[SECURITY] [DSA-127-1] buffer overflow in xpilot-server
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-127-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman April 17, 2002 - Package: xpilot Problem type : remote buffer overflow Debian-specific: no An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running. This has been fixed in upstream version 4.5.1 and version 4.1.0-4.U.4alpha2.4.potato1 of the Debian package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment arm packages are not available yet. Source archives: http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.diff.gz MD5 checksum: 6c7aa5e06237d0848cc05c3f121d43f3 http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.dsc MD5 checksum: 51c30a3a226f52e0f99ed5d656e42f37 http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0.orig.tar.gz MD5 checksum: 049f4e51d8f033911d3ce055b3b6b701 Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/xpilot_4.1.0-4.U.4alpha2.4.potato1_all.deb MD5 checksum: 05c17a821e576b8886d6dfd4e737 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: f506b1c9866c9585900351c10955dd43 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: c45fd37746a572ca4d778a2f6e52dbc5 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: 3950b11932d57fb3ae72d1d5621d7f05 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: a66b89463d42a6975df899fa130470f8 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: f0d1306de990f6160ba5cc3e1580b2b2 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: 28b1c0e638e142f93eb2af7ca71f80d5 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: 4bb509a8a5711bc570c9e2645b926a35 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: b2c7cf184d6ff9b9b52e7e5a324ff3d7 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: dbac533733306578fdc22c585c1e55e6 http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: d8d9414db73b3088330755a7d561ac5d http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: 84ec746bc1c1e816448e10868981794d http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: ae66ef2a10d456761541c135bf88fb16 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 49cc8ed07762238a86369190e76dad69 http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: cb0ec5bcf0895efb66f403cafa55d65b http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 98b99485dddf88297de54d3cf9af57b0 http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 256bb2bdfad21832a159570239900da5 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_sparc.deb MD5 checksum: c496e49126d1e2b6991ffbd1c131f5c9 http:/
[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-126-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman April 16, 2002 - Package: imp Problem type : cross-site scripting (CSS) Debian-specific: no A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package. This release also fixes a bug introduced by the php security fix from DSA-115-1: the php postgres support changed subtle which broke the postgres support from imp. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.dsc MD5 checksum: b77256b8029270a8de5240e8a5533cae http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.tar.gz MD5 checksum: 85ec854ef905a906997088649a12d60c http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.dsc MD5 checksum: e8c010d3227f4c55e5b5c68b9921aee5 http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.tar.gz MD5 checksum: a874af4a6ef5ef8b3e5fd59f40db13c2 Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/horde_1.2.6-0.potato.5_all.deb MD5 checksum: df0fe8f732da4edee3f78202c9e2127a http://security.debian.org/dists/stable/updates/main/binary-all/imp_2.2.6-0.potato.5_all.deb MD5 checksum: ffd216c15b27c1c3449512a5ccaa5af2 These packages will be moved into the stable distribution on its next revision. - -- - apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBPLxETqjZR/ntlUftAQH8eAL/XDyfPIO/SQf4yXRwmoBZ0N/VDXC6qOM4 unkIHH+S/9H5PzMqrB+UqOa/8+Zfs4aYGbXIz+n0oRGyhkrDo0vb/thT8+WqaZRc 2CiLTCG2oXrv5D5wuDzDm7BR5TN7M4E+ =9ml0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]