Any news on those security updates for xine-lib?
--
[xine-lib] [DSA-1536-1] several vulnerabilities
https://bugs.launchpad.net/bugs/210163
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubu
Any news on those security updates for xine-lib?
--
[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of
RTSP streams
https://bugs.launchpad.net/bugs/185034
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
Scott Kitterman: As I've written, honestly no offense meant. And I'm no
clamav user at all, I'm reporting just *any* issue for *any* package
that comes to my knowlegde from security mailing lists and other
sources, as available time permits. Most packages which I open bug
reports for I've never use
So many things to check... Okay. Just checked at packages.ubuntu.com.
Regarding CVE-2008-1657
- there is no USN
- nothing is mentioned in the changelogs of the corresponding packages for
Dapper/Feisty/Gutsy
The last update on those packages are from Kees on April 1st for
CVE-2008-1483 as I see i
I got this CVE from a recent DSA
(http://www.debian.org/security/2008/dsa-1565) and thought I'd bring it
up for Dapper's PowerPC branch.
--
[CVE-2007-6694] local DoS vulnerability on powerpc platform
https://bugs.launchpad.net/bugs/227315
You received this bug notification because you are a membe
Hmm, sometimes I'm wondering why I bother to report security issues
concerning the stable releases at all... It's happened to often in
Hardy's development that the answer to a bug report just was "We have
x.xx in Hardy.". Please just think of the possibility that some users
value their "outdated" s
Sorry, I just tend to group CVEs as I find them in various security
advisories. It's not always easy to figure out which ones belong
together, especially if you try to report a greater amount of
accumulated bugs in a limit period of time.
--
[CVE-2008-1102] Blender imb_loadhdr() buffer overflow
h
libpng12-0 is part of main in all stable releases.
--
CVE-2008-1382: libpng zero-length chunks incorrect handling
https://bugs.launchpad.net/bugs/217128
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-
SUSE-SR:2008:010 also mentions CVE-2008-1103:
»Multiple unspecified vulnerabilities in Blender have unknown impact and attack
vectors, related to "temporary file issues."«
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1103
--
[CVE-2008-1102] Blender imb_loadhdr() buffer
*** This bug is a security vulnerability ***
Public security bug reported:
Quoting CVE-2008-1657:
"OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config
ForceCommand directive by modifying the .ssh/rc session file."
** Affects: openssh (Ubuntu)
Importance: Undecide
Any progress on this?
--
Multiple vulnerabilities in OpenOffice.org (CVE-2007-574{5-7}, CVE-2008-0320)
https://bugs.launchpad.net/bugs/218640
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: clamav
The following CVEs (got them from SUSE-SA:2008:024) are not yet tracked
as open bugs:
CVE-2007-6596
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote
attackers to
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: linux-source-2.6.15
Quoting CVE-2007-6694:
"The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through
2.6.18-53, when running on PowerPC, might allow local users to cause a denial
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: b2evolution
References:
DSA-1568-1 (http://www.debian.org/security/2008/dsa-1568)
Quoting:
»"unsticky" discovered that b2evolution, a blog engine, performs
insufficient input sanitising, allowing for
Fixed in Debian: DSA-1566-1
(http://www.debian.org/security/2008/dsa-1566)
--
[CVE-2007-4476] cpio is affected by this CVE as tar.
https://bugs.launchpad.net/bugs/161173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mai
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: wordpress
References:
DSA-1564-1 (http://www.debian.org/security/2008/dsa-1564)
Quoting:
"Several remote vulnerabilities have been discovered in wordpress,
a weblog manager. The Common Vulnerabilitie
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
References:
DSA-1563-1 (http://www.debian.org/security/2008/dsa-1563)
Quoting:
"Joel R. Voss discovered that the IAX2 module of Asterisk, a free
software PBX and telephony toolkit performs i
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ldm
References:
DSA-1561-1 (http://www.debian.org/security/2008/dsa-1561)
Quoting:
"Christian Herzog discovered that within the Linux Terminal Server Project,
it was possible to connect to X on any L
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: kronolith2
References:
DSA-1560-1 (http://www.debian.org/security/2008/dsa-1560)
Quoting:
»"The-0utl4w" discovered that the Kronolith, calendar component for
the Horde Framework, didn't properly sani
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: phpgedview
References:
DSA-1559-1 (http://www.debian.org/security/2008/dsa-1559)
Quoting:
"It was discovered that phpGedView, an application to provide online access
to genealogical data, performed i
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: phpmyadmin
References:
DSA-1557-1 (http://www.debian.org/security/2008/dsa-1557)
Quoting:
"CVE-2008-1924
Attackers with CREATE table permissions were allowed to read
arbitrary files readable
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: roundup
References:
DSA-1554-1 (http://www.debian.org/security/2008/dsa-1554)
QuotingDSA-1554-1:
"Roundup, an issue tracking system, fails to properly escape HTML input,
allowing an attacker to injec
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ikiwiki
References:
DSA-1553-1 (http://www.debian.org/security/2008/dsa-1553)
Quoting:
"It has been discovered that ikiwiki, a Wiki implementation, does not
guard password and content changes against
I did that. (According to Launchpad) clamav in dapper-security is at
version 0.92~dfsg-2~dapper1ubuntu0.2, in dapper-updates it's at
0.92.1~dfsg2-1.1~dapper1, DSA 1549-1 is about 0.92.1~dfsg2-1 for Sid.
But since CVE-2008-0314 isn't mentioned in the (Ubuntu) changelogs, I'd
dared to asked that ques
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: python2.4
References:
DSA 1551-1 (http://www.debian.org/security/2008/dsa-1551)
DSA 1551-1 covers CVE-2007-2052, CVE-2007-4965, CVE-2008-1679,
CVE-2008-1721 and CVE-2008-1887.
According to changelog
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: xpdf
This has been fixed for poppler and kword as USN-603-1 and USN-603-2,
but xpdf is still vulnerable.
Please see also: DSA-1548 (http://www.debian.org/security/2008/dsa-1548)
** Affects: xpdf (Ub
Is Ubuntu's clamav also affected by CVE-2008-0314 (DSA 1549-1
[http://www.debian.org/security/2008/dsa-1549])?
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0314
--
ClamAV Upack Processing Buffer Overflow Vulnerability
https://bugs.launchpad.net/bugs/217256
You received t
There's still no fix for this available as of now.
--
[openoffice.org] [CVE-2007-4575] Potential arbitrary code execution
vulnerability in 3rd party module (HSQLDB)
https://bugs.launchpad.net/bugs/174112
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
** Also affects: silc-server (Ubuntu)
Importance: Undecided
Status: New
--
[silc-toolkit] [CVE-2008-1552] possible arbitrary code execution
https://bugs.launchpad.net/bugs/215002
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
No updated packages were available last night from ther German Ubuntu
mirror. Are the new langpack updates only available through the
proposed-repos?
--
context menu entry "Paste File" [and other dialogs] not translated into German
(anymore)
https://bugs.launchpad.net/bugs/196106
You received th
Could this be marked as "Confirmed" for the currently stable releases? I
dont't know how to do it or won't have the required permissions. I fear
that with all the work concentrating on Hardy and marking bug reports as
"Fix Released" only because the current development branch has been
upgraded comp
*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
Will do so, didn't know this browse-by-CVE-feature since now. That's why
I try to have related CVEs in the summaries of new reports, so that
Launchpad's "Is the bug you’re reporting one of these?"-feature may
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: silc
Quoting CVE-2008-1552:
'The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client
before 1.1.4, and SIL
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: wireshark
Quoting:
CVE-2008-1561
"Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5
through 0.99.8 allow remote attackers to cause a denial of service (application
crash)
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: otrs2
Quoting CVE-2008-1515:
"The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 contains
"Missing security checks," which allows remote attackers to "read and modify
objects" via
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: pdns-recursor
References:
DSA-1544-1 (http://www.debian.org/security/2008/dsa-1544)
Quoting:
"Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a
weak random number generator to
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vlc
References:
DSA-1543-1 (http://www.debian.org/security/2008/dsa-1543)
Quoting:
"Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido
Landi, Felipe Manzano, Anibal Sacco and others
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1539-1 (http://www.debian.org/security/2008/dsa-1539)
Quoting:
"Chris Schmidt and Daniel Morissette discovered two vulnerabilities
in mapserver, a development environment for spatial and mapping
applicatio
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: lighttpd
References:
DSA-1540-1 (http://www.debian.org/security/2008/dsa-1540)
Quoting:
"It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle S
Ah yes, now that you've mentioned it, I've also sometimes stumbled on
Launpad's automacially adding of CVEs in comments. Nice meant, but
seemingly sometimes very insane feature ;-)
Okay, will keep in mind to manually add MOTU SWAT to related bug
reports, though I'd bet something on it that I've se
Originally this bug report was intended mainly for CVE-2008-1332 and
CVE-2008-1333, which I both added as CVE references. I only mentioned
CVE-2007-6430 because it's in DSA-1525-1, but wrote that it's been
handled in Bug#199118 and therefore didn't add a CVE reference to this
bug report.
Also, I t
Sadly
[UPGRADE] language-pack-de 1:6.06+20080204 -> 1:6.06+20080303
[UPGRADE] language-pack-kde-de 1:6.06+20080204 -> 1:6.06+20080303
didn't improve the situation; I guess that the new packages were built
before the problem has been found?
--
context menu entry "Paste File" [and other dialogs]
*** This bug is a security vulnerability ***
Public security bug reported:
This bug report is intended for the stable releases. For Hardy, this
seems to have been fixed, see Bug#204557.
Quoting CVE-2008-1482:
"Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote
attackers to t
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vmware-server
VMware Server as provided from Canonical's partner repository for Gutsy is still
version 1.04, while a security updated version 1.05 is available from
upstream.
Security Issues Resolved
*** This bug is a security vulnerability ***
Public security bug reported:
References:
MDVSA-2008:078
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:078)
Quoting:
"OpenSSH allows local users to hijack forwarded X connections by causing
ssh to set DISPLAY to :10, even when anoth
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libkrb53
References:
GLSA 200803-31 (http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml)
MDVSA-2008:069
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:069)
Quoting GLSA 20080
The same CVEs cover iceape:
DSA-1534-1 (http://www.debian.org/security/2008/dsa-1534)
** Also affects: iceape (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [xulrunner] [DSA-1532-1] several vulnerabilities
+ [xulrunner, iceape] [DSA-1532-1, DSA-1534-1] several vulnera
See also Bug#210163.
--
[xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer
https://bugs.launchpad.net/bugs/195700
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
See also Bug#210163.
** Summary changed:
- [libxine1] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
execution
+ [xine-lib] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
execution
--
[xine-lib] [CVE-2008-1161] DoS vulnerability and possible arbitrary code
execu
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1536-1 (http://www.debian.org/security/2008/dsa-1536)
Quoting:
"Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
executi
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: exiftags
References:
DSA-1533-1 (http://www.debian.org/security/2008/dsa-1533)
Quoting:
"Christian Schmid and Meder Kydyraliev (Google Security) discovered a
number of vulnerabilities in exiftags, a
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: xulrunner
References:
DSA-1532-1 (http://www.debian.org/security/2008/dsa-1532)
Quoting:
"Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications.
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: policyd-weight
References:
DSA-1531-2 (http://www.debian.org/security/2008/dsa-1531)
Quoting:
"Chris Howells discovered that policyd-weight, a policy daemon for the Postfix
mail transport agent, cre
See also:
DSA-1530-1 (http://www.debian.org/security/2008/dsa-1530)
** Bug watch added: Debian Bug tracker #467653
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653
** Also affects: cupsys (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=467653
Importance: Unknown
See also:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=362001
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432753
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444976
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460048
http://bu
*** This bug is a security vulnerability ***
Public security bug reported:
References:
DSA-1529-1 (http://www.debian.org/security/2008/dsa-1529)
Quoting:
"Multiple security problems have been discovered in the Firebird database,
which may lead to the execution of arbitrary code or denial of ser
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: debian-goodies
References:
DSA-1527-1 (http://www.debian.org/security/2008/dsa-1527)
Quoting:
"Thomas de Grenier de Latour discovered that the checkrestart tool in the
debian-goodies suite of utiliti
Argh, sorry, missed a cross-check... This has already been fixed in
USN-526-1.
** Changed in: debian-goodies (Ubuntu)
Status: New => Fix Released
--
[debian-goodies] [CVE-2007-3912] insufficient input sanitising
https://bugs.launchpad.net/bugs/210128
You received this bug notification bec
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: serendipity
References:
DSA-1528-1 (http://www.debian.org/security/2008/dsa-1528)
Quoting:
"Peter Hüwe and Hanno Böck discovered that Serendipity, a weblog manager,
did not properly sanitise input to
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
References:
DSA-1525-1 (http://www.debian.org/security/2008/dsa-1525)
(Note: CVE-2007-6430 has already been reported as Bug#199118, but is
still open for all stable releases.)
Quoting:
"Sev
Won't there be security upgrades for the stable releases? Gutsy's sun-
java6 is still at 6-03-0ubuntu2.
--
[sun-java] security update available from upstream
https://bugs.launchpad.net/bugs/199477
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libbind9-0
References:
SUSE-SR:2008:006
Quoting CVE-2008-0122:
"Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and
earlier, as used in libc in FreeBSD 6.2 through 7.0-PRE
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libxine1
References:
SUSE-SR:2008:006
Quoting CVE-2008-1161:
"Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in
xine-lib before 1.1.10 allows remote attackers to cause a denial
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: sarg
References:
SUSE-SR:2008:006
Quoting CVE-2008-116:
"Stack-based buffer overflow in the useragent function in useragent.c in Squid
Analysis Report Generator (Sarg) 2.2.3.1 allows remote attacker
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: unzip
References:
DSA 1522-1 (http://www.debian.org/security/2008/dsa-1522)
Quoting:
"Tavis Ormandy discovered that unzip, when processing specially crafted
ZIP archives, could pass invalid pointers
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ikiwiki
References:
DSA-1523-1 (http://www.debian.org/security/2008/dsa-1523)
Quoting:
"Josh Triplett discovered that ikiwiki did not block Javascript in
URLs, leading to cross-site scripting vulnera
*** This bug is a duplicate of bug 202422 ***
https://bugs.launchpad.net/bugs/202422
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: smarty
References:
DSA-1520-1 (http://www.debian.org/security/2008/dsa-1520)
Quoting:
"It was discovered that
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: lighttpd
References:
DSA-1521-1 (http://www.debian.org/security/2008/dsa-1521)
Quoting:
"Julien Cayzac discovered that under certain circumstances lighttpd,
a fast webserver with minimal memory footp
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: horde3
References:
DSA-1519-1 (http://www.debian.org/security/2008/dsa-1519)
Quoting:
"It was discovered that the Horde web application framework permits arbitrary
file inclusion by a remote attacker
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ldapscripts
References:
DSA-1517-1 (http://www.debian.org/security/2008/dsa-1517)
Quoting:
"Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: backup-manager
References:
DSA-1518-1 (http://www.debian.org/security/2008/dsa-1518)
Quoting:
"Micha Lenk discovered that backup-manager, a command-line backup tool,
sends the password as a command l
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: dovecot
References:
DSA-1516-1 (http://www.debian.org/security/2008/dsa-1516)
Quoting:
"Prior to this update, the default configuration for Dovecot used by
Debian runs the server daemons with group m
I've subscribed Emanuele Gentili to this bug. Since he's provided
updated packages for VLC just some time ago (see Bug #195949), it would
be great if he could take a look at this one.
--
vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors
https://bugs.launchpad.net/bugs/1
Launchpad automatically sets "linux-meta" if a bug is reported against
"linux-source".
--
[linux-source] [CVE-2007-5966] integer overflow in the hrtimer_start function
in kernel/hrtimer.c, local vulnerabilty
https://bugs.launchpad.net/bugs/180289
You received this bug notification because you ar
Coming over from Bug #201437.
I'd say that fsck errors on each startup after using tune2fs wouldn't
earn Ubuntu any laurels, especially for Hardy as an LTS release. So if
e2fsprogs 1.40.7 cannot be integrated in Hardy for whatever reasons, I
suggest that some hand-picked bug fixes should be backpo
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libnet-dns-perl
References:
DSA-1515-1 (http://www.debian.org/security/2008/dsa-1515) (page has not been
generated at the time of this writing)
Note: CVE-2007-3377 and CVE-2007-3409 have been addres
Public bug reported:
Binary package hint: e2fsprogs
Whenever modifying an ext3 file system with tune2fs on the current Hardy Alpha,
I get the following message on next boot:
"primary superblock features different from backup superblock"
Then fsck is forced on the file system.
This has been conf
I've tested the current Kubuntu Hardy Alpha within VMware Server running
on Kubuntu Gutsy. It seems Hardy is NOT affected by this bug report, but
Dapper up to Gutsy are. But since this is not a security related bug, my
hopes for a fix for the stable releases aren't that high...
--
after fsck on s
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: moin
References:
DSA-1514-1 (http://www.debian.org/security/2008/dsa-1514)
Quoting:
"Several remote vulnerabilities have been discovered in MoinMoin, a
Python clone of WikiWiki. The Common Vulnerabil
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: sun-java6-jre
Sun provides updated java packages which "contains fixes for one or more
security vulnerabilities".
References:
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05
** Affect
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: opera
Opera as provided from Canonical's partner repository for Gutsy is still
version 9.25, while a security updated version 9.26 is available from
upstream. They also provide updated packages for Ub
** Description changed:
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2)
misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://www.debian.org/security/2008/dsa-1485)
- MDVSA-2008:062
(http://www.mandriva.com/en
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2)
misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://www.debian.org/security/2008/dsa-1485)
- M
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
Got this from SUSE-SR:2008:005. Quoting CVE-2007-6430:
"Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and
Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-bet
** Summary changed:
- [asterisk] missing input sanitising
+ [asterisk] [CVE-2007-6170] missing input sanitising
--
[asterisk] [CVE-2007-6170] missing input sanitising
https://bugs.launchpad.net/bugs/173610
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: tcl
References:
MDVSA-2008:059
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:059)
Quoting:
"A flaw in the Tcl regular expression handling engine was originally
discovered by Will D
Has just been fixed in Debian, see DSA-1512-1
(http://www.debian.org/security/2008/dsa-1512) (link may not work until
the page has been generated).
--
[evolution] [CVE-2008-0072] format string error, possible arbitrary code
execution
https://bugs.launchpad.net/bugs/198742
You received this bug n
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: evolution
References:
SA29057 (http://secunia.com/advisories/29057/)
Quoting:
"Secunia Research has discovered a vulnerability in Evolution, which can be
exploited by malicious people to compromise
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: phpmyadmin
References:
PMASA-2008-1
(http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1)
Quoting:
"Description:
We received an advisory from Richard Cunningham, and we wish to thank
Okay, after mentioning the new CVEs in my previous comment, they
suddenly showed up in the CVE references list. Weird.
--
[wireshark] multiple vulnerabilities
https://bugs.launchpad.net/bugs/172283
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Um, I guess the CVE references list got a little too long, because the
added references won't show up any more...
Adding them here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
Also adding CVE references mentioned in MDVSA-2008:057
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:057).
--
[wireshark] multiple vulnerabilities
https://bugs.launchpad.net/bugs/172283
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscrib
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: gnumeric
References:
MDVSA-2008:056
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:056)
Quoting:
"A vulnerability was found in the excel_read_HLINK function in the
Microsoft Excel p
*** This bug is a security vulnerability ***
Public security bug reported:
References:
MDVSA-2008:054
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:054)
Quoting:
"A vulnerability was discovered by Havoc Pennington in how the
dbus-daemon applied its security policy. A user with
Please see also:
DSA-1511-1 (http://www.debian.org/security/2008/dsa-1511)
** Bug watch added: Debian Bug tracker #463688
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688
** Also affects: icu (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688
Importance: Unknown
My guess would be something related to busybox-initramfs or initramfs-
tools. fsck on the root file system on system boot happens while the
system is still running from initrd.
--
after fsck on startup, no network filesystems are shown in mtab
https://bugs.launchpad.net/bugs/196420
You received t
Please see also Bug #197656.
** Changed in: language-pack-kde-de (Ubuntu)
Status: New => Confirmed
--
context menu entry "Paste File" [and other dialogs] not translated into German
(anymore)
https://bugs.launchpad.net/bugs/196106
You received this bug notification because you are a membe
*** This bug is a duplicate of bug 196106 ***
https://bugs.launchpad.net/bugs/196106
** This bug has been marked a duplicate of bug 196106
context menu entry "Paste File" [and other dialogs] not translated into
German (anymore)
--
[dapper] [language-pack-kde-de] regression in German loca
I did replay my backup once more, so I could give a more accurate
description on konqueror's context menu. A pity I didn't figured out how
to make a screenshot of those context menus...
This is with language-pack-kde-de 6.06+20070803:
Neu erstellen
AufwärtsAlt+Nach oben
Zurück
** Description changed:
Binary package hint: language-pack-kde-de
Also affects: language-pack-de
I noticed some regressions in the recently updated language-pack-kde-de
- for the German localization, namely in konsole and klipper.
+ for the German localization, namely in konsole, klipp
1 - 100 of 321 matches
Mail list logo
