Hi,
* Nico Golde [2012-11-17 16:29]:
> * Francesco Poli [2012-11-17 12:34]:
> > DSA-2574-1 [1] announced a stable security update for typo3-src on
> > Thursday, but I still see no trace of the announced
> > typo3-src/4.3.9+dfsg1-1+squeeze7 on security.debian.org [2] and the
the squeeze (security)
> version is 4.3.9+dfsg1-1+squeeze6...
>
> What's wrong?
> What did I fail to understand?
You didn't fail to understand anything. We are currently investigating the
issue. This certainly shouldn't have happened.
Stay tuned...
Kind regards
Nico
--
Although I'm a little bit busy right at the moment, I can probably have a
> more detailed look through the list later today when I have a bit more spare
> time, if that would help.
What is this exactly based on? Cause the CVE id description is unfortunately
not very reliable.
Hi,
* Francesco Poli (wintermute) [2011-11-16 22:21]:
> Package: security-tracker
> Severity: normal
>
> Hello,
> it seems to me that the tracker page [1] for DSA-2346-1 [2]
> lacks the reference to CVE-2011-4130.
>
> Please update the tracker data.
> Thanks for your time!
Thanks for the report
-2189 ?
Because technically vsftpd would need its own CVE id (which it will not get
though).
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpCoS9GiwUMV.pgp
Description: PGP signature
curityUploadQueue
Kind regards and thanks for contacting us!
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpDqDxHyVC29.pgp
Description: PGP signature
Hi,
* Francesco Poli [2011-06-11 19:10]:
> DSA-2258-1 [1] is about CVE-2011-1926, but the DSA tracker page [2]
> refers to CVE-2011-2194.
[...]
Thanks fixed, c&p error. CVE-2011-2194 was the previous DSA.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG:
dated?
> Could you please clarify?
Fixed, thanks.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3La8OEIXTC.pgp
Description: PGP signature
Hi,
* Nico Golde [2010-11-15 19:37]:
> * Benjamin Drung [2010-11-15 15:25]:
> > There is one security bug filed against vlc that affects only Windows
> > [1]. How do I get this bug removed from the list?
> >
> > http://security-tracker.debian.org/tracker/TEMP-059
sue and it's indeed windows
only. The entry in the security tracker will stay but it will be marked as
not-affected.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpQy6yuzXxS
> 3.9.2 on 64-bit platforms..." doesn't seem to affect those versions.
See my other mail about versions... same applies here.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpUeG1HJkWne.pgp
Description: PGP signature
rsions
to be affected but that doesn't necessary exclude other versions. Sometimes
the versions are also incorrect. To sum up, check the code :)
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpuFGF8Qj0G0.pgp
Description: PGP signature
Hi,
* Michael Gilbert [2010-07-30 16:48]:
> On Fri, 30 Jul 2010 14:41:59 +0200, Nico Golde wrote:
[...]
> > While I see all these undetermined bugs... What about changing the TODO:
> > check
> > to an undetermined status? The problem I currently see is that TODO issue
etermined issues mostly end up forgotten. And
undetermined status is pretty much what TODO: check is anyway.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpVyW39uBIVZ.pgp
Description: PGP signature
scovered in thumb.php which affects
> wikis which restrict access to private files using img_auth.php, or
> some similar scheme.
Those are already listed on:
http://security-tracker.debian.org/tracker/DSA-2022-1
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG
has to run on soler eventually, and I don't think
> > we can require Javascript on the client.
>
> I'd prefer to stick with Python.
I do as well. I'm not sure how much work it is to adapt the current code base.
Would it make sense to do a complete rewrite at some
data.
[...]
Already done, thanks for the notice though!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpCdJ6Yd9ePO.pgp
Description: PGP signature
Hi,
* Yves-Alexis Perez [2010-01-13 11:12]:
> I just noticed two CVE which apply to Xfce packages in etch are set
> against the wrong package. Attached diff should fix that.
Thanks fixed!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For se
hat the update is wrong, there is one CVE against
> libxfcegui4-4, the other for xfce4-panel.
Uhm yes, thanks for bugging us again. Michael was so kind to correct it
already.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, a
Hi,
* Raphael Geissert [2010-01-09 04:59]:
> Nico Golde wrote:
> > FWIW, ack :) I have a smart bookmark in my browser for that anyway, their
> > information is really useful in most cases.
> >
>
> Do you have any other link that should be added?
> Gentoo's bug
ke to automagically turn http URLs mentioned on the notes
> > > into links.
> >
> > These sound like two very useful features.
>
> Agreed.
FWIW, ack :) I have a smart bookmark in my browser for that anyway, their
information is really useful in most cases.
Cheers
Nico
Hi,
* Nico Golde [2010-01-03 22:58]:
> * Michael Gilbert [2010-01-03 19:20]:
> > If someone can push the latest updates, I think I've solved the
> > problem with the latest commit.
>
> I updated the tracker svn because I think your fix looks good.
> [...]
I wonder why you
need to implement undiscussed (excuse me if I missed this) tracker features
and Thijs is "blindly" committing them. This is not how we should work in my
opinion.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons
Hi,
* Francesco Poli [2009-11-01 13:14]:
> Hello everyone,
> there are no tracker pages for DSA-1924-1 or DSA-1925-1 (which have
> been recently issued).
>
> Please update the tracker, ASAP.
The data is already in the tracker, should be visible "soon".
Cheers
N
l see that those issues are
unfixed in oldstable, that's why the tracker shows it as open. If you look
at http://security-tracker.debian.org/tracker/status/release/unstable you will
see it doesn't show up there.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG:
age is named properly this should be
rather easy to script and work effectively.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
pgpeTE0aprNJY.pgp
Description: PGP signature
gt; > Please add it by hand, if the automatic mechanism failed somehow.
> >
> > done.
>
> It seems you missed the epoch: the two CVEs are fixed in version
> 1:1.8.17-14+etch1, rather than in version 1.8.17-14+etch1 ...
> Everything else looks OK.
Added. Thanks!
Chee
Hi,
* Michael S. Gilbert [2009-08-10 20:18]:
> On Mon, 10 Aug 2009 18:09:16 +0000, Nico Golde wrote:
[...]
> > -CVE-2009-2414
> > +CVE-2009-2414 [libxml2 stack recursion]
> > RESERVED
> > + - libxml2 (medium; bug #540865)
> > + [etch] - libxml
>
&
lves
way more work than in the case of cyrus which I currently
lack of. The xpdf issues are really a pain to handle,
especially because there were so many other issues found
while assessing some of the initial issues.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG:
://lists.debian.org/debian-security-tracker/2009/02/msg00011.html
We are lacking manpower. While we have people who report
bugs we lack of people who fix bugs :)
So the honest answer is, I don't know.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For
have been added automatically, it just needed some time
for them to pop-up.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpJ9EA7ymNpE.pgp
Description: PGP signature
27;t support contrib/non-free completely and mark
these issues as NFU or we need to introduce a tag for
unsupported packages (Florian what do you think?).
Opinions?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this
g one big report. In case you can
subdivide the vulnerabilities in parts which logically fit
in the same category I think it makes more sense to split
them instead of reporting one huge grave bug.
I don't think there's a general answer for this.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de -
> >data/spu-candidates.txt
> > Log:
> > - spu notifications
>
> We should likely re-organise to ospu-candidates and spu-candidates
> to avoid confusion for maintainers and better tracking?
Yes I agree. Do you have any better idea apart from using
two files?
Cheers
Nic
Hi,
* Patrick Schoenfeld <[EMAIL PROTECTED]> [2008-12-10 16:38]:
> On Wed, Dec 10, 2008 at 12:15:27AM +0100, Nico Golde wrote:
> > Thanks for the report. Indeed this would be a nice feature
> > and we discussed this at the security team meeting in Essen.
> > Tracker in
eam meeting in Essen.
Tracker integration for the PTS is on our todo list.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpGmgQOvlUJa.pgp
Description: PGP signature
Hi,
* Richard Hartmann <[EMAIL PROTECTED]> [2008-12-08 09:54]:
> On Mon, Dec 8, 2008 at 09:32, Nico Golde <[EMAIL PROTECTED]> wrote:
> > I think your imagination of the process is way to easy,
> > it's more than reading and directly editing the tracker, the
>
if there is an itp
or if it's NFU, check other packages embedding this source
code, check other packages having similar code... I really
would wonder if you would have the time to constantly check
10 of these per day on your own.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpdHEH4c8t3M.pgp
Description: PGP signature
52: fixed in ubuntu [1]
> CVE-2008-2379: fixed in fedora [2]
Since we don't just blindly apply fixes from other
distributions and there still needs to be someone who can
check this additional information I fail to see that this
is needed for us.
Cheers
Nico
--
Nico Golde - http://www.ngol
1.0.7.22-1+lenny1 fixed
Yes this is the fixed version for lenny but the build is
still in testing-proposed-updates and needs to move to
testing first.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYNsmbrGRmr.pgp
Description: PGP signature
has not yet been entered into
> > the security tracker. please update the tracker to include this
> > issue.
>
> It's already been there for a couple of hours. It's CVE-2008-5314.
Michael, note that you already have access to the tracker
svn.
Cheers
Nico
--
N
> vulnerable. i can attempt to fix this one if i am permitted to commit
> to svn. thanks.
Fixed, 1:7.1.314-3+lenny1 vs 1:71.314-3+lenny1
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 enc
Hi,
* Michael Gilbert <[EMAIL PROTECTED]> [2008-11-26 18:40]:
> On 11/26/08, Nico Golde wrote:
> > I noticed that you filed quite a bunch of security related
> > bugs recently in a somehow uncoordinated manner. This is no
> > problem and help is always welcome but it w
helpful to also integrate the data in the tracker. If you plan
to work on security in Debian please let me know so we can
integrate you in the team.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13
be fine
> > now.
>
> Mmmmh, I think DSA-1667-1 is suffering from the same fate...
Thanks, fixed in svn.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYR8NL1k2zN.pgp
Description: PGP signature
g it. I fixed it.
Thijs, any idea why your script didn't catch this one?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpSKQ6tXseW5.pgp
Description: PGP signature
ld
track issues in corner case use cases as they might pop out
way later than the issue was fixed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpIeF7gcyheH.pgp
Description: PGP signature
Hi Thijs,
* Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-08-19 12:27]:
> On Monday 18 August 2008 22:26, Nico Golde wrote:
> > * Steven M. Christey <[EMAIL PROTECTED]> [2008-08-18 22:09]:
> > > On Mon, 18 Aug 2008, Nico Golde wrote:
> > > > This is known but
Hi Gerfried,
* Gerfried Fuchs <[EMAIL PROTECTED]> [2008-08-04 22:11]:
> * Nico Golde <[EMAIL PROTECTED]> [2008-08-04 21:01:18 CEST]:
> > * Thijs Kinkhorst <[EMAIL PROTECTED]> [2008-08-04 20:16]:
> > > We have the following options:
> > > - Keep the c
hink that getting the useful
information earlier is good but on the other hand we already
know about most of the important vulnerabilities popping out
before we get them through the update (via public mailing
lists, vendor-sec, milw0rm, etc.) and most of the rest would
be just NFUs for which we don&
mark different problems for one source
package? Having a long list of points between brackets
doesn't seem to be perfect I think. Maybe we should do some
restructuring on this format?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reas
Hi Francesco,
* Francesco Poli <[EMAIL PROTECTED]> [2008-07-26 18:43]:
> DSA-1618-1 [1] has been recently issued and its tracker page seems to
> suffer from the same issues I reported with respect to
> DSA-1612-1 [2] ... :-(
Hmpf, fixed.
Thanks!
Cheers
Nico
--
Ni
able/testing? I didn't mark it removed as
this file is not really integrated in the tracker and
karrigell is still in stable.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp33ZRIu0eV3.pgp
Description: PGP signature
inconsistencies, please fix them ASAP.
>
> Thanks for your efforts in improving Debian security!
Thanks again for spotting this!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp1fehC8D8Y4.pgp
Description: PGP signature
Hi Francesco,
* Francesco Poli <[EMAIL PROTECTED]> [2008-07-21 19:54]:
> According to its changelog, linux-2.6/2.6.25-7 fixes
> CVE-2008-2812 and CVE-2008-3077.
> However the tracker does not seem to be aware of this.
> Please update the tracker.
Fixed.
Thanks
Nico
--
uffer
> when ...)
> - - sudo 1.6.8p12-2 (low)
> + - sudo 1.6.9p12-1
Args, thanks! C&P error.
1.6.9p12-1 is correct of course.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYlLgfQm8hV.pgp
Description: PGP signature
update of libxfont.
>
> so it was a mistake when the fix was uploaded to etch? can't you
> hand-edit the security tracker data?
Yes I can. Workarounded based on Florians suggestion.
Thanks for the report!
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG:
Hi Florian,
* Florian Weimer <[EMAIL PROTECTED]> [2008-07-06 17:25]:
> * Nico Golde:
> > Looking at the underlying tracker data the problem seems to
> > be that DSA-1466-2 included an upload for libxfont for the
> > above CVE ids while only CVE-2008-0006 was fixed in
xfont from the other CVE
ids in the DSA entry or maybe there is an even more simple
solution.
Anyone knows more?
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpl3fWYkaNDX.pgp
Description: PGP signature
gt; >>> What's the status? Has this been forwarded to the Web Team?
> >>
> >> I was specifically talking about the tracker in this case.
> >
> > I'm all for it, then.
>
> I've started something that looks like this but it is not too well te
package cups, but unfixed in
> package cupsys:
[...]
Fixed, thanks for the report.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpqR4nBqKgLA.pgp
Description: PGP signature
etch et al.
>
> There seems to have been a misunderstanding: It is not necessary (and
> even wrong) to change the version numbers on historic entries. You only
> should use for new vulnerabilities.
Ah true, my bad. I'll fix this when I back home again.
Cheers
Nico
--
Hi Francesco,
* Francesco Poli <[EMAIL PROTECTED]> [2008-06-14 16:02]:
> On Sat, 14 Jun 2008 13:36:18 +0200 Nico Golde wrote:
> > * Francesco Poli <[EMAIL PROTECTED]> [2008-06-14 12:37]:
> > > I see from the list archive that the CUPS renaming got the attention it
ed in
> package cupsys:
[...]
Mhm, maybe the reason is that cupsys was not yet removed
from unstable and currently cupsys and cups are installable
in unstable?
kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in t
st of the weekend
to fix this, I'm not at home and have no net connection
available.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpiREsLXvgKm.pgp
Description: PGP signature
Hi Florian,
(args, I initially sent my mail to security-tracker and just
bounced it to this list then).
* Florian Weimer <[EMAIL PROTECTED]> [2008-06-13 11:21]:
> * Nico Golde:
> > * Martin Pitt <[EMAIL PROTECTED]> [2008-06-12 18:06]:
> >> after many years of callin
y idea on how to change the tracker information according
to that?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpoIzVDj3Y2z.pgp
Description: PGP signature
write my own tool to cross-reference the
> security tracker w/ the kernel repository, but hey - I'm lazy.. and
> this might be a good feature for the tracker in general).
What would be the effective difference to mark this as fixed
in and add for example a NOTE? Adding a pending
tag I se
ebian.net/tracker/DTSA-131-1
>
> BTW, I've noticed a typo in the repository file data/DTSA/list:
> it seems that the date of DTSA-132-1 has the wrong year (2007 rather
> than 2008)...
Thanks, already fixed.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - G
Hi,
* Nico Golde <[EMAIL PROTECTED]> [2008-04-09 20:59]:
> Hi Francesco,
> * Francesco Poli <[EMAIL PROTECTED]> [2008-04-09 20:08]:
> > DSA-1540-1 [1] was issued back on Monday and a corresponding tracker
> > page [2] has recently been added.
> >
> >
d of CVE-2008-1531.
Thanks for reporting!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpNbLuA2IhKd.pgp
Description: PGP signature
t states that version 1.1.2.dfsg-1.3 is vulnerable.
> Is this a security-tracker internal inconsistency?
[...]
The source package name was missing from the sarge tag in
our DSA file. Fixed this in svn. Thanks alot for reporting!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PR
Hi Florian,
* Florian Weimer <[EMAIL PROTECTED]> [2008-01-17 09:05]:
> * Nico Golde:
>
> >> Author: jmm-guest
> >> Date: 2008-01-16 17:57:08 + (Wed, 16 Jan 2008)
> >> New Revision: 7942
> >>
> >> Modified:
> >>data/CVE/
eck further
Is this the same maxdb? I wonder because it says SAP maxdb
and also the advisory is linking the SAP homepage as vendor
site while the description of the maxdb package in debian
references a mysql.com site. That's why I marked this as
NFU.
Kind regards
Nico
--
Nico Golde -
; wordpress package, discard some irrelevant ones. Have checked none
> with lenny/sid, that needs to happen still.
Do we really want our users in unstable to think that they
are affected by a problem while we don't know it?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL
doesn't like this.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgphVjIyENEx4.pgp
Description: PGP signature
Hi,
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-01-03 21:32]:
> Author: jmm-guest
> Date: 2008-01-03 20:31:53 + (Thu, 03 Jan 2008)
> New Revision: 7799
>
> Modified:
>data/CVE/list
> Log:
> new asterisk issue
[...]
Did you request a CVE id?
Che
ian-security-announce-2007/msg00217.html
> [2] http://security-tracker.debian.net/tracker/DSA-1435-1
>
>
> Please update the tracker.
[...]
Moritz fixed this in svn, thanks for reporting!
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2007-December/008052.html
Kind r
Hi Micah,
* Micah Anderson <[EMAIL PROTECTED]> [2007-12-20 21:17]:
> On Tue, 18 Dec 2007 19:53:27 +0100, Nico Golde wrote:
> > * maximilian attems <[EMAIL PROTECTED]> [2007-12-17
[...]
> >> CVE-2006-7051
> >> d02479bdeb1c9b037892061cdcf4e730183391fa v2.6.2
Hi Maximilian,
* maximilian attems <[EMAIL PROTECTED]> [2007-12-17 23:10]:
> On Mon, 17 Dec 2007, Nico Golde wrote:
>
> > Thanks very much for letting us know, I marked the reported
> > CVE ids as fixed in the reported versions.
>
> thanks a lot!
>
> ok no
k the releavant entry as done.
[...]
Thanks very much for letting us know, I marked the reported
CVE ids as fixed in the reported versions.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 e
ding the feed
you can do a nice distributed user credentials cashing with
this. Especially considering Moritz' comment on
CVE-2007-1375 I think this should be low.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpkZY7bw1ops.pgp
Description: PGP signature
changeset_r6893.1_2_3_modified
and the 1.2.5 release fixes some additional regressions.
These changesets are in the 1.2.4 package and the patches
are those changesets which closed the bug in upstreams trac.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647
and by the fixed version? I somehow
> thought that the DSA-1404-1 would take care of that. Can someone enlighten me
> how this works exactly?
You can completely delete the etch line since that's
what the DSA was added for.
Kind regards
Nico
--
Nico Golde - http://www.ngo
Hi Moritz,
* Moritz Muehlenhoff <[EMAIL PROTECTED]> [2007-10-22 18:12]:
> (Replying to the correct list.)
> On Mon, Oct 22, 2007 at 03:01:30PM +0200, Nico Golde wrote:
> > Hi,
> > CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in
> > Frederico
as "DISPUTED".
Thanks for the hint, contacted Steven Christey because of
this.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpqzF6w8lwny.pgp
Description: PGP signature
lot.
Fixed all of the reported items in svn.
Thanks for reporting!
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpaZBWCEUmQe.pgp
Description: PGP signature
in next weeks.
Thanks, marked this in the tracker, I can confirm this.
Please include some information why it is not affected next
time since it took me some time now to find out that you
already patch the code in diff.gz while the code in the
tarball is vulnerable.
Kind regards
Nico
--
Nico G
mention it, is not a sufficient
> reason.
That not what I did, otherwise I would have tagged the other
ezpublish entries like this too but didn't.
Cheers
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpSAYOjlns0V.pgp
Description: PGP signature
if (query.length > 5) {
>
> I'm not really familiar with the web toolkit that it uses, so maybe someone
> who is can take a look at this.
As far as I know web browser don't process the escapes found
in embedded java script so changing > to > should be
enough. In
90 matches
Mail list logo