Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 19 May 2011 00:56:22 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: LILO 23.2

Vasiliy - I suggest that you update Owl-current to LILO 23.2 before we
move to Syslinux.  This will enable me to get this update into
3.0-stable (after brief testing in current).  The message below mentions
a security issue in a script, but we don't appear to package that script.

(It also mentions a libpcap issue, but we need to update libpcap before
it makes sense for us to deal with minor issues like that.  To approach
this after toolchain update.)

----- Forwarded message from Moritz Muehlenhoff <jmm@...ian.org> -----

Date: Wed, 18 May 2011 22:06:33 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: [oss-security] CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap

Hi,
please assign CVE IDs for the following issues tracked in the Debian Security Tracker:

1. ffmpeg/libav out of array write in AMV parsing

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
http://seclists.org/bugtraq/2011/Apr/257
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

2. widelands directory traversal

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021

3. SQL injection in Jifty::DBI

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622919
http://lists.jifty.org/pipermail/jifty-devel/2011-April/002426.html

4. lilo: lilo-uuid-diskid makes lilo.conf world-readable

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103

5. libpcap packet truncation

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868
http://thread.gmane.org/gmane.network.tcpdump.devel/5018

Cheers,
        Moritz

----- End forwarded message -----

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ