Source: neatvnc
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for neatvnc.
CVE-2024-42458[0]:
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly
| validate the security type.
https://www.openwall.com/lists/os
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-6061[0]:
| A vulnerability has been found in GPAC 2.5-DEV-
| rev228-g11067ea92-master and classified as problematic. Affected by
| this vulne
Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cjson.
CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
| c
Source: dmitry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause a
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
| scene
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for gpac.
CVE-2023-50120[0]:
| MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered
| to contain an infinite loop in the function av1_uvlc at
| media_t
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-0321[0]:
| Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to
| 2.3-DEV.
https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-48958[0]:
| gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
| gf_mpd_resolve_url media_tools/mpd.c:4589.
https://github.com/gpac/
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-47384[0]:
| MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
| contain a memory leak in the function gf_isom_add_chapter at
| /iso
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-46927[0]:
| GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-
| overflow in gf_isom_use_compact_size
| gpac/src/isomedia/isom_wri
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2023-42298[0]:
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to
| cause a denial of service via the Q_DecCoordOnUnitSphere fu
Source: yasm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for yasm.
CVE-2023-29579[0]:
| yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via
| the component yasm/yasm+0x43b466 in vsprintf.
https://github.
Source: lua5.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lua5.1.
CVE-2021-43519[0]:
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4
| allows attackers to perform a Denial of Service via a cra
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-43634[0]:
| This vulnerability allows remote attackers to execute arbitrary code
| on affected installations of Netatalk. Authentication is
Source: golang-github-go-macaron-csrf
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-go-macaron-csrf.
CVE-2018-25060[0]:
| A vulnerability was found in Macaron csrf and classified as
| problematic. Affecte
Source: netatalk
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file. Th
Am Wed, Aug 25, 2021 at 09:23:37PM +0200 schrieb Salvatore Bonaccorso:
> Source: plib
> Version: 1.8.5-8
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> Forwarded: https://sourceforge.net/p/plib/bugs/55/
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
Source: sendmail
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for sendmail.
https://alpaca-attack.com/ affects sendmail. It was fixed in
the latest 3.16.1 release:
https://marc.info/?l=sendmail-announce&m=159394546814125&
severity 972126 serious
thanks
On Mon, Oct 12, 2020 at 11:35:23PM +0100, Simon McVittie wrote:
> Package: libopendbx1-sqlite
> Version: 1.4.6-14
> Severity: important
> Tags: bullseye sid
> User: debian...@lists.debian.org
> Usertags: libsqlite0
> Control: block 607969 by -1
>
> libopendbx builds
Matthias Klose wrote:
> Package: src:ispell-lt
> Version: 1.2.1-8
> Severity: normal
> Tags: sid bullseye
> User: debian-pyt...@lists.debian.org
> Usertags: py2removal
>
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lis
On Sat, Aug 10, 2019 at 09:25:04AM +0200, Christoph Biedl wrote:
> Package: drdsl
> Severity: important
>
> hereby I declare my intent to request removal of the drdsl from Debian
> in unstable.
Please go ahead, no need to wait for the src:isdnutils removal, even.
Cheers,
Moritz
On Tue, Feb 05, 2019 at 11:18:01PM +0100, Johannes Schauer wrote:
> On Tue, 05 Feb 2019 23:12:03 +0100 Moritz Muehlenhoff wrote:
> > Should pdf2htmlex be removed? It's RC-buggy for over a year and upstream
> > development seems to have stopped:
> > http://pdf2htmlex.blogspot.de/2016/12/looking-for
On Tue, Mar 05, 2019 at 06:46:51PM +0100, Roland Gruber wrote:
> About #923736 it seems the link is wrong. LDAP Account Manager depends
> on TCPDF.
So then you should formally adopt it and take care of all security issues
which affect it during the buster lifecycle.
Cheers,
Moritz
On Sat, Jul 15, 2017 at 09:06:41PM +0200, Salvatore Bonaccorso wrote:
> Source: php-cas
> Version: 1.3.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/Jasig/phpCAS/issues/228
>
> Hi,
>
> the following vulnerability was published for php-cas.
>
> CVE-2017-1
On Sun, May 27, 2018 at 10:54:06PM +0200, Gabriel Corona wrote:
> This seems correct with respect to injection through the URI:
> the URI string cannot be expanded into multiple arguments
> and is not passed to `system()`.
Agreed, this CVE seems like a non issue, the CVE entry at MITRE
also only r
On Wed, Dec 26, 2018 at 01:17:26PM +0100, Stefan Bühler wrote:
> Hi,
>
> On 12/26/18 1:01 PM, Moritz Muehlenhoff wrote:
> > Source: lighttpd
> > Severity: normal
> >
> > Your package uses "libssl-dev | libssl1.0-dev" as a build dependency
> > on OpenSSL. openssl1.0 is scheduled for removal, the a
On Thu, Dec 08, 2016 at 07:11:27PM +0100, Andreas Beckmann wrote:
> On 2016-12-08 16:46, Axel 'the C.L.A.' Müller wrote:
> > Seems to work fine - at least I'm not getting those mails anymore.
>
> I've now implemented a different way to aquire lockfiles for the
> cronjobs, let's hope that does work
On Sat, Feb 14, 2015 at 03:41:21PM +0100, Luciano Bello wrote:
> Package: nvi
> Severity: important
> Tags: security patch
>
> The security team received a report from the CERT Coordination Center that
> the
> Henry Spencer regular expressions (regex) library contains a heap overflow
> vulnerab
On Tue, Aug 19, 2014 at 11:47:24PM +0200, Markus Koschany wrote:
> On 19.08.2014 22:45, Moritz Mühlenhoff wrote:
> [...]
> > Thanks for the additional investigation, shall I sponsor the upload for
> > you or do you have a regular sponsor?
> >
>
> Hi Moritz,
>
&
On Mon, Aug 18, 2014 at 06:10:52PM +0200, Markus Koschany wrote:
> Control: tags -1 patch
>
> I am not absolutely sure how libdevilc2 ended up with a dependency on
> liblcms1 again because it already depends on liblcms2-dev but the most
> probable explanation might be that liblcms1-dev was still i
On Thu, Jun 05, 2014 at 12:08:34AM +0200, Andreas Beckmann wrote:
> Control: fixed -1 8.14.4-6
>
> On 2014-06-04 15:44, Moritz Muehlenhoff wrote:
> > Hi,
> > please see http://www.openwall.com/lists/oss-security/2014/06/03/1 for
> > details.
>
> That's a trivial patch that I already cherry-picked
On Sat, Oct 19, 2013 at 04:06:06PM +0200, Ansgar Burchardt wrote:
> Package: chrony
> Severity: serious
> Version: 1.24-3+squeeze1
> X-Debbugs-Cc: t...@security.debian.org, debian-rele...@lists.debian.org
>
> The security update for chrony links against libreadline6 on
> amd64. However chrony is
On Sat, Mar 17, 2012 at 12:30:51PM -0400, jari.aa...@cante.net wrote:
> Package: xloadimage
> Severity: wishlist
> Tags: patch
>
> Hi,
>
> The dpatch patch management system has been deprecated for some time. The
> Lintian currently flags use of dpatch packages as an error. The new 3.0
> packagin
On Tue, Aug 30, 2011 at 10:35:43PM -0500, Drew Scott Daniels wrote:
> Hi,
> You mentioned you were planning to adopt lgeneral after squeeze's release
> and squeeze has been out for a couple of months now. I was just curious
> about the status of this.
Hadn't had time for it and that won't change a
On Fri, Sep 02, 2011 at 11:35:25PM +0200, Christoph Egger wrote:
> Package: src:avifile
> Version: 1:0.7.48~20090503.ds-5
> Severity: serious
> Tags: sid wheezy
> Justification: fails to build from source (but built successfully in the past)
>
> Hi!
>
> Your package failed to build on the buildd
On Wed, Aug 24, 2011 at 09:15:42PM +0200, Sylvestre Ledru wrote:
> Source: avifile
> Version: 1:0.7.48~20090503.ds-3
> Severity: serious
> Tags: wheezy sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20110822 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all
tags 638563 patch pending
thanks
On Fri, Aug 19, 2011 at 09:35:11PM +0200, Moritz Muehlenhoff wrote:
> Package: kradio4
> Severity: important
>
> Hi,
> the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
> (libav is a ffmpeg fork, to which Debian will switch, see
> http://en.wikiped
The patch.
diff -aur avifile-0.7.48~20090503.ds.orig/lib/aviread/FFReadHandler.cpp avifile-0.7.48~20090503.ds/lib/aviread/FFReadHandler.cpp
--- avifile-0.7.48~20090503.ds.orig/lib/aviread/FFReadHandler.cpp 2009-05-01 20:56:45.0 +0200
+++ avifile-0.7.48~20090503.ds/lib/aviread/FFReadHandler.
tags 638566 patch
thanks
On Fri, Aug 19, 2011 at 10:05:59PM +0200, Moritz Muehlenhoff wrote:
> Package: avifile
> Severity: important
>
> Hi,
> the transition from ffmpeg/0.6.2 to libav/0.7 is planned soonish.
> (libav is a ffmpeg fork, to which Debian will switch, see
> http://en.wikipedia.org/w
39 matches
Mail list logo