On Tue, Jan 30, 2018 at 02:31:26PM +, Simon McVittie wrote:
> The Debian security team has not generally treated Flatpak sandboxing
> bypasses as security vulnerabilities, on the basis that the sandboxed
> app provides its own security policy, so no privilege boundary is crossed
> (in the
Source: coherence
Severity: serious
Hi,
should coherence be removed (along with the depending upnp-inspector)?
It depends on gstreamer 0.10 (which will be removed from the archive),
but upstream seems inactive.
Cheers,
Moritz
___
Package: policykit-1
Version: 0.105-11
Severity: important
Tags: security
Two security issues in polkit:
CVE-2015-3255:
http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
CVE-2015-4625:
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
Package: policykit-1
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4288 for details
and patches.
Cheers,
Moritz
___
Pkg-utopia-maintainers mailing list
On Mon, Feb 18, 2013 at 09:53:53AM +, Simon McVittie wrote:
On 15/02/13 17:44, I wrote:
Severity: critical
Justification: root security hole
Sebastian Krahmer discovered and published an authentication bypass
vulnerability in pam_fprintd, caused by a bug in dbus-glib. It is
On Tue, Sep 11, 2012 at 06:59:32PM +0200, Michael Biebl wrote:
Doesn't seem to have a fix yet.
I'll mark it as no-dsa in the Security Tracker for wheezy for now.
Cheers,
Moritz
___
Pkg-utopia-maintainers mailing list
Package: network-manager
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.openwall.com/lists/oss-security/2012/02/29/2
I'm not sure if an upstream fix exists so far. If so, it would be nice to get
it fixed
for Wheezy.
Cheers,
Moritz
On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
This seems like a fairly complete explanation of the problem:
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
So, as soon as all the pieces of NM 0.9.4 make it into
Source: avahi
Severity: important
Your package has already been converted to use the hardened build
flags now emitted by dpkg-buildflags, but it needs a rebuild with
current dpkg. I've tested in a local build that this properly
enables hardened build flags.
Cheers,
Moritz
On Mon, Jan 09, 2012 at 06:33:48AM +0100, Michael Biebl wrote:
On 09.01.2012 06:02, Moritz Muehlenhoff wrote:
Source: avahi
Severity: important
Your package has already been converted to use the hardened build
flags now emitted by dpkg-buildflags,
Hm, not really. It used debhelper
On Sun, Jun 12, 2011 at 01:26:03PM +0100, Simon McVittie wrote:
Here is a proposed stable update (either for security or stable updates),
and a test-case (marshal.c). The proposed stable update is also available
on the debian-squeeze branch in git.
Please proceed with a stable point update.
Michael Biebl wrote:
Yeah, I misunderstood you in your first email. It is not about the
dependency on libx11-6, but the additional/new dependency on libsm6 and
libice6.
The problem seem to be very simple:
configure.in:915-935
The AC_PATH_XTRA macro picks up additional X11 libs if
12 matches
Mail list logo
