Bug#697666: [oss-security] CVE request for Movable Type

ke > missing input sanitation on the mt-upgrade.cgi page. > > As far as I can tell, no CVE has been allocated yet, could someone > allocate one? > > Regards, > > [1]: > http://www.movabletype.org/2013/01/movable_type_438_patch.html Please use CVE-2013-0209 for this issue.

Bug#693048: Gajim fails to handle invalid certificates

erhaps there, the behavior was different.) > > Anyway, if application developers set a verification callback, it > is their responsibility to implement it correctly. Therefore, I > don't think this is an OpenSSL issue. Makes sense, just wanted to confirm this problem resides withi

Bug#692791: [oss-security] Privilege escalation (lpadmin -> root) in cups

VE be allocated for this? Please use CVE-2012-5519 for this issue. Also if other vendors could check the permissions/configs/etc. and reply if they are vulnerable that would be good. > Regards, > - -- Kurt Seifried Red Hat Security Response Team (

Bug#684076: CVE-2012-3513 munin: User can load new config, pointing log to arbitrary file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2012-3513 munin: User can load new config, pointing log to arbitrary file - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -BEGIN PGP SIGNATURE- Version: GnuPG

Bug#684075: CVE-2012-3512 munin: insecure state file handling, munin->root privilege

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2012-3512 munin: insecure state file handling, munin->root privilege - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4

Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/27/2012 09:41 AM, Steve Schnepp wrote: > On Wed, Apr 18, 2012 at 07:04, Kurt Seifried > wrote: >>> In addition munin parses parts of the query string. You are >>> allowed to modify the size of the image. By choosing a p

Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/17/2012 11:16 PM, Helmut Grohne wrote: > On Tue, Apr 17, 2012 at 11:04:56PM -0600, Kurt Seifried wrote: >> On 04/16/2012 11:34 PM, Helmut Grohne wrote: >>> The basic requirement is that a plugin called vmstat is >>&

Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/16/2012 11:34 PM, Helmut Grohne wrote: > Hi Kurt, > > Please always CC the bug report when adding detail to it. Doing it > now for you. > > On Mon, Apr 16, 2012 at 01:19:32PM -0600, Kurt Seifried wrote: >>> [3]

Bug#659376: Please use CVE-2012-0844 for this issue.

Please use CVE-2012-0844 for this issue. www.openwall.com/lists/oss-security/2012/02/11/3 -- Kurt Seifried Red Hat Security Response Team (SRT) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#659379: Please use CVE-2012-0843 for this issue.

Please use CVE-2012-0843 for this issue. www.openwall.com/lists/oss-security/2012/02/11/3 -- Kurt Seifried Red Hat Security Response Team (SRT) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654270: Please use CVE-2012-0824 for this issue.

Please use CVE-2012-0824 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654270: Does this need a CVE #?

Does this need a CVE #? -- Kurt Seifried Red Hat Security Response Team (SRT) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652417: Please use CVE-2012-0813 for this issue.

Please use CVE-2012-0813 for this issue. http://seclists.org/oss-sec/2012/q1/294 -- Kurt Seifried Red Hat Security Response Team (SRT) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652417: Does this issue need a CVE #?

Does this issue need a CVE #? -- -- Kurt Seifried / Red Hat Security Response Team kseifr...@redhat.com -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656494: Please use CVE-2012-0064 for this issue.

Please use CVE-2012-0064 for this issue. http://www.openwall.com/lists/oss-security/2012/01/19/6 -- -- Kurt Seifried / Red Hat Security Response Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Conta

Bug#652996: [Secure-testing-team] Bug#652996: t1lib:, CVE-2011-0764

More info on those CVE's is available at: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1552 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1553 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1554 Hope this helps. -- -Kurt Seifried / Red Hat Security Response Team