Source: gpac
Version: 2.2.1+dfsg1-3.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2713
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2024-22749[0]:
| GPAC v2.3 was detected to
Source: mathtex
Version: 1.03-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for mathtex.
CVE-2023-51885[0]:
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a
| remote
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2662
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-46929[0]:
| An issue discovered in GPAC
Source: sendmail
Version: 8.17.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for sendmail.
CVE-2023-51765[0]:
| sendmail through at least 8.14.7 allows SMTP smuggling in certain
|
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2633
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5595[0]:
| Denial of Service in GitHub
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2632
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5586[0]:
| NULL Pointer Dereference in
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/gpac/gpac/issues/2606
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-5377[0]:
| Out-of-bounds Read in GitHub
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:24:57 +0200
+
ghostscript (9.53.3~dfsg-7
=medium
+
+ * Non-maintainer upload.
+ * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
+(Closes: #1043033)
+ * IJS device - try and secure the IJS server startup (CVE-2023-43115)
+
+ -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:33:30 +0200
+
ghostscript (10.0.0~dfsg-11
Hi,
On Wed, Sep 27, 2023 at 01:19:31PM +0300, Jani Nikula wrote:
> Package: unadf
> Version: 0.7.11a-5
> Severity: grave
> Tags: security
> Justification: user security hole
> X-Debbugs-Cc: Debian Security Team
>
> Dear Maintainer,
>
> See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe
Source: gpac
Version: 2.2.1+dfsg1-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/gpac/gpac/issues/2550
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for gpac.
CVE-2023-41000[0]:
|
Source: ghostscript
Source-Version: 10.02.0~dfsg-1
On Wed, Sep 13, 2023 at 09:21:09PM +, Debian FTP Masters wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 13 Sep 2023 20:18:16 +0200
> Source: ghostscript
> Architecture: source
> Version:
Source: gpac
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Some of the CVEs in #1033116 seems to not have been addressed (and in
part were addressed in a DSA already). Here a fresh bug for the
remaining ones.
Source: ghostscript
Version: 10.01.2~dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 10.0.0~dfsg-11+deb12u1
Control: found -1 10.0.0~dfsg-11
Control: found -1
Source: ghostscript
Version: 10.0.0~dfsg-11
Severity: serious
Justification: commitment for maintenance
X-Debbugs-Cc: car...@debian.org, t...@security.debian.org
Hi
ghostscript is orphaned and unter the Debian QA group. ghostscript
beeing a package with recurring need of maintenance and in
Source: ghostscript
Version: 10.0.0~dfsg-9
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706494
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
Source: a2ps
Version: 1:4.14-7
Severity: wishlist
X-Debbugs-Cc: car...@debian.org
Hi
Not in time for the Debian bookworm release, but please package
afterwards the new a2ps upstream version:
https://lists.gnu.org/archive/html/info-gnu/2023-03/msg2.html
Regards,
Salvatore
Hi,
On Fri, Dec 30, 2022 at 05:32:49PM +0100, Tobias Frost wrote:
> Source: libapreq2
> Severity: serious
> Justification: possibly not suitable for a stable release
> X-Debbugs-Cc: Debian Security Team , Salvatore
> Bonaccorso
> Control: affects -1 lua-apr
> Contro
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: cake...@packages.debian.org, t...@security.debian.org,
car...@debian.org
Control: affects -1 + src:cakephp
Hi
cakephp has no reverse dependencies, and the currently QA maintained
scripting (CVE-2022-46391) (Closes: #1025410)
+
+ -- Salvatore Bonaccorso Wed, 07 Dec 2022 21:47:25 +0100
+
awstats (7.8-2) unstable; urgency=high
* QA upload.
diff -Nru awstats-7.8/debian/patches/fix-cross-site-scripting.patch
awstats-7.8/debian/patches/fix-cross-site-scripting.patch
Source: awstats
Version: 7.8-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/eldy/AWStats/pull/226
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for awstats.
CVE-2022-46391[0]:
| AWStats 7.x through 7.8 allows
Hi all,
An update for expat (landed in unstable earlier) and now as DSA 5085-2
for buster and bullseye as well is released which relaxes the fix for
CVE-2022-25236 with regard to RFC 3986 URI characters.
So there is no immediate action for updating the affected packages
from regressions ins
Source: plib
Version: 1.8.5-8
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://sourceforge.net/p/plib/bugs/55/
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for plib.
CVE-2021-38714[0]:
| In Plib
Source: jhead
Version: 1:3.04-5
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Matthias-Wandel/jhead/issues/33
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jhead.
Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376
The following vulnerability was published for ircii.
Hi Carsten, hi Christoph,
On Thu, Jan 28, 2021 at 05:15:46PM +0100, Carsten Schoenert wrote:
> retitle -1 ITA: picking up maintenance of libpam-radius-auth
>
> Hello Salvatore,
>
> Am Fri, Feb 21, 2020 at 03:03:12PM +0100 schrieb Salvatore Bonaccorso:
> > Source: libpam-ra
Control: severity -1 serious
On Sat, Dec 12, 2020 at 10:18:21AM +0100, Salvatore Bonaccorso wrote:
> Source: awstats
> Version: 7.8-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/eldy/awstats/issues/195
> X-Debbugs-Cc: car...@debian.org, De
Control: reopen -1
On Thu, Jul 19, 2018 at 11:37:29PM +0200, Moritz Muehlenhoff wrote:
> Source: giflib
> Severity: important
> Tags: security
>
> https://sourceforge.net/p/giflib/bugs/112/
Looks the wrong bug was closed here? CVE-2018-11490 was sf#113, while
this one is CVE-2018-11489, sf#112,
Source: awstats
Version: 7.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/eldy/awstats/issues/195
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for awstats, which is a
followup to CVE-2020-29600 (incomplete fix
Hi Baptiste,
On Tue, Aug 18, 2020 at 06:49:47PM +0200, Baptiste DETUNE wrote:
> Hi guys,
>
> Under Debian Buster, the link to visit the project page related to ekg2
> package pointing on http://ekg2.org is wrong and must be censored because
> of sexual content.
While I do agree the wrong
Source: golang-github-unknwon-cae
Version: 0.0~git20160715.0.c6aac99-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-unknwon-cae.
CVE-2020-7668[0]:
Source: golang-github-unknwon-cae
Version: 0.0~git20160715.0.c6aac99-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for golang-github-unknwon-cae.
CVE-2020-7664[0]:
Hi,
On Fri, May 15, 2020 at 10:19:42PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote:
> > Source: json-c
> > Version: 0.13.1+dfsg-7
> > Severity: important
> > Tags: security upstream
> &g
Hi,
On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote:
> Source: json-c
> Version: 0.13.1+dfsg-7
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/json-c/json-c/pull/592
>
> Hi,
>
> The following vulnerability was pub
Source: json-c
Version: 0.13.1+dfsg-7
Severity: important
Tags: security upstream
Forwarded: https://github.com/json-c/json-c/pull/592
Hi,
The following vulnerability was published for json-c.
CVE-2020-12762[0]:
| json-c through 0.14 has an integer overflow and out-of-bounds write
| via a large
Source: libpam-radius-auth
Version: 1.4.0-3
Severity: serious
Justification: should not be released in bullseye without active maintainer
libpam-radius-auth has been orphaned in Debian since several years and
QA maintained. It did had at least the CVE-2015-9542 security issue.
There are no
Hi,
FTR, whilst one can argue the issue is not that severe to warrant a RC
severity, I'm raising it here since libpam-radius-auth is orphaned now
since some years.
If there is still interest in this pam module it likely needs a
maintainer otherwise we should not release bullseye with
Source: libpam-radius-auth
Version: 1.4.0-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libpam-radius-auth.
CVE-2015-9542[0]:
|buffer overflow in password field
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: lout
Version: 3.39-3
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for lout.
CVE-2019-19917[0]:
| Lout 3.40 has a buffer overflow in the StringQuotedWord() function in
| z39.c.
CVE-2019-19918[1]:
| Lout 3.40
Source: cflow
Version: 1:1.6-4
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg0.html
Control: found -1 1:1.6-1
Hi,
The following vulnerability was published for cflow.
CVE-2019-16166[0]:
| GNU cflow through 1.6 has a heap-based
Source: cflow
Version: 1:1.6-4
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg1.html
Control: found -1 1:1.6-1
Hi,
The following vulnerability was published for cflow.
CVE-2019-16165[0]:
| GNU cflow through 1.6 has a
Source: zipios++
Version: 0.1.5.9+cvs.2007.04.28-10
Severity: important
Tags: security upstream
Control: found -1 0.1.5.9+cvs.2007.04.28-6
Hi,
The following vulnerability was published for zipios++.
CVE-2019-13453[0]:
| Zipios before 0.1.7 does not properly handle certain malformed zip
|
Source: lighttpd
Version: 1.4.53-3
Severity: grave
Tags: security upstream
Forwarded: https://redmine.lighttpd.net/issues/2945
Hi,
The following vulnerability was published for lighttpd.
CVE-2019-11072[0]:
| lighttpd before 1.4.54 has a signed integer overflow, which might
| allow remote
Hi Jeremy,
On Mon, Mar 12, 2018 at 10:07:05PM +0100, Salvatore Bonaccorso wrote:
> Jeremy,
>
> On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> > On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso
> > wrote:
> > > Is abiword upstream still active
Source: tcpdf
Version: 6.2.13+dfsg-1
Severity: serious
Justification: unfit for buster release
Hi
I'm raising this bug at RC severity for the following concerns: tcpdf
lacks several new upstream versions behind, is QA maintained after the
former maintainer orphaned it (he was maintaining it due
Source: lighttpd
Version: 1.4.49-1.1
Severity: important
Tags: security upstream
Control: found -1 1.4.45-1
Hi,
The following vulnerability was published for lighttpd.
CVE-2018-19052[0]:
| An issue was discovered in mod_alias_physical_handler in mod_alias.c in
| lighttpd before 1.4.50. There is
Source: autofs
Severity: wishlist
Hi
There was a new autofs version released (5.1.5) upstream, could it be
packaged for Debian?
Regards,
Salvatore
Source: tcpdf
Version: 6.2.13+dfsg-1
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for tcpdf.
CVE-2018-17057[0]:
| An issue was discovered in TCPDF before 6.2.22. Attackers can trigger
| deserialization of arbitrary data via the phar:// wrapper.
If
Hi
I re-uploaded a version adding the patch.
Regards,
Salvatore
Hi
As spotted by Marc Deslauriers, the patch was dropped again in the
5.1.4-0.4 reopening the issue. Looking at the source, the patch is not
applied to 5.1.4 upstream source.
Cc'ing Paolo four douple check/confirming.
Regards,
Salvatore
cka...@qa.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvor
cka...@qa.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvor
cka...@qa.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 893132
Description:
libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development
Files)
libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor"
Changes:
libvor
Source: libvorbisidec
Version: 1.0.2+svn18153-0.2
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for libvorbisidec.
CVE-2018-5147[0]:
out-of-bounds memory write
If you fix the vulnerability please also make sure to include the
CVE (Common
Jeremy,
On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote:
> On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso <car...@debian.org>
> wrote:
> > Is abiword upstream still active?
>
> Yes.
>
> https://bugzilla.abisource.com/
>
> Here's a g
Hi Jeremy,
On Sun, Mar 11, 2018 at 07:52:13AM -0400, Jeremy Bicha wrote:
> Control: reopen -1
> Control: tags -1 moreinfo
>
> On Thu, Dec 21, 2017 at 7:55 AM, Salvatore Bonaccorso <car...@debian.org>
> wrote:
> > Source: abiword
> > Version: 3.0.2-5
> &
Hi!
On Tue, Feb 27, 2018 at 12:34:58PM -0500, Rocky Bernstein wrote:
> In https://security-tracker.debian.org/tracker/CVE-2017-18201 it claims
> 0.83 is vulnerable, but I don't believe that this the case.
>
> I think that bug was introduced in version 0.92. There was a major change
> in 0.90 as
Source: libcdio
Version: 1.0.0-1
Severity: important
Tags: security upstream
Control: fixed -1 2.0.0-1
Hi,
the following vulnerability was published for libcdio.
CVE-2017-18201[0]:
| An issue was discovered in GNU libcdio before 2.0.0. There is a double
| free in get_cdtext_generic() in
Source: abiword
Version: 3.0.2-5
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for abiword.
CVE-2017-17529[0]:
| af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings
| before launching the program specified by the BROWSER environment
|
Control: severity -1 serious
Rationale: The package is currently without maintainer (QA
maintained) and has this open for several years. Thus either for
buster the issue is fixed or not included.
Alternatively, but has still high popcon, remove zoo from the archive?
Regards,
Salvatore
Control: clone -1 -2
Control: retitle -2 virglrenderer: CVE-2017-6386
Hi
There was an upload to unstable (0.6.0-1). Out of the CVEs one was not
yet fixed: CVE-2017-6386. Cloning to record that one separately.
Regards,
Salvatore
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/49
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12142[0]:
| In ytnef 1.9.2, an invalid memory read vulnerability was found in the
| function
Source: libytnef
Version: 1.9.2-2
Severity: normal
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/51
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12144[0]:
| In ytnef 1.9.2, an allocation failure was found in the function
| TNEFFillMapi in
Source: libytnef
Version: 1.9.2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Yeraze/ytnef/issues/50
Hi,
the following vulnerability was published for libytnef.
CVE-2017-12141[0]:
| In ytnef 1.9.2, a heap-based buffer overflow
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/42
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9473[0]:
| In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote
| attackers
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/37
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9470[0]:
| In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote
| attackers to
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/39
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9471[0]:
| In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote
| attackers to
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Yeraze/ytnef/issues/40
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9474[0]:
| In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote
| attackers
Source: libytnef
Version: 1.9.2-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Yeraze/ytnef/issues/41
Hi,
the following vulnerability was published for libytnef.
CVE-2017-9472[0]:
| In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote
| attackers to
Source: php-cas
Version: 1.3.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Jasig/phpCAS/issues/228
Hi,
the following vulnerability was published for php-cas.
CVE-2017-171[0]:
| Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass
| in the
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for virglrenderer.
CVE-2017-5580[0]:
OOB access while parsing texture instruction
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for virglrenderer.
CVE-2016-10163[0]:
host memory leakage when creating decode context
If you fix the vulnerability please also make sure to include the
CVE
Hi!
On Fri, Dec 09, 2016 at 09:01:57AM +0100, BERTRAND Joël wrote:
> Salvatore Bonaccorso a écrit :
> >Hi
> >
> >On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote:
> >>Package: sendmail
> >>Version: 8.15.2-7
> >>Severity: normal
&g
Hi
On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote:
> Package: sendmail
> Version: 8.15.2-7
> Severity: normal
>
> Dear Maintainer,
>
> I have upgraded sendmail/testing and now every 20 minutes, cron sends mail
> with
> following object :
>
> Cron test -x
Source: quagga
Version: 0.99.23.1-1
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for quagga.
CVE-2016-1245[0]:
zebra: stack overrun in IPv6 RA receive code
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: openslp-dfsg
Version: 1.2.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for openslp-dfsg.
CVE-2015-5155[0]:
Packet with crafted "nextoffset" and "extid" values causes DoS
If you fix the vulnerability please also make sure to include the
Source: libmimedir
Version: 0.5.1-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for libmimedir.
CVE-2015-3205[0]:
| libmimedir allows remote attackers to execute arbitrary code via a VCF
| file with two NULL bytes at the end of the file, related to free
Source: freeimage
Version: 3.15.1-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for freeimage.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash)
Control: retitle -1 ppmd: CVE-2015-1199: directory traversal
Hi,
This has been assigned CVE-2015-1199 by MITRE.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193
CVE-2015-1194)
Hi,
According to MITRE the following two CVEs were assigned for pax:
Use CVE-2015-1193 for the .. path traversal (CWE-22).
Use CVE-2015-1194 for the symlink following, which can allow access
Source: dhcpcd5
Version: 6.0.5-2
Severity: important
Justification: fails to build from source (but built successfully in the past)
Hi
dhcpcd5 build previously also on kfreebsd-amd64 and kfreebsd-i386 but
the last upload failed to build, which I have not further
investigated. Logs can be found:
Package: chrony
Severity: important
Hi,
the following vulnerabilities were published for chrony.
CVE-2012-4502[0]:
Buffer overflow when processing crafted command packets
CVE-2012-4503[1]:
Uninitialized data in command replies
Upstream commits fixing these issues are at [2] and [3]. See also
Control: tags -1 + unreproducible
Hi!
I tried to reproduce this FTBFS. Both with sbuild (wheezy and
unstable) and pbuilder chroots (wheezy and unstable, building twice in
a row).
I cannot reproduce this, in all cases the package builded fine.
Regards,
Salvatore
signature.asc
Description:
Hi
On Fri, Nov 18, 2011 at 02:45:08PM +0200, Niko Tyni wrote:
On Thu, Nov 17, 2011 at 09:40:26AM +0100, Julien Cristau wrote:
Package: libtokyocabinet-perl
Version: 1.34-1
Severity: serious
Justification: fails to build from source (but built successfully in the
past)
See the
Hi Erik
Many thanks for your updated translation. I integrate it after
deadline for submissions of debconf translations for esmtp.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Yuri
Many thanks for your updated translation. it will be integrated after
deadline for updating debconf translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Christian
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Martin
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Martin
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Hideki
Many thanks for the updated debconf translations for esmtp. I will add
them to an updated package after deadline for translation request.
Bests
Salvatore
signature.asc
Description: Digital signature
Hi Reuben
Can you please test if this still happens with the current version in
stable (0.6.0-1) or even in unstable (1.2-1)? I tried to reproduce
this, but sending an Email only with Bcc adresses worked here (MUA:
mutt).
Bests
Salvatore
signature.asc
Description: Digital signature
Hei Rueben
On Mon, Dec 28, 2009 at 04:21:45PM +, Reuben Thomas wrote:
I don't use esmtp any more, so I suggest that if it works for you
that's good enough. Looking back at the bug report, did you notice
that the problem was also with the Subject: header (or absence of
Subject header)?
# Automatically generated email from bts, devscripts version 2.10.35lenny7
# works here both with empty or set subject and only bcc field filled
tags 338488 + moreinfo unreproducible
notfound 338488 0.6.0-1
notfound 33488 1.2-1
--
To UNSUBSCRIBE, email to
93 matches
Mail list logo