Package: zope3
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: zope2.10
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: python2.4-zodb
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: zope2.11
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: xemacs21
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xemacs21.
CVE-2009-2688[0]:
| Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when
| running on
It's likely that pgadmin3 should have been rebuilt after the latest wxwidgets2.8
upload.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
reassign 540060 pgadmin3
found 540060 1.10.0-1
thanks
Giuseppe Iuculano ha scritto:
It's likely that pgadmin3 should have been rebuilt after the latest
wxwidgets2.8
upload.
Yes, I confirm that, I rebuilt pgadmin3 and it works perfectly.
Cheers,
Giuseppe.
signature.asc
Description
Gerfried Fuchs ha scritto:
Beg your pardon, but that sounds rather like the ABI of wxwidgets2.8
has changed - and then it's not pgadmin3's job to fix it, rather the
library should bump its compatibility level, not?
Can this please get investigated properly? I don't object to a
scheduled
Ryan Niebur ha scritto:
since amd64 seems to be the only architecture with (known) problems,
No, unfortunately I was able to reproduce this issue on my i386 machine.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Giuseppe Iuculano ha scritto:
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
2.8.7.1-2 and
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
2.8.7.1-1
It seems that something changed in binutils, testcase:
squeeze, binutils
clone 540060 -1
reassign -1 binutils
retitle -1 version script commands not handled correctly in sid/squeeze
severity -1 grave
thanks
Hi,
please see the testcase below
Cheers,
Giuseppe.
Giuseppe Iuculano ha scritto:
Giuseppe Iuculano ha scritto
Hi Moritz,
Moritz Muehlenhoff wrote:
On Mon, Jul 13, 2009 at 08:45:03AM +0200, Andrea De Iacovo wrote:
this is fixed in upstream version 2.8.1. please coordinate with the
security
team to prepare updates for the stable releases.
Wordpress 2.8.1 is going to be uploaded in sid in the
Moritz Muehlenhoff ha scritto:
I'm leaving to HAR 2009 soon, I'll look into it, but it might take a couple
days.
Thijs sponsored the upload, thanks anyway!
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: typo3-src
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Typo3:
SA33617[1]
DESCRIPTION:
Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to bypass
Package: tor
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Tor:
SA33635[1]
DESCRIPTION:
A vulnerability with an unknown impact has been reported in Tor.
The vulnerability is caused due to an
Package: dmraid
Version: 1.0.0.rc14-6
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(Originally reported against dkms on ubuntu, LP #320200)
dmraid must not call udevadm trigger --action=add in postinst.
This will have utterly dire consequences for the installed machine.
Major
Package: libpng
Version: 1.2.33-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for libpng:
SA33970[1]
DESCRIPTION:
A vulnerability has been reported in libpng, which can be exploited
by malicious
Package: mldonkey-server
Version: 2.9.5-2
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to
access any
file with rights of running Mldonkey daemon by supplying a
special-crafted
Package: zabbix-frontend-php
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for
zabbix-frontend-php:
SA34091[1]:
DESCRIPTION:
Some vulnerabilities have been reported in the ZABBIX PHP frontend,
Package: qt4-x11
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qt4-x11.
CVE-2009-2700[0]:
| src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not
| properly
Package: rails
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for rails.
CVE-2009-3086[0]:
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x
| before 2.3.4, leaks information about the complexity of
) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed integer overflow in XMakeImage function in xwindow.c
+(Closes: #530946) (CVE-2009-1882)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 10 Sep 2009 19:08:13 +0200
+
graphicsmagick (1.3.5-5) unstable; urgency=high
* debian
Hi,
local screen lock bypass vulnerability in xscreensaver is not important enough
to get it fixed via regular security update in Debian stable and oldstable. It
does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release
Package: kdelibs,kde4libs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs and kde4libs.
CVE-2009-2702[0]:
| KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
Package: xmp
Version: 2.0.4d-11
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers
| to
retitle 546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
tag 546730 lenny etch
fixed 546730 2.6.1-1
thanks
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote
Package: whitedune
Version: 0.28.13-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for whitedune.
CVE-2008-7228[0]:
| Multiple format string vulnerabilities in White_Dune before
|
severity 546903 minor
thanks
Hi Joerg,
Joerg Scheurich aka MUFTI ha scritto:
So i should say something about the impact and attack vectors:
To enable the problem, white_dune must be compiled with the --with-aflockdebug
option of ./configure. The debian binary versions are not compiled with
Package: bugzilla
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for bugzilla.
CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4
retitle 546791 CVE-2009-3233: shell command injection via filename
thanks
Hi,
this issue got a CVE id:
Name: CVE-2009-3233
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3233
Reference: MLIST:[oss-security] 20090916 CVE id request: changetrack
Reference:
@@
+wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed Integer overflow in the wxImage::Create function.
+(CVE-2009-2369) (Closes: #537175)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 17 Sep 2009 17:17:44 +0200
+
wxwidgets2.6 (2.6.3.2.2-3) unstable
Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
|
Package: kolab-cyrus-imapd
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kolab-cyrus-imapd.
CVE-2009-2632[0]:
| Buffer overflow in the SIEVE script component (sieve/script.c), as
| used
Package: cyrus-imapd-2.2
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for cyrus-imapd-2.2.
CVE-2009-3235[0]:
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
|
notfixed 547947 2.2.13-15
thanks
Benjamin Seidenberg ha scritto:
A fix was released before the CVE was even published
Patch:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h
Hi Henrique,
Henrique de Moraes Holschuh ha scritto:
Also, we need the same fix to be applied to stable and old-stable...
I've prepared stable and oldstable packages:
http://sd6.iuculano.it/sec/cyrus-imapd-2.2/
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
-2.2.13/debian/changelog
+++ cyrus-imapd-2.2-2.2.13/debian/changelog
@@ -1,3 +1,17 @@
+cyrus-imapd-2.2 (2.2.13-14+lenny3) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * sieve/bc_eval.c: Use snprintf to avoid buffer overruns
+
+ -- Giuseppe Iuculano giuse
tags 548232 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sat, 26 Sep 2009 00:23:50 +0200.
The fix will be in the next upload.
=
Add menu
Ola Lundqvist ha scritto:
Sure. In that case where do I upload it. To lenny-proposed-updates?
stable-proposed-updates for lenny and oldstable-proposed-updates for etch.[1]
Please contact the stable release team before you upload.
Package: mbrola
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
it seems that mbrola is available only in amd64, why?
https://buildd.debian.org/~luk/status/package.php?p=mbrola
Cheers,
Giuseppe
- -- System Information:
Debian Release: squeeze/sid
APT prefers
Samuel Thibault ha scritto:
It's written there and I didn't know that indeed: Non-Free (not
autobuilt). I'll manage to get other archs built, thanks for the
notice.
Samuel
Hi,
you should read this:
http://lists.debian.org/debian-devel-announce/2006/11/msg00012.html
Cheers,
Giuseppe.
writer module in
+ Ghostscript 8.62, and possibly other versions, allows remote attackers to
+ cause a denial of service (ps2pdf crash) and possibly execute arbitrary
+ code via a crafted Postscript file.
+ (Closes: #524803, #524915)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it
Giuseppe Iuculano ha scritto:
Hi,
I've prepared a NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725
CVE-2008-6679 in lenny.
Proposed debdiff in attachment.
Forgot to add 36_CVE-2008-6679.dpatch, resend correct debdiff.
Cheers,
Giuseppe.
diffstat for ghostscript_8.62.dfsg.1-3.2lenny1
Package: libmodplug
Version: 1:0.8.4-5
Severity: serious
Tags: security patch
Hi,
The following SA (Secunia Advisory) id was published for
libmodplug:
SA34927[1]
DESCRIPTION:
A vulnerability has been reported in libmodplug, which can be
exploited by malicious people to cause a DoS
Package: libwmf
Version: 0.2.8.4-6
Severity: serious
Tags: security patch
Hi,
redhat recently patched libwmf.
CVE-2009-1364 is still reserved, but is disclosed in RHSA-2009:0457-1[0]
A pointer use-after-free flaw was found in the GD graphics library embedded
in libwmf. An attacker could create
Hi,
Scott Kitterman wrote:
There is a clamav bug that was fixed in 0.95 or 0.95.1 in which unofficial
signatures caused a crash, so I believe your diagnosis is likely correct.
I can confirm this. I was experiencing the same crash with 0.94.dfsg.2-1lenny2
and clamav-unofficial-sigs. Upgrading
-1183: The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS
+ 1.3.9 and earlier, Poppler before 0.10.6, and other products allows
remote
+ attackers to cause a denial of service (infinite loop and hang) via a
+ crafted PDF file.
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Sat, 02
Package: libmodplug
Version: 1:0.8.4-5
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libmodplug:
CVE-2009-1438[1]
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in
libmodplug before 0.8.6, as used in
+1,11 @@
+libwmf (0.2.8.4-2+etch1) oldstable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed Use-after-free vulnerability in the embedded GD library
+(Closes: #526434) (CVE-2009-1364)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 06 May 2009 09:33:49 +0200
+
libwmf (0.2.8.4
-0.7/debian/changelog
+++ libmodplug-0.7/debian/changelog
@@ -1,3 +1,11 @@
+libmodplug (1:0.7-5.3) oldstable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed CSoundFile::ReadMed() Integer Overflow in src/load_med.cp
+(Closes: #526657) (CVE-2009-1438)
+
+ -- Giuseppe Iuculano giuse
Zed Pobre ha scritto:
On Wed, May 06, 2009 at 10:50:00AM +0200, Giuseppe Iuculano wrote:
Hi,
I've prepared a NMU to fix CVE-2009-1438 and SA34927 in stable and oldstable.
My plan was to fix this by packaging the new upstream version this
weekend that fixes this officially, but if you don't
Giuseppe Iuculano ha scritto:
Proposed debdiffs in attachment.
Updated oldstable debdiff (do not backport changes in src/libmodplug/stdafx.h,
instead include stdint.h)
Cheers,
Giuseppe.
diff -u libmodplug-0.7/debian/changelog libmodplug-0.7/debian/changelog
--- libmodplug-0.7/debian/changelog
Package: lvm2
Version: 2.02.44-2
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
you merged devmapper source, but it had an epoch:
# dpkg --compare-versions 2.02.44-2 gt 2:1.02.30-2; echo $?
1
# rmadison -s unstable dmsetup
dmsetup | 2:1.02.27-4 | unstable | arm
Bastian Blank ha scritto:
On Fri, Mar 06, 2009 at 02:58:44PM +0100, Giuseppe Iuculano wrote:
you merged devmapper source, but it had an epoch:
Please explain. Which version have a bad epoch.
When comparing two version numbers, first the epoch of each are compared, so
2.02.44-2 2:1.02.30-2
,
+pngrtans.c, pngset.c and example.c (CVE-2009-0040) (Closes: #516256)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Sat, 14 Mar 2009 21:31:31 +0100
+
libpng (1.2.27-2) unstable; urgency=medium
* Fix CVE-2008-3964: off-by-one error in pngtest.c; closes: #501109
diff -u libpng-1.2.27/debian/patches
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for network-manager-applet:
CVE-2009-0365[1]:
The dbus request handler in (1)
-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: source package apf-firewall
dpkg-buildpackage: source version 9.7+rev1-1
dpkg-buildpackage: source changed by Giuseppe Iuculano giuse...@iuculano.it
fakeroot debian/rules clean
QUILT_PATCHES=debian/patches quilt --quiltrc /dev/null
gregor herrmann ha scritto:
Did you try what this error message says?
I have the same problem.
--update --no-cowdancer-update works for the update.
But after that I can neither build packages nor login into the
chroot, the errors stays the same:
The same for me.
Giuseppe.
Package: git-core
Version: 1:1.6.3.1-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for git:
SA35437[1]:
Description:
A vulnerability has been reported in Git, which can be exploited by malicious
Hi,
also CVE-2008-5515 is now disclosed:
Information Disclosure CVE-2008-5515
When using a RequestDispatcher obtained from the Request, the target path was
normalised before the query string was removed. A request that included a
specially crafted request parameter could be used to access
Hi Pierre,
Pierre Chifflier ha scritto:
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
This doesn't imply that 1.01 isn't affected.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Pierre Chifflier ha scritto:
I fully agree, but you should quote correctly :
--8-
Additionally, this injection does not work here:
http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1dl=2o=3v=4%27union+all+select+concat(id,
%27:%27,passwd)+from+operators%23
severity 533848 normal
thanks
Hi,
Lior Chen ha scritto:
I have a software raid array (raid 0 type), with lvm partitions built
over the raid.
Please explain. Why are you mixing software raid with fakeraid/ataraid and LVM?
Please paste the output of these commands:
cat /proc/mdstat
retitle 532935 CVE-2009-2108: git-daemon Infinite Loop Denial of Service
thanks
Hi,
this issue got a CVE id:
CVE-2009-2108[0]:
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to
| cause a denial of service (infinite loop and CPU consumption) via a
| request containing extra
forcemerge 533848 534274
thanks
Hi,
martin f krafft ha scritto:
also sprach Lior Chen li...@lirtex.com [2009.06.24.0800 +0200]:
I have managed to fully reproduce this. This situation arose from mistakenly
installing the dmraid package along with the mdadm package (or maybe it was
Just for reference, ocsinventory-server 1.02.1-1 fixed also CVE-2009-2166:
CVE-2009-2166[0]:
| Absolute path traversal vulnerability in cvs.php in OCS Inventory NG
| before 1.02.1 on Unix allows remote attackers to read arbitrary files
| via a full pathname in the log parameter.
For further
tags 534918 patch
thanks
Hi,
Upstream patch: http://websvn.kde.org/?view=revrevision=983306
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: webkit
Version: 1.0.1-4
Severity: grave
Tags: security lenny
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for webkit.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS for iPod touch 1.1 through 2.2.1 does
tags 534946 patch
thanks
CVE-2009-1698 patch: http://trac.webkit.org/changeset/42081
CVE-2009-1690 patch: http://trac.webkit.org/changeset/42532
CVE-2009-1687 patch: http://trac.webkit.org/changeset/41854
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: libqt4-webkit
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for qt4-x11.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the garbage-collection implementation
| in
Package: kde4libs
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for kde4libs.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS
Package: kdegraphics
Version: 4:3.5.5-3etch3 4:3.5.9-3+lenny1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdegraphics.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the
Package: kdelibs
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for kdelibs.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS
retitle 534952 CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
thanks
Apologies, kdelibs is not affected by CVE-2009-0945
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: zoph
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for zoph.
CVE-2008-6837[0]:
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to
| execute arbitrary SQL
Hi Jeroen,
These issues have been fixed in Zoph 0.7.0.5 and 0.7.3 and are actually
(contrary to what CVE-2008-6837 says) the issues from CVE-2008-3258.
I would appreciate it if you could rectify this information.
Could you provide more details about these issues please?
Cheers,
Giuseppe.
Jeroen Roos ha scritto:
What kind of information would you like? The issues mentionned in
CVE-2008-6837 are not known to me and because of the limited information
in the report there is no way to determine whether such an issue exists,
the issue in CVE-2008-6838 is the same issue as the one
Package: fckeditor
Version: 1:2.6.2-1
Severity: grave
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for fckeditor.
CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor
Package: gnutls26
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnutls26.
CVE-2009-2730[0]:
| libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
| character in a domain
Package: asterisk
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for asterisk.
CVE-2009-2726[0]:
| The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34,
| 1.4.x before
Package: curl
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for curl.
CVE-2009-2417[0]:
A vulnerability has been reported in cURL, which can be exploited by
malicious people to
Package: libcompress-raw-bzip2-perl
Version: 2.020-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libcompress-raw-bzip2-perl.
CVE-2009-1884[0]:
| Off-by-one error in the
Package: neon27,neon26,neon
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for neon.
CVE-2009-2474[0]:
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' character in
reassign 542972 libdumbnet
thanks
Hi,
Lucas Nussbaum ha scritto:
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part:
gcc -g -O2 -Wall -Werror -lpthread -lpcap -ldumbnet -lnet -L/usr/lib
-I/usr/include -DLINUX -DDEBIAN -o arpon arpon.c
Package: tinymce
Version: 3.2.1.1-0.1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
tinymce makes files in /usr/share writable by non-root (www-data). See policy
10.9.
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Package: ntop
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ntop.
CVE-2009-2732[0]:
| The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
| allows remote attackers to
found 543224 3.2.6-0.1
tags 543224 patch
thanks
Hi,
after an upgrade from 3.2.1.1-0.1 to 3.2.6-0.1 this bug exists:
# LANG=C dpkg -l tinymce
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/
Package: squirrelmail
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squirrelmail.
CVE-2009-2964[0]:
| Multiple cross-site request forgery (CSRF) vulnerabilities in
| SquirrelMail
Package: buildbot
Version: 0.7.10p1-1,0.7.8-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for buildbot.
CVE-2009-2959[0]:
| Cross-site scripting (XSS) vulnerability in the waterfall web
Hi,
#540751 was fixed, so a binNMU of wxwidgets2.8 should fix this issue.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
. (Closes: #574021)
+
+ -- Giuseppe Iuculano iucul...@debian.org Thu, 18 Mar 2010 15:18:06 +0100
+
pango1.0 (1.20.5-5) stable; urgency=low
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
diff -u pango1.0-1.20.5/debian/patches/series
pango1.0-1.20.5/debian/patches/series
Package: krb5
Version: 1.8+dfsg~alpha1-7
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for krb5.
CVE-2010-0628[0]:
| The spnego_gss_accept_sec_context function in
|
Package: lib3ds
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lib3ds.
CVE-2010-0280[0]:
| Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in
| Google SketchUp 7.x before
Package: libmikmod
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for libmikmod.
CVE-2009-3995[0]:
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module
| Decoder
Package: liboggplay
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for liboggplay.
CVE-2009-3388[0]:
| liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
| 2.0.1 might
Package: lxr-cvs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for lxr-cvs.
CVE-2009-4497[0]:
| Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5
| and 0.9.6 allows
Package: squid3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squid3.
CVE-2010-0308[0]:
| lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through
| 3.1.0.15 allows
Package: viewvc
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for viewvc.
CVE-2010-0004[0]:
| ViewVC before 1.1.3 composes the root listing view without using the
| authorizer for each
Package: ruby1.9
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ruby1.9.
CVE-2009-1904[0]:
| The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173
| allows
Package: xpdf-reader
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xpdf.
CVE-2009-1188[0]:
| Integer overflow in the JBIG2 decoding feature in the
| SplashBitmap::SplashBitmap
201 - 300 of 388 matches
Mail list logo