Bug#423524: otrs2: [CVE-2007-2524] XSS vulnerability in index.pl

Package: otrs2 Version: 2.0.4p01-17 Severity: normal Tags: security Hi, According to CVE-2007-2524 : | Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open | Ticket Request System) 2.0.x allows remote attackers to inject | arbitrary web script or HTML via the Subaction parameter i

Bug#423062: sun-java5 in Etch still vulnerable to CVE-2007-2435

Package: sun-java5 Version: 1.5.0-10-3 Severity: normal Tags: security Hi, http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 | A security vulnerability in Java Web Start may allow an untrusted | application to elevate its privileges. For example, an application may | grant itsel

Bug#407369: xine-ui: [CVE-2007-0254] Format string vulnerability bogus?

Package: xine-ui Severity: normal Good day, My understanding is that this CVE Candidate is buggy, but in case I have missed something I prefer to let you know, just closed the bug if you agree with me. >From CVE-2007-0254 : | Name: CVE-2007-0254 | Status: Candidate | URL: http://cve.mitre.org/

Bug#406315: totem-mozilla + vlc freeze my powerbook

Package: totem-mozilla Version: 2.16.4-2 Severity: critical Justification: breaks the whole system Hi, This morning I wanted to see how the new Apple IPhone looks like, so I pointed my iceweasel to : http://files.macbidouille.com/news/200701/iPhone_H264.mov this give me the error : You do not

Bug#370432: thunderbird: [CVE-2006-0836] Address Book Import Remote DoS Vulnerability

Package: thunderbird Severity: normal Tags: security Good day, CVE-2006-0836 : | Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an | unspecified denial of service by tricking the user into importing an | LDIF file with a long field into the address book, as demonstrated by a

Bug#370165: php5-curl: [CVE-2006-2563] PHP cURL Safe_Mode Bypass Vulnerability

Package: php5-curl Severity: normal Tags: security patch Good day, CVE-2006-2563 : | The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to | bypass safe mode and read files via a | file:// request containing null characters. More info (and an exploit) is available from : htt

Bug#370166: php4-curl: [CVE-2006-2563] PHP cURL Safe_Mode Bypass Vulnerability

Package: php4-curl Severity: normal Tags: security patch Good day, CVE-2006-2563 : | The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to | bypass safe mode and read files via a | file:// request containing null characters. More info (and an exploit) is available from : http

Bug#370146: netpanzer: [CVE-2006-2575] setFrame() Denial of Service Vulnerability

Package: netpanzer Severity: normal Tags: security Good day, CVE-2006-2575 : | The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and | earlier allows remote attackers to cause a | denial of service (crash) via a client flag (frameNum) that is greater | than 41, which triggers an ass

Bug#358475: nuauth: potential DoS related to a misuse of GnuTLS

Package: nuauth Version: 1.0.16-1 Severity: normal Tags: security Good day, Quoting http://www.nufw.org/+NuFW-1-21-minor-security-fix+.html : | This release fixes an issue related to a misuse of GnuTLS. An | authenticated user using a specially modified client could by generating | a lot of ne

Bug#358471: stlport5: buffer overflows in STLport5

Package: stlport5 Version: 5.0.0-1.1 Severity: normal Tags: security Good day, >From CVE-2006-0963 : | Multiple buffer overflows in STLport 5.0.2 might allow local users to | execute arbitrary code via (1) long locale environment variables to a | strcpy function call in c_locale_glibc2.c and

Bug#356266: bind9: default config allows recursive queries which could allows remote attackers to cause a DoS

Package: bind9 Severity: normal Tags: security Good day, > From CVE-2006-0987 : > The default configuration of ISC BIND, when configured as a caching > name server, allows recursive queries and provides additional > delegation information to arbitrary IP addresses, which allows remote > att

Bug#355787: bind: default config allows recursive queries which could allows remote attackers to cause a DoS

Package: bind Version: 1:8.4.6-1 Severity: normal Good day, >From CVE-2006-0987 : > The default configuration of ISC BIND, when configured as a caching > name server, allows recursive queries and provides additional > delegation information to arbitrary IP addresses, which allows remote > a

Bug#298722: Please consider using test in /etc/init.d/sysstat

Package: sysstat Version: 5.0.6-4 Severity: minor Tags: patch Good day, I have notice that /etc/init.d/systat doesn't use the test program to check $ENABLE : if "$ENABLED" = "true" ; then This is ok if $ENABLE is set to true or false but if (like me) you put accidentaly "yes" in $ENABLE then

Bug#296632: [CAN-2005-0503] privilege escalation in uim before 0.4.5.1

Package: uim Severity: normal Good day, >From CAN-2005-0503 : | uim before 0.4.5.1 trusts certain environment variables when libUIM is used in | setuid or setgid applications, which allows local users to gain privileges. This have been fixed in uim 0.4.5.1 More info is available here : http

Bug#296432: xerces25: [CAN-2004-1575] Xerces-C++ 2.5.0: Attribute blowup

Package: xerces25 Severity: normal Good day, >From [CAN-2004-1575] : | The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a | denial of service (CPU consumption) via XML attributes in a crafted | XML document. This problem have been fixed in version 2.6 of Xerces. It's not cl