Package: scponly
Severity: grave
Justification: user security hole
As seen at http://www.securityfocus.com/bid/16369, there is a vulnerability
that allows arbitary shell commands to be run.
More details at:
http://bugzilla.mindrot.org/show_bug.cgi?id=1094
--
To UNSUBSCRIBE, email to [EMAIL PRO
Package: dnsmasq
Version: 2.22-2
Severity: grave
Justification: user security hole
According to securityfocus dnsmasq will crash if it gets a broadcast reply
packet:
http://www.securityfocus.com/bid/17662
This DoS affects sarge. Any idea if a DSA is in the works?
-- System Information:
Debian Re
Package: horde2
Severity: grave
Justification: user security hole
Security focus http://www.securityfocus.com/bid/15409 reports an
unspecidied problem with Horde.
Horde at http://www.securityfocus.com/advisories/9756 describes:
>By enticing a user to read a specially-crafted e-mail or using a
>m
by dh_installinit
if [ "$1" = "purge" ] ; then
update-rc.d apache remove >/dev/null
fi
# End automatically added section
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Adam Conrad wrote:
> Geoff Crompton wrote:
>
>>ii apache 1.3.33-6sarge1 versatile, high-performance HTTP server
>>pc apache-perl1.3.9-13.1-1.2 Versatile, high-performance HTTP
>
>
> There's nothing I can do to fix the potato (!) versio
Adam Conrad wrote:
> Geoff Crompton wrote:
>
>>Do you have any recommendations on how to safely purge apache-perl? I
>>thought it'd be good to have it documented in this bug report, for
>>future people that might stumble across this.
>>
>> * manually e
Hi, did DSA 985-1 close this?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
g, or that
another DSA might be needed.
Cheers
Thomas Wana wrote:
> Steve Kemp wrote:
>
>>On Wed, Feb 15, 2006 at 02:01:51PM +1100, Geoff Crompton wrote:
>>
>>
>>
>>>This bug has been closed for unstable (see bug 350964) with the 4.6
>>>upload, but
Package: libpng
Severity: grave
Justification: user security hole
As seen on http://www.securityfocus.com/bid/16626, there is a buffer overflow.
Redhat have a patch available at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455
However security focus lists versions 1.0.16, 1.0.17, 1.2
Just wondering if their will be a fix for this?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
This bug has been closed for unstable (see bug 350964) with the 4.6
upload, but will it be fixed for sarge?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
Package: firebird2
Severity: grave
Justification: user security hole
Apparently firebird 1.5.3 fixes a buffer overflow. I saw it at
http://www.securityfocus.com/bid/17077. More details at
http://www.securityfocus.com/archive/1/427480
The researcher has a patch for the specific problem he found in
Package: samba
Version: 3.0.14a-3sarge1
Severity: grave
Samba have announced http://www.samba.org/samba/security/CAN-2006-3403.html,
and have a patch available. It affects all samba configurations, hence I
consider this grave.
I wouldn't be surprised if the security team is already aware of this.
.
--
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Is sarge affected by this bug?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: kernel-source-2.6.8
Version: 2.6.8-16
Severity: critical
Justification: root security hole
SecurityFocus http://www.securityfocus.com/bid/14477 mentions an array index
buffer overflow.
In short, the suspect it can cause a denial of service attack, but
aren't sure whether or not it allows
Package: mozilla-thunderbird
Version: 1.0.2-2.sarge1.0.6
Severity: grave
Justification: user security hole
Thunderbird reverts to plain authentication for SMTP, in order to
provide more compatability for SMTP servers that don't support crypt
auth. However no warning is given to user, and there is
Package: gaim
Version: 1:1.2.1-1.4
Severity: grave
Justification: user security hole
This info from http://www.securityfocus.com/bid/14531. Seems ubuntu have
released usn-168-1 to announce their fix:
http://www.ubuntulinux.org/support/documentation/usn/usn-168-1
CAN-2005-2102 is about an attacker
Package: mozilla-firefox
Version: 1.0.4-2sarge2
Severity: grave
Justification: renders package unusable
firefox 1.0.4-2sarge2 segfaults when I try to open the history window,
either using the short cut key, or the menu to open it. It leaves behind
a core file that is 56M.
Backtrace is:
(gdb) bt
ying to open the history still crashes the browser.
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I can confirm that 1.0.4-2sarge3 fixes the history crashing bug for me.
Thanks!
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: imagemagick
Version: 6:6.0.6.2-2.2
Severity: grave
Justification: user security hole
See http://www.securityfocus.com/bid/12873 for more information. In
summary:
> ImageMagick is prone to a heap-based buffer overflow vulnerability.
> This vulnerability exists in the SGI image file parser.
Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: critical
Justification: root security hole
USN-103-1 says this:
> Ilja van Sprundel discovered that the bluez_sock_create() function did
> not check its "protocol" argument for negative values. A local
> attacker could exploit this to execut
Package: kmail
Severity: grave
Justification: user security hole
For more information see:
http://www.securityfocus.com/bid/13085
In summary:
> A remote email message content spoofing vulnerability affects KDE
> KMail. This issue is due to a failure of the application to properly
> sanitize HTML
Package: squid
Severity: grave
Justification: user security hole
More info at http://www.securityfocus.com/bid/13166, but in summary:
> A remote denial of service vulnerability affects the Squid Proxy.
> This issue is due to a failure of the application to properly handle
> exceptional network re
Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Justification: root security hole
There is a local integer overflow vulnerability in the sys_epoll_wait()
call. See following for detail:
http://www.securityfocus.com/bid/12763/
Apologies if already reported.
--
To UNSUBSCRIBE,
le to find a diff between 1.0.2 and 1.0.3 from
upsteam.
I've marked this RC as it can hose a system, but if others think the
likely hood of exploit is fairly small, I've no problems with it being
reclassified.
--
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
Package: sudo
Version: 1.6.8p7-1.1
Followup-For: Bug #315115
Just for information, this bug refers to CAN-2005-1993, and corresponds
to security focus BID 13993.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ded the squeeze grub-pc and grub-common packages (version
1.98~20100115-1)
* installing them
* bind mounting /dev and /proc into the chroot
* running upgrade-grub and grub-install '(hd0)' (I suspect if I'd
already mounted /dev and /proc when installing the packages I wouldn&#
oup_id=201579&atid=978127
There is a new upstream release, 0.23, but it according to the upstream
bug report, it doesn't fix this bug.
Cheers,
Geoff Crompton
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
i"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Geoff Crompton
To: Debian Bug Tracking System
Subject: linux-image-3.2.0-4-amd64: none
X-Debbugs-Cc: none
Package: src:linux
Version: 3.2.35-2
Severity: normal
Dear Maintainer,
*** Please consider answering these questions, where appropr
Package: postgrey
Version: 1.34-1.1
Severity: grave
Tags: patch
Justification: renders package unusable
Dear Maintainer,
A fresh install of postgrey on two Wheezy machines fails to start. Much like
was the case in debian bug #722136, starting the postgrey daemon on the
command
line reveals the sa
32 matches
Mail list logo
