similar to: xen-3 stable update for #496367

Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to |

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

reopen 487095 reopen 487097 thanks Hi, since you thought it's necessary to complain to me about this bug report on IRC I'm replying to this bug now as well. > On Thu, Jun 19, 2008 at 04:56:54PM +0200, Thomas Bl?sing wrote: > > CVE-2008-1943[0]: > > | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame > > | Buffer (PVFB) 3.0 through 3.1.2 allows

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 444430 xen-3.0 3.0.3-0-2 Bug#444430: CVE-2007-4993 privilege escalation Bug reassigned from package `xen-3' to `xen-3.0'. > clone 444430 -1 Bug#444430: CVE-2007-4993 privilege escalation Bug 444430 cloned as bug 446771. > reassign -1 xen-3

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > close 446771 3.1.1-1 Bug#446771: CVE-2007-4993 privilege escalation 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 3.1.1-1, send any further explanations to Nico Golde <nion at debian.org> > End

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.26 > reassign 469662 xen-unstable Bug#469662: xen-3: CVE-2008-0928 privilege escalation Bug reassigned from package `xen-3' to `xen-unstable'. > close 469662 3.3-unstable+hg17192-1 Bug#469662: xen-3: CVE-2008-0928 privilege escalation 'close' is

Source: xen-unstable Version: 3.3-unstable+hg17602-1 Severity: grave Tags: security, patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for xen-unstable. CVE-2008-1943[0]: | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame | Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial | of service (crash) and possibly execute

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.10.35 > tags 496367 pending Bug#496367: The possibility of attack with the help of symlinks in some Debian packages There were no tags set. Tags added: pending > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking

Hi all, Does any one know of any encryption/decryption algorithms in R? I'm not looking for anything robust - I want some way of printing output to the screen that the user can't read immediately, but can decrypt a little later. The main thing I don't want to the user to see is a number, so (e.g.) ROT13 isn't appropriate. Hadley -- Assistant Professor / Dobelman Family Junior

Hi, After many tries, i''ve decided to give up dynamic websites, which definitely do not match my needs, and instead replace my blog by a webgen site. I''ve however some unanswered questions. 1) RSS One of the main interest of dynamic website is the ability to provide user a view to last updated pages, thanks to RSS. Is there a way for webgen to generate a RSS file from last

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Telenet blocks all acces on port 25 so sendmail cannot send mail directly. the solution is to give your box a hostname under the telenet.be domain and then use mail-out.pandora.be as forwarder. - -- nightrid3r Services Master Network Administrator Botmaster Chatfactory network http://www.chatfactory.net This message has been double ROT13 encoded

Package: xen-utils-3.2-1 Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For

I get the following error when trying to compile: win32-changejournal-0.2.0-1 on: Windows 2000, Service Pack 4 Microsoft Visual Studio 6 Any ideas? Thanks, Zach ----- ERROR BELOW----- C:\unzipped\win32-changejournal-0.2.0-1\win32-changejournal-0.2.0>nmake Microsoft (R) Program Maintenance Utility Version 6.00.9782.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

libxen-dev_3.4.0-1_amd64.deb to pool/main/x/xen-3/libxen-dev_3.4.0-1_amd64.deb libxenstore3.0_3.4.0-1_amd64.deb to pool/main/x/xen-3/libxenstore3.0_3.4.0-1_amd64.deb xen-3_3.4.0-1.diff.gz to pool/main/x/xen-3/xen-3_3.4.0-1.diff.gz xen-3_3.4.0-1.dsc to pool/main/x/xen-3/xen-3_3.4.0-1.dsc xen-3_3.4.0.orig.tar.gz to pool/main/x/xen-3/xen-3_3.4.0.orig.tar.gz (new)

Indeed, an example in the documentation about this feature would be helpful, may be the one Hugh used. If an explanation is deemed appropriate, I would suggest including something along the lines of the following (after the second paragraph of the Details section for if/while/etc.). =============== In these constructs the opening braces, if any, are part of the expression to be evaluated, not

Wednesday next week would be the Xiph monthly meeting. It is there enough going on at the moment (IETF document being submitted soon, the various aspects of metadata) to warrant one? -- imalone