DEBIAN-CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2016-10026

The CVE-2016-10026 case concerns ikiwiki version 3.20161219, where the CGI interface enabled with git and recentchanges plugins allows a revision to bypass authorization and revert changes by exploiting page permissions. Technical details indicate the root cause lies in how revision changes are c...

openSUSE Security Update : libgit2 (openSUSE-2017-213)

This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate callback or when using...

OPENSUSE-SU-2017:0405-1 Security update for libgit2

This update for libgit2 to version 0.24.6 fixes the following issues: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate...

DEBIAN-CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

ALPINE-CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

ALPINE-CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

CVE-2016-8569

Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...

libreoffice: Heap-buffer-overflow in MakePreview

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5385827211280384 Project: libreoffice Fuzzer: libFuzzerlibreofficeepsfuzzer Fuzz target binary: epsfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...

[SECURITY] Fedora 24 Update: ikiwiki-3.20170111-1.fc24

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

Systemd 228 (SUSE 12 SP2 Ubuntu Touch 15.04) - Local Privilege Escalation

Systemd 228 SUSE 12 SP2 Ubuntu Touch 15.04 - Local Privilege Escalation / source: http://www.openwall.com/lists/oss-security/2017/01/24/4 This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e...

libreoffice: Crash in WinMtfOutput::DrawText

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6116030539628544 Project: libreoffice Fuzzer: libFuzzerlibreofficewmffuzzer Fuzz target binary: wmffuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...

CVE-2016-10075

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

DEBIAN-CVE-2016-10075

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...

UBUNTU-CVE-2016-10075

The tqdm.version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory...