severity 557948 serious
thanks
It is not OK to break the system's mail silently on upgrade and this
should not have gone into testing.
There was no README.Debian entry that apt-listchanges could have alerted
me to, no changelog entry noting the implication of the fix for bug
#500454, and no docum
Package: zsh
Version: 4.3.10-2
Severity: important
Recently (one or two weeks, probably when I upgraded to the current version of
zsh), I've been seeing intermittent segfaults - I'll run a command like less or
cd and my terminal will die on me. I've never seen it happen in a long-running
shell; i
Josselin Mouette on 2009-03-23 19:35:53 +0100:
> Le dimanche 01 mars 2009 à 17:40 -0500, Alec Berryman a écrit :
> > I tried to submit track listings by filling them in, going to the Disc
> > menu, and choosing Submit Track Names. I get the following error:
> >
&g
Package: sound-juicer
Version: 2.22.0-2
Severity: normal
I tried to submit track listings by filling them in, going to the Disc
menu, and choosing Submit Track Names. I get the following error:
"Could not open URL
Sound Juicer could not open the submission URL
Reason: There was an error launchi
Steve Fosdick on 2009-01-14 22:47:03 +:
> Package: rzip
> Version: 2.1-1
> Severity: important
Thanks for the bug report!
> I attempted to unzip using a command similar to the following:
>
> rzip -d -o dir/disk.img disk.img.rz
>
> This produced the error:
>
> Bad checksum 0x3b2bfb2a - expect
The patch with http://marc.info/?l=git&m=122142754428597&w=2 fixes the
issue for me.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: llvm
Version: 2.2-8
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
llvm includes emacs and vim syntax modes for LLVM assembly files and
TableGen description files in the utils/ subdirectory; it'd be great if
the Debian package included them.
- -- System Information:
De
Package: resolvconf
Version: 1.40
Severity: normal
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The code for restarting dnscache in the script /etc/resolvconf/update.d/dnscache
guesses between runit and daemontools by looking at dnscache's parent
directory. It assumes runit when it
Milan Zamazal on 2008-03-15 10:38:54 +0100:
> Before I report the problem upstream, would you please try the current
> version when it hits archives?
I'll give it a shot this weekend and let you know how it goes.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". T
I've been seeing this problem; it started for me over the past week or two.
I haven't changed my copy of crm114 in that time, but I have done a
regular regimin of apt-get updates for testing. The only interesting
data point I have is that it happened after a kernel upgrade; the host
is Xen 3.0 an
Package: cvs2svn
Version: 2.0.1-1
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
2.1.0 was released last week.
The new version supports the fastimport format used by git and bzr.
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'test
NLryc=
=bFbb
-END PGP SIGNATURE-
>From ef29d3aef254067a5a18cdc2592a3de2da1e1dce Mon Sep 17 00:00:00 2001
From: Alec Berryman <[EMAIL PROTECTED]>
Date: Sat, 23 Feb 2008 13:51:20 -0500
Subject: [PATCH] Ignore non-FHS-compliant files from djbdns
---
init.d/50vcs-ignore | 11 +
Package: uswsusp
Followup-For: Bug #437094
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just to follow up - I also have a Thinkpad X40 and also saw this
problem. For whatever reason, appending nolapic to my kernel options
fixes this for me.
- -- System Information:
Debian Release: lenny/sid
Package: xkb-data
Version: 1.0~cvs.20070721-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I use the right alt key to generate a mod3 mask for my window manger.
>From my ~/.xmodmaprc:
add Mod3 = Alt_R
It's worked for a year or two now, but stopped working when I upgraded
x
I would also like to see this list.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: knowledgetree
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-2849 [0]:
"KnowledgeTree Document Management (aka KnowledgeTree Open Source)
before STABLE 3.3.7 does not require a password for an unregistered
user, when the user exists in Active Direc
Package: ircii-pana
Version: 1:1.1-5
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3360 [0]:
"hook.c in BitchX 1.1-final allows remote IRC servers to execute
arbitrary commands by sending a client certain data containing NICK and
EXEC strings, which exceed
Package: freetype
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3506 [0]:
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
2.3.3 allows context-dependent attackers to cause a denial of service
and possibly execute arbitrary code via u
Package: flac123
Version: 0.0.9-5
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3507 [0]:
"Stack-based buffer overflow in the local__vcentry_parse_value function
in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10
allows user-assiste
Package: sun-java6
Version: 6-00-2
Severity: normal
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2007-3503:
"The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML
documentation pages that contain cross-site scripting (XSS)
vulnerabilities, which allows remote
Roger Leigh on 2007-06-10 11:30:11 +0100:
> The following patch fixes this and has been applied in SVN. It will
> be included in sbuild 0.56. If you apply the patch to sbuild, does
> this restore the old behaviour for you?
Yes, it does. Thanks!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Package: sbuild
Version: 0.55
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Somewhere between 0.52 and 0.55, the --force-orig-source option was
renamed to --force_orig_source (dashes changed to underscores). The man
page still documents the dashed version (twice), but the progra
Package: uswsusp
Followup-For: Bug #416399
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The bug does not appear in 0.6~cvs20070202-1. If it's too late to get a
fix into etch, would it be possible to document this in the release
notes? I thought uswsusp was broken until I fiddled around with
im
Package: uswsusp
Version: 0.3~cvs20060928-7
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Setting image_size to 0, either via debconf or manually, does not
produce the expected result when running `s2disk`. I expect to see
uswsusp attempt to minimize the size of the image and su
Package: rzip
Version: 2.1-1
Followup-For: Bug #411706
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So I don't forget, this was spotted/reported by Sören Nils Kuklau
<[EMAIL PROTECTED]>.
- -- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architectu
Package: rzip
Version: 2.1-1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
rzip returns a confusing error message when the user attempts to
compress a directory. It also leaves behind a small .rz file, on which
runzip will hang.
$ mkdir foo
$ rzip foo
Failed to map buffer in rz
Package: libghc6-network-dev
Version: 2.0-2
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When this package was part of ghc, ghc6-doc included haddock-generated
HTML documentation for network. It would be great if the new
libghc6-network-dev would include this documentation or
Package: stgit
Version: 0.10-1
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
stgit-0.11 was released 2006-10-21; it supports easy patch reordering
and allows the user to configure the low-level pull command in addition
to various other new features and bug fixes. It'd be great
Package: lxdoom
Version: 1.4.4main-0.1
Severity: grave
Followup-For: Bug #373269
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I also get that message and am running an AMD64. This error makes the
package mostly unusable since it doesn't start.
- -- System Information:
Debian Release: testing/u
Joey Hess on 2006-10-02 18:53:43 -0400:
> Applied
Thanks so much!
signature.asc
Description: Digital signature
Joey Hess on 2006-10-02 13:42:42 -0400:
> Alec Berryman wrote:
> > I have been using this for several days to allow users with LDAP
> > accounts full read/write access to a wiki. The only problem I have
> > encountered is that the Preferences page does not work corre
Attached is a patch enabling ikiwiki to optionally use HTTP
authentication in place of storing usernames and passwords for each
user.
If 'httpauth' is set to 1 in the setup file, the CGI wrapper will
silently use the REMOTE_USER ENV variable as the CGI::Session's "name"
parameter instead of redire
Package: glurp
Version: 0.11.6-4
Severity: minor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When I start glurp from the command line, I see many of these warnings:
(glurp:12946): libglade-WARNING **: Error loading image: Couldn't recognize the
image file format for file '/usr/share/pixmaps/g
Package: ikiwiki
Severity: wishlist
Please consider adding HTTP authentication to ikiwiki's CGI wrapper.
HTTP authentication would allow the reuse of the accounts and passwords
users likely already have for RCS access, whatever that account system
be - LDAP, Kerberos, or otherwise.
--
To UNSUBS
Package: devscripts
Version: 2.9.20
Tags: patch
Followup-For: Bug #378406
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attached is a patch to implement the desired behavior. I tried it on
two scripts; /usr/bin/beagle-search (which contains an 'exec -a') and
/usr/bin/artsdsp (which contains an '
Package: libmodplug
Version: 1:0.7-4 1:0.7-5
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-4192: "Multiple buffer overflows in MODPlug Tracker (OpenMPT)
1.17.02.43 and earlier and libmodplug 0.8 and earlier allow
user-assisted remote attackers to execute ar
My rational wasn't included with the severity increase (used bts but
didn't escape the comment):
If this was serious enough to issue a DSA for woody/sarge, it will
again be serious enough to issue a DSA for etch; this vulnerability
should be taken care of before the release.
signature.asc
Descri
Ola Lundqvist on 2006-08-17 10:13:34 +0200:
> > cfengine has been superseded by cfengine2 and is dead upstream. #367057
> > requests cfengine be removed from the archive. Would you please
> > convert dpsyco-cfengine to use cfengine2?
>
> What is the difference between them?
I don't know; I've
Steve Langasek on 2006-08-16 18:07:36 -0700:
> Alec,
>
> On Wed, Aug 16, 2006 at 03:04:51PM -0700, Debian Bug Tracking System
> wrote:
>
> > > severity 332433 serious
>
> Why? The original bug was filed by a member of the security team, and
> he tagged the bug as "important". Please don't cha
Package: dpsyco-cfengine
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cfengine has been superseded by cfengine2 and is dead upstream. #367057
requests cfengine be removed from the archive. Would you please
convert dpsyco-cfengine to use cfengine2?
Thanks,
Alec
-BEGIN
Hi Michael,
Just a friendly reminder that #375617 is an outstanding security issue
with spread. There's a patch in the BTS. It would be great to have
this fixed for etch.
Thanks,
Alec
signature.asc
Description: Digital signature
Package: libghc6-missingpy-dev
Version: 0.8.5
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Log from install:
[EMAIL PROTECTED] ~ :( $ apt-get -f install
Reading package lists... Done
Building dependency tree... Done
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Package: cheesetracker
Version: 0.9.9-1 0.9.9-5
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3814: "Buffer overflow in the
Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese
Tracker 0.9.9 and earlier allows user-assisted attackers t
Package: tomcat5
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3835: "Apache Tomcat 5 before 5.5.17 allows remote attackers to
list directories via a semicolon (;) preceding a filename with a mapped
extension, as demonstrated by URLs ending with /;index.j
Package: krusader
Version: 1.51-1
Followup-For: Bug #380063
I tested this with sarge's krusader and can't reproduce this exploit.
Although the file krbookmarks.xml is created group- and world-readable
(that can and should be easily fixed), the
directory it is in is not. For the path
/home/alec/.k
Package: libc6-xen
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Debian offers a Xen hypervisor for amd64; it would be great if
libc6-xen was also built for that platform.
Thanks!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEw5+BAud/2YgchcQRAo8AAJ0
Package: libdumb
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3668: "Heap-based buffer overflow in the it_read_envelope
function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
earlier, and current CVS as of 20060716, allows user-complicit attac
Package: hyperestraier
Version: 1.2.5-1
Severity: serious
Tags: security fixed-upstream
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3671: "Cross-site request forgery (CSRF) vulnerability in the
communicate function in estmaster.c for Hyper Estraier before 1.3.3
allows remote attackers
Package: armagetron
Version: 0.2.7.0-1.1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3673: "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier
allows remote attackers to cause a denial of service (application crash)
via a large owner value, which c
Package: konqueror
Version: 4:3.3.2-1sarge1
Followup-For: Bug #378962
I am unable to reproduce this in Sarge with the previously-mentioned
sample exploit.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO
Package: konqueror
Version: 4:3.5.3-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3672: "KDE Konqueror 3.5.1 and earlier allows remote attackers
to cause a denial of service (application crash) by calling the
replaceChild method on a DOM object, which t
Package: awstats
Version: 6.5-2
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3681: "Multiple cross-site scripting (XSS) vulnerabilities in
awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers
to inject arbitrary web script or HTML via
Package: liblog-log4perl-perl
Version: 1.04-1
Severity: wishlist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just as a heads-up, log4perl 1.06 was recently released.
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: a
Package: horde3
Version: 3.0.4-4sarge4 3.1.1-3
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3548: "Multiple cross-site scripting (XSS) vulnerabilities in
Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through
3.1.1 allow remote attackers to i
Package: adplug
Version: 2.0-3 1.5.1-6
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3582: "Multiple stack-based buffer overflows in AdPlug 2.0 and
earlier allow remote user-complicit attackers to execute arbitrary code
via the size specified in the
Package: hiki
Followup-For: Bug #378059
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attached is my backport of the patch in 0.8.6 for 0.6.5. The
recommended timeout is 30 seconds; this is set in a configuration option
in hiki 0.8.x, but that configuration framework doesn't seem to be
present i
Package: hiki
Version: 0.8.3-1 0.6.5-1
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3379: "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0
through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a
denial of service (CPU consumption
Package: phpmyadmin
Version: 4:2.8.1-1 4:2.6.2-3sarge1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3388: "Cross-site scripting (XSS) vulnerability in phpMyAdmin
before 2.8.2 allows remote attackers to inject arbitrary web script or
HTML via the ta
Please address CVE-2006-3325 and CVE-2006-3324 before uploading quake3.
Thanks,
Alec
signature.asc
Description: Digital signature
Package: libpng
Version: 1.2.8rel-5.1 1.0.18-1 1.0.12-3.woody.9
Severity: grave
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3334: "Buffer overflow in the png_decompress_chunk function in
pngrutil.c in libpng before 1.2.12 allows context-dependent attackers
to cause
Package: sitebar
Version: 3.3.8-1 3.2.6-7
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php
in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary
web script or HTML via the comm
Package: hashcash
Version: 1.17-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3251: "Heap-based buffer overflow in the array_push function in
hashcash.c for Hashcash before 1.22 might allow attackers to execute
arbitrary code via crafted entries."
Package: phpqladmin
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3301: "Multiple cross-site scripting (XSS) vulnerabilities in
phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary
web script or HTML via the domain parameter in (1) user
Thijs Kinkhorst on 2006-06-29 16:27:37 +0200:
> I've taken a look, and can't reproduce the issue at all. I'm also not
> sure how it should work and how it relates to the register_globals
> that was mentioned. The report excells in vagueness.
I agree completely.
> I've forwarded the issue upstrea
Package: squirrelmail
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3174: "Cross-site scripting (XSS) vulnerability in search.php
in SquirrelMail 1.5.1 and earlier, when register_globals is enabled,
allows remote attackers to inject arbitrary HTML via t
csync2-1.32.tar.gz contains paper.pdf, the documentation the original
submitter requested.
signature.asc
Description: Digital signature
Package: gnupg
Version: 1.4.3-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3082: "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and
earlier versions, allows remote attackers to cause a denial of service
(gpg crash) and possibly overwrite memory
Package: gnupg2
Version: 1.9.20-1 1.9.15-6
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3082: "parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and
earlier versions, allows remote attackers to cause a denial of service
(gpg crash) and possibly overw
Moritz Muehlenhoff on 2006-06-15 12:10:15 +0200:
> On Wed, Jun 14, 2006 at 05:53:45PM -0500, Alec Berryman wrote:
>
> > Although the CVE is Gentoo-specific, Debian's libjpeg-mmx is not built
> > with --maxmem enabled, making it vulnerable. I have attached a trivial
>
I also see this behavior.
pgpFHYqKpUIJb.pgp
Description: PGP signature
I also miss this feature in apt-rdepends and asked around today on
#debian-devel to see if there is an alternate solution. I was provided
with the following shell function:
apt-rbdepends () {
grep-dctrl -F Build-Depends "$1" -s Package /var/lib/apt/lists/*_Sources
}
I didn't see that thi
Package: sound-juicer
Version: 2.14.4-1
Severity: grave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I installed sound-juicer without having many other GNOME packages on my
system. When I started it up, I received the following error message
before the program quit without having displayed the
Package: dokuwiki
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2945: "Unspecified vulnerability the user profile change
functionality in DokuWiki, when Access Control Lists are enabled, allows
remote authenticated users to read unauthorized files
Package: overkill
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2971: "Integer overflow in the recv_packet function in 0verkill
0.16 allows remote attackers to cause a denial of service (daemon crash)
via a UDP packet with fewer than 12 bytes, which res
Package: libjpeg-mmx
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-3005: "The JPEG library in media-libs/jpeg before 6b-r7 on
Gentoo Linux is built without the -maxmem feature, which could allow
context-dependent attackers to cause a denial of ser
Package: zope-zms
Severity: normal
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2997: "Cross-site scripting (XSS) vulnerability in ZMS 2.9 and
earlier, when register_globals is enabled, allows remote attackers to
inject arbitrary web script or HTML via the raw parameter i
Package: sylpheed-gtk1
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2920 has been updated to report sylpheed is vulnerable to the
URI bypass I filed bug reports about yesterday. New CVE text:
"Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 all
Ricardo Mones on 2006-06-13 01:27:57 +0200:
> Will be handled in the upload of the new 2.3.0 version, released
> today.
Thanks for your prompt response!
pgpt5A5o9nB9l.pgp
Description: PGP signature
Package: knowledgetree
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2885: "Multiple cross-site scripting (XSS) vulnerabilities in
KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to
inject arbitrary web script or HTML via the (1) fDoc
Package: libgd2
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2906: "The LZW decoding in the gdImageCreateFromGifPtr function
in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33
allows remote attackers to cause a denial of service
Package: sylpheed-claws
Severity: important
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to
bypass the URI check functionality and makes it easier to conduct
phishing attacks via a URI that begins with a spa
Package: sylpheed-claws-gtk2
Severity: important
Tags: patch security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2920: "Sylpheed-Claws before 2.2.2 allows remote attackers to
bypass the URI check functionality and makes it easier to conduct
phishing attacks via a URI that begins with
Package: libspf
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-1520: "Format string vulnerability in ANSI C Sender Policy
Framework library (libspf) before 1.0.0-p5, when debugging is enabled,
allows remote attackers to execute arbitrary code via format
Package: php5
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-1014: "Argument injection vulnerability in certain PHP 4.x and
5.x applications, when used with sendmail and when accepting remote
input for the additional_parameters argument to the mb_send_ma
Package: php4
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-1014: "Argument injection vulnerability in certain PHP 4.x and
5.x applications, when used with sendmail and when accepting remote
input for the additional_parameters argument to the mb_send_ma
Package: php-pear
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-0931: "Directory traversal vulnerability in PEAR::Archive_Tar
1.2 allows remote attackers to create and overwrite arbitrary files via
certain crafted pathnames in a TAR archive."
This is P
Package: orpheus
Severity: important
Tags: security patch
CVE-2005-3863: "Stack-based buffer overflow in kkstrtext.h in ktools
library 0.3 and earlier, as used in products such as (1) centericq, (2)
orpheus, (3) motor, and (4) groan, allows local users or remote
attackers to execute arbitrary code
Package: motor
Severity: important
Tags: security patch
CVE-2005-3863: "Stack-based buffer overflow in kkstrtext.h in ktools
library 0.3 and earlier, as used in products such as (1) centericq, (2)
orpheus, (3) motor, and (4) groan, allows local users or remote
attackers to execute arbitrary code v
Package: fastjar
Version: 1:4.1.0-4
Severity: normal
Tags: security
CVE-2005-3990: "Directory traversal vulnerability in FastJar 0.93 allows
remote attackers to overwrite arbitrary files via a .jar file containing
filenames with "../" sequences."
I can reproduce this with the following steps (mod
Package: jsboard
Severity: important
Tags: security
CVE-2006-2109: "Cross-site scripting (XSS) vulnerability in the
parse_query_str function in include/print.php in JSBoard 2.0.10 and
2.0.11, and possibly other versions before 2.0.12, allows remote
attackers to inject arbitrary web script or HTML
Roland Stigge on 2006-05-20 23:26:28 -0500:
> Unfortunately, I can't reproduce this in full length. I can see the
> error message popup (which I consider natural), but neither dia
> crashing nor executing the "malicious code" (printing "DIA").
I see the following behavior with dia 0.95.0-3:
$ to
Package: pdnsd
Severity: serious
Tags: security
CVE-2006-2076: "Memory leak in Paul Rombouts pdnsd before 1.2.4 allows
remote attackers to cause a denial of service (memory consumption) via a
DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated
by the OUSPG PROTOS DNS test suite.
Package: binutils
Version: 2.16.1cvs20060413-1
Severity: normal
Tags: security patch
CVE-2006-2362: "Buffer overflow in getsym in tekhex.c in libbfd in Free
Software Foundation GNU Binutils before 20060423, as used by GNU
strings, allows context-dependent attackers to cause a denial of service
(ap
Package: mp3info
Version: 0.8.4-9
Severity: normal
Tags: security patch
CVE-2006-2465: "Buffer overflow in MP3Info 0.8.4 allows attackers to
execute arbitrary code via a long command line argument. NOTE: if
mp3info is not installed setuid or setgid in any reasonable context,
then this issue might
Package: dia
Version: 0.95.0-3
Severity: normal
Tags: security patch
CVE-2006-2480: "Format string vulnerability in Dia 0.94 allows
user-complicit attackers to cause a denial of service (crash) and
possibly execute arbitrary code via format string specifiers in a .bmp
filename. NOTE: since the exp
Package: nagios
Severity: grave
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2489: "Integer overflow in CGI scripts in Nagios 1.x before
1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a conte
Package: gnunet
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2413: "GNUnet before SVN revision 2781 allows remote attackers
to cause a denial of service (infinite loop and CPU consumption) via an
empty UDP datagram, possibly involving FIONREAD erro
Hi debian-devel-games,
I've packaged up quackle [1] [2] [3]. Quackle is a QT4-based
Scrabble-like crossword game and analysis tool. It includes a computer
opponent, move generator, and simulator and may be used with any board
layout, alphabet, lexicon, and tile distribution. It's fun, colorful,
Package: phpmyadmin
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
PMASA-2006-2 [1] details two cross-site-scripting vulnerabilities in
several versions of phpMyAdmin. The advisory reports that all 2.8.0.x
releases are affected but older ones may be as well - fo
Package: twiki
Severity: important
Tags: patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-1387: "TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows
remote authenticated users with edit rights to cause a denial of service
(infinite recursion leading to CPU and memory consumption) v
1 - 100 of 134 matches
Mail list logo
