http://blog.gmane.org/gmane.linux.gentoo.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.gentoo.announce/1629 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: November 16, 2008 Bugs: #209148, #212211, #215266, #228369, #230575, #234102 ID: 200811-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= -------------------------------------------------------- Tobias Heinlein 2008-11-16T16:08:59 http://comments.gmane.org/gmane.linux.gentoo.announce/1628 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Graphviz: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #240636 ID: 200811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in Graphviz might lead to user-assisted execution of arbitrary code via a DOT file. Background ========== Graphviz is an open source graph visualization software. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------- Tobias Heinlein 2008-11-09T21:01:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1627 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FAAD2: User-assisted execution of arbitrary code Date: November 09, 2008 Bugs: #238445 ID: 200811-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in FAAD2 might lead to user-assisted execution of arbitrary code via an MP4 file. Background ========== FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ----------------------------------------------------- Tobias Heinlein 2008-11-09T20:59:25 http://comments.gmane.org/gmane.linux.gentoo.announce/1626 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gallery: Multiple vulnerabilities Date: November 09, 2008 Bugs: #234137, #238113 ID: 200811-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Background ========== Gallery is an open source web based photo album organizer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------- Tobias Heinlein 2008-11-09T20:56:41 http://comments.gmane.org/gmane.linux.gentoo.announce/1625 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: November 03, 2008 Bugs: #235298, #240500, #243060, #244980 ID: 200811-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------- Tobias Heinlein 2008-11-03T18:50:10 http://comments.gmane.org/gmane.linux.gentoo.announce/1624 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libspf2: DNS response buffer overflow Date: October 30, 2008 Bugs: #242254 ID: 200810-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory management error in libspf2 might allow for remote execution of arbitrary code. Background ========== libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from. Currently, only the exim MTA uses libspf2 in Gentoo. Affected packages ================= ------------------------------------------- Robert Buchholz 2008-10-30T21:27:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1623 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background ========== WordNet is a large lexical database of English. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- Tobias Heinlein 2008-10-07T18:13:38 http://comments.gmane.org/gmane.linux.gentoo.announce/1622 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. Background ========== Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Affected packages ================= ------------------------------------------ Robert Buchholz 2008-10-09T17:36:48 http://comments.gmane.org/gmane.linux.gentoo.announce/1621 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Denials of Service Date: September 25, 2008 Bugs: #236665 ID: 200809-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in ClamAV may result in a Denial of Service. Background ========== Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------- Pierre-Yves Rofes 2008-09-25T21:23:08 http://comments.gmane.org/gmane.linux.gentoo.announce/1620 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple Denials of Service Date: September 25, 2008 Bugs: #236515 ID: 200809-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Background ========== Wireshark is a network protocol analyzer with a graphical front-end. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------------- Pierre-Yves Rofes 2008-09-25T21:15:47 http://comments.gmane.org/gmane.linux.gentoo.announce/1619 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Git: User-assisted execution of arbitrary code Date: September 25, 2008 Bugs: #234075 ID: 200809-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities have been discovered in Git. Background ========== Git is a distributed version control system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 d Pierre-Yves Rofes 2008-09-25T21:09:41 http://comments.gmane.org/gmane.linux.gentoo.announce/1618 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU ed: User-assisted execution of arbitrary code Date: September 23, 2008 Bugs: #236521 ID: 200809-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in ed may allow for the remote execution of arbitrary code. Background ========== GNU ed is a basic line editor. red is a restricted version of ed that does not allow shell command execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Una Pierre-Yves Rofes 2008-09-23T21:56:51 http://comments.gmane.org/gmane.linux.gentoo.announce/1617 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BitlBee: Security bypass Date: September 23, 2008 Bugs: #236160 ID: 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Background ========== BitlBee is an IRC to IM gateway that support multiple IM protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ---------------------------------------------- Pierre-Yves Rofes 2008-09-23T21:33:35 http://comments.gmane.org/gmane.linux.gentoo.announce/1616 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: R: Insecure temporary file creation Date: September 22, 2008 Bugs: #235822 ID: 200809-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== R is vulnerable to symlink attacks due to an insecure usage of temporary files. Background ========== R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------- Pierre-Yves Rofes 2008-09-22T20:15:42 http://comments.gmane.org/gmane.linux.gentoo.announce/1615 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Newsbeuter: User-assisted execution of arbitrary code Date: September 22, 2008 Bugs: #236506 ID: 200809-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Insufficient input validation in newsbeuter may allow remote attackers to execute arbitrary shell commands. Background ========== Newsbeuter is a RSS/Atom feed reader for the text console. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ----------------- Pierre-Yves Rofes 2008-09-22T20:07:04 http://comments.gmane.org/gmane.linux.gentoo.announce/1614 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: HAVP: Denial of Service Date: September 21, 2008 Bugs: #234715 ID: 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A Denial of Service vulnerability has been reported in HAVP. Background ========== HAVP is a HTTP AntiVirus Proxy. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/havp < 0.89 Pierre-Yves Rofes 2008-09-21T17:31:33 http://comments.gmane.org/gmane.linux.gentoo.announce/1613 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: September 21, 2008 Bugs: #233336 ID: 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Mantis. Background ========== Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < Pierre-Yves Rofes 2008-09-21T17:25:09 http://comments.gmane.org/gmane.linux.gentoo.announce/1612 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Postfix: Denial of Service Date: September 19, 2008 Bugs: #236453 ID: 200809-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A memory leak in Postfix might allow local users to cause a Denial of Service. Background ========== Postfix is Wietse Venema's mailer that attempts to be fast, easy to administer, and secure, as an alternative to the widely-used Sendmail program. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Un Pierre-Yves Rofes 2008-09-19T20:10:45 http://comments.gmane.org/gmane.linux.gentoo.announce/1611 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Amarok: Insecure temporary file creation Date: September 08, 2008 Bugs: #234689 ID: 200809-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Amarok uses temporary files in an insecure manner, allowing for a symlink attack. Background ========== Amarok is an advanced music player. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 medi Pierre-Yves Rofes 2008-09-08T18:08:57 http://comments.gmane.org/gmane.linux.gentoo.announce/1610 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: September 08, 2008 Bugs: #234080 ID: 200809-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer underflow vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Una Pierre-Yves Rofes 2008-09-08T17:57:53 http://comments.gmane.org/gmane.linux.gentoo.announce/1609 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VLC: Multiple vulnerabilities Date: September 07, 2008 Bugs: #235238, #235589 ID: 200809-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Two vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background ========== VLC is a cross-platform media player and streaming server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------- Pierre-Yves Rofes 2008-09-07T19:21:51 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.gentoo.announce