Source: tigervnc
Version: 1.7.0+dfsg-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://github.com/TigerVNC/tigervnc/pull/399
Hi
Cf. http://www.openwall.com/lists/oss-security/2017/01/22/1 where as
well a CVE was requested for this issue.
Upstrea
Source: qemu
Version: 1:2.8+dfsg-1
Severity: normal
Tags: patch security upstream
Hi,
the following vulnerability was published for qemu.
CVE-2016-10155[0]:
|watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb;
|CVE for the memory consumption issue, not an information disclosure
|
Source: hexchat
Version: 2.10.1-1
Severity: important
Tags: security
Hi,
the following vulnerability was published for hexchat. Opening a bug
to have a BTS reference.
CVE-2016-2087[0]:
| Directory traversal vulnerability in the client in HexChat 2.11.0
| allows remote IRC servers to read or modi
Source: libplist
Version: 1.11-3
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://github.com/libimobiledevice/libplist/issues/87
Hi,
the following vulnerability was published for libplist.
CVE-2017-5545[0]:
| The main function in plistutil.c in libimobiledevice
Source: quagga
Version: 0.99.22.4-1
Severity: important
Tags: patch security upstream fixed-upstream
Hi,
the following vulnerability was published for quagga.
CVE-2017-5495[0]:
Telnet interface input buffer allocates unbounded amounts of memory
If you fix the vulnerability please also make sure
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for virglrenderer.
CVE-2016-10163[0]:
host memory leakage when creating decode context
If you fix the vulnerability please also make sure to include the
CVE (Co
Source: virglrenderer
Version: 0.5.0-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for virglrenderer.
CVE-2017-5580[0]:
OOB access while parsing texture instruction
If you fix the vulnerability please also make sure to include the
CVE (Common Vulner
Source: lcms2
Version: 2.6-3
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for lcms2.
CVE-2016-10165[0]:
heap OOB read parsing crafted ICC profile
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Ex
Source: python-oslo.middleware
Version: 3.19.0-2
Severity: grave
Tags: security patch upstream
Forwarded: https://launchpad.net/bugs/1628031
Hi,
the following vulnerability was published for python-oslo.middleware.
CVE-2017-2592[0]:
CatchErrors leaks sensitive values in oslo.middleware
If you f
Source: wordpress
Version: 4.7.1+dfsg-1
Severity: grave
Tags: security upstream fixed-upstream
Hi
A new wordpress release was announced, marked as security release.
Cf. http://www.openwall.com/lists/oss-security/2017/01/27/2 for the
CVE request for the three issues.
Regards,
Salvatore
Source: s-nail
Version: 14.8.14-3
Severity: grave
Tags: upstream security fixed-upstream
Hi
See http://www.openwall.com/lists/oss-security/2017/01/27/7 for
details.
https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
Commits:
https://git.sdaoden.eu/cgit/s-nail.git/c
Source: qemu
Version: 1:2.8+dfsg-1
Severity: normal
Tags: patch upstream security
Hi,
the following vulnerability was published for qemu.
CVE-2017-5579[0]:
serial: host memory leakage in 16550A UART emulation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerab
Source: qemu
Version: 1:2.8+dfsg-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for qemu.
Rationale: I'm raising the issue for now as grave severity, since a
privileged user inside guest could use this flaw to access host file
system beyond the shared fol
Source: ruby-minitar
Version: 0.5.4-3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/halostatue/minitar/issues/16
Hi,
the following vulnerability was published for ruby-minitar.
CVE-2016-10173[0]:
directory traversal vulnerability
There is an upstream bug for it at
Source: wavpack
Version: 5.0.0-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerabilities were published for wavpack.
CVE-2016-10169[0]:
global buffer overread in read_code / read_words.c
CVE-2016-10170[1]:
heap out of bounds read in WriteCaffHeader / c
Source: svgsalamander
Version: 1.1.1+dfsg-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/blackears/svgSalamander/issues/11
Hi,
the following vulnerability was published for svgsalamander.
CVE-2017-5617[0]:
SSRF issue
If you fix the vulnerability please also make sur
Source: libarchive
Version: 3.2.1-5
Severity: grave
Tags: upstream security patch
Justification: user security hole
Hi,
the following vulnerability was published for libarchive.
CVE-2017-5601[0]:
| An error in the lha_read_file_header_1() function
| (archive_read_support_format_lha.c) in libarch
Package: bitlbee
Version: --src
Severity: important
Tags: upstream security patch
Hi
The fix applied for upstream bug https://bugs.bitlbee.org/ticket/1282
was incomplete and resulted in the followup:
https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
Details in:
Source: libquicktime
Version: 2:1.2.4-7
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libquicktime.
CVE-2016-2399[0]:
| Integer overflow in the quicktime_read_pascal function in libquicktime
| 1.2.4 and earlier allows remote attackers to cause a de
Source: irssi
Version: 1.0.0-1
Severity: normal
Tags: patch upstream security
Hi
See http://www.openwall.com/lists/oss-security/2017/02/05/8 for
details an the patch reference (no CVE is assigned). AFAIC sasl.c is
compiled, thus filling the bug since at least affected sourcewise.
The second issu
Source: qemu
Version: 1:2.8+dfsg-2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2017-5987[0]:
sd: infinite loop issue in multi block transfers
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabi
Source: kodi
Severity: important
Tags: upstream security
Forwarded: http://trac.kodi.tv/ticket/17314
Hi,
the following vulnerability was published for kodi. I did not had the
time to verify if 17.0 is affected. Could you please check and add
according found versions to this bug please or otherwis
Source: qemu
Version: 1:2.8+dfsg-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
the following vulnerability was published for qemu.
CVE-2017-2630[0]:
nbd: oob stack write in client routine drop_sync
If you fix the vulnerability please also make sure to inc
Source: pcre3
Version: 2:8.39-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerability was published for pcre3. Filling this for
severity grave as RC, think it should be fixed in stretch. Thouch I'm
unsure and would tend to mark it as no-dsa for
Source: wireshark
Version: 2.2.4+gcc3dc1b-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Hi,
the following vulnerability was published for wireshark.
CVE-2017-6014[0]:
| In Wireshark 2.2.4 and earlier, a crafted or malformed STA
Source: bind9
Version: 1:9.9.5.dfsg-9
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for bind9.
CVE-2017-3135[0]:
Assertion failure when using DNS64 and RPZ can lead to crash
If you fix the vulnerability please also make sure to include the
CVE (Comm
Source: qemu
Version: 1:2.8+dfsg-2
Severity: normal
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2017-5973[0]:
Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
If you fix the vulnerability please also make sure to include the
Source: qemu
Version: 1:2.8+dfsg-2
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for qemu.
CVE-2017-6058[0]:
net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping
If you fix the vulnerability please also make sure to include the
Source: qemu
Version: 1:2.8+dfsg-2
Severity: grave
Tags: upstream security patch
Hi,
the following vulnerability was published for qemu.
CVE-2017-2620[0]:
display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo
If you fix the vulnerability please also make sure to include
Source: shadow
Version: 1:4.2-3
Severity: grave
Tags: upstream security
Justification: user security hole
Hi,
the following vulnerability was published for shadow. The same issue
as found in util-linux's su is present for su from shadow. The fix is
going to be commited to shadow's master branch i
Source: wolfssl
Version: 3.9.10+dfsg-1
Severity: grave
Tags: upstream security patch fixed-upstream
Hi,
the following vulnerability was published for wolfssl.
CVE-2017-6076[0]:
| In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes
| it easier to extract RSA key information for a
Source: xen
Version: 4.8.1~pre.2017.01.23-1
Severity: important
Tags: security patch upstream fixed-upstream
Control: found -1 4.4.1-9
Hi
>From the XSA-207:
ISSUE DESCRIPTION
=
Certain internal state is set up, during domain construction, in
preparation for possible pass-throug
Source: vim
Version: 2:7.4.488-7
Severity: important
Tags: patch upstream security
Hi,
the following vulnerabilities were published for vim.
CVE-2017-6349[0]:
| An integer overflow at a u_read_undo memory allocation site would occur
| for vim before patch 8.0.0377, if it does not properly valida
Source: ruby-zip
Version: 1.1.6-1
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/rubyzip/rubyzip/issues/315
Hi,
the following vulnerability was published for ruby-zip.
CVE-2017-5946[0]:
| The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a
| direct
Source: libvirt
Version: 3.0.0-2
Severity: grave
Tags: upstream patch security
Justification: user security hole
Hi Guido,
the following vulnerability was published for libvirt.
CVE-2017-2635[0]:
Null pointer dereference when updating storage size on empty drives
If you fix the vulnerability pl
Source: xorg-server
Version: 2:1.16.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for xorg-server.
CVE-2017-2624[0]:
Timing attack against MIT Cookie
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & E
Source: libxdmcp
Version: 1:1.1.1-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libxdmcp.
CVE-2017-2625[0]:
Weak entropy usage for session keys in libxdm
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabiliti
Source: libice
Version: 2:1.0.9-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libice.
CVE-2017-2626[0]:
Weak Entropy Usage in Session Keys in libICE
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities &
Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=779012
Hi,
the following vulnerability was published for gdk-pixbuf.
CVE-2017-6312[0]:
Out-of-bounds read on io-ico.c
If you fix the vulnerability please also m
Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for gdk-pixbuf. There is no
patch upstream yet, and from a quick skim over io-icns.c the soure is
there.
CVE-2017-6313[0]:
An dangerous integer underflow in io-icns.c
I
Source: gdk-pixbuf
Version: 2.31.1-2
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=779020
Hi,
the following vulnerability was published for gdk-pixbuf.
CVE-2017-6314[0]:
Infinite loop in io-tiff.c
If you fix the vulnerability please also make
Source: libcacard
Version: 1:2.5.0-2
Severity: important
Tags: patch upstream security
Hi,
the following vulnerability was published for libcacard.
CVE-2017-6414[0]:
libcacard: host memory leakage while creating new APDU
If you fix the vulnerability please also make sure to include the
CVE (Com
Source: glibc
Version: 2.19-18
Severity: important
Tags: upstream security
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
Hi,
the following vulnerability was published for glibc.
CVE-2016-10228[0]:
glibc iconv program can hang when invoked with the -c option
If you fix the vul
Source: radare2
Version: 1.1.0+dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/radare/radare2/issues/6872
Hi,
the following vulnerability was published for radare2.
CVE-2017-6415[0]:
| The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
| 1
Source: radare2
Version: 1.1.0+dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/radare/radare2/issues/6857
Hi,
the following vulnerability was published for radare2.
CVE-2017-6387[0]:
| The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1
| all
Source: radare2
Version: 1.1.0+dfsg-2
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/radare/radare2/issues/6836
Hi,
the following vulnerability was published for radare2.
CVE-2017-6319[0]:
| The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
| 1
Source: suricata
Version: 2.0.7-2
Severity: important
Tags: upstream security patch
Forwarded: https://redmine.openinfosecfoundation.org/issues/2022
Dtails
https://redmine.openinfosecfoundation.org/issues/2022
Fixed by:
https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b
Source: suricata
Version: 2.0.7-2
Severity: important
Tags: patch upstream security
Forwarded: https://redmine.openinfosecfoundation.org/issues/2019
Details:
https://redmine.openinfosecfoundation.org/issues/2019
Fixed by:
https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d02
Source: kio
Version: 5.22.0-1
Severity: important
Tags: patch upstream security
Hi,
the following vulnerability was published for kio.
CVE-2017-6410[0]:
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls
| the PAC FindProxyForURL function with a full https URL (potentially
Source: kde4libs
Version: 4:4.14.26-1
Severity: important
Tags: upstream patch security
Hi,
the following vulnerability was published for kde4libs.
CVE-2017-6410[0]:
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls
| the PAC FindProxyForURL function with a full https URL
Source: qemu
Version: 1:2.1+dfsg-11
Severity: normal
Tags: patch security upstream
Hi,
the following vulnerability was published for qemu.
CVE-2017-6505[0]:
usb: an infinite loop issue in ohci_service_ed_list
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerab
Source: freetype
Version: 2.5.2-3
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for freetype.
CVE-2016-10244[0]:
| The parse_charstrings function in type1/t1load.c in FreeType 2 before
| 2.7 does not ensure that a font contains a glyph name, whic
Source: qbittorrent
Version: 3.3.7-2
Severity: important
Tags: upstream patch security
Hi,
the following vulnerability was published for qbittorrent.
CVE-2017-6503[0]:
| WebUI in qBittorrent before 3.3.11 did not escape many values, which
| could potentially lead to XSS.
If you fix the vulnerab
Source: qbittorrent
Version: 3.3.7-2
Severity: important
Tags: patch upstream security
Hi,
the following vulnerability was published for qbittorrent.
CVE-2017-6504[0]:
| WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options
| header, which could potentially lead to clickjacking.
If
Source: ettercap
Version: 1:0.8.1-3
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/Ettercap/ettercap/issues/782
Hi,
the following vulnerability was published for ettercap.
CVE-2017-6430[0]:
Out-of-bounds read in etterfilter utility
If you fix the vulnerability p
Source: wget
Version: 1.16-1
Severity: important
Tags: patch security upstream
Forwarded: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Hi,
the following vulnerability was published for wget.
CVE-2017-6508[0]:
| CRLF injection vulnerability in the url_parse function in url.c i
Source: lxc
Version: 1:1.0.6-6
Severity: grave
Tags: patch upstream security
Justification: user security hole
Hi,
the following vulnerability was published for lxc, filling it with RC
severity, should possibly be fixed in stretch before the release,
although we do not enable user namespaces by d
Source: r-base
Version: 3.1.1-1
Severity: grave
Tags: patch security upstream fixed-upstream
Justification: user security hole
Control: fixed -1 3.3.3-1
Hi,
the following vulnerability was published for r-base.
CVE-2016-8714[0]:
| An exploitable buffer overflow vulnerability exists in the
| Loa
Source: roundcube
Version: 1.2.3+dfsg.1-1
Severity: important
Tags: security patch upstream fixed-upstream
Hi
1.2.4 roundcube release fixed a XSS issue in handling of a style tag
inside of an svg element.
AFAICT, this issue has not yet a CVE assigned, thus I have requested
one.
Fixed by:
http
Source: putty
Version: 0.63-10
Severity: grave
Tags: security upstream patch
Justification: user security hole
Hi,
the following vulnerability was published for putty.
CVE-2017-6542[0]:
|integer overflow permits memory overwrite by forwarded ssh-agent
|connections
If you fix the vulnerability p
Source: qemu
Version: 1:2.8+dfsg-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 2.1+dfsg-1
Hi,
the following vulnerability was published for qemu.
CVE-2016-9603[0]:
cirrus: heap buffer overflow via vnc connection
If you fix the vulnerability
Source: partclone
Version: 0.2.73-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/Thomas-Tsai/partclone/issues/91
Hi,
the following vulnerability was published for partclone.
CVE-2017-6596[0]:
| partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer
| ov
Source: libplist
Version: 1.11-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/libimobiledevice/libplist/issues/99
Hi,
the following vulnerability was published for libplist.
CVE-2017-6440[0]:
| The parse_data_node function in bplist.c in libimobiledevice libplist
| 1
Source: chicken
Version: 4.9.0.1-1
Severity: important
Tags: upstream patch security
Hi,
the following vulnerability was published for chicken.
CVE-2017-6949[0]:
| An issue was discovered in CHICKEN Scheme through 4.12.0. When using a
| nonstandard CHICKEN-specific extension to allocate an SRFI-
Source: xrdp
Version: 0.9.1-7
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/neutrinolabs/xrdp/issues/350
Hi,
the following vulnerability was published for xrdp.
CVE-2017-6967[0]:
| xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect
| location
Source: pcre3
Version: 2:8.39-2.1
Severity: important
Tags: patch security upstream fixed-upstream
Hi,
the following vulnerability was published for pcre3.
CVE-2017-7186[0]:
| libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote
| attackers to cause a denial of service (segmentation vi
Source: libapache-poi-java
Version: 3.10.1-2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libapache-poi-java.
CVE-2017-5644[0]:
denial-of-service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Expo
Source: erlang
Version: 1:19.2.1+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/erlang/otp/pull/1108
Hi,
the following vulnerability was published for erlang.
CVE-2016-10253[0]:
| An issue was discovered in Erlang/OTP 18.x. Erlang's generation of
| compiled regu
Source: binutils
Severity: important
Tags: patch security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21157
Hi,
the following vulnerability was published for binutils.
CVE-2017-7210[0]:
| objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based
| buffer over-read
Source: binutils
Version: 2.28-2
Severity: important
Tags: upstream security patch
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21135
Hi,
the following vulnerability was published for binutils.
CVE-2017-7209[0]:
| The dump_section_as_bytes function in readelf in GNU Binutils 2.28
|
Source: zoneminder
Version: 1.30.0+dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/ZoneMinder/ZoneMinder/issues/1797
Hi,
the following vulnerability was published for zoneminder.
CVE-2017-7203[0]:
| A Cross-Site Scripting (XSS) was discovered in ZoneMinder
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697676
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-7207[0]:
| The mem_get_bits_rectangle function in Artifex Software, In
Source: pcs
Version: 0.9.155+dfsg-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for pcs.
CVE-2017-2661[0]:
Improper node name field validation when creating clusters leads to XSS
If you fix the vulnerability please also make sure to include the
CVE
Source: gitlab
Version: 8.13.11+dfsg-2
Severity: grave
Tags: patch upstream security fixed-upstream
Control: fixed -1 8.13.11+dfsg-7
Hi,
the following vulnerability was published for gitlab.
CVE-2017-0882[0]:
Information Disclosure in Issue and Merge Request Trackers
If you fix the vulnerabilit
Source: nova
Version: 2:14.0.0-3
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for nova.
CVE-2017-7214[0]:
| An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x
| through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Le
Source: pcre3
Version: 2:8.39-2.1
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for pcre3.
CVE-2017-7245[0]:
| Stack-based buffer overflow in the pcre32_copy_substring function in
| pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to c
Source: pcre3
Version: 2:8.39-2.1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for pcre3.
CVE-2017-7246[0]:
| Stack-based buffer overflow in the pcre32_copy_substring function in
| pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a
Source: pcre3
Version: 2:8.39-2.1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for pcre3.
CVE-2017-7244[0]:
| The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40
| allows remote attackers to cause a denial of service (invalid memory
Source: apt-cacher
Version: 1.7.13
Severity: important
Tags: security
This is to have a BTS reference, since no CVE has been assigned.
Patch:
diff -Nru apt-cacher-1.7.14/apt-cacher apt-cacher-1.7.15/apt-cacher
--- apt-cacher-1.7.14/apt-cacher2017-01-08 11:29:03.0 +0100
+++ apt-c
Source: potrace
Version: 1.14-1
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for potrace.
CVE-2017-7263[0]:
| The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows
| remote attackers to cause a denial of service (heap-based buffer
|
Source: apparmor
Version: 2.11.0-2
Severity: important
Tags: security upstream
Forwarded: https://launchpad.net/bugs/1668892
Hi,
the following vulnerability was published for apparmor.
CVE-2017-6507[0]:
| An issue was discovered in AppArmor before 2.12. Incorrect handling of
| unknown AppArmor p
Source: libplist
Version: 1.12+git+1+e37ca00-0.1
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/libimobiledevice/libplist/issues/98
Hi,
the following vulnerability was published for libplist.
CVE-2017-6438[0]:
| Heap-based buffer overflow in the parse_unicode_nod
Source: cobbler
Version: 2.6.6+dfsg1-13
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for cobbler.
CVE-2016-9605[0]:
Cross site scripting in profile page
AFAICT and from the corresponding Red Hat bugzilla entries, the
problematic code has been introduced
Source: eject
Version: 2.1.5+deb1+cvs20081104-13
Severity: grave
Tags: patch security
Hi,
the following vulnerability was published for eject.
CVE-2017-6964[0]:
| dmcrypt-get-device, as shipped in the eject package of Debian and
| Ubuntu, does not check the return value of the (1) setuid or (2)
Source: radare2
Version: 1.3.0+dfsg-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/radare/radare2/issues/7152
Hi,
the following vulnerability was published for radare2.
CVE-2017-7274[0]:
| The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0
|
Source: imagemagick
Severity: minor
Tags: security upstream
Hi,
the following vulnerability was published for imagemagick.
CVE-2017-7275[0]:
| The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows
| remote attackers to cause a denial of service (attempted large memory
| allocat
Package: pidgin
Version: 2.10.11-1
X-Debbugs-CC: t...@security.debian.org
secure-testing-team@lists.alioth.debian.org
Severity: grave
Tags: security
Control: fixed -1 2.11.0-0+deb8u2
Hi,
the following vulnerability was published for pidgin.
Filling this with RC severity, since it's although fixe
Source: tigervnc
Version: 1.7.0+dfsg-6
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for tigervnc.
CVE-2017-7392[0]:
| In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx
| SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthent
Source: bzrtp
Version: 1.0.2-1.1
X-Debbugs-CC: t...@security.debian.org
secure-testing-team@lists.alioth.debian.org
Severity: important
Tags: security
Hi,
the following vulnerability was published for bzrtp.
CVE-2016-6271[0]:
| The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows
| man-in
Source: libpodofo
Version: 0.9.4-4
Severity: important
Tags: upstream security
Hi,
the following vulnerabilities were published for libpodofo, reported
at [4].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry
Source: libpodofo
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libpodofo.
CVE-2017-7378[0]:
heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp)
If you fix the vulnerability please also make sure to include the
CVE (Commo
Source: libpodofo
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libpodofo.
CVE-2017-7379[0]:
|heap-based buffer overflow in
|PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)
If you fix the vulnerability please also make sure to inclu
Source: radare2
Version: 1.1.0+dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/radare/radare2/issues/6885
Hi,
the following vulnerability was published for radare2.
CVE-2017-6448[0]:
| The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2
|
Source: radare2
Version: 1.1.0+dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/radare/radare2/issues/6829
Control: fixed -1 1.3.0+dfsg-1
Hi,
the following vulnerability was published for radare2.
CVE-2017-6194[0]:
| The relocs function in libr/bin/p/bin_bfl
Source: libarchive
Version: 3.1.2-11
Severity: important
Tags: upstream security
Forwarded: https://github.com/libarchive/libarchive/issues/842
Hi,
the following vulnerability was published for libarchive.
CVE-2016-10209[0]:
| The archive_wstring_append_from_mbs function in archive_string.c in
|
Source: collectd
Version: 5.4.1-6
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for collectd.
CVE-2017-7401[0]:
| Incorrect interaction of the parse_packet() and
| parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and
| earlier al
Source: curl
Version: 7.38.0-4
Severity: important
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for curl.
CVE-2017-7407[0]:
| The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow
| physically proximate attackers to obtain sensitive
Source: python-django
Version: 1.7.7-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for python-django.
CVE-2017-7233[0]:
|Open redirect and possible XSS attack via user-supplied numeric
|redirect URLs
If you fix the vulnerability please also ma
Source: python-django
Version: 1.7.7-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for python-django.
CVE-2017-7234[0]:
Open redirect vulnerability in django.views.static.serve()
If you fix the vulnerability please also make sure to include th
Source: horizon
Version: 3:10.0.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.launchpad.net/horizon/+bug/1667086
Hi,
the following vulnerability was published for horizon.
CVE-2017-7400[0]:
| OpenStack Horizon 9.x through 9.1.1, 10.x throug
701 - 800 of 1758 matches
Mail list logo
