Package: gunicorn
Version: 0.14.3-1
Severity: grave
Tags: security fixed-upstream
gunicorn 0.14 introduced the ability to check if a request line is too
large to protect against DoS, however the implementation had the
following flaws:
* Gunicorn does not limit the size of a request header
+1 for migrating 0.14.5 from sid to wheezy.
On 12-07-13 09:47 AM, Chris Lamb wrote:
Hi Djoume,
Package: gunicorn
Version: 0.14.3-1
Severity: grave
[..]
This has been fixed upstream in 0.14.4:
We could cherry-pick this commit and upload the result to wheezy-p-u
but I suggest that we just
Package: subversion-tools
Severity: normal
Hi,
in svnwrap manpage the recommanded way of configuring inetd.conf is:
svn stream tcp nowait my_svn_user /usr/bin/svnwrap svnserve -i -r /srv/svn
This configuration gave me svn: Malformed network data when I try to
checkout.
I think that should
Package: boxes
Version: 1.0.1a-2.2
Severity: normal
Hello,
Since July 23, 2006 a new upstream version is available on :
http://boxes.thomasjensen.com/
It includes all fixes contained in boxes-1.0.1.patch except the
config file location.
It also includes new designs (boxquote, stone, ...)
merge 410052 410116
tag 410052 security
thanks
Hi,
Please note that the actual JVM is vulnerable to a JPG/BMP parser
vulnerability. This is known as CVE-2007-2789.
More info (including a PoC) is available here :
http://scary.beasts.org/security/CESA-2006-004.html
Regards.
--
Djoume
#150_11
Regards.
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
.
Regards.
--
Djoume SALVETTI
signature.asc
Description: Digital signature
XSLT processing library - runtime
ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3-13compression library - runtime
umbrello recommends no packages.
-- no debconf information
--
Djoume SALVETTI
Index: kdesdk-3.5.5/debian
will downgrade this soon, unless I get better reasonings
May be it's not drkonqi that is required. Anyway, feel free to downgrade
if you think serious is not justified.
Regards.
--
Djoume SALVETTI
signature.asc
Description: Digital signature
severity #385299 important
thanks
Le lun 19 fév 2007 14:36:08 GMT Sune Vuorela [EMAIL PROTECTED] a écrit :
On Monday 19 February 2007, Djoume SALVETTI wrote:
I would be glad if you could pinpoint it to a specific part of kdebase-bin
that it is needed.
I have just tired to force-remove
, the computer freeze like the first time.
That's strange; at all rates, the X server should not freeze.
That's why I had previously set the severity to critical.
Maybe this bug should be reassign to xserver-xorg-video-nv?
Regards.
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
have debian-multimedia in my sources.list but I
haven't gstreamer0.10-plugins-really-bad installed. The only packages
from debian-multimedia installed on my computer are lame and lame-extras.
Regards.
--
Djoume SALVETTI
to read simultaneously two video, one
with totem and the other one with vlc I've got the same system freeze as
describe before.
Regards.
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: installation-reports
Version: 2.23
Severity: normal
-- Package-specific info:
Boot method: network
Image version: http://www.slug-firmware.net/
Date: Date and time of the install
Machine: NSLU2
Partitions: df -Tl will do; the raw partition table is preferred
[EMAIL PROTECTED]:~$ df
Good day,
I was also loosing 3 bytes per packet with 0.0.0.svnr67-2.
I Just want to add that r83 works fine here, with a standard debian
2.6.17 kernel (2.6.17-1-powerpc), on a powerbook 12 and a
ZyXEL Zyair 802.11b/g (ID 0586:3401).
Regards.
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email
have a ZyXEL Zyair 802.11b/g (ID 0586:3401).
Regards.
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
, can you confirm ?
Yes I can confirm. No more segfault with sm3600 and snapscan enable.
Congratulations guys! :-)
--
Djoume SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: xcdroast
Severity: important
Tags: woody security
Good day,
From CAN-2003-1155 :
| X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite
| arbitrary files via a symlink attack on an unknown file.
This is fixed in debian package 0.98+0alpha15-1 (so sarge and sid are
Package: metamail
Severity: normal
Tags: security patch
Good day,
From CAN-2004-1808 :
| Extcompose in metamail does not verify the output file before writing
| to it, which allows local users to overwrite arbitrary files via a
| symlink attack.
More info is available here :
Le mardi 04/05/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
It would be nice if you could find the backend that is causing the
problem, so that we can try to solve the bug.
If you have/had libsane-extras installed, please try those backends
first.
Hi,
I didn't have libsane-extras
Le mardi 04/05/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
sm3600 seems to be the backend which cause scanimage (and other
programs) to segfault.
Hmm. valgrind produces no error on the backend...
I have try to look with valgrind by myself but I haven't found any ppc
version that works yet
Le mardi 04/05/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
sm3600 seems to be the backend which cause scanimage (and other
programs) to segfault.
Does it segfault too if you only enable the sm3600 backend ?
No, it doesn't segfault when sm3600 is the only one enable
But it still segfault
Le dimanche 04/03/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
Could you disable all the backends in /etc/sane.d/dll.conf *AND*
/etc/sane.d/dll.d/* (or just purge libsane-extras if you don't need
it) and see if it still crashes ?
Many thanks, after disabling everything (except snapscan) in
Le vendredi 04/01/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
What does file scanimage tell about your scanimage binary ? It
should tell you it's not stripped. By the way, you need to have
/usr/lib/sane/libsane-snapscan.so.1.0.15 as a non-stripped binary if
you want to get something useful.
Package: sane-utils
Version: 1.0.15-8
Severity: normal
Good day,
I'm not able to use my AGFA snapscan e25 USB scanner on my powerbook
running Debian sid. Every program I have tried segfault (scanimage,
xscanimage, xcam) or eat 100% of my CPU (xsane).
My scanner works fine with my other laptop
Le vendredi 04/01/05 Julien BLACHE [EMAIL PROTECTED] a écrit :
If it could be useful, I can try to recompiled sane with debug
information and send a gdb backtrace.
That'd be good, because it doesn't segfault here with my snapscan
scanner.
Here is the backtrace :
(gdb) exec-file
Package: kernel-source-2.6.8
Version: 2.6.8-13.djo
Severity: wishlist
Good day,
Actual kernel-source-2.6.8 doesn't provide support for backlight
control on newer powerbooks (12, NV30 based) which reduce a lot
battery's autonomy.
Could you consider include rivafb backlight control support
and
Package: xloadimage
Version: 4.1-14
Severity: normal
Tags: security, patch
Good day,
From CAN-2005-0638 :
| xloadimage before 4.1-r2, and xli before 1.17, allows attackers to
| execute arbitrary commands via shell metacharacters in filenames for
| compressed images, which are not properly
Package: sympa
Severity: normal
Tags: security
Good day,
From CAN-2004-1735 :
| Cross-site scripting (XSS) vulnerability in the create list option in
| Sympa 4.1.x and earlier allows remote authenticated users to inject
| arbitrary web script or HTML via the description field.
More info is
Package: kernel-source-2.6.10
Version: 2.6.10-5
Severity: wishlist
Good day,
Radeonfb and offb are builtin but rivafb is not.
I don't know why but it seems that rivafb can't take over from offb
even with video=rivafb kernel parameter.
So this mean that on my 12 powerbook I can only used offb
Package: sablevm
Version: 1.1.9-1
Severity: normal
Good day,
SableVM seems to go for an infinite loop instead of throw AbstractMethodError
exception (as Sun VM do) when I try to access to a non-implemented abstract
method.
To reproduce the problem I have use the two files attached and
do in
Just want to add that kaffe as the same behavior as Sun VM :
[EMAIL PROTECTED]:~/perso/IFITEP/Java/abstract$ kaffe BugAbstract
java.lang.AbstractMethodError: B.f
at BugAbstract.main (BugAbstract.java:7)
--
Djoumé SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Package: kernel-source-2.6.10
Severity: wishlist
Tags: patch
Good day,
Guido Guenther maintains some patches against 2.6 that I found very
usefull :
software suspend :
From debian-ppc :
| On Wed, Feb 23, 2005 at 11:54:20AM +1100, Benjamin Herrenschmidt wrote:
| I also gather that
Package: xerces21
Severity: normal
Good day,
From [CAN-2004-1575] :
| The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a
| denial of service (CPU consumption) via XML attributes in a crafted
| XML document.
This problem have been fixed in version 2.6 of Xerces.
I have
This problem has been reference as CAN-2005-0474,
Could you please reference this CAN number in changelog entries fixing
this bug?
Regards.
--
Djoumé SALVETTI
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: kernel-source-2.6.10
Severity: normal
Good day,
From CAN-2005-0449 :
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote
| attackers to cause a denial of service (kernel crash) or bypass
| firewall rules via crafted packets, which are not properly handled by
| the
Package: webcalendar
Version: 0.9.45-2
Severity: normal
Tags: security patch
Good day,
From [1] :
| There is a security hole in WebCalendar 0.9.45 and
| earlier that can allow a malicious user to issue SQL
| commands to affect your database. The user could
| insert data, delete data or drop
Package: squid
Version: squid 2.5.8-2
Severity: normal
Good day,
From CAN-2005-0446
| Squid 2.5.STABLE8 and earlier allows remote attackers to cause a
| denial of service (crash) via certain DNS responses regarding (1)
| Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses
|
Package: openwebmail
Version: 2.41-10
Severity: normal
Good day,
From CAN-2005-0445 :
| Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows
| remote attackers to inject arbitrary HTML or web script via the domain
| name parameter (logindomain) in the login page.
This problem
Package: kernel-patch-adamantix
Severity: normal
Good day,
RSBAC patch included in kernel-patch-adamantix seems to be vulnerable
to CAN-2004-0667 :
More details can be grab here :
http://www.rsbac.org/download/bugfixes/
and a one line patch is available here :
Le samedi 02/05/05 Eric Dorland [EMAIL PROTECTED] a écrit :
Unfortunately the patch does not apply cleanly to Firefox 1.0
sources. Any idea if they're planing a 1.0.1 to address it?
On https://bugzilla.mozilla.org/show_bug.cgi?id=103638
Boris Zbarsky wrote :
| What worries me most is that
Package: mozilla-browser
Version: 2:1.7.5-1
Severity: normal
File: /usr/bin/mozilla-1.7.5
Good day,
Mozilla browser is vulnerable to window injection vulnerability
describe in CAN-2004-1156 :
http://secunia.com/secunia_research/2004-13/advisory/
Package: mozilla-firefox
Version: 1.0+dfsg.1-4
Severity: normal
Good day,
Firefox is vulnerable to window injection vulnerability
describe in CAN-2004-1156 :
http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
The
43 matches
Mail list logo