similar to: zlib issues

Yes, the gitlab instance is the correct upstream development repository. We maintain a mirror at github for the convenience of developers there. Cheers, Ralph On Mon, 2020-06-29 at 21:27 +0000, Ellen Johnson wrote: > Hi Ralph and libvorbis developers, > I thought the vorbis gitlab project was the main development site ( > https://gitlab.xiph.org/xiph/vorbis) because that's what

Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am

Hi Ralph, Thank you for your reply! For context -- we consider reported CVEs as bugs even if it's in a third-party library we use (such as libvorbis). We first determine if the CVE is something that would impact our customer workflows. In this case because of our use of libvorbis for audio I/O, it does impact our customers so we need to resolve the CVE as soon as possible. In the

Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know

Hi Ralph, Again, thanks so much for doing all this! Plus thanks to all the folks who contributed to the new release! Quick clarifying question -- Isn't CVE-2018-10392 (looks like it’s fixed in https://gitlab.xiph.org/xiph/vorbis/-/issues/2335) also included in new version 1.3.7? If so can you please add it to release notes? (I asked the same question in

Hi libvorbis developers! I'm wondering if you had a chance to see my request for releasing a new libvorvis version - this is to have an official libvorbis release containing the CVE fixes that appear to be fixed in the master branch. Is there anything we can do to help with getting a release out? We're happy to work with you on this. Please let us know if we can do anything to help

Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter

Hi, Is the command #yum list-sec cves still compatible with Centos7? Or are there alternatives to list all CVE applicable to a CentOS without the Satellite? Thanks

Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:

2015-09-03 12:56 GMT+02:00 Karanbir Singh <mail-lists at karan.org>: > On 02/09/15 19:27, Raymond Durand wrote: > > Hi, > > > > Is the command > > #yum list-sec cves > > > > still compatible with Centos7? > > > this should not have worked with any version of CentOS, you can do some > scraping and feeding into a local repo instance, but

Good Morning, We just performed some security scanning on one of our AIX systems and these vulnerabilities was returned: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 We are currently running: 5.8.0.6101 The latest on IBMs

On 9/20/19 8:58 AM, Eric Blake wrote: > On 9/12/19 12:41 PM, Richard W.M. Jones wrote: >> We have discovered a potential Denial of Service / Amplification Attack >> in nbdkit. > > Unfortunately, our fix for this issue cause another potential Denial of > Service attack: > >> >> Lifecycle >> --------- >> >> Reported: 2019-09-11 Fixed:

Hi all, Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are : CVE-2014-9028 : Heap buffer write overflow CVE-2014-8962 : Heap buffer read overflow For Linux distributions, the specific fixes for these two CVEs are available from Git here:

> On Apr 15, 2016, at 15:06 , Andrew Bartlett <abartlet at samba.org> wrote: > > > Yes, this really, really sucks. MSCHAPv2 is NTLM, not NTLMv2 based. > This is despite NTLMv2 being around when they 'designed' this > mechanism. Sadly no attempt has been made to somehow get an MSCHAPv3 > in that uses NTLMv2. > > On Windows, setting a special flag

On Mon, Nov 18, 2019 at 2:31 PM Robinson, Paul via llvm-dev < llvm-dev at lists.llvm.org> wrote: > One problem with defining away “arbitrary code execution in Clang” as “not > security relevant” is that you are inevitably making probably-wrong > assumptions about the set of all possible execution contexts. > > > > Case in point: Sony, being on the security-sensitive

I am runninng rsync on Ubuntu. It was installed using apt-get install rysnc. I note that the package has not yet been updated to rysnc 3.0. I would like to update using the tar but I am confused how to update the existing installation. On this machine, I am mainly using rsync to send to a cwrsync server (which I have updated already). Can I just overwrite the rsync executable? Any help

On Mon, Nov 18, 2019 at 6:00 PM JF Bastien via llvm-dev < llvm-dev at lists.llvm.org> wrote: > > > On Nov 18, 2019, at 2:42 PM, David Blaikie via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > > > > On Mon, Nov 18, 2019 at 2:31 PM Robinson, Paul via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > >> One problem with defining away

Rowland penny <rpenny <at> samba.org> writes: > > On 03/01/16 06:00, JS wrote: > > <=?windows-1252?Q?L.P.H._van_Belle?=> writes: > > > > One of your problems is that you are using the stock Ubuntu samba, this > is getting a bit long in the tooth now, can I suggest you use either the > latest freely available samba from Sernet or better still,

Hi Ralph and libvorbis developers, I thought the vorbis gitlab project was the main development site (https://gitlab.xiph.org/xiph/vorbis) because that's what the NVD CVE tracker points to for the two CVEs I mentioned. But I just realized there's also a vorbis github project (https://github.com/xiph/vorbis). Both appear to have recent activity. Is the gitlab project the correct one

Hello, Can someone point me to documentation on how to best backup a samba member server? I see the wiki currently does not contain one. Is it as simple as backup all shared folders with rysnc or similar that will preserve ACLS along with the smb.conf? I'm currently relying on a raid solution. Thanks. -- -James