Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts

Martin Pitt wrote: > Hi Florian, hi security team, hi everyone else, > > just for the record, sid has updated packages already. > > I'm 70% into completing the security update for sarge. However, due to > the nature of the vulns, the patches are enormous, and thus require > meticulous porting and

Bug#366816: CVE-2006-2542

angelog @@ -1,3 +1,11 @@ +xmcd (2.6-14woody1) oldstable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Fully implemented non-world-writeable directories [libdi_d/config.sh +alias xmcdconfig, CVE-2006-2542] + + -- Martin Schulze <[EMAIL PROTECTED]> Thu, 2

Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished

Martin Pitt wrote: > Hi security team, > > I backported the relevant changes from 7.4.13 and put the sarge > security update to [1]. This time, just putting 7.4.13 into > sarge-security would even have been safer IMHO, and that's what users > would want anyway, but we already had this discussion s

Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished

Martin Pitt wrote: > Hi Joey, > > Martin Schulze [2006-05-28 19:37 +0200]: > > > [1] http://people.debian.org/~mpitt/psql-sarge/ > > > [2] > > > http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff > > > > Thanks a lo

Bug#368202: sarge: dia: CVE-2006-2480 and CVE-2006-2453: format string vulnerability

Roland Stigge wrote: > Hi, > > besides the upload to unstable, I've backported the upstream patch for > #368202. See attachment. > > Feel free to upload if appropriate. We don't consider it approriate unless you provide us with an attack vector, i.e. automatic processing of files from untrusted

Bug#372172: CVE-2006-2230: Denial of service in xine-ui

@@ -1,3 +1,12 @@ +xine-ui (0.99.3-1sarge1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Corrected call to report() and printf() to fix format string +vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, +CVE-2006-2230] + + -- Martin Schulze

Bug#373913: [EMAIL PROTECTED]: CVE-2006-3081 assigned to MySQL str_to_date() DoS]

FYI Regards, Joey - Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> - == Name: CVE-2006-3081 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081 Reference: BUGTRAQ:20060614 MySQL D

Bug#349303: lsh-server: lshd leaks fd:s to user shells

Stefan Pfetzing wrote: > Package: lsh-server > Version: 2.0.1cdbs-3 > Severity: grave > Tags: security > Tags: sarge > Tags: confirmed > Tags: pending > Justification: denial of service > > As reported by Niels Möller, the author of lsh-utils, a user is able to > access fd:s used by lsh. > > When

Bug#349303: lsh-server: lshd leaks fd:s to user shells

Stefan Pfetzing wrote: > >Please let us know which version in sid will fix the problem. > > > >I've requested a CVE name and will provide it asap. > > lsh-utilis 2.0.1cdbs-4 includes a dpatch file in debian/patches which > fixes the problem. Please use CVE-2006-0353 for this vulnerability. Reg

Bug#335997: flyspray: Multiple XSS vulnerabilities

Thijs Kinkhorst wrote: > On Mon, 2005-12-19 at 13:41 +0100, Thijs Kinkhorst wrote: > > For stable: > > I've extracted the right patch from the unstable version (which has been > > present without any bugreports since the end of October), and that is > > attached. I've also prepared updated packages

Bug#318123: Security bug in xlockmore

Alexander Wirt wrote: > Hi Michael, > > this security bug in xlockmore is still present in all xlockmore versions in > the archive and is open for now 190 days. In the meantime we organized a CVE > number and a patch that fixes that problem. But still no reaction from you. I > know that aren't M

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > found 345238 4:5.4.4.5-1woody7 > found 345238 6:6.0.6.2-2.5 > thanks > > On Thu, Jan 05, 2006 at 01:49:11PM +0100, Daniel Kobras wrote: > > On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote: > > > With some user interaction, this is exploitable through Gnus and

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > > Gnah. You are correct. I'm extending the list of forbidden characters > > by $(). > > Upstream has reverted the blacklist and instead went for an improved > version of the symlink fix I added to ImageMagick in unstable. The patch > is more involved, but also more robust

Bug#345238: Shell command injection in delegate code (via file names)

Daniel Kobras wrote: > On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote: > > Daniel Kobras wrote: > > > > Gnah. You are correct. I'm extending the list of forbidden characters > > > > by $(). > > > > > > Upstream has

Bug#344029: [EMAIL PROTECTED]: Bug#350954: DSA-960-1 security update breaks libmail-audit-perl when $ENV{HOME} is not set]

Niko Tyni wrote: > Hi security team, > > I'm very sorry that you have to hear from me again :( > > There's a regression in the patch for DSA-960-1, for both woody and sarge. > When $HOME is not set, Mail::Audit is now creating logfiles in cwd and > dying if it's not writable. This happens even i

Bug#322535: evolution CVE-2005-2549/CVE-2005-2550

Moritz Muehlenhoff wrote: > Dear security team, > so far there hasn't been a security update for the latest evolution > vulnerabilities. (CVE-2005-2549/CVE-2005-2550) > I've attached patches for Woody and Sarge. The Sarge fixes are > straightforward, > but some comments on Woody, relative to the p

Bug#349587: whitelist

Please read the advisory again: http://www.debian.org/security/2006/dsa-946 It says: "Additional variables are only passed through when set as env_check in /etc/sudoers, which might be required for some scripts to continue to work." Use Defaultsenv_check = HOME in /etc/sudoers

Bug#360843: who should?

paul cannon wrote: > It seems rather like manpages-dev /should/ be the one to own these, and > a bug should be filed on modutils to get these manpages out of there. In a former time it was the job of manpages/manpages-dev to document the interface to the kernel and libc, i.e. system calls etc. Th

Bug#363127: CVE-2006-1664: Malformed MPEG Stream Buffer Overflow Vulnerability

Stefan Fritsch wrote: > Package: libxine1 > Version: 1.1.1-1 > Severity: grave > Tags: security > Justification: user security hole > > > > According to CVE-2006-1664, there is a "buffer overflow in > xine_list_delete_current in libxine 1.14 and earlier, as distributed > in xine-lib 1.1.1 and ea

Bug#315532: Asterisk Manager Interface Overflow

Mark Purcell wrote: > Bug #315532 has been rasied as grave security related bug against > asterisk-1.0.7, which is included in the released sarge. > > It refers to a potential overflow in the Asterisk Manager Interface, which is > not enabled by default in the Debian asterisk package. In additi

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) Are you going to update the package in sid as well? Or should the package propagate via stable-security? Regards, Joey --

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > Nearly all the relevant information, that is currently > available regarding this issue, is in the bug logs. > (see: ) > > Very Short summary: > > * bufferoverflow in C code > * remotely exploitable > * CVE has been requested by micah > * Untested pa

Bug#365680: CGIIRC vulnerability (Bug#365680)

Mario 'BitKoenig' Holbe wrote: > > Elrond wrote: > > > I _might_ be able to test, wether the package still works > > Please let us know. > > Tests are done. Everything seems to work well. > > > Update prepared. > > Go on :) > Please make sure you did also add 50_client-c_bufferoverflow_fix to >

Bug#365680: CGIIRC vulnerability (Bug#365680)

Elrond wrote: > On Sun, May 07, 2006 at 09:16:35AM +0200, Martin Schulze wrote: > [...] > > If an update enters stable-security and the version in testing ist the > > same as in stable, then the new version propagates into testing. If, > > additionally, the version in un

Bug#366682: CVE-2006-2162: Buffer overflow in nagios

02/debian/changelog @@ -1,3 +1,11 @@ +nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Add overflow protection for Content-Length [cgi/getcgi.c, +debian/patches/9_CVE-2006-2162.dpatch] + + -- Martin Schulze <[EMAIL P

Bug#366927: CVE-2006-2247: Information leak in webcalendar

, CVE-2006-2247] + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 12 May 2006 08:10:15 +0200 + webcalendar (0.9.45-4sarge3) stable-security; urgency=high * Fixed multiple security vulnerabilities only in patch2: unchanged: --- webcalendar-0.9.45.orig/includes/user.php +++ webcalendar-0.9.

Bug#365940: Files for a Quagga DSA (RIPD unauthenticated route injection)

Christian Hammers wrote: > Attached you will find a diff that can be used to make a DSA for the > recent Quagga security bug. Thanks a lot for preparing the update. Please also mention CVE-2006-2223 CVE-2006-2224 in the unstable changelog when you're doing the next upload anyway. Regards,

Bug#359042: freeradius: dpatch for CVE-2006-1354: "EAP-MSCHAPv2 vulnerability"

Alec Berryman wrote: > Package: freeradius > Followup-For: Bug #359042 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Attached dpatch is reformatted from revision 1.11 of > src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c. > > The fix applies and compiles, but I have not do

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

-1,3 +1,20 @@ +tetex-bin (2.0.2-30sarge2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Adjusted the former patch + * Applied missing bits found by Ludwig Nussel + + -- Martin Schulze <[EMAIL PROTECTED]> Fri, 9 Dec 2005 11:25:16 +0100 + +tetex-bin (2

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Frank Küster wrote: > Hi Joey, > > Martin Schulze <[EMAIL PROTECTED]> wrote: > > > The original patch was not sufficient. I'm attaching the entire and the > > incremental patch. Please apply the incremental patch to the version in > > sid as well.

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

Hi Frank! Frank Küster wrote: > I looked at both, and it seems that Martin's does more. I'm speaking of > the patch attached to > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342292;msg=136 > > It introduces limits.h and does the same we did for the xpdf patches at > the beginning of the ye

Bug#342292: Fwd: Re: [vendor-sec] xpdf update - patch wrong?

Martin Pitt wrote: > > > After discovering that the same flawed multiplication is also present > > > in upstream's other two patches, I decided to completely rework the > > > patch. > > > > > > I attach the debdiff with separated out changelog. Florian, maybe you > > > can peer-review the patch? >

Bug#336582: phpbb2: New round of security issues

You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable to it? Or did you miss it? Or did you just didn't document this? Regards, Joey -- Open source is important from a technical angle. -- Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] w

Bug#336582: phpbb2: New round of security issues

Thijs Kinkhorst wrote: > On Mon, 2005-12-19 at 08:49 +0100, Martin Schulze wrote: > > You didn't mention CVE-2005-3417. Is the version in sarge not vulnerable > > to it? Or did you miss it? Or did you just didn't document this? > > This has been fixed but

Bug#357580: firebird2-*-server: remotelly crashable

Damyan Ivanov wrote: > Here's a patch that fixes the crash. The fix is > rather ugly IMHO, but this is what upstream proposed. > > Please apply it to stable version of firebird2. > > Unstable package is due for upload. > > More information (discovery, reproduction) on > http://bugs.debian.org/35

Bug#358061: mutt: Mutt should filter control characters from headers

Vincent Lefevre wrote: > Package: mutt > Version: 1.5.11+cvs20060126-2 > Severity: grave > Tags: security > Justification: user security hole > > Mutt doesn't filter control characters, in particular the ^J and ^M, > from headers, which can lead to unwanted behavior; in particular when > replying,

Bug#358689: [CVE-2006-0042] Remote DoS in libapreq2-perl

Steinar H. Gunderson wrote: > On Mon, Mar 13, 2006 at 12:25:13AM +0100, Martin Schulze wrote: > > An algorithm weakness has been discovered in Apache2::Request, the > > generic request library for Apache2 which can be exploited remotely > > and cause a denial of servic

Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities

Torsten Werner wrote: > Moritz Muehlenhoff wrote: > > What's the status of an update for stable? > > > I have provide a fix over 2 months ago but I did not hear anything from > the security team. Hmm. I only find my complaints but no response from you. However, the packages on master are bette

Bug#350964: CVE-2006-0225, scponly shell command possible

Thomas Wana wrote: > Hi, > > Geoff Crompton wrote: > >This bug has been closed for unstable (see bug 350964) with the 4.6 > >upload, but will it be fixed for sarge? > > > > Joey: I sent you a patch for that, but it seems you didn't > include this in scponly-4.0sarge1. We also had no discussion >

Bug#355211: freeciv-server: security hole

Jason Dorje Short wrote: > Package: freeciv-server > Version: 2.0.7-2 > Severity: important > > > Jordi - > > There is a security hole in Freeciv 2.0 allowing a remote user to trigger a > server crash (it is unlikely anything more than a crashed civserver would > result from the hole). This pat

Bug#350764: sysklogd_1.4.1-17.1(mipsel/unstable): FTBFS: includes kernel header in userspace

Noah Meyerhans wrote: > On Tue, Jan 31, 2006 at 08:41:35AM -0800, Ryan Murray wrote: > > > gcc -O2 -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > > > -D_LARGEFILE_SOURCE -DSYSV -fomit-frame-pointer -fno-strength-reduce > > > -DFSSTND -c ksym_mod.c > > > In file included from /usr/include/asm

Bug#349196: a fix for sudo in sarge

Proposed updates for woody and sarge are here: http://klecker.debian.org/~joey/security/sudo/ I'd be glad if you could test them. Regards, Joey -- Linux - the choice of a GNU generation. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROT

Bug#357580: firebird2-*-server: remotelly crashable

Damyan Ivanov wrote: > Here's a patch that fixes the crash. The fix is > rather ugly IMHO, but this is what upstream proposed. The patch looks good. I've requested a CVE name as well, will upload fixed packages for sarge tonight. Regards, Joey -- Of course, I didn't mean that, which i

Bug#368060: packaging for etch ok -

Here are packages that I would upload if you don't object. http://people.debian.org/~joey/NMU/thuban/ Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Con

Bug#374577: mimms: patch to fix many buffer overflows vulnerability

Anon Sricharoenchai wrote: > Package: mimms > Version: 0.0.9-1 > Severity: grave > Justification: user security hole > Tags: security patch > > According to the patch attached in this report, it has many possible buffer > overflows. > For example, > - memcpy(buf, data, length) without bounding the

Bug#372719: regression in FreeType security fix for DSA-1095

Hi! Steve Langasek wrote: > As mentioned earlier this month, a regression was found in the freetype > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to crash > with division-by-zero errors. I've prepared a maintainer upload to fix > this regression using the patch from bug #373

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Mon, Jun 26, 2006 at 08:36:07AM +0100, Steve Kemp wrote: > > On Sun, Jun 25, 2006 at 03:09:51PM -0700, Steve Langasek wrote: > > > > As mentioned earlier this month, a regression was found in the freetype > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applica

Bug#356939: "Security" fix for shadow in sarge (#356939)

Christian Perrier wrote: > As a consequence, I hereby ask the security team to DROP the processing > of the 4.0.3-31sarge6 version you have. As you wish, packages deleted. Regards, Joey -- Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. Please always C

Bug#372719: regression in FreeType security fix for DSA-1095

Steve Langasek wrote: > On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote: > > > Steve Langasek wrote: > > > As mentioned earlier this month, a regression was found in the freetype > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications t

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

Moritz Muehlenhoff wrote: > Thijs Kinkhorst wrote: > > > Another security problem has been found in mantis. Insufficient > > > input sanitising of the t_core_path parameter may be exploited to perform > > > arbitrary file inclusion. Please see > > > http://secunia.com/secunia_research/2005-46/advis

Bug#336751: openvpn: Format string vulnerability in config parsing code

Moritz Muehlenhoff wrote: > Package: openvpn > Severity: grave > Tags: security > Justification: user security hole > > A format string vulnerability has been found in openvpn's option parsing > code, which indirectly may be exploited remotely as well. Please see > http://cert.uni-stuttgart.de/arc

Bug#334833: awstats 6.4-1.1 security fix

Steve Langasek wrote: > On Tue, Nov 08, 2005 at 10:15:26PM -0500, Charles Fry wrote: > > > Version 6.4-1.1 of awstats was uploaded to unstable in response to > > CVE-2005-1527. However, it was never uploaded to stable-security, even > > though version 6.4.1 is the current stable version of awstats

Bug#334833: awstats 6.4-1.1 security fix

Jonas Smedegaard wrote: > > Jonas Smedegaard wrote: > > > A package has now been uploaded to > > > ftp://security.debian.org/pub/SecurityUploadQueue > > > > > > Hope it is correctly understood that when a firt-timer on > > > security-debian-org source needs to be incuded. > > > > In general this

Bug#338312: osh: Environment Variable Input Validation Bug

Steve Kemp wrote: > On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote: > > > Due to a bug in the environment variable substitution code it is > > possible to inject environment variables such as LD_PRELOAD and gain a > > root shell. > > Confirmed. > > Joey we'll need an ID fo

Bug#334833: awstats 6.4-1.1 security fix

Jonas Smedegaard wrote: > A package has now been uploaded to > ftp://security.debian.org/pub/SecurityUploadQueue > > Hope it is correctly understood that when a firt-timer on > security-debian-org source needs to be incuded. In general this was correct... However, what's this part in the diff: o

Bug#338312: osh: Environment Variable Input Validation Bug

Steve Kemp wrote: > > Due to a bug in the environment variable substitution code it is > > possible to inject environment variables such as LD_PRELOAD and gain a > > root shell. Charles Stevenson discovered that osh, the operator's shell for executing defined programs in a privileged environment,

Bug#338312: osh: Environment Variable Input Validation Bug

Moritz Muehlenhoff wrote: > Martin Schulze wrote: > > > > Due to a bug in the environment variable substitution code it is > > > > possible to inject environment variables such as LD_PRELOAD and gain a > > > > root shell. > > > > > >

Bug#338934: parrot - FTBFS on s390: Segmentation fault

Florian Ragwitz wrote: > On Tue, Nov 15, 2005 at 11:24:32AM +0100, Bastian Blank wrote: > > On Tue, Nov 15, 2005 at 01:45:54AM +0100, Florian Ragwitz wrote: > > > I'm aware of the unportability of parrot and working on it. > > > Unfortunately I don't have a s390 machine where I can log into > > > c

Bug#339437: PMASA-2005-6 when "register_globals = on"

Piotr Roszatycki wrote: > Dnia Wednesday 16 of November 2005 13:17, Martin Schulze napisa?: > > > Vuln 1: > > > Full Path Disclosures in the following files: > > > > > Vuln 2: > > > Http Response Splitting in libraries/header_http.inc.php > > &

Bug#334089: remotely segfaultable, DOS

Hi! Steve Langasek wrote: > I've tracked this bug in centericq down to a failure to deal with short > packets (or packets declaring their own length to be zero). The attached > patch fixes this segfault, by stopping without further processing of the > packet when its length is determined to be ze

Bug#335938: mantis: Mantis 't_core_path' File Inclusion Vulnerability

Thijs Kinkhorst wrote: > On Thu, 2005-10-27 at 15:49 +0200, Moritz Muehlenhoff wrote: > > All affect Sarge. > > I've prepared updated packages for sarge. My updated package for sid is > still pending with my sponsor Luk Claes. The updated packages for sarge > are available here: > http://www.a-es

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote: > Sorry for the delay. You can grab the proposed fixes in: > (87M) > MD5: 56148df50af6e28beaca57e4fa3bf6cc Thanks a lot! Packages are building already. > I found the vulnerability matrix by Moritz Muehlenhoff u

Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code

Loic Minier wrote: > On Mon, Nov 21, 2005, Martin Schulze wrote: > > > I found the vulnerability matrix by Moritz Muehlenhoff useful: > > >Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge > > > gdk-pixbuf > > > CVE-2005-29751170

Bug#336582: phpbb2 -6sarge2 ready for Security release (Was: Re: Bug#336582: phpbb2: New round of security issues)

Jeroen van Wolffelaar wrote: > On Tue, Dec 20, 2005 at 06:54:18AM +0100, Martin Schulze wrote: > > Thijs Kinkhorst wrote: > > > On Mon, 2005-12-19 at 06:53 +0100, Martin Schulze wrote: > > > > Thanks. Could somebody explain the issues that were fixed which have

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Alexis Sukrieh wrote: > Hi, > > I'm the maintainer of the backup manager package. > There are currently one security issue in our sarge package (0.5.7-7sarge1). > > I made a package with the patch submitted against the bug #329387 which > closes the issue. Umh... I don't have a CVE name to shar

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Hi Alexis! Alexis Sukrieh wrote: > * Martin Schulze ([EMAIL PROTECTED]) disait : > > Do you happen to know about the package in woody? > > Well, I don't know. Where can I grab woody's source packages? > > > a) what about woody > > As soon as I know whe

Bug#329387: bugzilla security update for sarge (2.16.7-7sarge2)

Martin Schulze wrote: > Alexis Sukrieh wrote: > > * Martin Schulze ([EMAIL PROTECTED]) disait : > > > Do you happen to know about the package in woody? Btw. this issue has been assigned CVE-2005-4534, so please add it to the changelog if you prepare a fixed package for woody

Bug#342292: tetex-bin: Multiple exploitable heap overflows in embedded xpdf copy

ream.cc, +xpdf/JBIG2Stream.cc, debian/patches/patch-CVE-2005-3191] + + -- Martin Schulze <[EMAIL PROTECTED]> Thu, 15 Dec 2005 17:02:52 +0100 + +tetex-bin (2.0.2-30sarge3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Added more precautionary checks by Martin Pi

Bug#344029: Insecure /tmp file handling in libmail-audit-perl in Sarge (+patch)

Gunnar Wolf wrote: > Hi, > > The bug is indeed important, even if it is not easily exploitable, and > the fix is trivial. I am pushing it to the security team so they can > apply it to the version in Sarge as well. Please use CVE-2005-4536 for this problem. Are you in contact with upstream? Reg

Bug#344029: Insecure /tmp file handling in libmail-audit-perl in Sarge (+patch)

Gunnar Wolf wrote: > Martin Schulze dijo [Sat, Jan 14, 2006 at 08:43:57AM +0100]: > > Gunnar Wolf wrote: > > > Hi, > > > > > > The bug is indeed important, even if it is not easily exploitable, and > > > the fix is trivial. I am pushing it to the se

Bug#310327: patch

Aníbal Monsalve Salazar wrote: > >Upon investigation of this problem I noticed that ssmtp (oldstable > >and stable) always strips the last line of the input before sending. > > > >gluck!joey(pts/4):~> seq 1 10|sendmail [EMAIL PROTECTED] > > > >--> 1..9 > > > >gluck!joey(pts/4):~> echo seq 1 10|send

Bug#318946: User expectations and shorewall

Florian Weimer wrote: > >> (Note that I have yet to test Lorenzo's new package.) > > > > Are you in a position to do so? > > Sure, but the question is if you want to rely on the results. You > don't seem to trust my judgement on this matter, for reasons I don't > know. I simply did not understan

Bug#318946: User expectations and shorewall

Lorenzo Martignoni wrote: > > If you can, please build an updated package, based on the version in > > sarge and woody if that's needed as well, and place them on a .debian.org > > host. > > I already have a fixed package. I only need to add the CVE ID. > > On which host of .debian.org should I u

Bug#328626: Sarge update for loop-aes-utils (CAN-2005-2876)

Max Vozeler wrote: > Hi security team, > > the loop-aes-utils package in sarge is affected by CAN-2005-2876 > (#328626). I've prepared a stable-security upload of 2.12p-4sarge1 > with a fix backported from 2.12r-pre1: > > http://people.debian.org/~xam/security/loop-aes-utils/ > > This bug will

Bug#327722: Patch for Gopher bug CAN-2005-2772

Steve Kemp wrote: > On Mon, Sep 26, 2005 at 09:23:16AM -0500, John Goerzen wrote: > > > > Attached are the patches that Joey (Schulze) approved. > > > > Can you (or Joey) comment: did you use a different patch because you > > believe mine to be insecure, or for a different reason? (That's an >

Bug#315671: webcalendar unauthorized access

Stephen Gran wrote: > Hello all, > > There is a security bug in webcalendar (#315671 and > http://www.securityfocus.com/bid/14072, for reference). Tim is the > maintainer, but does not yet have a debian account, and cannot upload. > We have a fixed version for sarge ready (patch attached). I am

Bug#316590: woody backport now available for all cacti security issues

Sean Finney wrote: > this is done now. Thanks a lot. I have reviewed it and will use it for the advisory. Regards, Joey -- Reading is a lost art nowadays. -- Michael Weber -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTEC

Bug#322352: [Powerdns-debian] Bug#322352: pdns and pdns-doc both contain /usr/share/doc-base/pdns (sarge security update version)

doc-base/pdns, while the package in sarge does not. Looking at the file contents, it shouldn't be an architecture.deb but an all.deb, btw., but that's not an issue we need to fix now. > Martin Schulze: > How did you build the package ? (I'm pretty curious right now becaus

Bug#332259: spampd fails with 'Error in process_request': Modification of read-only variable in Syslog.pm

Sven Mueller wrote: > I created a fixed package (actually two: one for sid/etch and one for > sarge), available at https://mail.incase.de/spampd/sarge-security/ > respectively at https://mail.incase.de/spampd/sid/ (until my sponsor > finds the time to upload the latter to sid). Personally, I'm indi

Bug#329156: gnome-pty-helper foo

Could somebody explain the security implication for me? being able to write arbitrary strings into valid records without overwriting any other data in utmp/wtmp can hardly be classified as a security vulnerability. (Apart from that, I'm only slightly annoyed as I had to learn about this via MITRE

Bug#332434: storebackup: Several security problems (already fixed in sid/testing)

Arthur Korn wrote: > Hi > > 1.19-1 source and binary packages work on stable, and the > differences to 1.18.4-2 are all local bugfixes, so I figure it > doesn't make any sense to separate bugfixes from bugfixes for a > special security fix for stable. Well, we could split out Since the diff betwe

Bug#332434: storebackup: Several security problems (already fixed in sid/testing)

Moritz Muehlenhoff wrote: > > 1.19-1 source and binary packages work on stable, and the > > differences to 1.18.4-2 are all local bugfixes, so I figure it > > doesn't make any sense to separate bugfixes from bugfixes for a > > special security fix for stable. Well, we could split out > > storeBacku

Bug#329156: gnome-pty-helper foo

severity 329156 normal thanks dude Loïc Minier wrote: > Hi, > > On Fri, Oct 07, 2005, Martin Schulze wrote: > > Could somebody explain the security implication for me? > > You can record in the utmp/wtmp logs something which is wrong, for > example that an use

Bug#332434: storebackup: Several security problems (already fixed in sid/testing)

Moritz Muehlenhoff wrote: > Sounds correct, my manpage says: > -h, --no-dereference > affect each symbolic link instead of any referenced file (useful only on > systems that can change the ownership of a symlink) > > However, I think that this hunk is missing for CAN-2005-3148: > > diff -

Bug#332524: CVE name

== Candidate: CAN-2005-3178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178 Reference: BUGTRAQ:20051005 xloadimage buffer overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112862493918840&w=2 Buffer overflow in x

Bug#318286: FTP USER buffer overflow (CAN-2005-2239)

Jeroen van Wolffelaar wrote: > tags 318286 sarge > thanks > > On Thu, Jul 14, 2005 at 05:36:34PM +0300, Joey Hess wrote: > > oftpd is vulnerable to anothere security hole. This time a crafted "FTP > > USER" command can cause a crash. Since a buffer overflow is involved, > > it's possible that this

Bug#332290: horde3: Application is in a severely insecure state during configuration

Ola Lundqvist wrote: > Hello > > On Wed, Oct 05, 2005 at 01:17:37PM -0400, Mike O'Connor wrote: > > Package: horde3 > > Version: 3.0.5-1 > > Severity: critical > > Tags: security > > Justification: root security hole > > > > As part of the installation procedure in README.Debian, you are told to

Bug#332290: horde3: Application is in a severely insecure state during configuration

Ola Lundqvist wrote: > > > > I also would recommend that a password be required do use the > > > > Administration interface. > > > > > > The administration thing will be kept there as it do not have any write > > > permission to any of the configuration files. > > > > > > Or do you have a good su

Bug#332259: spampd fails with 'Error in process_request': Modification of read-only variable in Syslog.pm

Sven Mueller wrote: > > Hence, it's rather "one mail falls through" or something. Doesn't sound > > security-relevant to me. > > Well, it's more of an indirect DoS. The mails are rejected with an SMTP > temporary failure code according to my quick test. This means that those > mails fill up the s

Bug#334113: CAN-2005-3257 assigned

This one is CAN-2005-3257. Regards, Joey -- Never trust an operating system you don't have source for! Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#322352: pdns and pdns-doc both contain /usr/share/doc-base/pdns (sarge security update version)

Christoph Haas wrote: > Hi, Martin... > > On Sat, Aug 13, 2005 at 07:09:02AM +0200, Martin Schulze wrote: > > Please retry in the sarge chroot on gluck or escher. I've just > > rebuilt it in both environments and both times the pdns_*.deb > > contained both /usr/s

Bug#322352: pdns and pdns-doc both contain /usr/share/doc-base/pdns (sarge security update version)

Christoph Haas wrote: > On Tue, Aug 16, 2005 at 10:23:41AM +0200, Martin Schulze wrote: > > That is very strange. I've just rebuilt it on gluck > > (see /tmp/joey for log and packages) and it does still contain > > the doc-base directory. > > I was too slow

Bug#319526: MySQL security bug in sarge (CAN-2005-1636)

Christian Hammers wrote: > Hello Security Team > > Are you aware of this bug? The "interdiff" patch are already in the BTS. > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526 > Applied the upstream patch that fixes a tempfile vulnerability in the > mysqld_install_db script th

Bug#322133: CAN-2005-2558: arbitrary binary libraries call execution

sean finney wrote: > hi joey, martin, > > (christian may already be on vacation, so i'll try and field some > responses from what i think is going on) [..] > christian forwarded the bug information to mysql asking for a > clarification (http://bugs.mysql.com/bug.php?id=12575) and we're > waitin

Bug#318463: Proposed update to e2fsprogs for stable

Steve Langasek wrote: > On Sun, Aug 21, 2005 at 11:20:49PM -0400, Theodore Ts'o wrote: > > > I would like to upload the following release to sarge to fix a grave bug > > (#318463), and taking the opportunity to fix a few other potential > > core-dumping inducing bugs. All of these are cherry pick

Bug#322352: pdns and pdns-doc both contain /usr/share/doc-base/pdns (sarge security update version)

Christoph Haas wrote: > On Tue, Aug 16, 2005 at 12:06:48PM +0200, Jeremie Koenig wrote: > > I've not tested anything but I may have found the cause for this > > problem. Freshly extracted, the source package contains some cruft which > > gets removed upon running debian/rules clean. Specifically, >

Bug#322352: pdns and pdns-doc both contain /usr/share/doc-base/pdns (sarge security update version)

Christoph Haas wrote: > Check the upstream archive (pdns_2.9.17.orig.tar.gz) again: > There are files like debian/doc-base that cause trouble. We are > currently removing these files in the "clean:" target. But if that > target isn't called before building the package we get this error. Ah, now I

Bug#319526: MySQL security bug in sarge (CAN-2005-1636)

Martin Schulze wrote: > Christian Hammers wrote: > > Hello Security Team > > > > Are you aware of this bug? The "interdiff" patch are already in the BTS. > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319526 > > Applied the upst

Bug#324531: pcre3: patch for CAN-2005-2491

Martin Pitt wrote: > Hi! > > Here is the relevant change from pcre3 6.1-> 6.2, ported to 5.0: > > http://patches.ubuntu.com/patches/pcre3.CAN-2005-2491.diff Patch originally sent by Marcus Meissner from SuSE. Regards, Joey -- It's time to close the windows. Please always Cc to me

Bug#324531: PCRE3: CAN-2005-2491 for oldstable

Martin Pitt wrote: > Hi! > > Since I have to fix apache2 2.0.50 for Ubuntu, which still has an > embedded pcre 3.x, I also took a look at the woody version. I took a > look at the code and played with the test suite, and it seems to me > that the capture part works ok; just the integer underflow m

  1   2   3   >