Bug#471511: gnome-keyring-manager: clear-text passwords shown without protection

2008-03-18 Thread Lubomir Kundrak
mail client's memory if you keep it running, etc.). That's the basic principle: *Never* let anyone who you do not trust use your desktop. Log off or lock screen when you leave the terminal. -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED]

Bug#469296:

2008-03-04 Thread Lubomir Kundrak
Wow, you really consider is a security issue? When a user does a mistake? -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#462047: iceweasel: crash/exploit

2008-01-22 Thread Lubomir Kundrak
the time the attack took place). Do you have a public IP address and do you run any network servers? Do you happen to run any other network clients apart from Web browser, such as BitTorrent client or maybe an Instant Messenger? Thanks, -- Lubomir Kundrak (Red Hat Security Response Team

Bug#449108: CVE-2007-3920: bypass password authentication

2007-11-05 Thread Lubomir Kundrak
Please note that Red Hat believes that the attached patch is not completly correct. See the Red Hat bugzilla entry for justification and another patch: https://bugzilla.redhat.com/show_bug.cgi?id=350271 -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL

Bug#449108: CVE-2007-3920: bypass password authentication

2007-11-05 Thread Lubomir Kundrak
Whoops, I am terribly sorry for the noise. In fact I did not notice that this is a different patch from proposed upstream one and is likely to be correct. -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubs

Bug#438511: CVE-2007-3713 CenterICQ buffer overflows

2007-08-20 Thread Lubomir Kundrak
Hi, Here is the diff of changes we did to fix this for Fedora: [1]. Hopefully that will be useful also for you. [1] http://cvs.fedora.redhat.com/viewcvs/rpms/centericq/devel/centericq-4.21.0-overflows.patch?root=extras Regards, -- .''`. Lubomir Kundrak (Red Hat Security Res

Bug#408530: libcapi20-3: buffer overflow in "printbuf" called from capi_cmsg2str

2007-01-29 Thread Lubomir Kundrak
/source/xref/isdn4k-utils-CVS-2003-09-23/capi20/convert.c#957 Regards, -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#402951: libapache-mod-ssl: restart leaves /var/cache/apache/__db.ssl_cache.db there

2006-12-21 Thread Lubomir Kundrak
seeing this. Did you manage to get any more information concerning this? Regards, -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396256: CVE-2006-4513: wvWare Multiple Integer Overflow Vulnerabilities

2006-10-31 Thread Lubomir Kundrak
This also affects AbiWord package. In contrast to what CVE candidate CVE-2006-4513 text says, this does _not_ affect KOffice's KWord. -- Lubomir Kundrak (Red Hat Security Response Team) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble?

Bug#396360: CVE-2006-4513 Abiword likely vulnerable to integer overflows

2006-10-31 Thread Lubomir Kundrak
Package: abiword Version: 2.2.7-3sarge2 Tags: security, upstream Severity: grave Abiword likely uses version of VW library (see #396256) vulnerable to two integer overflow conditions. See CVE text for more details. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513 -- Lubomir Kundrak