Commit 935277bb authored by Rhonda D'Vine's avatar Rhonda D'Vine 🏳🌈

BSA-102, BSA-103, BSA-104

parent 293b373c
[[!meta date="2015-03-21 13:17:04 UTC"]]
Dominic Hargreaves uploaded new packages for request-tracker4 which fixed the
following security problems:
CVE-2014-9472
Remote DoS via email gateway
CVE-2015-1165
Information discloure revealing RSS feed URLs
CVE-2015-1464
Privilege escalation via RSS feed URLs
For the wheezy-backports distribution the problems have been fixed in
version 4.0.19-1~bpo70+2.
The problems have been fixed in other distributions as follows:
* sid/jessie: 4.2.8-3
* wheezy: 4.0.7-5+deb7u3.
* squeeze-backports: 4.0.7-5+deb7u3~bpo60+1
* squeeze-lts: 3.8.8-7+squeeze9 (of request-tracker3.8)
[[!meta date="2015-04-14 11:18:29 UTC"]]
Matthew Vernon uploaded new packages for shibboleth-sp which fixed the
following security problems:
CVE-2015-2684
A denial of service vulnerability was found in the Shibboleth (a
federated identity framework) Service Provider. When processing
certain malformed SAML messages generated by an authenticated
attacker, the daemon could crash.
For the wheezy-backports distribution the problems have been fixed in
version 2.5.3+dfsg-2~bpo70+1.
[[!meta date="2015-04-27 03:55:40 UTC"]]
Rene Engelhard uploaded new packages for libreoffice which fixed the
following security problem:
CVE-2015-1774:
It was discovered that missing input sanitising in Libreoffice's filter
for HWP documents may result in the execution of arbitrary code if a
malformed document is opened.
For the squeeze-backports distribution the problem has been fixed in
version 1:3.5.4+dfsg2-0deb7u4~bpo60+1.
For the wheezy-backports distribution the problem has been fixed in
version 1:4.3.3-2+deb8u1~bpo70+1.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment