Bug#386098: fluxbox: doesn't work properly with a borderless Eterm
Daniele Sempione wrote: Package: fluxbox Version: 0.9.14-1.2 Severity: normal I use eterm with these options: Eterm -O --shade 40 --font-fx none --buttonBar no --scrollBar no and everything works. if I add option -x to Eterm because I want it to be borderless .. Eterm -x -O --shade 40 --font-fx none --buttonBar no --scrollBar no it doesn't appear on the toolbar, the created console can't be selected if other windows are open. if it's the only window I can type within it, but I can't move it (with the Move command binded to keys). even if a run only -x option (Eterm -x) the effect is the same. other windows are all ok. Cheers, Daniele -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.3 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages fluxbox depends on: ii libc62.3.6.ds1-4 GNU C Library: Shared libraries ii libfontconfig1 2.3.2-7 generic font configuration library ii libgcc1 1:4.1.1-11 GCC support library ii libice6 1:1.0.0-3 X11 Inter-Client Exchange library ii libsm6 1:1.0.0-4 X11 Session Management library ii libstdc++6 4.1.1-11The GNU Standard C++ Library v3 ii libx11-6 2:1.0.0-8 X11 client-side library ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxpm4 1:3.5.4.2-3 X11 pixmap library ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra ii menu 2.1.29 generates programs menu for all me fluxbox recommends no packages. -- no debconf information I tested that and you are right. I forward this to fluxbox -community. -- Henri Salo | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#386098: [Fluxbox-users] Bug#386098: fluxbox: doesn't work properly with a borderless Eterm
Pierrick Brossin wrote: On Tue, Sep 05, 2006 at 01:30:34PM +0300, Henri Salo wrote: if I add option -x to Eterm because I want it to be borderless .. Eterm -x -O --shade 40 --font-fx none --buttonBar no --scrollBar no it doesn't appear on the toolbar, [..] I tested that and you are right. I forward this to fluxbox -community. What's the difference between -x and :ToggleDecor ? The question is kind of stupid actually. I may have the answer :) Eterm's guys decided to add a -x option to not draw the border while :ToggleDecor works for any apps and is wm based. Maybe -x should be handled (fluxbox should see it has been ran borderless) but isnt the correct way to do :ToggleDecor ? -Pierrick Brossin Maybe that is the 'correct' and easiest way, but still that bug need to be fixed in my opinion. -- Henri Salo | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#719811: comment
Useful software. We already do have http://packages.debian.org/wheezy/python-ply which is dependency. I can help maintaining this package. --- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#734107: web2ldap: CVE-2013-7258: XSS vulnerability in displaying group DN and entry data in group administration UI
Package: web2ldap Version: 1.1.43~dfsg-1 Severity: important Tags: security, fixed-upstream http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7258 http://www.web2ldap.de/changes-1.1.html http://secunia.com/advisories/56160 Please import new upstream version to unstable, thanks. --- Henri Salo signature.asc Description: Digital signature
Bug#734647: update
Could not reproduce with upstream version 2014.02.13 (SHA1: d406caf93792a2c7378a691bf108df96b5012c11), which might be plausible solution. signature.asc Description: Digital signature
Bug#739229: arora: Supports insecure SSL ciphers
Package: arora Version: 0.11.0-1 Severity: important Tags: security Arora is using insecure SSL ciphers. Please consider disabling following: TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Good checker: https://www.ssllabs.com/ssltest/viewMyClient.html -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages arora depends on: ii libc6 2.17-97 ii libgcc1 1:4.8.2-15 ii libqt4-network 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-script 4:4.8.5+git209-g718fae5+dfsg-1 ii libqt4-sql 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtcore4 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtgui4 4:4.8.5+git209-g718fae5+dfsg-1 ii libqtwebkit42.2.1-7 ii libstdc++6 4.8.2-15 arora recommends no packages. arora suggests no packages. -- no debconf information signature.asc Description: Digital signature
Bug#711692: status
This bug needs more information. What URL were you browsing and/or what Arora functionality did you use at the time of that error? signature.asc Description: Digital signature
Bug#737048: udd: import CVE identifiers from secure-testing SVN
On Wed, Jan 29, 2014 at 06:58:28PM +0100, Helmut Grohne wrote: > * Is a given CVE identifier an NFU? And why? > * Which packages are associated with a given CVE identifier? > * Which bugs are associated with a given CVE identifier? > (*) Which version of a given package was a given CVE identifier fixed > in? Questions are currently answered in Debian security tracker[1]. Maybe same code/logic can be used in other services and interfaces too. Please let me know if I can assist creating better UDD. 1: https://security-tracker.debian.org/tracker/ --- Henri Salo signature.asc Description: Digital signature
Bug#738647: jansson: CVE-2013-6401: hash collision issue
Package: jansson Version: 2.5-2 Severity: important Tags: security, fixed-upstream Original report: http://www.openwall.com/lists/oss-security/2014/02/11/7 Fixed in: https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4 https://github.com/akheron/jansson/commit/42016a35c8907e477be73b0b5d06cc09af231ee4 --- Henri Salo signature.asc Description: Digital signature
Bug#731999: typo3-src: TYPO3-CORE-SA-2013-004
Package: typo3-src Version: 4.5.30+dfsg1-2 Severity: important Tags: fixed-upstream, security Following vulnerabilities was published for TYPO3 and a bit special issue also fixed at the same time. http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001/ CVE request http://www.openwall.com/lists/oss-security/2013/12/11/5 Please use following CVEs in changelog: CVE-2013-7073 CVE-2013-7074 CVE-2013-7075 CVE-2013-7076 CVE-2013-7077 CVE-2013-7078 CVE-2013-7079 CVE-2013-7080 CVE-2013-7081 CVE-2013-7082 I'm happy to help if there is any questions about these issues. --- Henri Salo signature.asc Description: Digital signature
Bug#726934: questions
How is this security related and why severity is serious? --- Henri Salo signature.asc Description: Digital signature
Bug#726936: more information needed
What do you mean by this bug report? Please provide more information. --- Henri Salo signature.asc Description: Digital signature
Bug#727094: tritium: Usage not available
Package: tritium Version: 0.3.8-2 Severity: normal user@unstable:~$ tritium -h Traceback (most recent call last): File "/usr/bin/tritium", line 170, in usage() NameError: name 'usage' is not defined Also the man page does not help at all. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.11-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tritium depends on: ii python 2.7.5-5 ii python-contract 1.4-3 ii python-plwm 2.6a+20080530-1.1 ii python-support 1.0.15 ii python-xlib 0.14+20091101-1 tritium recommends no packages. tritium suggests no packages. -- no debconf information signature.asc Description: Digital signature
Bug#727067: details
Verified in sid. In wheezy nasty tries to find the password, but I believe = this program does not work as intented. Some test cases in wheezy below. Run: nasty -m file -i input -f output Result: does not find the password at all even it is in the input file. Run: nasty -a 8 -b 8 -m incremental -f output Result: # tried: 11985 (499.375000 per second), last tried: T # tried: 13512 (500.44 per second), last tried: g[ # tried: 15042 (501.40 per second), last tried: Ab # tried: 16572 (502.181818 per second), last tried: =FBh # tried: 28770 (504.736842 per second), last tried:=20 # tried: 30303 (505.05 per second), last tried: ^=A6 Does not find password this way. Also note that it does not try for eight characters and I'm not sure if that one was space or empty password. With very weak password nasty prints only this without password: """ nasty v0.6, (C) 2005 by folk...@vanheusden.com Passphrase is:=20 """ You might want to use Python + paramiko to bruteforce the password. --- Henri Salo signature.asc Description: Digital signature
Bug#727067: status
I did something wrong when emailing this and my email client added for example "=20", which was not originally there. I have not yet found solution for this issue. In my enviroments the program does not work at all. I don't know if it did before. I built this also from upstream package and I noticed all the same problems. --- Henri Salo signature.asc Description: Digital signature
Bug#735880: cxxtools: denial of service issue
Package: cxxtools Version: 2.2-1 Severity: important Tags: security, fixed-upstream Description: By sending a crafted HTTP query parameter containing two percent signs in a row, URL parsing would enter an infinite recursive loop, leading to a crash. This allows a remote attacker to DOS the server. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown Reported by: Julian Wiesener CVE request: http://www.openwall.com/lists/oss-security/2014/01/18/5 --- Henri Salo signature.asc Description: Digital signature
Bug#735881: tntnet: denial of service issue
Package: tntnet Version: 2.2-3 Severity: important Tags: security, fixed-upstream Description: By sending a crafted HTTP request that uses "\n" to end its headers instead of the expected "\r\n", it is possible that headers from a previous unrelated request will seemingly be appended to the crafted request (due to a missing null termination). This allows a remote attacker to use sensitive headers from other users' requests in their own requests, such as cookies or HTTP authentication credentials. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/tntnet/commit/9bd3b14042e12d84f39ea9f55731705ba516f525 and https://github.com/maekitalo/tntnet/commit/9d1a859e28b78bfbf769689454b529ac7709dee4 Release notes: http://www.tntnet.org/download/tntnet-2.2.1/Releasenotes-2.2.1.markdown Reported by: Matthew Daley CVE request: http://www.openwall.com/lists/oss-security/2014/01/18/5 --- Henri Salo signature.asc Description: Digital signature
Bug#728235: info
Confirmed. Maintainer do you know reason for this already or do you need help? --- Henri Salo signature.asc Description: Digital signature
Bug#730254: xen: CVE-2013-6375: Insufficient TLB flushing in VT-d (iommu) code
Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, patch, fixed-upstream http://www.openwall.com/lists/oss-security/2013/11/21/2 Description: An inverted boolean parameter resulted in TLB flushes not happening upon clearing of a present translation table entry. Retaining stale TLB entries could allow guests access to memory that ought to have been revoked, or grant greater access than intended. Impact: Malicious guest administrators might be able to cause host-wide denial of service, or escalate their privilege to that of the host. Patch attached. Please patch this security vulnerability, thanks. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash VT-d: fix TLB flushing in dma_pte_clear_one() The third parameter of __intel_iommu_iotlb_flush() is to indicate whether the to be flushed entry was a present one. A few lines before, we bailed if !dma_pte_present(*pte), so there's no need to check the flag here again - we can simply always pass TRUE here. This is CVE-2013-6375 / XSA-78. Suggested-by: Cheng Yueqiang Signed-off-by: Jan Beulich --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); if ( !this_cpu(iommu_dont_flush_iotlb) ) -__intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1); +__intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1); unmap_vtd_domain_page(page); signature.asc Description: Digital signature
Bug#725876: update
Also reported in https://bugzilla.novell.com/show_bug.cgi?id=852368 --- Henri Salo signature.asc Description: Digital signature
Bug#730752: horizon: CVE-2013-6406: persistent XSS vulnerability
Package: horizon Version: 2013.2-1 Severity: normal Tags: security, fixed-upstream Chris Chapman of Cisco PSIRT reports: The OpenStack web user interface (horizon) is vulnerable to XSS: While launching (or editing) an instance, injecting
Bug#731035: info
I can help maintain this package (I'm not a Debian Developer yet). I have already been using these scripts with x220t device. --- Henri Salo signature.asc Description: Digital signature
Bug#751867: CVE-2014-3973: frontaccounting: multiple SQL injection vulnerabilities
Package: frontaccounting Version: 2.2.10-3.1 Severity: important Tags: security, fixed-upstream Multiple SQL injection vulnerabilities in FrontAccounting has been fixed in 2.3.21 version. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3973 http://sourceforge.net/p/frontaccounting/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php Please use CVE in changelog. I'm happy to help in case you need PoC / reproduce or some other help. --- Henri Salo signature.asc Description: Digital signature
Bug#751894: update
Sorry I made copypaste mistake with version numbers. I haven't checked other versions than sid. I can check others if needed. signature.asc Description: Digital signature
Bug#751894: xen: CVE-2014-4021 / XSA-100
Package: xen Version: 4.0.1-5.11 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6 Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch --- Henri Salo signature.asc Description: Digital signature
Bug#751902: duplicity: CVE-2014-3495: improper verification of SSL certificates
Package: duplicity Version: 0.6.24-1 Severity: important Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=110 Eric Christensen of Red Hat Product Security reported [1] that Duplicity did not handle wildcard certificates properly. If Duplicity were to connect to a remote host that used a wildcard certificate, and the hostname does not match the wildcard, it would still consider the connection valid. 1: https://bugs.launchpad.net/duplicity/+bug/1314234 I have no access to that bug item, but I can contact upstream if needed. --- Henri Salo signature.asc Description: Digital signature
Bug#751910: zabbix: CVE-2014-3005: local file inclusion via XXE
Package: zabbix
Version: 1:2.2.3+dfsg-1
Severity: grave
Tags: security
Advisory: http://seclists.org/fulldisclosure/2014/Jun/87
Below might be the fix, but please verify.
---
Henri Salo
svn diff -r46596:46600
Index: frontends/php/include/defines.inc.php
===
--- frontends/php/include/defines.inc.php (revision 46596)
+++ frontends/php/include/defines.inc.php (revision 46600)
@@ -835,6 +835,9 @@
define('ZBX_DEFAULT_IMPORT_HOST_GROUP', 'Imported hosts');
+// XML import flags
+define('LIBXML_IMPORT_FLAGS', LIBXML_NONET);
+
// API errors
define('ZBX_API_ERROR_INTERNAL', 111);
define('ZBX_API_ERROR_PARAMETERS', 100);
Index: frontends/php/include/classes/import/readers/CXmlImportReader.php
===
--- frontends/php/include/classes/import/readers/CXmlImportReader.php
(revision 46596)
+++ frontends/php/include/classes/import/readers/CXmlImportReader.php
(revision 46600)
@@ -32,7 +32,8 @@
*/
public function read($string) {
libxml_use_internal_errors(true);
- $result = simplexml_load_string($string);
+ libxml_disable_entity_loader(true);
+ $result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS);
if (!$result) {
$errors = libxml_get_errors();
libxml_clear_errors();
Index: frontends/php/include/classes/import/CXmlImport18.php
===
--- frontends/php/include/classes/import/CXmlImport18.php (revision 46596)
+++ frontends/php/include/classes/import/CXmlImport18.php (revision 46600)
@@ -390,12 +390,13 @@
return $array;
}
- public static function import($file) {
+ public static function import($source) {
libxml_use_internal_errors(true);
+ libxml_disable_entity_loader(true);
$xml = new DOMDocument();
- if (!$xml->loadXML($file)) {
+ if (!$xml->loadXML($source, LIBXML_IMPORT_FLAGS)) {
$text = '';
foreach (libxml_get_errors() as $error) {
switch ($error->level) {
signature.asc
Description: Digital signature
Bug#751940: update
Do you have any more information about this? It is quite hard to fix security vulnerability without any details. --- Henri Salo signature.asc Description: Digital signature
Bug#751910: update
Upstream bug report: https://support.zabbix.com/browse/ZBX-8151 signature.asc Description: Digital signature
Bug#751946: CVE-2014-4165: ntop: XSS in rrdPlugin
Package: ntop Version: 3:5.0.1+dfsg1-2 Severity: normal Tags: security Original advisory: http://packetstormsecurity.com/files/127043/ntop-xss.txt PoC: http://127.0.0.1:3000/plugins/rrdPlugin?action=list&key=interfaces/eth0&title=interface%20eth0%3C/title%3E%3Cmarquee%3E --- Henri Salo signature.asc Description: Digital signature
Bug#751902: update
From Vincent Danen: """ Indeed it is. I don't know why it still is. We had communicated quite clearly that we didn't want to sit on this forever and had a deadline that we missed twice I think. When this bug was filed public, I let them know so I'm not sure why they've not opened it up yet.""" RedHat issue tracker has enough information to understand this security issue. If you want I can contact upstream too. --- Henri Salo signature.asc Description: Digital signature
Bug#751902: update
I contacted upstream. Reference URL is now open. signature.asc Description: Digital signature
Bug#752622: mediawiki: 1.19.17 fixes security vulnerabilities
Package: mediawiki Version: 1:1.19.16+dfsg-1 Severity: important Tags: security, fixed-upstream From mediawiki-announce mailing list: Subject: Pre-release announcement for MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 """ this is a notice that on Wednesday, June 25th, between 20:00-22:00 UTC we will release security and maintenance updates for all current and supported branches of the MediaWiki software. Downloads and patches will be available at that time. """ I don't yet have CVEs for these issues. --- Henri Salo signature.asc Description: Digital signature
Bug#744017: elfutils: CVE-2014-0172: Heap-based buffer overflow in libdw/elfutils
Package: elfutils Version: 0.157-3 Severity: important Tags: security, fixed-upstream Details: http://www.openwall.com/lists/oss-security/2014/04/09/12 Contact me in case I can help somehow. --- Henri Salo signature.asc Description: Digital signature
Bug#732087: status
Confirmed. Package is not in testing anymore. signature.asc Description: Digital signature
Bug#745595: wireshark: CVE-2014-2907: RTP dissector crash
Package: wireshark Version: 1.10.6-1 Severity: important Tags: security, fixed-upstream http://www.wireshark.org/security/wnpa-sec-2014-06.html signature.asc Description: Digital signature
Bug#745619: dompdf: CVE-2014-2383: arbitrary file read
Package: php-dompdf
Version: 0.6.0~beta3+dfsg0-1
Severity: normal
Tags: security, fixed-upstream
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
https://github.com/dompdf/dompdf/releases
User is in risk if he/she has enabled DOMPDF_ENABLE_REMOTE in
dompdf_config.inc.php, which is not recommended:
271 /**
272 * Enable remote file access
273 *
274 * If this setting is set to true, DOMPDF will access remote sites for
275 * images and CSS files as required.
276 * This is required for part of test case www/test/image_variants.html
through www/examples.php
277 *
278 * Attention!
279 * This can be a security risk, in particular in combination with
DOMPDF_ENABLE_PHP and
280 * allowing remote access to dompdf.php or on allowing remote html code to
be passed to
281 * $dompdf = new DOMPDF(); $dompdf->load_html(...);
282 * This allows anonymous users to download legally doubtful internet
content which on
283 * tracing back appears to being downloaded by your server, or allows
malicious php code
284 * in remote html pages to be executed by your server with your account
privileges.
285 *
286 * @var bool
287 */
288 def("DOMPDF_ENABLE_REMOTE", false);
Fixed in 0.6.1 release. I reproduced this issue and the PDF output file did
include only 90 characters (no line breaks). Low priority issue.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php-dompdf depends on:
ii fonts-dejavu 2.34-1
ii php-font-lib 0~20120210+dfsg-1
ii php5 5.5.11+dfsg-3
ii php5-cli 5.5.11+dfsg-3
ii sdop 0.80-1
php-dompdf recommends no packages.
Versions of packages php-dompdf suggests:
pn php-tcpdf
ii php5-cli 5.5.11+dfsg-3
pn php5-gd
-- no debconf information
signature.asc
Description: Digital signature
Bug#742695: status
Hello Mones, If you need help to fix this issue please contact me (I kept the unofficial repos for a while years ago). --- Henri Salo signature.asc Description: Digital signature
Bug#742857: mediawiki: login CSRF in Special:ChangePassword
Package: mediawiki Version: 1:1.19.13+dfsg-1 Severity: important Tags: security, fixed-upstream https://bugzilla.wikimedia.org/show_bug.cgi?id=62497 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html Patch: https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php CVE request: http://www.openwall.com/lists/oss-security/2014/03/28/1 I have not verified this issue and I have not tested this in stable. Please ask if you need help. --- Henri Salo signature.asc Description: Digital signature
Bug#743033: vlc: CVE-2014-1684: crafted ASF file handling integer divide-by-zero DoS
Package: vlc Version: 2.1.2-2 Severity: important Tags: security, fixed-upstream Patch available: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404 --- Henri Salo signature.asc Description: Digital signature
Bug#746738: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks
Source: linux Version: 3.14.2-1 Severity: important Tags: security, fixed-upstream Please see for details: http://www.openwall.com/lists/oss-security/2014/04/22/11 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=78541c1dc60b65ecfce5a6a096fc260219d6784e -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash signature.asc Description: Digital signature
Bug#513536: status
What is the status with these issues in version currently in unstable? "It creates temporary files insecurely" are handled in different bug report so no need to comment about it :) --- Henri Salo signature.asc Description: Digital signature
Bug#747166: CVE-2014-0196: pty layer race condition memory corruption
Package: linux Version: 3.14.2-1 Severity: grave Tags: security Crashes kernel from userland. Also works in linux-headers-3.2.0-4-amd64 PoC: http://pastebin.com/yTSFUBgZ More information: http://www.openwall.com/lists/oss-security/2014/05/05/6 https://bugzilla.novell.com/show_bug.cgi?id=875690 --- Henri Salo signature.asc Description: Digital signature
Bug#747280: python-soappy: CVE-2014-3242/CVE-2014-3243
Package: python-soappy Version: 0.12.0-4 Severity: important Tags: security References: http://www.openwall.com/lists/oss-security/2014/05/06/1 http://www.pnigos.com/?p=260 Please contact me in case you need help with testing etc. --- Henri Salo signature.asc Description: Digital signature
Bug#748824: CVE-2014-3801: heat: User's provider templates show up in listing of resource types globally across tenants
Package: heat Version: 2014.1-3 Severity: important Tags: security Please see for details: https://launchpad.net/bugs/1311223 --- Henri Salo signature.asc Description: Digital signature
Bug#749585: freerdp: CVE-2014-0250: integer overflows in xf_graphics.c
Package: freerdp
Version: 1.0.2-4
Severity: important
Tags: security
Advisory: https://github.com/FreeRDP/FreeRDP/issues/1871
Potentially related: https://github.com/FreeRDP/FreeRDP/issues/1657
"""
client/X11/xf_graphics.c:xf_Pointer_New() performs a heap allocation this way:
void xf_Pointer_New(rdpContext* context, rdpPointer* pointer)
{
XcursorImage ci;
[…]
ci.width = pointer->width;
ci.height = pointer->height;
[…]
ci.pixels = (XcursorPixel*) malloc(ci.width * ci.height * 4);
The width and height members are read from the wire. Both are 16 bit, but
because of the multiplication with 4, the allocation still overflows (on 32 bit
and 64 bit).
xf_Bitmap_Decompress() appears to have a similar issue.
"""
---
Henri Salo
signature.asc
Description: Digital signature
Bug#749840: CVE-2013-4159: ctdb: temporary file vulnerabilities
Package: ctdb Version: 2.5.3+debian0-1 Severity: normal Tags: security http://www.openwall.com/lists/oss-security/2014/05/29/12 http://wiki.samba.org/index.php/CTDB2releaseNotes https://bugzilla.redhat.com/show_bug.cgi?id=986773 It might be that these have been already fixed in Debian packages. Feel free to contact me in case you need any help. --- Henri Salo signature.asc Description: Digital signature
Bug#749840: CVE-2013-4159
On Fri, May 30, 2014 at 11:59:13AM +0200, Mathieu Parent wrote: > Does this needs to be fixed in wheezy too? Insecure temporary file vulnerabilities don't usually get DSA. But in case you patch it in wheezy maybe it can be released via stable proposed updates so it will be fixed in next stable release. --- Henri Salo signature.asc Description: Digital signature
Bug#750527: mediawiki: Javascript inject by anonymous users on private wikis with $wgRawHtml enabled
Package: mediawiki Version: 1:1.19.15+dfsg-2 Severity: normal Tags: security, fixed-upstream Needs wgRawHTML enabled so this may not be easy to exploit and might not be affected by default. Details of the issue: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501 CVE request: http://www.openwall.com/lists/oss-security/2014/06/03/7 --- Henri Salo signature.asc Description: Digital signature
Bug#425775: update
Do you still have this issue with version 2.2.2-1? --- Henri Salo signature.asc Description: Digital signature
Bug#747326: CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlocking
Package: linux Version: 3.14.2-1 Severity: important Tags: security, fixed-upstream Introduced by https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233 Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1) --- Henri Salo signature.asc Description: Digital signature
Bug#747549: CVE-2014-3430: Denial of service vulnerability
Package: dovecot Version: 1:2.2.12-3 Severity: important Tags: security, fixed-upstream http://permalink.gmane.org/gmane.mail.imap.dovecot/77499 --- Henri Salo signature.asc Description: Digital signature
Bug#742059: nginx: CVE-2014-0133: SPDY heap buffer overflow
Source: nginx Version: 1.4.6-1 Severity: grave Tags: security, fixed-upstream http://nginx.org/en/security_advisories.html http://nginx.org/download/patch.2014.spdy2.txt Not vulnerable: 1.5.12+, 1.4.7+ Vulnerable: 1.3.15-1.5.11 --- Henri Salo signature.asc Description: Digital signature
Bug#698490: CVE needed?
Hello, Does this issue have CVE-identifier? I am happy to request one if there isn't one yet. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698490: CVE
CVE request http://www.openwall.com/lists/oss-security/2013/01/22/8 -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698916: wordpress: multiple vulnerabilities fixed in 3.5.1
Package: wordpress Version: 3.5+dfsg-1 Severity: important http://wordpress.org/news/2013/01/wordpress-3-5-1/ - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. - Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. - A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698916: update
I have manually verified this issue with https://github.com/FireFart/WordpressPingbackPortScanner -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698927: update
Checked source code of squeeze and sid. Both affected. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698934: wordpress: CVE-2012-3414: README suggest downloading swfupload.swf with XSS vulnerability
Package: wordpress
Version: 3.3.2+dfsg-1~squeeze1
Severity: important
Tags: security
File /usr/share/doc/wordpress/README.Debian says:
"""
If you want to enable this feature, you need to install the
Flash file yourself with the following command:
# wget -O /usr/share/wordpress/wp-includes/js/swfupload/swfupload.swf
http://core.svn.wordpress.org/branches/3.0/wp-includes/js/swfupload/swfupload.swf
"""
After that XSS vulnerability is available for example in this URL:
http://example.com/wp-includes/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('horse');//
Easy fix: remove those lines and say that "Your lovely Debian server doesn't
need flash-files." ;)
As far as I know first advisory for this issue is in here:
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
More information: http://osvdb.org/83413
--
Henri Salo
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wordpress depends on:
ii apache2 2.2.16-6+squeeze10 Apache HTTP Server metapackage
ii apache2-mpm-prefork [ 2.2.16-6+squeeze10 Apache HTTP Server - traditional n
ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti
ii libjs-cropper 1.2.1-2JavaScript image cropper UI
ii libjs-prototype 1.6.1-1JavaScript Framework for dynamic w
ii libjs-scriptaculous 1.8.3-1JavaScript library for dynamic web
ii libphp-phpmailer 5.1-1 full featured email transfer class
ii libphp-snoopy 1.2.4-2Snoopy is a PHP class that simulat
ii mysql-client-5.1 [mys 5.1.66-0+squeeze1 MySQL database client binaries
ii php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti
ii php5-gd 5.3.3-7+squeeze14 GD module for php5
ii php5-mysql5.3.3-7+squeeze14 MySQL module for php5
Versions of packages wordpress recommends:
ii wordpress-l10n 3.3.2+dfsg-1~squeeze1 weblog manager - language files
Versions of packages wordpress suggests:
ii mysql-server-5.1 [mysq 5.1.66-0+squeeze1 MySQL database server binaries and
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697092: charybdis: CVE-2012-6084: remote denial of service
Package: charybdis Version: 3.3.0-7 Severity: important Tags: security Advisory: http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt CVE-requests http://www.openwall.com/lists/oss-security/2013/01/01/1 http://www.openwall.com/lists/oss-security/2013/01/01/2 Patch: https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697093: ircd-ratbox: CVE-2012-6084: remote denial of service
Package: ircd-ratbox Version: 3.0.7.dfsg-2 Severity: important Tags: security Advisory: http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt CVE-requests http://www.openwall.com/lists/oss-security/2013/01/01/1 http://www.openwall.com/lists/oss-security/2013/01/01/2 Patch: https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697102: sqlite: Segmentation fault
Package: sqlite
Version: 2.8.17-6
Severity: normal
I have following code:
"""
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sqlite
print('Sqlite module version: %s' % sqlite.version)
conn = sqlite.connect('test.db')
connection = conn.cursor()
arg = 'foo'
connection.execute('insert into test (id, arg, arg3) values (1, arg=:arg)',
{"arg": arg})
conn.commit()
"""
My Python is 2.6.6-8+b1 (/usr/bin/python -V -> Python 2.6.6)
fgeek@example:~/pythontest$ /usr/bin/python sqlitefail.py
Sqlite module version: 1.0.1
Segmentation fault
Trace:
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
31 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
in ../sysdeps/x86_64/multiarch/../strlen.S
Current language: auto
The current source language is "auto; currently asm".
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1 0x76425de5 in sqliteSetNString () from /usr/lib/libsqlite.so.0
#2 0x7642339a in sqliteRunParser () from /usr/lib/libsqlite.so.0
#3 0x76413c8a in sqlite_compile () from /usr/lib/libsqlite.so.0
#4 0x76413f33 in sqlite_exec () from /usr/lib/libsqlite.so.0
#5 0x76651e86 in ?? () from /usr/lib/python2.6/dist-packages/_sqlite.so
#6 0x004a7ba5 in call_function (f=
Frame 0x97c950, for file /usr/lib/python2.6/dist-packages/sqlite/main.py,
line 255, in execute (self=, _real_rowcount=0,
current_recnum=-1, rowcount=-1, arraysize=1, closed=None, con=) at remote 0x77edb9e0>, SQL='insert into test (id,
arg, arg3) values (1, arg=:arg)', parms={'arg': "'foo'"}), throwflag=) at ../Python/ceval.c:3750
#7 PyEval_EvalFrameEx (f=
Frame 0x97c950, for file /usr/lib/python2.6/dist-packages/sqlite/main.py,
line 255, in execute (self=, _real_rowcount=0,
current_recnum=-1, rowcount=-1, arraysize=1, closed=None, con=) at remote 0x77edb9e0>, SQL='insert into test (id,
arg, arg3) values (1, arg=:arg)', parms={'arg': "'foo'"}), throwflag=) at ../Python/ceval.c:2412
#8 0x004a95c1 in PyEval_EvalCodeEx (co=0x77f09eb8, globals=, locals=,
args=0x2, argcount=, kws=,
kwcount=0, defs=0x0, defcount=0, closure=0x0)
at ../Python/ceval.c:3000
#9 0x004a7752 in fast_function (f=Frame 0x91ba40, for file
sqlitefail.py, line 11, in (),
throwflag=) at ../Python/ceval.c:3846
#10 call_function (f=Frame 0x91ba40, for file sqlitefail.py, line 11, in
(), throwflag=)
at ../Python/ceval.c:3771
#11 PyEval_EvalFrameEx (f=Frame 0x91ba40, for file sqlitefail.py, line 11, in
(), throwflag=)
at ../Python/ceval.c:2412
#12 0x004a95c1 in PyEval_EvalCodeEx (co=0x77efc7b0, globals=, locals=,
args=0x0, argcount=, kws=,
kwcount=0, defs=0x0, defcount=0, closure=0x0)
at ../Python/ceval.c:3000
#13 0x004a9692 in PyEval_EvalCode (co=0x7fff, globals=, locals=
) at ../Python/ceval.c:541
#14 0x004c98be in run_mod (fp=,
filename=0x7fffe7f1 "sqlitefail.py",
start=, globals=, locals=, closeit=1, flags=0x7fffe470)
at ../Python/pythonrun.c:1351
#15 PyRun_FileExFlags (fp=, filename=0x7fffe7f1
"sqlitefail.py", start=,
globals=, locals=, closeit=1,
flags=0x7fffe470)
at ../Python/pythonrun.c:1337
---Type to continue, or q to quit---
#16 0x004c9ad4 in PyRun_SimpleFileExFlags (fp=,
filename=0x7fffe7f1 "sqlitefail.py",
closeit=1, flags=0x7fffe470) at ../Python/pythonrun.c:941
#17 0x0041a6bd in Py_Main (argc=-134897504, argv=)
at ../Modules/main.c:577
#18 0x769e9c8d in __libc_start_main (main=,
argc=,
ubp_av=, init=, fini=, rtld_fini=,
stack_end=0x7fffe588) at libc-start.c:228
#19 0x004198d9 in _start ()
Even with wrong syntax or error states sqlite-module should not segfault. If I
import sqlite3 version 2.4.1 it only gives sqlite3.OperationalError: no such
table: test
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sqlite depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libreadline6 6.1-3 GNU readline and history libraries
ii libsqlite02.8.17-6 SQLite shared library
sqlite recommends no packages.
Versions of packages sqlite suggests:
ii sqlite-doc2.8.17-6 SQLite documentation
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697102: more info
So it also crashes with: connection.execute('insert into test (id, arg) values
(1, arg=:arg)', {"arg": arg})
It does not matter if there is a working database or not. I used empty file in
the example.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697443: zabbix: CVE-2012-6086: insecure curl usage
Package: zabbix Version: 1:2.0.2+dfsg-4 Severity: important Tags: security Please see: https://support.zabbix.com/browse/ZBX-5924 zabbix-2.0.2/src/libs/zbxmedia/eztexting.c is still using curl insecure way. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#697722: rails: CVE-2013-0156: Multiple vulnerabilities in parameter parsing in Action Pack
Package: rails Version: 2:2.3.14.2 Severity: grave Tags: security http://www.openwall.com/lists/oss-security/2013/01/08/14 https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion """ Multiple vulnerabilities in parameter parsing in Action Pack There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. This vulnerability has been assigned the CVE identifier CVE-2013-0156. Versions Affected: ALL versions Not affected: NONE Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15 """ This probably affects squeeze and wheezy too. Please contact me in case you need any help! - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696184: fail2ban: CVE-2012-5642: input variable quoting flaw on content
Package: fail2ban Version: 0.8.6-3 Severity: important Information from CVE request: http://www.openwall.com/lists/oss-security/2012/12/17/1 The release notes for fail2ban 0.8.8 indicate: * [83109bc] IMPORTANT: escape the content of (if used in custom action files) since its value could contain arbitrary symbols. Thanks for discovery go to the NBS System security team This could cause issues on the system running fail2ban as it scans log files, depending on what content is matched. There isn't much more detail about this issue than what is described above, so I think it may largely depend on the type of regexp used (what it matches) and the contents of the log file being scanned (whether or not an attacher could insert something that could be used in a malicious way). References: https://raw.github.com/fail2ban/fail2ban/master/ChangeLog http://sourceforge.net/mailarchive/message.php?msg_id=30193056 https://github.com/fail2ban/fail2ban/commit/83109bc https://bugzilla.redhat.com/show_bug.cgi?id=887914 https://bugs.gentoo.org/show_bug.cgi?id=447572 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696329: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Package: lemonldap-ng Version: 1.2.2-2 Severity: important Tags: security Description: Due to a bad use of Lasso library, SAML signatures are never checked, even if we force signature check. Anyone using SAML binding in LemonLDAP::NG should apply it quick and upgrade to 1.2.3 as soon as it will be released. Bug: http://jira.ow2.org/browse/LEMONLDAP-570 Patch: http://jira.ow2.org/secure/attachment/11153/lemonldap-ng-saml-signature-verification.patch CVE request http://www.openwall.com/lists/oss-security/2012/12/19/6 Checked from code that this is not yet patched in unstable. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696868: wordpress: CVE-2012-5868: wordpress_sec session cookie security vulnerability
Package: wordpress Version: 3.4.2+dfsg-1 Severity: important Tags: security Overview: WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack. CVSS Severity (version 2.0): CVSS v2 Base Score:2.6 (LOW) (AV:N/AC:H/Au:N/C:P/I:N/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 4.9 CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: High Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout Please email me in case you need my help. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696868: Questions about CVE-2012-5868
Hello, I read about vulnerability CVE-2012-5868[1], which is listed also in OSVDB[2]. Is this fixed in WordPress 3.5? I also created a bug-report for Debian issue tracker[3]. Is there a patch available to fix this issue? 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5868 2: http://osvdb.org/88611 3: http://bugs.debian.org/696868 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696868: wordpress: CVE-2012-5868: wordpress_sec session cookie security vulnerability
On Fri, Dec 28, 2012 at 06:39:20PM +0100, Raphael Hertzog wrote: > Does this apply to Wordpress 3.5 also ? Don't know yet. Trying to find out. > If yes, do you know of any patch ? Not yet. > Where has this been submitted upstream ? Don't know. I only have CVE and http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696948: moin: remote code execution vulnerability
Package: moin Version: 1.9.5-2 Severity: important Tags: security Details can be found at: http://moinmo.in/SecurityFixes A fix is available at: http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f CVE request: http://www.openwall.com/lists/oss-security/2012/12/29/6 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#696949: moin: path traversal vulnerability
Package: moin Version: 1.9.5-2 Severity: important Tags: security Details can be found at: http://moinmo.in/SecurityFixes A fix is available at: http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 CVE request: http://www.openwall.com/lists/oss-security/2012/12/29/8 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#675379: CVE-request
CVE-request for this issue in here: http://www.openwall.com/lists/oss-security/2012/10/05/6 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680034: testing
I haven't previously used this package but I am happy to test this after upload. I hope new upload also fixed open security issues. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#672880: CVE-2012-2132: does not indicate whether or not an SSL certificate is valid
On Wed, Oct 10, 2012 at 08:13:15AM +0200, Yves-Alexis Perez wrote: > Henri, did you actually check? Because, here, loading an https website > with a CA not recognized correctly turns the url bar to red. Yes I tested Midori package in squeeze: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672880#25 I can test other packages as well if needed. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#690118: CVE-2012-5166: Specially crafted DNS data can cause a lockup in named
Package: bind9 Version: 1:9.7.3.dfsg-1~squeeze7 Severity: important Tags: security References: https://www.isc.org/software/bind/advisories/cve-2012-5166 https://kb.isc.org/article/AA-00801 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#689031: CVE-2012-4448
I got this information from WordPress team member: "We've internally classified this CSRF as not critical because of the limited impact; it cannot lead to XSS or anything that amounts to much more than comment spam." How do you think we should proceed? More references: https://bugs.gentoo.org/show_bug.cgi?id=436198 https://secunia.com/advisories/50715/ http://osvdb.org/85731 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#688009: unreproducable
Hello, I could not reproduce this issue in squeeze with amd64-machine using monkey package 0.9.3-1. Could you tell me more about your virtualization environment? - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#688007: CVE-request done
CVE request: http://www.openwall.com/lists/oss-security/2012/09/20/7 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#688009: unreproducable
On Thu, Sep 20, 2012 at 01:37:35PM -0500, John Lightsey wrote: > On 09/20/2012 11:39 AM, Henri Salo wrote: > > I could not reproduce this issue in squeeze with amd64-machine > > using monkey package 0.9.3-1. Could you tell me more about your > > virtualization environment? > > I used a KVM VM running Squeeze with an AMD Athlon(tm) II X4 640 > Processor and with the enabled processor features copied from the host > in virt-manager. The hypervisor was running linux-image-3.2.0-2-amd64 > version 3.2.20-1. It really didn't look like an issue that came up > because of my virtualization though, and the VMs I tested with are > very solid in my experience. > > If you'd like, I can get a full backtrace. It takes some effort since > the monkey package doesn't handle DEB_BUILD_OPTIONS correctly. I think full backtrace is needed, but at the moment this monkey-package is unmaintained[1] and contains at least two unfixed security vulnerabilities[2][3]. Security team is going to request this packages removal from wheezy. Are you using this in production? Is it something that only monkey can handle or can it be any www-server software in Debian? > It's possible it has to hit the glibc 2.0 compatibility code in either > m_build_buffer() or m_build_buffer_from_buffer(). This seemed to be > consistent when I was looking at the problem. It's possible my system > hit this reliably because of length of the hostname or something along > those lines. 1: http://packages.qa.debian.org/m/monkey.html 2: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007 (CVE-2012-4442) 3: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008 - Henri Salo ps. included Raphael to this email as he was discussing the topic in #debian-security -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#688008: CVE requested
CVE-requested in oss-security: http://www.openwall.com/lists/oss-security/2012/09/21/8 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#688956: dracut: CVE-2012-4453: creates non-world readable initramfs images
Package: dracut Version: 020-1 Severity: important Tags: security An information disclosure flaw was found in the way dracut, an initramfs root filesystem images generator, created initramfs images. When the root filesystem contained sensitive information (password based authentication for iSCSI systems or encrypted root filesystem crypttab password information), an attacker could use this flaw to obtain this information. I haven't verified Debian packages are affected. If you want me to do it send me an email :) Reference: https://bugzilla.redhat.com/show_bug.cgi?id=859448 Patch: http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71 Information from: http://www.openwall.com/lists/oss-security/2012/09/27/3 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#693391: claws-mail-vcalendar-plugin: credentials exposed on interface
Subject: claws-mail-vcalendar-plugin: credentials exposed on interface Package: claws-mail-vcalendar-plugin Severity: normal Tags: security Reported originally in here: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782 by csw...@gmail.com: """ In some instances, it might be the case that the only possible way to access a calendaring service is through https, and in such cases, the only way to authenticate (at least within the confines of vCalendar) is by embedding the username:password into the ics URL and/or have a 'private' url that shouldn't be shared. In either case, after configuring a calendar and trying to access it, the full url is displayed in the status tray when trying to poll the calendar, something like: Fetching 'https://user:passw...@server.example.com/location/of/my/Calendar'... Thus, use of the vCalendar plugin really isn't suitable or secure for such configurations! In the scenarios above, the former is more of a concern but neither is one you'd necessarily want to expose to prying eyes. Even a google calendar "private url", for example, is visible it its entirety within the status tray. """ No upstream fix for this yet. CVE-request by Ricardo Mones in here http://www.openwall.com/lists/oss-security/2012/11/15/5 Please contact me in case of any questions. Haven't verified this in Debian-package yet, but I can do that and even try to backport the patch when it comes out. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#683283: Fixed in upstream
This is now fixed in upstream. For more information: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782#c4 -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#683283: .
Sorry. Last message came for wrong bug-report. :( -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#693391: Fixed in upstream
This is now fixed in upstream. For more information: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782#c4 -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#693977: gimp: memory corruption vulnerability affecting 2.8.2
Package: gimp Version: 2.8.2-1 Severity: important Tags: security, fixed-upstream GIMP 2.8.2 is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Upstream fix: http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 (fixed in master and gimp-2-8) References: https://bugzilla.gnome.org/show_bug.cgi?id=687392 Details from CVE request: http://www.openwall.com/lists/oss-security/2012/11/21/2 Please note that other versions might be vulnerable as well. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#684694: emacs24: CVE-2012-3479: GNU Emacs file-local variables
Package: emacs24 Version: 24.1+1-4 Severity: important Tags: security, fixed-upstream Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1. More details: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 http://www.openwall.com/lists/oss-security/2012/08/13/1 http://www.openwall.com/lists/oss-security/2012/08/13/2 I haven't manually verified this in Debian packages. Please ask in case you want me to do it. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#684695: emacs23: CVE-2012-3479: GNU Emacs file-local variables
Package: emacs23 Version: 23.2+1-7 Severity: important Tags: security, fixed-upstream Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1. More details: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 http://www.openwall.com/lists/oss-security/2012/08/13/1 http://www.openwall.com/lists/oss-security/2012/08/13/2 I haven't manually verified this in Debian packages. Please ask in case you want me to do it. - Henri Salo ps. another bug-report for emacs24 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#685581: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection
Package: inn Version: 1.7.2q-41 Severity: grave >From oss-security mailing list: the STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. References: [1] https://www.isc.org/software/inn/2.5.3article [2] https://bugs.gentoo.org/show_bug.cgi?id=432002 [3] https://bugzilla.redhat.com/show_bug.cgi?id=850478 Relevant upstream patch (the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part): [4] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz http://www.openwall.com/lists/oss-security/2012/08/21/8 http://www.openwall.com/lists/oss-security/2012/08/21/12 - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#651510: gpw does not generate full length passwords sometimes
This is security issue as as some people are using this via wrappers/scripts. Also has impact to policies set by organizations. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#656247: phpmyadmin: Local File Inclusion via XXE-injection (CVE-2011-4107)
Package: phpmyadmin Version: 4:3.3.7-6 Severity: normal Vulnerability in phpmyadmin in squeeze has been exploited wildly in public. Spion from #debian-security asked this to be handled quickly. Tracker: http://security-tracker.debian.org/tracker/CVE-2011-4107 Exploit: http://www.exploit-db.com/exploits/18371/ OSVDB: http://osvdb.org/show/osvdb/76798 Please note that I have not validated this vulnerability and there is something strange going on as OSVDB has subject: "libraries/import/xml.php XML Data Entity References Parsing Remote Information Disclosure" and exploit-db is talking about LFI. Probably both are true. Contact me in case you need any help solving this issue. I can test and try to patch for example if needed. From MITRE's CVE-list: == Name: CVE-2011-4107 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107 Phase: Assigned (20111018) Category: Reference: FULLDISC:2002 PhpMyAdmin Arbitrary File Reading Reference: URL:http://seclists.org/fulldisclosure/2011/Nov/21 Reference: MISC:http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt Reference: MISC:http://www.wooyun.org/bugs/wooyun-2010-03185 Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=751112 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php Reference: FEDORA:FEDORA-2011-15831 Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html Reference: FEDORA:FEDORA-2011-15841 Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html Reference: FEDORA:FEDORA-2011-15846 Reference: URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html Reference: BID:50497 Reference: URL:http://www.securityfocus.com/bid/50497 Reference: OSVDB:76798 Reference: URL:http://osvdb.org/76798 Reference: SECUNIA:46447 Reference: URL:http://secunia.com/advisories/46447 Reference: XF:phpmyadmin-xml-info-disclosure(71108) Reference: URL:http://xforce.iss.net/xforce/xfdb/71108 The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. Current Votes: None (candidate not yet proposed) == -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages phpmyadmin depends on: ii dbconfig-common1.8.46+squeeze.0 common framework for packaging dat ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libapache2-mod-php55.3.3-7+squeeze3 server-side, HTML-embedded scripti ii libjs-mootools 1.2.4.0~debian1-1 compact JavaScript framework ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction ii php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripti ii php5-cgi 5.3.3-7+squeeze3 server-side, HTML-embedded scripti ii php5-mcrypt5.3.3-7+squeeze3 MCrypt module for php5 ii php5-mysql 5.3.3-7+squeeze3 MySQL module for php5 ii ucf3.0025+nmu1 Update Configuration File: preserv Versions of packages phpmyadmin recommends: ii apache22.2.16-6+squeeze4 Apache HTTP Server metapackage ii apache2-mpm-prefork [h 2.2.16-6+squeeze4 Apache HTTP Server - traditional n ii mysql-client 5.1.49-3 MySQL database client (metapackage ii mysql-client-5.1 [mysq 5.1.49-3 MySQL database client binaries ii php5-gd5.3.3-7+squeeze3 GD module for php5 Versions of packages phpmyadmin suggests: pn mysql-server (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#656247: phpmyadmin: Local File Inclusion via XXE-injection (CVE-2011-4107)
tags security severity critical -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#656388: tucan
CVE-2012-0063 is assigned to this case. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#678998: libpython3.1: python3.1 disables workaround for CVE-2011-3389 (#678998)
What is status of this issue? Is there something I can do to help? - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#679443: CVE-2012-2737: local file disclosure flaw
Package: accountservice Version: 0.6.15-4 Severity: important Tags: security Hello, There is a new security vulnerability in accountservice. http://www.openwall.com/lists/oss-security/2012/06/28/9 http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b https://bugzilla.redhat.com/show_bug.cgi?id=832532 I am not sure if Debian code is affected. Could you please verify? -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.4.1 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#659339: imagemagick: Invalid validation DoS CVE-2012-0247/CVE-2012-02478
Package: imagemagick Version: 8:6.6.0.4-3 Severity: important Tags: security Concerning ImageMagick 6.7.5-0 and earlier: CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages imagemagick depends on: ii libbz2-1.01.0.5-6+squeeze1 high-quality block-sorting file co ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libfontconfig12.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgomp1 4.4.5-8GCC OpenMP (GOMP) support library ii libice6 2:1.0.6-2 X11 Inter-Client Exchange library ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii liblqr-1-00.4.1-1converts plain array images into m ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libmagickcore38:6.6.0.4-3low-level image manipulation libra ii libmagickwand38:6.6.0.4-3image manipulation library ii libsm62:1.1.1-1 X11 Session Management library ii libtiff4 3.9.4-5+squeeze3 Tag Image File Format (TIFF) libra ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxt61:1.0.7-1 X11 toolkit intrinsics library ii zlib1g1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages imagemagick recommends: ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF ii libmagickcore3-extra 8:6.6.0.4-3low-level image manipulation libra ii netpbm2:10.0-12.2+b1 Graphics conversion tools between ii ufraw-batch 0.16-3+b1 batch importer for raw camera imag Versions of packages imagemagick suggests: pn autotrace (no description available) pn cups-bsd | lpr (no description available) ii curl7.21.0-2.1+squeeze1 Get a file from an HTTP, HTTPS or pn enscript (no description available) pn ffmpeg (no description available) ii gimp2.6.10-1+squeeze1The GNU Image Manipulation Program ii gnuplot 4.4.0-1.1A command-line driven interactive pn grads (no description available) ii groff-base 1.20.1-10GNU troff text-formatting system ( pn hp2xx (no description available) pn html2ps(no description available) pn imagemagick-doc(no description available) pn libwmf-bin (no description available) ii mplayer 2:1.0~rc3++final.dfsg1-1 movie player for Unix-like systems pn povray (no description available) pn radiance (no description available) ii sane-utils 1.0.21-9 API library for scanners -- utilit ii texlive-binarie 2009-8 Binaries for TeX Live ii transfig1:3.2.5.c-1 Utilities for converting XFig figu ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#659379: uzbl: world-readable (and writable!) cookie jar
On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote:
> * Henri Salo , 2012-02-11, 14:11:
> >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
> >>drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
> >>-rw-rw-rw- 1 user users 732 Feb 9 23:29
> >>/home/user/.local/share/uzbl/cookies.txt
> >>
> >>This allows local users to steal cookies (and tamper with them).
> >
> >Does this security-issue have CVE-identifier? I can request one
> >from oss-security mailing list if ID hasn't been assigned.
>
> It's been already requested, but not assigned yet AFAICS:
> http://seclists.org/oss-sec/2012/q1/406
>
> --
> Jakub Wilk
Ok. Thank you for fast reply. Please contact me if you need testing or other
help.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#659379: [Secure-testing-team] Bug#659379: uzbl: world-readable (and writable!) cookie jar
On Fri, Feb 10, 2012 at 05:09:13PM +0100, Jakub Wilk wrote:
> Package: uzbl
> Version: 0.0.0~git.20100403-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
> $ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/
> drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/
> -rw-rw-rw- 1 user users 732 Feb 9 23:29
> /home/user/.local/share/uzbl/cookies.txt
>
> This allows local users to steal cookies (and tamper with them).
>
> --
> Jakub Wilk
Does this security-issue have CVE-identifier? I can request one from
oss-security mailing list if ID hasn't been assigned.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
