Bug#1065861: gpac: CVE-2024-22749

Source: gpac Version: 2.2.1+dfsg1-3.1 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/2713 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2024-22749[0]: | GPAC v2.3 was detected to

Bug#1061520: mathtex: CVE-2023-51885 CVE-2023-51886 CVE-2023-51887 CVE-2023-51888 CVE-2023-51889 CVE-2023-51890

Source: mathtex Version: 1.03-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for mathtex. CVE-2023-51885[0]: | Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a | remote

Bug#1060043: gpac: CVE-2023-46929

Source: gpac Version: 2.2.1+dfsg1-3 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/2662 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2023-46929[0]: | An issue discovered in GPAC

Bug#1059386: sendmail: CVE-2023-51765

Source: sendmail Version: 8.17.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for sendmail. CVE-2023-51765[0]: | sendmail through at least 8.14.7 allows SMTP smuggling in certain |

Bug#1055125: gpac: CVE-2023-5595

Source: gpac Version: 2.2.1+dfsg1-3 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/2633 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2023-5595[0]: | Denial of Service in GitHub

Bug#1055124: gpac: CVE-2023-5586

Source: gpac Version: 2.2.1+dfsg1-3 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/2632 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2023-5586[0]: | NULL Pointer Dereference in

Bug#1055122: gpac: CVE-2023-5377

Source: gpac Version: 2.2.1+dfsg1-3 Severity: important Tags: security upstream Forwarded: https://github.com/gpac/gpac/issues/2606 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2023-5377[0]: | Out-of-bounds Read in GitHub

Bug#1053240: bullseye-pu: package ghostscript/9.53.3~dfsg-7+deb11u6

=medium + + * Non-maintainer upload. + * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559) +(Closes: #1043033) + * IJS device - try and secure the IJS server startup (CVE-2023-43115) + + -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:24:57 +0200 + ghostscript (9.53.3~dfsg-7

Bug#1053239: bookworm-pu: package ghostscript/10.0.0~dfsg-11+deb12u2

=medium + + * Non-maintainer upload. + * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559) +(Closes: #1043033) + * IJS device - try and secure the IJS server startup (CVE-2023-43115) + + -- Salvatore Bonaccorso Fri, 29 Sep 2023 14:33:30 +0200 + ghostscript (10.0.0~dfsg-11

Bug#1053098: unadf 0.7.11a-5 calls system() with unsanitized input

Hi, On Wed, Sep 27, 2023 at 01:19:31PM +0300, Jani Nikula wrote: > Package: unadf > Version: 0.7.11a-5 > Severity: grave > Tags: security > Justification: user security hole > X-Debbugs-Cc: Debian Security Team > > Dear Maintainer, > > See upstream ADFLib commit 8e973d7b8945 ("Fix unsafe

Bug#1051955: gpac: CVE-2023-41000

Source: gpac Version: 2.2.1+dfsg1-3 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/gpac/gpac/issues/2550 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for gpac. CVE-2023-41000[0]: |

Re: Accepted ghostscript 10.02.0~dfsg-1 (source) into unstable

Source: ghostscript Source-Version: 10.02.0~dfsg-1 On Wed, Sep 13, 2023 at 09:21:09PM +, Debian FTP Masters wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Format: 1.8 > Date: Wed, 13 Sep 2023 20:18:16 +0200 > Source: ghostscript > Architecture: source > Version:

Bug#1051866: gpac: CVE-2023-0770 CVE-2023-0760 CVE-2023-0358 CVE-2023-23145 CVE-2023-23144 CVE-2023-23143 CVE-2022-4202 CVE-2022-45343 CVE-2022-45283 CVE-2022-45202 CVE-2022-43045 CVE-2022-43044 CVE-

Source: gpac Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi Some of the CVEs in #1033116 seems to not have been addressed (and in part were addressed in a DSA already). Here a fresh bug for the remaining ones.

Bug#1043033: ghostscript: CVE-2023-38559

Source: ghostscript Version: 10.01.2~dfsg-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897 X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 10.0.0~dfsg-11+deb12u1 Control: found -1 10.0.0~dfsg-11 Control: found -1

Bug#1036869: ghostscript: Needs commitment for Debian downstream maintenance

Source: ghostscript Version: 10.0.0~dfsg-11 Severity: serious Justification: commitment for maintenance X-Debbugs-Cc: car...@debian.org, t...@security.debian.org Hi ghostscript is orphaned and unter the Debian QA group. ghostscript beeing a package with recurring need of maintenance and in

Bug#1033757: ghostscript: CVE-2023-28879

Source: ghostscript Version: 10.0.0~dfsg-9 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706494 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for

Bug#1032575: a2ps: new upstream version available

Source: a2ps Version: 1:4.14-7 Severity: wishlist X-Debbugs-Cc: car...@debian.org Hi Not in time for the Debian bookworm release, but please package afterwards the new a2ps upstream version: https://lists.gnu.org/archive/html/info-gnu/2023-03/msg2.html Regards, Salvatore

Bug#1027355: src:libapreq2: Should not migrate to testing.

Hi, On Fri, Dec 30, 2022 at 05:32:49PM +0100, Tobias Frost wrote: > Source: libapreq2 > Severity: serious > Justification: possibly not suitable for a stable release > X-Debbugs-Cc: Debian Security Team , Salvatore > Bonaccorso > Control: affects -1 lua-apr > Contro

Bug#1027269: RM: cakephp -- RoQA; 2.x branch unmaintained upstream, QA maintained, has security issues

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: cake...@packages.debian.org, t...@security.debian.org, car...@debian.org Control: affects -1 + src:cakephp Hi cakephp has no reverse dependencies, and the currently QA maintained

Bug#1025710: bullseye-pu: package awstats/7.8-2+deb11u1

scripting (CVE-2022-46391) (Closes: #1025410) + + -- Salvatore Bonaccorso Wed, 07 Dec 2022 21:47:25 +0100 + awstats (7.8-2) unstable; urgency=high * QA upload. diff -Nru awstats-7.8/debian/patches/fix-cross-site-scripting.patch awstats-7.8/debian/patches/fix-cross-site-scripting.patch

Bug#1025410: awstats: CVE-2022-46391: XSS due to printing response from Net::XWhois without proper checks

Source: awstats Version: 7.8-2 Severity: important Tags: security upstream Forwarded: https://github.com/eldy/AWStats/pull/226 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for awstats. CVE-2022-46391[0]: | AWStats 7.x through 7.8 allows

Bug#1006337: Relaxed fix in expat for CVE-2022-25236 released

Hi all, An update for expat (landed in unstable earlier) and now as DSA 5085-2 for buster and bullseye as well is released which relaxes the fix for CVE-2022-25236 with regard to RFC 3986 URI characters. So there is no immediate action for updating the affected packages from regressions ins

Bug#992973: plib: CVE-2021-38714

Source: plib Version: 1.8.5-8 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://sourceforge.net/p/plib/bugs/55/ X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for plib. CVE-2021-38714[0]: | In Plib

Bug#986923: jhead: CVE-2021-3496

Source: jhead Version: 1:3.04-5 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/Matthias-Wandel/jhead/issues/33 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for jhead.

Bug#986214: ircii: CVE-2021-29376

Source: ircii Version: 20190117-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: clone -1 -2 Control: reassign -2 src:scrollz 2.2.3-1 Control: retitle -2 scrollz: CVE-2021-29376 The following vulnerability was published for ircii.

Bug#951770: libpam-radius-auth: do not release in bullseye without active maintainer

Hi Carsten, hi Christoph, On Thu, Jan 28, 2021 at 05:15:46PM +0100, Carsten Schoenert wrote: > retitle -1 ITA: picking up maintenance of libpam-radius-auth > > Hello Salvatore, > > Am Fri, Feb 21, 2020 at 03:03:12PM +0100 schrieb Salvatore Bonaccorso: > > Source: libpam-ra

Bug#977190: awstats: CVE-2020-35176

Control: severity -1 serious On Sat, Dec 12, 2020 at 10:18:21AM +0100, Salvatore Bonaccorso wrote: > Source: awstats > Version: 7.8-1 > Severity: important > Tags: security upstream > Forwarded: https://github.com/eldy/awstats/issues/195 > X-Debbugs-Cc: car...@debian.org, De

Bug#904113: CVE-2018-11489

Control: reopen -1 On Thu, Jul 19, 2018 at 11:37:29PM +0200, Moritz Muehlenhoff wrote: > Source: giflib > Severity: important > Tags: security > > https://sourceforge.net/p/giflib/bugs/112/ Looks the wrong bug was closed here? CVE-2018-11490 was sf#113, while this one is CVE-2018-11489, sf#112,

Bug#977190: awstats: CVE-2020-35176

Source: awstats Version: 7.8-1 Severity: important Tags: security upstream Forwarded: https://github.com/eldy/awstats/issues/195 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for awstats, which is a followup to CVE-2020-29600 (incomplete fix

Re: Debian Buster package Ekg2 - sexual related content

Hi Baptiste, On Tue, Aug 18, 2020 at 06:49:47PM +0200, Baptiste DETUNE wrote: > Hi guys, > > Under Debian Buster, the link to visit the project page related to ekg2 > package pointing on http://ekg2.org is wrong and must be censored because > of sexual content. While I do agree the wrong

Bug#967956: golang-github-unknwon-cae: CVE-2020-7668

Source: golang-github-unknwon-cae Version: 0.0~git20160715.0.c6aac99-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for golang-github-unknwon-cae. CVE-2020-7668[0]:

Bug#967955: golang-github-unknwon-cae: CVE-2020-7664

Source: golang-github-unknwon-cae Version: 0.0~git20160715.0.c6aac99-4 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for golang-github-unknwon-cae. CVE-2020-7664[0]:

Bug#960326: json-c: CVE-2020-12762

Hi, On Fri, May 15, 2020 at 10:19:42PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote: > > Source: json-c > > Version: 0.13.1+dfsg-7 > > Severity: important > > Tags: security upstream > &g

Bug#960326: json-c: CVE-2020-12762

Hi, On Mon, May 11, 2020 at 09:55:12PM +0200, Salvatore Bonaccorso wrote: > Source: json-c > Version: 0.13.1+dfsg-7 > Severity: important > Tags: security upstream > Forwarded: https://github.com/json-c/json-c/pull/592 > > Hi, > > The following vulnerability was pub

Bug#960326: json-c: CVE-2020-12762

Source: json-c Version: 0.13.1+dfsg-7 Severity: important Tags: security upstream Forwarded: https://github.com/json-c/json-c/pull/592 Hi, The following vulnerability was published for json-c. CVE-2020-12762[0]: | json-c through 0.14 has an integer overflow and out-of-bounds write | via a large

Bug#951770: libpam-radius-auth: do not release in bullseye without active maintainer

Source: libpam-radius-auth Version: 1.4.0-3 Severity: serious Justification: should not be released in bullseye without active maintainer libpam-radius-auth has been orphaned in Debian since several years and QA maintained. It did had at least the CVE-2015-9542 security issue. There are no

Bug#951396: libpam-radius-auth: CVE-2015-9542

Hi, FTR, whilst one can argue the issue is not that severe to warrant a RC severity, I'm raising it here since libpam-radius-auth is orphaned now since some years. If there is still interest in this pam module it likely needs a maintainer otherwise we should not release bullseye with

Bug#951396: libpam-radius-auth: CVE-2015-9542

Source: libpam-radius-auth Version: 1.4.0-2 Severity: important Tags: security upstream Hi, The following vulnerability was published for libpam-radius-auth. CVE-2015-9542[0]: |buffer overflow in password field If you fix the vulnerability please also make sure to include the CVE (Common

Bug#947113: lout: CVE-2019-19917 CVE-2019-19918

Source: lout Version: 3.39-3 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for lout. CVE-2019-19917[0]: | Lout 3.40 has a buffer overflow in the StringQuotedWord() function in | z39.c. CVE-2019-19918[1]: | Lout 3.40

Bug#939916: clfow: CVE-2019-16166

Source: cflow Version: 1:1.6-4 Severity: important Tags: security upstream Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg0.html Control: found -1 1:1.6-1 Hi, The following vulnerability was published for cflow. CVE-2019-16166[0]: | GNU cflow through 1.6 has a heap-based

Bug#939915: clfow: CVE-2019-16165

Source: cflow Version: 1:1.6-4 Severity: important Tags: security upstream Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg1.html Control: found -1 1:1.6-1 Hi, The following vulnerability was published for cflow. CVE-2019-16165[0]: | GNU cflow through 1.6 has a

Bug#932556: zipios++: CVE-2019-13453

Source: zipios++ Version: 0.1.5.9+cvs.2007.04.28-10 Severity: important Tags: security upstream Control: found -1 0.1.5.9+cvs.2007.04.28-6 Hi, The following vulnerability was published for zipios++. CVE-2019-13453[0]: | Zipios before 0.1.7 does not properly handle certain malformed zip |

Bug#926885: lighttpd: CVE-2019-11072

Source: lighttpd Version: 1.4.53-3 Severity: grave Tags: security upstream Forwarded: https://redmine.lighttpd.net/issues/2945 Hi, The following vulnerability was published for lighttpd. CVE-2019-11072[0]: | lighttpd before 1.4.54 has a signed integer overflow, which might | allow remote

Bug#884923: abiword: CVE-2017-17529

Hi Jeremy, On Mon, Mar 12, 2018 at 10:07:05PM +0100, Salvatore Bonaccorso wrote: > Jeremy, > > On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote: > > On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso > > wrote: > > > Is abiword upstream still active

Bug#915286: tcpdf: (possibly) unfit for buster release

Source: tcpdf Version: 6.2.13+dfsg-1 Severity: serious Justification: unfit for buster release Hi I'm raising this bug at RC severity for the following concerns: tcpdf lacks several new upstream versions behind, is QA maintained after the former maintainer orphaned it (he was maintaining it due

Bug#913528: lighttpd: CVE-2018-19052

Source: lighttpd Version: 1.4.49-1.1 Severity: important Tags: security upstream Control: found -1 1.4.45-1 Hi, The following vulnerability was published for lighttpd. CVE-2018-19052[0]: | An issue was discovered in mod_alias_physical_handler in mod_alias.c in | lighttpd before 1.4.50. There is

Bug#912947: autofs: new upstream version (5.1.5) available

Source: autofs Severity: wishlist Hi There was a new autofs version released (5.1.5) upstream, could it be packaged for Debian? Regards, Salvatore

Bug#908866: tcpdf: CVE-2018-17057

Source: tcpdf Version: 6.2.13+dfsg-1 Severity: grave Tags: patch security upstream Hi, The following vulnerability was published for tcpdf. CVE-2018-17057[0]: | An issue was discovered in TCPDF before 6.2.22. Attackers can trigger | deserialization of arbitrary data via the phar:// wrapper. If

Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow

Hi I re-uploaded a version adding the patch. Regards, Salvatore

Bug#820526: giflib: CVE-2016-3977: gif2rgb: heap buffer overflow

Hi As spotted by Marc Deslauriers, the patch was dropped again in the 5.1.4-0.4 reopening the issue. Looking at the source, the patch is not applied to 5.1.4 upstream source. Cc'ing Paolo four douple check/confirming. Regards, Salvatore

Accepted libvorbisidec 1.0.2+svn18153-1~deb8u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

cka...@qa.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 893132 Description: libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development Files) libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor" Changes: libvor

Accepted libvorbisidec 1.0.2+svn18153-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates

cka...@qa.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 893132 Description: libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development Files) libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor" Changes: libvor

Accepted libvorbisidec 1.0.2+svn18153-1~deb8u2 (source) into oldstable->embargoed, oldstable

cka...@qa.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 893132 Description: libvorbisidec-dev - Integer-only Ogg Vorbis decoder, AKA "tremor" (Development Files) libvorbisidec1 - Integer-only Ogg Vorbis decoder, AKA "tremor" Changes: libvor

Bug#893132: libvorbisidec: CVE-2018-5147: out-of-bounds memory write

Source: libvorbisidec Version: 1.0.2+svn18153-0.2 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for libvorbisidec. CVE-2018-5147[0]: out-of-bounds memory write If you fix the vulnerability please also make sure to include the CVE (Common

Bug#884923: abiword: CVE-2017-17529

Jeremy, On Sun, Mar 11, 2018 at 08:45:42AM -0400, Jeremy Bicha wrote: > On Sun, Mar 11, 2018 at 8:40 AM, Salvatore Bonaccorso <car...@debian.org> > wrote: > > Is abiword upstream still active? > > Yes. > > https://bugzilla.abisource.com/ > > Here's a g

Bug#884923: abiword: CVE-2017-17529

Hi Jeremy, On Sun, Mar 11, 2018 at 07:52:13AM -0400, Jeremy Bicha wrote: > Control: reopen -1 > Control: tags -1 moreinfo > > On Thu, Dec 21, 2017 at 7:55 AM, Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: abiword > > Version: 3.0.2-5 > &

Bug#891638: libcdio: CVE-2017-18201: double free inget_cdtext_generic() in lib/driver/_cdio_generic.c.

Hi! On Tue, Feb 27, 2018 at 12:34:58PM -0500, Rocky Bernstein wrote: > In https://security-tracker.debian.org/tracker/CVE-2017-18201 it claims > 0.83 is vulnerable, but I don't believe that this the case. > > I think that bug was introduced in version 0.92. There was a major change > in 0.90 as

Bug#891638: libcdio: CVE-2017-18201: double free inget_cdtext_generic() in lib/driver/_cdio_generic.c.

Source: libcdio Version: 1.0.0-1 Severity: important Tags: security upstream Control: fixed -1 2.0.0-1 Hi, the following vulnerability was published for libcdio. CVE-2017-18201[0]: | An issue was discovered in GNU libcdio before 2.0.0. There is a double | free in get_cdtext_generic() in

Bug#884923: abiword: CVE-2017-17529

Source: abiword Version: 3.0.2-5 Severity: normal Tags: security upstream Hi, the following vulnerability was published for abiword. CVE-2017-17529[0]: | af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings | before launching the program specified by the BROWSER environment |

Bug#774453: zoo: directory traversal

Control: severity -1 serious Rationale: The package is currently without maintainer (QA maintained) and has this open for several years. Thus either for buster the issue is fixed or not included. Alternatively, but has still high popcon, remove zoo from the archive? Regards, Salvatore

Bug#858255: Multiple security issues

Control: clone -1 -2 Control: retitle -2 virglrenderer: CVE-2017-6386 Hi There was an upload to unstable (0.6.0-1). Out of the CVEs one was not yet fixed: CVE-2017-6386. Cloning to record that one separately. Regards, Salvatore

Bug#870816: libytnef: CVE-2017-12142: SEGV in ytnef.c in SwapDWord

Source: libytnef Version: 1.9.2-2 Severity: important Tags: upstream security Forwarded: https://github.com/Yeraze/ytnef/issues/49 Hi, the following vulnerability was published for libytnef. CVE-2017-12142[0]: | In ytnef 1.9.2, an invalid memory read vulnerability was found in the | function

Bug#870817: libytnef: CVE-2017-12144

Source: libytnef Version: 1.9.2-2 Severity: normal Tags: security upstream Forwarded: https://github.com/Yeraze/ytnef/issues/51 Hi, the following vulnerability was published for libytnef. CVE-2017-12144[0]: | In ytnef 1.9.2, an allocation failure was found in the function | TNEFFillMapi in

Bug#870815: libytnef: CVE-2017-12141: heap-buffer-overflow

Source: libytnef Version: 1.9.2-2 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/Yeraze/ytnef/issues/50 Hi, the following vulnerability was published for libytnef. CVE-2017-12141[0]: | In ytnef 1.9.2, a heap-based buffer overflow

Bug#870197: libytnef: CVE-2017-9473: memory allocation failure in TNEFFillMapi

Source: libytnef Version: 1.9.2-2 Severity: important Tags: security upstream Forwarded: https://github.com/Yeraze/ytnef/issues/42 Hi, the following vulnerability was published for libytnef. CVE-2017-9473[0]: | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote | attackers

Bug#870196: libytnef: CVE-2017-9470: NULL pointer dereference in MAPIPrint

Source: libytnef Version: 1.9.2-2 Severity: important Tags: upstream security Forwarded: https://github.com/Yeraze/ytnef/issues/37 Hi, the following vulnerability was published for libytnef. CVE-2017-9470[0]: | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote | attackers to

Bug#870194: libytnef: CVE-2017-9471: heap-based-buffer overflow in SwapWord

Source: libytnef Version: 1.9.2-2 Severity: important Tags: security upstream Forwarded: https://github.com/Yeraze/ytnef/issues/39 Hi, the following vulnerability was published for libytnef. CVE-2017-9471[0]: | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote | attackers to

Bug#870192: libytnef: CVE-2017-9474: heap-based buffer overflow in DecompressRTF

Source: libytnef Version: 1.9.2-2 Severity: important Tags: upstream security Forwarded: https://github.com/Yeraze/ytnef/issues/40 Hi, the following vulnerability was published for libytnef. CVE-2017-9474[0]: | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote | attackers

Bug#870193: libytnef: CVE-2017-9472: heap-based buffer overflow in SwapDWord

Source: libytnef Version: 1.9.2-2 Severity: important Tags: security upstream Forwarded: https://github.com/Yeraze/ytnef/issues/41 Hi, the following vulnerability was published for libytnef. CVE-2017-9472[0]: | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote | attackers to

Bug#868466: php-cas: CVE-2017-1000071

Source: php-cas Version: 1.3.3-1 Severity: important Tags: security upstream Forwarded: https://github.com/Jasig/phpCAS/issues/228 Hi, the following vulnerability was published for php-cas. CVE-2017-171[0]: | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass | in the

Bug#852604: virglrenderer: CVE-2017-5580

Source: virglrenderer Version: 0.5.0-1 Severity: important Tags: upstream security Hi, the following vulnerability was published for virglrenderer. CVE-2017-5580[0]: OOB access while parsing texture instruction If you fix the vulnerability please also make sure to include the CVE (Common

Bug#852603: virglrenderer: CVE-2016-10163

Source: virglrenderer Version: 0.5.0-1 Severity: important Tags: upstream security patch Hi, the following vulnerability was published for virglrenderer. CVE-2016-10163[0]: host memory leakage when creating decode context If you fix the vulnerability please also make sure to include the CVE

Bug#847498: sendmail: Cron sends mail every 20 minutes

Hi! On Fri, Dec 09, 2016 at 09:01:57AM +0100, BERTRAND Joël wrote: > Salvatore Bonaccorso a écrit : > >Hi > > > >On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote: > >>Package: sendmail > >>Version: 8.15.2-7 > >>Severity: normal &g

Bug#847498: sendmail: Cron sends mail every 20 minutes

Hi On Thu, Dec 08, 2016 at 08:33:24PM +0100, BERTRAND Joël wrote: > Package: sendmail > Version: 8.15.2-7 > Severity: normal > > Dear Maintainer, > > I have upgraded sendmail/testing and now every 20 minutes, cron sends mail > with > following object : > > Cron test -x

Bug#841162: quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code

Source: quagga Version: 0.99.23.1-1 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for quagga. CVE-2016-1245[0]: zebra: stack overrun in IPv6 RA receive code If you fix the vulnerability please also make sure to include the CVE (Common

Bug#799456: openslp-dfsg: CVE-2015-5155: Packet with crafted "nextoffset" and "extid" values causes DoS

Source: openslp-dfsg Version: 1.2.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for openslp-dfsg. CVE-2015-5155[0]: Packet with crafted "nextoffset" and "extid" values causes DoS If you fix the vulnerability please also make sure to include the

Bug#789197: libmimedir: CVE-2015-3205

Source: libmimedir Version: 0.5.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmimedir. CVE-2015-3205[0]: | libmimedir allows remote attackers to execute arbitrary code via a VCF | file with two NULL bytes at the end of the file, related to free

Bug#786790: freeimage: CVE-2015-3885: input sanitization flaw leading to buffer overflow

Source: freeimage Version: 3.15.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for freeimage. CVE-2015-3885[0]: | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier | allows remote attackers to cause a denial of service (crash)

Bug#775218: ppmd: directory traversal vulnerability

Control: retitle -1 ppmd: CVE-2015-1199: directory traversal Hi, This has been assigned CVE-2015-1199 by MITRE. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive:

Bug#774716: paxtar: directory traversal vulnerabilities

Control: retitle -1 paxtar: directory traversal vulnerabilities (CVE-2015-1193 CVE-2015-1194) Hi, According to MITRE the following two CVEs were assigned for pax: Use CVE-2015-1193 for the .. path traversal (CWE-22). Use CVE-2015-1194 for the symlink following, which can allow access

Bug#770464: dhcpcd5: FTBFS on kfreebsd-{amd64,i386}

Source: dhcpcd5 Version: 6.0.5-2 Severity: important Justification: fails to build from source (but built successfully in the past) Hi dhcpcd5 build previously also on kfreebsd-amd64 and kfreebsd-i386 but the last upload failed to build, which I have not further investigated. Logs can be found:

Bug#719203: chrony: CVE-2012-4502 and CVE-2012-4503

Package: chrony Severity: important Hi, the following vulnerabilities were published for chrony. CVE-2012-4502[0]: Buffer overflow when processing crafted command packets CVE-2012-4503[1]: Uninitialized data in command replies Upstream commits fixing these issues are at [2] and [3]. See also

Bug#687455: FTBFS: yudit/2.8.1-4

Control: tags -1 + unreproducible Hi! I tried to reproduce this FTBFS. Both with sbuild (wheezy and unstable) and pbuilder chroots (wheezy and unstable, building twice in a row). I cannot reproduce this, in all cases the package builded fine. Regards, Salvatore signature.asc Description:

Re: Bug#649060: libtokyocabinet-perl: FTBFS on mipsel

Hi On Fri, Nov 18, 2011 at 02:45:08PM +0200, Niko Tyni wrote: On Thu, Nov 17, 2011 at 09:40:26AM +0100, Julien Cristau wrote: Package: libtokyocabinet-perl Version: 1.34-1 Severity: serious Justification: fails to build from source (but built successfully in the past) See the

Bug#563582: [INTL:de] German translation for esmtp (debconf)

Hi Erik Many thanks for your updated translation. I integrate it after deadline for submissions of debconf translations for esmtp. Bests Salvatore signature.asc Description: Digital signature

Bug#563349: esmtp: [INTL:ru] Russian debconf templates translation update

Hi Yuri Many thanks for your updated translation. it will be integrated after deadline for updating debconf translation request. Bests Salvatore signature.asc Description: Digital signature

Bug#562914: esmtp: [INTL:fr] French debconf templates translation update

Hi Christian Many thanks for the updated debconf translations for esmtp. I will add them to an updated package after deadline for translation request. Bests Salvatore signature.asc Description: Digital signature

Bug#562909: [l10n] Czech translation for esmtp

Hi Martin Many thanks for the updated debconf translations for esmtp. I will add them to an updated package after deadline for translation request. Bests Salvatore signature.asc Description: Digital signature

Bug#562885: [INTL:sv] Swedish strings for esmtp debconf

Hi Martin Many thanks for the updated debconf translations for esmtp. I will add them to an updated package after deadline for translation request. Bests Salvatore signature.asc Description: Digital signature

Bug#562950: esmtp: [INTL:ja] Update po-debconf template translation (ja.po)

Hi Hideki Many thanks for the updated debconf translations for esmtp. I will add them to an updated package after deadline for translation request. Bests Salvatore signature.asc Description: Digital signature

Bug#338488: Bcc-only appears to fail

Hi Reuben Can you please test if this still happens with the current version in stable (0.6.0-1) or even in unstable (1.2-1)? I tried to reproduce this, but sending an Email only with Bcc adresses worked here (MUA: mutt). Bests Salvatore signature.asc Description: Digital signature

Bug#338488: Bcc-only appears to fail

Hei Rueben On Mon, Dec 28, 2009 at 04:21:45PM +, Reuben Thomas wrote: I don't use esmtp any more, so I suggest that if it works for you that's good enough. Looking back at the bug report, did you notice that the problem was also with the Subject: header (or absence of Subject header)?

Bug#338488: tagging 338488, notfound 338488 in 0.6.0-1, notfound 33488 in 1.2-1

# Automatically generated email from bts, devscripts version 2.10.35lenny7 # works here both with empty or set subject and only bcc field filled tags 338488 + moreinfo unreproducible notfound 338488 0.6.0-1 notfound 33488 1.2-1 -- To UNSUBSCRIBE, email to