DELTA 481826 0 32273 SVN"U!fJ?v$e giteagitea 1.5.2Gitea project reports:

CSRF Vulnerability on API.

Enforce token on api routesgo-gitea/gitea/issues/4357 ttps://github.com/go-gitea/gitea/pull/4840 2018-10-01 2018-10-11 e`@Az&x^QK@ ǟݧ{][g96qaE}ޢ;vԻtoo D(y$_3U92XƛᚹRZ[veW2Y.#6XމuDqD8쨮bfET*sFlSl4bj5x23)z(w{ͩmxײmYD6mެA[+OgɓTIE|:֓_UT1u!F $c:蠡Ze \.}_*@+0vR\^@!/ߣ`@0:‚j:THn kLɞ^ %0 ϡq.:(ં[@9L2,ڃF"M8ՙpzq;4ؒA"E"y~*V$G269 UkiNL 7*Fuw܆ѠlYH'0Y47wZEMq} ihxf1gVh#kWAA~ ЕʘԎVe+MF!~O}- fa}9Afx^uO0 O!Lsi)޷0=V[I:VV3o3_^+B$/٢N'{hӡuKJBbݏ㇃ۇw8R3(v\PB!DF\B,2\`M[6!|pDU*#,(~oO(+EgS]G,ޭar< 4STҎ.7$޿ )] 5x}oWlՋ<ZEMj4 jS(ɀsxV8QϾöqj%F^Z:<*',+quHՊw^#m@ș="KDQ`KCO wGiFW*m9fkV["KhA$\ǩ5ZLQD{v%O ~RB~R>Hv`z|905bcd CVE-2017-13720 CVE-2017-1372204ddecde18-e33b-11e7-a293-54e1ad3d6335"> libXcursor -- integer overflow that can lead to heap buffer overflow libXcursor 1.1.15The freedesktop.org project reports:

It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issuejIk4U{^zhps://helpx.adobe.com/security/products/flash-player/apsb17-32.html">

  • This update resolves a type confusion vulnerability that could lead to remote code execution (CVE-2017-1129212932.html WPA packet number reuse with replayed messages and key reinstallation wpa_supplicant 2.6_1 <x^Jw@HzEx^mOO#1 SXOZh =GI܎$FoRZ!Ny@Si$6β H΅^.F,UWB^wWRc׉Z6k1i*:O}Ġ@ _5Aeyo4(%c*>F7U5MSy.X j=Uz _rR.[6ZzS\\'ۻu] qql0{Hvd &RҺ VraȨa ,dIB;¡'#uX {1?OtƸ);Gc>EY1JO`!;{T=)5a5E]?hv@#W x^Mo0 zk iҎF %)S vXHql{p({1-@.Z,QyMIӢ8S̑,FPC3c@Ywb|yII_G 8˓zbș ӊ^!]k4Iipnq05qNsrr6]Pg9+2EAc]FJ**2*)@v ÍU}A A[d"plXEׁ F> 7.rǝM-+@5qڨ maX$C#E@zV|ZxV|zA0b3d42"> phpMyAdmin -- MphpMyAdmin 4.6.04.6.6phpMyAdmin development team reports:

    Open redirect2/">

    php-gettext code execu3/">

    DOS vulnerability in table editing4/">

    CSS injection in !1 D?R~K~qvLz/cvename>CVE-2016-8862 ports/21451414bc4898d5-a794-11e6-b2d3-60a44ce6887b"> Pillowy27-pillow py33-pillow py34-pillow py35-pillow 3.3.2Pillow reports:

    Pillow prior to 3.3.2 may experience integer overflow errors in map.c when reading speciala0'Wz_ion> SA-16:31.libarchive 2016-10-05 2016-10-10 FreeBSD -- Multiple portsnap vulnerabilitiesFlaws in portsnap's verification of downloaded +T CVE-2014-8517 SA-14:26.ftp4389f22-6007-11e6-a6c3-14dae9d210b8"> FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)10.010.0_12 9.39.3_5 9.29.2_15 9.19.1_22 8.48.4_19h1>Problem Description:

    WˀX mw^mx^n0)PvbpT.KU)2DcPp@y(jԡE |}[|fpudmu.+i:5eZ5iP#ŹV=|߂D+ /d\jde0CA-sYK#d39We+K_|H9i쒉P3y(3+DseA{&]W^5H\ "#ģ %I|\O,[VJ=C{o'y&k|HaPƛ"8 s#]﮹64X GWXqL41&t+7 p琽#5MoѠQIN@2Iztzox^Rn <7_r'ড়ʵT=XE5°NPW'L Zyv y'Xރb;>^pL4Jrgh<6Yr,+k,@턱;b,?tnsƷvCE/Y>9/Xh -<13nq݃=Vi|JreϺ0͉9eZU8 K0E4o("24։Hk#yŔu c9@ {Br0uH*zX&ؒLo'4RVm q kN5v|F=zJx^r )%jµ/@Y L޾Mz w]m&7q|XB8a9Q҃ Nk7hBVPQUȴJU)r\44SJhR,oF] % ւs Hhr7 :NֆY6 =bDA7vlZrx,M a6 xݗ{IP=y{+u2o7=?WϓcROݣ+ϲg=0:S_SιC?7HZxTpJ}z?O=A9X>CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit 2016-01-20 2016-01-2162c0dbbd-bfce-11e5-b5fe-002590263bf5"> cgitcgit Jason A. Donenfeld6XR{v=Q1[4://www.openwall.com/lists/oss-security/2015/12/14/13 CVE-2015-8560 2015-12-126dbae1a8-a4e6-11e5-b864-14dae9d210b8"> cups-filters -- code execution cups-filters 1.2.0 foomatic-filters 4.0.17_4Salvatore Bonaccorso& z~_z x^UMo0 ۯ zj[ӥ /tH-T4NqRl7_Ŗ{ZH8$Kv.Ս*WR|~C;r!D1$n"N}[10L.:x[*P dP<|*ɗr/W@׿:8o=<L{Tsl\A(q7dwd|>:ʑzC]"x % HƈK`N5R0K=z4;J,3A~ڍFz6 )p|Y^)FfNrѹCg'pܤT+Ufƶc3,\C?dGTzy9v,n| 'V ȝ8fh(abs_Dav` 4zx^J1)^C"ZQt7%nGCv}z.d2Ow$AqX]_^WN݋sG/#9mhCu9((#[x uCl<4^ zQ!6^*4<%Iՠ.$; U9ȼ'Ѭ}8JO\0K*6BI=~bgM;3x؁W҂-5$(\9Kr}*KFW:0cPhRA`Xx{h.|j>KG\@cz*x^QO ݯ n1v0@m݌ٌ<]NwNn@jqaJV͸} djAo/Y@}T,o^CR#=GΌǰTAlt7 jAqO

    Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets. w?GN@aZx^MQj0>O1C,vi m)ui%VHh5z} ߟfp͚Tqi6B63H@8EtnB}ԇA;ƛ <9Nw}J46U~j>͂VmuU:s<"͢ͅ#Rr1$hU} #Ur)qtZy@HBƻ0Buwݯc7wۻ/0)}P#pdԌ58!2$$TI0XhБHy2 `E*ETBd s0 NA/.S6p/hӺrPCaNsbږ==LòۧH,2L˪M1:foGȥ oTPdiwؽ,m^<с ,zx^RK0>ïqesV)!nԞ:5[~=<KoG0w_?ݿm/of6vۧOno}^Ý|")8ˡLJcJy2IK(M>3/Dr:0CgK2]_'W ΑTG]'Ndp,pBo<%gTEt1V>QjN(Ġ iRqW`3m:!E h:a3Dec3 (Cqu~YTERM)K1yJf7W_]u{׋kxДO}kEY|T%+ =^ tAdGpb8±G%3_#~aNZJ}^@+z(x^MK@WQi/%bRDzn&HfvSw!i}?K@[n~ ۰?<~m.`'l OLf je{Țn=| _kGЖ7$Q@nw^Z,ҳ(oȐ#_,/^ZvG<`*Tdª$FyC;ve)2&lnl+AK%ZK7TjE\I,6;JHTs/*p:ݢ &)?Ȧͮe?$ux N^T&Nx^}n0EWepq`'F"ގȑVCJ,wtK^{6BrdzLU FVj*8|in?~n g'ir~6Y!k^ɮGl C菦a8<&2yĒ᷈%\,td"yrN]<;3uPEPE-Jrg.wp1Ӵsܫ`5qi^>*]s<.eZ]VVYqݜ`?^˳s|䆷 Bzx^uO0)F@bR=J{\Milձxܴߞq]H\"Ǟ7Wt2qX}>}B25 B_6N$?:kWɔ~}:'Sب`|K @  t-GQEA7&A -W#`sSV#8h>4#akb0ڲI hڮEX)J3`a tC2BR1gnj4& sz~]Qb;WE(.UAz))bCiYI*ǥ׌ T F{(n&#DBq99]|B#>aieQIIO~\җ Sw< Iօm`o#R Rԏa( +N#1 whyJyv*zFx^]QN0=W4{( ڋѓm{)ʺi7o^fC-k&f͈1&Ɏǒ)>`eZK-:Ewf)5.!Y]EA0*QmSfYb].u 3⛹t Н:\poH9&i93ܚ<)ͯc#2PeU,U#0OKU[u[M~Rp%[;90s3xN'RqxV1DȀnYMVH|0DgӯVV'_4;$?ICk@c_r'/'}ZSo"@V76J}e$㲶 5zx^Mn0EW I ]*Awu?F êC^ڜsϽFa9<,MWi8mB["hN9\B~g@)L0B衧d{ 'DEz׸R%&i[IV7Е) Ё/x.fH:G;G;G;G;G;G;G;H;H;@:we> CVE-2012-4298 http://www.wireshark.org/security/wnpa-sec-2012-112131415161718190 6zx^mRMo0=7b&EZ)zE+`afH"fއF T}ٓ2/JR7`W8,ߤcQ (ѡx 8WSN` /X:+qF~)mb'k5:xlݟ wUIixDAh`Yu=tbx:s#j. &%^-/m". o8؊ki$ƂJT B ݠҕ??oTTxہNe`.vz0x^]Mo!+粀k=ynhzG_v׏9 3> o(Bl@kt8#,%P i a:3'@bĀ;فghh ~=҆+d$s/"uՙ䣁42W#oЏ,N"h$[E|χUArk[KLf5'}efvy@9.ֵ!2ZZk0,(R*?bR7V_;1>)d`WN&$}^0+-XK+>Q"6uE+/8Ĺ|cNN?tȀNY+eO@efzL4">

    A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet.

    This defect affects both recursive and authoritative servercvename>CVE-2011-2464 https://www.isc.org/software/bind/advisories/cve-2011-24644ccee784-a721-11e0-89b4-001ec9578670"> BIND -- Remote DoS with certain RPZ configurations <Π zx^N0gqdʞ]-]rijڑ>: -U'|FFANXzity,ТF!HGͷXHJP:壭\{ߺeJx'7r䱱 -[,$4ńMJ9%@\/{mpP'qZ͒ErH]s TWywQ--Z.-KqN1~J0?I-0=}9N$%4 ~rMX+vXrWr L2iކ߇8Ap"}A?9` _>'z'x^mRKN0])F@TH 9$ݴǟT*&<+{V4h>H9xNa27W[YKvy£zR@F-"Zp,BA 6d~")3!iI=DaG= 8j ඌKE)xH()ItFc36@S=Xo7q$m+GǘpʼnGZѹ tjz'K 8 ')Z/HqfxNOmܺK v1)9][L= '%6xZ'2ZKLⴼ =57B`焁E Q5z5x^A0E aciB[S O/Fߗ7ɤxF)C%f0׋:aGԣQL4Iְyh*k'} [#\)ݪa,ʚl 76E>K48ܺD͐-h:d17]B,xj[yNz8x^mAO0+F@b@\ ە*{U'ΰؖg*mμ7} +0SfC'nw1{&SCv8C'or;?ئ; €a\L0/.yK _1bp$T 0u:MɣuѠ s2k_ݐկ v8Gnۧ{W'L&'qߺC `04cj#(Zq $j芅X%X2cwuFɑY ,RO-,2 D X^ku<N*60ja1_:45 E*&N-4@23h߳9m~w}n?d?HzGx^mQN =_ASn[4&sO xw\GS*||8Gָ' m̕!]4! tNo| FΕ<0Vzzw;˒rx Q b!xށ\pэR/A5hJ<:;uƒSP;f0|:H`.t~4{~r<<;>/G EG ֩jWcX"7n>6!q&/.PtϕJ)G}IN s,1tkw4iMbC|9 N/z8x^uQMo0=_17.lV*Zi/H Ԟԣzmמ ;ζ=(}̛X60p0 exb H"AyVBLHLn do7^^}Dyr7KvtȔ| U,T(-Alq򦤾 i i>鄣K_$/-k'cEs.HlJ).Π+ͳ>6 Ghj0O9uȔx-3Q8x([[M1:^%hZSi%aJnoERO|ϥPهN2Y5U}>wAUYT"]Oux4}nP/Ge'ΗMiP YS2 !BvNzx^Eю E7_1K[M6kRTR*D6Z\Ǜ/Ɖ‹as PjI UjV>&VИ<jwxQhTc{i?;ȉ:PRuƴdA^a000лPeӠTjTZ9o)VYt3qtkEVN}ESmݘ-M ~+0s)*jPR} o+#9D>dyO9rvF_']>IM-.x^Qr <7_;fgr~ r nq^{[vW:@5`o[xw<9c8ŋF#s8K Ki[z\,zyfMU'Fc =6kAb-^hށIzo,YԐNRSkUr>+]G])6ݘ{J7CRN9-ЛZ$ Z5V{UuQ(kUb[^RM6gE봬!ϡMjmt)o.lyCyOJaKs`Dz즮0N[fJVzz8Qqm}=SI}0?|>]c$\lBx=hsg8! \uq>WO+پU<(:id9U"%]q+q̗,竻ݢ7Q#=m~}ٺin|KtaG<^}kۇU. jzx^AO0 +,δ` mC 4 5I4mJn, َ^3AI\s$jqEbll"I֢˜k_ogY7`LdQ9hp@gax))`ʃ53c7T 6,V>pNm -^,aC\/7l+V .PhOa[*ZހSR:njGIË |{ CmuiF_ d SHA3A >D! T8XԴtnקSreErvoJS}0uG5H o_G%34r*Bp-)/9z08 pMzNKfn[X?EU6И.V.(W[ͮC'shEK0iB#"fk?"줗b욶(ՕIaOՇ١dlWޛwM(zRE͔,}JbFPi"TOJf!K*"Ž t\djf .]7yfy,Nc<(P't((s me}yAGX^ɫQqqWݟ0w~H{~zGx^N0 Ψ]' &z ;r3g&!q78 6ąHUl?;Q{{<FJNS(~GoYWsU-T-Ϛ+B^K9LGy HPMX3?j<`Mr! Q (h4Ik' 1Y>M •fBۃ!ޣCA`=hJcDft ̈́4 CTsiQlVtAt1 (lz{gNG0n'#{@fY9躷  WM)QvNtztx^QN1<'_̬$B B"Q. H{uCmgVy\9]U]u\,tţV)=JJcQذ( BhA E+~or+)ᚅ)80gJLH% #@;9!Yp]ck Jm;a#~aɞԌ'8?Y|~ov csj,zz#S À {:d]˚R=&Q Cnh~D{: nOκS/7e _Ў\Kc(|X.[yh&x#%׽3[3l7t|hz&Jegz)#a90.tg^.ries/14902/ 2005-04-11 2005-04-16 2006-09-12 mozilla -- privilege escalation via DOM property override%xrzx^]PK \ǧ*G VRfR x%!c,"V ${ɲ]фnvK\_r`Giu$M.gB:aes{k0/ {oݖ1}ju'$P-Gvf{GǂVb, y@z+x^mPN0 }f_aB%~^,Ҥ$zҕMBO?nkUպ /Ҭz{&eSe.+J\<9߬ty:mݡ*{TTY]Gn$llТ1RH?9c`/L!(bǎ墋Ecþ'#~ψߩY=h㤋 "Nj]v@ׇ8ټП :_,%Kv;vĘ"& c AXNb9 35R ~>'A= okrkr6,U\|W0qKIP|z<U%I CVE-2004-0762 http://bugzilla.mozilla.org/show_bug.cgi?id=162020 2004-06-05 2004-09-30 mozilla -- hostname spoofing bugŀ azx^R[o0~W{ ґ%n?MQ,xsYxcP-rEÅI4BLU0(z)d$8"+? I8 bU3Y +ULJk'n"y){|(b&ukqB;4Mai"G!fﬗFi) Mts\(aj*q-H~m);L|opPqh Jߋ/^S2O.dV8L(+?.QjK]Zׂ3߅yˠ &_N5+v>` Bx^]Rn0<7_ʹ`<[ZkYc@m-!-ٱ1M L@MX T!X[c_Xshm .g!O:mA+Mc?&TYZQ32'=ɤ\%R2%HS"`xA o&9a8E'%蕇~qgB.]nJ:Pl2l\ge.6^d'qɉ3vZ/^Դ]ɹaQ#ERbLt