[Bug 210973] New: clamav < 0.88.5 CHM and PE vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210973
Summary: clamav < 0.88.5 CHM and PE vulnerabilities
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: clamav
AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
(Apparently no CVE id available yet)
http://www.vuxml.org/freebsd/8012a79d-5d21-11db-bb8d-00123ffe8333.html
Secunia reports:
Two vulnerabilities have been reported in Clam AntiVirus, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
1) An unspecified error in the CHM unpacker in chmunpack.c can be exploited to
cause a DoS.
2) An unspecified error in rebuildpe.c when rebuilding PE files after
unpacking can be exploited to cause a heap-based buffer overflow.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months
[Bug 206516] New: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206516
Summary: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle
multiple vulnerabilities
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: normal
Component: moodle
AssignedTo: imlinux(a)gmail.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
Moodle 1.6.1 and earlier are reportedly vulnerable to:
- cross site scripting (CVE-2006-4784)
- SQL injection (CVE-2006-4785)
- sensitive information disclosure (CVE-2006-4786)
FE-4, FE-5 and devel apparently affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months
[Bug 191089] mantis multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: mantis multiple vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089
ville.skytta(a)iki.fi changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|fc5 |fc4
Status|CLOSED |NEW
Keywords| |Reopened
Resolution|CURRENTRELEASE |
------- Additional Comments From ville.skytta(a)iki.fi 2006-10-23 16:49 EST -------
Looking briefly into the patches applied to the FC-4 package, it seems to me
that CVE-2006-0665 and CVE-2006-0840 are fixed, but the following may remain
unaddressed or only partially fixed: CVE-2006-0665, CVE-2006-0841,
CVE-2006-1577
For more info, see the Debian patchkit at
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarg...
Reopening for comments from someone more familiar with Mantis and PHP.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months
[Bug 191089] multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089
giallu(a)gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |CURRENTRELEASE
Fixed In Version| |0.19.4-2
------- Additional Comments From giallu(a)gmail.com 2006-10-20 20:07 EST -------
FC-5 and FC-6 was updated with 1.0.5.
About FC-4, I do not feel confortable about supplying an update which is
guaranteed to require some manual steps to complete.
I applied some backported fixes already present in upstream CVS, but not yet
released as 0.19.5.
Look for 0.19.5 in http://www.mantisbugtracker.com/bugs/changelog_page.php for
more details
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months
[Bug 191089] multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089
ville.skytta(a)iki.fi changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|enrico.scholz@informatik.tu-|giallu(a)gmail.com
|chemnitz.de |
------- Additional Comments From ville.skytta(a)iki.fi 2006-10-10 13:48 EST -------
Reassign to current maintainer.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months
[Bug 209163] New: CVE-2006-4247: plone password reset vulnerability
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209163
Summary: CVE-2006-4247: plone password reset vulnerability
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: urgent
Component: plone
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4247
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5
and 2.5.1 Release Candidate allows attackers to reset the passwords of other
users, related to "an erroneous security declaration."
According to info in upstream advisory, 2.5* (FC-5 and devel) are affected,
2.1.* (FC-3 and FC-4) not.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 6 months