[Secure-testing-team] Bug#541439: CVE-2009-2730: does not properly handle a '\0' character

Package: gnutls26 Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for gnutls26. CVE-2009-2730[0]: | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' | character in a domain

[Secure-testing-team] Je sur comptable a la banque BCB je vais virée $6.million a la etranger

You are invited to Je sur comptable a la banque BCB je vais virée $6.million a la etranger. By your host Ashraf Cotu: Date: Friday August 14, 2009 Time: 8:00 am - 9:00 am (GMT +00:00) Location: Cher Ami Salut, Je suis MR, Ashraf Cotu

[Secure-testing-team] Bug#541496: linux-source-2.6.30: Local privilege escalation (incorrect proto_ops initializations)

Package: linux-source-2.6.30 Version: 2.6.30-4 Severity: critical Tags: security Justification: root security hole See: http://seclists.org/fulldisclosure/2009/Aug/0173.html See the link for a patch from Linus at the bottom. Please back patch at your earliest convenience. thank you, tim

Re: [Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA

On Fri, Aug 14, 2009 at 4:16 PM, Giuseppe Iuculano wrote: --- data/DSA/list       2009-08-14 19:31:52 UTC (rev 12594) +++ data/DSA/list       2009-08-14 20:16:54 UTC (rev 12595) @@ -2055,7 +2055,7 @@        {CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592}        [etch] - linux-2.6

Re: [Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA

Michael S Gilbert ha scritto: i don't mean to question the accuracy of this change, but just out of curiousity, how did an issue with a cve assigned in august 2007 [0] get fixed in may 2007? i understand that that's a short (3 month) difference and debian could have been aware ahead of cve

Re: [Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA

On Fri, Aug 14, 2009 at 5:16 PM, Michael S Gilbertmichael.s.gilb...@gmail.com wrote: Because in DSA-1285-1 the security team uploaded a new upstream security release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy version). ok, i can't find that claimed in the 2.0.10 etch

Re: [Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA

On Fri, Aug 14, 2009 at 5:29 PM, Giuseppe Iuculanogiuse...@iuculano.it wrote: Yes, I checked against the PoC, but also upstream confirmed[1] that [1]http://wordpress.org/development/2007/04/wordpress-213-and-2010/ i still don't see CVE-2007-4483 claimed fixed there. so the difference bettween

[Secure-testing-team] Je sur comptable a la banque BCB je vais virée $6.million a la etranger

Invitationnbsp;: Je sur comptable a la banque BCB je vais virée $6.million a la etranger. Par votre hôte Saidou Ali: Date: vendredi 14 août 2009 Heure: 19h 00 - 20h 00 (GMT+00:00) Lieu: Cher Ami Salut, Je suis MR, Saidou Ali comptable a la

Re: [Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA

Michael S Gilbert ha scritto: [1]http://wordpress.org/development/2007/04/wordpress-213-and-2010/ i still don't see CVE-2007-4483 claimed fixed there. so the - These releases include fixes for several publicly known minor XSS issues - CVE-2007-4483 claimed wordpress 2.1.3 as fixed version -