[BSA-104] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2015-1774: It was discovered that missing input sanitising in Libreoffices filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened. For the...

[BSA-103] Security Update for shibboleth-sp

Matthew Vernon uploaded new packages for shibboleth-sp which fixed the following security problems: CVE-2015-2684 A denial of service vulnerability was found in the Shibboleth a federated identity framework Service Provider. When processing certain malformed SAML messages generated by an...

[BSA 076] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problems: CVE-2012-1149 multiple heap-based buffer overflows in OpenOffice.orgs XML manifest encryption tag parsing code For the squeeze-backports distribution the problems have been fixed in version...

[BSA 076] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problems: CVE-2012-1149 multiple heap-based buffer overflows in OpenOffice.orgs XML manifest encryption tag parsing code For the squeeze-backports distribution the problems have been fixed in version...

[BSA-074] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2012-1149 Integer overflows in PNG image handling For the squeeze-backports distribution the problems have been fixed in version 1:3.4.6-2bpo60+2...

[BSA-071] Security Update for request-tracker4

Dominic Hargreaves uploaded new packages for request-tracker4 which fixed the following security problems: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have be...

[BSA-070] Security Update for samba

I uploaded new packages for samba which fixed the following security problem: CVE-2012-1182 PIDL based autogenerated code allows overwriting beyond of allocated array. For the squeeze-backports distribution the problems have been fixed in version 2:3.6.4-1bpo60+1...

[BSA-050] Security Update for puppet

Ive uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848 Resist directory traversal attacks through indirections. In various versions of Puppet it was possible to cause a directory traversal attack through the SSLFile indirection base class. This was various...

[BSA-038] Security Update for icedove

Christoph Göhre uploaded new packages for icedove which fixed the following security problems: CVE-2011-0083 Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists allows remote attackers to cause a denial of service application crash...

BSA-010 Security Update for iceweasel

Alexander Reichle-Schmehl uploaded new packages for iceweasel which fixed the following security problems: CVE-2010-3174 CVE-2010-3176 Multiple unspecified vulnerabilities in the browser engine in Iceweasel allow remote attackers to cause a denial of service memory corruption and application cras...

Security update for openoffice.org

Rene Engelhard uploaded new packages for openoffice.org which fixed the following security problems: CVE-2010-2935 CVE-2010-2936: Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a users system and execute...

[Backports-security-announce] Security update for openoffice.org

Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problem: CVE-2010-0395 It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for MicrosoftR Office, is not properly handling python macro...

[Backports-security-announce] Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...

[Backports-security-announce] Security Update for openoffice.org

Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a...

[Backports-security-announce] Security Update for openoffice.org

Rene Engelhard uploaded a new package for openoffice.org which fixed the following security problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a...

[Backports-security-announce] Security update for dovecot

Jaldhar H. Vyas uploaded new packages which fix the following problem: DSA-1892-1 CVE-2009-2632, CVE-2009-3235 Multiple stack-based buffer overflows in the Sieve plugin in Dovecot For the etch-backports distribution the problem has been fixed in version 1.0.15-2.3+lenny1bpo40+1 For the...

[Backports-security-announce] Security update for dovecot

Jaldhar H. Vyas uploaded new packages which fix the following problem: DSA-1892-1 CVE-2009-2632, CVE-2009-3235 Multiple stack-based buffer overflows in the Sieve plugin in Dovecot For the etch-backports distribution the problem has been fixed in version 1.0.15-2.3+lenny1bpo40+1 For the...

[Backports-security-announce] Security update for openoffice.org

Rene Engelhard uploaded new packages for openoffice.org which fixed the following security updates: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document,...

[Backports-security-announce] Security Update for ikiwiki

Alexander Wirt uploaded a new package for ikiwiki which fixes the following security problem: DSA-DSA-1875 Josh Triplett discovered that the blacklist for potentially harmful TeX code of the teximg module of the Ikiwiki wiki compiler was incomplete, resulting in information disclosure. For the...

[Backports-security-announce] Security Update for xml-security-c

Russ Allbery uploaded new packages for xml-security-c which fixed the following security problems: CVE-2009-0217 CERT VU466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed...