Mark Purcell wrote:
> On Thursday 27 July 2006 07:34, Martin Schulze wrote:
> > The patch used for security is attached.
>
> Thanks Joey,
>
> In asterisk 1.2.10 half of that patch is already applied upstream.
>
> I have applied the other half and am in the process of
Thijs Kinkhorst wrote:
>
> > CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php
> > in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary
> > web script or HTML via the command parameter."
>
> I've already fixed this by NMU in unstable. I've also prepared a
Stefan Fritsch wrote:
> Package: freeciv
> Severity: grave
> Tags: security
> Justification: user security hole
>
> CVE-2006-3913:
> "Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
> 2006 and earlier, allows remote attackers to cause a denial of service
> (crash) and possibly e
Alexis Sukrieh wrote:
> Moritz Muehlenhoff wrote:
> >The distribution should be stable-security instead of
> >testing-proposed-updates. Please also remove all the i18n updates:
>
> Ok, I'll make a new package with the correct distribution.
>
> The i18n updates are automatically made by the build
Steve Langasek wrote:
> On Sun, Jul 23, 2006 at 08:51:29PM +0200, Martin Schulze wrote:
> > Steve Langasek wrote:
> > > On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote:
>
> > > It appears to be a correct fix for the regression that has been reported.
gasek wrote:
> On Sat, Aug 19, 2006 at 09:28:46AM +0200, Martin Schulze wrote:
> > > Well, apparently the -3 package that you said you couldn't find was on
> > > security.d.o all along, because this was *not* in the second -3 package
> > > that
> > > I upl
sean finney wrote:
> executive summary for security team: not escaping query strings
> can possibly result in SQL injection for apps that use pike+postgresql.
>
> i've developed a patch which cleanly applies to both the 7.2 and 7.6
> branches that exist in sarge. however, looking more closely at
Lionel Elie Mamane wrote:
> let a be an architecture in sarge. Then one of the following holds for
> mailman in sarge r3:
>
> - it is affected by a security problem.
>
> - it has a severity critical bug.
>
> Mailman in sid:
>
> - may or may not suffer of a security problem
>
> A security pr
Package: open-iscsi
Version: 2.0.730-1
Severity: serious
The installation of open-iscsi leads to:
honey:~# date
Fri May 11 11:58:48 CEST 2007
honey:~# apt-get update
Get:1 http://ftp.de.debian.org etch Release.gpg [378B]
Hit http://ftp.de.debian.org etch Release
reopen 387089
thanks
I'm sorry to tell you, but this problem is not yet fixed.
Installed version of ca-certificates:
ii ca-certificates 20061027Common CA
Certificates PEM files
There should be a link, but isn't:
finlandia!joey(tty1):/etc/ssl/certs> l |grep luo
Bdale,
what's your stance on this?
Regards,
Joey
Alexandra N. Kossovsky wrote:
> Package: sudo-ldap
> Version: 1.6.9p17-2+lenny1
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> Hello.
>
> Following patch fixes memory access after free():
>
> --- pars
201 - 211 of 211 matches
Mail list logo
