Bug#770222: CVE request: icecast: possible leak of on-connect scripts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > It was reported that Icecast could possibly leak the contents of > on-connect scripts to clients, which may contain sensitive information. > This issue has been fixed in the 2.4.1 release: > "Fix on-connect and on-disconnect script STDIN/STDOUT/STDE

Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr

On Tue, 30 Dec 2014, Moritz Muehlenhoff wrote: On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote: Hello, A buffer overflow was reported [1] in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (discussion is at [1]; first fix in the GMP

Bug#768369: Stack smashing in libjpeg-turbo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 > > I created a minimal test case in around 200 lines. > > It uses a file with the intercepted scanlines of the calls to > jpeg_write_scanlines. > > Also the Exif marker is read from su

Bug#782561: Buffer overruns in Linux kernel RFC4106 implementation using AESNI

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Linux kernel commit ccfe8c3f7e52 ("crypto: aesni - fix memory usage in > GCM decryption") fixes two bugs in pointer arithmetic that lead to > buffer overruns (even with valid parameters!): > > https://git.kernel.org/linus/ccfe8c3f7e52ae83155cb038753

Bug#736969: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > suPHP 0.7.2 has been released. > This release fixes a security issue that was introduced with the 0.7.0 > release. This issue affected the source-highlighting feature and could > only be exploited, if the suPHP_PHPPath option was set. In this case >

Bug#731848: CVE Request: ack-grep: potential remote code execution via per-project .ackrc files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > This verison of ack prevents the --pager, --regex and --output > options from being used from project-level ackrc files. It is > possible to execute malicious code with these options Use CVE-2013-7069. - -- CVE assignment team, MITRE CVE Numberin

Bug#736066: A number of EncFS issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > https://defuse.ca/audits/encfs.htm > the last one sounds CVE worthy Use CVE-2014-3462 for that issue, i.e., 'The purpose of MAC headers is to prevent an attacker with read/write access to the ciphertext from being able to make changes without being

Bug#751417: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > According to the manual page, after calling it with 1 as a second > argument, any consecutive system calls other than read(), write(), > _exit() and sigreturn() should result in the delivery of SIGKILL. > However, under MIPS any consecutive system ca