Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)

New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...

FreeType 'src/cff/cf2hints.c'远程栈缓冲区溢出漏洞

Bugtraq ID:66074 CVE ID:CVE-2014-2240 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2hints.c' cf2hintmapbuild函数处理'stem hints'存在一个越界基于栈的读/写漏洞，允许攻击者利用漏洞构建恶意字体，诱使应用解析，可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁： FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞：...

FreeType 'src/cff/cf2ft.c'远程拒绝服务漏洞

BUGTRAQ ID: 66292 CVE ID:CVE-2014-2241 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2ft.c'中的cf2initLocalRegionBuffer, cf2initGlobalRegionBuffer函数存在一个断言失败错误，允许攻击者利用漏洞构建恶意字体，诱使应用解析，可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁： FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞：...

[SECURITY] Fedora 19 Update: ikiwiki-3.20140125-1.fc19

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

GLSA-201401-06 : Git: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201401-06 Git: Privilege escalation Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact : A local attacker could gain escalated privileges via a specially crafted git repository. Workaround...

Git: Privilege escalation

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...

[SECURITY] Fedora 19 Update: gitolite3-3.5.3.1-1.fc19

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

Gitlab 6.0 - Persistent Cross-Site Scripting

Gitlab 6.0 - Persistent Cross-Site Scripting Exploit-DB note: Tested commit 10b0b8f1797e6c09b4c063c04a4864ecd31d34f4 Exploit Title: gitlab persistent xss exploit Date: 12/16/2013 Exploit Author: hellok Vendor Homepage: gitlab.org !/bin/sh author hellok for file format ext pwn for gitlab 12/16/201...

libguestfs security, bug fix, and enhancement update

1:1.20.11-2 - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz1019737 1:1.20.11-1 - Rebase to libguestfs 1.20.11. resolves: rhbz958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches...

Archlinux Ultimate Install Script

Install and configure archlinux has never been easier! You can try it first with a virtualbox Prerequisites A working internet connection Logged in as ‘root’ How to get it With git Increase cowspace partition: mount -o remount,size=2G /run/archiso/cowspace Get list of packages and install git:...

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

git / Apple Xcode certificate spoofing

Git certificate spoofing...

APPLE-SA-2013-09-18-3 Xcode 5.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-3 Xcode 5.0 Xcode 5.0 is now available and addresses the following: Git Available for: OS X Mountain Lion v10.8.4 or later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive...

[Capture the flag] Remaster Linux Live CD images for wargames

Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit. Requirements You will need the following in order to build the Live CD using the scripts in this project: Linux, with root access using sudo git make, gcc -- for...

Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780

Check for the Version of nodejs-github-url-from-git OpenVAS Vulnerability Test Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for nodejs-github-url-from-git FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : git (ELSA-2010-1003)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-1003 advisory. 1.7.1-2.1 - fix CVE-2010-3906 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Fedora 18 : cgit-0.9.2-1.fc18 (2013-9498)

A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read. Refer to the discussion on oss-security fo...

Oracle Linux 6 : git (ELSA-2013-0589)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0589 advisory. - fix CVE-2013-0308 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...