14: remote DoS in quassel core with invalid handshake data.
+(Closes: #826402)
+- Add debian/patches/CVE-2016-4414.patch, cherry-picked from upstream.
+
+ -- Pierre Schweitzer Sun, 05 Jun 2016 12:41:35 +0200
+
quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high
* Non-maintainer up
Package: quasselcore
Version: 1:0.10.0-2.3+deb8u2
Severity: normal
Tags: security
Hi,
The following vulnerability was published for quassel.
CVE-2016-4414: remote DoSdue to invalid handshake data
This is fixed in this commit:
https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a93
47: remote DoS in quassel core, using /op * command.
+(Closes: #807801)
+- Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream.
+
+ -- Pierre Schweitzer Sun, 13 Dec 2015 11:04:05 +0100
+
quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high
* Fix CVE-2015-3427:
Hi Salvatore,
On 27/12/2015 09:09, Salvatore Bonaccorso wrote:
> Hi Pierre,
>
> On Mon, Dec 14, 2015 at 10:28:26PM +0100, Pierre Schweitzer wrote:
>> Dear all,
>>
>> After having asked for a CVE[0] for this Quassel issue [1], I've
>> uploaded you (attached)
Hi,
Please find attached a debdiff for Jessie backporting the fix for this
vulnerability.
Cheers,
--
Pierre Schweitzer
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
diff -Nru quassel-0.10.0/debian/changelog quassel-0.10.0/debian/changelog
--- quassel-0.
Package: care
Version: 2.2.1-1
Severity: wishlist
Dear maintainer,
So far the package shipped with Debian doesn't provide self-extracting support.
When attempting to create such an archive, care outputs:
care error: This version of CARE was built without self-extracting (.bin)
support
care warnin
Package: fish
Version: 2.1.2+dfsg1-2
Severity: normal
Recently, grep was upgraded in stretch/sid:
[UPGRADE] grep:amd64 2.20-4.1 -> 2.21-2
This bring an unwanted behavior, fish is using GREP_OPTIONS to control grep:
$ echo $GREP_OPTIONS
--color=auto
Any usage of grep will lead to this warning to
More information again for this bug.
It also affects Sid with (31.5.0esr-1).
On the other hand, Firefox in Ubuntu Trusty (LTS) isn't affected
(36.0+build2-0ubuntu0.14.04.4).
Regarding my proposal, I've proposed it upstream at:
https://bugzilla.mozilla.org/show_bug.cgi?id=1140159
As a side note, as a better fix it would be interesting to move all the
temporary files from Iceweasel to a directory such as
/tmp/iceweasel-user-random/ to prevent any information leak regarding
the metadata of the temporary files.
Will report this to upstream.
--
Pierre Schweitzer
System
Package: iceweasel
Version: 31.5.0esr-1~deb7u1
Severity: important
Tags: security
Dear all,
Iceweasel offers the possibility to open a file instead of downloading it. In
such situation, the file is downloaded into /tmp directory and then opened.
The permissions set on the downloaded temporary fil
Package: bind9
Version: 1:9.9.5.dfsg-8
Severity: normal
Tags: ipv6
When installed with default configuration, bind will only listen on 127.0.0.1
for IPv4 connections while it will listen on :: for IPv6 connections.
This a not consistent behavior, and exposes bind9 without much reasons.
A quick (wo
t: systemd (via /run/systemd/system)
>From a355271901e2b6aa2fc6a3982426a40055346446 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer
Date: Wed, 10 Dec 2014 19:57:36 +0100
Subject: [PATCH] The char \n will be displayed that way on IRC instead of
going to the next line. Just going to the next lin
nel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From 1527c958c5a11f7ebcd5107bfac43bbe398c7217 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer
Date: Wed, 10 Dec
/bin/dash
Init: systemd (via /run/systemd/system)
>From 69053894a842e530fb7c40ed0dc62026ce6d8dee Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer
Date: Wed, 10 Dec 2014 19:36:42 +0100
Subject: [PATCH] In case the commiter isn't a local user, don't attempt to use
$user which won't be d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please find attached a patch to resolve the issue.
When in SVN context, it just chomp any trailing /.
Tested & fixing the issue here.
- --
Pierre Schweitzer
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
--
t;$2" > /dev/null 2>&1 &
Sorry for the confusion.
On 10/12/2014 18:43, gregor herrmann wrote:
> On Wed, 10 Dec 2014 17:04:56 +0100, Pierre Schweitzer wrote:
>
>> Package: kgb-client Severity: important Tags: upstream
>>
>> This report follows the r
Package: kgb-client
Severity: important
Tags: upstream
This report follows the report on Ubuntu LP:
https://bugs.launchpad.net/ubuntu/+source/kgb-bot/+bug/1400453
When calling the kgb-client on a SVN repo with a tailing "/", the client will
hit an assert:
perl: /build/buildd/subversion-1.8.8/subv
://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
- --
Pierre Schweitzer
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJUfwDfAAoJEHVFVWw9WFsLD8gQAJN1mNeoR34eqBzEmHVt
xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
When allowing more ciphers, it works also in Wheezy (and still works
in sid, obviously ;-)).
- --
Pierre Schweitzer
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-
:
"HTTP OK: HTTP/1.1 200 OK - 365 bytes in 0.115 second response time
|time=0.114707s;;;0.00 size=365B;;;0"
May the support be backported to Wheezy?
Cheers,
Pierre Schweitzer
-- System Information:
Debian Release: 7.7
APT prefers stable
APT policy: (500, 'stable'
t;
>> On 2014-11-20 14:15, Pierre Schweitzer wrote:
>>> A denial of service issues was fixed upstream. It received the
>>> CVE-2014-6060. The fix commit got cherrypicked into unstable
>>> recently.
>>
>> Assuming the resulting package has been teste
aintainer upload by the Security Team.
+ * Fix denial of service (CVE-2014-6060) in dhcpcd5:
+- backport fix from debian unstable dhcpcd5/6.0.5-2
+
+ -- Pierre Schweitzer Thu, 20 Nov 2014 13:29:49 +0100
+
dhcpcd5 (5.5.6-1) unstable; urgency=medium
* New upstream release
diff -Nru dhcpc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Salvatore,
Thanks for your feedback.
Here are the fixed files, taking into account your comments.
Cheers,
Pierre
On 11/18/2014 05:47 PM, Salvatore Bonaccorso wrote:
> Hi Pierre,
>
> On Tue, Nov 18, 2014 at 03:58:45PM +0100, Pierre S
Package: dhcpcd5
Severity: important
Tags: security patch
dhcpd5 is vulnerable to the CVE-2014-6060 which can cause a denial of service:
https://security-tracker.debian.org/tracker/CVE-2014-6060
Please find attached the debdiff & dsc for NMU upload which fixes the
vulnerability in unstable.
-- S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tested the quassel-core_0.8.0-1+deb7u3_amd64.deb matching the debdiff
from Salvatore.
It's working fine.
- --
Pierre Schweitzer
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-BEGIN PGP SIGNATURE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Rapahel,
How did you reproduce without wireshark? I'd be interested in trying
as well this method.
And for my method: I was running a wireshark on ethernet and nmap on
ethernet while my default gateway was on wifi. Both media used so.
Cheers,
P
Package: src:linux
Version: 3.16.3-2
Severity: important
Dear Maintainer,
I'm encountering a fully reproducible kernel panic when running specific
actions I will comment below. I didn't report this bug to kernel.org looking
for your kind review first and for potential information you may need.
F
Package: libc6
Version: 2.19-11
Severity: important
Dear Maintainer,
When trying to install the latest release of Intel Parallel Studio 2015 onto
Debian testing,
I'm facing a segfault. Using GDB, I could isolate the segfault in:
_dl_signal_error (errcode=errcode@entry=0, objname=objname@entry=0x
Source: icinga-cgi
Version: 1.11.0-1
Severity: normal
Tags: patch
The time picker table while scheduling downtime (for instance) is set to use
12h format while CGI expects 24h format. It makes impossible to schedule
downtime after 12h.
This is a bug already reported upstream: https://dev.icinga.o
ation, please ask.
With my best regards,
--
Pierre Schweitzer
System Administrator
ReactOS Foundation
smime.p7s
Description: S/MIME Cryptographic Signature
Hi,
now I've upgraded to Wheezy, I'm also hitting that bug which is kind of
blocking.
Is it possible to at least backport the fix?
This bug is pretty old, as the latest release of GnuTLS...
With my best regards,
--
Pierre Schweitzer
System Administrator
ReactOS Foundation
31 matches
Mail list logo
