Package: php5
Severity: grave
Tags: security
Justification: user security hole
Two security problems have been found in PHP5. For details please see
http://www.hardened-php.net/advisory_012006.112.html
http://www.hardened-php.net/advisory_022006.113.html
PHP 4 is not affected, so this only affec
Ola Westin wrote:
> Package: libapache-auth-ldap
> Version: 1.6.0-8
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> auth_ldap version 1.6.0 contains a remote security vulnerability.
> See http://www.digitalarmaments.com/2006090173928420.html for details.
> A fixed ver
Santiago Vila wrote:
> How exactly this is dangerous in *pine*? (not in the IMAP server)
The problem is that we have another case of an embedded code copy,
something we should get rid of for Etch for as many packages as
possible.
> You gain access to the system if you are running pine? That would
Christian Hammers wrote:
> There were some kernel security announcements on bugtrag the last couple
> of days. As those CAN Ids do not show up on the cross reference
> or the nonvuln list, I wonder if Debian is affected and when fixed packages
> can be expected.
See http://svn.debian.org/wsvn/kern
Steve Kemp wrote:
> On Wed, Jan 25, 2006 at 12:29:32PM +0100, Thierry Reding wrote:
> > * Bastian Blank wrote:
>
> > > Package: komi
> > > Version: 1.03-4
> > > Severity: serious
> > >
> > > There was an error while trying to autobuild your package:
> > >
>
> > I've investigated this a bit, and
Recai Okta? wrote:
> elog (2.5.7+r1558-4+sarge1) stable-security; urgency=high
>
> * Major security update (big thanks to Florian Weimer)
> + Backport r1333 from upstream's Subversion repository:
> "Fixed crashes with very long (revisions) attributes"
> + Backport r1335
Recai Okta? wrote:
> Debdiff is attached and here is the new changelog for your convenience:
>
> elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
>
> * Major security update (big thanks to Florian Weimer)
> + Backport r1333 from upstream's Subversion repository:
>
Package: libavcodec-dev
Version: 0.cvs20050106-1
Severity: grave
Tags: security
Justification: user security hole
[Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
more, I haven't investigated whether they are affected, but I assume it's
the case]
The most recent ffmpeg-cvs-
Package: affix
Severity: grave
Tags: security patch
Justification: user security hole
btsrv sanitises input inproperly. I haven't yet checked whether this
is exploitable in the Debian package configuration as well. Please
see the advisory at http://www.digitalmunition.com/DMA[2005-0712b].txt
Patch
Package: affix
Severity: grave
Tags: security patch
Justification: user security hole
An exploitable buffer overflow in the btftp userspace client has been
reported. Please see http://www.digitalmunition.com/DMA[2005-0712a].txt
for an advisory. Patches are available at
http://affix.sourceforge.net
Package: tutos
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been reported on TUTOS, including SQL
injection and cross-site-scripting. Please see
http://www.securityfocus.com/archive/1/375757
for details. All issues seem to be fixed in current CVS
The Mozilla vulnerabilities have been assigned these CVE ids:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2268: Javascript prompt origin spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible ex
Package: mozilla-thunderbird
Severity: grave
Tags: security
Justification: user security hole
Thunderbird 1.0.5 fixes these nine security issues, some of which
are classified as critical by the Mozilla developers:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML
Doh! This should be CAN-2004-2161 and CAN-2004-2162, not -2005-
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: mysql-dfsg-4.1
Version: 4.1.12-1 (not installed)
Severity: grave
Tags: security patch
MySQL bundles a copy of zlib, which is vulnerable to DoS and potential
arbitrary code execution due to a buffer overflow in the inflate function.
This is fixed in latest 4.1.13 upstream or in the Bitkee
Package: ethereal
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been found in Ethereal and fixed in
latest upstream release 0.10.12. Full details are described at
http://www.ethereal.com/appnotes/enpa-sa-00020.html
Cheers,
Moritz
-- Syst
Package: mysql-dfsg
Severity: grave
Tags: security
Justification: user security hole
A buffer overflow in user defined functions can be exploited to
possibly execute arbitrary code by user that have been granted the
privilege to create user defined functions. For full details please
see
http://www
Package: evolution
Severity: grave
Tags: security
Multiple exploitable format string vulnerabilities have been found in
Evolution. Please see
http://www.securityfocus.com/archive/1/407789/30/0/threaded
for details. 2.3.7 fixes all these issues.
Cheers,
Moritz
-- System Information:
Debi
Horms wrote:
> > below patch has been slurped into the Debian patches for 2.6.8, but the
> > error posted looks like the same error I suffered when hitting this bug.
> >
> > Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> >
> > Cut and paste from the web archive, so
Horms wrote:
> > > There is no public CVE assignment for this issue. If's it easily
> > > reproducable
> > > for non-root, it might account as a local DoS vulnerability.
> >
> > mii-tool's IOCTL is only allowed by root.
> >
> > The remote DoS comes from the fact that snmpd will call this IOCTL w
Hi,
MySQL has now published information about the isolated security
fix:
http://mysql.bkbits.net:8080/mysql-4.0/[EMAIL PROTECTED]
Cheers,
Moritz
--
Moritz Muehlenhoff [EMAIL PROTECTED] fon: +49 421 22 232- 0
DevelopmentLinux for Your Business fax: +49 421 22 232-99
Package: mailutils-imap4d
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable format string vulnerability has been found in
GNU mailutils' imap4d server. Please see the iDefense advisory at
www.idefense.com/application/poi/display?id=303&type=vulnerabilities
for
Hi,
fbi only requires a re-compile to fix this bug. I've tried it and
I can verify that it works without problems.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tags 316973 patch
thanks
Hi,
attached you can find upstream's patch to address this problem.
Cheers,
Moritz
diff -Naur libnss-ldap-238.orig/ldap-nss.c libnss-ldap-238/ldap-nss.c
--- libnss-ldap-238.orig/ldap-nss.c 2005-09-14 23:46:27.0 +0200
+++ libnss-ldap-238/ldap-nss.c 200
Dear Joey/security team,
when preparing a patch for #316972 in sid I noticed that the sid
version (which is identical to the Sarge version from DSA-785)
already contained the required patch. But it isn't mentioned
neither in the changelog nor in the DSA-785. Can you please fix
it in the web version
Welly Hartanto wrote:
> Package: lincity-ng
> Version: 1.0.1-1
> Severity: serious
> Justification: 4
>
> I'm new to lincity-ng nad found the game exciting.
> After playing a while I save my game. While saving, my game
> was on accelerate mode ( by clicking the yellow arrow ).
> I opened the saved
Package: mozilla
Version: 2:1.7.11-1
Severity: grave
Tags: security
Justification: user security hole
As usual Mozilla 1.7.12 fixes several security issues. I'm copying
the bug descriptions from a Red Hat advisory, because they are not
yet public on the Mozilla website:
<-->
A bug was found in th
Hi,
there has been a Gentoo advisory about insecure temp files in rkhunter,
which got assigned CAN-2005-1270:
http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
So please check, whether the mentioned check_update.sh script is
vulnerable in the Debian package as well.
Cheers,
Moritz
Package: mantis
Severity: grave
Tags: security
Justification: user security hole
mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
the latest DSA upload that fixed several others:
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List o
Package: bugzilla
Version: 2.18.3-2
Severity: grave
Tags: security
Justification: user security hole
Two information disclosure vulnerabilities have been found in Bugzilla:
+ It is possible to bypass the "user visibility groups" restrictions
if user-matching is turned on in "substring" mode.
+
Hi,
this potential license problem is blocking (among others) the transition
of 1.0.7-1, which fixes several serious security problems. As the problems
some debian-legal people seem to have spotted haven't been noticed by noone
else since the MPL is in use and triple-licensing is already being prep
Package: mediawiki
Severity: grave
Tags: security
Justification: user security hole
1.4.11 fixes two security problems:
CAN-2005-3167:
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not
properly remove certain CSS inputs (HTML inline style attributes) that
are processed as act
Package: weex
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable format string vulnerability has been found in
weex. Please see http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
for details and a patch.
Please mention the CVE assignment CAN-2005-3150 in t
Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and CAN
Arthur Korn wrote:
BTW, I made an error in my initial bug report, it's CAN-2005-314[876].
> 1.19-1 source and binary packages work on stable, and the
> differences to 1.18.4-2 are all local bugfixes, so I figure it
> doesn't make any sense to separate bugfixes from bugfixes for a
> special securi
Package: xloadimage
Severity: grave
Tags: security
Justification: user security hole
A report about several buffer overflows in the xloadimage code for
processing NIFF images has been posted to Bugtraq. Please see
http://msgs.securepoint.com/cgi-bin/get/bugtraq0510/57.html
for details and a demo e
The demonstation exploits are stripped off in the Bugtraq archives,
I've attached them.
Cheers,
Moritz
large.niff.bz2
Description: Binary data
small.niff.bz2
Description: Binary data
Martin Schulze wrote:
> > I'm not sure about
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3148,
> > which would require some more studying of the code.
>
> It's the chown call.
>
> It seems that the old version executed "chown uid gid link" which doesn't
> work. The new version ex
Package: xine-lib
Severity: grave
Tags: security
Justification: user security hole
A format string vulnerability in xine-lib's CDDB response parsing has been
found.
Exploitation is quite unlikely, as it would require a rogue CDDB server, but it
should be fixed nevertheless, as the fix is trivial.
Ulf Harnhammar wrote:
> No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone
> add or modify information about records.
But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted
Package: kword
Version: 1:1.3.5-4.3
Severity: grave
Tags: security
Justification: user security hole
An exploitable heap overflow has been found in kword's RTF import function.
Please see http://www.kde.org/info/security/advisory-20051011-1.txt for
more information and a patch against 1.3.5. This
Package: curl
Version: 7.14.1-5
Severity: grave
Tags: security
Justification: user security hole
Another buffer overflow has been found in curl's NTLM authentication
code. (This one is different from CAN-2005-0490 and doesn't seem to
have a CVE assignment yet). Please see
http://www.mail-archive.
Horms wrote:
> > The non-suid command "loadkeys" can be used by any local user having
> > console access. It does not just apply to the current virtual console
> > but to all virtual consoles and its effect persists even after logout.
This has been assigned CAN-2005-3257.
Cheers,
Moritz
Package: ethereal
Version: 0.10.12-6
Severity: grave
Tags: security
Justification: user security hole
As usual ethereal 0.10.13 fixes lots of vulnerabilities, most of them are only
denial-of-
service, but some can lead to execution of arbitrary code.
Affecting only sid:
o The ISAKMP dissect
Hi,
as the attack is based on overflowing buf1[] through crafted len values
taken from the packet header in BoGetDirection() and this function isn't
present in 2.3 Debian doesn't seem to vulnerable.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscr
Hilko Bengen wrote:
> >> mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
> >> the latest DSA upload that fixed several others:
> >>
> >> - 0006097: [security] user ID is cached indefinately (thraxisp)
> >> - 0006189: [security] List of users (in filter) visible for unaut
Hi,
while I agree that running yiff with lesser privileges is desirable
I can't see a RC security problem in this case. You can't crash
a system be reading from /dev, /proc or /sys, even reading from raw
hard disk devices doesn't cause harm. If you know such a scenario
please describe it, otherwise
Package: bmv
Version: 1.2-17
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in bmv can lead to a local privilege escalation.
Please see http://felinemenace.org/advisories/bmv_advisory.txt for
details. This has been assigned CVE-2005-3278, please mention so
in
Package: mantis
Version: 0.19.2-4
Severity: grave
Tags: security
Justification: user security hole
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited
to perform arbitrary file inclusion. Please see
http://secunia.com/secu
Package: flyspray
Severity: grave
Tags: security
Justification: user security hole
Multiple Cross-Site-Scripting vulnerabilties have been found in
Flyspray. Have a look at
http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html
for more details. This has been assigned CVE-2
Thijs Kinkhorst wrote:
> > Another security problem has been found in mantis. Insufficient
> > input sanitising of the t_core_path parameter may be exploited to perform
> > arbitrary file inclusion. Please see
> > http://secunia.com/secunia_research/2005-46/advisory/ for details.
>
> Hello Moritz,
Package: acidbase
Severity: grave
Tags: security
Justification: user security hole
A SQL injection vulnerability has been found in BASE. Please see
http://www.frsirt.com/english/advisories/2005/2188 for details.
This has been assigned CVE-2005-3325, please mention so in the
changelog, when fixing
Martin Schulze wrote:
> > Thijs Kinkhorst wrote:
> > > > Another security problem has been found in mantis. Insufficient
> > > > input sanitising of the t_core_path parameter may be exploited to
> > > > perform
> > > > arbitrary file inclusion. Please see
> > > > http://secunia.com/secunia_researc
Thijs Kinkhorst wrote:
> > All affect Sarge.
>
> I've prepared updated packages for sarge. My updated package for sid is
> still pending with my sponsor Luk Claes. The updated packages for sarge
> are available here:
> http://www.a-eskwadraat.nl/~kink/mantis_sec/
>
> They are not signed since I'
Thijs Kinkhorst wrote:
> On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
> > The included patches look fine and correlate to what I extracted from the
> > interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
> >
> > The mantis bug is
Package: openvpn
Severity: grave
Tags: security
Justification: user security hole
A format string vulnerability has been found in openvpn's option parsing
code, which indirectly may be exploited remotely as well. Please see
http://cert.uni-stuttgart.de/archive/bugtraq/2005/10/msg00393.html
for mo
Hi,
this has been assigned CVE-2005-3393, please mention so in the changelog
when fixing this.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Just for the record, PHP 4.4.1 fixes more security problems
besides the ones discovered by the Hardened PHP Project.
I'm including the CVE assignments:
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities
in ext/curl and ext/gd that could lead to exposure of
files normally not acces
Hi,
this issue is CVE-2005-1109 and was addressed by DSA-713 from 2005-04-13.
Do you have reason to believe that the fix used there was incomplete?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
the DSA text is indeed incorrect, this is unfixed in sid.
Attached is the patch from the DSA.
Cheers,
Moritz
diff -u graphviz-2.2.1/debian/changelog graphviz-2.2.1/debian/changelog
--- graphviz-2.2.1/debian/changelog
+++ graphviz-2.2.1/debian/changelog
@@ -1,3 +1,11 @@
+graphviz (2.2.1
Package: libcurl3
Version: 7.13.0-1
Severity: grave
Tags: patch
Justification: user security hole
iDefense discovered a buffer overflow in NTLM authentication that may lead
to arbitrary code execution. This is CAN-2005-0490. Woody is not affected,
as it doesn't contain the vulnerable NTLM code. (I
Package: lesstif1-1
Severity: grave
Tags: security, patch
Justification: user security hole
Quoting from a recent Gentoo security advisory:
> Chris Gilbert discovered potentially exploitable buffer overflow cases
> in libXpm that weren't fixed in previous libXpm security advisories.
This has been
Package: mysql-dfsg
Version: unavailable; reported 2005-03-11
Severity: grave
Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack
if an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database.
There does not seem to be a CVE assignment
Package: mysql-dfsg
Version: 4.0.23-10
Severity: grave
Tags: security
Stefano Di Paola discovered that it's possible to use a library located
in an arbitrary directory, if an authenticated user has INSERT and DELETE
privileges on the 'mysql' administrative database.
There does not seem to be a CV
Package: mysql-dfsg
Version: 4.0.23-10
Severity: grave
Tags: security
Stefano Di Paola discovered that it's possible to gain extended MySQL user
privileges by abusing the interaction between MySQL's CREATE FUNCTION
functionality and the libc. This only applies for authenticated users
with INSERT a
Package: openslp
Severity: grave
Tags: security
Justification: user security hole
SuSE Security has found several buffer overflows and out-of-memory access
possibilities during a code audit. Neither the original SuSE nor the Mandrake
advisory contain detailed information, openslp.org lacks usable
Package: wine
Version: 0.0.20050211-1
Severity: grave
Tags: security
Justification: user security hole
[ Note; feel free to downgrade the severity, I chose it under the assumption
that a user runs applications which store sensitive data in the registry
and that Sarge should not include this vu
Package: limewire
Version: 3.4.5-2
Severity: grave
Tags: security
Justification: user security hole
Secunia reports two vulnerabilities in Limewire that allow attackers remote
access to arbitrary files. For full details see
http://secunia.com/advisories/14555
Note: Limewire has been orphaned for
Package: mozilla-firefox
Version: 1.0-2.37.200411220627
Severity: grave
Tags: security
Three security vulnerabilities have been found in Firefox:
I'm write a collective bugreport for all three vulnerabilities, as you'll
they're
all fixed in 1.0.2:
CAN-2005-0399:
An GIF processing error when pars
Package: icecast2
Severity: grave
Tags: security
Justification: user security hole
Several security issues have been reported for Icecast2. Please refer to
the CAN Ids in the changelog when fixing them:
CAN-2005-0838:
Multiple buffer overflows in the XSL parser may cause DoS and possibly
remote c
Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: grave
Tags: security
Kernels before 2.6.11 do not properly restrict access to the N_MOUSE line
disciple for TTYs, which allows local users to inject mouse or keyboard
events into other's users sessions and possibly gain extended privileges.
Package: smail
Severity: grave
Tags: security patch
Justification: user security hole
[Dear security-team, this should affect Woody as well]
Sean <[EMAIL PROTECTED] has discovered two vulnerabilities in smail,
that can be exploited to obtain root privileges:
1. A heap overflow in RFC 821 header
Hola,
a POC exploit has been posted to Bugtraq. I don't have a smail setup to
test this against, though. It's attached for your convenience.
Cheers,
Moritz
--
http://unpythonic.net/~jepler/cgi-bin/rottenflesh.cgi
smail-heap-overflow-remote-exploit-poc.c.gz
Description: GNU Zip compresse
Package: kernel-source-2.4.27
Severity: grave
Tags: security
Justification: user security hole
CAN-2005-0750: Insufficient range checking in af_bluetooth allows local root
exploit.
This is the full advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/
attachments/20050327/3f128a09/adv1.
Kurt Roeckx wrote:
> This looks like a missing build dependency or something,
> but I have no idea on what package since nothing in debian
> seems to have them.
It's missing a build-dep on libcegui-mk2-dev, which should hit the archive with
the
next dinstall run.
Cheers,
Moritz
--
To
Package: wordpress
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
a vulnerability in Wordpress' cookie handling has been reported that allows
arbitrary PHP command execution, if register_globals is enabled in the PHP
config. Please see http://www.securiteam.com/unixfocu
Package: centericq
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been fixed in ekg and it's libgadu
library:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
http://cve.mitre.o
Package: drupal
Severity: grave
Tags: security
Justification: user security hole
[I'm pretty sure you are already aware of it; but here it is anyway]
Another XMLRPC vulnerability has been detected that affects Drupal
as well. Please see http://www.hardened-php.net/advisory_142005.66.html
for info
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
Hi,
another vulnerability has been found in the XMLRPC code. Please
see http://www.hardened-php.net/advisory_142005.66.html for
more information. egroupware was affected by July's vulnerability,
so it might now be
Package: phpgroupware
Severity: grave
Tags: security
Justification: user security hole
Hi,
another vulnerability has been found in the XMLRPC code. Please
see http://www.hardened-php.net/advisory_142005.66.html for
more information. phpgroupware was affected by July's vulnerability,
so it might be
Package: bluez-utils
Severity: grave
Tags: security patch
Justification: user security hole
A vulnerability in hcid has been found. Please see this URL for details:
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881
https://bugs.gentoo.org/show_bug.cgi?id=101557
Upstream
Package: gallery
Severity: grave
Tags: security
Justification: user security hole
gallery doesn't sanitize EXIF tags when displaying them. Please
see http://cedri.cc/advisories/EXIF_XSS.txt for more information.
gallery2 might be affected as well.
Cheers,
Moritz
-- System Information:
De
Moritz Muehlenhoff wrote:
> Package: drupal
> Severity: grave
> Tags: security
> Justification: user security hole
>
> [I'm pretty sure you are already aware of it; but here it is anyway]
>
> Another XMLRPC vulnerability has been detected that affects Drup
Package: kdebase-bin
Version: 3.4.2-2
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.kde.org/info/security/advisory-20050905-1.txt for details
and a patch.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstabl
Package: phpmyadmin
Severity: grave
Tags: security
Justification: user security hole
[Might affect stable, packages.d.o is currently unreachable, so I can't
check]
There's a cross-site-scripting vulnerability in phpmyadmin due to inproper
input validation of convcharset data.
For full details pl
reopen 291244
tags 291244 patch
thanks
Hi,
the security fix for CAN-2005-0064 was taken from xpdf, which didn't fix
the issue completely. Attached you can find a patch that provides the
complete solution as provided in xpdf 3.00-13 (relative to the current
NMUed fix).
Cheers,
Moritz
diff
reopen 291250
thanks
Hi,
the previous fix for CAN-2005-0064 was taken from xpdf, which didn't
address this vulnerability completely. Attached you can find a dpatch
that adds the missing range limitation.
Cheers,
Moritz
#!/bin/sh -e
## Additional fix for CAN-2005-0064
##
## DP: Patch to fi
Package: kpdf
Version: 4:3.3.2-1
Severity: grave
Tags: security patch
Justification: user security hole
Dear KDE maintainers,
the security fix for CAN-2005-0064 was derived from xpdf 3.00-12, which
in fact turned out to be incomplete wrt to a missing range check in XRef.cc.
Attached you can find a
Package: tetex-bin
Version: 2.0.2-27
Severity: grave
Tags: security patch
Justification: user security hole
Dear TeX maintainers,
the patch you used to fix CAN-2005-0064 in -26 seems to have been derived from
xpdf 3.00-12, which unfortunately was missing a portion of the security fix
(the one that
Package: postfix-gld
Severity: grave
Tags: security
Justification: user security hole
dong-hun you <[EMAIL PROTECTED]> posted a report about several
remotely exploitable security issues to the vuln-watch mailing list.
As I couldn't find a proper WWW reference I'm posting the advisory
verbose.
Che
Package: kdelibs4
Severity: grave
Tags: security
Justification: user security hole
Invalid range checking in PCX header parsing possibly permits execution
of arbitrary code. Please see http://bugs.kde.org/show_bug.cgi?id=102328
for a full description, a crafted test image and a patch from Waldo Ba
Package: wordpress
Severity: grave
Tags: security
Justification: user security hole
Nicolas Montoza <[EMAIL PROTECTED]> reported two security vulnerabilities
in Wordpress, which insert verbose, as I could not find a public WWW
reference for them.
Cheers,
Moritz
==
Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Tags: security
Justification: user security hole
Lee Xioajun <[EMAIL PROTECTED]> reported an issue with invalid input
checks in DOC header parsing, which can possibly be exploited with remote
code execution. I'm including his advisory verbos
Package: libcdaudio
Severity: grave
Tags: security patch
Justification: user security hole
CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
can potentially be exploited to execute arbitrary code.
libcdaudio contains the vulnerable code as well. Attached you can find
a
Package: gocr
Severity: grave
Tags: security
Justification: user security hole
Two security vulnerabilities have been reported on gocr that may be
exploited to execute arbitrary code. For full details please have a
look at http://www.overflow.pl/adv/gocr.txt
Cheers,
Moritz
-- System Info
Package: gnome-vfs2
Severity: grave
Tags: security patch
Justification: user security hole
[ Dear security team; this seems to affect stable as well ]
CAN-2005-0706 describes a buffer overflow in grip CDDB response parsing that
can potentially be exploited to execute arbitrary code.
gnome-vfs2 c
Package: cvs
Version: 1:1.12.9-11
Severity: grave
Tags: security
Justification: user security hole
CVS 1.12.12 fixes several security issues:
* Thanks to a report from Alen Zukich <[EMAIL PROTECTED]>, several minor
security issues have been addressed. One was a buffer overflow that is
potent
Package: libxine1
Version: 1.0-1
Severity: grave
Tags: security
Two streaming related security issues have been reported in MPlayer. At least
one of them is present in xine-lib as well. The MPlayer reports can be found at
http://www.mplayerhq.hu/homepage/design7/news.html. The vulnerable MMST code
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
Multiple security issues have been reported for egroupware that
have been adressed in the new 1.0.0.007 release. See this advisory
for full details:
Cheers,
Moritz
From: GulfTech Security Research <[EMAI
Package: heimdal
Severity: grave
Tags: security
Justification: user security hole
Heimdal is vulnerable to CAN-2005-0469, the slc_add_reply buffer overflow
reported for multiple telnet clients.
Heimdal 0.6.4 fixes this issue.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
A
1 - 100 of 332 matches
Mail list logo