-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: postgis
Version: 2.1.4+dfsg-3+deb8u1
CVE ID : CVE-2017-18359
It was found that the function ST_AsX3D in PostGIS, a module that
adds spatial objects to the PostgreSQL object-relational database, did
not handle empty
Hi Antoine,
sorry for my silence on this. I've been pondering what the best cause of
action would be, whether I should defer the final decision to Raphael,
or decide on my own.
On Tue, Jan 29, 2019 at 01:48:18PM -0500, Antoine Beaupré wrote:
> On 2019-01-22 15:21:19, Daniel Kahn Gillmor wrote:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 31 Jan 2019 12:17:10 +0100
Source: libvncserver
Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config
libvncclient0-dbg libvncserver0-dbg linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg2-6.1+deb8u5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libvncserver
Version: 0.9.9+dfsg2-6.1+deb8u5
CVE ID : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750
A vulnerability was found by Kaspersky Lab in libvncserver, a C library
to implement VNC
On Wed, Jan 30, 2019 at 03:02:53PM +0100, Markus Koschany wrote:
> The truth is the -dSafer option gives a false sense of security even in
> the latest release and we will probably continue to see more of those
> issues.
Obviously, any deployment which processes documents should use additional