blah
making sekrit
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : a3li, a3li amd64 : a3li, a3li hppa : a3li ppc : a3li, a3li ppc64 : a3li, a3li sparc : a3li x86 : a3li, a3li
sekrit again
reopen
asdf
test
CVE-2004-0043 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0043): Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. CVE-2004-2090 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2090): Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. CVE-2004-1244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1244): Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." CVE-2004-2077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2077): Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. CVE-2004-2078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2078): Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. CVE-2004-2080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2080): Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
CVE-2004-2091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2091): Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. CVE-2004-2082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2082): The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. CVE-2004-1180 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1180): Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). CVE-2004-0001 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0001): Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. CVE-2004-0004 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0004): The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. CVE-2004-0054 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0054): Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
CVE-2004-0055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0055): The print_attr_string function testing umlauts and utf #äöäöäöäöäöäöäöä öäö äö äöäöä öäöä öäöä öäöäöäßߺ⁄ø€œºƒ€ø⁄œºƒø⁄€ººƒ€ ø{ºƒ¶¸ı¸ÛıÏÛÌı››™ ǢÍØ˘„ØÛı#Û¸ı£¸#Á¸·£˝Û£˝·ˆıƒ€äääööä äö öä äö öä ö ö ö öääöß ß ü ü ü üüüüüü
CVE-2004-0058 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0058): Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. CVE-2004-0059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0059): Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. CVE-2004-0060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0060): WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.
CVE-2004-0015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0015): vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. CVE-2004-0045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0045): Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
CVE-2004-0057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0057): The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. CVE-2004-0061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0061): WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
CVE-2004-0091 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0091): ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
CVE-2004-1000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1000): lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
CVE-2004-0035 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0035): SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2004-1857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1857): Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
pretending it becomes bugready
and no longer again
Arches, please test and mark stable: =app-pda/libopensync-0.39-r1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
sorry for the noise, testing a new tool ;)
This issue was resolved and addressed in 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml by GLSA coordinator Alex Legler (a3li).
Created attachment 316745 [details] Summary
Created attachment 316747 [details] Summary
Created attachment 316749 [details] Summary
Created attachment 316751 [details] Summary
Created attachment 316753 [details] Summary
CVE-2014-3575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575): The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
CVE-2014-3815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3815): Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
CVE-2015-2773 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2773): SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors.
