If you don't want to upgrade to 2.3.7, which is unstable, you
can use our unofficial patch:
o http://www.sitic.se/dokument/evolution.formatstring.patch
// Ulf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
to the DFSG, so these
files must be removed from main.
As an aside, the debian/copyright file for wget only lists the license for the
wget program and not the license for the wget documentation.
// Ulf Harnhammar
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy
No, you don't need to set up a rogue CDDB server, as CDDB servers
let anyone add or modify information about records.
But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of
crafted entries
to
information
oflow333.alz
Description: Binary data
oflow1621.alz
Description: Binary data
#!/usr/bin/perl --
# alzgen
# by Ulf Harnhammar in 2005
# I hereby place this program in the public domain.
die usage: $0 length filename\n unless @ARGV == 2;
$len = shift;
$lenhi = int($len / 256);
$lenlo
/advisories/18124/
o http://secunia.com/advisories/22057/
Regards, Ulf Harnhammar
--- src/elogd.c.old 2006-11-28 12:25:59.0 +0100
+++ src/elogd.c 2006-12-02 20:37:44.0 +0100
@@ -9685,7 +9685,7 @@ void show_edit_form(LOGBOOK * lbs, int m
rsprintf(option value
://seclists.org/lists/fulldisclosure/2006/Feb/0572.html
The full-disclosure post includes a patch.
// Ulf Harnhammar
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
The bug appears to still apply to the version of the package in unstable,
and is marked as such.
The bug looks closed to me.
It still looks closed (in all versions) to me. Are you sure that that is what
you want, instead of - say - fixing it?
// Ulf
--
(Sorry for not doing this as a real reply with the correct mail headers,
but I'm not subscribed to debian-security, I only read it on the web.)
| + $text = preg_replace('#(script|about|applet|activex|chrome):#is',
\\1#058;, $text);
It looks like this is about preventing URL's like img
as in the upstream ELOG-2.6.2 version. I haven't checked
any other versions (but the upstream SVN trunk looks like it also
has these bugs).
// Ulf Harnhammar, Debian Security Audit Project
http://www.debian.org/security/audit/
--
___
Surf the Web
I've just verified that elog in stable is vulnerable to
all issues mentioned in bug #392016.
// Ulf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Subject: zabbix-server-mysql: remote security problems
Package: zabbix-server-mysql
Version: 1:1.1.2-2
Severity: grave
Justification: user security hole
Tags: security patch
Hello,
Max Vozeler and Ulf Harnhammar from the Debian Security Audit Project
have found a number of format string bugs
I'll see what I can do.
// Ulf
--
___
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
12 matches
Mail list logo