similar to: [HEADS UP]: CVE-2012-4929 (CRIME)

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.

Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at

On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:? > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > have a bug in dovecot, which > > merits a > > CVE.

On Sat, 2016-12-03 at 21:25 +0200, Aki Tuomi wrote: > > On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jerem > > iahfoster.com> wrote: > > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors

has this package been rebuilt? I didn't see an announcement for it. --Ajay, who's not bitchin', just wondering... -------- Original Message -------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gaim package fixes security issues Advisory

Hi, Just want to ask about the status of this:- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002 >From list archives I gather the fix is still under refinement (but committed (and removed?) in HEAD and RELENG_5_2). One paranoid little shop is running a public web server on RELENG_4_9, and contemplating this patch:-

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:10.tcpdump Security Advisory The FreeBSD Project Topic: Infinite loops in tcpdump protocol decoding Category: contrib Module: tcpdump

Dear list, About a week ago, right after 5.4-RELEASE was released, I received a mail from Gentoo Linux's security announcement list about a flaw in tcpdump and gzip. Since none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:02 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-05-13 I. Introduction Several ports in the FreeBSD Ports

Having finished a round of testing in my own lab, I''ve connected to my clients test lab, and reproduced my Xen Dom0. Upon trying a test creation of a DomU, I was intrigued to receive the message: ERROR POST operation failed: xend_post: error from xen daemon: (xend.err ''Error creating domain: Creating domain failed: name=snstest00'') Domain installation does not

Hi-- Are folks familiar with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 http://www.isc.org/software/dhcp/advisories/cve-2011-0997 http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/ Checking http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I don't see signs that it may have been updated. But, I also

Any plans to incorporate the Fedora patch for CVE-2006-0225: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168167 -- albert chin (china at thewrittenword.com)

Hi, First look this vulnerability issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933 My application models: http://pastie.org/1709174 On my departments form, when user selects a health unit, I copy all health unit attributes including address and street. The parameters hash looks like this: http://pastie.org/1709217 But this was considered a vunerability issue, the

On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > We are sorry to report that we have a bug in dovecot, which merits a > CVE. See details below. If you haven't configured any auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13 > a5a725ae and >

On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > On 02.12.2016 10:45, Jonas Wielicki wrote: > > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: > > > We are sorry to report that we have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings