/changelog
+++ htmldoc-1.8.27/debian/changelog
@@ -1,3 +1,11 @@
+htmldoc (1.8.27-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3050: Stack-based buffer overflow when setting custom page
+output size (Closes: #537637)
+
+ -- Giuseppe Iuculano
+
+ * Non-maintainer upload by the testing Security Team.
+ * Add patch from Christoph Biedl to fix server assert involving client
+IDs and hardware addresses (CVE-2009-1892) (Closes: #549584)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 04 Oct 2009 17:41:00 +0200
+
dhcp3 (3.1.2p1-1
@@
+wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed Integer overflow in the wxImage::Create function.
+(CVE-2009-2369) (Closes: #537175)
+ * Avoid name clashes with GSocket from glib 2.21+ and fixed FTBFS
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat, 03 Oct
/debian/changelog
@@ -1,3 +1,11 @@
+kolab-cyrus-imapd (2.2.13-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Fix buffer overflow in SIEVE script component
+(CVE-2009-3235, CVE-2009-2632) (Closes: 547712)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sat
Giuseppe Iuculano ha scritto:
Hi,
Attached is a debdiff of the changes I made for 2.2.13-5.1 0-day NMU
Cheers,
Giuseppe.
The DH_VERBOSE export in debian/rules was not included.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: wget
Version: 1.11.4-4
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for wget.
CVE-2009-3490[0]:
| GNU Wget before 1.12 does not properly handle a '\0' character in a
| domain
Ola Lundqvist ha scritto:
Sure. In that case where do I upload it. To lenny-proposed-updates?
stable-proposed-updates for lenny and oldstable-proposed-updates for etch.[1]
Please contact the stable release team before you upload.
tags 548232 + pending
thanks
Hello,
The following change has been committed for this bug by
Giuseppe Iuculano giuse...@iuculano.it on Sat, 26 Sep 2009 00:23:50 +0200.
The fix will be in the next upload.
=
Add menu
-2.2.13/debian/changelog
+++ cyrus-imapd-2.2-2.2.13/debian/changelog
@@ -1,3 +1,17 @@
+cyrus-imapd-2.2 (2.2.13-14+lenny3) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * sieve/bc_eval.c: Use snprintf to avoid buffer overruns
+
+ -- Giuseppe Iuculano giuse
Package: cyrus-imapd-2.2
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for cyrus-imapd-2.2.
CVE-2009-3235[0]:
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
|
notfixed 547947 2.2.13-15
thanks
Benjamin Seidenberg ha scritto:
A fix was released before the CVE was even published
Patch:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/sieve.y.diff?r1=1.40;r2=1.41;f=h
Hi Henrique,
Henrique de Moraes Holschuh ha scritto:
Also, we need the same fix to be applied to stable and old-stable...
I've prepared stable and oldstable packages:
http://sd6.iuculano.it/sec/cyrus-imapd-2.2/
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: wireshark
Version: 1.2.1-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-3242[0]:
| Unspecified vulnerability in packet.c in the GSM A RR dissector in
|
Package: kolab-cyrus-imapd
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kolab-cyrus-imapd.
CVE-2009-2632[0]:
| Buffer overflow in the SIEVE script component (sieve/script.c), as
| used
Package: bugzilla
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for bugzilla.
CVE-2009-3165[0]:
| SQL injection vulnerability in the Bug.create WebService function in
| Bugzilla 2.23.4
retitle 546791 CVE-2009-3233: shell command injection via filename
thanks
Hi,
this issue got a CVE id:
Name: CVE-2009-3233
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3233
Reference: MLIST:[oss-security] 20090916 CVE id request: changetrack
Reference:
@@
+wxwidgets2.6 (2.6.3.2.2-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixed Integer overflow in the wxImage::Create function.
+(CVE-2009-2369) (Closes: #537175)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 17 Sep 2009 17:17:44 +0200
+
wxwidgets2.6 (2.6.3.2.2-3) unstable
Package: whitedune
Version: 0.28.13-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for whitedune.
CVE-2008-7228[0]:
| Multiple format string vulnerabilities in White_Dune before
|
severity 546903 minor
thanks
Hi Joerg,
Joerg Scheurich aka MUFTI ha scritto:
So i should say something about the impact and attack vectors:
To enable the problem, white_dune must be compiled with the --with-aflockdebug
option of ./configure. The debian binary versions are not compiled with
Package: xmp
Version: 2.0.4d-11
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers
| to
retitle 546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
tag 546730 lenny etch
fixed 546730 2.6.1-1
thanks
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for xmp.
CVE-2007-6731[0]:
| Extended Module Player (XMP) 2.5.1 and earlier allow remote
Hi,
local screen lock bypass vulnerability in xscreensaver is not important enough
to get it fixed via regular security update in Debian stable and oldstable. It
does not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release
Package: kdelibs,kde4libs
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdelibs and kde4libs.
CVE-2009-2702[0]:
| KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
Package: rails
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for rails.
CVE-2009-3086[0]:
| A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x
| before 2.3.4, leaks information about the complexity of
) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed integer overflow in XMakeImage function in xwindow.c
+(Closes: #530946) (CVE-2009-1882)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Thu, 10 Sep 2009 19:08:13 +0200
+
graphicsmagick (1.3.5-5) unstable; urgency=high
* debian
Package: qt4-x11
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for qt4-x11.
CVE-2009-2700[0]:
| src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not
| properly
Hi,
#540751 was fixed, so a binNMU of wxwidgets2.8 should fix this issue.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: squirrelmail
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for squirrelmail.
CVE-2009-2964[0]:
| Multiple cross-site request forgery (CSRF) vulnerabilities in
| SquirrelMail
Package: buildbot
Version: 0.7.10p1-1,0.7.8-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for buildbot.
CVE-2009-2959[0]:
| Cross-site scripting (XSS) vulnerability in the waterfall web
found 543224 3.2.6-0.1
tags 543224 patch
thanks
Hi,
after an upgrade from 3.2.1.1-0.1 to 3.2.6-0.1 this bug exists:
# LANG=C dpkg -l tinymce
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/
Package: ntop
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for ntop.
CVE-2009-2732[0]:
| The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier
| allows remote attackers to
Package: tinymce
Version: 3.2.1.1-0.1
Severity: serious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
tinymce makes files in /usr/share writable by non-root (www-data). See policy
10.9.
Cheers,
Giuseppe.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Package: neon27,neon26,neon
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for neon.
CVE-2009-2474[0]:
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' character in
reassign 542972 libdumbnet
thanks
Hi,
Lucas Nussbaum ha scritto:
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part:
gcc -g -O2 -Wall -Werror -lpthread -lpcap -ldumbnet -lnet -L/usr/lib
-I/usr/include -DLINUX -DDEBIAN -o arpon arpon.c
Package: libcompress-raw-bzip2-perl
Version: 2.020-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libcompress-raw-bzip2-perl.
CVE-2009-1884[0]:
| Off-by-one error in the
Package: curl
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for curl.
CVE-2009-2417[0]:
A vulnerability has been reported in cURL, which can be exploited by
malicious people to
Package: gnutls26
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for gnutls26.
CVE-2009-2730[0]:
| libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0'
| character in a domain
Package: asterisk
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for asterisk.
CVE-2009-2726[0]:
| The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34,
| 1.4.x before
Moritz Muehlenhoff ha scritto:
I'm leaving to HAR 2009 soon, I'll look into it, but it might take a couple
days.
Thijs sponsored the upload, thanks anyway!
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
clone 540060 -1
reassign -1 binutils
retitle -1 version script commands not handled correctly in sid/squeeze
severity -1 grave
thanks
Hi,
please see the testcase below
Cheers,
Giuseppe.
Giuseppe Iuculano ha scritto:
Giuseppe Iuculano ha scritto
Hi Moritz,
Moritz Muehlenhoff wrote:
On Mon, Jul 13, 2009 at 08:45:03AM +0200, Andrea De Iacovo wrote:
this is fixed in upstream version 2.8.1. please coordinate with the
security
team to prepare updates for the stable releases.
Wordpress 2.8.1 is going to be uploaded in sid in the
Package: zope3
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: zope2.10
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing access
Package: python2.4-zodb
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: zope2.11
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Two vulnerabilities have been reported in Zope, which can be exploited by
malicious people to bypass certain
security restrictions and compromise a vulnerable system.
1) A missing
Package: xemacs21
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for xemacs21.
CVE-2009-2688[0]:
| Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when
| running on
It's likely that pgadmin3 should have been rebuilt after the latest wxwidgets2.8
upload.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
reassign 540060 pgadmin3
found 540060 1.10.0-1
thanks
Giuseppe Iuculano ha scritto:
It's likely that pgadmin3 should have been rebuilt after the latest
wxwidgets2.8
upload.
Yes, I confirm that, I rebuilt pgadmin3 and it works perfectly.
Cheers,
Giuseppe.
signature.asc
Description
Gerfried Fuchs ha scritto:
Beg your pardon, but that sounds rather like the ABI of wxwidgets2.8
has changed - and then it's not pgadmin3's job to fix it, rather the
library should bump its compatibility level, not?
Can this please get investigated properly? I don't object to a
scheduled
Ryan Niebur ha scritto:
since amd64 seems to be the only architecture with (known) problems,
No, unfortunately I was able to reproduce this issue on my i386 machine.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Giuseppe Iuculano ha scritto:
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8
2.8.7.1-2 and
_zn21wxmemoryfshandlerbase19addfilewithmimetypeerk8wxstringpkvj...@wxu_2.8.5
2.8.7.1-1
It seems that something changed in binutils, testcase:
squeeze, binutils
Package: strongswan
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for strongswan.
CVE-2009-2661[0]:
| The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before
| 4.2.17,
Package: camlimages
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for camlimages.
CVE-2009-2660[0]:
| Multiple integer overflows in CamlImages 2.2 might allow
| context-dependent attackers
Bart Martens ha scritto:
Why not upload a new revision and so force users to update the Adobe Flash
Player ?
Do you mean uploads to oldstable-security, stable-security, testing-security,
and sid ?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4
/patch/CVE-2009-0179.patch: Fixed application crash when loading XM
+files. (CVE-2009-0179) (Closes: #476339)
+
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 05 Aug 2009 11:50:25 +0200
+
libmikmod (3.1.11-6) unstable; urgency=medium
* The Play a .mod on your ia64 today! release.
only
Package: nss
Version: 3.12.0-6
Severity: serious
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for nss.
CVE-2009-2404[0]:
| Heap-based buffer overflow in a regular-expression parser in Mozilla
|
retitle 539934 CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities
fixed 539934 3.12.3-1
thanks
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for nss.
CVE-2009-2408[0]:
| Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly
| handle a '\0'
Hi,
this issue got a CVE (Common Vulnerabilities Exposures).
CVE-2009-1631[0]:
| The Mailer component in Evolution 2.26.1 and earlier uses
| world-readable permissions for the .evolution directory, and certain
| directories and files under .evolution/ related to local mail, which
| allows local
Yves-Alexis Perez ha scritto:
Fix is already in for unstable. testing will have it as soon as it's
built on mipsel.
Well, Could you say me in which version was fixed?
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Hi Bart,
Bart Martens wrote:
About this security bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538240
I have updated the MD5 checksums yesterday and this morning to match the
Adobe Flash Player versions meant on this security bulletin.
Package: asterisk
Version: 1:1.6.2.0~dfsg~beta3-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for asterisk.
CVE-2009-2651[0]:
| main/rtp.c in Asterisk Open Source 1.6.1 before
Package: firebird2.0
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for firebird2.0.
CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0
Package: firebird2.1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for firebird2.1.
CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6,
Package: knowledgeroot
Version: 0.9.7.3-2
Severity: serious
Tags: security etch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for fckeditor.
CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor
Package: verlihub
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for verlihub.
CVE-2009-2569[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Verlihub
| Control Panel (VHCP)
Package: wireshark
Version: 1.0.8-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for wireshark.
CVE-2009-2559[0]:
| Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows
Package: flashplugin-non-free
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for flashplugin-nonfree.
CVE-2009-1862[0]:
| Unspecified vulnerability in Adobe Reader and Acrobat 9.x through
Package: znc
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
znc 0.072 fixes an high-impact directory traversal bug
| You can upload files to znc via /dcc send *status. The files will be saved in
datadir/users/user/downloads/.
| The code for this
Package: libc6-dev
Version: 2.9-20
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
ETA for kernel 2.6.31 is September.
Until 2.6.31 doesn't reach unstable, you must ship /usr/include/scsi/scsi.h,
otherwise all packages that use scsi/scsi.h FTBFS in unstable.
Cheers,
Package: wxwidgets2.8
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for wxwidgets2.8.
CVE-2009-2369[0]:
| Integer overflow in the wxImage::Create function in
| src/common/image.cpp in
Package: fckeditor
Version: 1:2.6.2-1
Severity: grave
Tags: security lenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for fckeditor.
CVE-2009-2265[0]:
| Multiple directory traversal vulnerabilities in FCKeditor
Hi Jeroen,
These issues have been fixed in Zoph 0.7.0.5 and 0.7.3 and are actually
(contrary to what CVE-2008-6837 says) the issues from CVE-2008-3258.
I would appreciate it if you could rectify this information.
Could you provide more details about these issues please?
Cheers,
Giuseppe.
Jeroen Roos ha scritto:
What kind of information would you like? The issues mentionned in
CVE-2008-6837 are not known to me and because of the limited information
in the report there is no way to determine whether such an issue exists,
the issue in CVE-2008-6838 is the same issue as the one
Package: zoph
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for zoph.
CVE-2008-6837[0]:
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to
| execute arbitrary SQL
tags 534918 patch
thanks
Hi,
Upstream patch: http://websvn.kde.org/?view=revrevision=983306
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: webkit
Version: 1.0.1-4
Severity: grave
Tags: security lenny
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for webkit.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS for iPod touch 1.1 through 2.2.1 does
tags 534946 patch
thanks
CVE-2009-1698 patch: http://trac.webkit.org/changeset/42081
CVE-2009-1690 patch: http://trac.webkit.org/changeset/42532
CVE-2009-1687 patch: http://trac.webkit.org/changeset/41854
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Package: libqt4-webkit
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for qt4-x11.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the garbage-collection implementation
| in
Package: kde4libs
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for kde4libs.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS
Package: kdegraphics
Version: 4:3.5.5-3etch3 4:3.5.9-3+lenny1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for kdegraphics.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the
Package: kdelibs
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for kdelibs.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS
retitle 534952 CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
thanks
Apologies, kdelibs is not affected by CVE-2009-0945
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Just for reference, ocsinventory-server 1.02.1-1 fixed also CVE-2009-2166:
CVE-2009-2166[0]:
| Absolute path traversal vulnerability in cvs.php in OCS Inventory NG
| before 1.02.1 on Unix allows remote attackers to read arbitrary files
| via a full pathname in the log parameter.
For further
forcemerge 533848 534274
thanks
Hi,
martin f krafft ha scritto:
also sprach Lior Chen li...@lirtex.com [2009.06.24.0800 +0200]:
I have managed to fully reproduce this. This situation arose from mistakenly
installing the dmraid package along with the mdadm package (or maybe it was
severity 533848 normal
thanks
Hi,
Lior Chen ha scritto:
I have a software raid array (raid 0 type), with lvm partitions built
over the raid.
Please explain. Why are you mixing software raid with fakeraid/ataraid and LVM?
Please paste the output of these commands:
cat /proc/mdstat
retitle 532935 CVE-2009-2108: git-daemon Infinite Loop Denial of Service
thanks
Hi,
this issue got a CVE id:
CVE-2009-2108[0]:
| git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to
| cause a denial of service (infinite loop and CPU consumption) via a
| request containing extra
Hi Pierre,
Pierre Chifflier ha scritto:
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
This doesn't imply that 1.01 isn't affected.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
Pierre Chifflier ha scritto:
I fully agree, but you should quote correctly :
--8-
Additionally, this injection does not work here:
http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1dl=2o=3v=4%27union+all+select+concat(id,
%27:%27,passwd)+from+operators%23
Hi,
also CVE-2008-5515 is now disclosed:
Information Disclosure CVE-2008-5515
When using a RequestDispatcher obtained from the Request, the target path was
normalised before the query string was removed. A request that included a
specially crafted request parameter could be used to access
Package: git-core
Version: 1:1.6.3.1-1
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for git:
SA35437[1]:
Description:
A vulnerability has been reported in Git, which can be exploited by malicious
Package: tomcat6
Version: 6.0.16-1 6.0.18-dfsg1-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for tomcat6.
CVE-2009-0033[0]:
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
Package: tomcat5
Version: 5.0.30-12etch1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for tomcat5.
CVE-2009-0033[0]:
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
Package: openssl
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for openssl.
CVE-2009-1386[0]:
| ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause
| a denial of
retitle 530946 CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
retitle 530838 CVE-2009-1882: ImageMagick Integer Overflow Vulnerability
thanks
This issue got a CVE id:
CVE-2009-1882[0]:
| Integer overflow in the XMakeImage function in magick/xwindow.c in
| ImageMagick 6.5.2-8 allows
Package: ocsinventory-server
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for OCS Inventory NG:
SA35311[0]:
Description:
Nico Leidecker has discovered a vulnerability in OCS Inventory NG, which can be
fixed 531735 1.02.1-1
tags 531735 lenny patch
thanks
Giuseppe Iuculano ha scritto:
The vulnerability is confirmed in version 1.02.1. Other versions may also be
affected.
This was wrong, 1.02.1 is not vulnerable.
Patch:
http://ocsinventory.svn.sourceforge.net/viewvc/ocsinventory?view
Package: strongswan
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for strongswan:
SA35296[1]:
DESCRIPTION:
Two vulnerabilities have been reported in strongSwan, which can be
exploited by
Package: gst-plugins-good0.10
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for GStreamer Good
Plug-ins:
SA35205[0]:
Description:
A vulnerability has been discovered in GStreamer Good Plug-ins,
Package: apache2
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
redhat recently patched apache2.
CVE-2009-1195 is still reserved, but is disclosed in RHSA-2009-1075[1]
A security issue has been reported in Apache HTTP Server, which can be exploited
Package: imagemagick
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for imagemagick:
SA35216[0]:
DESCRIPTION:
Tielei Wang has discovered a vulnerability in ImageMagick, which can
be exploited by
201 - 300 of 388 matches
Mail list logo