Source: dmitry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2023-50120[0]:
| MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered
| to contain an infinite loop in the function av1_uvlc at
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-0321[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-48958[0]:
| gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
| gf_mpd_resolve_url media_tools/mpd.c:4589.
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-47384[0]:
| MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
| contain a memory leak in the function gf_isom_add_chapter at
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-46927[0]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in gf_isom_use_compact_size
|
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-42298[0]:
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to
| cause a denial of service via the Q_DecCoordOnUnitSphere
Source: yasm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for yasm.
CVE-2023-29579[0]:
| yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via
| the component yasm/yasm+0x43b466 in vsprintf.
Source: lua5.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lua5.1.
CVE-2021-43519[0]:
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4
| allows attackers to perform a Denial of Service via a
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Source: golang-github-go-macaron-csrf
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-go-macaron-csrf.
CVE-2018-25060[0]:
| A vulnerability was found in Macaron csrf and classified as
| problematic.
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file.
Am Wed, Aug 25, 2021 at 09:23:37PM +0200 schrieb Salvatore Bonaccorso:
> Source: plib
> Version: 1.8.5-8
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> Forwarded: https://sourceforge.net/p/plib/bugs/55/
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
Source: sendmail
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sendmail.
https://alpaca-attack.com/ affects sendmail. It was fixed in
the latest 3.16.1 release:
https://marc.info/?l=sendmail-announce=159394546814125=2
severity 972126 serious
thanks
On Mon, Oct 12, 2020 at 11:35:23PM +0100, Simon McVittie wrote:
> Package: libopendbx1-sqlite
> Version: 1.4.6-14
> Severity: important
> Tags: bullseye sid
> User: debian...@lists.debian.org
> Usertags: libsqlite0
> Control: block 607969 by -1
>
> libopendbx
Matthias Klose wrote:
> Package: src:ispell-lt
> Version: 1.2.1-8
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
>
On Sat, Aug 10, 2019 at 09:25:04AM +0200, Christoph Biedl wrote:
> Package: drdsl
> Severity: important
>
> hereby I declare my intent to request removal of the drdsl from Debian
> in unstable.
Please go ahead, no need to wait for the src:isdnutils removal, even.
Cheers,
Moritz
On Tue, Feb 05, 2019 at 11:18:01PM +0100, Johannes Schauer wrote:
> On Tue, 05 Feb 2019 23:12:03 +0100 Moritz Muehlenhoff wrote:
> > Should pdf2htmlex be removed? It's RC-buggy for over a year and upstream
> > development seems to have stopped:
> >
On Tue, Mar 05, 2019 at 06:46:51PM +0100, Roland Gruber wrote:
> About #923736 it seems the link is wrong. LDAP Account Manager depends
> on TCPDF.
So then you should formally adopt it and take care of all security issues
which affect it during the buster lifecycle.
Cheers,
Moritz
On Sat, Jul 15, 2017 at 09:06:41PM +0200, Salvatore Bonaccorso wrote:
> Source: php-cas
> Version: 1.3.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/Jasig/phpCAS/issues/228
>
> Hi,
>
> the following vulnerability was published for php-cas.
>
>
On Sun, May 27, 2018 at 10:54:06PM +0200, Gabriel Corona wrote:
> This seems correct with respect to injection through the URI:
> the URI string cannot be expanded into multiple arguments
> and is not passed to `system()`.
Agreed, this CVE seems like a non issue, the CVE entry at MITRE
also only
On Wed, Dec 26, 2018 at 01:17:26PM +0100, Stefan Bühler wrote:
> Hi,
>
> On 12/26/18 1:01 PM, Moritz Muehlenhoff wrote:
> > Source: lighttpd
> > Severity: normal
> >
> > Your package uses "libssl-dev | libssl1.0-dev" as a build dependency
> > on OpenSSL. openssl1.0 is scheduled for removal, the
On Thu, Dec 08, 2016 at 07:11:27PM +0100, Andreas Beckmann wrote:
> On 2016-12-08 16:46, Axel 'the C.L.A.' Müller wrote:
> > Seems to work fine - at least I'm not getting those mails anymore.
>
> I've now implemented a different way to aquire lockfiles for the
> cronjobs, let's hope that does
On Sat, Feb 14, 2015 at 03:41:21PM +0100, Luciano Bello wrote:
Package: nvi
Severity: important
Tags: security patch
The security team received a report from the CERT Coordination Center that
the
Henry Spencer regular expressions (regex) library contains a heap overflow
vulnerability.
On Tue, Aug 19, 2014 at 11:47:24PM +0200, Markus Koschany wrote:
On 19.08.2014 22:45, Moritz Mühlenhoff wrote:
[...]
Thanks for the additional investigation, shall I sponsor the upload for
you or do you have a regular sponsor?
Hi Moritz,
I wouldn't mind if you sponsored the upload
On Mon, Aug 18, 2014 at 06:10:52PM +0200, Markus Koschany wrote:
Control: tags -1 patch
I am not absolutely sure how libdevilc2 ended up with a dependency on
liblcms1 again because it already depends on liblcms2-dev but the most
probable explanation might be that liblcms1-dev was still
On Thu, Jun 05, 2014 at 12:08:34AM +0200, Andreas Beckmann wrote:
Control: fixed -1 8.14.4-6
On 2014-06-04 15:44, Moritz Muehlenhoff wrote:
Hi,
please see http://www.openwall.com/lists/oss-security/2014/06/03/1 for
details.
That's a trivial patch that I already cherry-picked from
On Sat, Oct 19, 2013 at 04:06:06PM +0200, Ansgar Burchardt wrote:
Package: chrony
Severity: serious
Version: 1.24-3+squeeze1
X-Debbugs-Cc: t...@security.debian.org, debian-rele...@lists.debian.org
The security update for chrony links against libreadline6 on
amd64. However chrony is
On Sat, Mar 17, 2012 at 12:30:51PM -0400, jari.aa...@cante.net wrote:
Package: xloadimage
Severity: wishlist
Tags: patch
Hi,
The dpatch patch management system has been deprecated for some time. The
Lintian currently flags use of dpatch packages as an error. The new 3.0
packaging format
On Tue, Aug 30, 2011 at 10:35:43PM -0500, Drew Scott Daniels wrote:
Hi,
You mentioned you were planning to adopt lgeneral after squeeze's release
and squeeze has been out for a couple of months now. I was just curious
about the status of this.
Hadn't had time for it and that won't change
On Fri, Sep 02, 2011 at 11:35:25PM +0200, Christoph Egger wrote:
Package: src:avifile
Version: 1:0.7.48~20090503.ds-5
Severity: serious
Tags: sid wheezy
Justification: fails to build from source (but built successfully in the past)
Hi!
Your package failed to build on the buildds:
On Wed, Aug 24, 2011 at 09:15:42PM +0200, Sylvestre Ledru wrote:
Source: avifile
Version: 1:0.7.48~20090503.ds-3
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110822 qa-ftbfs
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages
tags 638563 patch pending
thanks
On Fri, Aug 19, 2011 at 09:35:11PM +0200, Moritz Muehlenhoff wrote:
Package: kradio4
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
tags 638566 patch
thanks
On Fri, Aug 19, 2011 at 10:05:59PM +0200, Moritz Muehlenhoff wrote:
Package: avifile
Severity: important
Hi,
the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
(libav is a ffmpeg fork, to which Debian will switch, see
The patch.
diff -aur avifile-0.7.48~20090503.ds.orig/lib/aviread/FFReadHandler.cpp avifile-0.7.48~20090503.ds/lib/aviread/FFReadHandler.cpp
--- avifile-0.7.48~20090503.ds.orig/lib/aviread/FFReadHandler.cpp 2009-05-01 20:56:45.0 +0200
+++
36 matches
Mail list logo
