Package: mutt
Version: 1.5.20-9+squeeze1
Severity: grave
Tags: security
Justification: user security hole
The gnutls implementation of ssl found in mutt, in mutt_ssl_gnutls.c, appears
to not validate
the common name of a remote server correctly. The openssl implementation found
in mutt_ssl.c
do
Package: python-feedparser
Version: 4.1-14
Severity: grave
Tags: security
Justification: user security hole
Please update the version of python-feedparser found in debian to something
recent:
The following bugs will then be fixed:
1. Issue 195: XSS vulnerability in feedparser
http://code.goo
Package: isc-dhcp-server
Severity: critical
My windows 7 vm timesout when trying to get a dhcp lease from isc-dhcp-server.
I am using isc-dhcp-server from debian squeeze.
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture
Package: python2.6
Version: 2.6.6-6
Severity: critical
The latest update is totally broken and can't byte compile *modules* (squeeze).
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: L
Package: epiphany-browser
Severity: grave
Tags: security
Justification: user security hole
epiphany-browser as found in squeeze does not check remote ssl certificate
validity for https connections.
Here is a test url: (WHICH SHOULD FAIL)
https://i.broke.the.internet.and.all.i.got.was.this.t-shi
Package: offlineimap
Severity: grave
Tags: security
Justification: user security hole
offlineimap performs absolutely no ssl certificate checking. So users could/can
be the victim of a man in the middle attack.
In debian the following bugs exist:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
Package: python-libcloud
Severity: grave
Tags: security
Justification: user security hole
libcloud fails to perform ssl validation on https connections.
This means that users of this module, who which perform api requests using
https urls / connections are at risk to mitm attacks.
See http://gith
Package: pidgin
Version: pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694
Severity: critical
Tags: security
Justification: root security hole
pidgin prior to 2.5.9 HAS SECURITY ISSUE CVE-2009-2694
http://www.pidgin.im/news/security/?id=34
-- System Information:
Debian Release: 5.0.2
Package: pidgin
Version: 2.6.1-1
Severity: grave
Tags: security
Justification: user security hole
PIDGIN < 2.5.9 has a CVE filled in it ->
http://www.pidgin.im/news/security/?id=34
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386
Package: knowledgetree
Version: 2.0.7-1
Severity: critical
Hey,
/etc/knowledgetree/environment.php is world-readable by default. It is
supposed to contain (amongst other things) the username and password for
the KnowledgeTree database.
Cc:'d to [EMAIL PROTECTED] just in case they care (the packa
10 matches
Mail list logo