[Secure-testing-team] Bug#552551: libhtml-parser-perl: HTML-Parser decode_entities() Denial of Service

2009-10-27 Thread Salvatore Bonaccorso
Package: libhtml-parser-perl Version: 3.62-1 Severity: serious Tags: security Justification: potential DoS - user security hole Hi There is a security advisory regarding libhtml-parser-perl officially; this is CVE-2009-3627 A vulnerability has been reported in HTML-Parser, which can be

[Secure-testing-team] Bug#622952: libmojolicious-perl: Path security vulnerability

2011-04-16 Thread Salvatore Bonaccorso
Source: libmojolicious-perl Version: 0.26-1 Severity: grave Tags: security Justification: user security hole Hi A path security vulnerability was reported upstream for libmojolicious-perl. [1] https://github.com/kraih/mojo/issues/114 [2]

[Secure-testing-team] Bug#626135: libmojolicious-perl: XSS vulnerability in the link_to helper

2011-05-08 Thread Salvatore Bonaccorso
Package: libmojolicious-perl Version: 0.26-1+squeeze1 Severity: grave Tags: squeeze security Justification: user security hole Hi libmojolicious-perl prior to 1.12 seems vulnerable to a cross-site scripting vulnerability. The CVE for this issue is CVE-2011-1841 [1]. [1]

[Secure-testing-team] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus

2011-07-12 Thread Salvatore Bonaccorso
Source: libvirt Version: 0.9.2 Severity: important Tags: security Hi Guido In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is the patch applied by upstream. Can/should there be an update to for stable (if

[Secure-testing-team] Bug#650706: libpar-packer-perl: PAR packed files are extracted to unsafe and predictable temporary directories

2011-12-01 Thread Salvatore Bonaccorso
Package: libpar-packer-perl Version: 1.010-1 Severity: important Tags: security Hi Changelog for 1.011 contains: - RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and predictable temporary directories - create parent of cache directory (i.e. /tmp/par-USER) with

[Secure-testing-team] Bug#650707: libpar-perl: PAR packed files are extracted to unsafe and predictable temporary directories

2011-12-01 Thread Salvatore Bonaccorso
Package: libpar-perl Version: 1.002-1 Severity: important Tags: security Hi Changelog for new upstream release of libpar-perl contains: [Changes for 1.004 - Nov 30, 2011] - back out r1241: it causes errors in PAR::Packer's test suite - change unsafe directory error message to match the

[Secure-testing-team] Bug#664465: barnowl: Multiple Remote Denial of Service Vulnerabilities

2012-03-17 Thread Salvatore Bonaccorso
Package: barnowl Version: 1.6.2-1 Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi (Please adjust the severity if this should be wrong, as classified as DoS, maybe normal could suffice here): It was discovered that barnowl has multiple remote denial of

[Secure-testing-team] Bug#670317: openssl: ASN1 BIO incomplete fix (CVE-2012-2131)

2012-04-24 Thread Salvatore Bonaccorso
Source: openssl Version: 0.9.8o-4squeeze11 Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi It was announced that the fix for CVE-2012-2110 was incomplete [1]. It was assignet CVE-2012-2131 to this. Upstream CVS contains a fix

[Secure-testing-team] Bug#693420: perl-modules: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

2012-11-16 Thread Salvatore Bonaccorso
Package: perl-modules Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerability was published for CGI.pm: CVE-2012-5526[0]: libcgi-pm-perl: newline injection If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#694279: libdancer-perl: Cookie name CRLF injection

2012-11-24 Thread Salvatore Bonaccorso
Package: libdancer-perl Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Similar to #693421, CVE-2012-5526 it was reported[1] that libdancer-perl's Dancer::Cookie also do not validate cookie name for CRLF and other invalid symbols in headers. A patch however

[Secure-testing-team] Bug#696574: owncloud: multiple security issues

2012-12-22 Thread Salvatore Bonaccorso
Source: owncloud Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerabilities were published for owncloud. CVE-2012-5665[0]: Auth bypass in user_webdavauth and user_ldap CVE-2012-5666[1]: XSS vulnerability in

[Secure-testing-team] Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015

2013-01-02 Thread Salvatore Bonaccorso
Package: asterisk Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerabilities were published for asterisk. CVE-2012-5976[0]: Crashes due to large stack allocations when using TCP CVE-2012-5977[1]: Denial of

[Secure-testing-team] Bug#697811: cronie: CVE-2012-6097: fd leak in 1.4.8

2013-01-09 Thread Salvatore Bonaccorso
Package: cronie Version: 1.4.8-1~exp1 Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi the following vulnerability was published for cronie. CVE-2012-6097[0]: cronie fd leak If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#697974: axis2c: CVE-2012-6107: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate

2013-01-12 Thread Salvatore Bonaccorso
Package: axis2c Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerability was published for axis2c. CVE-2012-6107[0]: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509

[Secure-testing-team] Bug#698174: perl: double-free in load subroutine for Digest::SHA

2013-01-14 Thread Salvatore Bonaccorso
Source: perl Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Upload of Digest::SHA 5.81 mentions the following: 5.81 Mon Jan 14 05:17:08 MST 2013 - corrected load subroutine (SHA.pm) to prevent double-free -- Bug #82655: Security

[Secure-testing-team] Bug#698333: drupal6: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

2013-01-16 Thread Salvatore Bonaccorso
Package: drupal6 Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi There are security updates for drupal6 and 7 available. CVE numbers will be requested according to the advisory. The first issue mentions is said to also affect

[Secure-testing-team] Bug#698334: drupal7: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

2013-01-16 Thread Salvatore Bonaccorso
Package: drupal7 Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi There are security updates for drupal6 and 7 available. CVE numbers will be requested according to the advisory. The first issue mentions is said to also affect

[Secure-testing-team] Bug#698541: zabbix: CVE-2013-1364: possible to override LDAP configuration parameters via the API

2013-01-19 Thread Salvatore Bonaccorso
Package: zabbix Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the following vulnerability was published for zabbix. CVE-2013-1364[0]: possible to override LDAP configuration parameters via the API If you fix the

[Secure-testing-team] Bug#698737: owncloud: Multiple XSS vulnerabilities (oC-SA-2013-001)

2013-01-22 Thread Salvatore Bonaccorso
Source: owncloud Severity: grave Tags: security Hi The following announce on multiple XSS vulnerabilities in owncloud was done: [0] http://owncloud.org/about/security/advisories/oC-SA-2013-001/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities

[Secure-testing-team] Bug#698910: zoneminder: arbitrary command execution vulnerability

2013-01-24 Thread Salvatore Bonaccorso
Source: zoneminder Severity: grave Tags: security Justification: user security hole Hi The following arbitrary command execution vulnerability was disclosed for zoneminder: http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/ Regards,

[Secure-testing-team] Bug#699226: rails: CVE-2013-0333: Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3

2013-01-29 Thread Salvatore Bonaccorso
Package: rails Severity: grave Tags: security Justification: user security hole Hi The following advisory was made for rails: [1] http://weblog.rubyonrails.org/ [2]: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo Disclaimer: I have not checked which

[Secure-testing-team] Bug#699316: libupnp: Multiple stack buffer overflow vulnerabilities

2013-01-29 Thread Salvatore Bonaccorso
Package: libupnp Severity: grave Tags: security Hi, the following vulnerabilities were published for libupnp. CVE-2012-5958[0]: Stack buffer overflow of Tempbuf CVE-2012-5959[1]: Stack buffer overflow of Event-UDN CVE-2012-5960[2]: Stack buffer overflow of Event-UDN CVE-2012-5961[3]: Stack

[Secure-testing-team] Bug#699835: keystone: CVE-2013-0247: Keystone denial of service through invalid token requests

2013-02-05 Thread Salvatore Bonaccorso
Package: keystone Severity: grave Tags: security Justification: user security hole Hi, the following vulnerability was published for keystone. CVE-2013-0247[0]: Keystone denial of service through invalid token requests Patches should be available via [1]. If you fix the vulnerability please

[Secure-testing-team] Bug#700158: ganglia: CVE-2013-0275: several XSS flaws

2013-02-09 Thread Salvatore Bonaccorso
Source: ganglia Version: 3.3.8-1 Severity: important Tags: security Hi ganglia's Webfrontend part contains several XSS flaws[0] fixed by [1]. [0] http://security-tracker.debian.org/tracker/CVE-2013-0275 http://marc.info/?l=oss-securitym=136034779111740w=2 [1]

[Secure-testing-team] Bug#700159: ganglia-web: CVE-2013-0275: several XSS flaws

2013-02-09 Thread Salvatore Bonaccorso
Source: ganglia-web Version: 3.5.2-1 Severity: important Tags: security Hi ganglia's Webfrontend part contains several XSS flaws[0] fixed by [1]. [0] http://security-tracker.debian.org/tracker/CVE-2013-0275 http://marc.info/?l=oss-securitym=136034779111740w=2 [1]

[Secure-testing-team] Bug#700173: ruby-rack: CVE-2013-0262 and CVE-2013-0263

2013-02-09 Thread Salvatore Bonaccorso
Source: ruby-rack Severity: grave Tags: security Hi, the following vulnerabilities were published for ruby-rack. CVE-2013-0262[0]: Path sanitization information disclosure CVE-2013-0263[1]: Timing attack in cookie sessions If you fix the vulnerabilities please also make sure to include the

[Secure-testing-team] Bug#700240: keystone: CVE-2013-0270: Large HTTP request DoS

2013-02-10 Thread Salvatore Bonaccorso
Package: keystone Severity: important Tags: security Hi OpenStack Team! the following vulnerability was published for keystone. CVE-2013-0270[0]: Large HTTP request DoS If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your

[Secure-testing-team] Bug#700669: pyrad: CVE-2013-0294 and CVE-2013-0295

2013-02-15 Thread Salvatore Bonaccorso
Package: pyrad Version: 2.0-1 Severity: grave Tags: security Control: found -1 1.2-1 Hi, the following vulnerabilities were published for pyrad. CVE-2013-0294[0]: potentially predictable password hashing CVE-2013-0295[1]: CreateID() creates serialized packet IDs for RADIUS Note: it's currently

Re: [Secure-testing-team] embedded copy of glee in love

2013-02-18 Thread Salvatore Bonaccorso
Hi Ivo On Mon, Feb 18, 2013 at 11:18:23PM +0100, Ivo De Decker wrote: In wheezy, love has an embedded copy of glee. Please list this in embedded-code-copies. The version in sid doesn't use the embedded version anymore. More info in bug #690492. Thank you for the notice. I have added this

[Secure-testing-team] Bug#700912: zoneminder: local file inclusion vulnerability

2013-02-19 Thread Salvatore Bonaccorso
Package: zoneminder Version: 1.24.2-8 Severity: grave Tags: security patch Justification: user security hole Control: fixed -1 1.25.0-1 Hi In zoneminder forum there is the following security patch announce: http://www.zoneminder.com/forums/viewtopic.php?f=1t=17979 1.24.2-8 is affected by this

[Secure-testing-team] Bug#701052: isync: CVE-2013-0289: Incorrect server's SSL x509.v3 certificate validation when performing IMAP synchronization

2013-02-20 Thread Salvatore Bonaccorso
Package: isync Version: 1.0.4-2.1 Severity: grave Tags: security patch Hi, the following vulnerability was published for isync. CVE-2013-0289[0]: missing SSL subject verification A patch is available in upstream's git repository[1]. If you fix the vulnerability please also make sure to

[Secure-testing-team] Bug#701151: pyrad: CVE-2013-0342: CreateID() creates serialized packet IDs for RADIUS

2013-02-21 Thread Salvatore Bonaccorso
Package: pyrad Version: 1.2-1 Severity: important Tags: security Control: found -1 2.0-2 Hi Jeremy I'm sorry there was some confusion regarding #700669 related CVE's. The original advisory contained two vulnerabilities, where the second CVE was afterwards rejected. According to [1] now, the

[Secure-testing-team] Bug#701227: nagios-nrpe: CVE-2013-1362: allows the passing of $() as command arguments to execute shell commands

2013-02-22 Thread Salvatore Bonaccorso
Package: nagios-nrpe Severity: grave Tags: security Hi On bugtraq mailinglist it was reported publicly[1]. If support for command argument in the daemon are enabled then it would be possible to pass $() and possibly executing shell commands when run unter bash. Upstream has released 2.14

[Secure-testing-team] Bug#701586: git: CVE-2013-0308: Incorrect IMAP server's SSL x509.v3 certificate validation

2013-02-24 Thread Salvatore Bonaccorso
Package: git Version: 1:1.7.10.4-2 Severity: important Tags: security patch Hi, the following vulnerability was published for git. CVE-2013-0308[0,1]: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command If you fix the vulnerability please also make sure to

[Secure-testing-team] Bug#701773: nova: CVE-2013-0335: VNC proxy can connect to the wrong VM

2013-02-26 Thread Salvatore Bonaccorso
Package: nova Version: 2012.1.1-13 Severity: important Tags: security Hi, the following vulnerability was published for nova. CVE-2013-0335[0]: VNC proxy can connect to the wrong VM See also the announcement[1]. Patches for folsom are available[2]. If you fix the vulnerability please also

[Secure-testing-team] Bug#702184: gambas3: CVE-2013-1809: insecure temporary directory creation

2013-03-03 Thread Salvatore Bonaccorso
Source: gambas3 Severity: important Tags: security Hi, the following vulnerability was published for gambas3. CVE-2013-1809[0]: Gambas creates hijackable directory in /tmp It was found that Gambas is vulnerable to a (temorary files) directory

[Secure-testing-team] Bug#702525: ruby1.9.1: CVE-2013-1821: entity expansion DoS vulnerability in REXML

2013-03-07 Thread Salvatore Bonaccorso
Source: ruby1.9.1 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for ruby1.9.1. CVE-2013-1821[0]: entity expansion DoS vulnerability in REXML More details are explained in the upstream announcement[1]. Patches are commited to svn with revision

[Secure-testing-team] Bug#702526: ruby1.8: CVE-2013-1821: entity expansion DoS vulnerability in REXML

2013-03-07 Thread Salvatore Bonaccorso
Source: ruby1.8 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for ruby. CVE-2013-1821[0]: entity expansion DoS vulnerability in REXML More details are explained in the upstream announcement[1]. Patches (for ruby1.9.1) are commited to svn with

Re: [Secure-testing-team] a candidate for EmbeddedCodeCopies

2013-03-10 Thread Salvatore Bonaccorso
Hi Alex On Thu, Feb 28, 2013 at 09:11:30AM +0100, Alex Mestiashvili wrote: Dear secure-testing-team, I am working on packaging of libsereal-{de,en}coder-perl modules [0], and it seem that the upstream uses modified code of snappy which is already packaged in Debian as libsnappy-dev. As the

[Secure-testing-team] Bug#702735: firebird2.1: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability

2013-03-10 Thread Salvatore Bonaccorso
Source: firebird2.1 Severity: grave Tags: security Hi the following vulnerability was published for firebird2.1. CVE-2013-2492[0]: Request Processing Buffer Overflow Vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in

[Secure-testing-team] Bug#702736: firebird2.5: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability

2013-03-10 Thread Salvatore Bonaccorso
Source: firebird2.5 Severity: grave Tags: security Hi the following vulnerability was published for firebird2.5. CVE-2013-2492[0]: Request Processing Buffer Overflow Vulnerability If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in

[Secure-testing-team] Bug#702914: libnet-server-perl: CVE-2013-1841: Improper reverse DNS matching check for the given hostname

2013-03-12 Thread Salvatore Bonaccorso
Package: libnet-server-perl Severity: important Tags: security Control: forwarded -1 https://rt.cpan.org/Ticket/Display.html?id=83909 Hi It was reported to the oss-security list[1] that libnet-server-perl does not check the reverse DNS lookup hostname again by doing a forward lookup and checking

[Secure-testing-team] Bug#703870: moodle: Multiple security issues reported

2013-03-25 Thread Salvatore Bonaccorso
Source: moodle Severity: grave Tags: security Hi, the following vulnerabilities were published for moodle. CVE-2013-1829[0]: Calendar subscription capability issue (this seems not to affect moodle in Debian as versions affected are reported as 2.4 to 2.4.1) CVE-2013-1830[1]: Information leak

[Secure-testing-team] Bug#703933: libxslt: CVE-2012-6139

2013-03-25 Thread Salvatore Bonaccorso
Package: libxslt Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for libxslt. CVE-2012-6139[0]: libxslt xsltDocumentFunction() and xsltAddKey() Denial of Service Vulnerabilities There are patches and minimalized test cases available at [1,2,3,4].

[Secure-testing-team] Bug#704114: asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003

2013-03-27 Thread Salvatore Bonaccorso
Package: asterisk Severity: grave Tags: security patch upstream Hi, the following vulnerabilities were published for asterisk. CVE-2013-2685[0]: Buffer Overflow Exploit Through SIP SDP Header CVE-2013-2686[1]: Denial of Service in HTTP server CVE-2013-2264[2]: Username disclosure in SIP

[Secure-testing-team] Bug#704611: haproxy: CVE-2013-1912: crash on TCP content inspection rules

2013-04-03 Thread Salvatore Bonaccorso
Source: haproxy Severity: important Tags: security upstream Hi, the following vulnerability was published for haproxy. CVE-2013-1912[0]: crash on TCP content inspection rules If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your

[Secure-testing-team] Bug#704623: eglibc: CVE-2013-1914: getaddrinfo() stack overflow

2013-04-03 Thread Salvatore Bonaccorso
Package: eglibc Severity: important Tags: security upstream Hi, the following vulnerability was published for eglibc. CVE-2013-1914[0]: getaddrinfo() stack overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog

[Secure-testing-team] Bug#704625: modsecurity-apache: CVE-2013-1915: Vulnerable to XXE attacks

2013-04-03 Thread Salvatore Bonaccorso
Package: modsecurity-apache Severity: grave Tags: security upstream Hi, the following vulnerability was published for modsecurity-apache. CVE-2013-1915[0]: Vulnerable to XXE attacks Patches where added upstream for 2.7.3[1,2] but might need some adjustments for current versions in Debian. If

[Secure-testing-team] Bug#705690: libuser: CVE-2012-5630 CVE-2012-5644

2013-04-18 Thread Salvatore Bonaccorso
Package: libuser Severity: important Tags: security Hi, the following vulnerabilities were published for libuser. CVE-2012-5630[0]: TOCTOU race conditions by copying and removing directory trees CVE-2012-5644[1]: (Complete) Information disclosure when moving user's home directory The patch

[Secure-testing-team] Bug#705722: libxml2: CVE-2013-1969

2013-04-18 Thread Salvatore Bonaccorso
Package: libxml2 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for libxml2. CVE-2013-1969[0]: se-after-free error in htmlParseChunk() and xmldecl_done() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities

[Secure-testing-team] Bug#706252: autojump: CVE-2013-2012: autojump profile will load random stuff from a directory called custom_install

2013-04-27 Thread Salvatore Bonaccorso
Package: autojump Version: 21.5.1-1 Severity: grave Tags: security Justification: user security hole Hi Tanguy autojump in example has /usr/share/autojump/autojump.sh allowing loading random stuff from a directory called custom_install in the current working directory: , [

[Secure-testing-team] Bug#706525: chicken: CVE-2013-2024: OS command injection vulnerability

2013-05-01 Thread Salvatore Bonaccorso
Package: chicken Version: 4.5.0-1 Severity: grave Tags: security patch Hi, @Release Team: This probably should not delay the release for wheezy, as chicken has other security relevant bugreport open (#702410) with wheezy-ignore tag. The same can be done here, IMO. the following vulnerability

[Secure-testing-team] Bug#706557: open-vm-tools: CVE-2013-3237

2013-05-01 Thread Salvatore Bonaccorso
Source: open-vm-tools Version: 1:8.4.2-261024-1 Severity: important Tags: security patch Hi Recently linux introduced VM Sockets. It was found the following vulnerability, which looks also affecting af_vsock.c in open-vm-tools: CVE-2013-3237[0]: | The vsock_stream_sendmsg function in

[Secure-testing-team] Bug#706665: gpsd: CVE-2013-2038

2013-05-02 Thread Salvatore Bonaccorso
Source: gpsd Severity: important Tags: security patch Hi, the following vulnerability was published for gpsd. CVE-2013-2038[0]: DoS (packet parser crash) in the AIS driver when processing malformed packet If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#707329: openvpn: CVE-2013-2061: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt

2013-05-09 Thread Salvatore Bonaccorso
Package: openvpn Version: 2.1.3-2+squeeze1 Severity: important Tags: security patch Control: found -1 2.2.1-8 Hi, the following vulnerability was published for openvpn. CVE-2013-2061[0]: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt If you fix the vulnerability please

[Secure-testing-team] Bug#707401: nfs-utils: CVE-2013-1923: rpc.gssd is vulnerable to DNS spoofing

2013-05-09 Thread Salvatore Bonaccorso
Package: nfs-utils Version: 1:1.2.2-4squeeze2 Severity: important Tags: security Control: found -1 1:1.2.6-3 Hi, the following vulnerability was published for nfs-utils. CVE-2013-1923[0]: rpc.gssd is vulnerable to DNS spoofing An explanation is also available at [1]. New upstream version

[Secure-testing-team] Bug#707776: kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages

2013-05-11 Thread Salvatore Bonaccorso
Package: kde4libs Version: 4:4.8.4-4 Severity: important Tags: security patch Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=319428 Hi, the following vulnerability was published for kde4libs. CVE-2013-2074[0]: prints passwords contained in HTTP URLs in error messages Upstream

[Secure-testing-team] Bug#708647: libvirt: CVE-2013-1962: DoS (max count of open files exhaustion) due sockets leak in the storage pool

2013-05-17 Thread Salvatore Bonaccorso
Package: libvirt Version: 1.0.5-2 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for libvirt. CVE-2013-1962[0]: DoS (max count of open files exhaustion) due sockets leak in the storage pool Upstream patch can be found at [1]. If you fix the

[Secure-testing-team] Bug#708924: nodau: Unsafe handling of temporary files when using external editor

2013-05-19 Thread Salvatore Bonaccorso
Package: nodau Version: 0.3.1-1 Severity: important Tags: security upstream Control: forwarded -1 https://github.com/darkrose/nodau/issues/17 [opened in Debian to track the issue] nodau unsafely handles temporary files when using external editor, possibly allowing a malicious user to overwrite

[Secure-testing-team] Bug#709535: python-keystoneclient: CVE-2013-2013: OpenStack keystone password disclosure on command line

2013-05-23 Thread Salvatore Bonaccorso
Package: python-keystoneclient Version: 2012.1-3 Severity: important Tags: security patch upstream Hi, the following vulnerability was published for python-keystoneclient. CVE-2013-2013[0]: OpenStack keystone password disclosure on command line Upstream patch is at [1] and introduces the

[Secure-testing-team] Bug#709931: socat: CVE-2013-3571: file descriptor leak

2013-05-26 Thread Salvatore Bonaccorso
Package: socat Severity: important Tags: security patch upstream Hi, the following vulnerability was published for socat. CVE-2013-3571[0]: FD leak Upstream advisory is at [1], and also contain patches. If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#710217: modsecurity-apache: CVE-2013-2765: NULL pointer dereference

2013-05-29 Thread Salvatore Bonaccorso
Package: modsecurity-apache Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for modsecurity-apache. CVE-2013-2765[0]: NULL pointer dereference Upstream patch is at [1], fixed in 2.7.4[2]. If you fix the vulnerability please also make sure to include

[Secure-testing-team] Bug#710597: pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef

2013-06-01 Thread Salvatore Bonaccorso
Package: pymongo Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for pymongo. CVE-2013-2132[0]: null pointer when decoding invalid DBRef See [1] for details and upstream bugreport including reproducer for the issue. A patch was applied upstream in

[Secure-testing-team] Bug#711239: libmodule-signature-perl: CVE-2013-2145: arbitrary code execution when verifying SIGNATURE

2013-06-05 Thread Salvatore Bonaccorso
Package: libmodule-signature-perl Version: 0.63-1 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for libmodule-signature-perl. CVE-2013-2145[0]: arbitrary code execution when verifying SIGNATURE

[Secure-testing-team] Bug#711517: owncloud: CVE-2013-2149: XSS vulnerability in core/js/oc-dialogs.js

2013-06-07 Thread Salvatore Bonaccorso
Package: owncloud Version: 4.0.15debian-1 Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for owncloud. CVE-2013-2149[0]: XSS vulnerability in core/js/oc-dialogs.js See upstream advisory at [1]. If you fix the vulnerability please also make sure to

[Secure-testing-team] Bug#711518: owncloud: CVE-2013-2150: XSS vulnerability in js/viewer.js

2013-06-07 Thread Salvatore Bonaccorso
Package: owncloud Version: 5.0.7~rc1+dfsg-2 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for owncloud. CVE-2013-2150[0]: XSS vulnerability in js/viewer.js See upstream advisory[1]. If you fix the vulnerability please also make sure to include the

[Secure-testing-team] Bug#712202: swift: CVE-2013-2161: Unchecked user input in Swift XML responses

2013-06-13 Thread Salvatore Bonaccorso
Package: swift Version: 1.4.8-2 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for swift. CVE-2013-2161[0]: Unchecked user input in Swift XML responses If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities

[Secure-testing-team] Bug#713819: python-keystoneclient: CVE-2013-2166 CVE-2013-2167: Issues in Keystone middleware memcache signing/encryption feature

2013-06-22 Thread Salvatore Bonaccorso
Package: python-keystoneclient Severity: grave Tags: security upstream patch Hi, the following vulnerabilities were published for python-keystoneclient. CVE-2013-2166[0]: middleware memcache encryption bypass CVE-2013-2167[1]: middleware memcache signing bypass See [2] for further reference.

[Secure-testing-team] Bug#714241: xml-security-c: CVE-2013-2210

2013-06-27 Thread Salvatore Bonaccorso
Package: xml-security-c Severity: grave Tags: security patch Justification: user security hole Hi Russ, the following vulnerability was published for xml-security-c. It looks the fix for CVE-2013-2154 introduced the possibility of a heap overflow. CVE-2013-2210[0]: heap overflow during XPointer

[Secure-testing-team] Bug#714340: suds: CVE-2013-2217: Insecure temporary directory use when initializing file-based URL cache

2013-06-27 Thread Salvatore Bonaccorso
Package: suds Severity: important Tags: security upstream Hi, the following vulnerability was published for suds. CVE-2013-2217[0]: Insecure temporary directory use when initializing file-based URL cache If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#714543: ruby1.9.1: CVE-2013-4073: Hostname check bypassing vulnerability in SSL client

2013-07-01 Thread Salvatore Bonaccorso
Package: ruby1.9.1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for ruby1.9.1. CVE-2013-4073[0]: Hostname check bypassing vulnerability in SSL client If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#714699: libvirt: CVE-2013-2218: crash when listing network interfaces with filters

2013-07-01 Thread Salvatore Bonaccorso
Package: libvirt Version: 1.0.6-1 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libvirt. CVE-2013-2218[0]: crash when listing network interfaces with filters The issue was fixed with commit [1] and introduced previously with [2].

[Secure-testing-team] Bug#716835: cyrus-sasl2: CVE-2013-4122: NULL pointer dereference

2013-07-13 Thread Salvatore Bonaccorso
Package: cyrus-sasl2 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for cyrus-sasl2. CVE-2013-4122[0]: cyrus-sasl NULL ptr. dereference If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id

[Secure-testing-team] Bug#717895: xymon: remote file deletion vulnerability

2013-07-26 Thread Salvatore Bonaccorso
Package: xymon Severity: important Tags: security upstream Hi Christoph According to [1] xymon is vulnerable to ta file deletion vulnerability, which I have not further investigated. Forwarding this to the BTS. At first glance the impact is limited (according to mitigation factors section).

[Secure-testing-team] Bug#717936: bind9: CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormally

2013-07-26 Thread Salvatore Bonaccorso
Package: bind9 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for bind9. CVE-2013-4854[0]: A specially crafted query can cause BIND to terminate abnormally See [1] for the upstream knowledge base entry. If you fix the vulnerability please also make

[Secure-testing-team] Bug#718325: 389-ds-base: CVE-2013-2219: ACLs inoperative in some search scenarios

2013-07-30 Thread Salvatore Bonaccorso
Source: 389-ds-base Severity: important Tags: security patch upstream Hi CVE-2013-2219 was assigned for https://bugzilla.redhat.com/show_bug.cgi?id=979508 where affected code seems present also in 389-ds-base. See Red Hat Bug for details and a patch. Regards, Salvatore

[Secure-testing-team] Bug#718800: filezilla: CVE-2013-4852: PuTTY SSH handshake heap overflow

2013-08-05 Thread Salvatore Bonaccorso
Package: filezilla Severity: grave Tags: security patch upstream Hi, the following vulnerability was published for putty, but filezilla embedds putty source: CVE-2013-4852[0]: PuTTY SSH handshake heap overflow See the advisory [1] for details referring to putty commit [2]. AFAICS filezilla

[Secure-testing-team] Bug#718905: nova: CVE-2013-2256: Resource limit circumvention in Nova private flavors

2013-08-06 Thread Salvatore Bonaccorso
Package: nova Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for nova. CVE-2013-2256[0]: Resource limit circumvention in Nova private flavors More details are given in [1] and [2] which also have patches/commits for various releases. If you fix the

[Secure-testing-team] Bug#719056: nagios3: CVE-2013-4214: html/rss-newsfeed.php insecure temporary file usage

2013-08-07 Thread Salvatore Bonaccorso
Package: nagios3-cgi Severity: important Tags: security upstream Hi, the following vulnerability was published for nagios3. CVE-2013-4214[0]: insecure temporary file usage The file html/rss-newsfeed.php in nagios3 (installed into nagios3-cgi) use /tmp insecurely by fixed cache dir name: 7

[Secure-testing-team] Bug#719070: filezilla: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208

2013-08-08 Thread Salvatore Bonaccorso
Package: filezilla Severity: grave Tags: security upstream patch Hi, the following vulnerabilities were published for filezilla. CVE-2013-4206[0]: buffer underrun in modmul can corrupt the heap CVE-2013-4207[1]: non-coprime values in DSA signatures can cause buffer overflow in modular inverse

[Secure-testing-team] Bug#719203: chrony: CVE-2012-4502 and CVE-2012-4503

2013-08-09 Thread Salvatore Bonaccorso
Package: chrony Severity: important Hi, the following vulnerabilities were published for chrony. CVE-2012-4502[0]: Buffer overflow when processing crafted command packets CVE-2012-4503[1]: Uninitialized data in command replies Upstream commits fixing these issues are at [2] and [3]. See also

[Secure-testing-team] Bug#719567: python3.3: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes

2013-08-13 Thread Salvatore Bonaccorso
Package: python3.3 Version: 3.3.2-5 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for python3.3 CVE-2013-4238[0]: Python SSL module does not handle certificates that contain hostnames with NULL bytes See also upstream bugreport [1] which contains

[Secure-testing-team] Bug#719566: python2.7: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes

2013-08-13 Thread Salvatore Bonaccorso
Package: python2.7 Version: 2.7.5-7 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for python2.7 CVE-2013-4238[0]: Python SSL module does not handle certificates that contain hostnames with NULL bytes See also upstream bugreport [1] which contains

[Secure-testing-team] Bug#719568: python3.2: CVE-2013-4238: Python SSL module does not handle certificates that contain hostnames with NULL bytes

2013-08-13 Thread Salvatore Bonaccorso
Package: python3.2 Version: 3.2.4-1 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for pythonX.Y CVE-2013-4238[0]: Python SSL module does not handle certificates that contain hostnames with NULL bytes See also upstream bugreport [1] which contains

[Secure-testing-team] Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

2013-08-22 Thread Salvatore Bonaccorso
Package: graphite-web Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for graphite-web. CVE-2013-5093[0]: Graphite remote code execution See the advisory in [1] and there are either patch[2] for 0.9.10 or updating to 0.9.11/0.9.12

[Secure-testing-team] Bug#720602: nova: CVE-2013-4278: Incomplete fix for CVE-2013-2256

2013-08-23 Thread Salvatore Bonaccorso
Package: nova Version: 2013.1.2-3 Severity: grave Tags: security upstream patch *** /tmp/nova.reportbug Package: nova Severity: FILLINSEVERITY Tags: security Hi, the following vulnerability was published for nova. CVE-2013-4278[0]: Nova private flavors resource limit circumvention This is

[Secure-testing-team] Bug#720632: znc: CVE-2013-2130: NULL pointer dereference vulnerabilities

2013-08-24 Thread Salvatore Bonaccorso
Package: znc Version: 1.0-4 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for znc. CVE-2013-2130[0]: null pointer dereference in webadmin See references for additional information and a patch. This only affectes znc 1.0. If you fix the

[Secure-testing-team] Bug#721542: subversion: CVE-2013-4277: local privilege escalation vulnerability via symlink attack

2013-09-01 Thread Salvatore Bonaccorso
Package: subversion Version: 1.6.12dfsg-6 Severity: important Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for subversion. CVE-2013-4277[0]: local privilege escalation vulnerability via symlink attack If you fix the vulnerability please also make

[Secure-testing-team] Bug#722306: torque: CVE-2013-4319: privilege escalation

2013-09-09 Thread Salvatore Bonaccorso
Package: torque Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for torque. CVE-2013-4319[0]: Torque privilege escalation Upstream announce[1] contains also a patch. If you fix the vulnerability please also make sure to include the

[Secure-testing-team] Bug#722505: keystone: CVE-CVE-2013-4294: Token revocation failure using Keystone memcache/KVS backends

2013-09-11 Thread Salvatore Bonaccorso
Package: keystone Version: 2013.1.3-1 Severity: important Tags: security patch upstream Hi, the following vulnerability was published for keystone. CVE-2013-4294[0]: Token revocation failure using Keystone memcache/KVS backends See furthermore [1] for upstream announce. If you fix the

[Secure-testing-team] Bug#722537: wordpress: CVE-2013-4338 CVE-2013-4339 CVE-2013-4340

2013-09-11 Thread Salvatore Bonaccorso
Package: wordpress Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for wordpress. CVE-2013-4338[0]: Unsafe PHP unserialization CVE-2013-4339[1]: Open Redirect / Insufficient Input Validation CVE-2013-4340[2]: Privilege Escalation

[Secure-testing-team] Bug#722605: python-django: CVE-2013-4315

2013-09-12 Thread Salvatore Bonaccorso
Package: python-django Version: 1.5.2-1 Severity: important Tags: security upstream patch fixed-upstream Hi Luke, hi Raphael This is a reminder bugreport about CVE-2013-4315, already fixed trough DSA-2755-1 (thanks Luke for the updates). [1]

[Secure-testing-team] Bug#722657: python-oauth2: CVE-2013-4347: Uses poor PRNG

2013-09-12 Thread Salvatore Bonaccorso
Package: python-oauth2 Version: 1.5.211-2 Severity: grave Tags: security upstream Hi, the following vulnerability was published for python-oauth2. CVE-2013-4347[0]: Uses poor PRNG If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in

[Secure-testing-team] Bug#722656: python-oauth2: CVE-2013-4346: _check_signature() ignores the nonce value when validating signed urls

2013-09-12 Thread Salvatore Bonaccorso
Package: python-oauth2 Severity: grave Tags: security upstream Hi, the following vulnerability was published for python-oauth2. CVE-2013-4346[0]: _check_signature() ignores the nonce value when validating signed urls If you fix the vulnerability please also make sure to include the CVE (Common

[Secure-testing-team] Bug#723118: icedtea-web: CVE-2013-4349: patch for CVE-2012-4540 not applied to 1.4 branch

2013-09-16 Thread Salvatore Bonaccorso
Package: icedtea-web Version: 1.4-3~deb7u1 Severity: grave Tags: security upstream patch fixed-upstream Control: found -1 1.4-3 Hi the following vulnerability was published for icedtea-web. CVE-2013-4349[0]: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow This

[Secure-testing-team] Bug#723179: proftpd-dfsg: CVE-2013-4359

2013-09-17 Thread Salvatore Bonaccorso
Package: proftpd-dfsg Severity: important Tags: security upstream Hi, the following vulnerability was published for proftpd-dfsg. CVE-2013-4359[0]: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication If you fix the vulnerability please also make sure to include the CVE

[Secure-testing-team] Bug#725439: gnupg: CVE-2013-4402: infinite recursion in the compressed packet parser

2013-10-05 Thread Salvatore Bonaccorso
Package: gnupg Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerability was published for gnupg. CVE-2013-4402[0]: infinite recursion in the compressed packet parser If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities

[Secure-testing-team] Bug#725902: slim: CVE-2013-4412: NULL pointer dereference

2013-10-09 Thread Salvatore Bonaccorso
Package: slim Severity: important Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for slim. CVE-2013-4412[0]: NULL ptr dereference Upstream fix is at [1] and as eglibc (= 2.17) is only in jessie and unstable it does not affect oldstable and stable.

[Secure-testing-team] Bug#725938: libtar: CVE-2013-4397: Integer overflow

2013-10-10 Thread Salvatore Bonaccorso
Package: libtar Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libtar. CVE-2013-4397[0]: Integer overflow Upstream announcement is at [1] and the commit fixing this issue is at [2]. 1.2.20 upstream fixes this issues too. But see

[Secure-testing-team] Bug#726019: dropbear: CVE-2013-4421

2013-10-11 Thread Salvatore Bonaccorso
Package: dropbear Severity: important Tags: security patch upstream Hi, the following vulnerability was published for dropbear. CVE-2013-4421[0]: memory exhaustion denial of service See also [1] for the isolated upstream patch. If you fix the vulnerability please also make sure to include the

  1   2   3   4   5   6   7   8   9   10   >