Bug#893431: libevt: CVE-2018-8754

Source: libevt Version: 20170120-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for libevt. CVE-2018-8754[0]: | The libevt_record_values_read_event() function in | libevt_record_values.c in libevt before 2018-03-17 does not properly | check for

Bug#892599: afflib: CVE-2018-8050

Source: afflib Version: 3.7.5-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for afflib. CVE-2018-8050[0]: | The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka | AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial

Bug#873726: sleuthkit: CVE-2017-13755

Source: sleuthkit Version: 4.4.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/sleuthkit/sleuthkit/issues/913 Hi, the following vulnerability was published for sleuthkit. CVE-2017-13755[0]: | In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image |

Bug#873725: sleuthkit: CVE-2017-13756

Source: sleuthkit Version: 4.4.2-1 Severity: important Tags: upstream security Forwarded: https://github.com/sleuthkit/sleuthkit/issues/914 Hi, the following vulnerability was published for sleuthkit. CVE-2017-13756[0]: | In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers |

Bug#873724: sleuthkit: CVE-2017-13760

Source: sleuthkit Version: 4.4.2-1 Severity: important Tags: security upstream Forwarded: https://github.com/sleuthkit/sleuthkit/issues/906 Hi, the following vulnerability was published for sleuthkit. CVE-2017-13760[0]: | In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in |

Bug#869760: Update of rkhunter fails

Hi Karsten, (Not the maintainer here) On Wed, Jul 26, 2017 at 10:19:56AM +0200, Karsten wrote: > Package: rkhunter > Version: 1.4.2-6+deb9u1 > Severity: important > > Hello, > > i can run rkhunter but any update of it fails. > > > rkhunter --update > Invalid WEB_CMD configuration option:

Bug#866677: rkhunter: CVE-2017-7480: File download via http might lead to RCE

Source: rkhunter Version: 1.4.2-0.4 Severity: grave Tags: upstream security Hi, the following vulnerability was published for rkhunter (somehow releated will be at least #765895) CVE-2017-7480[0]: File download via http might lead to RCE If you fix the vulnerability please also make sure to

Bug#863842: CVE-2017-9304

Source: yara Source-Version: 3.6.1+dfsg-1 On Wed, May 31, 2017 at 10:27:41PM +0200, Moritz Muehlenhoff wrote: > Source: yara > Severity: important > Tags: security > > Please see > https://github.com/VirusTotal/yara/issues/674 >

Bug#865782: yara: CVE-2017-9465

Control: forcemerge 864517 865782 Sorry for the noise, this was already reported as #864517 and seem to have missend the bug reference. Forcemerging with 864517. Regards, Salvatore ___ forensics-devel mailing list

Bug#864518: CVE-2017-9438

Source: yara Source-Version: 3.6.1+dfsg-1 On Fri, Jun 09, 2017 at 09:25:28PM +0200, Moritz Muehlenhoff wrote: > Source: yara > Severity: important > Tags: security > > Please see: > https://github.com/VirusTotal/yara/issues/674 > Fixed by: >

Bug#865782: yara: CVE-2017-9465

Source: yara Version: 3.6.1+dfsg-1 Severity: important Tags: upstream security patch Forwarded: https://github.com/VirusTotal/yara/issues/678 Hi, the following vulnerability was published for yara. CVE-2017-9465[0]: | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers | to

Bug#861590: yara: CVE-2017-8294: denial of service via a crafted rule (yr_re_exec function)

Source: yara Version: 3.5.0+dfsg-9 Severity: important Tags: patch security upstream Forwarded: https://github.com/VirusTotal/yara/issues/646 Hi, the following vulnerability was published for yara. CVE-2017-8294[0]: | libyara/re.c in the regex component in YARA 3.5.0 allows remote | attackers

Bug#694368: libfuzzy{2, -dev}: missing Breaks+Replaces: ssdeep ( 2.6)

Source: ssdeep Source-Version: 2.7-2 Hi Christophe On Thu, Dec 06, 2012 at 03:08:03PM +0100, Christophe Monniez wrote: the fix was just uploaded. Thanks! Do we need a release excpetion for this to be accepeted ? Just fill a bug for pseudopackage release.debian.org for a unblock request.

Bug#694368: libfuzzy{2, -dev}: missing Breaks+Replaces: ssdeep ( 2.6)

Hi Christophe I was looking at current RC bugs for wheezy and noticed #694368. I saw that you already commited the changes to git[1] however also including a new upstream version afterwards. [1]:

Bug#667360: rsakeyfind: diff for NMU version 1:1.0-2.1

for the patch. (Closes: #667360) + + -- Salvatore Bonaccorso car...@debian.org Tue, 15 May 2012 20:47:52 +0200 + rsakeyfind (1:1.0-2) unstable; urgency=low * Team upload. diff -Nru rsakeyfind-1.0/debian/patches/002_gcc_4.7.diff rsakeyfind-1.0/debian/patches/002_gcc_4.7.diff --- rsakeyfind-1.0

Bug#628357: tct: possible patch to solve FTBFS

to adapt check for perl 5 +(Closes: #628357). + * Covert to '3.0 (quilt)' source package format and drop quilt framework +from debian/control and debian/rules. + + -- Salvatore Bonaccorso car...@debian.org Wed, 15 Jun 2011 21:29:36 +0200 + tct (1.19-1) unstable; urgency=low * Merging