[BSA-092] Security Update for pidgin

intrigeri uploaded new packages for pidgin which fixed the following security problems: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly wide...

[BSA-086] Security update for strongswan

Updated strongswan packages for squeeze-backports and wheezy-backports fix the following vulnerabilities: - CVE-2013-2944: When using the openssl plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. - CVE-2013-6075: DoS vulnerabili...

[BSA-078] Security Update for freetype

I uploaded new packages for freetype which fixed the following security problems: CVE-2012-5668: NULL Pointer Dereference in bdffreefont. CVE-2012-5669: Out-of-bounds read in bdfparseglyphs. CVE-2012-5670: Out-of-bounds write in bdfparseglyphs. For the squeeze-backports distribution the problems...

[BSA 076] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problems: CVE-2012-1149 multiple heap-based buffer overflows in OpenOffice.orgs XML manifest encryption tag parsing code For the squeeze-backports distribution the problems have been fixed in version...

[BSA 076] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problems: CVE-2012-1149 multiple heap-based buffer overflows in OpenOffice.orgs XML manifest encryption tag parsing code For the squeeze-backports distribution the problems have been fixed in version...

[BSA-074] Security update for libreoffice

Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2012-1149 Integer overflows in PNG image handling For the squeeze-backports distribution the problems have been fixed in version 1:3.4.6-2bpo60+2...

[BSA-071] Security Update for request-tracker4

Dominic Hargreaves uploaded new packages for request-tracker4 which fixed the following security problems: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have be...

[BSA-068] Security Update for freetype

I uploaded new packages for freetype which fixed the following security problems: CVE-2011-3439 FreeType allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted font, a different vulnerability than CVE-2011-3256. CVE-2011-3256 FreeType before...

[BSA-061] Security Update for openswan

Harald Jenny uploaded new packages for openswan which fixed the following security problems: CVE-2011-4073 Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service pluto IKE daemo...

[BSA-050] Security Update for puppet

Ive uploaded new packages for puppet which fixed the following security problems: CVE-2011-3848 Resist directory traversal attacks through indirections. In various versions of Puppet it was possible to cause a directory traversal attack through the SSLFile indirection base class. This was various...