debconf information
I tested that and you are right. I forward this to fluxbox -community.
--
Henri Salo | [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pierrick Brossin wrote:
On Tue, Sep 05, 2006 at 01:30:34PM +0300, Henri Salo wrote:
if I add option -x to Eterm because I want it to be borderless ..
Eterm -x -O --shade 40 --font-fx none --buttonBar no --scrollBar no
it doesn't appear on the toolbar, [..]
I tested that and yo
Useful software. We already do have http://packages.debian.org/wheezy/python-ply
which is dependency. I can help maintaining this package.
---
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
Package: web2ldap
Version: 1.1.43~dfsg-1
Severity: important
Tags: security, fixed-upstream
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7258
http://www.web2ldap.de/changes-1.1.html
http://secunia.com/advisories/56160
Please import new upstream version to unstable, thanks.
---
Henri
Could not reproduce with upstream version 2014.02.13 (SHA1:
d406caf93792a2c7378a691bf108df96b5012c11), which might be plausible solution.
signature.asc
Description: Digital signature
Package: arora
Version: 0.11.0-1
Severity: important
Tags: security
Arora is using insecure SSL ciphers. Please consider disabling following:
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_
This bug needs more information. What URL were you browsing and/or what Arora
functionality did you use at the time of that error?
signature.asc
Description: Digital signature
a given CVE identifier fixed
> in?
Questions are currently answered in Debian security tracker[1]. Maybe same
code/logic can be used in other services and interfaces too. Please let me know
if I can assist creating better UDD.
1: https://security-tracker.debian.org/tracker/
---
Henri Salo
/42016a35c8907e477be73b0b5d06cc09af231ee4
---
Henri Salo
signature.asc
Description: Digital signature
-2013-7081
CVE-2013-7082
I'm happy to help if there is any questions about these issues.
---
Henri Salo
signature.asc
Description: Digital signature
How is this security related and why severity is serious?
---
Henri Salo
signature.asc
Description: Digital signature
What do you mean by this bug report? Please provide more information.
---
Henri Salo
signature.asc
Description: Digital signature
Package: tritium
Version: 0.3.8-2
Severity: normal
user@unstable:~$ tritium -h
Traceback (most recent call last):
File "/usr/bin/tritium", line 170, in
usage()
NameError: name 'usage' is not defined
Also the man page does not help at all.
-- System Information:
Debian Release: jessie/sid
.6, (C) 2005 by folk...@vanheusden.com
Passphrase is:=20
"""
You might want to use Python + paramiko to bruteforce the password.
---
Henri Salo
signature.asc
Description: Digital signature
m package and I noticed all the same
problems.
---
Henri Salo
signature.asc
Description: Digital signature
ttp://www.openwall.com/lists/oss-security/2014/01/18/5
---
Henri Salo
signature.asc
Description: Digital signature
thew Daley
CVE request: http://www.openwall.com/lists/oss-security/2014/01/18/5
---
Henri Salo
signature.asc
Description: Digital signature
Confirmed. Maintainer do you know reason for this already or do you need help?
---
Henri Salo
signature.asc
Description: Digital signature
Package: xen
Version: 4.0.1-5.11
Severity: important
Tags: security, patch, fixed-upstream
http://www.openwall.com/lists/oss-security/2013/11/21/2
Description:
An inverted boolean parameter resulted in TLB flushes not happening
upon clearing of a present translation table entry. Retaining stale
Also reported in https://bugzilla.novell.com/show_bug.cgi?id=852368
---
Henri Salo
signature.asc
Description: Digital signature
Package: horizon
Version: 2013.2-1
Severity: normal
Tags: security, fixed-upstream
Chris Chapman of Cisco PSIRT reports:
The OpenStack web user interface (horizon) is vulnerable to XSS:
While launching (or editing) an instance, injecting
I can help maintain this package (I'm not a Debian Developer yet). I have
already been using these scripts with x220t device.
---
Henri Salo
signature.asc
Description: Digital signature
/mercurial/ci/7ab9e443a8eb9d1b03cbed33006b7665bda9383e
http://frontaccounting.com/wb3/pages/posts/release-2.3.21201.php
Please use CVE in changelog. I'm happy to help in case you need PoC / reproduce
or some other help.
---
Henri Salo
signature.asc
Description: Digital signature
Sorry I made copypaste mistake with version numbers. I haven't checked other
versions than sid. I can check others if needed.
signature.asc
Description: Digital signature
Package: xen
Version: 4.0.1-5.11
Severity: important
Tags: security, fixed-upstream
Please see for details: http://www.openwall.com/lists/oss-security/2014/06/17/6
Patch: http://seclists.org/oss-sec/2014/q2/att-549/xsa100.patch
---
Henri Salo
signature.asc
Description: Digital signature
used a wildcard certificate, and the hostname does not match the
wildcard, it would still consider the connection valid.
1: https://bugs.launchpad.net/duplicity/+bug/1314234
I have no access to that bug item, but I can contact upstream if needed.
---
Henri Salo
signature.asc
Description
Package: zabbix
Version: 1:2.2.3+dfsg-1
Severity: grave
Tags: security
Advisory: http://seclists.org/fulldisclosure/2014/Jun/87
Below might be the fix, but please verify.
---
Henri Salo
svn diff -r46596:46600
Index: frontends/php/include/defines.inc.php
Do you have any more information about this? It is quite hard to fix security
vulnerability without any details.
---
Henri Salo
signature.asc
Description: Digital signature
Upstream bug report: https://support.zabbix.com/browse/ZBX-8151
signature.asc
Description: Digital signature
Package: ntop
Version: 3:5.0.1+dfsg1-2
Severity: normal
Tags: security
Original advisory: http://packetstormsecurity.com/files/127043/ntop-xss.txt
PoC:
http://127.0.0.1:3000/plugins/rrdPlugin?action=list&key=interfaces/eth0&title=interface%20eth0%3C/title%3E%3Cmarquee%3E
---
He
y they've not opened it up yet."""
RedHat issue tracker has enough information to understand this security issue.
If you want I can contact upstream too.
---
Henri Salo
signature.asc
Description: Digital signature
I contacted upstream. Reference URL is now open.
signature.asc
Description: Digital signature
etween 20:00-22:00 UTC we will
release security and maintenance updates for all current and supported branches
of the MediaWiki software. Downloads and patches will be available at that time.
"""
I don't yet have CVEs for these issues.
---
Henri Salo
signature.asc
Description: Digital signature
Package: elfutils
Version: 0.157-3
Severity: important
Tags: security, fixed-upstream
Details: http://www.openwall.com/lists/oss-security/2014/04/09/12
Contact me in case I can help somehow.
---
Henri Salo
signature.asc
Description: Digital signature
Confirmed. Package is not in testing anymore.
signature.asc
Description: Digital signature
Package: wireshark
Version: 1.10.6-1
Severity: important
Tags: security, fixed-upstream
http://www.wireshark.org/security/wnpa-sec-2014-06.html
signature.asc
Description: Digital signature
Package: php-dompdf
Version: 0.6.0~beta3+dfsg0-1
Severity: normal
Tags: security, fixed-upstream
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
https://github.com/dompdf/dompdf/releases
User is in risk if he/she has enabled DOMPDF_ENABLE_REM
Hello Mones,
If you need help to fix this issue please contact me (I kept the unofficial
repos for a while years ago).
---
Henri Salo
signature.asc
Description: Digital signature
/SpecialChangePassword.php
CVE request: http://www.openwall.com/lists/oss-security/2014/03/28/1
I have not verified this issue and I have not tested this in stable. Please ask
if you need help.
---
Henri Salo
signature.asc
Description: Digital signature
Package: vlc
Version: 2.1.2-2
Severity: important
Tags: security, fixed-upstream
Patch available:
http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404
---
Henri Salo
signature.asc
Description: Digital signature
Source: linux
Version: 3.14.2-1
Severity: important
Tags: security, fixed-upstream
Please see for details:
http://www.openwall.com/lists/oss-security/2014/04/22/11
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e
https://git.kernel.org/
What is the status with these issues in version currently in unstable? "It
creates temporary files insecurely" are handled in different bug report so no
need to comment about it :)
---
Henri Salo
signature.asc
Description: Digital signature
---
Henri Salo
signature.asc
Description: Digital signature
Package: python-soappy
Version: 0.12.0-4
Severity: important
Tags: security
References:
http://www.openwall.com/lists/oss-security/2014/05/06/1
http://www.pnigos.com/?p=260
Please contact me in case you need help with testing etc.
---
Henri Salo
signature.asc
Description: Digital signature
Package: heat
Version: 2014.1-3
Severity: important
Tags: security
Please see for details: https://launchpad.net/bugs/1311223
---
Henri Salo
signature.asc
Description: Digital signature
multiplication with 4, the allocation still overflows (on 32 bit
and 64 bit).
xf_Bitmap_Decompress() appears to have a similar issue.
"""
---
Henri Salo
signature.asc
Description: Digital signature
. Feel free to
contact me in case you need any help.
---
Henri Salo
signature.asc
Description: Digital signature
t stable release.
---
Henri Salo
signature.asc
Description: Digital signature
://www.openwall.com/lists/oss-security/2014/06/03/7
---
Henri Salo
signature.asc
Description: Digital signature
Do you still have this issue with version 2.2.2-1?
---
Henri Salo
signature.asc
Description: Digital signature
Package: linux
Version: 3.14.2-1
Severity: important
Tags: security, fixed-upstream
Introduced by
https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233
Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c
(v3.15-rc1)
---
Henri Salo
signature.asc
Package: dovecot
Version: 1:2.2.12-3
Severity: important
Tags: security, fixed-upstream
http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
---
Henri Salo
signature.asc
Description: Digital signature
Source: nginx
Version: 1.4.6-1
Severity: grave
Tags: security, fixed-upstream
http://nginx.org/en/security_advisories.html
http://nginx.org/download/patch.2014.spdy2.txt
Not vulnerable: 1.5.12+, 1.4.7+
Vulnerable: 1.3.15-1.5.11
---
Henri Salo
signature.asc
Description: Digital signature
Hello,
Does this issue have CVE-identifier? I am happy to request one if there isn't
one yet.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE request http://www.openwall.com/lists/oss-security/2013/01/22/8
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks
to the Moxiecode team for working with us on this, and for releasing Plupload
1.5.5 to address this issue.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ
I have manually verified this issue with
https://github.com/FireFart/WordpressPingbackPortScanner
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Checked source code of squeeze and sid. Both affected.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
f(!self.a)self.a=!alert('horse');//
Easy fix: remove those lines and say that "Your lovely Debian server doesn't
need flash-files." ;)
As far as I know first advisory for this issue is in here:
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupl
/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: sqlite
Version: 2.8.17-6
Severity: normal
I have following code:
"""
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sqlite
print('Sqlite module version: %s' % sqlite.version)
conn = sqlite.connect('test.db')
connection = conn.cursor()
arg = 'foo'
connection.execute('insert into
So it also crashes with: connection.execute('insert into test (id, arg) values
(1, arg=:arg)', {"arg": arg})
It does not matter if there is a working database or not. I used empty file in
the example.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lis
Package: zabbix
Version: 1:2.0.2+dfsg-4
Severity: important
Tags: security
Please see: https://support.zabbix.com/browse/ZBX-5924
zabbix-2.0.2/src/libs/zbxmedia/eztexting.c is still using curl insecure way.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
CVE-2013-0156.
Versions Affected: ALL versions
Not affected: NONE
Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15
"""
This probably affects squeeze and wheezy too. Please contact me in case you
need any help!
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-r
http://sourceforge.net/mailarchive/message.php?msg_id=30193056
https://github.com/fail2ban/fail2ban/commit/83109bc
https://bugzilla.redhat.com/show_bug.cgi?id=887914
https://bugs.gentoo.org/show_bug.cgi?id=447572
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subje
service attack when processing
specially crafted requests.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
be
released.
Bug: http://jira.ow2.org/browse/LEMONLDAP-570
Patch:
http://jira.ow2.org/secure/attachment/11153/lemonldap-ng-saml-signature-verification.patch
CVE request http://www.openwall.com/lists/oss-security/2012/12/19/6
Checked from code that this is not yet patched in unstable.
- Henri
High
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information
http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
Please email me in case you need my help.
- Henri Salo
--
To UNSUBS
://osvdb.org/88611
3: http://bugs.debian.org/696868
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
hiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: moin
Version: 1.9.5-2
Severity: important
Tags: security
Details can be found at: http://moinmo.in/SecurityFixes
A fix is available at: http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
CVE request: http://www.openwall.com/lists/oss-security/2012/12/29/6
- Henri Salo
--
To UNSUBSCRIBE
Package: moin
Version: 1.9.5-2
Severity: important
Tags: security
Details can be found at: http://moinmo.in/SecurityFixes
A fix is available at: http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
CVE request: http://www.openwall.com/lists/oss-security/2012/12/29/8
- Henri Salo
--
To UNSUBSCRIBE
CVE-request for this issue in here:
http://www.openwall.com/lists/oss-security/2012/10/05/6
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I haven't previously used this package but I am happy to test this after
upload. I hope new upload also fixed open security issues.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
gi?bug=672880#25
I can test other packages as well if needed.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: bind9
Version: 1:9.7.3.dfsg-1~squeeze7
Severity: important
Tags: security
References:
https://www.isc.org/software/bind/advisories/cve-2012-5166
https://kb.isc.org/article/AA-00801
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
bugs.gentoo.org/show_bug.cgi?id=436198
https://secunia.com/advisories/50715/
http://osvdb.org/85731
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hello,
I could not reproduce this issue in squeeze with amd64-machine using monkey
package 0.9.3-1. Could you tell me more about your virtualization environment?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe"
CVE request: http://www.openwall.com/lists/oss-security/2012/09/20/7
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Thu, Sep 20, 2012 at 01:37:35PM -0500, John Lightsey wrote:
> On 09/20/2012 11:39 AM, Henri Salo wrote:
> > I could not reproduce this issue in squeeze with amd64-machine
> > using monkey package 0.9.3-1. Could you tell me more about your
> > virtualization environment?
CVE-requested in oss-security:
http://www.openwall.com/lists/oss-security/2012/09/21/8
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
http://git.kernel.org/?p=boot/dracut/dracut.git;a=commit;h=e1b48995c26c4f06d1a71
Information from: http://www.openwall.com/lists/oss-security/2012/09/27/3
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
thin the
status tray.
"""
No upstream fix for this yet. CVE-request by Ricardo Mones in here
http://www.openwall.com/lists/oss-security/2012/11/15/5
Please contact me in case of any questions. Haven't verified this in
Debian-package yet, but I can do that and even try to backport th
This is now fixed in upstream. For more information:
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782#c4
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Sorry. Last message came for wrong bug-report. :(
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
This is now fixed in upstream. For more information:
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782#c4
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
=2873262fccba12af144ed96ed91be144d92ff2e1
(fixed in master and gimp-2-8)
References: https://bugzilla.gnome.org/show_bug.cgi?id=687392
Details from CVE request:
http://www.openwall.com/lists/oss-security/2012/11/21/2
Please note that other versions might be vulnerable as well.
- Henri Salo
--
To UNSUBSCRIBE, email to debian
2
I haven't manually verified this in Debian packages. Please ask in case you
want me to do it.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
2
I haven't manually verified this in Debian packages. Please ask in case you
want me to do it.
- Henri Salo
ps. another bug-report for emacs24
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
ugzilla.redhat.com/show_bug.cgi?id=850478
Relevant upstream patch
(the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part):
[4] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz
http://www.openwall.com/lists/oss-security/2012/08/21/8
http://www.openwall.com/lists/oss-security
This is security issue as as some people are using this via wrappers/scripts.
Also has impact to policies set by organizations.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: phpmyadmin
Version: 4:3.3.7-6
Severity: normal
Vulnerability in phpmyadmin in squeeze has been exploited wildly in public.
Spion from #debian-security asked this to be handled quickly.
Tracker: http://security-tracker.debian.org/tracker/CVE-2011-4107
Exploit: http://www.exploit-db.com/e
tags security
severity critical
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE-2012-0063 is assigned to this case.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
What is status of this issue? Is there something I can do to help?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: accountservice
Version: 0.6.15-4
Severity: important
Tags: security
Hello,
There is a new security vulnerability in accountservice.
http://www.openwall.com/lists/oss-security/2012/06/28/9
http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
htt
Package: imagemagick
Version: 8:6.6.0.4-3
Severity: important
Tags: security
Concerning ImageMagick 6.7.5-0 and earlier:
CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset
and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes
into an invalid a
On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote:
> * Henri Salo , 2012-02-11, 14:11:
> >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/u
ers to steal cookies (and tamper with them).
>
> --
> Jakub Wilk
Does this security-issue have CVE-identifier? I can request one from
oss-security mailing list if ID hasn't been assigned.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
w
1 - 100 of 360 matches
Mail list logo
