Bug#809252: node-cli: insecure use of temporary files

Package: node-cli Version: 0.4.4~20120516-1 Severity: critical Tags: security Dear Maintainer, The `node-cli` library makes insecure use of the following two temporary files: lock_file = '/tmp/' + cli.app + '.pid', log_file = '/tmp/' + cli.app + '.log'; These allow overwriting

Bug#808730: stalin: Insecure use of temporary files

Package: stalin Version: 0.11-5 Severity: critical Tags: security When `stalin` launches it attempts to detect its environment via the following code in /usr/lib/stalin/QobiScheme.sc: (system "uname -m >/tmp/QobiScheme.tmp") ... (system "rm -f /tmp/QobiScheme.tmp")) This is a p

Bug#730189: ruby1.8: CVE-2013-4164

The patches seem to work successfully for me: * The test-suite that runs at compile-time still passes. * The reproducer stops segfaulting. The reproducer I'm using is: -- #!/usr/bin/ruby1.8 require 'json' JSON.parse("[1."+"1"*30+"]") -- Steve -- http://www.steve.org.uk/

Bug#651896: Acknowledgement (njam: Insecure usage of environmental variable)

Simple patch: --- src/njam.cpp-orig 2011-12-13 17:06:04.0 + +++ src/njam.cpp2011-12-13 17:07:08.0 + @@ -339,7 +339,7 @@ sprintf(linux_sdl_driver, "x11\0"); char *driver_name = getenv("SDL_VIDEODRIVER"); if (driver_name) - sprintf(linux_sdl_driver,

Bug#651896: njam: Insecure usage of environmental variable

Package: njam Version: 1.25-5 Justification: user security hole Severity: grave Tags: security *** Please type your report below this line *** The setgid(games) binary /usr/games/njam makes insecure use of the environmental variable SDL_VIDEODRIVER. This potentially allows the execution of arb

Bug#553948: winkeydaemon: Symlink attack allows creation of arbitrary files

Package: winkeydaemon Version: 1.0.1-3 Justification: user security hole Severity: grave Tags: security *** Please type your report below this line *** This is probably not a hugely exploitable issue, but reporting regardless: winkeydaemon.pl: if (-d "/tmp/.winkey") { # ok, no action re

Bug#548684: oping allows reading arbitrary files upon the local system - security issue

Package: oping Version: 1.3.2-1 Justification: user security hole Severity: grave Tags: security *** Please type your report below this line *** oping is setuid root and one of the command line arguments allows a configuration file to be specified. This file is read and *reported* to the con

Bug#546178: planet: [CVE-2009-2937] - Insufficient escaping of input feeds

On Fri Sep 18, 2009 at 14:06:44 +0200, Arnaud Fontaine wrote: > No I didn't, I could not find this discussion, could you please point it > me out? As soon as all these issues will have been addressed, I will > prepare a package (debian-security team: please do not upload the > package f

Bug#546178: planet: [CVE-2009-2937] - Insufficient escaping of input feeds

On Fri Sep 18, 2009 at 13:38:39 +0200, Arnaud Fontaine wrote: > I have prepared yesterday a package for Lenny including this patch. At > the moment, I'm waiting for a reply from the debian-security team. Great. Don't forget etch to. > Thank you very much for the patch and bug report. Did

Bug#546178: Updated patch

The patch doesn't account for case variations, so it shold be updated: + +for i in xrange (len (attrs)): +k,v = attrs[i] +if (( k == "src" ) or ( k == "href" ) ) and (v.lower().find("javascript:" ) <> -1 ): +del attrs[i] + return attrs S

Bug#546178: planet: [CVE-2009-2937] - Insufficient escaping of input feeds

Subject: planet: [CVE-2009-2937] - Insufficient escaping of input feeds Package: planet Justification: user security hole Severity: grave Tags: security *** Please type your report below this line *** The planet feed aggregator attempts to remove malicious content from user-submitted feeds. It d

Bug#546179: planet-venus: [CVE-2009-2937] - Insufficient escaping of input feeds

Subject: planet-venus: [CVE-2009-2937] - Insufficient escaping of input feeds Package: planet-venus Justification: user security hole Severity: grave Tags: security *** Please type your report below this line *** The planet feed aggregator attempts to remove malicious content from user-submitted

Bug#518122: Acknowledgement (Security issue in mantis)

Looks like I filed this too soon - the bug is fixed in Lenny's package already. Steve -- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#518122: Security issue in mantis

Package: mantis Severity: grave Tags: security Version: 1.1.6+dfsg-2 There's a security issue in the mantis version in lenny, at least, which allows registered users to run commands on the server. Details here: http://secunia.com/advisories/32314/ Patch here: http://mantisb

Bug#509288: gnomad2: segfault on start up / vorbis comment headers

The patch below my sig is sufficient to fix the bug. See here for more details: http://blog.steve.org.uk/what_can_you_do__sparta_will_need_sons_.html Steve -- Managed Anti-Spam Service http://mail-scanning.com/ s...@gold:/tmp$ diff --unified --ignore-space-change gnomad2-2.9.1/src/tag

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote: > no, its got nothing to do with /var/lib/twiki/data etc, its the location > for session data - produced by CGI::Session etc. Yes it does. The code we're talking about is contained in the file debian/postinst, and only executes u

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote: > I will have to assume that this report is indeed incorrect unless I hear > otherwise. On my Debian Etch system: [EMAIL PROTECTED]:~$ apt-get source twiki Reading package lists... Done Building dependency tree... Done Need to get 430

Bug#489756: poppler CVE-2008-2950 in etch

On Wed Jul 09, 2008 at 12:04:01 +0200, Wichert Akkerman wrote: > I see CVE-2008-2960 reported in the BTS as #489756 but I see no mention > of a fix for stable. Is someone working on a DSA for stable? There isn't one in progress. Tonight there will be a release of an update to handle CVE-2008

Bug#480059: vorbis-tools vulnerable to CVE-2008-1686

On Wed May 07, 2008 at 18:12:09 -0400, Jamie Strandboge wrote: > vorbis-tools contains embedded speex code, and although vorbis-tools is linked > to libspeex, it compiles the vulnerable code. Attached is a debdiff that > Ubuntu > is using in its 1.1.1 versions of vorbis-tools (fuzz removed). I

Bug#464756: kazehakase security fix patch

On Tue Apr 15, 2008 at 21:36:13 -0400, Andres Salomon wrote: > > Cool. The package is here: > > > > http://people.debian.org/~dilinger/security/kazehakase/etch/ > > > > I will give it a bit more testing later on tonight. Thanks. I'll upload this tomorrow. I assume this will be handled in

Bug#464756: kazehakase security fix patch

On Tue Apr 15, 2008 at 15:46:02 -0400, Andres Salomon wrote: > I'd rather see kaz linked against the system's pcre; > it's much easier to deal w/. Does the security team agree? Definitely! Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? C

Bug#475747: tss: Allows reading arbitary files

Package: tss Version: 0.8.1-3 Severity: grave Justification: user security hole Tags: security *** Please type your report below this line *** Due to poor permission checking the tss binary allows local users to read arbitrary files upon the system. For example the following reveals the con

Bug#468050: Security problems present in xwine

Package: xwine Version: 1.0.1-1.1 Severity: grave Justification: user security hole Tags: security *** Please type your report below this line *** I'd urge for the removal of this package from Lenny/Sid because of bug 460783 + this one... xwine contains two flaws: 1. Insecure use of te

Bug#464058: [horde-vendor] Bug#464058: turba access checking issue

On Thu Feb 21, 2008 at 02:41:41 +0100, Gregory Colpart wrote: > The package turba2 has vulnerabilities (See CVE-2008-0807, bug > #464058 and changelogs of fixed sarge/etch packages). A shining example of how to handle security updates. Thanks very very much for the fixed packages, and the clea

Bug#452518: security.debian.org: Error update samba_3.0.24-6etch5_i386.deb

On Fri Nov 23, 2007 at 12:25:42 +, Domijor wrote: >Today I updated with aptitude the package "samba" to the version >"samba_3.0.24-6etch5_i386.deb". I have PDC server with Samba. The cliente >don't connect >to server. The cliente connect with "smbfs". The log of system is: T

Bug#452515: security.debian.org: Error update samba_3.0.24-6etch5_i386.deb

On Fri Nov 23, 2007 at 12:02:59 +, Error update samba_3.0.24-6etch5_i386.deb wrote: > Today I updated with aptitude the package "samba" to the version > "samba_3.0.24-6etch5_i386.deb". I have PDC server with Samba. The cliente > don't connect > to server. The cliente connect with "smbfs".

Bug#446354: OpenBSD patch for CVE-2007-5365 is insufficient

On Mon Oct 29, 2007 at 19:33:17 +0100, Tomas Hoger wrote: > During testing of our updated dhcp packages, we have found out that > patch for CVE-2007-5365 used by OpenBSD was not sufficient and it was > still possible to crash dhcpd. Your dhcp packages released in DSA > 1388-1 also seem affected.

Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss

Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any

Bug#446354: dhcp: stack-based buffer overflow (CVE-2007-5365)

On Fri Oct 12, 2007 at 22:51:24 +1000, Steffen Joeris wrote: > A patch is attached below. Please tell me, if you want to take care of > it or if i should upload. Thanks for the patch, I will upload with it. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscr

Bug#441555: lighttpd: header overflow when using the mod_fastcgi extension

On Mon Sep 10, 2007 at 13:41:10 +0200, Stefan Andersson wrote: > Package: lighttpd > Version: 1.4.13-4etch1 > Severity: critical > Tags: security > Justification: arbitrary code execution Fixed already in DSA-1362. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "

Bug#436701: CVE-2007-1614: DoS and execution of arbitary code

On Thu Aug 09, 2007 at 01:07:47 +1000, Steffen Joeris wrote: > Package: zziplib > Severity: grave > Tags: security > Justification: user security hole > > Hi > > The following CVE[0] has be issued against zziplib. This seems to be a low-risk, from the one page I found describing it: http:/

Bug#435735: CVE-2007-3791: Buffer overflow in policyd

On Thu Aug 02, 2007 at 23:34:10 +0200, Stefan Fritsch wrote: > Package: postfix-policyd > Version: 1.80-2.1 > Severity: grave > Tags: security > Justification: user security hole > > A vulnerability has been found in policyd. From CVE-2007-3791: Building now. Steve -- -- To UNSUBSCRIBE, em

Bug#396360: Maybe time for DSA?

On Sat Jul 28, 2007 at 11:18:54 +0300, Touko Korpela wrote: > This bug has patch included, maybe security team could do upload? The code in Etch already contains this patch... I've not had a chance to check sarge yet, but I'm thinking that we're OK. Steve -- # The Debian Security Audit Pro

Bug#434888: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950]

On Fri Jul 27, 2007 at 09:11:48 -0500, Adam Majer wrote: > Package: lighttpd > Severity: critical > Tags: security > > Upstream patches from Trac seem to be available from upstream. Still waiting on CVE IDs. I can upload without them, but I'd rather not .. Steve -- -- To UNSUBSCRIBE, ema

Bug#434546: lighttpd: 1.4.16 has been released and contains security fixes

On Tue Jul 24, 2007 at 21:14:31 +0200, Olaf van der Spek wrote: > Lighttpd 1.4.16 has been released and contains security fixes, see > http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it A release is in preperation, just waiting on CVE IDs. We have one .. Steve -- -- To UNSUBSCRIBE,

Bug#428368: lighttpd vuln patch

This one isn't going to get released as-is, as there are a couple more pending issues with lighttpd. I'll roll them all up once I have valid identifiers for them. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECT

Bug#428368: lighttpd vuln patch

On Fri Jul 20, 2007 at 11:02:07 +0200, Pierre Habouzit wrote: > attached is the patch that fixes it. I'm going to NMU lighttpd in > unstable, please someone takes care of etch. Joey if you could allocate a DOS CVE ID I'll do the upload, I've already done lighttpd patches for etch. Steve --

Bug#432924: [CVE-2007-3641, CVE-2007-3644, CVE-2007-3645] various security bugs

On Fri Jul 13, 2007 at 08:16:07 -0500, John Goerzen wrote: > I will upload a fix to unstable shortly. However, it sounds like this could > also impact the version in stable, so CCing [EMAIL PROTECTED] Yes that looks to be the case. If you had a patch that would apply to the version in Stabl

Bug#425625: CVE-2007-2754: integer overflow and heap-based buffer overflow vulnerability in freetype

On Mon Jul 09, 2007 at 17:43:47 -0700, Steve Langasek wrote: > > Ok, uploading. > > -- please kick this one out, I just noticed I built it with > stable-security as the target. I'd be happy to do that if you, or somebody else, could tell me how to do so.. > Let me know if you would like me

Bug#425625: CVE-2007-2754: integer overflow and heap-based buffer overflow vulnerability in freetype

On Mon Jul 09, 2007 at 12:43:57 -0700, Steve Langasek wrote: > I've uploaded a freetype 2.1.7-7 package to > , signed and built for sarge. Thanks. > Let me know if you would like me to upload this to security.d.o (I promise > I'll even use the embar

Bug#431893: Acknowledgement (CVE-2007-2839: Trivial local-root attack)

This is fixed in DSA-1329-1. Just reported here for reference. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#431893: CVE-2007-2839: Trivial local-root attack

Package: gfax Version: 0.4.2-11 Severity: grave Usertags: sourcescan Tags: security *** Please type your report below this line *** The gfax package as released in Sarge, make unsafe use of temporary files which allow local users to gain root trivially. Etch, Lenny, and Sid are unaffected

Bug#431332: CVE-2007-2837: Arbitary file removal

On Sun Jul 01, 2007 at 21:56:43 +0200, Martin MAURER wrote: > I agree that this code could become a problem, although I wasn't able to > reproduce using screen and the command written in your mail. I could reproduce this using the -qt version of the client. First of all adding some rules, the

Bug#431336: Patch

Freq (); // lower the freq to [0,50) if (usrhome != NULL) { - sprintf (szFileName, "%s/%s/%s", usrhome, ".pyinput", "usrphrase.tab"); + snprintf (szFileName, sizeof(szFileName)-1, "%s/%s/%s", usrhome, ".pyinput", "

Bug#431331: CVE-2007-2838: Allow arbitary files to be created/truncated

On Sun Jul 01, 2007 at 21:47:42 +0200, Daniel Baumann wrote: > uploaded 0.1.6-2 with your patch and urgency=high, so you probably want > to mention this version for testing/sid in the DSA. Great. > no offence intended, but i'd be happy if you can next time attach the > patch to the bug report

Bug#431331: CVE-2007-2838: Allow arbitary files to be created/truncated

afe usage of temporary files. +[CVE-2007-2838] + + -- Steve Kemp <[EMAIL PROTECTED]> Thu, 28 Jun 2007 16:47:39 + + +gsambad (0.1.4-2) unstable; urgency=medium * Adjusting the icondir. * Makeing use of su-to-root in the desktop file. only in patch2: unchanged: --- gsamba

Bug#431336: CVE-2007-2835 : Buffer overflow.

Package: unicon-imc2 Version: 3.0.4-11 Severity: grave Usertags: sourcescan *** Please type your report below this line *** CVE-2007-2835 : Allows local root compromise via zhcon. Anyway, the setuid(0) zhcon application links to this library, which contains a buffer overflow which may be us

Bug#431332: CVE-2007-2837: Arbitary file removal

Package: fireflier-server Version: 1.1.6-3 Severity: grave Usertags: sourcescan *** Please type your report below this line *** Security issue: CVE-2007-2837. The server, fireflierd, runs with root privileges and the code contains this gem which I think speaks for itself: string getRule(u

Bug#431331: CVE-2007-2838: Allow arbitary files to be created/truncated

Package: gsambad Version: 0.1.5-5 Severity: grave Usertags: sourcescan *** Please type your report below this line *** Security issue: CVE-2007-2838 The gsambad package contains a binary (which may only be executed by the root user) with the following code in it: if((fp=po

Bug#430691: [EMAIL PROTECTED]

On Wed Jun 27, 2007 at 11:29:12 +0900, Taku YASUI wrote: > I'll upload new upstream version to sid soon. > And I attach the patch to fix this problem. Great, thanks. If you could tell us which version in Sid would fix the problem I can include that in the advisory. Steve -- -- To UNSUB

Bug#430691: hiki: [security] vulnerability that arbitrary files would be deleted

> Hiki 0.8.0 - 0.8.6 is affected, it means that stable, testing and unstable > pacakges in Debian are affected. Please update hiki package. > > For more detail, see http://hikiwiki.org/en/advisory20070624.html Joey if you could allocate an ID I'll upload a fixed package. Steve -- -- To

Bug#430012: CVE-2006-4168: Integer overflow vulnerability fixed in 0.6.16

On Thu Jun 21, 2007 at 20:16:41 +0200, Stefan Fritsch wrote: > CVE-2006-4168: > "Integer overflow in the exif_data_load_data_entry function in > libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to > cause a denial of service (application crash) or execute arbitrary code > via a

Bug#429218: [CVE-2007-3125] format string issue in X.509 certificate processing

Fixed already in Stable (etch): w3m (0.5.1-5.1) unstable; urgency=high * NMU by the Security Team: * Fix format string vulnerability in display of SSL certificates. (No CVE ID yet) (Closes: #404564) -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Tue, 26 Dec 2006 18:49:26 +0100 S

Bug#424690: CVE-2007-1673: denial of service (infinite loop) in zoo and unzoo

I see no copy of the vulnerable code in the Debian version of unzoo, I suspect this is only an issue for the non-free version of unzoo, which we'll not release an update for. Comments? Steve -- # Commercial Debian GNU/Linux Support http://www.linux-administration.org/ -- To UNSUBSCRIB

Bug#429191: flyspray phpmailer: not relevant for stable

On Sun Jun 17, 2007 at 18:20:01 +0200, Thijs Kinkhorst wrote: > For stable I've checked whether it's > vulnerable and I believe it's not: the vulnerability is in the SendmailSend() > function. That requires for the calling code to actually use the sendmail > method, which Flyspray does not allo

Bug#425625: CVE-2007-2754: integer overflow and heap-based buffer overflow vulnerability in freetype

On Wed May 30, 2007 at 06:19:29 -0700, Steve Langasek wrote: > Signed package for etch is on its way up to > right now (built with -sa, so > should indeed be ready for upload straight to security-master). Thanks a lot, Steve. > Let me know if there'

Bug#425625: CVE-2007-2754: integer overflow and heap-based buffer overflow vulnerability in freetype

ndirect attack > vectors, like embedding TTFs in other document types, etc. Agreed. > Steve Kemp wanted to work on a DSA, so you should probably check back > with him before preparing an upload. I was planning on handling this yes, so if there were a fixed package available for Etch the

Bug#404233: CVE-2006-6678: Netrik arbitrary command execution

On Fri, Dec 22, 2006 at 06:42:41PM +0100, Stefan Fritsch wrote: > A vulnerability has been reported in Netrik: Thanks for the report. Security update for Sarge is building now. Patch attached: Steve -- --- form-file.c 2003-08-06 10:28:45.0 + +++ /home/skx/form-file.c 20

Bug#398936: libapache2-mod-ifier: The module breaks POST processing

Package: libapache2-mod-ifier Version: 0.8-2 Severity: grave Justification: renders package unusable This module, when installed and enabled, breaks all processing of POST requests. It should be removed from Etch until it can be updated to work correctly. -- System Information: Debian Rel

Bug#396277: allows creating any file as root

arge2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix the insecure use of temporary files when invoked by logrotate. +[CVE-2006-4248] + + -- Steve Kemp <[EMAIL PROTECTED]> Tue, 31 Oct 2006 17:49:34 + + thttpd (2.23beta1-3sarge1) stable-securi

Bug#396277: allows creating any file as root

On Mon, Oct 30, 2006 at 10:56:28PM +0100, Marco d'Itri wrote: > By creating a /tmp/start_thttpd symlink a local attacker will be able to > create/touch any file as root. Thanks for the report. Once I get a CVE identifier allocated I'll handle an update for Sarge. Daniel if you have a prefe

Bug#394637: gaim-encryption plugin does not load

On Sun, Oct 22, 2006 at 01:08:18PM +0200, Jan Strnad wrote: > Package: gaim-encryption > Version: 3.0~beta5-3 > Severity: critical > Tags: security > Justification: root security hole This doesn't appear to have any security implications. Certainly not a root hole. Sure you could argue tha

Bug#381376: Status of CVE-2006-3918 #381376

On Sat, Sep 09, 2006 at 01:22:25PM +0200, Stefan Fritsch wrote: > On Saturday 09 September 2006 12:35, Lo?c Minier wrote: > > I think only apache was uploaded for CVE-2006-3918, and not > > apache2. Do you intend to issue a DSA for apache2 as well? Or > > isn't it affected by the vulnerability? >

Bug#380231: [CVE-2006-3747] Off-by-one flaw exists in the Rewrite module, mod_rewrite

On Fri, Jul 28, 2006 at 05:06:38PM +0200, Daniel Leidert wrote: > The latest release notes [1] of apache 1.3.37, 2.0.59 and 2.2.3 contains a > note, about an off-by-one flaw (CVE-2006-3747 [2]). > > [1] http://www.apache.org/dist/httpd/Announcement2.2.html > [2] http://cve.mitre.org/cgi-bin/cvena

Bug#380182: Confirmed

A security advisory is pending. This bug applies to both the apache and apache2 packages. Same fix in both packages, but in different locations... Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#379174: Shadow security update for CVE-2006-3378

On Sun, Jul 23, 2006 at 06:16:00PM +0200, Christian Perrier wrote: > Hello dear Security team (and ftpmasters, and shadow package maintainers), > > Being back from 2 days holiday I discover CVE-2006-3378 which has just > been revealed to our attention (#359174 in the BTS). I guess you mean #379

Bug#379347: xen-tools: xen-create image fails at xt-create-image

On Sun, Jul 23, 2006 at 01:27:51AM +0200, Henning Sprang wrote: > Actually, that helped, as said before, but it is not clear, or even > evident, that --debootstrap/--rpmstrap must be given from the manpage, I think it is - from "man xen-create-image": --cut-- INSTALLATION METHODS The

Bug#379347: further tests - no success

On Sun, Jul 23, 2006 at 01:03:33AM +0200, Henning Sprang wrote: > I also tried the same with a loopback dislk image - no success. OK that is good to know. > I do exactlky what is documented, and have no idea how to investigate > the problem further. I've given you things to try. The most o

Bug#379347: xen-tools: xen-create image fails at xt-create-image

On Sun, Jul 23, 2006 at 12:42:28AM +, Henning Sprang wrote: > Package: xen-tools > Version: 2.1-3 > Severity: grave > Justification: renders package unusable Grave seems a little extreme since the package clearly works for some. However I'm happy to leave it there for a day or two at leas

Bug#372531: Update of wzdftpd 0.5.2-1.1sarge1 for 3.1r3

On Tue, Jul 04, 2006 at 02:39:00PM +0200, Pierre Chifflier wrote: > On Tue, Jul 04, 2006 at 02:30:10PM +0200, Julien Danjou wrote: > > Hello, > > > > The fix for DSA-1006-1 on wzdftpd broke dependencies as explained in bug > > report #372531. > > We would like to see this bug fixed in the next sta

Bug#372719: regression in FreeType security fix for DSA-1095

On Sun, Jun 25, 2006 at 03:09:51PM -0700, Steve Langasek wrote: > As mentioned earlier this month, a regression was found in the freetype > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to crash > with division-by-zero errors. I've prepared a maintainer upload to fix > this re

Bug#375267: xen-tools: FTBFS: Test failures

On Sat, Jun 24, 2006 at 05:21:32PM -0400, Daniel Schepler wrote: > From my pbuilder build log: Good catch, thanks for reporting it. > ... > tests/getopt..ok 1 - File exists: ./bin/xen-create-image > ok 2 - File is executable > Cannot read file '/etc/xen-tools/xen-tools.conf' -

Bug#374181: leaks potentialy sensitive information (e.g. passwords) to www.google.com

On Sat, Jun 17, 2006 at 10:30:40PM +0200, Robert Millan wrote: > Thanks, it seems disabling "middlemouse.contentLoadURL" gets rid of the > problem. Could you make this the default? I think that is up to either a) Firefox upstream b) The Debian firefox maintainers It certainly isn

Bug#374181: leaks potentialy sensitive information (e.g. passwords) to www.google.com

On Sat, Jun 17, 2006 at 08:01:22PM +0200, Robert Millan wrote: > Package: firefox > Severity: grave > Tags: security Not a security bug. > When pasting using X11 clipboard to a firefox window, unless the focus is in a > specific place like the navigation bar or an edit box, it'll assume you wan

Bug#370544: security.debian.org: virus netbot spam sending DNS squatting

On Mon, Jun 05, 2006 at 09:26:55PM +0200, Yves Jean Marie Lambert wrote: > Package: security.debian.org > Severity: critical > Tags: security > Justification: root security hole > > "Enlarge your d1ck" spammers are using a security hole in debian : Which security hole? > all zombified system I

Bug#365533: [Secure-testing-team] Re: Bug#365533: CVE-2006-1896: Admin command execution

On Tue, May 30, 2006 at 07:14:11PM +0200, Jeroen van Wolffelaar wrote: > On Tue, May 30, 2006 at 09:55:16AM +0200, Thijs Kinkhorst wrote: > > On Sun, 2006-05-28 at 22:11 +0100, Steve Kemp wrote: > > > Uploaded. > > > > Thanks! But... can't find the up

Bug#365533: [Secure-testing-team] Re: Bug#365533: CVE-2006-1896: Admin command execution

On Sun, May 28, 2006 at 11:02:18PM +0200, Thijs Kinkhorst wrote: > On Tue, 2006-05-23 at 12:36 +0200, Thijs Kinkhorst wrote: > > Problem is that Jeroen announced that he's on a trip through Mexico > > now, > > so I'm left without someone to upload. Maybe the (testing) security > > team > > or any o

Bug#360657: passwd SIGSEGV on empty password

On Mon, Apr 03, 2006 at 10:59:32PM +0200, Matteo Croce wrote: > Package: passwd > Version: 1:4.0.14-9 > Severity: critical > Tags: security > Justification: root security hole > > Just press ^D instead of the new password and passwd will segfaults. > I think that this is grave because it's set uid

Bug#350964: CVE-2006-0225, scponly shell command possible

On Wed, Feb 15, 2006 at 02:01:51PM +1100, Geoff Crompton wrote: > This bug has been closed for unstable (see bug 350964) with the 4.6 > upload, but will it be fixed for sarge? Please see DSA-969-1 released two days ago: http://www.us.debian.org/security/2006/dsa-969 Sarge is fixed. Ste

Bug#349555: komi - FTBFS: cannot find -lgp

On Wed, Jan 25, 2006 at 12:29:32PM +0100, Thierry Reding wrote: > * Bastian Blank wrote: > > Package: komi > > Version: 1.03-4 > > Severity: serious > > > > There was an error while trying to autobuild your package: > > > I've investigated this a bit, and it looks like the upstream Makefile lin

Bug#349283: tor: Tor security advisory: hidden services can be located quickly

On Sat, Jan 21, 2006 at 07:17:36PM -0500, Chris Howie wrote: > Package: tor > Version: 0.1.0.16-1 > Severity: grave > Tags: security > Justification: user security hole Tor isn't included in a Debian stable release, so no need for a DSA. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

Bug#346101: Strace log not being accepted

On Wed, Jan 11, 2006 at 03:46:19PM -0600, Bonilla, Alejandro wrote: > I have sent the strace of apachetop and the bug system is not letting it > in, maybe as an spam check? > > Here goes again attached. Cheers, got it. Looks like I tracked down the bug without this. See : http://lists.

Bug#347221: smstools: Format string attack in logging code

Package: smstools Version: 1.16-1+b1 Severity: grave Justification: user security hole Tags: security *** Please type your report below this line *** A DSA has just been released for smstools due to an insecure usage of syslog in the logging code. The following patch will correct the issue

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Fri, Dec 23, 2005 at 05:56:59PM +0100, Wouter van Heyst wrote: > > It looks good to me. I've built a package and if nobody has any > > objections I'll upload later today. > > No objections from me. Great I already uploaded the package ;) Steve -- -- To UNSUBSCRIBE, email to [EMAIL

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Fri, Dec 23, 2005 at 12:10:00AM +0100, Florian Ernst wrote: > Steve, btw, any news on CVE-2005-3302 aka bug#330895 (arbitrary code > execution when importing a .bvh file)? Last I heard you were going to > prepare an update unless anybody had an issue with the changes made, > yet I haven't heard

Bug#344398: CVE-2005-4470: Integer overhead in header parser for .blend import

On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote: > An integer overflow in the header parser for .blend files can potentially > be exploited to execute code through a heap overflow. Please see > http://www.overflow.pl/adv/blenderinteger.txt for details. > > This is CVE-2005-447

Bug#342550: firefox: Javascript, history.dat & DoS

On Thu, Dec 08, 2005 at 04:48:07PM +0200, Timo Poikola wrote: > Package: firefox > Version: 1.4.99+1.5rc3.dfsg-2 > Severity: grave > Tags: security > Justification: causes non-serious data loss > > http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt > > My ff does not cra

Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote: > To reproduce this bug: > > su root and then load firefox from the term. Then launch firefox from > another unrelated and normal user terminal. The newly launched firefox reads > root's > profile and gets root's rights. Isn't t

Bug#340079: insecure tempfiles

On Sun, Nov 20, 2005 at 08:17:17PM +0100, Uwe Zeisberger wrote: > Tags: security patch > With the attached patch applied, it uses mktemp for their creation. The patch is .. missing. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

On Wed, Nov 16, 2005 at 02:05:11PM +0100, Loic Minier wrote: > Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, > CVE-2005-2976 (not described in this report)? Ubuntu has released some > packages which might help . > Do you need the Gt

Bug#338312: osh: Environment Variable Input Validation Bug

On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote: > Due to a bug in the environment variable substitution code it is > possible to inject environment variables such as LD_PRELOAD and gain a > root shell. Confirmed. Joey we'll need an ID for it. I guess we need to use tw

Bug#328129: PATCH: The following patch fixes this issue

The following patch extracted from the SF.net discussion linked above fixes the issue for me. Steve -- --- xine-ui-0.99.3.orig/src/xitk/menus.c +++ xine-ui-0.99.3/src/xitk/menus.c @@ -425,8 +425,7 @@ int x, y; xitk_menu_widget_t menu; char buffer[20

Bug#335817: wordpress: SECURITY : Contains an insecure version of class.snoopy

Package: wordpress Version: 1.5.2-2 Severity: grave Justification: user security hole As described upon the following bugtraq post the class Snoopy which is included in wordpress potentially allows arbitary command execution. http://seclists.org/lists/fulldisclosure/2005/Oct/0536.html

Bug#335439: vncserver: passwords over 8 chars not handled correctly

On Sun, Oct 23, 2005 at 08:19:35PM -0400, Collin E Borrlewyn wrote: > vncserver lets me in without supplying the full password. > > To reproduce this: > start vncserver: vncserver :1 > whe prompted enter a password of eight or more characters > start xvncviewer and connect to :1 > when prompted e

Bug#333734: curl: Buffer overflow in NTLM authentication

On Thu, Oct 13, 2005 at 03:03:42PM +0200, Moritz Muehlenhoff wrote: > Package: curl > Version: 7.14.1-5 > Severity: grave > Tags: security > Justification: user security hole > > Another buffer overflow has been found in curl's NTLM authentication > code. (This one is different from CAN-2005-0490

Bug#333682: security problem within CDDB communication

On Thu, Oct 13, 2005 at 10:52:28AM +0200, Michal ??iha?? wrote: > xine announcement [1] is four day old, it says issue has been found by > Debian Security Audit Project, so I'd expect that Debian will have it > fixed also :-). We do. > Sorry if you're already working on this issue and I interr

Bug#327722: Patch for Gopher bug CAN-2005-2772

On Mon, Sep 26, 2005 at 09:23:16AM -0500, John Goerzen wrote: > > Attached are the patches that Joey (Schulze) approved. > > Can you (or Joey) comment: did you use a different patch because you > believe mine to be insecure, or for a different reason? (That's an > important question, since as

Bug#325769: Format string security hole in anon-proxy

Package: anon-proxy Version: 00.02.39-7 Severity: serious Tags: patch, upstream The logging code in anon-proxy contains a misuse of the syslog function allowing potential remote compromise of the host it is running upon. (This depends whether logging is enabled). The patch below fixes t

Bug#325135: maildrop: lockmail doesn't drop privileges

On Sat, Aug 27, 2005 at 07:03:55PM -0400, Andres Salomon wrote: > > Certainly. Once the advisory is out I can make an upload if Joy > > hasn't already made one. > > > > I can also do an upload; Joy already said I should comaintain, I've just > been waiting for racke to do a new courier uploa

Bug#325135: maildrop: lockmail doesn't drop privileges

On Sat, Aug 27, 2005 at 12:27:51PM +0200, Martin Schulze wrote: > Thanks a lot for the report. This is CAN-2005-2655. > > > The bug affects 1.5.3-1.1 sarge/etch/sid and 1.8.1-2 in experimental, > > and should be easy to fix: Just add setgid(getgid()) before the > > execvp(). I tested the attache

  1   2   >