Bug#718682: liblcms1: Buffer overflows in Little CMS v1.19

Package: liblcms1 Version: 1.19 Severity: grave Tags: upstream security patch Justification: user security hole I have found three (lame) buffer overflows in lcms-1.19. The problem lies in the use of dangerous functions like scanf and sprintf to handle user input. I have contacted the Little CMS

Bug#675991: openbox 3.5 crashes xorg server with gtk3 apps

Package: openbox Version: 3.5.0-3 Severity: grave Tags: patch Justification: causes non-serious data loss Hi, I'm suffering from constant but hard to reproduce crashes with version 3.5 of openbox. This is a known upstream bug which is triggered by gtk3 apps. More details of upstream bug and pat

Bug#589689: transition to libjack-jackd2-0 breaks many packages

Package: jackd2 Severity: grave Tags: sid Justification: renders package unusable Hi, the recent transition to jackd2 causes a mess in my system. I don't want to downgrade to jackd2. After being forced to use it for a couple of months, I find it is much more reliable. If I try to install jackd2

Bug#582590: iceweasel: firefox vulnerability causes a local DoS

Package: iceweasel Version: 3.5.9-3 Severity: grave Tags: security Justification: causes non-serious data loss Hi, a new vulnerability has been discovered in several browsers, including Firefox/Iceweasel. You can get more information here http://www.securityfocus.com/archive/1/511327/100/0/thre

Bug#582587: mydms: Directory transversal and CSRF vulnerabilities discovered in <= 1.7.2

Package: mydms Severity: grave Tags: security Justification: user security hole Hi, some rather serious security vulnerabilities have been discovered in MyDMS <= 1.7.2. One of them is directory transversal and the other several cross site request forgeries. More information is here: https://ww

Bug#568942: samba: mtab corruption via malicious crafted string

Package: samba Version: 2:3.4.5~dfsg-1 Severity: grave Tags: security Justification: user security hole Hi, a security bug has been discovered in all versions of Samba up to and including 3.4.5. It is possible to cause mtab corruption via a specially crafted string. More information at http://

Bug#567417: drupal6: SA-CONTRIB-2010-004 - Node block XSS attack

Package: drupal6 Severity: critical Tags: security Justification: root security hole The Node Block module creates a block from specified content type(s). Node block doesn't properly escape titles allowing users with permissions to create/edit the specified content type(s) to inject arbitrary c

Bug#566684: kfreebsd-7: ZFS security bug, local users may access unauthorized files - CVE-2010-0318

Package: kfreebsd-7 Severity: grave Tags: security Justification: user security hole Hi, the replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses weak permissions () instead of the original permissions,