Bug#771125: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()

46744073709551615 (gdb) p len + 1 $2 = 0 We haven't looked yet where the overlap occurs, nor have a patch yet. I did have to put "set weed=off" in .muttrc for the issue to present. Cheers, -- Murray McAllister / Red Hat Product Security -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#770222: CVE request: icecast: possible leak of on-connect scripts

cript STDIN/STDOUT/STDERR corruption due to shared file descriptors." References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222 https://trac.xiph.org/ticket/2089 Cheers, -- Murray McAllister / Red Hat Product Security https://bugzilla.redhat.com/show_bug.cgi?id=1165880 -- To U

Bug#767227: CVE request: lsyncd command injection

=767227 Could a CVE please be assigned? Thanks, -- Murray McAllister / Red Hat Product Security -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#759282: CVE request: php-pear, pear's insecure /tmp/ use for cache data

rt: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 Could a CVE please be assigned? Thanks, -- Murray McAllister / Red Hat Product Security -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#752092: [oss-security] CVE request: softhsm, softhsm-keyconv tool creates world-readable files

On 06/20/2014 04:02 PM, Salvatore Bonaccorso wrote: > Hello Murray, > > (keeping the Cc on the bureport to answer this also there): > > On Fri, Jun 20, 2014 at 03:46:30PM +1000, Murray McAllister wrote: > [...] >> The Debian bug also notes a similar issue was fixed in

Bug#752092: CVE request: softhsm, softhsm-keyconv tool creates world-readable files

http://manpages.ubuntu.com/manpages/precise/man1/softhsm-keyconv.1.html Cheers, -- Murray McAllister / Red Hat Product Security -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#752092: ldns issue

Hi Ondřej, As noted in <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752092>, you fixed a similar issue in ldns. Are you able to share in details about what the issue in ldns is? Thanks, -- Murray McAllister / Red Hat Product Security -- To UNSUBSCRIBE, email to debian-bugs-dis

Bug#742605: (no subject)

affected, which uses ctags 5.8-10. Cheers, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#736066: A number of EncFS issues

ot; "MACs Not Compared in Constant Time" "64-bit MACs" "Editing Configuration File Disables MACs" There are currently no patches. I am not familiar enough with cryptography to know if they need CVEs, or are considered hardening (the last one sounds CVE worthy th

Bug#746322: CVE request: Python Bottle JSON content-type not restrictive enough

will not allow cross-origin xmlhttprequests with the content type set to "application/json" but you can set it to "text/plain;application/json" instead and bottle will accept it." Can a CVE please be assigned if one has not been already? Thanks, -- Murray McAllister

Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility

Hello, Jakub Wilk discovered that clang's scan-build utility insecurely handled temporary files. Full details in his report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 Can a CVE please be assigned? Cheers, -- Murray McAllister / Red Hat Security Response Team

Bug#741659: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution

escaping ';' too if not already?) Thanks, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#740981: possible fix

Hi all, The patch in https://bugzilla.redhat.com/show_bug.cgi?id=881411 possibly fixes it. I am not familiar with the issue or tested extensively, but with non-fixed version the page loaded fine, with the version in Fedora (which that bugzilla is for) I get an SSL error. -- Murray

Bug#740670: possible CVE requests: perltidy insecure temporary file usage

filename with O_CREAT and O_EXCL (as perltidy does)? I am not sure if these qualify for CVEs but I believe the "perltidy.TMP" on Windows or Mac OS X etc would. Thanks, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#739536: xfe: directory masks ignored when creating new files on Samba and NFS

nt NFS option. Can a CVE please be assigned if one has not been already? Thanks, -- Murray McAllister / Red Hat Security Response Team https://bugzilla.redhat.com/show_bug.cgi?id=1069066 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe&q

Bug#738857: mupdf: Stack-based Buffer Overflow in xps_parse_color()

=60dabde18d7fe12b19da8b509bdfee9cc886aafc Cheers, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#738857: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()

iff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1056699 Thanks, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Bug#737778: [oss-security] CVE request: f2py insecure temporary file use

On 02/06/2014 02:59 PM, Murray McAllister wrote: Hello, Jakub Wilk reported insecure temporary file use in f2py. From <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778>: "" numpy/f2py/__init__.py contains this code: from numpy.distutils.exec_command imp

Bug#737778: CVE request: f2py insecure temporary file use

bugzilla.redhat.com/show_bug.cgi?id=1062009 Thanks, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#737385: [oss-security] Re: CVE request: a2ps insecure temporary file use

if a release was made to fix only part of the problem. So one ID is fine by us. bug #27155 just contains some gdb output. Therefore I assumed it was public and didn't check before sending it here. Thanks for looking at this. -- Murray McAllister / Red Hat Security Response Team

Bug#737385: [oss-security] CVE request: a2ps insecure temporary file use

On 02/03/2014 05:12 PM, Murray McAllister wrote: Hello, Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user(). A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file

Bug#737385: CVE request: a2ps insecure temporary file use

://bugzilla.redhat.com/show_bug.cgi?id=1060630 Thanks, -- Murray McAllister / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org