Package: gnustep-base
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnustep-base.
CVE-2010-1457[0]:
| Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
| users to
On 01/06/10 05:55, paul.sz...@sydney.edu.au wrote:
Dear Kartik,
I don't think this bug is correct for recoll. recoll only 'suggests'
ghostscript and don't use code from ghostscript. Filing bug at 'gs
package seems right.
I'm slightly puzzled by your mass-bug filing. Why you opened bugs
Il 28/05/2010 14:35, Wilfried Goesgens ha scritto:
If you've got a system 'grown' across time (which is pretty usual for
debian installations) theres no reason why libicu36-dev shouldn't be
there. This box has been running etch and lenny without reinstall for
example
You need to run deborphan
severity 580947 important
thanks
Il 11/05/2010 10:44, Reinhard Tartler ha scritto:
checking [2], reveals that I'm partly wrong. There is an in-source copy
of ffmpeg, that there is an option 'use_system_ffmpeg=1' passed to the
buildscript. This indicates that I indeed missed that upstream now
Il 08/05/2010 16:31, Julian Andres Klode ha scritto:
Just for reference, this only happens on amd64 (the maintainer's
architecture). You can add debian-multimedia.org to sources.list
until the package is fixed.
Giuseppe: please build the package in a clean chroot consisting
only of packages
tags 580608 moreinfo unreproducible
thanks
Il 07/05/2010 09:05, Jonny ha scritto:
Hello, it doesn't start at all.
$ /usr/bin/chromium-browser
Illegal instruction
Please paste the output of:
reportbug --template chromium-browser
Cheers,
Giuseppe
signature.asc
Description: OpenPGP
severity 580608 serious
thanks
Hi,
Il 07/05/2010 13:28, michael hatzold ha scritto:
Am 07.05.2010, 12:51 Uhr, schrieb Debian Bug Tracking System
ow...@bugs.debian.org:
$ /usr/bin/chromium-browser
Ungültiger Maschinenbefehl
could you try the previous version please?
Package: memcached
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for memcached.
CVE-2010-1152[0]:
| memcached.c in memcached before 1.4.3 allows remote attackers to cause
| a denial
Hi Alexander,
Il 23/04/2010 14:10, Alexander Reichle-Schmehl ha scritto:
I've prepared an NMU for kompozer (versioned as 1:0.8~b3.dfsg.1-0.1) and
uploaded it to DELAYED/7. Please feel free to tell me if I
should delay it longer.
thanks for your NMU!
I'm currently busy, please go ahead, and
The failure to start seems to have been fixed (or at least, fixed) by the
0.9.21-1.2+b1 binNMU on amd64.
Yes, the problem was that the touch config.h.in didn't have any effect
probably because it was built in a very fast buildd and ext3 only has a
1 second resolution.
It's a timing/resolution
tags 577002 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Fri, 9 Apr 2010 11:06:31 +0200.
The fix will be in the next upload.
=
Fix a FTBFS
Package: zabbix
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for zabbix.
CVE-2010-1277[0]:
| SQL injection vulnerability in the user.authenticate method in the API
| in Zabbix 1.8 before
. (Closes: 575740)
+ * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 09 Apr 2010 19:11:50 +0200
+
krb5 (1.8+dfsg-1) unstable; urgency=low
* New upstream version
diff -u krb5-1.8+dfsg/src/slave/kpropd.c krb5-1.8+dfsg/src/slave/kpropd.c
Hi,
a binNMU (pulseaudio_0.9.10-3+lenny2+b1 on amd64) was uploaded some
minutes ago and this now should be fixed.
Could you confirm this please?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Added autoconf, automake, and libtool in Build-Depends to regenerate
+configure and auto* files at build time, and fixed a regression introduced
+in previous NMU (Closes: #576457)
+
+ -- Giuseppe Iuculano iucul
tags 574935 patch
tags 576086 patch
thanks
Hi,
this issue got a CVE id, CVE-2010-0743.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Patch:
Package: viewvc
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for viewvc.
CVE-2010-0004[0]:
| ViewVC before 1.1.3 composes the root listing view without using the
| authorizer for each
Package: ruby1.9
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ruby1.9.
CVE-2009-1904[0]:
| The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173
| allows
Package: xpdf-reader
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xpdf.
CVE-2009-1188[0]:
| Integer overflow in the JBIG2 decoding feature in the
| SplashBitmap::SplashBitmap
Package: python3.1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for python3.1.
CVE-2008-5983[0]:
| Untrusted search path vulnerability in the PySys_SetArgv API function
| in Python 2.6
Package: arora
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for arora.
CVE-2010-1100[0]:
| Integer overflow in Arora allows remote attackers to bypass intended
| port restrictions on
Package: viewvc
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for viewvc.
CVE-2010-0736[0]:
| Cross-site scripting (XSS) vulnerability in the view_queryform
| function in lib/viewvc.py in
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2009-4610[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty
| 6.x and 7.0.0 allow
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay
Package: krb5
Version: 1.8+dfsg~alpha1-7
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for krb5.
CVE-2010-0628[0]:
| The spnego_gss_accept_sec_context function in
|
Package: lib3ds
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lib3ds.
CVE-2010-0280[0]:
| Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
| Google SketchUp 7.x before
Package: libmikmod
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for libmikmod.
CVE-2009-3995[0]:
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module
| Decoder
Package: liboggplay
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for liboggplay.
CVE-2009-3388[0]:
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
| 2.0.1 might
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2009-4497[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5
| and 0.9.6 allows
Package: squid3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squid3.
CVE-2010-0308[0]:
| lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through
| 3.1.0.15 allows
. (Closes: #574021)
+
+ -- Giuseppe Iuculano iucul...@debian.org Thu, 18 Mar 2010 15:18:06 +0100
+
pango1.0 (1.20.5-5) stable; urgency=low
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
diff -u pango1.0-1.20.5/debian/patches/series
pango1.0-1.20.5/debian/patches/series
Package: pulseaudio
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Dan Rosenberg discovered an insecure temporary file creation in pulseadio.
Please see:
https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008
Upstream patch:
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command
+(Closes: #570737)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 02 Mar 2010 14:57:17 +0100
+
sudo (1.7.2p1-1) unstable; urgency=low
* new upstream version
only
tags 562720 security
thanks
Il 15/02/2010 22:13, Patrick Matthäi ha scritto:
I am also CCing t...@security.debian.org now and raise the severity to
grave. Sorry but it is in my eyes DEFINITLY a blocker!
I don't want take part in the severity ping-pong game, but if a remote user
can crash
Package: libapache-mod-security
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
libapache-mod-security 2.5.12 fixed multiple security flaws.
References:
[1]
Package: imp4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for imp4.
CVE-2010-0463[0]:
| Horde IMP 4.3.6 and earlier does not request that the web browser
| avoid DNS prefetching of
Package: roundcube
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for roundcube.
CVE-2010-0464[0]:
| Roundcube 0.3.1 and earlier does not request that the web browser
| avoid DNS
Package: gnome-screensaver
Version: 2.28.2-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnome-screensaver.
CVE-2009-4641[0]:
| gnome-screensaver 2.28.0 does not resume adherence to
-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3297: race condition in fusermount (Closes: #567633)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 31 Jan 2010 22:23:35 +0100
+
fuse (2.8.1-1.1) unstable; urgency=low
* Non-maintainer upload.
diff -u fuse-2.8.1/debian/patches/00list fuse
-java (2.9.1-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
+via malformed XML input (Closes: #548358)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 29 Jan 2010 11:19:09 +0100
Hi,
Attached is a debdiff of the changes I made for 8.14.3-9.1 0-day NMU.
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital signature
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
+name (Closes: #564581)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 29 Jan 2010 14:16:07 +0100
+
sendmail (8.14.3-9) unstable; urgency=low
Il 25/01/2010 13:23, Rene Engelhard ha scritto:
What I forgot here: please send us
/var/lib/openoffice/basis3.1/program/services.rdb
Attached.
Cheers,
Giuseppe.
services.rdb
Description: Binary data
signature.asc
Description: OpenPGP digital signature
Package: openoffice.org
Version: 1:3.1.1-14
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
$ soffice
Error while mapping shared library sections:
pand:$OOO_BASE_DIR/program/cairocanvas.uno.so: No such file or directory.
Error while mapping shared library sections:
�[�
:
Hi,
Il 25/01/2010 12:27, Rene Engelhard ha scritto:
Do you have some security features enabled somewhere?
No,
What I also would try is ro check your .rdb files, maybe
this is an other symptom of #566189/#566062/#565667...
After removing /var/spool/openoffice/uno_packages/cache/* I've:
$
fixed 566829 1:3.2.0~rc3-1
thanks
Il 25/01/2010 12:29, Rene Engelhard ha scritto:
Oh, and please try with 3.2, too - though I don't see why this
should matter, but.. - as that will be squeezes version if everthing
goes OK (note downgrades will be tricky, so so might want to save
your user
) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix two denial-of-service vulnerabilities: CVE-2009-3560 and CVE-2009-3720.
+(Closes: #560912)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 24 Jan 2010 12:48:21 +0100
+
python2.5 (2.5.4-3) unstable; urgency=low
tags 562353 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 23 Jan 2010 12:52:24 +0100.
The fix will be in the next upload.
=
Removed
Hi,
sorry for late reply.
Il 18/01/2010 10:00, Goswin von Brederlow ha scritto:
That is a bit odd. I do see /lib/ld-linux.so.2 and /usr/bin/ldd in
ia32-libs:ia64 so that should work.
What kind of ia64 CPU do you have? Is it old enough to still have the
i386 emulation hardware? Newer ia64
@@
+dokuwiki (0.0.20090214b-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Check against cross-site request forgeries (CSRF)
+ * Fixed multiple vulnerabilities in ACL plugin (Closes: #565406)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 17 Jan 2010 14:47:41 +0100
Il 16/01/2010 11:08, Goswin von Brederlow ha scritto:
That usualy means one of the libraries can not be found.
What does
ldd i586-jdk/bin/unpack200
$ ldd i586-jdk/bin/unpack200
not a dynamic executable
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: sendmail
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for sendmail.
CVE-2009-4565[0]:
| sendmail before 8.14.4 does not properly handle a '\0' character in a
| Common Name (CN)
Package: redmine
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for redmine.
CVE-2009-4459[0]:
| Redmine 0.8.7 and earlier uses the title tag before defining the
| character encoding in a
Giuseppe Iuculano ha scritto:
Hi,
Attached is a debdiff of the changes I made for 1.1.0.7-1.1 0-day NMU.
Hi,
previous NMU introduced a regression. Attached the debdiff for 1.1.0.7-1.2 0-day
NMU.
Cheers,
Giuseppe.
diff -u phpldapadmin-1.1.0.7/debian/changelog
phpldapadmin-1.1.0.7/debian
tags 562992 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 5 Jan 2010 08:43:30 +0100.
The fix will be in the next upload.
=
Disable
retitle 561975 CVE-2009-4427: Local file inclusion vulnerability
thanks
Hi,
this issue got a CVE id:
CVE-2009-4427[0]:
| Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5
| allows remote attackers to include and execute arbitrary local files
| via a .. (dot dot) in the cmd
(1.1.0.7-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-4427 (Closes: #561975)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 03 Jan 2010 11:47:29 +0100
+
phpldapadmin (1.1.0.7-1) unstable; urgency=low
* New upstream release.
diff -u
Package: ia32-libs
Version: 20090808
Severity: serious
Hi,
it seems ia32-libs is broken on ia64:
$ file i586-jdk/bin/unpack200
i586-jdk/bin/unpack200: ELF 32-bit LSB executable, Intel 80386, version 1
(SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped
$
tags 548620 moreinfo unreproducible
thanks
Package: amule-daemon
Version: 2.2.1-1+lenny2
Severity: grave
File: /usr/bin/amuled
Justification: renders package unusable
It is impossible to use the program. Immediately does segfault.
I can't reproduce that, please provide[1] a meaningful
Package: libphp-jpgraph
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libphp-jpgraph.
CVE-2009-4422[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the
| GetURLArguments
Package: serendipity
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for serendipity.
CVE-2009-4412[0]:
| Unrestricted file upload vulnerability in Serendipity before 1.5
| allows remote
Package: sql-ledger
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for sql-ledger.
CVE-2009-4402[0]:
| The default configuration of SQL-Ledger 2.8.24 allows remote attackers
| to perform
Package: ghostscript
Version: 8.70~dfsg-2
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ghostscript.
CVE-2009-4270[0]:
| Stack-based buffer overflow in the errprintf function in
Package: kvm
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-4031[0]:
| The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
| emulator in the KVM subsystem in
Package: kvm
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-3638[0]:
| Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
| arch/x86/kvm/x86.c in the
Package: phpldapadmin
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
A vulnerability has been discovered on phpLDAPadmin, which can be exploited by
malicious people to disclose sensitive information.
Input passed via the cmd parameter to cmd.php is not
Hi,
these issues got CVE ids:
CVE-2009-4305[0]:
| SQL injection vulnerability in the SCORM module in Moodle 1.8 before
| 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to
| execute arbitrary SQL commands via vectors related to an escaping
| issue when processing AICC CRS file
Hi,
Unfortunately this vulnerability is not important enough to get it fixed via
regular security update in Debian stable. It does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.
[1]
Package: jbossas4
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for jbossas4.
CVE-2009-0027[0]:
| The request handler in JBossWS in JBoss Enterprise Application
| Platform (aka JBoss EAP
tags 560241 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 14 Dec 2009 12:18:12 +0100.
The fix will be in the next upload.
=
Adeed
Package: kdelibs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: kde4libs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kde4libs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: firefox-sage
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for firefox-sage.
CVE-2009-4102[0]:
| Sage 1.4.3 and earlier extension for Firefox performs certain
| operations with
Package: msmtp
Version: 1.4.9-1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for msmtp.
CVE-2009-3942[0]:
| Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not
| properly handle a '\0'
Package: mpop
Version: 1.0.5-1etch1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mpop.
CVE-2009-3941[0]:
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not
|
Package: shibboleth-sp2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for shibboleth-sp2.
CVE-2009-3300[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity
|
tags 554618 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 10 Nov 2009 17:52:03 +0100.
The fix will be in the next upload.
=
Build
Hi,
Quanah Gibson-Mount wrote:
Also, if Debian's still supporting anything based on OL 2.3, I have a clean
patch for this issue for it as well.
Could you send the patch for OL 2.3 please?
Thanks in advance,
Giuseppe
signature.asc
Description: OpenPGP digital signature
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 10 Nov 2009 19:09:45 +0100
+
openldap (2.4.17-2
@@
+libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
+via crafted files (Closes: #552534)
+
+ -- Giuseppe Iuculano iucul...@debian.org Mon, 09 Nov 2009 21:19:11 +0100
Package: wireshark
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3829[0]:
| Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows
| remote attackers
Package: snort
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for snort.
CVE-2009-3641[0]:
| Snort before 2.8.5.1, when the -v option is enabled, allows remote
| attackers to cause a
Package: qemu
Version: 0.10.6-1
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qemu.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU
Package: kvm
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU 0.10.6 and earlier might
Package: openldap
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openldap.
CVE-2009-3767[0]:
| libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not
| properly
Package: mutt
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mutt.
CVE-2009-3766[0]:
| mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the
| domain name in the
Package: squidguard
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for squidguard.
CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass
Hi,
Helge Kreutzmann ha scritto:
clone 546212 -1
found -1 4:3.5.10.dfsg.1-0lenny2
severity -1 serious
thanks
- Forwarded message from Giuseppe Iuculano iucul...@debian.org -
...
Debian Security Advisory DSA-1916-1 secur...@debian.org
http://www.debian.org
tags 552417 moreinfo
thanks
Hi,
Doug Baldwin ha scritto:
Originally installed Lenny using network installation CD,
followed prompts for RAID-1. Recently upgraded to Squeeze.
All works with 2.6.26. However, system fails to boot with
2.6.30. Error message is: Unable to mount vg00 volume
Hi,
Daniel Leidert ha scritto:
The dpatch patch is already available at
http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
Shall I prepare the packages (I'm registered as DM for expat 2.0.1,
but not for expat in oldstable) or do you
to Cyril Brulebois
+(Closes: #550424)
+
+ -- Giuseppe Iuculano iucul...@debian.org Wed, 21 Oct 2009 23:54:35 +0200
+
openexr (1.6.1-4) unstable; urgency=low
* Adopt the package within pkg-phototools (Closes: #494877):
diff -u openexr-1.6.1/debian/patches/series openexr-1.6.1/debian/patches
Package: openoffice.org
Version: 1:3.1.1-2
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openoffice.org.
CVE-2009-3569[0]:
| Stack-based buffer overflow in OpenOffice.org (OOo) allows remote
|
Package: aria2
Version: 0.14.0-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for aria2.
CVE-2009-3575[0]:
| Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3,
|
Package: puppet
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for puppet.
CVE-2009-3564[0]:
| puppetmasterd in puppet 0.24.6 does not reset supplementary groups
| when it switches to a
Patch:
http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/DHTRoutingTableDeserializer.cc?r1=670r2=1041
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Rene Engelhard ha scritto:
If you tell me how they should be fixed if no one ever knew about that except
the VulnDisco Pack author...
You are right, the details are unknown, but this bug was opened for tracking
purpose.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
:
#546212)
+
+ -- Giuseppe Iuculano iucul...@debian.org Wed, 14 Oct 2009 09:57:26 +0200
+
kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low
* Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
only in patch2:
unchanged:
--- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009
)
+Thanks to Dann Frazier (Closes: 548975)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 09 Oct 2009 19:07:06 +0200
+
kvm (85+dfsg-4) unstable; urgency=low
* upload to unstanble
diff -u kvm-85+dfsg/debian/patches/series kvm-85+dfsg/debian/patches/series
--- kvm-85+dfsg/debian/patches/series
-maintainer upload by the testing Security Team.
+ * mimetex.c: replace strcpy with strninit macro that uses strncpy, adjust
+some buffer sizes. (CVE-2009-1382)
+ * mimetex.c: disable input and counter tags. (CVE-2009-2459)
+Thanks to Marc Deslauriers (Closes: 537254)
+
+ -- Giuseppe
+
+ * Non-maintainer upload by the testing Security Team.
+ * Include patch to fix buffer overflow in content processing code
+Fixes: CVE-2009-2905 Closes: #548198
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 06 Oct 2009 17:29:33 +0200
+
newt (0.52.10-4) unstable; urgency=low
* Add Ubuntu
101 - 200 of 388 matches
Mail list logo