Moritz Muehlenhoff wrote:
> Thijs Kinkhorst wrote:
> > > Another security problem has been found in mantis. Insufficient
> > > input sanitising of the t_core_path parameter may be exploited to perform
> > > arbitrary file inclusion. Please see
> > > http://secunia.com/secunia_research/2005-46/advis
This one is CAN-2005-3257.
Regards,
Joey
--
Never trust an operating system you don't have source for!
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sven Mueller wrote:
> > Hence, it's rather "one mail falls through" or something. Doesn't sound
> > security-relevant to me.
>
> Well, it's more of an indirect DoS. The mails are rejected with an SMTP
> temporary failure code according to my quick test. This means that those
> mails fill up the s
Ola Lundqvist wrote:
> > > > I also would recommend that a password be required do use the
> > > > Administration interface.
> > >
> > > The administration thing will be kept there as it do not have any write
> > > permission to any of the configuration files.
> > >
> > > Or do you have a good su
Ola Lundqvist wrote:
> Hello
>
> On Wed, Oct 05, 2005 at 01:17:37PM -0400, Mike O'Connor wrote:
> > Package: horde3
> > Version: 3.0.5-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> >
> > As part of the installation procedure in README.Debian, you are told to
Jeroen van Wolffelaar wrote:
> tags 318286 sarge
> thanks
>
> On Thu, Jul 14, 2005 at 05:36:34PM +0300, Joey Hess wrote:
> > oftpd is vulnerable to anothere security hole. This time a crafted "FTP
> > USER" command can cause a crash. Since a buffer overflow is involved,
> > it's possible that this
==
Candidate: CAN-2005-3178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178
Reference: BUGTRAQ:20051005 xloadimage buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112862493918840&w=2
Buffer overflow in x
Moritz Muehlenhoff wrote:
> Sounds correct, my manpage says:
> -h, --no-dereference
> affect each symbolic link instead of any referenced file (useful only on
> systems that can change the ownership of a symlink)
>
> However, I think that this hunk is missing for CAN-2005-3148:
>
> diff -
severity 329156 normal
thanks dude
Loïc Minier wrote:
> Hi,
>
> On Fri, Oct 07, 2005, Martin Schulze wrote:
> > Could somebody explain the security implication for me?
>
> You can record in the utmp/wtmp logs something which is wrong, for
> example that an use
Moritz Muehlenhoff wrote:
> > 1.19-1 source and binary packages work on stable, and the
> > differences to 1.18.4-2 are all local bugfixes, so I figure it
> > doesn't make any sense to separate bugfixes from bugfixes for a
> > special security fix for stable. Well, we could split out
> > storeBacku
Arthur Korn wrote:
> Hi
>
> 1.19-1 source and binary packages work on stable, and the
> differences to 1.18.4-2 are all local bugfixes, so I figure it
> doesn't make any sense to separate bugfixes from bugfixes for a
> special security fix for stable. Well, we could split out
Since the diff betwe
Could somebody explain the security implication for me?
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
(Apart from that, I'm only slightly annoyed as I had to learn about
this via MITRE
Sven Mueller wrote:
> I created a fixed package (actually two: one for sid/etch and one for
> sarge), available at https://mail.incase.de/spampd/sarge-security/
> respectively at https://mail.incase.de/spampd/sid/ (until my sponsor
> finds the time to upload the latter to sid). Personally, I'm indi
Steve Kemp wrote:
> On Mon, Sep 26, 2005 at 09:23:16AM -0500, John Goerzen wrote:
>
> > > Attached are the patches that Joey (Schulze) approved.
> >
> > Can you (or Joey) comment: did you use a different patch because you
> > believe mine to be insecure, or for a different reason? (That's an
>
Max Vozeler wrote:
> Hi security team,
>
> the loop-aes-utils package in sarge is affected by CAN-2005-2876
> (#328626). I've prepared a stable-security upload of 2.12p-4sarge1
> with a fix backported from 2.12r-pre1:
>
> http://people.debian.org/~xam/security/loop-aes-utils/
>
> This bug will
Lorenzo Martignoni wrote:
> > If you can, please build an updated package, based on the version in
> > sarge and woody if that's needed as well, and place them on a .debian.org
> > host.
>
> I already have a fixed package. I only need to add the CVE ID.
>
> On which host of .debian.org should I u
Florian Weimer wrote:
> >> (Note that I have yet to test Lorenzo's new package.)
> >
> > Are you in a position to do so?
>
> Sure, but the question is if you want to rely on the results. You
> don't seem to trust my judgement on this matter, for reasons I don't
> know.
I simply did not understan
Aníbal Monsalve Salazar wrote:
> >Upon investigation of this problem I noticed that ssmtp (oldstable
> >and stable) always strips the last line of the input before sending.
> >
> >gluck!joey(pts/4):~> seq 1 10|sendmail [EMAIL PROTECTED]
> >
> >--> 1..9
> >
> >gluck!joey(pts/4):~> echo seq 1 10|send
Florian Weimer wrote:
> * Martin Schulze:
>
> > What was the behaviour pre-sarge?
> > What is the behaviour post-sarge (or rather in sarge)?
>
> Do you mean "before and after the upstream security update"? The
> terms pre-sarge/post-sarge do not make mu
Florian Weimer wrote:
> * Martin Schulze:
>
> > So a summary would be to leave the package as it is in sarge, right?
>
> Based on the facts, I reach the opposite conclusion. The upstream
> changes should be merged. However, since easy workarounds are
> possible, we mig
Florian Weimer wrote:
> As far as I understand it, from the perspective of the security team,
> it is not clear if the upstream change breaks existing user
> configurations. Users might rely on the current behavior and use it
> to deliberately weaken the filter policy. This is a reasonable
> ques
Andres Salomon wrote:
> On Sun, 2005-08-28 at 10:22 +0100, Steve Kemp wrote:
> > On Sat, Aug 27, 2005 at 07:03:55PM -0400, Andres Salomon wrote:
> >
> > > > Certainly. Once the advisory is out I can make an upload if Joy
> > > > hasn't already made one.
> > > >
> > >
> > > I can also do an u
Andres Salomon wrote:
> On Sat, 2005-08-27 at 11:42 +0100, Steve Kemp wrote:
> > On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote:
> >
> > > Thanks a lot for the report. This is CAN-2005-2655.
> > >
> > > > The bug affects 1.5.3-1
Max Vozeler wrote:
> Short description:
> lockmail.maildrop (setgid mail) lets the user specify a program and
> execvp()s it, but does not drop egid mail privilege before doing so.
> This opens a trivial privilege escalation (see "poc") to group mail.
Thanks a lot for the report. This is CAN-200
Adeodato Simó wrote:
> severity 325254 serious
> reassign 325254 kdegraphics,security.debian.org
> retitle 325254 kdegraphics 3.3.2-2sarge1/powerpc uninstallable because of
> dependency on kdelibs4 (>= 4:3.3.2-6.2)
> notfound 325254 4:3.3.2-2
> found 325254 4:3.3.2-2sarge1
> thanks
>
> * Jochen A
Aidas Kasparas wrote:
> Please find bellow a patch which check EOF condition instead of no
> input. Without fix for this bug package is virtually not useable (I
> experienced mysterious attachment cuts, so I can not relay on it at it's
> present form :-( Please consider importance of this bug as "s
Martin Pitt wrote:
> Hi!
>
> Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
> embedded pcre 3.x, I also took a look at the woody version. I took a
> look at the code and played with the test suite, and it seems to me
> that the capture part works ok; just the integer underflow m
Martin Pitt wrote:
> Hi!
>
> Here is the relevant change from pcre3 6.1-> 6.2, ported to 5.0:
>
> http://patches.ubuntu.com/patches/pcre3.CAN-2005-2491.diff
Patch originally sent by Marcus Meissner from SuSE.
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me
Martin Schulze wrote:
> Christian Hammers wrote:
> > Hello Security Team
> >
> > Are you aware of this bug? The "interdiff" patch are already in the BTS.
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526
> > Applied the upst
Christoph Haas wrote:
> Check the upstream archive (pdns_2.9.17.orig.tar.gz) again:
> There are files like debian/doc-base that cause trouble. We are
> currently removing these files in the "clean:" target. But if that
> target isn't called before building the package we get this error.
Ah, now I
Christoph Haas wrote:
> On Tue, Aug 16, 2005 at 12:06:48PM +0200, Jeremie Koenig wrote:
> > I've not tested anything but I may have found the cause for this
> > problem. Freshly extracted, the source package contains some cruft which
> > gets removed upon running debian/rules clean. Specifically,
>
Steve Langasek wrote:
> On Sun, Aug 21, 2005 at 11:20:49PM -0400, Theodore Ts'o wrote:
>
> > I would like to upload the following release to sarge to fix a grave bug
> > (#318463), and taking the opportunity to fix a few other potential
> > core-dumping inducing bugs. All of these are cherry pick
sean finney wrote:
> hi joey, martin,
>
> (christian may already be on vacation, so i'll try and field some
> responses from what i think is going on)
[..]
> christian forwarded the bug information to mysql asking for a
> clarification (http://bugs.mysql.com/bug.php?id=12575) and we're
> waitin
Christian Hammers wrote:
> Hello Security Team
>
> Are you aware of this bug? The "interdiff" patch are already in the BTS.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526
> Applied the upstream patch that fixes a tempfile vulnerability in the
> mysqld_install_db script th
Christoph Haas wrote:
> On Tue, Aug 16, 2005 at 10:23:41AM +0200, Martin Schulze wrote:
> > That is very strange. I've just rebuilt it on gluck
> > (see /tmp/joey for log and packages) and it does still contain
> > the doc-base directory.
>
> I was too slow
Christoph Haas wrote:
> Hi, Martin...
>
> On Sat, Aug 13, 2005 at 07:09:02AM +0200, Martin Schulze wrote:
> > Please retry in the sarge chroot on gluck or escher. I've just
> > rebuilt it in both environments and both times the pdns_*.deb
> > contained both /usr/s
doc-base/pdns,
while the package in sarge does not.
Looking at the file contents, it shouldn't be an architecture.deb
but an all.deb, btw., but that's not an issue we need to fix now.
> Martin Schulze:
> How did you build the package ? (I'm pretty curious right now becaus
Sean Finney wrote:
> this is done now.
Thanks a lot. I have reviewed it and will use it for the advisory.
Regards,
Joey
--
Reading is a lost art nowadays. -- Michael Weber
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTEC
Stephen Gran wrote:
> Hello all,
>
> There is a security bug in webcalendar (#315671 and
> http://www.securityfocus.com/bid/14072, for reference). Tim is the
> maintainer, but does not yet have a debian account, and cannot upload.
> We have a fixed version for sarge ready (patch attached). I am
Sean Finney wrote:
> On Tue, Jul 19, 2005 at 07:54:31AM +0200, Martin Schulze wrote:
> > Ok, I'll wait.
>
> so, a 6 hour plane flight later, i've learned 3 things:
>
> 1 - there are a number of other variables that also need to be included.
> 2 - there are a n
Stephen Gran wrote:
> Hello all,
Thanks a lot for contacting us.
> There is a security bug in webcalendar (#315671 and
> http://www.securityfocus.com/bid/14072, for reference). Tim is the
> maintainer, but does not yet have a debian account, and cannot upload.
> We have a fixed version for sarge
Sean Finney wrote:
> hi,
>
> On Mon, Jul 18, 2005 at 07:21:29PM +0200, Martin Schulze wrote:
> > > i'll try and set some time aside tonight or tomorrow to test, but
> > > it looks good from an initial glance.
> >
> > Any outcome? In other words,
sean finney wrote:
> On Fri, Jul 15, 2005 at 04:15:22PM +0200, Martin Schulze wrote:
> > > However, as I don't like the "next week" part too much, I'll try to
> > > work on the update on my own and send you the diff for comments.
> > > Should redu
Martin Schulze wrote:
> However, as I don't like the "next week" part too much, I'll try to
> work on the update on my own and send you the diff for comments.
> Should reduce the time you need to spend on the issue as well.
Ok, here is an update.
Regards,
Sean Finney wrote:
> i guess i didn't in the email updating this, but did so in sanitize.php
> itself:
Yes, I saw that later. I hope, my tone wasn't too harsh.
> > Additionally you seem to be using get_request_var only which
> > uses the $_GET array, but not the $_REQUEST array, and hence
> > ca
sean finney wrote:
> another update,
>
> the security release for cacti has been delayed due to complications
> backporting the security fix into the version in woody, which is a major
> release (and rewrite) behind the versions in sarge and sid.
>
> joey from the security team provided an init
Jay Berkenbilt wrote:
>
> Some time ago, a bug was posted about tiff being vulnerable to
> CAN-2005-1544: a bug that caused and exploitable segmentation fault on
> files with certain bad BitsPerSample values (making it a potential DOS
> bug). The fix is already in sarge. I had posted a patch aga
sean finney wrote:
> hi,
>
> i've prepared a new version which addresses both the previous issues
> addressed in sarge0 and the new hardened-php reported issues:
>
> deb http://people.debian.org/~seanius/cacti/sarge ./
> deb-src http://people.debian.org/~seanius/cacti/sarge ./
>
> version: 0.8.6
Florian Ernst wrote:
> On Sat, Jun 04, 2005 at 07:04:42PM +0200, Martin Schulze wrote:
> > Below please find the real patch and ensure it is applied to the
> > version in unstable as well (or a similar patch). This one was
> > even missing from your patchset so I'm
Florian Ernst wrote:
> On Thu, Jun 02, 2005 at 07:57:06PM +0200, Martin Schulze wrote:
> > I've looked at the patch you've provided and I must say that I believe
> > that it is utterly broken with regards to the "integer overflow". I
> > don't think
I've looked at the patch you've provided and I must say that I believe
that it is utterly broken with regards to the "integer overflow". I
don't think that I've discovered a single integer overflow that's
been prevented. Attached is what was left over after the investigation.
Several conditions
Florian Ernst wrote:
> Hello there,
>
> On Thu, Jun 02, 2005 at 05:53:19PM +0200, Martin Schulze wrote:
> > Florian Ernst wrote:
> > > On Sat, May 28, 2005 at 12:32:39AM +0200, Florian Ernst wrote:
> > > > Find attached the backported patch I sent to the s
Florian Ernst wrote:
> On Sat, May 28, 2005 at 12:32:39AM +0200, Florian Ernst wrote:
> > Find attached the backported patch I sent to the security team.
>
> Well, now, really, that is.
I may be stupid, but how can this prevent an integer overflow:
- thunk_table=(PE_THUNK_DATA*)mal
Branden Robinson wrote:
> Hi Joey,
>
> xfree86's fix for CAN-2005-0609 has not yet been uploaded to
> testing/unstable. I expect to make an upload soon, however; the packages
> are currently in preparation, and you can view the current status of the
> SVN trunk at:
>
> http://necrotic.deadbeas
Moritz Muehlenhoff wrote:
> Package: oops
> Severity: grave
> Tags: security patch sid woody
> Justification: user security hole
>
> [Cc:ing security@, should affect woody as well]
It does.
> A format string vulnerability in the auth() function for SQL database
> user handling possibly permits e
Christian Hammers wrote:
> On Fri, Apr 29, 2005 at 02:56:38PM +0200, Martin Schulze wrote:
> > > Are there any news regarding the vulnerability status of the Woody
> > > package or the preparation of a DSA?
> >
> > Luigi is taking a look. It's not yet clea
Christian Hammers wrote:
> Hello
>
> The bug has been reported more than a week ago and the last status from
> the same date is that the Woody package is beeing investigated.
>
> Are there any news regarding the vulnerability status of the Woody
> package or the preparation of a DSA?
Luigi is ta
Daniel Kobras wrote:
> On Wed, Apr 20, 2005 at 07:50:33PM +0200, Martin Schulze wrote:
> > I have no information about this.
>
> I've provided as much information as I got in
> <[EMAIL PROTECTED]>, addressed
> to [EMAIL PROTECTED], and was basically waiting for
Branden Robinson wrote:
> On Fri, Mar 11, 2005 at 03:35:32AM -0500, Branden Robinson wrote:
> > The following URL contains source and binary packages for powerpc resolving
> > CAN-2005-0605[1], which is described as:
> >
> > The XPM library's scan.c file may allow attackers to execute arbitrary
Christian Hammers wrote:
> Hello
>
> Last comment regarding this bug report was:
> "CAN-2004-1284 Buffer overflow in the find_next_file function"
> > Date: Tue, 18 Jan 2005 10:00:37 +0100
> > From: Daniel Kobras <[EMAIL PROTECTED]>
> >
> > An update for woody is pending.
>
> Has there b
Héctor García Álvarez wrote:
> El vie, 25-03-2005 a las 21:54 +0100, Moritz Muehlenhoff escribió:
> > Package: smail
> > Severity: grave
> > Tags: security patch
> > Justification: user security hole
> >
> > [Dear security-team, this should affect Woody as well]
> >
> > Sean <[EMAIL PROTECTED] ha
sean finney wrote:
> On Fri, Mar 11, 2005 at 09:39:10AM +0100, Christian Hammers wrote:
> > Wasn't it the one where a privilege granted to "table_name" also grants
> > rights on "tableXname", "tableYname" as '_' was considered as something
> > like a dot in a RegEx? This should be fairly easy to te
.17.0/debian/changelog
@@ -1,3 +1,14 @@
+xli (1.17.0-11woody1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied patch from DSA 069 to fix buffer overflow in faces decoder
+[faces.c, CAN-2001-0775]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18
Martin Pool wrote:
> Hi Frank, Martin,
>
> I don't think there is any new information in this report beyond what
> has been on the web site for many months. distcc is secure when used as
> directed.
If this report is irrelevant for Debian, feel free to close it right
away.
Regards,
Joe
Branden Robinson wrote:
> The following URL contains source and binary packages for powerpc resolving
> CAN-2005-0605[1], which is described as:
>
> The XPM library's scan.c file may allow attackers to execute arbitrary code
> by crafting a malicious XPM image file containing a negative bitmap
Package: distcc
Version: 2.18.1-5
Severity: grave
Tags: sarge sid security
Saw this on bugtraq:
XCode ships with version 2.0.1 of distcc. We also tried updating to
2.18.3 and had similar issues with that version as well.
Apple was not contacted prior to this release because the exploit for
distcc
Steve Langasek wrote:
> On Sun, Feb 27, 2005 at 10:28:27PM +0100, Martin Pitt wrote:
> > In the light of #291700 I prepared a new PostgreSQL stable upload. It
> > fixes a grave misbehaviour if a database is called "peer", and fixes
> > the calling of dpkg --compare-versions which caused the help sc
the lowest requirement for
+mailman in Debian/stable and since Python 1.5.2 doesn't do list
+comprehensions [Mailman/Cgi/private.py]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Fri, 18 Feb 2005 12:57:31 +0100
+
mailman (2.0.11-1woody10) stable-security; urgency=high
* Non-maintainer upload by the Security Team
Jeroen van Wolffelaar wrote:
> > These bugs are the same, and it seems that indeed there was a mistake when
> > making the package. I hope it can be fixed soon.
>
> Security team, Joey,
>
> It seems the most recent evolution security update had a regression
> w.r.t. SSL support, not unlikely cau
Dafydd Harries wrote:
> > Filing this bug to track the security hole in the DSA below. Apparently
> > a fix for unstable has not yet been uploaded.
>
> Since I don't have a copy of the original security patch, I tried to
> extract the changes by interdiffing the fixed stable version with the
> lat
This has been assigned CAN-2005-0448.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Martin Pitt wrote:
> Hi again,
>
> Martin Pitt [2005-02-16 11:28 +0100]:
> > Hi!
> >
> > Please note that the new upstream only fixes lesstif2, not lesstif1:
> >
> > This directory contains fixed sources:
> >
> > http://cvs.sourceforge.net/viewcvs.py/lesstif/lesstif/lib/Xm-2.1/
> >
> > Howev
Package: kdeedu
Severity: grave
Tags: security sid patch sarge
Erik Sjölund discovered that a buffer overflow in fliccd which is
installed setuid root (at least on Debian/unstable) can be exploited
quite easily and will probably allow arbitrary code to be executed.
Patch:
ftp://ftp.kde.org/pub/kd
Package: mc
Version: 4.6.0-4.6.1-pre1-3
Severity: grave
Tags: sarge sid security patch
I'm awfully sorry but when releasing DSA 639 I was under the impression
that the version of mc was sufficiently new and contained all security
fixes already. However, Gerardo Di Giacomo denied that, so attached
Use CAN-2005-0362 for fixing *plugin* variables
Use CAN-2005-0363 for fixing the config variable
Regards,
Joey
--
If you come from outside of Finland, you live in wrong country.
-- motd of irc.funet.fi
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIB
Package: kdelibs
Version: 3.2.3-3.sarge.2 3.3.2-1
Severity: grave
Tags: security sarge sid patch
Please
. update the package in sid
. mention the CVE id from the subject in the changelog
. use priority=high
. you probably need to upload into testing-proposed-updates as well
Regards,
Thanks.
Martin Pitt wrote:
> Here is the patch used for the Ubuntu security update:
>
> http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
CAN-2005-0016 is the gatos problem Debian fixed in DSA 640
> awstats (6.2-1.1ubuntu1) hoary; urgency=low
> .
>* SECURITY UPDATE: fix
Package: jsboard
Version: 2.0.10-2
Severity: grave
Tags: sarge sid security patch
Please fix the directory traversal vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
Details
===
PHP has a feature discarding the input values containing null characters
when magic_qu
Package: gforge
Version: 3.1-26
Severity: grave
Tags: security sarge sid patch
The sid/sarge version seems to be vulnerable to this. Please correct it.
The correction should be in the GForge CVS, otherwise sanitising the dir
should be easy (i.e. recursively strip "../").
Candidate: CAN-2005-0299
Martin Pitt wrote:
> Hi Joey!
>
> I prepared new PostgreSQL woody packages to fix CAN-2005-024[57], here
> is the interdiff:
Thanks.
Regards,
Joey
--
GNU GPL: "The source will be with you... always."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Tro
Helge Kreutzmann wrote:
> Hello,
> On Wed, Feb 09, 2005 at 02:02:41AM +0900, OHURA Makoto wrote:
> > tags 294223 woody unreproducible
> > thanks
>
> > In my woody machine,
>
> Since it works fine on our x86-based woody machines, and another
> recent security update was misbuild on alpha (#289670)
Package: kleopatra
Version: 3.3.1-3
Tags: sid sarge
Severity: serious
The package should at least be installable when it is in the Debian archive,
even if it is a contrib package.
# apt-get install kleopatra
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be
Package: uw-imap
Version: 2002edebian1-5
Severity: grave
Tags: security sarge sid patch
A vulnerability was discovered in the CRAM-MD5 authentication in
UW-IMAP where, on the fourth failed authentication attempt, a user
would be able to access the IMAP server regardless. This problem
exists only
This problem has been assigned
Candidate: CAN-2004-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1388
Reference: BUGTRAQ:20050126 DMA[2005-0125a] - 'berlios gpsd format string
vulnerability'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110677341711505&w=2
Reference
Rene Mayrhofer wrote:
> Hi Joey,
>
> On Friday 28 January 2005 07:28, Martin Schulze wrote:
> > Stack-based buffer overflow in the get_internal_addresses function in
> > the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x
> > before 2.3.0, when com
==
Candidate: CAN-2005-0162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162
Reference: IDEFENSE:20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=190&type
Rene Mayrhofer wrote:
> > http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
> >
> > Even though iDEFENSE wrote:
> >
> >iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All previous
> >versions of Openswan also contain the vulnerable code.
Package: openswan
Severity: grave
Tags: security sarge sid patch
Please see the advisory and patch here:
http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
Even though iDEFENSE wrote:
iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All pre
Moritz Muehlenhoff wrote:
> Package: libavcodec-dev
> Version: 0.cvs20050106-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> [Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
> more, I haven't investigated whether they are affected, but I assume i
Nathaniel W. Turner wrote:
> On Friday 21 January 2005 02:09 am, Martin Schulze wrote:
> > These problems have been discovered by Wouter Coekaerts in the konversation
> > IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
> > some older versions too. The
tags 291503 patch
thanks
Whoops, didn't notice the last paragraph of Wouter's mail:
Solution
These problems are fixed in version 0.15.1, which was released 19/01/05
Individual patches can be downloaded at:
http://wouter.coekaerts.be/konversation.html :
http://wouter.coekaerts.be/files/ko
Package: konversation
Version: 0.15-2
Severity: grave
Tags: security sarge sid
These problems have been discovered by Wouter Coekaerts in the konversation
IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
some older versions too. They are fixed in 0.15.1.
When you fix these pro
Package: maxdb
Severity: grave
Tags: sarge security
# sid is already fixed, so this is a reminder.
Two CVE ids have been assigned to this advisory:
Candidate: CAN-2005-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0081
Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent Multip
Joey Hess wrote:
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
>
> I've attached a patch that adds bounds che
This problem has been assigned CAN-2005-0116:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116
Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
Package: kpdf
Severity: grave
Tags: security sarge sid
This problem also affects kpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
URL:http://www.idefense.com/application/po
Package: gpdf
Severity: grave
Tags: security sarge sid
This problem also affects gpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
URL:http://www.idefense.com/application/po
Sven Luther wrote:
> severity 242068 grave
> thanks
Maybe this explanation should be added here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286305&msg=7
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
Michael Banck:
The package builds fine like that, it's just the additional kernel
modules which need to be built by a different script, AIUI
Steve Langasek:
well, here's the thing. the source package does build if you run
the normal debian/rules commands; but those binary packages that
Martin Schulze wrote:
> --- mod_auth_radius.c~2003-03-24 20:16:15.0 +0100
> +++ mod_auth_radius.c 2005-01-13 13:01:42.0 +0100
> @@ -971,8 +971,11 @@ find_attribute(radius_packet_t *packet,
>}
>return attr;
> }
> -#define radcpy(STRING, ATTR)
101 - 200 of 211 matches
Mail list logo
