ackage maintainer’s duty.
Original message follows:
-cutting here may damage your screen surface-
From: Thorsten Glaser <t.gla...@tarent.de>
Message-ID: <alpine.deb.2.20.1708251545580.2...@tglase.lan.tarent.de>
To: openssh-unix-...@mindrot.org
Date: Fri, 25 Aug 2017 15:57:47 +0
elog
--- cvs-1.12.13+real/debian/changelog
+++ cvs-1.12.13+real/debian/changelog
@@ -1,3 +1,9 @@
+cvs (2:1.12.13+real-22+deb9u1) stretch; urgency=high
+
+ * Fix CVE-2017-12836 (Closes: #871810)
+
+ -- Thorsten Glaser <t...@mirbsd.de> Sat, 12 Aug 2017 03:15:49 +0200
+
cvs (2:1.12.13+real-22)
Sébastien Delafond dixit:
>On Aug/11, Thorsten Glaser wrote:
>> For {,{,old}old}stable-security, this should suffice:
>> [...]
>
>Would you be able to produce debdiffs for jessie and stretch, so we can
>review them and give you the go-ahead to upload to security-master
tags 871810 + patch pending
thanks
Salvatore Bonaccorso dixit:
>Severity: grave
Probably not as severe, the attack vector seems minimal.
>[0] https://security-tracker.debian.org/tracker/CVE-2017-12836
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12836
>[1]
Package: rsync
Version: 3.1.2-2
Severity: serious
Tags: security upstream
Justification: security-relevant
Assume my home directory on 'remote' has no files matching '*4'.
Now run this:
remote$ touch ./-zT.mp4
local$ mkdir test
local$ cd test
local$ rsync -zavPH --numeric-ids -S --stats
Package: konqueror
Version: 4:15.08.3-1
Severity: grave
Tags: security
Justification: user security hole
See attached screenshot – konqueror does not error out when the
certificate is expired and even shows a green checkbox. (I may
or may not have ACK’d the certificate in an earlier session, I
On Tue, 15 Sep 2015, Salvatore Bonaccorso wrote:
> CVE-2015-6729[2]:
> | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki
> | before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows
> | remote attackers to inject arbitrary web script or HTML via the rel404
> |
On Tue, 15 Sep 2015, Salvatore Bonaccorso wrote:
> CVE-2015-6730[3]:
> | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki
> | before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows
> | remote attackers to inject arbitrary web script or HTML via the f
> |
Package: konqueror
Version: 4:15.04.3-1
Severity: grave
Tags: security
Justification: user security hole
I was just typing a geocaching log in a konqueror that popped up
when activating a link in a mail (to the cache listing) and noticed
small decimal digits scrolling by, one on a line, in the
Package: iceweasel
Version: 38.0.1-1
Severity: serious
Tags: security
Justification: security/privacy issue
The new version of iceweasel auto-disables the requestpolicy plugin.
To add insult to injury, it cannot be manually enabled, apparently
due to a version incompatibility.
This leads to page
Package: ifupdown
Version: 0.7.45
Severity: grave
Tags: security
Justification: user security hole
I’ve got a configuration snippet in /etc/network/interfaces (chmod 0600,
root-owned) on my work laptop like the following one:
iface tarent-lan inet dhcp
wireless-mode Managed
Package: aranym
Version: 0.9.14-2
Severity: grave
Tags: security
Justification: user security hole
When running the program whose source code follows below
the report, compiled with the following command:
gcc -Os -fno-asynchronous-unwind-tables \
-fno-stack-protector -static
On Mon, 3 Dec 2012, Moritz Muehlenhoff wrote:
Please see http://www.gossamer-threads.com/lists/wiki/mediawiki/316419
ACK, thanks, will have a look at updating it.
(Sorry for the delay, our UGS went down hard…)
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn •
13 matches
Mail list logo