Re: Is chromium updated?

2020-11-12 Thread Georgi Guninski 
So debian are distributing vulnerable Chromium since nearly
a month? There is exploit (not sure about which OSes) in the
wild.

Debian are not commenting on this on this mailing list.

Right?

Re: /home/loser is with permissions 755, default umask 0022

2020-11-12 Thread Georgi Guninski 
Some more exploit vectors from the FD list:
https://seclists.org/fulldisclosure/2020/Nov/13

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot of data,
including the wordpress password of the admin.

3. Anything created by EDITOR NEWFILE is readable, unless the directory
prevents. This include root doing EDITOR /etc/NEWFILE

External check

2020-11-12 Thread Security Tracker 
CVE-2020-12321: TODO: check
CVE-2020-12912: RESERVED
CVE-2020-25638: RESERVED
CVE-2020-25688: RESERVED
CVE-2020-7768: TODO: check
CVE-2020-8569: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

[SECURITY] [DSA 4790-1] thunderbird security update

2020-11-12 Thread Moritz Muehlenhoff 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4790-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
November 12, 2020 https://www.debian.org/security/faq
- -

Package: thunderbird
CVE ID : CVE-2020-26950

A use-after-free was found in Thunderbird, which could potentially result
in the execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 1:78.4.2-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl+tq3MACgkQEMKTtsN8
TjYG4A/+INHoCgLQrkcwfs1DdD23DkC89F0ixUim0mN5QCMHrbODUBKTDczBH8Bt
is9lFLWGZTer2iC+RetB3o0tfw2fyUShdh/Tg3PQ9dPHjXsuhcA+8x5tClmvX22o
+e67JvzJpTKHIsQY9Z+T+7q+nzRv2xRecr88m14dqbBmkhBoGxQqx9bBsGMWCTke
EKlT9heFIJt3kLREShH/9T2slQpzmrExMGhhsslqG9v34OLwHDk06YtRYH7U0b98
2qVxflvrdxuF4VF6oe7LLjDU54f8Q4js4VfF3AskXjSyVdqFP5MDtk9M1s/xr/xh
588K5DT6hyAydZxGGBho55V0coC/J3ZNUwmNKm0WtZPhX3Gb6Hi/w1NyqQObC2to
0WxFeSyly9rMWkZSdjCpQ5TxOUMIde+MPbuAiFs6ypMxtCEvH/DZVZ9jAEUOHS2M
spsshqj3oqyqB/wDKP/RxERK/d6kZ9Xhom3vp0l77RBULHLT2EsnBGGpjyu7B6+d
DxrY3kOwwjoYgZEwblyQo/1gP0Of/k7CZ2Y4cEx8KBvxPPrhTIxX4ID8uD/oz4Vb
s0N66Pm7lIo77PgWJhJcowYPX65IgWtIbAuSWzZD2Ap8flfc1f3rDTv+HgWYUZvO
ysBakw64Z6AU8K3Ie112io71GjCohLR8SNx32kC0MWZymSGO5co=
=4Jb+
-END PGP SIGNATURE-