http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/26 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:37.webkit Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Webkit Applications Category: Graphics Module: chrome, chromium, webkit &amp; qt Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5797, 5801, 5811, 5892, 5893, 5898, 6124, 6126, 6128, 6130, 6132, 6134, 6143, 6145, 6148, 6150, 6172, 6246, 6249, 6253, 6255, 6256, 6258, 6260, 6261, 6265, 6266, 6268, 6323, 6479, 6487, 6495, 6658, 6953, 7687 &amp; 7692 CVE: CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1386, CVE-2010-1760, CVE-2010-3111, CVE-2010-3112, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3117, CVE-2010-3118, CVE-2010-3119, CVE-2010-3120, CVE-2010-1784, CVE-2010-1785, CVE-2010-178</pre> Ware, Ryan R 2011-01-20T23:40:26 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/25 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:38.kernel Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in MeeGo Kernel Category: Kernel Module: kernel-netbook, kernel-ivi Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6475, 6571, 6572, 6574, 6578, 6580, 6582, 6585, 6651, 7380, 7382, 7384, 7386, 7388, 8191, 8196, 8199 &amp; 8204 CVE: CVE-2010-2954, CVE-2010-2066, CVE-2010-2492, CVE-2010-2524, CVE-2010-2803, CVE-2010-2955, CVE-2010-2959, CVE-2010-2960, CVE-2010-2798, CVE-2010-2942, CVE-2010-3067, CVE-2010-3078, CVE-2010-3477, CVE-2010-3080, CVE-2010-2537, CVE-2010-2538, CVE-2010-3079, CVE-2010-3296, CVE-2010-3297 &amp; CVE-2010-3298 For general information regarding MeeGo Security Advisories, including descriptions of</pre> Ware, Ryan R 2011-01-20T23:51:24 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/24 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:40.bzip2 Security Advisory MeeGo Project Topic: Overflow in Decompress Function Allows DoS or Execution Category: File Module: bzip2 Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 7737 CVE: CVE-2010-0405 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background Bzip2 is a freely available, patent-free, high quality data compressor. Bzip2 compresses files to within 10 to 15 percent of the capabilities of the best techniques available. However, bzip2 has the added benefit of being approximately two times faster at compression a</pre> Ware, Ryan R 2011-01-20T23:40:51 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/23 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:38.kernel Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Webkit Applications Category: Kernel Module: kernel-netbook, kernel-ivi Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6475, 6571, 6572, 6574, 6578, 6580, 6582, 6585, 6651, 7380, 7382, 7384, 7386, 7388, 8191, 8196, 8199 &amp; 8204 CVE: CVE-2010-2954, CVE-2010-2066, CVE-2010-2492, CVE-2010-2524, CVE-2010-2803, CVE-2010-2955, CVE-2010-2959, CVE-2010-2960, CVE-2010-2798, CVE-2010-2942, CVE-2010-3067, CVE-2010-3078, CVE-2010-3477, CVE-2010-3080, CVE-2010-2537, CVE-2010-2538, CVE-2010-3079, CVE-2010-3296, CVE-2010-3297 &amp; CVE-2010-3298 For general information regarding MeeGo Security Advisories, including descript</pre> Ware, Ryan R 2011-01-20T23:40:33 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/22 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:39.firefox Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Firefox Category: Browser Module: firefox Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6910, 6911, 6924, 6925, 6926, 6927, 6928, 6929, 6931, 6933, 6934, 6935, 6936, 6937, 6938 &amp; 6939 CVE: CVE-2010-3171, CVE-2010-3399, CVE-2010-3169, CVE-2010-2765, CVE-2010-2767, CVE-2010-3131, CVE-2010-3166, CVE-2010-2760, CVE-2010-3168, CVE-2010-3167, CVE-2010-2766, CVE-2010-2770, CVE-2010-2762, CVE-2010-2768, CVE-2010-2769 &amp; CVE-2010-2764 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www</pre> Ware, Ryan R 2011-01-20T23:40:41 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/21 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:36.wget Security Advisory MeeGo Project Topic: Wget Uses Server-Provided Filename For Downloads Category: Communication Module: wget Announced: November 3, 2010 Affects: MeeGo 1.0 Corrected: November 3, 2010 MeeGo BID: 5486 CVE: CVE-2010-2252 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage an</pre> Ware, Ryan R 2011-01-20T23:40:18 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/20 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:35.ghostscript Security Advisory MeeGo Project Topic: Incorrect Initialization Files Allow Arbitrary PS Commands Category: Graphics Module: ghostscript Announced: November 3, 2010 Affects: MeeGo 1.0 Corrected: November 3, 2010 MeeGo BID: 3995 CVE: CVE-2010-2055 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Gho</pre> Ware, Ryan R 2011-01-20T23:40:10 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/19 <pre>The 6 security advisories that will follow this message are the security advisories for MeeGo 1.0 Update 5. If you have any questions or concerns about them, please direct those questions to the meego-security-discussion-WXzIur8shnEAvxtiuMwx3w&lt; at &gt;public.gmane.org list. Thanks, Ryan </pre> Ware, Ryan R 2011-01-20T23:39:59 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/18 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:34.libtiff Security Advisory MeeGo Project Topic: Invalid ReferenceBlackWhite Values Allows DoS Category: Graphics Module: libtiff Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6500 CVE: CVE-2010-2595 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. II. Problem Descr</pre> Ware, Ryan R 2011-01-20T18:30:08 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/17 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:33.libsocialweb Security Advisory MeeGo Project Topic: Potential Format String Vulnerability Category: Communication Module: libsocialweb Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6295 CVE: For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background A social data aggregator II. Problem Description librest passes unvalidated data from a webserver's response (via libsoup) into a g_set_error which is a function that takes a format string. The fix for this was to use a g_set_error_literal instead. Access Vector: Network exploitabl</pre> Ware, Ryan R 2011-01-20T18:28:51 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/16 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:32.dbus-glib Security Advisory MeeGo Project Topic: Access Flag Allows Privilege Escalation Category: Communication Module: dbus-glib Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5914 CVE: CVE-2010-1172 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop. II. Problem Description CVE-2010-1172: DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended acces</pre> Ware, Ryan R 2011-01-20T18:27:25 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/15 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:31.freetype Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Freetype Category: Graphics Module: freetype Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5897, 5904, 5907, 5908, 5910, 5911, 5923, 5925, 5931, 5934, 5984, 5990 &amp; 5993 CVE: CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2519, CVE-2010-2500, CVE-2010-2520, CVE-2010-2527, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-2541, CVE-2010-3053 &amp; CVE-2010-3054 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background The FreeType e</pre> Ware, Ryan R 2011-01-20T18:26:21 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/14 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:30.gnupg2 Security Advisory MeeGo Project Topic: DoS or Arbitrary Code Execution via Crafted Certificate Category: Security Module: gnupg2 Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5115 CVE: CVE-2010-2547 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and</pre> Ware, Ryan R 2011-01-20T18:24:59 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/13 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:29.libmikmod Security Advisory MeeGo Project Topic: Arbitrary Code Execution via Crafted Tracker Files Category: Audio Module: libmikmod Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5023 CVE: CVE-2009-3995, CVE-2010-2546, CVE-2010-2971 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background libmikmod is a library used by the mikmod MOD music file player for UNIX-like systems. Supported file formats include MOD, STM, S3M, MTM, XM, ULT and IT. II. Problem Description CVE-2009-3995: Multiple heap-based buffer overflows in IN_MO</pre> Ware, Ryan R 2011-01-20T18:22:43 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/12 <pre>The following batch of security advisories were for MeeGo 1.0 update 4. Ryan _______________________________________________ MeeGo-security mailing list MeeGo-security-WXzIur8shnEAvxtiuMwx3w&lt; at &gt;public.gmane.org http://lists.meego.com/listinfo/meego-security </pre> Ware, Ryan R 2011-01-20T18:21:14 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/11 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:28.openssl Security Advisory MeeGo Project Topic: Double Free in OpenSSL Allows DoS or Code Execution Category: Encryption Module: openssl Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:5668 CVE:CVE-2010-2939 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. II. Problem Description CVE-2010-2939: Double free vulnerability in the ssl3_get_key_e</pre> Ware, Ryan R 2011-01-19T03:54:14 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/10 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:26.git Security Advisory MeeGo Project Topic: Buffer Overflow in git Allows Privilege Escalation Category: Development Module: git Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:5238 CVE:CVE-2010-2542 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. II. Problem Description CVE-2010-2542: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allow</pre> Ware, Ryan R 2011-01-19T03:53:51 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/9 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:27.libtiff Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Libtiff Category: Graphics Module: libtiff Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:5559, 5564, 5566, 5590, 5596 &amp; 5598 CVE:CVE-2010-2597, CVE-2010-2596, CVE-2010-2630, CVE-2010-2631, CVE-2010-2482 &amp; CVE-2010-2481 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in th</pre> Ware, Ryan R 2011-01-19T03:54:01 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/8 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:25.vte Security Advisory MeeGo Project Topic: vte Improperly Handles Escape Sequences Category: Term Module: vte Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:5089 CVE:CVE-2010-2713 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background VTE is a terminal emulator widget for use with GTK+ 2.0. II. Problem Description CVE-2010-2713: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute</pre> Ware, Ryan R 2011-01-19T03:53:40 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/7 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:24.firefox Security Advisory MeeGo Project Topic: Improper Memory Handling Allows DoS Category: Browser Module: firefox Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:4998 CVE:CVE-2010-2755 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. II. Problem Description CVE-2010-2755: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers t</pre> Ware, Ryan R 2011-01-19T03:53:31 http://permalink.gmane.org/gmane.comp.handhelds.meego.security.announce/6 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:23.chromium Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Chromium Category: Browser Module: chromium Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID:4935 CVE:CVE-2010-2898, CVE-2010-2899, CVE-2010-2900, CVE-2010-2901, CVE-2010-2902 &amp; CVE-2010-2903 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit &lt;URL:http://www.MeeGo.com/&gt;. I. Background Chromium is an open-source web browser, powered by WebKit. II. Problem Description CVE-2010-2898: Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack v</pre> Ware, Ryan R 2011-01-19T03:53:18 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.handhelds.meego.security.announce