*** This bug is a security vulnerability ***
Public security bug reported:
Quoting CVE-2008-1657:
OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config
ForceCommand directive by modifying the .ssh/rc session file.
** Affects: openssh (Ubuntu)
Importance: Undecided
No updated packages were available last night from ther German Ubuntu
mirror. Are the new langpack updates only available through the
proposed-repos?
--
context menu entry Paste File [and other dialogs] not translated into German
(anymore)
https://bugs.launchpad.net/bugs/196106
You received
Originally this bug report was intended mainly for CVE-2008-1332 and
CVE-2008-1333, which I both added as CVE references. I only mentioned
CVE-2007-6430 because it's in DSA-1525-1, but wrote that it's been
handled in Bug#199118 and therefore didn't add a CVE reference to this
bug report.
Also, I
Ah yes, now that you've mentioned it, I've also sometimes stumbled on
Launpad's automacially adding of CVEs in comments. Nice meant, but
seemingly sometimes very insane feature ;-)
Okay, will keep in mind to manually add MOTU SWAT to related bug
reports, though I'd bet something on it that I've
Could this be marked as Confirmed for the currently stable releases? I
dont't know how to do it or won't have the required permissions. I fear
that with all the work concentrating on Hardy and marking bug reports as
Fix Released only because the current development branch has been
upgraded
Won't there be security upgrades for the stable releases? Gutsy's sun-
java6 is still at 6-03-0ubuntu2.
--
[sun-java] security update available from upstream
https://bugs.launchpad.net/bugs/199477
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
References:
DSA-1525-1 (http://www.debian.org/security/2008/dsa-1525)
(Note: CVE-2007-6430 has already been reported as Bug#199118, but is
still open for all stable releases.)
Quoting:
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1536-1 (http://www.debian.org/security/2008/dsa-1536)
Quoting:
Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
The same CVEs cover iceape:
DSA-1534-1 (http://www.debian.org/security/2008/dsa-1534)
** Also affects: iceape (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [xulrunner] [DSA-1532-1] several vulnerabilities
+ [xulrunner, iceape] [DSA-1532-1, DSA-1534-1] several
See also Bug#210163.
** Summary changed:
- [libxine1] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
execution
+ [xine-lib] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
execution
--
[xine-lib] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vmware-server
VMware Server as provided from Canonical's partner repository for Gutsy is still
version 1.04, while a security updated version 1.05 is available from
upstream.
Security Issues
*** This bug is a security vulnerability ***
Public security bug reported:
References:
MDVSA-2008:078
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:078)
Quoting:
OpenSSH allows local users to hijack forwarded X connections by causing
ssh to set DISPLAY to :10, even when
See also:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362001
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432753
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444976
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460048
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: serendipity
References:
DSA-1528-1 (http://www.debian.org/security/2008/dsa-1528)
Quoting:
Peter Hüwe and Hanno Böck discovered that Serendipity, a weblog manager,
did not properly sanitise input to
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1529-1 (http://www.debian.org/security/2008/dsa-1529)
Quoting:
Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of
See also:
DSA-1530-1 (http://www.debian.org/security/2008/dsa-1530)
** Bug watch added: Debian Bug tracker #467653
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653
** Also affects: cupsys (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653
Importance: Unknown
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: xulrunner
References:
DSA-1532-1 (http://www.debian.org/security/2008/dsa-1532)
Quoting:
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications.
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: exiftags
References:
DSA-1533-1 (http://www.debian.org/security/2008/dsa-1533)
Quoting:
Christian Schmid and Meder Kydyraliev (Google Security) discovered a
number of vulnerabilities in exiftags, a
Argh, sorry, missed a cross-check... This has already been fixed in
USN-526-1.
** Changed in: debian-goodies (Ubuntu)
Status: New = Fix Released
--
[debian-goodies] [CVE-2007-3912] insufficient input sanitising
https://bugs.launchpad.net/bugs/210128
You received this bug notification
See also Bug#210163.
--
[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer
https://bugs.launchpad.net/bugs/195700
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: policyd-weight
References:
DSA-1531-2 (http://www.debian.org/security/2008/dsa-1531)
Quoting:
Chris Howells discovered that policyd-weight, a policy daemon for the Postfix
mail transport agent,
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: debian-goodies
References:
DSA-1527-1 (http://www.debian.org/security/2008/dsa-1527)
Quoting:
Thomas de Grenier de Latour discovered that the checkrestart tool in the
debian-goodies suite of
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libkrb53
References:
GLSA 200803-31 (http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml)
MDVSA-2008:069
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:069)
Quoting GLSA
*** This bug is a security vulnerability ***
Public security bug reported:
This bug report is intended for the stable releases. For Hardy, this
seems to have been fixed, see Bug#204557.
Quoting CVE-2008-1482:
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote
attackers to
Sadly
[UPGRADE] language-pack-de 1:6.06+20080204 - 1:6.06+20080303
[UPGRADE] language-pack-kde-de 1:6.06+20080204 - 1:6.06+20080303
didn't improve the situation; I guess that the new packages were built
before the problem has been found?
--
context menu entry Paste File [and other dialogs] not
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: lighttpd
References:
DSA-1540-1 (http://www.debian.org/security/2008/dsa-1540)
Quoting:
It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1539-1 (http://www.debian.org/security/2008/dsa-1539)
Quoting:
Chris Schmidt and Daniel Morissette discovered two vulnerabilities
in mapserver, a development environment for spatial and mapping
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vlc
References:
DSA-1543-1 (http://www.debian.org/security/2008/dsa-1543)
Quoting:
Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido
Landi, Felipe Manzano, Anibal Sacco and others
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: pdns-recursor
References:
DSA-1544-1 (http://www.debian.org/security/2008/dsa-1544)
Quoting:
Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a
weak random number generator to
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: wireshark
Quoting:
CVE-2008-1561
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5
through 0.99.8 allow remote attackers to cause a denial of service (application
crash)
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: otrs2
Quoting CVE-2008-1515:
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 contains
Missing security checks, which allows remote attackers to read and modify
objects via SOAP
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: silc
Quoting CVE-2008-1552:
'The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client
before 1.1.4, and
*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
Will do so, didn't know this browse-by-CVE-feature since now. That's why
I try to have related CVEs in the summaries of new reports, so that
Launchpad's Is the bug you’re reporting one of these?-feature may
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: gs-gpl
References:
DSA-1510-1 (http://www.debian.org/security/2008/dsa-1510)
Quoting:
Chris Evans discovered a buffer overflow in the color space handling
code of the Ghostscript PostScript/PDF
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: cupsys
References:
MDVSA-2008:050
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:050)
Quoting:
Dave Camp at Critical Path Software discovered a buffer overflow
in CUPS 1.1.23 and
See also:
MDVSA-2008:052
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:052)
Adding CVE-2008-0783 and CVE-2008-0784.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0783
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0784
--
Public bug reported:
Whenever a file system check (possibly only affects the root file
system) happens on system boot (due to maximum mount count or check
interval reached on ext3), after system startup is complete, no network
shares from fstab show up in mtab, but the shares have been mounted.
Public bug reported:
Binary package hint: kaffeine
The current kaffeine 0.8.6-0ubuntu3~gutsy1 from gutsy-backports/main
breaks kubuntu-desktop due to missing kaffeine-xine.
$ sudo aptitude dist-upgrade -s
Reading package lists... Done
Building dependency tree
Reading state information... Done
Public bug reported:
Binary package hint: language-pack-kde-de
Also affects: language-pack-de
I noticed some regressions in the recently updated language-pack-kde-de
for the German localization, namely in konsole and klipper.
konsole now shows Befehlsfenster No. 2 and so forth instead of
** Description changed:
Binary package hint: language-pack-kde-de
Also affects: language-pack-de
I noticed some regressions in the recently updated language-pack-kde-de
- for the German localization, namely in konsole and klipper.
+ for the German localization, namely in konsole,
I did replay my backup once more, so I could give a more accurate
description on konqueror's context menu. A pity I didn't figured out how
to make a screenshot of those context menus...
This is with language-pack-kde-de 6.06+20070803:
Neu erstellen
AufwärtsAlt+Nach oben
Zurück
*** This bug is a duplicate of bug 196106 ***
https://bugs.launchpad.net/bugs/196106
** This bug has been marked a duplicate of bug 196106
context menu entry Paste File [and other dialogs] not translated into
German (anymore)
--
[dapper] [language-pack-kde-de] regression in German
Please see also Bug #197656.
** Changed in: language-pack-kde-de (Ubuntu)
Status: New = Confirmed
--
context menu entry Paste File [and other dialogs] not translated into German
(anymore)
https://bugs.launchpad.net/bugs/196106
You received this bug notification because you are a member
MDVSA-2008:045
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:045) also lists
the following xine-lib issues, which also affects
MPlayer due to code similarity.:
CVE-2008-0225
CVE-2008-0238
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0225
** CVE
Thanks for the info.
Since nobody has complained that I've been spamming Ubuntu's
bugtracker with security advisories from other distributions (well,
mostly Debian) , I'll continue to do so as available time permits.
Especially for kernel-related advisories with multiple CVEs, I hope it's
Public bug reported:
Binary package hint: gnatsweb
References:
DSA-1486-1 (http://www.debian.org/security/2008/dsa-1486)
Quoting:
'r0t' discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script. This
could allow the
Public bug reported:
Binary package hint: python-cherrypy
References:
DSA-1481-1 (http://www.debian.org/security/2008/dsa-1481)
Quoting:
It was discovered that a directory traversal vulnerability in CherryPy,
a pythonic, object-oriented web development framework may lead to denial
of service by
Public bug reported:
Binary package hint: wml
References:
DSA-1492-1 (http://www.debian.org/security/2008/dsa-1492)
Quoting:
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the
Public bug reported:
Binary package hint: tk8.3
References:
DSA-1490-1 (http://www.debian.org/security/2008/dsa-1490)
DSA-1491-1 (http://www.debian.org/security/2008/dsa-1491)
Quoting:
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical
See also the following Debian Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589
--
[phpbb2] several remote vulnerabilities
https://bugs.launchpad.net/bugs/191201
You
Public bug reported:
Binary package hint: phpbb2
References:
DSA-1488-1 (http://www.debian.org/security/2008/dsa-1488)
Quoting:
Several remote vulnerabilities have been discovered in phpBB, a web
based bulletin board.
The Common Vulnerabilities and Exposures project identifies the
following
DSA-1487-1 also mentions CVE-2007-2645, which already got fixed with
USN-471-1.
--
[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code
execution
https://bugs.launchpad.net/bugs/181713
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This has also been fixed for Debian:
DSA-1487-1 (http://www.debian.org/security/2008/dsa-1487)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2645
--
[libexif] [CVE-2007-6351] [CVE-2007-6352] possibility of DoS or arbitrary code
execution
Public bug reported:
References:
DSA-1493-1 (http://www.debian.org/security/2008/dsa-1493)
Quoting:
Several local/remote vulnerabilities have been discovered in the image
loading library for the Simple DirectMedia Layer 1.2. The Common
Vulnerabilities and Exposures project identifies the
Public bug reported:
Binary package hint: linux-source
References:
DSA-1494-1 (http://www.debian.org/security/2008/dsa-1494)
Quoting:
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel
Oops, CVE-2008-0007 was already listed under CVE references. Well, so
I've just added some additional info.
--
[linux-source] several local vulnerabilities
https://bugs.launchpad.net/bugs/187275
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact
Adding CVE-2008-0007 from SUSE-SA:2008:006 (http://lists.opensuse.org
/opensuse-security-announce/2008-02/msg2.html).
Quoting SUSE-SA:2008:006:
Insufficient range checks in certain fault handlers could be used by local
attackers to potentially read or write kernel memory.
Quoting
Have there been any updates for the stable releases?
--
[python] Multiple integer overflow vulnerabilities possibly resulting in the
execution of arbitrary code or DoS
https://bugs.launchpad.net/bugs/163845
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
See also:
MDVSA-2008:043
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:043)
A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local attackers
to overwrite arbitrary kernel memory and gain root privileges.
Public bug reported:
Binary package hint: libqt4-core
References:
MDVSA-2008:042
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:042)
SUSE-SR:2008:002
(http://www.novell.com/linux/security/advisories/suse_security_summary_report.html)
Quoting CVE-2007-5965:
QSslSocket in
Public bug reported:
References:
MDVSA-2008:037
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:037)
Quoting:
A stack-based buffer overflow was discovered in libcdio that allowed
context-dependent attackers to cause a denial of service (core dump)
and possibly execute arbitrary
Have there been any updates for the stable releases?
--
[emacs] [CVE-2007-6109] buffer overflow
https://bugs.launchpad.net/bugs/174177
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Public bug reported:
Binary package hint: mplayer
References:
DSA-1496-1 (http://www.debian.org/security/2008/dsa-1496)
Quoting:
Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and
Launchpad automatically sets linux-meta if a bug is reported against
linux-source.
--
[linux-source] [CVE-2007-5966] integer overflow in the hrtimer_start function
in kernel/hrtimer.c, local vulnerabilty
https://bugs.launchpad.net/bugs/180289
You received this bug notification because you are a
I've subscribed Emanuele Gentili to this bug. Since he's provided
updated packages for VLC just some time ago (see Bug #195949), it would
be great if he could take a look at this one.
--
vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: dovecot
References:
DSA-1516-1 (http://www.debian.org/security/2008/dsa-1516)
Quoting:
Prior to this update, the default configuration for Dovecot used by
Debian runs the server daemons with group
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: backup-manager
References:
DSA-1518-1 (http://www.debian.org/security/2008/dsa-1518)
Quoting:
Micha Lenk discovered that backup-manager, a command-line backup tool,
sends the password as a command
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ldapscripts
References:
DSA-1517-1 (http://www.debian.org/security/2008/dsa-1517)
Quoting:
Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: horde3
References:
DSA-1519-1 (http://www.debian.org/security/2008/dsa-1519)
Quoting:
It was discovered that the Horde web application framework permits arbitrary
file inclusion by a remote attacker
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: lighttpd
References:
DSA-1521-1 (http://www.debian.org/security/2008/dsa-1521)
Quoting:
Julien Cayzac discovered that under certain circumstances lighttpd,
a fast webserver with minimal memory
*** This bug is a duplicate of bug 202422 ***
https://bugs.launchpad.net/bugs/202422
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: smarty
References:
DSA-1520-1 (http://www.debian.org/security/2008/dsa-1520)
Quoting:
It was discovered that
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ikiwiki
References:
DSA-1523-1 (http://www.debian.org/security/2008/dsa-1523)
Quoting:
Josh Triplett discovered that ikiwiki did not block Javascript in
URLs, leading to cross-site scripting
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: unzip
References:
DSA 1522-1 (http://www.debian.org/security/2008/dsa-1522)
Quoting:
Tavis Ormandy discovered that unzip, when processing specially crafted
ZIP archives, could pass invalid pointers
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: sarg
References:
SUSE-SR:2008:006
Quoting CVE-2008-116:
Stack-based buffer overflow in the useragent function in useragent.c in Squid
Analysis Report Generator (Sarg) 2.2.3.1 allows remote
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libxine1
References:
SUSE-SR:2008:006
Quoting CVE-2008-1161:
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in
xine-lib before 1.1.10 allows remote attackers to cause a denial
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libbind9-0
References:
SUSE-SR:2008:006
Quoting CVE-2008-0122:
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and
earlier, as used in libc in FreeBSD 6.2 through
My guess would be something related to busybox-initramfs or initramfs-
tools. fsck on the root file system on system boot happens while the
system is still running from initrd.
--
after fsck on startup, no network filesystems are shown in mtab
https://bugs.launchpad.net/bugs/196420
You received
Um, I guess the CVE references list got a little too long, because the
added references won't show up any more...
Adding them here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071
Okay, after mentioning the new CVEs in my previous comment, they
suddenly showed up in the CVE references list. Weird.
--
[wireshark] multiple vulnerabilities
https://bugs.launchpad.net/bugs/172283
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Please see also:
DSA-1511-1 (http://www.debian.org/security/2008/dsa-1511)
** Bug watch added: Debian Bug tracker #463688
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688
** Also affects: icu (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688
Importance: Unknown
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: gnumeric
References:
MDVSA-2008:056
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:056)
Quoting:
A vulnerability was found in the excel_read_HLINK function in the
Microsoft Excel
*** This bug is a security vulnerability ***
Public security bug reported:
References:
MDVSA-2008:054
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:054)
Quoting:
A vulnerability was discovered by Havoc Pennington in how the
dbus-daemon applied its security policy. A user with
Also adding CVE references mentioned in MDVSA-2008:057
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:057).
--
[wireshark] multiple vulnerabilities
https://bugs.launchpad.net/bugs/172283
You received this bug notification because you are a member of Ubuntu
Bugs, which is
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: phpmyadmin
References:
PMASA-2008-1
(http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1)
Quoting:
Description:
We received an advisory from Richard Cunningham, and we wish to thank
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: evolution
References:
SA29057 (http://secunia.com/advisories/29057/)
Quoting:
Secunia Research has discovered a vulnerability in Evolution, which can be
exploited by malicious people to compromise
Has just been fixed in Debian, see DSA-1512-1
(http://www.debian.org/security/2008/dsa-1512) (link may not work until
the page has been generated).
--
[evolution] [CVE-2008-0072] format string error, possible arbitrary code
execution
https://bugs.launchpad.net/bugs/198742
You received this bug
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: tcl
References:
MDVSA-2008:059
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:059)
Quoting:
A flaw in the Tcl regular expression handling engine was originally
discovered by Will
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
Got this from SUSE-SR:2008:005. Quoting CVE-2007-6430:
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and
Business Edition B.x.x before B.2.3.6 and C.x.x before
** Summary changed:
- [asterisk] missing input sanitising
+ [asterisk] [CVE-2007-6170] missing input sanitising
--
[asterisk] [CVE-2007-6170] missing input sanitising
https://bugs.launchpad.net/bugs/173610
You received this bug notification because you are a member of Ubuntu
Bugs, which is
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2)
misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://www.debian.org/security/2008/dsa-1485)
-
** Description changed:
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2)
misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://www.debian.org/security/2008/dsa-1485)
- MDVSA-2008:062
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: opera
Opera as provided from Canonical's partner repository for Gutsy is still
version 9.25, while a security updated version 9.26 is available from
upstream. They also provide updated packages for
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: sun-java6-jre
Sun provides updated java packages which contains fixes for one or more
security vulnerabilities.
References:
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05
**
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: moin
References:
DSA-1514-1 (http://www.debian.org/security/2008/dsa-1514)
Quoting:
Several remote vulnerabilities have been discovered in MoinMoin, a
Python clone of WikiWiki. The Common
I've tested the current Kubuntu Hardy Alpha within VMware Server running
on Kubuntu Gutsy. It seems Hardy is NOT affected by this bug report, but
Dapper up to Gutsy are. But since this is not a security related bug, my
hopes for a fix for the stable releases aren't that high...
--
after fsck on
Public bug reported:
Binary package hint: e2fsprogs
Whenever modifying an ext3 file system with tune2fs on the current Hardy Alpha,
I get the following message on next boot:
primary superblock features different from backup superblock
Then fsck is forced on the file system.
This has been
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libnet-dns-perl
References:
DSA-1515-1 (http://www.debian.org/security/2008/dsa-1515) (page has not been
generated at the time of this writing)
Note: CVE-2007-3377 and CVE-2007-3409 have been
Coming over from Bug #201437.
I'd say that fsck errors on each startup after using tune2fs wouldn't
earn Ubuntu any laurels, especially for Hardy as an LTS release. So if
e2fsprogs 1.40.7 cannot be integrated in Hardy for whatever reasons, I
suggest that some hand-picked bug fixes should be
Public bug reported:
Binary package hint: xdg-utils
References:
MDVSA-2008:031
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:031)
Quoting:
A vulnerability was found in xdg-open and xdg-email commands, which
allows remote attackers to execute arbitrary commands if the user is
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: clamav
References:
DSA-1497-1 (http://www.debian.org/security/2008/dsa-1497)
Quoting:
Several vulnerabilities have been discovered in the Clam anti-virus
toolkit, which may lead to the execution of
1 - 100 of 322 matches
Mail list logo
