retitle 499076 CVE-2009-4411: Physical walk no longer ignores all symlinks
tags 499076 security
severity 499076 serious
thanks
Hi,
this issue got a CVE id:
CVE-2009-4411[0]:
| The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when
| running in recursive (-R) mode, follow symbolic
Package: sql-ledger
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for sql-ledger.
CVE-2009-4402[0]:
| The default configuration of SQL-Ledger 2.8.24 allows remote attackers
| to perform
Package: ghostscript
Version: 8.70~dfsg-2
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ghostscript.
CVE-2009-4270[0]:
| Stack-based buffer overflow in the errprintf function in
Justin Piszcz ha scritto:
Package: smartmontools
Version: 5.38+svn2920-2
Problem: smartmontools starts too early and fails since udev is not
ready yet.
Hi,
sorry for the late reply. Could you try the 5.39-1 version please?
Cheers,
Giuseppe
signature.asc
Description: OpenPGP digital
tags 556902 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 23 Dec 2009 13:32:06 +0100.
The fix will be in the next upload.
=
Updated
tags 561866 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 23 Dec 2009 14:21:00 +0100.
The fix will be in the next upload.
=
debian
tags 561866 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 23 Dec 2009 14:21:00 +0100.
The fix will be in the next upload.
=
debian
tags 561113 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 22 Dec 2009 09:58:12 +0100.
The fix will be in the next upload.
=
Fixed crash
Package: kvm
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-4031[0]:
| The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
| emulator in the KVM subsystem in
Package: kvm
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-3638[0]:
| Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in
| arch/x86/kvm/x86.c in the
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3938 (Closes: #534680)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 22 Dec 2009 16:11:27 +0100
+
poppler (0.12.2-2) unstable; urgency=low
* Switch to quilt to manage patches.
diff -u poppler-0.12.2/debian/patches
Package: phpldapadmin
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
A vulnerability has been discovered on phpLDAPadmin, which can be exploited by
malicious people to disclose sensitive information.
Input passed via the cmd parameter to cmd.php is not
Hi,
these issues got CVE ids:
CVE-2009-4305[0]:
| SQL injection vulnerability in the SCORM module in Moodle 1.8 before
| 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to
| execute arbitrary SQL commands via vectors related to an escaping
| issue when processing AICC CRS file
Hi,
Unfortunately this vulnerability is not important enough to get it fixed via
regular security update in Debian stable. It does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.
[1]
Package: jbossas4
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for jbossas4.
CVE-2009-0027[0]:
| The request handler in JBossWS in JBoss Enterprise Application
| Platform (aka JBoss EAP
tags 560241 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Mon, 14 Dec 2009 12:18:12 +0100.
The fix will be in the next upload.
=
Adeed
Krzysztof Sobolewski ha scritto:
Package: smartmontools
Version: 5.38+svn2956-1
Severity: normal
I have an Intel X25-M SSD and smartd doesn't like it very much.
Every half an hour the drive (along with most of the system) freezes
for about 20 seconds. syslog says:
Dec 11 11:55:28
Package: icedove
Version: 2.0.0.22-1.1
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
please upgrade to 3.0
Cheers,
Giuseppe
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksfrWoACgkQNxpp46476aqpcQCfTbkixRj6B3QiJVHX3D4K1iLp
@@
+libstruts1.2-java (1.2.9-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Fixed CVE-2008-2025: Cross-site scripting (XSS) vulnerability.
+(Closes: #528352)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 06 Dec 2009 14:13:59 +0100
+
libstruts1.2-java
Package: kdelibs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: kde4libs
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kde4libs.
CVE-2009-0689[0]:
| The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in
| FreeBSD 6.4 and
Package: firefox-sage
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for firefox-sage.
CVE-2009-4102[0]:
| Sage 1.4.3 and earlier extension for Firefox performs certain
| operations with
Package: msmtp
Version: 1.4.9-1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for msmtp.
CVE-2009-3942[0]:
| Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not
| properly handle a '\0'
Package: mpop
Version: 1.0.5-1etch1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mpop.
CVE-2009-3941[0]:
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not
|
tags 549436 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sat, 14 Nov 2009 12:16:47 +0100.
The fix will be in the next upload.
=
debian/wp
tags 555729 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Thu, 12 Nov 2009 07:55:40 +0100.
The fix will be in the next upload.
=
Updated
Package: shibboleth-sp2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for shibboleth-sp2.
CVE-2009-3300[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the Identity
|
tags 554618 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 10 Nov 2009 17:52:03 +0100.
The fix will be in the next upload.
=
Build
Hi,
Quanah Gibson-Mount wrote:
Also, if Debian's still supporting anything based on OL 2.3, I have a clean
patch for this issue for it as well.
Could you send the patch for OL 2.3 please?
Thanks in advance,
Giuseppe
signature.asc
Description: OpenPGP digital signature
; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 10 Nov 2009 19:09:45 +0100
+
openldap (2.4.17-2
@@
+libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
+via crafted files (Closes: #552534)
+
+ -- Giuseppe Iuculano iucul...@debian.org Mon, 09 Nov 2009 21:19:11 +0100
Patrick Matthäi ha scritto:
Very cute.
This autobuilder, which starts on booting the machine, built the module
correctly, which would mean, that it was built there as user root, but
calling it from the maintainer scripts = nobody..
Where we can find the fglrx-modules-dkms package? dkms
tags 554168 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Tue, 3 Nov 2009 22:47:51 +0100.
The fix will be in the next upload.
=
Do not build
Package: wireshark
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3829[0]:
| Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows
| remote attackers
Package: snort
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for snort.
CVE-2009-3641[0]:
| Snort before 2.8.5.1, when the -v option is enabled, allows remote
| attackers to cause a
Package: qemu
Version: 0.10.6-1
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qemu.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU
Package: kvm
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kvm.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU 0.10.6 and earlier might
Package: openldap
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for openldap.
CVE-2009-3767[0]:
| libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not
| properly
Package: mutt
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for mutt.
CVE-2009-3766[0]:
| mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the
| domain name in the
Package: squidguard
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for squidguard.
CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass
Hi,
Helge Kreutzmann ha scritto:
clone 546212 -1
found -1 4:3.5.10.dfsg.1-0lenny2
severity -1 serious
thanks
- Forwarded message from Giuseppe Iuculano iucul...@debian.org -
...
Debian Security Advisory DSA-1916-1 secur...@debian.org
http://www.debian.org
Package: wnpp
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm giving isoqlog up for adoption as I no longer use it.
Description: Mail Transport Agent log analysis program
Isoqlog is an MTA log analysis program written in C.
It designed to scan qmail, postfix, sendmail
Package: wnpp
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm giving ipband up for adoption as I no longer use it.
Description: daemon for subnet bandwidth monitoring with reporting via email
This is a daemon which can monitor as many different subnets (or individual
hosts,
tags 552417 moreinfo
thanks
Hi,
Doug Baldwin ha scritto:
Originally installed Lenny using network installation CD,
followed prompts for RAID-1. Recently upgraded to Squeeze.
All works with 2.6.26. However, system fails to boot with
2.6.30. Error message is: Unable to mount vg00 volume
Hi,
Daniel Leidert ha scritto:
The dpatch patch is already available at
http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
Shall I prepare the packages (I'm registered as DM for expat 2.0.1,
but not for expat in oldstable) or do you
tags 551380 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Wed, 21 Oct 2009 21:40:44 +0200.
The fix will be in the next upload.
=
Use /var
to Cyril Brulebois
+(Closes: #550424)
+
+ -- Giuseppe Iuculano iucul...@debian.org Wed, 21 Oct 2009 23:54:35 +0200
+
openexr (1.6.1-4) unstable; urgency=low
* Adopt the package within pkg-phototools (Closes: #494877):
diff -u openexr-1.6.1/debian/patches/series openexr-1.6.1/debian/patches
Package: openoffice.org
Version: 1:3.1.1-2
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openoffice.org.
CVE-2009-3569[0]:
| Stack-based buffer overflow in OpenOffice.org (OOo) allows remote
|
Package: aria2
Version: 0.14.0-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for aria2.
CVE-2009-3575[0]:
| Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3,
|
Package: puppet
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for puppet.
CVE-2009-3564[0]:
| puppetmasterd in puppet 0.24.6 does not reset supplementary groups
| when it switches to a
Patch:
http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/DHTRoutingTableDeserializer.cc?r1=670r2=1041
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Rene Engelhard ha scritto:
If you tell me how they should be fixed if no one ever knew about that except
the VulnDisco Pack author...
You are right, the details are unknown, but this bug was opened for tracking
purpose.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
:
#546212)
+
+ -- Giuseppe Iuculano iucul...@debian.org Wed, 14 Oct 2009 09:57:26 +0200
+
kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low
* Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
only in patch2:
unchanged:
--- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009
Hi,
below the upstream answer.
The LifeTime? value in '-l selftest' output is not truncated by smartctl. The
'Life timestamp' field in the ATA Self-test log data structure is a 16 bit
quantity. Same applies to '-l xselftest'. See tables A.13 and A.21 of
T13/1699-D Revision 6a.
If it
tags 544940 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano iucul...@debian.org on Sun, 11 Oct 2009 09:26:05 +0200.
The fix will be in the next upload.
=
Updated
)
+Thanks to Dann Frazier (Closes: 548975)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 09 Oct 2009 19:07:06 +0200
+
kvm (85+dfsg-4) unstable; urgency=low
* upload to unstanble
diff -u kvm-85+dfsg/debian/patches/series kvm-85+dfsg/debian/patches/series
--- kvm-85+dfsg/debian/patches/series
-maintainer upload by the testing Security Team.
+ * mimetex.c: replace strcpy with strninit macro that uses strncpy, adjust
+some buffer sizes. (CVE-2009-1382)
+ * mimetex.c: disable input and counter tags. (CVE-2009-2459)
+Thanks to Marc Deslauriers (Closes: 537254)
+
+ -- Giuseppe
+
+ * Non-maintainer upload by the testing Security Team.
+ * Include patch to fix buffer overflow in content processing code
+Fixes: CVE-2009-2905 Closes: #548198
+
+ -- Giuseppe Iuculano iucul...@debian.org Tue, 06 Oct 2009 17:29:33 +0200
+
newt (0.52.10-4) unstable; urgency=low
* Add Ubuntu
/changelog
+++ htmldoc-1.8.27/debian/changelog
@@ -1,3 +1,11 @@
+htmldoc (1.8.27-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3050: Stack-based buffer overflow when setting custom page
+output size (Closes: #537637)
+
+ -- Giuseppe Iuculano
+
+ * Non-maintainer upload by the testing Security Team.
+ * Add patch from Christoph Biedl to fix server assert involving client
+IDs and hardware addresses (CVE-2009-1892) (Closes: #549584)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 04 Oct 2009 17:41:00 +0200
+
dhcp3 (3.1.2p1-1
@@
+wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed Integer overflow in the wxImage::Create function.
+(CVE-2009-2369) (Closes: #537175)
+ * Avoid name clashes with GSocket from glib 2.21+ and fixed FTBFS
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat, 03 Oct
/debian/changelog
@@ -1,3 +1,11 @@
+kolab-cyrus-imapd (2.2.13-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Fix buffer overflow in SIEVE script component
+(CVE-2009-3235, CVE-2009-2632) (Closes: 547712)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat
Giuseppe Iuculano ha scritto:
Hi,
Attached is a debdiff of the changes I made for 2.2.13-5.1 0-day NMU
Cheers,
Giuseppe.
The DH_VERBOSE export in debian/rules was not included.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: wget
Version: 1.11.4-4
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for wget.
CVE-2009-3490[0]:
| GNU Wget before 1.12 does not properly handle a '\0' character in a
| domain
Ola Lundqvist ha scritto:
Sure. In that case where do I upload it. To lenny-proposed-updates?
stable-proposed-updates for lenny and oldstable-proposed-updates for etch.[1]
Please contact the stable release team before you upload.
tags 548582 unreproducible
thanks
Hi Frank,
Frank B. Brokken ha scritto:
it finds the false positive. It isn't reported (which is OK) but the banner
The following suspicious files and directories were found:
I can't reproduced that. The code is:
if [ ${QUIET} != t ]; then
tags 548232 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sat, 26 Sep 2009 00:23:50 +0200.
The fix will be in the next upload.
=
Add menu
-2.2.13/debian/changelog
+++ cyrus-imapd-2.2-2.2.13/debian/changelog
@@ -1,3 +1,17 @@
+cyrus-imapd-2.2 (2.2.13-14+lenny3) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * sieve/bc_eval.c: Use snprintf to avoid buffer overruns
+
+ -- Giuseppe Iuculano giuse
Reid Priedhorsky ha scritto:
Yeah, I could look into that. Can you point me to some way to do so on
Lenny that's not too disruptive? I don't want to do a full upgrade to
testing.
Are you using i386 or amd64?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: cyrus-imapd-2.2
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for cyrus-imapd-2.2.
CVE-2009-3235[0]:
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
|
notfixed 547947 2.2.13-15
thanks
Benjamin Seidenberg ha scritto:
A fix was released before the CVE was even published
Patch:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h
Hi Henrique,
Henrique de Moraes Holschuh ha scritto:
Also, we need the same fix to be applied to stable and old-stable...
I've prepared stable and oldstable packages:
http://sd6.iuculano.it/sec/cyrus-imapd-2.2/
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
|
Package: dovecot
Version: 1.0.rc15-2etch4
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for dovecot.
CVE-2009-3235[0]:
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
| 1.0 before
Package: kolab-cyrus-imapd
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kolab-cyrus-imapd.
CVE-2009-2632[0]:
| Buffer overflow in the SIEVE script component (sieve/script.c), as
| used
reassign 546823 libcap-ng
retitle 546823 libcap-ng broken on armel
thanks
Sascha Silbe ha scritto:
I've hit this issue on a fresh installation. captest (from libcap-ng-utils)
segfaults as well, so it's probably a libcap-ng bug and not a smartmontools
one:
I agree.
Cheers,
Giuseppe.
Tormod Volden ha scritto:
I reopen this bug so don't lose it off the radar. Giuseppe, do you have
any comments here or on the Debian bug?
I already cherry-picked your [f333bc0] (nodmraid boot option), but I have some
doubts about [54b8d6f]. Reverting that change will break all broken
severity 514706 important
thanks
Hi,
new dmraid 1.0.0.rc16 version needs libdevmapper-event and dmeventd, please
package them.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: bugzilla
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for bugzilla.
CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4
retitle 546791 CVE-2009-3233: shell command injection via filename
thanks
Hi,
this issue got a CVE id:
Name: CVE-2009-3233
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3233
Reference: MLIST:[oss-security] 20090916 CVE id request: changetrack
Reference:
@@
+wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed Integer overflow in the wxImage::Create function.
+(CVE-2009-2369) (Closes: #537175)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 17 Sep 2009 17:17:44 +0200
+
wxwidgets2.6 (2.6.3.2.2-3) unstable
tags 547197 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Thu, 17 Sep 2009 18:58:36 +0200.
The fix will be in the next upload.
=
debian
Hi,
Simon McVittie ha scritto:
A package failed to install. Trying to recover:
Setting up smartmontools (5.38+svn2879-4) ...
Starting S.M.A.R.T. daemon: smartdSegmentation fault
failed!
invoke-rc.d: initscript smartmontools, action start failed.
When I downgrade to 5.38-3, it works
Hi,
Ghent ha scritto:
I have just upgraded smartmontools to 5.38+svn2879-4 and the installation
failed because smartmontools doesn't find anymore my disks.
If I use DEVICESCAN in smartd.conf :
$ Opened configuration file /etc/smartd.conf
$ Configuration file /etc/smartd.conf was parsed,
tags 541192 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Wed, 16 Sep 2009 10:57:27 +0200.
The fix will be in the next upload.
=
run.d
Hi,
Could you please check if the version in unstable/testing (5.38+svn2879-4)
works?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi,
Could you please check if the version in unstable/testing (5.38+svn2879-4)
works?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi,
Could you please check if the version in unstable/testing (5.38+svn2879-4)
works?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi,
Could you please check if the version in unstable/testing (5.38+svn2879-4)
works?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: whitedune
Version: 0.28.13-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for whitedune.
CVE-2008-7228[0]:
| Multiple format string vulnerabilities in White_Dune before
|
severity 546903 minor
thanks
Hi Joerg,
Joerg Scheurich aka MUFTI ha scritto:
So i should say something about the impact and attack vectors:
To enable the problem, white_dune must be compiled with the --with-aflockdebug
option of ./configure. The debian binary versions are not compiled with
tags 544473 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Wed, 16 Sep 2009 20:35:38 +0200.
The fix will be in the next upload.
=
Depend
Package: xmp
Version: 2.0.4d-11
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers
| to
Hi Francesco,
Francesco Potorti` ha scritto:
As I stated in a previous message, there are two issues: one is with the
program itself, and one with the packaging.
Please reopen this bug.
Ok, Quoting your previous message:
1) smartd problem: if a 'mail' program is not found, smartd does
retitle 546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
tag 546730 lenny etch
fixed 546730 2.6.1-1
thanks
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote
Francesco Potorti` ha scritto:
I think this is a bug. If I explicitely ask for a mail, the program
should give an error telling me that this is not possible, rather than
failing silently.
from smartd.conf(5)
By default, email is sent using the system mail command. In order that
smartd
Francesco Potorti` ha scritto:
As I had reported previously in some detail, I spent quite some time
trying to figure out what was happening, and the logs were not helpful.
For your reference, I just reproduced the problem by temporarily
removing the /usr/bin/mail symbolic link. Here is a
Francesco Potorti` ha scritto:
If you use -M exec /usr/share/smartmontools/smartd-runner this is expected.
It
is a specific Debian script and it launches every script in
/etc/smartmontools/run.d/ instead of the hardcoded /usr/bin/mail.
Try to remove the -M exec option, and you will get a
Francesco Potorti` ha scritto:
No, that *is* *intentional*. script under /etc/smartmontools/run.d/ must not
return errors.
I see. However, even if it intentional, I think it is a bug. If
something goes wrong, for whatever reason, and you conceal the error
message that enables the user to
Francesco Potorti` ha scritto:
What you describe is a software decision that has a problem (a bug).
There must be a way out of this problem. If that decision cannot be
modified for some reason, then some other way should be found. One
possibility would be for the init.d script to signal an
401 - 500 of 963 matches
Mail list logo
