Package: libpodofo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for libpodofo.
CVE-2018-8000[0]:
| In PoDoFo 0.9.5, there exists a heap-based buffer overflow
| vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in
| Pdf
On 2018-02-08 09:01, James Cowgill wrote:
> I think the attached patch will fix this (which I have also just
> uploaded to unstable).
Uploaded. Thanks!
/luciano
signature.asc
Description: OpenPGP digital signature
On 2018-02-03 09:13, James Cowgill wrote:
> Unlike the backport for 0.27 which was fairly straightforward, the
> backport for 0.23 required significant changes and I ended up rewriting
> half of it. This means I am less confident about catching all the cases
> to fix this bug. It would be good if a
Source: maradns
Severity: grave
Version: 2.0.13-1.2
Tags: security upstream
Hi,
The following vulnerability was published for MaraDNS:
http://seclists.org/oss-sec/2016/q4/411
No CVE is was assigned yet, but the request was made in that thread.
If you fix the vulnerability please also make sure
5bbb610b06e1b8fff2c33c5feced2c8bbe24b11c
Author: Luciano Bello
Date: Sat Nov 5 00:53:45 2016 -0400
openssl 1.1
diff --git a/debian/changelog b/debian/changelog
index eb3e6af..9958fc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+medusa (2.2-4) unstable; urgency=high
+
+ * OpenSSL 1.1 support (RC
On Wednesday 01 June 2016 01.26.17 Emilio Pozuelo Monfort wrote:
> I haven't had the time to look at jessie but the change should be similar.
I just released DSA 3591-1 to fix jessie.
> @maintainers: Would you like to upload this fix yourself or want me to do
it?
> Just for wheezy/jessie or also
Hi Paul,
I'm not fully understanding your suggestion. So, let me rephrase to check
out
what you mean:
The package should install the files in /var/lib/ieee-data/oui.txt and
/var/lib/ieee-data/iab.txt. And /usr/share/ieee-data/oui.txt and
/usr/share/ieee-data/iab.txt should be symblinks to t
Take a look to http://seclists.org/oss-sec/2013/q2/295
Cheers, luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Wednesday 06 March 2013, Cédric Boutillier wrote:
> I adapted the patch from upstream and applied it to the version of
> libopenid-ruby currently in squeeze.
> Attached is the debdiff with a possible 2.1.8debian/1+squeeze1
> targetting squeeze if accepted by the security team.
Thanks for your p
Package: xserver-xorg-video-qxl
Severity: grave
Tags: security patch
Justification: user security hole
Hi there,
Take a look to http://seclists.org/oss-sec/2013/q1/204
Please, use CVE-2013-0241 to refer this issue.
The Debian package in unstable looks affected. Can you check if the stable
Package: mahara
Severity: critical
Tags: security
Justification: user security hole
Hi there,
Melissa Draper pointed that the embedded copy of flowplayer-core in Mahara
is affected by http://code.google.com/p/flowplayer-core/issues/detail?id=441
Cheers, luciano
--
To UNSUBSCRIBE, email to
Package: libvirt
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
please see :
https://bugzilla.redhat.com/show_bug.cgi?id=893450
http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
The Debian package in unstable looks affected. Can
Package: zope2.12
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see : http://seclists.org/oss-sec/2012/q4/249
Can you confirm if any of the Debian packages are affected?
Cheers,
luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a su
Package: icedtea-web
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see : http://seclists.org/oss-sec/2012/q4/237
Cheers,
luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.
Package: gegl
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see :
http://seclists.org/oss-sec/2012/q4/215
Can you confirm if any of the Debian packages are affected?
Cheers,
luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subjec
Package: yui
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see :
http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-
in-yui-2/
Are vulnerable versions in Debian?
Cheers,
luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.
On Saturday 22 September 2012, Jay Berkenbilt wrote:
> Please let me know whether I should do the upload or whether you will
> prepare a package for stable-security based on the attached patch.
The patch looks good for me. I can write the DSA text today. Just a minor
question: CVE-2010-2482 shoul
Package: smarty3
Severity: grave
Tags: security patch
The following vulnerability has been reported against smarty.
http://seclists.org/oss-sec/2012/q3/508
The link include a patch too.
Smarty 2 http://packages.qa.debian.org/s/smarty.html doesn't look affected,
since the vulnerable code is not
Package: fwknop
Severity: grave
Tags: security patch
The new fwknop fixes many security problems:
http://seclists.org/oss-sec/2012/q3/509
It's fixed in 2.0.3. The link include the patches too.
Cheers, luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject
Package: optipng
Severity: grave
Tags: security patch
The following vulnerability has been reported against optipng.
http://seclists.org/oss-sec/2012/q3/499
It's fixed in 0.7.3. The link include a patch too.
Cheers, luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
w
Package: libapache2-mod-rpaf
Severity: critical
Tags: security
Version: 0.5-3
Sébastien Bocahu reported to the security team:
> (...)
> A single request makes Apache segfault. On some of the environments I tested,
> it even kills all Apache processes (they become zombies).
>
> I tested three env
Package: libapache-mod-security
Severity: grave
Tags: security patch
The following vulnerability had been reported against mod-security:
http://www.openwall.com/lists/oss-security/2012/06/22/1
The patch can be found in the report.
Please use CVE-2012-2751 for this issue.
Cheers,
luciano
--
Package: modsecurity-apache
Severity: grave
Tags: security patch
The following vulnerability had been reported against mod-security:
http://www.openwall.com/lists/oss-security/2012/06/22/1
The patch can be found in the report.
Please use CVE-2012-2751 for this issue.
Cheers,
luciano
--
To
Package: spip
Severity: grave
Tags: security
The following vulnerability has been reported against spip:
http://www.openwall.com/lists/oss-security/2012/05/01/4
Please use CVE-2012-2151 for this issue.
Cheers,
luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with
Package: asterisk
Severity: grave
Tags: security patch
The following vulnerability had been reported against asterisk:
http://www.openwall.com/lists/oss-security/2012/03/16/10
The patch can be found in the report.
They are referred as AST-2012-002 and AST-2012-003. Please use CVE-2012-1183
and
On Friday 16 March 2012, Kartik Mistry wrote:
> Which one? :)
Hehhe... please, upload.
-l
signature.asc
Description: This is a digitally signed message part.
On Friday 16 March 2012, Kartik Mistry wrote:
> Do you want me to upload it directly to stable or want to send email
> to security with debdiff etc?
Yes, please.
Thank you :)
/luciano
signature.asc
Description: This is a digitally signed message part.
On Thursday 15 March 2012, Cyril Lavier wrote:
> For old-stable, I don't have time tonight, so if anybody is willing to
> do it, don't hesitate :).
Security does not support old-stable since Febrary.
Thanks a lot for your work!
-l
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.deb
On Thursday 15 March 2012, Cyril Lavier wrote:
> The 1.1.17 will be uploaded tomorrow, we already done the needed test
> for the upload (build and functionality).
Great!
Can you check if stable is affected? The bug looks quite important. Do you
think
that stable should be updated by a DSA?
Th
Package: nginx
Severity: grave
Tags: security patch
The following vulnerability had been reported against nginx:
http://seclists.org/oss-sec/2012/q1/644
The patch can be found in the report.
Please use CVE-2012-1180 for this issue.
Can you check if the stable version is affected?
Cheers,
luci
Package: libgdata
Severity: grave
Tags: security patch
The following vulnerability had been reported against libgdata:
http://www.openwall.com/lists/oss-security/2012/03/14/3
The upstream patch:
http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
http://git.g
Package: pidgin
Severity: grave
Tags: security patch
The following vulnerability had been reported against pidgin:
http://pidgin.im/news/security/?id=61
The patch can be found in the report.
Please use CVE-2012-1178 for this issue. Can you check if stable is also
affected?
Cheers,
luciano
Package: pidgin
Version: 2.10.1-1
Severity: grave
Tags: security patch
The following vulnerability had been reported against pidgin:
http://pidgin.im/news/security/?id=60
The patch can be found in the report.
Please use CVE-2011-4939 for this issue. The bug only affects to unstable, as
far as
Package: gnash
Severity: grave
Tags: security patch
The following vulnerability had been reported against gnash:
http://www.openwall.com/lists/oss-security/2012/03/14/5
The patch can be found in the report.
Please use CVE-2012-1175 for this issue and check if the stable version
(0.8.8-5) is af
Package: openldap
Severity: grave
Tags: security patch
The following vulnerability had been reported against openssl:
http://www.openwall.com/lists/oss-security/2012/03/12/4
The upstream patch can be found in the report.
Please use CVE-2012-1164 for this issue.
Cheers,
/luciano
signature.asc
Package: openssl
Severity: grave
Tags: security patch
The following vulnerability had been reported against openssl:
http://www.openwall.com/lists/oss-security/2012/03/12/3
The patch can be found here:
http://cvs.openssl.org/chngview?cn=22252
Please use CVE-2012-1165 for this issue.
Cheers,
/
Package: bip
Severity: grave
Tags: security patch
The following vulnerability had been reported against bip:
https://projects.duckcorp.org/issues/269
The patch can be found here:
https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c
This bug i
Package: serendipity
Version: 1.5.3-2
Severity: grave
Tags: security patch
Hi,
A securite problem was reported against serendipity, a XSS in karma plugin:
http://seclists.org/oss-sec/2011/q4/176
The id CVE-2011-4090 was assigned to this issue. Don't forget to mention it
in
your changelog. T
Hi Yaroslav,
If you consider this problem a security hole, it can be fixed through a
point update. Take a look to:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Regards,
/luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with
Package: openssl
Version: 0.9.8g-15+lenny14
Severity: grave
Hi Kurt,
This vulnerability had been announce against OpenSSL 0.9.8g (which is
available in oldstable): http://www.openwall.com/lists/oss-security/2011/12/01/6
Would you like to coordinate a DSA with the security team?
Best rega
Package: mediawiki
Severity: grave
Tags: security patch
Hi Mediawiki Maintenance Team,
In the 1.17.1 release announce, two grave vulnerabilities have been
fixed:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-
November/000104.html
Patches are included in the wikimedi
Package: mojarra
Severity: grave
Tags: security patch
Hi there,
A vulnerability against mojarra have been reported.
http://www.openwall.com/lists/oss-security/2011/11/29/1
Please, check the reference to a get a patch and a PoC.
Best Regards,
/luciano
--
To UNSUBSCRIBE, email to debi
Package: hardlink
Severity: grave
Tags: security
Hi Julian,
A security problem in hardlink had been reported:
http://www.openwall.com/lists/oss-security/2011/10/15/2
The report refers to Fedora. Can you check if any Debian version is affected?
Thanks a lot!
-luciano
--
To UNSUBSCRIBE,
Package: php5
Severity: serious
Tags: security
Hi,
A bug in crypt_blowfish was reported [1,2,3]. The RH report [4] may be useful
too.
The function BF_set_key in ./ext/standard/crypt_blowfish.c is vulnerable. Can
you confirm that the bug affects the Debian packages?
If so, please, considerer pr
Package: opie
Severity: serious
Tags: important
Hi,
A security bug has been reported in opielogin[1]. A patch by Novell is can be
found here: https://bugzillafiles.novell.org/attachment.cgi?id=435901
Please, considerer port this patch to stable and oldstable.
Thanks a lot for all your help,
Package: opie
Severity: serious
Tags: important
Hi,
A security bug has been reported in opiesu[1]. A patch by Novell is can be
found here: https://bugzillafiles.novell.org/attachment.cgi?id=435902
Please, considerer port this patch for stable and oldstable.
Thanks a lot for all your help,
lu
Package: postgresql
Severity: serious
Tags: security
Hi,
A bug in crypt_blowfish was reported [1,2,3]. The function BF_set_key in
postgresql is vulnerable. The RH report [4] may be useful too. Upstream already
has a patch[5].
Please, considerer providing patches for stable and oldstable too.
T
Package: php5-suhosin
Severity: serious
Tags: security
Hi,
The CVE (Common Vulnerabilities & Exposures) CVE-2011-2483 was
published for php5-suhosin.
A bug in crypt_blowfish was reported [1,2,3]. The function BF_set_key from
crypt_blowfish.c:554 looks vulnerable. The RH report may be useful[4] t
Please, use CVE-2011-1147
-luciano
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Dear mrtgutils user,
I'm the Debian package maintainer of mrtgutils. I released a new fresh
version with many changes that I uploaded to experimental. Since Debian testing
is frozen, I would like to be sure that this version does not break nothing
before to put it in unstable.
It would
El Sáb 18 Sep 2010, Alan Dennis escribió:
> However, mrtg-sensors is utterly broken without it. Shouldn't mrtg-sensors
> be broken out into a separate package with proper dependancies, maybe
> recommended or suggested by mrtgutils?
I'm totally agree.
I will fix and upload this package during the
Hi Ansgar,
Thanks for getting in touch with us and sorry for the delay in the
answer.
El Mar 03 Ago 2010, Ansgar Burchardt escribió:
> > Security Team: Should we upload the proposed fix to stable-security or
> > should this rather be fixed in the next point release of Lenny?
Since the pr
Package: sudo
Version: 1.6.9p17-2
Severity: grave
Tags: security, patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for sudo.
CVE-2010-1163[0]:
| The command matching functionality in sudo 1.6.9p22 through 1.7.2p5 does not
| properly handle when a file in the curr
tags 576825 = moreinfo unreproducible
severity 576825 normal
thank you
Hi Pierre,
I tried to reproduce the bug without lucky. I ran it in a chroot create
by
pbuilder login. Can you give more info? I lowered the severity meanwhile.
---8<8<--
El Mié 07 Abr 2010, Pierre THIERRY escribió:
> Latest w3af seems uninstallable:
I'm checking this. You will probably have an answer in two or three days.
Thanks for the report.
l.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Con
El Jue 18 Mar 2010, Stefano Zacchiroli escribió:
> PS Luciano, this is also an offer for help, if you approve the proposed
> patch, I'd be happy to contribute an NMU of this.
After few tests, I notice that w3af is not working for 2.6 anyway (few deps are
not for 2.6). So I'm working in a packa
Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1724[0]:
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbitrar
Package: qt4-x11
Version: 4:4.5.2-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for qt4-x11.
CVE-2009-1724[0]:
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbit
Package: kdelibs
Version: 4:3.5.10.dfsg.1-2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows re
Package: kde4libs
Version: 4:4.2.96-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote a
Package: qt4-x11
Version: 4:4.5.2-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote att
Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attac
In order to be strict, libwebkit-1.0-2 does not fix the bug... it's just not
affected.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Oppss... I forgot, you can find a PoC here http://bugs.gentoo.org/271863
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: libwebkit-1.0-1
Version: 1.0.1-4+b1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libwebkit-1.0-1.
CVE-2009-0945[0]:
| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Publi
Package: libqt4-webkit
Version: 4.5.1-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libqt4-webkit.
CVE-2009-0945[0]:
| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Public Beta,
Package: jetty
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-1523[0]:
| Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
| before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote
|
Package: ipsec-tools
Version: 1:0.7.1-1.3
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1574[0]:
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
| attackers to cause a denial of service (crash)
El Sáb 27 Sep 2008, Luk Claes escribió:
> Can you please look into getting dsniff built with libdb-dev (bdb 4.6)?
done
signature.asc
Description: This is a digitally signed message part.
tag 474411 -unreproducible
thanks...
The problem is the g++ version. I'm working on it. Please, next time include
more details about the building conditions.
luciano
signature.asc
Description: This is a digitally signed message part.
tag 474411 +unreproducible
thank...
In my pbuilder I have no any problem. Can you include the bugreport footer o
more information about in which conditions can I reproduce the problem?
luciano
signature.asc
Description: This is a digitally signed message part.
Hi Laurence,
I would like to fix http://bugs.debian.org/399892 soon.
Frank <[EMAIL PROTECTED]> proposed to ask you because libipq looks like
it
only comes in a static form, and hence isn't built -fPIC. I contacted you few
months ago without any response. I'm CCing to the BTS this
Hi daniel!
Please, check the experimental version.
luciano
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Upstrem is working in a new version.
luciano
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
El Mar 17 Jul 2007, Jan Wagner escribió:
> Hi Luciano,
>
> On Wednesday 20 June 2007 19:15, Luciano Bello wrote:
> > I need your opinion and comments about: http://bugs.debian.org/399892
> > Nepenthes has a module (modulehoneytrap.so) linked with libipq (IPQ
>
Sorry, the problem is that the tempfile is reused. From
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585 :
"lha doesn't open temporary files *exclusively*"
Ignore the prior message.
luciano
signature.asc
Description: This is a digitally signed message part.
As I understand this, the problem exist in the mktemp() used in
src/lharc.c:932 and src/lharc.c:951. The manpage mktemp(3) says:
"Never use mktemp(). Some implementations follow 4.3BSD and replace XX by
the current process ID and a single letter, so that at most 26 different
names can be
Hi!
I need your opinion and comments about: http://bugs.debian.org/399892
Nepenthes has a module (modulehoneytrap.so) linked with libipq (IPQ
library
for userspace), which is part of iptables-dev. Libipq looks like it only
comes in a static form, and hence isn't built PIC.
Hi vorlon,
I will uploading a patched version to sid this night.
>From upstream
Why is it critical:
davfs holds unsynchronized data in memory as well as in the cache on
disk. These will be lost in case of a crash.
In more detail:
1) mount.davfs will crash when using fuse (but not immediately,
Package: davfs2
Version: 1.1.2-2
Severity: serious
From an upstream e-mail report --- start
When using fuse file system, kernel version 7, davfs2 crashed. But this is the
fuse version that will be included in the standard kernel of etch.
I believe the bug is serious and it is in 1.1.3 too. But
tags 386305 + patch
thanks
Many packages solve the problem with a rm in the stop case.
CaFeLUG September BTS
luciano
--- init.d.orig 2006-09-10 23:43:35.0 -0300
+++ init.d 2006-09-10 23:48:47.0 -0300
@@ -26,6 +26,7 @@
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --oknodo
tags 378759 +patch +pending
thank you
the patch from José Parrella works fine. Will be upload tomorrow.
thx, luciano
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
tags 378759 -patch
thank you
No, it's not the unique reference...
# rgrep tab\.c * | grep rm
missing:rm -f y.tab.c y.tab.h
modules/download-creceive/Makefile.in: -rm -f *.tab.c
modules/download-csend/Makefile.in: -rm -f *.tab.c
modules/download-curl/Makefile.in: -rm -f *.tab.c
modul
tags 366861 + moreinfo unreproducible
severity 366861 important
thanks
Hi Ferenczi!
I can not reproduce your error. It's quite strange. We have not any
reports (excepts your one) about this kind of behaviour.
In fact, words like "tiny" doesn't appears in the davfs2's source code.
A
El vie, 20-01-2006 a las 11:43 -0300, Luciano Bello escribió:
> AFAIK, the bug is steel there :)
s/steel/still
sorry :)
luciano
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
El vie, 20-01-2006 a las 12:30 +0100, Lionel Elie Mamane escribió:
> On Thu, Jan 19, 2006 at 03:33:21PM -0300, Luciano Bello wrote:
>
> > I just want to know what happened with the CVE-2005-3573[1],
> > particularly in stable/sarge.
>
> We (mailman Debian package ma
Hi everyone!
I just want to know what happened with the CVE-2005-3573[1],
particularly in stable/sarge.
Thanks for all your help.
Luciano
[1] http://bugs.debian.org/339095
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: kpdf
Version: 3.x
Severity: grave
Tags: security patch
TITLE:
KOffice "Decrypt::makeFileKey2()" Buffer Overflow
SECUNIA ADVISORY ID:
SA13934
VERIFY ADVISORY:
http://secunia.com/advisories/13934/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
KOffice 1.
Package: kpdf
Version: 3.x
Severity: grave
Tags: security sarge sid patch
The version in woody is not affected by this problem.
TITLE:
KDE kpdf "Decrypt::makeFileKey2()" Buffer Overflow
SECUNIA ADVISORY ID:
SA13916
VERIFY ADVISORY:
http://secunia.com/advisories/13916/
CRITICAL:
Highly critical
89 matches
Mail list logo