CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release

[SECURITY] [DSA 2440-1] libtasn1-3 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2440-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 24, 2012

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver

Hi, when using PostgreSQL JDBC driver version 8.1 to connect to a PostgreSQL version 9.1 database, escaping of JDBC statement parameters does not work and SQL injection attacks are possible. The problem can be reproduced for example with version 8.1-415 (released 2010-05-11), which still can be

[SECURITY] [DSA 2441-1] gnutls26 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2441-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 25, 2012

Traffic amplification via Quake 3-based servers

It has been discovered that spoofed getstatus UDP requests are being used by attackers[0][1][2][3] to direct status responses from multiple Quake 3-based servers to a victim, as a traffic amplification mechanism for a denial of service attack on that victim. Open-source games derived from the

[ MDVSA-2012:038 ] openssl

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:038 http://www.mandriva.com/security/

Matthew1471s ASP BlogX - XSS Vulnerabilities

Title: Matthew1471s ASP BlogX - XSS Vulnerabilities Software : Matthew1471s ASP BlogX Software Version : 12 August 2008 Vendor: http://blogx.co.uk/ Vulnerability Published : 2012-03-26 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N) Bug

[SECURITY] [DSA 2442-1] openarena security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2442-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 26, 2012

[SECURITY] [DSA 2443-1] linux-2.6 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2443-1secur...@debian.org http://www.debian.org/security/ Dann Frazier March 26, 2012

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip

PRE-CERT Security Advisory == * Advisory: PRE-SA-2012-02 * Released on: 21st March 2012 * Affected products: libzip = 0.10 PHP 5.4.0 PHP = 5.3.10 zipruby = 0.3.6 * Impact: heap overflow, information leak *

[ MDVSA-2012:039 ] libtasn1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:039 http://www.mandriva.com/security/

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 === Author: Janek Vind waraxe Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:

PcwRunAs Password Obfuscation Design Flaw

# Vuln Title: PcwRunAs Password Obfuscation Design Flaw # Date: 26.03.2012 # Author: Christian Landström, otr # Software Link: http://www.pcwelt.de/downloads/pcwRunAs-1215998.html # Version: = 0.4 # Tested on: Windows # CVE : CVE-2012-1793 # Risk: high # Type: Privilege Escalation # Vendor:

[ MDVSA-2012:040 ] gnutls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:040 http://www.mandriva.com/security/

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)

Hi, As stated in the timeline below (thanks!), this issue was handled in part using the Openwall-hosted distros list (which currently notifies many Linux distro vendors, FreeBSD, and NetBSD/pkgsrc with PGP re-encryption to individual recipients):

[ MDVSA-2012:041 ] expat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:041 http://www.mandriva.com/security/