On Mon, Feb 27, 2012 at 3:21 PM, Rich Pieri rati...@mit.edu wrote:
On Feb 27, 2012, at 2:37 PM, Michele Orru wrote:
I think you didn't understood the content of the advisory.
If there are 10 non-root users in an Ubuntu machine for example,
if user 1 is using pidgin with OTR compiled with DBUS,
On Mon, Feb 27, 2012 at 09:31:52AM -0700, Kurt Seifried wrote:
If you make a list of issues (e.g. XSS, CSRF, etc) with the code
examples I can assign the various blocks of issues CVEs.
1. ./administration/install.php opens ../functions/db_connect.php and writes to
file without input validation
On 02/27/2012 11:23 PM, devn...@vonage.com wrote:
I believe that clarification is in order.
Indeed it is. The original post mentions a same-user attack
vector which is very misleading as to what the real problem here is.
And it boils down to this:
Once a process sends private info over DBUS
On 02/28/2012 12:14 AM, Dimitris Glynos wrote:
On 02/27/2012 11:23 PM, devn...@vonage.com wrote:
I believe that clarification is in order.
Indeed it is. The original post mentions a same-user attack
vector which is very misleading as to what the real problem here is.
And it boils down to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:023-1
http://www.mandriva.com/security/
-=[ADVISORY---]=-
ImgPals Photo Host Version 1.0 STABLE
Author: Corrado Liotta Aka CorryL [corry...@gmail.com]
-=[---]=-
-=[+] Application: ImgPals Photo Host
-=[+] Version: 1.0 STABLE
-=[+] Vendor's URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:025
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2420-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
February 28, 2012