Dear all,
I would like to inform you that the freeart library
(https://gitlab.esrf.fr/freeart/freeart) has reach end of life. It will
not be maintained anymore. It should be removed from the debian
packages.
Hi,
I pushed to branch master on https://github.com/HenriWahl/dhcpy6d a
version which at least produced working .deb file. Might be still a
little bit rough but maybe it helps to get it running.
I renamed main.py to dhcpy6d.py by the way and copy it to
/usr/sbin/dhcpy6d as starter.
--
Henri
it through the import as optional dependencies of
bytecount and compiled with the previous compiler when they shouldn't
have compiled. (Also: Why does the newly-uploaded version of
packed_simd in sid compile now?)
--
Henri Sivonen
elog entry.
For further information see:
https://security-tracker.debian.org/tracker/CVE-2017-16933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933
https://github.com/Icinga/icinga2/issues/5793
Please adjust the affected versions in the BTS as needed.
--
Henri Salo
signature
in escalation of privileges.
Two problems:
- Cross-site scripting vulnerability with "writer" role
- Missing HttpOnly flag
--
Henri Salo
signature.asc
Description: PGP signature
Shouldn't this be closed AFTER the fix is available? Especially since this is a
security issue.
--
Henri Salo
aking changes to Debian source
package. Feel free to contact me or Debian security team in case you have any
questions.
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJXgmFSAAoJECet96ROqnV0xIMP/12NuYUO3NSqPkAk3C/35go5
aTItQmBr5DqG0a/wS/R5vR0FwyLbJ8FGh36hjXHCC
n.org/pipermail/secure-testing-team/
Could you submit a bug to issue tracker about one issue at the time without
aggressive tone?
--
Henri Salo
locking a post
from being edited, discovered by Mohamed A. Baset.
For more information please see:
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
http://openwall.com/lists/oss-security/2015/08/04/5
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version
detailed
analysis of the issue. If there is no security issue in PHP with the poc we can
close this bug.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
php?id=68819
https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
- --
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBAgAGBQJVN11hAAoJECet96ROqnV0NFwP/1WyM6/jYhMkuyyjIDuGJLR6
5agci0HcM64R5It7Dvoy7HPtP431Qg5XvtJBn2P5YRq9Kgh1g0T7NeA4jbQIQEQs
lj/zO4zf
Attached patches from upstream, which apply to 1.2.1-6. DSA should be created.
---
Henri Salo
--- src/libFLAC/stream_decoder.c.orig 2014-11-25 13:41:50.280032892 +0200
+++ src/libFLAC/stream_decoder.c 2014-11-25 13:48:39.697566936 +0200
@@ -94,7 +94,7
riting.
1)
logkeys --export-keymap=keymap.txt
logkeys --start --keymap=keymap --output=output.txt
echo abcdefghijklmnopqrstuvwxyz
logkeys --kill
2)
logkeys --start --output=output.txt
echo abcdefghijklmnopqrstuvwxyz
logkeys --kill
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I can reproduce this issue without --keymap in the example.
logkeys --start --output=output.txt
typesomething
logkeys --kill
File output.txt contains gibberish.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux
bugs.debian.org/720545
Can you verify that this new issue in BTS is duplicate? If it is I'd prefer that
you comment there and we close this (not merge, so that discussion is easier to
read/follow).
Thank you for your work regarding Debian security.
- ---
Henri Salo
-BEGIN PGP SIGNATURE
give reasoning, thank you.
- ---
Henri Salo
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQqS24ACgkQXf6hBi6kbk/cCQCdGwbC8Tk1kzx1Mjg5OHDAp7wI
KcwAn0NnXCiW/G9CuOQGMRk2xUODZAtm
=zrVO
-END PGP SIGNATURE-
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ
.
---
Henri Salo
signature.asc
Description: Digital signature
vity I could help to get these issues fixed.
---
Henri Salo
signature.asc
Description: Digital signature
Do you have an alternative solution? Maybe this could be extracted directly to
source package and updated with an script?
---
Henri Salo
signature.asc
Description: Digital signature
Package: polarssl
Version: 1.3.7-2
Severity: critical
Tags: security, fixed-upstream
Please see for details:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
---
Henri Salo
signature.asc
Description: Digital signature
Package: poedit
Version: 1.5.4-2
Severity: grave
Justification: renders package unusable
Dear Maintainer,
* What led up to the situation?
Updating the catalog from PHP sources.
* What was the outcome of this action?
Getting an alert 'An assertion failed' with following content:
ASSERT INF
twrap.conf
echo filters_path=/tmp/my-filters.d >>/tmp/my-rootwrap.conf
mkdir /tmp/my-filters.d
echo [Filters] >/tmp/my-filters.d/my.filters
echo my-shell: CommandFilter, /bin/sh, root >>/tmp/my-filters.d/my.filters
sudo -n cinder-rootwrap /tmp/my-rootwrap.conf sh -c id
""&
Package: nova-common
Version: 2014.1.1-1
Severity: grave
Tags: security, confirmed
After installing nova-common file /etc/sudoers.d/nova-common is created. If
/etc/sudoers contains "#includedir /etc/sudoers.d" nova is vulnerable to
CVE-2013-1068 local privilege escalation. Vulnerability does not n
Upstream bug report: https://support.zabbix.com/browse/ZBX-8151
signature.asc
Description: Digital signature
Do you have any more information about this? It is quite hard to fix security
vulnerability without any details.
---
Henri Salo
signature.asc
Description: Digital signature
Package: zabbix
Version: 1:2.2.3+dfsg-1
Severity: grave
Tags: security
Advisory: http://seclists.org/fulldisclosure/2014/Jun/87
Below might be the fix, but please verify.
---
Henri Salo
svn diff -r46596:46600
Index: frontends/php/include/defines.inc.php
---
Henri Salo
signature.asc
Description: Digital signature
Source: nginx
Version: 1.4.6-1
Severity: grave
Tags: security, fixed-upstream
http://nginx.org/en/security_advisories.html
http://nginx.org/download/patch.2014.spdy2.txt
Not vulnerable: 1.5.12+, 1.4.7+
Vulnerable: 1.3.15-1.5.11
---
Henri Salo
signature.asc
Description: Digital signature
Confirmed. Maintainer do you know reason for this already or do you need help?
---
Henri Salo
signature.asc
Description: Digital signature
What do you mean by this bug report? Please provide more information.
---
Henri Salo
signature.asc
Description: Digital signature
Hello,
Is there something that I could help to get this bug fixed and closed? Please
contact me in case you want any help.
---
Henri Salo
signature.asc
Description: Digital signature
slations.php in /core/ajax/
"""
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I do not know what I did wrong when I was reproducing this issue. Sorry about
false information to bug-report. At least we got it fixed.
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
at
packet.c:216
#7 0x00422ee5 in read_packet (fd=0x10faa18, data=) at packet.c:359
#8 0x00423ead in comm_select () at s_bsd_epoll.c:204
#9 0x0041f7f8 in io_loop (argc=0, argv=0x7fffe588) at ircd.c:237
#10 main (argc=0, argv=0x7fffe588) at ircd.c:670
--
Hen
I have manually verified this issue with
https://github.com/FireFart/WordpressPingbackPortScanner
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE request http://www.openwall.com/lists/oss-security/2013/01/22/8
--
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hello,
Does this issue have CVE-identifier? I am happy to request one if there isn't
one yet.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE-2013-0156.
Versions Affected: ALL versions
Not affected: NONE
Fixed Versions: 3.2.11, 3.1.10, 3.0.19, 2.3.15
"""
This probably affects squeeze and wheezy too. Please contact me in case you
need any help!
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-r
CVE-requested in oss-security:
http://www.openwall.com/lists/oss-security/2012/09/21/8
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE request: http://www.openwall.com/lists/oss-security/2012/09/20/7
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Does this issue have CVE-identifier?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Does this issue have CVE-identifier?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
ugzilla.redhat.com/show_bug.cgi?id=850478
Relevant upstream patch
(the 'diff -Nurp inn-2.5.2/nnrpd/misc.c inn-2.5.3/nnrpd/misc.c' part):
[4] ftp://ftp.isc.org/isc/inn/inn-2.5.2-2.5.3.diff.gz
http://www.openwall.com/lists/oss-security/2012/08/21/8
http://www.openwall.com/lists/oss-security
On Thu, Aug 02, 2012 at 12:41:53PM +0200, Raphael Hertzog wrote:
> Hi,
> The stable update is ready here. Henri, please test it and report back
> whether it works well for you.
>
> http://people.debian.org/~hertzog/packages/python-django_1.2.3-3+squeeze3_i386.changes
>
>
Hello,
Upstream bug-report <https://bugzilla.gnome.org/show_bug.cgi?id=678661> now
says status resolved. What is status of this in Debian?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble?
On Tue, Jun 12, 2012 at 08:57:28AM +0100, Nicholas Bamber wrote:
> Henri,
> I seem to recall that this bug is fixed in 5.5.24 which actually is in
> testing. The migration is not yet complete and probably still has a week
> or two to go at the least. But does that change your cal
https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
More information from Timo Warns:
- Only libzip 0.10 is affected.
- Stefan Cornelius has identified the precise commits that introduced the
vulnerabilities:
https://bugzilla.redhat.com/show_bug.cgi?id=802564
https://bugzilla.redhat.com/show_bug.cgi?id=803028
- As PHP and zipruby include older ver
access checks performed
when moving bugs between projects
CVE-2012-1123 MantisBT 1.2.8 13901 SOAP API null password
authentication bypass
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
ers to steal cookies (and tamper with them).
>
> --
> Jakub Wilk
Does this security-issue have CVE-identifier? I can request one from
oss-security mailing list if ID hasn't been assigned.
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
w
On Sat, Feb 11, 2012 at 01:25:18PM +0100, Jakub Wilk wrote:
> * Henri Salo , 2012-02-11, 14:11:
> >>$ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}}
> >>drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/
> >>drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/u
CVE-2012-0063 is assigned to this case.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I am reopening this issue, because there is releases, which hasn't been patched
yet.
http://security-tracker.debian.org/tracker/CVE-2011-1018
Best regards,
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". T
/lists/oss-security/2011/03/02/5
http://bugs.proftpd.org/show_bug.cgi?id=3586
http://www.exploit-db.com/exploits/16129/
http://www.castaglia.org/proftpd/modules/mod_sftp.html
Best regards,
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubs
CVE-2010-2073 is assigned for this issue.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
CVE-2010-2072 is assigned for this issue.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Email from
http://packages.debian.org/changelogs/pool/main/p/pyftpd/current/copyright
says:
host mailgw.fmph.uniba.sk[158.195.16.250] said: 550 Previous (cached)
callout verification failure (in reply to RCPT TO command)
Best regards,
Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-rc
Package: pyftpd
Version: 0.8.4.6
Severity: critical
Justification: root security hole
Tags: security
*** Please type your report below this line ***
File /etc/pyftpd/auth_db_config.py contains:
passwd = [('test', 'test', 'CY9rzUYh03PK3k6DJie09g=='),
('user', 'users', '7hHLsZBS5AsHqsDKBgwj7g=='),
Package: pyftpd
Version: 0.8.4.6
Severity: critical
Justification: causes serious data loss
*** Please type your report below this line ***
Pyftpd creates log-file to a temporary directory using predictable
name. This allows a local attacker to create a denial of service
condition and discloses se
Package: prewikka
Version: 0.9.14-2
Severity: critical
Justification: causes serious data loss
*** Please type your report below this line ***
The permissions of the prewikka.conf file are world readable and
contain the SQL-database password used by prewikka. This update makes
it readable just by
On Sunday 30 August 2009 22:49:39 Felix Zielcke wrote:
> Witold and Henri, what version do you use? The sid/unstable one (1.96
> +20090826) or the squeeze (1.96+20090808) one?
1.96+20090826-3 was the one causing the problems.
I downgraded to 1.96+20090808-1 and it is working fine
>
The same issue here with t43p.
I also get the unaligned pointer error when dropping to grub console and
trying to enter any command there, so I guess it cannot be kernel related.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Conta
62 matches
Mail list logo
