Patch attached, based on FreeBSD one.
Bye,
Gerardo
--- heimdal-0.6.3/appl/telnet/telnet/telnet.c.orig 2002-05-03
12:19:43.0 +0200
+++ heimdal-0.6.3/appl/telnet/telnet/telnet.c 2005-04-21 01:07:40.854403312
+0200
@@ -1294,6 +1294,7 @@
unsigned char slc_reply[128];
+unsigned ch
Patch for sid attached.
Gerardo
diff -Nru /tmp/K6tJKUUwAx/xine-lib-1.0/src/input/librtsp/rtsp.c
/tmp/ljlLpb7MdV/xine-lib-1.0/src/input/librtsp/rtsp.c
--- /tmp/K6tJKUUwAx/xine-lib-1.0/src/input/librtsp/rtsp.c 2004-07-25
19:13:54.0 +0200
+++ /tmp/ljlLpb7MdV/xine-lib-1.0/src/input/lib
Package: eskuel
Version: 1.0.5-3
Severity: critical
Tags: security patch
Justification: causes serious data loss
It's possible to read any file on the system.
File: include/functions.inc.php
Vulnerable function: select_lang_config()
Vulnerable code:
[...]
$lang_config_cookie = (isset($HTTP_COOKIE
The patch provided contains an errore. The line to add is:
if (strpos($lang_conf, "..")!==false) die("Invalid language file");
Bye,
Gerardo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Proposed stupid-patch for the testing distribution.
If there isn't apex in the supplied argumenti it's impossible to modify
the SQL query.
Bye,
Gerardo
diff -Nru /tmp/4fCGVl7C4o/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
/tmp/pjjbxPhZcv/xtradius-1.2.1-beta2/contrib/authmysql/authmysql.c
I think that the best solution is to put a "chmod" after:
/usr/bin/touch $new_mldonkey_dir/downloads.ini
in "mldonkey-server.postinst".
Bye
Gerardo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: mc
Severity: normal
Some vulnerabilities found in old version of mc (stable package) are
present in unstable/testing distributions too.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1-3-386
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)
7 matches
Mail list logo
