40 matches found
[BSA-037] Security Update for subversion
Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2011-1752 Subversions moddavsvn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources...
[BSA-036] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2011-1407 command injection attack in DKIM processing code For the lenny-backports distribution the problems have been fixed in version 4.72-6+squeeze2bpo50+1. For the stable distribution squeeze, thi...
[BSA-035] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2011-1764 DKIM related format string vulnerability For the lenny-backports distribution the problems have been fixed in version 4.72-6+squeeze1bpo50+1. For the stable distribution squeeze, this proble...
[BSA-034] Security Update for iceweasel
Mike Hommey uploaded new packages for iceweasel which fixed the following security problems: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren...
[BSA-033] Security Update for request-tracker3.8
Jan Wagner uploaded new packages for request-tracker3.8 which fixed the following security problems: CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a...
[BSA-030] Security update for nss
This update for the Network Security Service libraries marks several fraudulent HTTPS certificates as unstrusted. For the lenny-backports distribution the problems have been fixed in version 3.12,8-1+squeeze1bpo50+1. For the oldstable distribution lenny, this problem has been fixed in version...
[BSA-026] Security Update for subversion
Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2011-0715 Subversions moddavsvn Apache HTTPD server module will dereference a NULL pointer if a lock token is sent in a HTTP request by a Subversion client which has not authenticated to the...
[BSA-027] Security Update for iceweasel
Mike Hommey uploaded new packages for iceweasel which fixed the following security problems: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code...
[BSA-023] Security Update for drupal6
Gerfried Fuchs uploaded new packages for drupal6 which fixed the following security problems: CVE-2010-2250 A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites n...
[BSA-022] Security Update for request-tracker3.8
Jan Wagner uploaded new packages for request-tracker3.8 which fixed the following security problems: CVE-2011-0009 It was discovered that Request Tracker, an issue tracking system, stored passwords in its database by using an insufficiently strong hashing method. If an attacker would have access ...
[BSA-019] Removal of kvm
Following the removal of kvm source package from testing and unstable because of being obsoleted by qemu-kvm and having a fair amount of outstanding security issues since a while the package now got removed from lenny-backports, too. If you have installed the kvm and related packages from...
[BSA-018] Removal of egroupware
Following the removal of the egroupware packages from testing and unstable because they were unmaintained and have outstanding unaddressed security issues for a while the packages got now removed from lenny-backports, too. If you have installed the egroupware suite please be aware that they arent...
[BSA-017] Security Update for subversion
Sven Hoexter uploaded new packages for subversion which fixed the following security problems: CVE-2010-4539 A NULL pointer dereference flaw exisits in moddavsvn, the Apache httpd module for the Subversion server, when listing of repositories SVNListParentPath directive is enabled. A remote user...
[BSA-016] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2010-4345 exim privilege escalation Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a...
[BSA-015] Security Update for wordpress
Matt Taggart uploaded new packages for wordpress which fixed the following security problem: Critical core security bug in the HTML sanitation library more info: http://wp.me/pZhYe-qt For the lenny-backports distribution the problems have been fixed in version 3.0.4+dfsg-1bpo50+1. Upgrade...
BSA-009 Security Update for nss
Alexander Reichle-Schmehl uploaded new packages for nss which fixed the following security problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subjects Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a...
BSA-009 Security Update for nss
Alexander Reichle-Schmehl uploaded new packages for nss which fixed the following security problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subjects Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a...
Subject: BSA-008 Security Update for pidgin
Jan Wagner uploaded new packages for pidgin which fixed the following security problems: CVE-2010-3711 Fixes multiple remotely-triggered DoSes https://vulners.com/cve/CVE-2010-3711 For the lenny-backports distribution the problems have been fixed in version 2.7.3-1bpo50+2. For the unstable sid...
Subject: BSA-007 Security Update for mailscanner
Jan Wagner uploaded new packages for mailscanner which fixed the following security problems: CVE-2010-3095 incomplete fix for CVE-2008-5313 https://vulners.com/cve/CVE-2010-3095 The original text of CVE-2008-5313: mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to...
Subject: BSA-007 Security Update for mailscanner
Jan Wagner uploaded new packages for mailscanner which fixed the following security problems: CVE-2010-3095 incomplete fix for CVE-2008-5313 https://vulners.com/cve/CVE-2010-3095 The original text of CVE-2008-5313: mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to...