security [ARCHIVED] April 2007

security@lists.fedoraproject.org

8 participants
38 discussions

[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow
by Red Hat Bugzilla 17 Jun '07

17 Jun '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list@redhat.com,ville.skytta@iki.fi http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta(a)iki.fi 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 228764] New: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure
by Red Hat Bugzilla 07 May '07

07 May '07

1 3

[Bug 235416] New: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows
by Red Hat Bugzilla 02 May '07

02 May '07

1 3

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 25 Apr '07

25 Apr '07

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 24 Apr '07

24 Apr '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs(a)math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.6-4 ------- Additional Comments From tibbs(a)math.uh.edu 2007-04-24 18:21 EST ------- I did some testing and let the new version stew on my servers overnight. Since that went OK, I pushed and built for F7, FC6, FC5, EL5 and EL4. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 23 Apr '07

23 Apr '07

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 23 Apr '07

23 Apr '07

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 23 Apr '07

23 Apr '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:28 EST ------- (In reply to comment #4) > Any clue as to what this looks like for an IPv6 denial? Um, no. Seems irrelevant though, this fix is as IPV6 safe as the rest of DenyHosts - basically it brings REGEX7 into alignment with the other REGEXs - if this is broken for IPV6, then all the others are too. I don't have any way to test this I'm afraid. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 23 Apr '07

23 Apr '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood(a)gmail.com 2007-04-23 12:25 EST ------- Created an attachment (id=153291) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=153291&action=view) Fix REGEX7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 237449] Login attempts as root may go unnoticed
by Red Hat Bugzilla 23 Apr '07

23 Apr '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs(a)math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list(a)redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] April 2007