advisories

ken Fri, 02 Apr 2021 12:14:57 -0700

Author: ken
Date: Fri Apr  2 11:57:07 2021
New Revision: 1788

Log:
Add the advisories for flac, libssh2 and xdg-utils.


Modified:
   html/trunk/blfs/advisories/10.1.html

Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html        Fri Apr  2 11:38:50 2021        
(r1787)
+++ html/trunk/blfs/advisories/10.1.html        Fri Apr  2 11:57:07 2021        
(r1788)
@@ -68,6 +68,16 @@
     <a href="consolidated.html#sa-10.1-008">10.1-008</a></p>
 <!-- end of Firefox -->
 
+    <h3>Flac</h3>
+    <h4>10.1 022 Flac Date: 2021-04-02  Severity: Medium</h4>
+    <p>In Flac up to and including 1.3.3, a heap buffer overflow could lead to
+    remote information disclosure. This has been fixed upstream but no new 
version
+    has been released. To fix this apply the patch from the development books 
or
+    upgrade to a later version if one is released.
+    <a href="consolidated.html#sa-10.1-022">10.1-022</a>.</p>
+
+<!-- end of Flac -->
+
     <h3>glib2</h3>
     <h4>10.1 017 glib2   Date: 2021-03-29  Severity: Medium</h4>
     <p>A medium severity security vulnerability was discovered in glib2
@@ -106,6 +116,17 @@
 
 <!-- end of JS78 -->
 
+    <h3>Libssh2</h3>
+    <h4>10.1 023 Libssh2 Date: 2021-04-02  Severity: High</h4>
+    <p>In Libssh2-1.9.0 and earlier, a crafted SSH server may be able to 
disclose
+    sensitive information or cause a denial of service when the client 
connects.
+    This has been fixed upstream but no new version has been released. To fix
+    this apply the patch from the development books or upgrade to a later 
version
+    if one is released.
+    <a href="consolidated.html#sa-10.1-023">10.1-023</a>.</p>
+
+<!-- end of Libssh2 -->
+
     <h3>lxml</h3>
     <h4>10.1 014 lxml   Date: 2021-03-27  Severity: Medium</h4>
     <p>Improper input sanitization may lead to cross-site-scripting via
@@ -248,4 +269,17 @@
 
 <!-- end of Wireshark -->
 
+    <h3>XDG-Utils</h3>
+
+    <h4>10.1 024 XDG-Utils Date: 2021-04-02 Severity: Medium</h4>
+    <p>In the xdg-email component of xdg-utils 1.1.0rc1 and newer, an attacker
+    could potentially send a victim a URI that automatically attaches a 
sensitive
+    file to a new email. If a victim user does not notice that an attachment 
was
+    added and sends the email, this could result in sensitive information
+    disclosure. Until this is fixed upstream, either do not use mailto links, 
or
+    always double-check there are no unwanted attachments before sending 
emails.
+    <a href="consolidated.html#sa-10.1-024">10.1-024</a></p>
+
+<!-- end of XDG-Utils -->
+
 <!--#include virtual="/common/footer.html" -->
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[website] r1788 - html/trunk/blfs/advisories

Reply via email to