > mailman in sarge r3: > > - it is affected by a security problem. > > - it has a severity critical bug. > > Mailman in sid: > > - may or may not suffer of a security problem > > A security pr

Bug#382607: further info on CVE-2006-4041

sean finney wrote: > executive summary for security team: not escaping query strings > can possibly result in SQL injection for apps that use pike+postgresql. > > i've developed a patch which cleanly applies to both the 7.2 and 7.6 > branches that exist in sarge. however, looking more closely at

Bug#372719: regression in FreeType security fix for DSA-1095

gasek wrote: > On Sat, Aug 19, 2006 at 09:28:46AM +0200, Martin Schulze wrote: > > > Well, apparently the -3 package that you said you couldn't find was on > > > security.d.o all along, because this was *not* in the second -3 package > > > that > > > I upl

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Sun, Jul 23, 2006 at 08:51:29PM +0200, Martin Schulze wrote: > > Steve Langasek wrote: > > > On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote: > > > > It appears to be a correct fix for the regression that has been reported.

Bug#329387: [bugzilla #329387] new sarge package that fixes CVE-2005-4534

Alexis Sukrieh wrote: > Moritz Muehlenhoff wrote: > >The distribution should be stable-security instead of > >testing-proposed-updates. Please also remove all the i18n updates: > > Ok, I'll make a new package with the correct distribution. > > The i18n updates are automatically made by the build

Bug#381378: CVE-2006-3913: arbitrary code execution in freeciv

Stefan Fritsch wrote: > Package: freeciv > Severity: grave > Tags: security > Justification: user security hole > > CVE-2006-3913: > "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul > 2006 and earlier, allows remote attackers to cause a denial of service > (crash) and possibly e

Bug#377299: sitebar: CVE-2006-3320: cross-site scripting

Thijs Kinkhorst wrote: > > > CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php > > in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary > > web script or HTML via the command parameter." > > I've already fixed this by NMU in unstable. I've also prepared a

Bug#380054: CVE-2006-2898: Denial of service in Asterisk

Mark Purcell wrote: > On Thursday 27 July 2006 07:34, Martin Schulze wrote: > > The patch used for security is attached. > > Thanks Joey, > > In asterisk 1.2.10 half of that patch is already applied upstream. > > I have applied the other half and am in the process of

Bug#380054: CVE-2006-2898: Denial of service in Asterisk

Package: asterisk Version: 1.2.10.dfsg-1 Severity: grave Tags: security patch A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause au crash of the Asterisk server. The patch used for s

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote: > > > Steve Langasek wrote: > > > As mentioned earlier this month, a regression was found in the freetype > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications t

Bug#356939: "Security" fix for shadow in sarge (#356939)

Christian Perrier wrote: > As a consequence, I hereby ask the security team to DROP the processing > of the 4.0.3-31sarge6 version you have. As you wish, packages deleted. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always C

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Mon, Jun 26, 2006 at 08:36:07AM +0100, Steve Kemp wrote: > > On Sun, Jun 25, 2006 at 03:09:51PM -0700, Steve Langasek wrote: > > > > As mentioned earlier this month, a regression was found in the freetype > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applica

Bug#372719: regression in FreeType security fix for DSA-1095

Hi! Steve Langasek wrote: > As mentioned earlier this month, a regression was found in the freetype > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to crash > with division-by-zero errors. I've prepared a maintainer upload to fix > this regression using the patch from bug #373

Bug#374577: mimms: patch to fix many buffer overflows vulnerability

Anon Sricharoenchai wrote: > Package: mimms > Version: 0.0.9-1 > Severity: grave > Justification: user security hole > Tags: security patch > > According to the patch attached in this report, it has many possible buffer > overflows. > For example, > - memcpy(buf, data, length) without bounding the

Bug#368060: packaging for etch ok -

Here are packages that I would upload if you don't object. http://people.debian.org/~joey/NMU/thuban/ Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Con

Bug#373913: [EMAIL PROTECTED]: CVE-2006-3081 assigned to MySQL str_to_date() DoS]

FYI Regards, Joey - Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> - == Name: CVE-2006-3081 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 Reference: BUGTRAQ:20060614 MySQL D

Bug#372172: CVE-2006-2230: Denial of service in xine-ui

@@ -1,3 +1,12 @@ +xine-ui (0.99.3-1sarge1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Corrected call to report() and printf() to fix format string +vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, +CVE-2006-2230] + + -- Martin Schulze

Bug#368202: sarge: dia: CVE-2006-2480 and CVE-2006-2453: format string vulnerability

Roland Stigge wrote: > Hi, > > besides the upload to unstable, I've backported the upstream patch for > #368202. See attachment. > > Feel free to upload if appropriate. We don't consider it approriate unless you provide us with an attack vector, i.e. automatic processing of files from untrusted

Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished

Martin Pitt wrote: > Hi Joey, > > Martin Schulze [2006-05-28 19:37 +0200]: > > > [1] http://people.debian.org/~mpitt/psql-sarge/ > > > [2] > > > http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff > > > > Thanks a lo

Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished

Martin Pitt wrote: > Hi security team, > > I backported the relevant changes from 7.4.13 and put the sarge > security update to [1]. This time, just putting 7.4.13 into > sarge-security would even have been safer IMHO, and that's what users > would want anyway, but we already had this discussion s

Bug#366816: CVE-2006-2542

angelog @@ -1,3 +1,11 @@ +xmcd (2.6-14woody1) oldstable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Fully implemented non-world-writeable directories [libdi_d/config.sh +alias xmcdconfig, CVE-2006-2542] + + -- Martin Schulze <[EMAIL PROTECTED]> Thu, 2

Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts

Martin Pitt wrote: > Hi Florian, hi security team, hi everyone else, > > just for the record, sid has updated packages already. > > I'm 70% into completing the security update for sarge. However, due to > the nature of the vulns, the patches are enormous, and thus require > meticulous porting and

Bug#359042: freeradius: dpatch for CVE-2006-1354: "EAP-MSCHAPv2 vulnerability"

Alec Berryman wrote: > Package: freeradius > Followup-For: Bug #359042 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Attached dpatch is reformatted from revision 1.11 of > src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c. > > The fix applies and compiles, but I have not do

Bug#365940: Files for a Quagga DSA (RIPD unauthenticated route injection)

Christian Hammers wrote: > Attached you will find a diff that can be used to make a DSA for the > recent Quagga security bug. Thanks a lot for preparing the update. Please also mention CVE-2006-2223 CVE-2006-2224 in the unstable changelog when you're doing the next upload anyway. Regards,

Bug#366927: CVE-2006-2247: Information leak in webcalendar

, CVE-2006-2247] + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 12 May 2006 08:10:15 +0200 + webcalendar (0.9.45-4sarge3) stable-security; urgency=high * Fixed multiple security vulnerabilities only in patch2: unchanged: --- webcalendar-0.9.45.orig/includes/user.php +++ webcalendar-0.9.

Bug#366682: CVE-2006-2162: Buffer overflow in nagios

02/debian/changelog @@ -1,3 +1,11 @@ +nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Add overflow protection for Content-Length [cgi/getcgi.c, +debian/patches/9_CVE-2006-2162.dpatch] + + -- Martin Schulze <[EMAIL P

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > On Sun, May 07, 2006 at 09:16:35AM +0200, Martin Schulze wrote: > [...] > > If an update enters stable-security and the version in testing ist the > > same as in stable, then the new version propagates into testing. If, > > additionally, the version in un

Bug#365680: CGIIRC vulnerability (Bug#365680)

Mario 'BitKoenig' Holbe wrote: > > Elrond wrote: > > > I _might_ be able to test, wether the package still works > > Please let us know. > > Tests are done. Everything seems to work well. > > > Update prepared. > > Go on :) > Please make sure you did also add 50_client-c_bufferoverflow_fix to >

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) > > Very Short summary: > > * bufferoverflow in C code > * remotely exploitable > * CVE has been requested by micah > * Untested pa

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) Are you going to update the package in sid as well? Or should the package propagate via stable-security? Regards, Joey --

Bug#315532: Asterisk Manager Interface Overflow

Mark Purcell wrote: > Bug #315532 has been rasied as grave security related bug against > asterisk-1.0.7, which is included in the released sarge. > > It refers to a potential overflow in the Asterisk Manager Interface, which is > not enabled by default in the Debian asterisk package. In additi

Bug#363127: CVE-2006-1664: Malformed MPEG Stream Buffer Overflow Vulnerability

Stefan Fritsch wrote: > Package: libxine1 > Version: 1.1.1-1 > Severity: grave > Tags: security > Justification: user security hole > > > > According to CVE-2006-1664, there is a "buffer overflow in > xine_list_delete_current in libxine 1.14 and earlier, as distributed > in xine-lib 1.1.1 and ea

Bug#360843: who should?

paul cannon wrote: > It seems rather like manpages-dev /should/ be the one to own these, and > a bug should be filed on modutils to get these manpages out of there. In a former time it was the job of manpages/manpages-dev to document the interface to the kernel and libc, i.e. system calls etc. Th

Bug#358689: [CVE-2006-0042] Remote DoS in libapreq2-perl

Steinar H. Gunderson wrote: > On Mon, Mar 13, 2006 at 12:25:13AM +0100, Martin Schulze wrote: > > An algorithm weakness has been discovered in Apache2::Request, the > > generic request library for Apache2 which can be exploited remotely > > and cause a denial of servic

Bug#358061: mutt: Mutt should filter control characters from headers

Vincent Lefevre wrote: > Package: mutt > Version: 1.5.11+cvs20060126-2 > Severity: grave > Tags: security > Justification: user security hole > > Mutt doesn't filter control characters, in particular the ^J and ^M, > from headers, which can lead to unwanted behavior; in particular when > replying,

Bug#357580: firebird2-*-server: remotelly crashable

Damyan Ivanov wrote: > Here's a patch that fixes the crash. The fix is > rather ugly IMHO, but this is what upstream proposed. > > Please apply it to stable version of firebird2. > > Unstable package is due for upload. > > More information (discovery, reproduction) on > http://bugs.debian.org/35

Bug#357580: firebird2-*-server: remotelly crashable

Damyan Ivanov wrote: > Here's a patch that fixes the crash. The fix is > rather ugly IMHO, but this is what upstream proposed. The patch looks good. I've requested a CVE name as well, will upload fixed packages for sarge tonight. Regards, Joey -- Of course, I didn't mean that, which i

Bug#349196: a fix for sudo in sarge

Proposed updates for woody and sarge are here: http://klecker.debian.org/~joey/security/sudo/ I'd be glad if you could test them. Regards, Joey -- Linux - the choice of a GNU generation. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROT

Bug#350764: sysklogd_1.4.1-17.1(mipsel/unstable): FTBFS: includes kernel header in userspace

Noah Meyerhans wrote: > On Tue, Jan 31, 2006 at 08:41:35AM -0800, Ryan Murray wrote: > > > gcc -O2 -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > > > -D_LARGEFILE_SOURCE -DSYSV -fomit-frame-pointer -fno-strength-reduce > > > -DFSSTND -c ksym_mod.c > > > In file included from /usr/include/asm

Bug#355211: freeciv-server: security hole

Jason Dorje Short wrote: > Package: freeciv-server > Version: 2.0.7-2 > Severity: important > > > Jordi - > > There is a security hole in Freeciv 2.0 allowing a remote user to trigger a > server crash (it is unlikely anything more than a crashed civserver would > result from the hole). This pat

Bug#350964: CVE-2006-0225, scponly shell command possible

Thomas Wana wrote: > Hi, > > Geoff Crompton wrote: > >This bug has been closed for unstable (see bug 350964) with the 4.6 > >upload, but will it be fixed for sarge? > > > > Joey: I sent you a patch for that, but it seems you didn't > include this in scponly-4.0sarge1. We also had no discussion >

Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities

Torsten Werner wrote: > Moritz Muehlenhoff wrote: > > What's the status of an update for stable? > > > I have provide a fix over 2 months ago but I did not hear anything from > the security team. Hmm. I only find my complaints but no response from you. However, the packages on master are bette

Bug#349587: whitelist

Please read the advisory again: http://www.debian.org/security/2006/dsa-946 It says: "Additional variables are only passed through when set as env_check in /etc/sudoers, which might be required for some scripts to continue to work." Use Defaultsenv_check = HOME in /etc/sudoers

Bug#322535: evolution CVE-2005-2549/CVE-2005-2550

Moritz Muehlenhoff wrote: > Dear security team, > so far there hasn't been a security update for the latest evolution > vulnerabilities. (CVE-2005-2549/CVE-2005-2550) > I've attached patches for Woody and Sarge. The Sarge fixes are > straightforward, > but some comments on Woody, relative to the p

Bug#344029: [EMAIL PROTECTED]: Bug#350954: DSA-960-1 security update breaks libmail-audit-perl when $ENV{HOME} is not set]

Niko Tyni wrote: > Hi security team, > > I'm very sorry that you have to hear from me again :( > > There's a regression in the patch for DSA-960-1, for both woody and sarge. > When $HOME is not set, Mail::Audit is now creating logfiles in cwd and > dying if it's not writable. This happens even i

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote: > > Daniel Kobras wrote: > > > > Gnah. You are correct. I'm extending the list of forbidden characters > > > > by $(). > > > > > > Upstream has

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > > Gnah. You are correct. I'm extending the list of forbidden characters > > by $(). > > Upstream has reverted the blacklist and instead went for an improved > version of the symlink fix I added to ImageMagick in unstable. The patch > is more involved, but also more robust

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > found 345238 4:5.4.4.5-1woody7 > found 345238 6:6.0.6.2-2.5 > thanks > > On Thu, Jan 05, 2006 at 01:49:11PM +0100, Daniel Kobras wrote: > > On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote: > > > With some user interaction, this is exploitable through Gnus and

Bug#318123: Security bug in xlockmore

Alexander Wirt wrote: > Hi Michael, > > this security bug in xlockmore is still present in all xlockmore versions in > the archive and is open for now 190 days. In the meantime we organized a CVE > number and a patch that fixes that problem. But still no reaction from you. I > know that aren't M

Bug#335997: flyspray: Multiple XSS vulnerabilities

Thijs Kinkhorst wrote: > On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote: > > For stable: > > I've extracted the right patch from the unstable version (which has been > > present without any bugreports since the end of October), and that is > > attached. I've also prepared updated packages

Bug#349303: lsh-server: lshd leaks fd:s to user shells

Stefan Pfetzing wrote: > >Please let us know which version in sid will fix the problem. > > > >I've requested a CVE name and will provide it asap. > > lsh-utilis 2.0.1cdbs-4 includes a dpatch file in debian/patches which > fixes the problem. Please use CVE-2006-0353 for this vulnerability. Reg

Bug#349303: lsh-server: lshd leaks fd:s to user shells

Stefan Pfetzing wrote: > Package: lsh-server > Version: 2.0.1cdbs-3 > Severity: grave > Tags: security > Tags: sarge > Tags: confirmed > Tags: pending > Justification: denial of service > > As reported by Niels Möller, the author of lsh-utils, a user is able to > access fd:s used by lsh. > > When

Bug#344029: Insecure /tmp file handling in libmail-audit-perl in Sarge (+patch)

Gunnar Wolf wrote: > Martin Schulze dijo [Sat, Jan 14, 2006 at 08:43:57AM +0100]: > > Gunnar Wolf wrote: > > > Hi, > > > > > > The bug is indeed important, even if it is not easily exploitable, and > > > the fix is trivial. I am pushing it to the se

Bug#344029: Insecure /tmp file handling in libmail-audit-perl in Sarge (+patch)

Gunnar Wolf wrote: > Hi, > > The bug is indeed important, even if it is not easily exploitable, and > the fix is trivial. I am pushing it to the security team so they can > apply it to the version in Sarge as well. Please use CVE-2005-4536 for this problem. Are you in contact with upstream? Reg

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

ream.cc, +xpdf/JBIG2Stream.cc, debian/patches/patch-CVE-2005-3191] + + -- Martin Schulze <[EMAIL PROTECTED]> Thu, 15 Dec 2005 17:02:52 +0100 + +tetex-bin (2.0.2-30sarge3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Added more precautionary checks by Martin Pi

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Martin Schulze wrote: > Alexis Sukrieh wrote: > > * Martin Schulze ([EMAIL PROTECTED]) disait : > > > Do you happen to know about the package in woody? Btw. this issue has been assigned CVE-2005-4534, so please add it to the changelog if you prepare a fixed package for woody

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Hi Alexis! Alexis Sukrieh wrote: > * Martin Schulze ([EMAIL PROTECTED]) disait : > > Do you happen to know about the package in woody? > > Well, I don't know. Where can I grab woody's source packages? > > > a) what about woody > > As soon as I know whe

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Alexis Sukrieh wrote: > Hi, > > I'm the maintainer of the backup manager package. > There are currently one security issue in our sarge package (0.5.7-7sarge1). > > I made a package with the patch submitted against the bug #329387 which > closes the issue. Umh... I don't have a CVE name to shar

Bug#336582: phpbb2 -6sarge2 ready for Security release (Was: Re: Bug#336582: phpbb2: New round of security issues)

Jeroen van Wolffelaar wrote: > On Tue, Dec 20, 2005 at 06:54:18AM +0100, Martin Schulze wrote: > > Thijs Kinkhorst wrote: > > > On Mon, 2005-12-19 at 06:53 +0100, Martin Schulze wrote: > > > > Thanks. Could somebody explain the issues that were fixed which have

Bug#336582: phpbb2: New round of security issues

Thijs Kinkhorst wrote: > On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote: > > You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable > > to it? Or did you miss it? Or did you just didn't document this? > > This has been fixed but

Bug#336582: phpbb2: New round of security issues

You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable to it? Or did you miss it? Or did you just didn't document this? Regards, Joey -- Open source is important from a technical angle. -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] w

Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?

Martin Pitt wrote: > > > After discovering that the same flawed multiplication is also present > > > in upstream's other two patches, I decided to completely rework the > > > patch. > > > > > > I attach the debdiff with separated out changelog. Florian, maybe you > > > can peer-review the patch? >

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Hi Frank! Frank Küster wrote: > I looked at both, and it seems that Martin's does more. I'm speaking of > the patch attached to > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=136 > > It introduces limits.h and does the same we did for the xpdf patches at > the beginning of the ye

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Frank Küster wrote: > Hi Joey, > > Martin Schulze <[EMAIL PROTECTED]> wrote: > > > The original patch was not sufficient. I'm attaching the entire and the > > incremental patch. Please apply the incremental patch to the version in > > sid as well.

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

-1,3 +1,20 @@ +tetex-bin (2.0.2-30sarge2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Adjusted the former patch + * Applied missing bits found by Ludwig Nussel + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 9 Dec 2005 11:25:16 +0100 + +tetex-bin (2

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote: > On Mon, Nov 21, 2005, Martin Schulze wrote: > > > I found the vulnerability matrix by Moritz Muehlenhoff useful: > > >Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge > > > gdk-pixbuf > > > CVE-2005-29751170

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote: > Sorry for the delay. You can grab the proposed fixes in: > (87M) > MD5: 56148df50af6e28beaca57e4fa3bf6cc Thanks a lot! Packages are building already. > I found the vulnerability matrix by Moritz Muehlenhoff u

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

Thijs Kinkhorst wrote: > On Thu, 2005-10-27 at 15:49 +0200, Moritz Muehlenhoff wrote: > > All affect Sarge. > > I've prepared updated packages for sarge. My updated package for sid is > still pending with my sponsor Luk Claes. The updated packages for sarge > are available here: > http://www.a-es

Bug#334089: remotely segfaultable, DOS

Hi! Steve Langasek wrote: > I've tracked this bug in centericq down to a failure to deal with short > packets (or packets declaring their own length to be zero). The attached > patch fixes this segfault, by stopping without further processing of the > packet when its length is determined to be ze

Bug#339437: PMASA-2005-6 when "register_globals = on"

Piotr Roszatycki wrote: > Dnia Wednesday 16 of November 2005 13:17, Martin Schulze napisa?: > > > Vuln 1: > > > Full Path Disclosures in the following files: > > > > > Vuln 2: > > > Http Response Splitting in libraries/header_http.inc.php > > &

Bug#338934: parrot - FTBFS on s390: Segmentation fault

Florian Ragwitz wrote: > On Tue, Nov 15, 2005 at 11:24:32AM +0100, Bastian Blank wrote: > > On Tue, Nov 15, 2005 at 01:45:54AM +0100, Florian Ragwitz wrote: > > > I'm aware of the unportability of parrot and working on it. > > > Unfortunately I don't have a s390 machine where I can log into > > > c

Bug#338312: osh: Environment Variable Input Validation Bug

Moritz Muehlenhoff wrote: > Martin Schulze wrote: > > > > Due to a bug in the environment variable substitution code it is > > > > possible to inject environment variables such as LD_PRELOAD and gain a > > > > root shell. > > > > > >

Bug#338312: osh: Environment Variable Input Validation Bug

Steve Kemp wrote: > > Due to a bug in the environment variable substitution code it is > > possible to inject environment variables such as LD_PRELOAD and gain a > > root shell. Charles Stevenson discovered that osh, the operator's shell for executing defined programs in a privileged environment,

Bug#334833: awstats 6.4-1.1 security fix

Jonas Smedegaard wrote: > A package has now been uploaded to > ftp://security.debian.org/pub/SecurityUploadQueue > > Hope it is correctly understood that when a firt-timer on > security-debian-org source needs to be incuded. In general this was correct... However, what's this part in the diff: o

Bug#338312: osh: Environment Variable Input Validation Bug

Steve Kemp wrote: > On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote: > > > Due to a bug in the environment variable substitution code it is > > possible to inject environment variables such as LD_PRELOAD and gain a > > root shell. > > Confirmed. > > Joey we'll need an ID fo

Bug#334833: awstats 6.4-1.1 security fix

Jonas Smedegaard wrote: > > Jonas Smedegaard wrote: > > > A package has now been uploaded to > > > ftp://security.debian.org/pub/SecurityUploadQueue > > > > > > Hope it is correctly understood that when a firt-timer on > > > security-debian-org source needs to be incuded. > > > > In general this

Bug#334833: awstats 6.4-1.1 security fix

Steve Langasek wrote: > On Tue, Nov 08, 2005 at 10:15:26PM -0500, Charles Fry wrote: > > > Version 6.4-1.1 of awstats was uploaded to unstable in response to > > CVE-2005-1527. However, it was never uploaded to stable-security, even > > though version 6.4.1 is the current stable version of awstats

Bug#336751: openvpn: Format string vulnerability in config parsing code

Moritz Muehlenhoff wrote: > Package: openvpn > Severity: grave > Tags: security > Justification: user security hole > > A format string vulnerability has been found in openvpn's option parsing > code, which indirectly may be exploited remotely as well. Please see > http://cert.uni-stuttgart.de/arc

  1   2   3   >