attackers to obtain cleartext data via a
padding-oracle attack, aka the "POODLE" issue.
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWpFguAAoJEJyE7hq50CY2GzIP/j7ZUsYNARMcrM4lSpL63dfu
zubAAXjUN/tkf4u18MsQMWdgU5h54l
.
This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4.
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJWuYbJAAoJEJyE7hq50CY2ZDcP/1uZWuhWwScnxd7kqfBQUYp8
G8PSLTL5yJVWoPW32eDADuFP/7qsKcb7rMDhaAuBl4ZRs9BFCEN3l72qbpZTe6zW
xi2M9oABIJkvFvYG4UWFikF59tJcw/r0QlIu1dcMG
read. This could allow attackers to disclose
sensitive information from an application using the libidn library.
For Debian 7 "Wheezy", these problems have been fixed in version
1.25-2+deb7u1.
We recommend that you upgrade your libidn packages.
- --
Brian May
-BEGIN PGP SIGNATURE---
(they will produce stack exhaustion) by Gustavo Grieco.
The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.
For Debian 7 "Wheezy", these problems have been fixed in version
2.36.1-2+deb7u2.
We recommend that you upgrade your librsvg packages.
- --
Brian May
-BEGIN PGP
.6.x and earlier, when using an Intel or Cyrix CPU,
allows local HVM guest users to cause a denial of service (guest
crash) via vectors related to a non-canonical RIP.
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJXO6WfAAoJEBeEV3+BH
remotion of
PLT/Gnuplot decoder, and the need of explicit reference in the filename
for the insecure coders.
For the wheezy, these problems have been fixed in version
8:6.7.7.10-5+deb7u5.
We recommend that you upgrade your imagemagick packages.
- --
Brian May
-BEGIN PGP SIGNATURE-
Version
/wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJXWpEbAAoJEBeEV3+BH26sdoIQANK5Jdw1Ubha4hjxCuTkM90K
77X87E7qyOpl/4HgyqFDNvutNhZZTDa4NRLfhp22yj0enNPMEIxgNxXQRZpIuq/r
55LQmUmUZY9cy+KCOn/avuwwMesakqJxQrC1DtfocYQi8RWUmmRT5d9fEQ2D+ZeP
BU2gtp7OH
to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJXY7d2AAoJEBeEV3+BH26s57QQAOmB2qERr+I1jIIvad3De+UZ
SCQ4QxE0DIw7kAZOJg9udcAD00LOZ8hKoU2slVf7DLwdHkmyv
n packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJXejv4AAoJEBeEV3+BH26sd+kQ
in version
2.22-8+deb7u3.
We recommend that you upgrade your binutils packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP
is an LTS
version.
Django 1.4.22-1 has been uploaded to wheezy-security to address this.
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJXqZaWAAoJEBeEV3+BH26sIeIP/Rm1Elye+47k1ZKknY83oZOQ
ysmeMG73Cr8QPUhog+fhmVDWMOBtggUfOBZwmnFr7sSNjX9XTotmCKiMbzN/xyN3
es to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJX2ls3AAoJEBeEV3+BH26soJUQAOSQxHT7w1S6eRIbxx1HxxN8
QZwd4Q2yKu67hstYs4PS7pPdpmoin7Lo0W6iUpB8tUgw16bSajlvm7Qt5QsoTA7o
MFnl1Wp5WGRK
e
found at: https://wiki.debian.org/LTS
- --
Brian May
-BEGIN PGP SIGNATURE-
iQI1BAEBCAAfBQJX/IjOGBxicmlhbkBsaW51eHBlbmd1aW5zLnh5egAKCRAXhFd/
gR9urGleEACVZqbK5DxCNTWGMpeKu/BHPO9uPX6JO2RiT1A62KMV/u2GUCZKhkL7
+DixRiT5EdTNyfd6/B63S1M8ab5CwSO9wj31SyRMy6ZOaXGWc8VaN66xC7e3lKMi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: texlive-base
Version: 2012.20120611-5+deb7u1
CVE ID : CVE-2016-10243
The TeX system allows for calling external programs from within the TeX
source code. This has been restricted to a small set of programs since a
l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: calibre
Version: 0.8.51+dfsg1-0.1+deb7u1
CVE ID : CVE-2016-10187
Debian Bug : 853004
It was found that a javascript present in the book can access files on the
computer using XMLHttpRequest.
For Debian 7 "Wheez
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: graphicsmagick
Version: 1.3.16-1.1+deb7u11
CVE ID : CVE-2017-13737 CVE-2017-15277
Immediately after the previous update to graphicsmagick, two more security
issues were identified. These updates are included here.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: tiff
Version: 4.0.2-6+deb7u17
CVE ID : CVE-2017-9935
Debian Bug : 866109
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf
function in tools/tiff2pdf.c. This heap overflow could lead t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: awstats
Version: 7.0~dfsg-7+deb7u1
CVE ID : CVE-2017-1000501
Debian Bug : 885835
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the
handling of the "config" and "migrate" parameters res
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ca-certificates
Version: 20130119+deb7u2
Debian Bug : 858064 858539
This release does a complete update of the CA list. This includes
removing the StartCom and WoSign certificates to as they are now
untrusted by the maj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: python-crypto
Version: 2.6-4+deb7u8
CVE ID : CVE-2018-6594
Debian Bug : 88
python-crypto generated weak ElGamal key parameters, which allowed attackers to
obtain sensitive information by reading ciphertext d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: python-django
Version: 1.4.22-1+deb7u4
CVE ID : CVE-2018-7536 CVE-2018-7537
Several functions were extremely slow to evaluate certain inputs due to
catastrophic backtracking vulnerabilities in several regular expres
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: python-crypto
Version: 2.6-4+deb7u8
This is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the issue
described in CVE-2018-6594 is fixed. It turns out that the fix is partial and
upstream has decided not to fix t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ldap-account-manager
Version: 3.7-2+deb7u1
CVE ID : CVE-2018-8763
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web
front-end for LDAP directories.
CVE-2018-8763
The found Reflected Cross
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: firebird2.5
Version: 2.5.2.26540.ds4-1~deb7u4
CVE ID : CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: sssd
Version: 1.11.7-3+deb8u1
CVE ID : CVE-2018-10852
Debian Bug : 902860
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules
from SSSD has too wide permissions, which means that anyo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: gpac
Version: 0.5.0+svn5324~dfsg1-1+deb8u1
CVE ID : CVE-2018-13005 CVE-2018-13006
Debian Bug : 902782
Two heap buffer over read conditions were found in gpac.
CVE-2018-13005
Due to an error in a while loop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: python3.4
Version: 3.4.2-1+deb8u2
CVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2018-20406
CVE-2019-5010
This DLA fixes a a problem parsing x509 certificates, an pickle integer
overflow, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: tiff
Version: 4.0.3-12.3+deb8u8
CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663
Brief introduction
CVE-2018-17000
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c
(called from TIF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ikiwiki
Version: 3.20141016.4+deb8u1
CVE ID : CVE-2019-9187
The ikiwiki maintainers discovered that the aggregate plugin did not use
LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized
wik
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: rdflib
Version: 4.1.2-3+deb8u1
CVE ID : CVE-2019-7653
Debian Bug : #921751
The CLI tools in python-rdflib-tools can load python modules
found in the current directory. This happens because "python -m"
appends th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libvirt
Version: 1.2.9-9+deb8u6
CVE ID : CVE-2016-10746
libvirt-domain.c in libvirt supports virDomainGetTime API calls by guest agents
with an RO connection, even though an RW connection was supposed to be
required
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: jquery
Version: 1.7.2+dfsg-3.2+deb8u6
CVE ID : CVE-2019-11358
jQuery mishandles jQuery.extend(true, {}, ...) because of Object.prototype
pollution. If an unsanitized source object contained an enumerable __proto__
p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: jquery
Version: 1.7.2+dfsg-3.2+deb8u7
Debian Bug : #928827
The minified jquery library was broken in version 1.7.2+dfsg-3.2+deb8u6 due to
an error during the build. This problem has now been fixed in
version 1.7.2+dfsg-3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: golang-go.crypto
Version: 0.0~hg190-1+deb8u2
CVE ID : CVE-2019-11841
This package ignored the value of the Hash header, which allows an
attacker to spoof it. An attacker can not only embed arbitrary Armor
Headers, bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-nokogiri
Version: 1.6.3.1+ds-1+deb8u1
CVE ID : CVE-2019-5477
A command injection vulnerability in Nokogiri allows commands to be executed in
a subprocess by Ruby's `Kernel.open` method.
For Debian 8 "Jessie", t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-openid
Version: 2.5.0debian-1+deb8u1
CVE ID : CVE-2019-11027
ruby-openid performed discovery first, and then verification. This allowed an
attacker to change the URL used for discovery and trick the server into
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: poppler
Version: 0.26.5-2+deb8u12
CVE ID : CVE-2019-9959 CVE-2019-10871
Two buffer allocation issues were identified in poppler.
CVE-2019-9959
An unexpected negative length value can cause an integer
overfl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: poppler
Version: 0.18_0.26.5-2+deb8u13
CVE ID : CVE-2019-10871
Debian Bug : 942503
The fix for CVE-2019-10871 broke xpdf. This change has been reverted
until a better fix can be developed.
For Debian 8 "Jessie"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: angular.js
Version: 1.2.26-1+deb8u1
CVE ID : CVE-2019-14863
Earlier versions of this package package were vulnerable to Cross-site
Scripting (XSS) due to no proper sanitization of xlink:href attributes.
For Debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: ruby-rack-cors
Version: 0.2.9-1+deb8u1
CVE ID : CVE-2019-18978
This package allowed ../ directory traversal to access private resources
because resource matching did not ensure that pathnames were in a canonical
form
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: drupal7
Version: 7.32-1+deb8u18
CVE ID : CVE-2020-13662
Drupal 7 has an Open Redirect vulnerability. For example, a user
could be tricked into visiting a specially crafted link which would
redirect them to an arbitr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2284-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
July 21, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2402-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
October 08, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2442-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
November 10, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2453-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
November 17, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2454-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
November 19, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2455-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
November 19, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2485-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
December 09, 2020
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2520-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
January 07, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2527-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
January 18, 2021
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian LTS Advisory DLA-2550-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Brian May
February 09, 2021
51 matches
Mail list logo