Bug#972204: kdeconnect: CVE-2020-26164

/stable (buster). Please have a careful look at CVE-2020-26164_g_ssl_validation_checks.patch and check, whether those two disconnect() calls should really be disabled; while testing the patches I could not find any adverse effects. best regards, Adi Kriegisch [1] https://www.openwall.com/lists

Bug#880427: tinyproxy: If tinyproxy receives SIGHUP...

Dear maintainer, are there any plans to release an update to Stretch? The current package without the patch requires manual intervention after every logrotate invocation... -- Adi signature.asc Description: Digital signature

Bug#844632: Drupal: SA-CORE-2016-005

Package: drupal7 Version: 7.32-1+deb8u7 Severity: grave Tags: security Hi! The Drupal Security Team publicly announced a fix for an external URL injection flaw in Drupal7: https://www.drupal.org/SA-CORE-2016-005 -- Adi signature.asc Description: Digital signature

Bug#813406: [Pkg-samba-maint] Bug#813406: ctdb, raw sockets and CVE-2015-8543

Hi! > There are two set of patches: > - yours that basically keep the same behavior as pre-CVE-2015-8543 (proto=0) I just desperately tried to get my cluster going again... ;-) > - Amitay's that restore the intented behavior (proto=255) [...] > I think I'll got for Amitay's patch which probably

Bug#813406: ctdb, raw sockets and CVE-2015-8543

Package: ctdb Severity: grave Tags: patch,upstream Hi! The kernel upgrade for CVE-2015-8543 showed a bug in CTDB that leads to a broken cluster: | s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); htons(IPPROTO_RAW) leads to 0xff00 which causes "-1 EINVAL (Invalid argument)" because of CVE-201

Bug#796243: SA-CORE-2015-003 -- please also fix for backports...

Package: drupal7 Version: 7.32-1+deb8u3~bpo70+1 Tags: patch,security Severity: grave Hi! As SA-CORE-2015-003[1] is already public, I extracted the patch (diff between 7.38 and 7.39 plus removed the version bumps). It would be great if you could upload to wheezy-backports too (SA-CORE-2015-002 is

Bug#789165: SA-CORE-2015-002 -- please also fix for backports...

Package: drupal7 Version: 7.32-1+deb8u3~bpo70+1 Tags: patch,security Severity: grave Hi! As SA-CORE-2015-002[1] is already public, I extracted the patch (diff between 7.37 and 7.38 plus removed the version bumps). It would be great if you could upload to wheezy-backports too... Thanks! -- Adi

Bug#690142: remote named DoS on recursor (CVE-2012-5166)

Tags: security, patch find the Ubuntu patch attached. best regards, Adi Kriegisch === modified file 'bin/named/query.c' --- bin/named/query.c 2011-11-16 14:22:11 + +++ bin/named/query.c 2012-10-05 09:45:39 + @@ -1024,13 +1024,6 @@ mname = NULL; } - /* -

Bug#690142: remote named DoS on recursor (CVE-2012-5166)

}" section. As information on that bug already leaked (and even got mailed to full-disclosure by Mandriva), I am reporting to the Debian bugtracker. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 and https://kb.isc.org/article/AA-00801 for details. best regards,