[SECURITY] [DSA 4372-1] ghostscript security update

2019-01-27 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4372-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019

Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75

2019-01-27 Thread apparitionsec
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt [+] ISR: ApparitionSec [+] Zero Day Initiative Program [+]

CVE-2019-6690: Improper Input Validation in python-gnupg

2019-01-27 Thread Stig Palmquist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2019-6690: Improper Input Validation in python-gnupg We discovered a way to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when