Hello Samuel,
looks like valid request. Upstream bugzilla entry created at:
[1] https://bugs.g10code.com/gnupg/issue1509
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
Hello,
>> https://code.google.com/p/smarty-php/source/detail?r=4660
>
> Good catch, thanks for your report :)
> And I've made a debdiff as attached.
>
>> security team
> I think it would be released as stable-proposed-updates since it has
> no CVEs, so I guess we probably say no DSAs for it.
J
Thank you for your report, Ian.
> Package: libpam-rsa
> Version: 0.8-9-2.4
> Tags: security
>
> * What led up to the situation?
> 1. I manually locked my screen using xscreensaver-command -lock.
> 2. I moved the pointer, causing the xscreensaver password screen to appear.
> 3. I moved the pointer
Thank you for your report, Sergio.
> Package: cups
> Version: 1.5.3-1
> Severity: important
> Tags: security
>
> I've created a print queue with an
> AllowUser user1
> option. When submitting a print job as user1 all goes as expected, but
> if I submit it as some other user I see a flood of
I am not completely
sure this is a security issue (and first wanted to obtain feedback from
gpm developers / upstream).
On Thu, 2012-06-14 at 11:06 +0200, Jan Lieskovsky wrote:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677418
I've updated some information there:
Mainly th
The CVE identifier of CVE-2011-4357 has been assigned to this issue:
[2] http://www.openwall.com/lists/oss-security/2011/11/28/6
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a su
The CVE identifier for this issue has been requested here:
[1] http://www.openwall.com/lists/oss-security/2011/11/27/1
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
Hello Josh, Steve, vendors,
it was found that DokuWiki's RSS embedding mechanism did not properly
escape user-provided links. An attacker could use this flaw to conduct
cross-site scripting (XSS) attacks, potentially leading to arbitrary
JavaScript code execution.
References:
---
[1] h
Hello, Josh, Steve, vendors,
It was found that perl-Data-FormValidator, a HTML form user input
validator, used to treat certain invalid fields as valid, when the
untaint_all_constraints directive was used (default for majority of
Data-FormValidator routines). A remote attacker could use this fl
Hello, Josh, Steve, vendors,
It was found that D-BUS message bus service / messaging facility did
not update the byte-order flag of the message properly by swapping the
byte order of incoming messages into their native endiannes. A local,
authenticated user could use this flaw to send a special
Hi Steve, vendors,
Guillem Jover pointed out:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5
a deficiency in the way rpcbind gathered / saved registrations from / to
dumped file(s). A local attacker could use this flaw to conduct symbolic
link attacks, leading to un-authorized
Hi guys,
CVE identifier of CVE-2010-0426 has been already assigned to this issue.
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas
12 matches
Mail list logo
