Bug#851674: libpng16-16: Infinite Loop when parsing PNG file with bad ADLER32

Package: libpng16-16 Severity: important Dear Maintainer, Hi, there is an endless loop in libpng 1.6-1.6.26 as provided by testing, which could be abused for Denial of Service Attack, as far as i can see, it is caused by the following bad error handling of the inflate. For most errors with the

Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode

Hello, I do not see the packages in the repository yet, is there anything I can help with? Regards, Eric On 05/22/2014 01:44 PM, Felix Geyer wrote: > On 2014-05-22 09:57, Eric Sesterhenn wrote: >> Package: libapache2-mod-wsgi >> Version: 3.3-4 >> Severity: criti

Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode

Package: libapache2-mod-wsgi Version: 3.3-4 Severity: critical Tags: security Justification: root security hole Dear Maintainer, as far as I can tell, CVE-2014-0240 affects the stable package of mod-wsgi. The patch provided by the mod-wsgi team applies wih fuzzing to the source shipped by debian.

Bug#730507: [Pkg-monitoring-maintainers] Bug#730507: ganglia-web: Cross-Site-Scripting Issue in Ganglia-web 3.5.8

am not getting highly involved in Ganglia. Best regards, Eric > Thanks for the report > > Regards, > > Daniel > > > On 25/11/13 22:35, Eric Sesterhenn wrote: > > Package: ganglia-web > > Version: 3.5.8 > > Severity: grave > > Tags: security u

Bug#730507: ganglia-web: Cross-Site-Scripting Issue in Ganglia-web 3.5.8

Affected Version At least ganglia-web-3.5.8 and ganglia-web-3.5.10 Problem Overview Technical Risk: medium Likelihood of Exploitation: medium Vendor: Open Source / Debian Reported by: Eric Sesterhenn Advisory

Bug#726976: ldap-account-manager: Pre-Authentication Cross-Site-Scripting in current_language parameter

the victim clicks on a link to a different web-site, which contains a web form and JavaScript to submit this form automatically this can be exploited without requiring more user interaction. Regards, Eric > Best regards > > Roland > > > On 21.10.2013 08:49, Eric Ses

Bug#726976: ldap-account-manager: Pre-Authentication Cross-Site-Scripting in current_language parameter

, ldap-account-manager-4.2.1 and possibly others Problem Overview Technical Risk: medium Likelihood of Exploitation: medium Vendor: Debian / Roland Gruber Reported by: Eric Sesterhenn Advisory updates: http://www.rusty-ice.de/advisory/advisory_2013001.txt Advisory Status: Private

Bug#639821: asterisk: Asterisk crashes in softmix_bridge_thread()

53759&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel where a patch is also included. See http://svnview.digium.com/svn/asterisk/trunk/main/bridging.c?r1=266877&r2=266876&pathrev=266877 The patch is not yet in the debian asterisk, please ask if you require further information. Th