DELTA 484486 0 33740 SVNZf*w?cV@QoX^x^Rv !Q6j`=v[*?\ 3/T}NHd}dZo9+rS|4I QrmYi !kлLi=Cb?D1F,j/|   _mT.GZԴqx34sEaB.OQ[?Sq& VW@Sv@ =)x^A0ɯ\c$%jmFy0``d@H+UOÛ={Fvkhw <t78;}]m77O,"?å%p7ӿ1hW(u`󷮶f O)@M:Z5 <@un -NJf7 љ agΥm(h 2BOI')e r;zy<'?S-[{lj,EzI4[d9ˎ?G}X%O\LyRX٩QѝQP);'dʬNw`-\>_ G'WfQ)9р^aI|F!6 UjX"e|PJ9G x^н0YWZ&?$XLA^Pmz;6 #e,XPXOlc$%E8Xcǖ'.VዞCjhRS-OC9~сLnoW>CU< ]Rj&.epkb"HJ9RΆYuyϭ^sRڕ_(ozXŰ@ O9G9x^N0k}Nێm!&`4&**/8cg醆`R^@~E&j=xdV"2peK5.as4+ Фhj "< y|o9;drb7 YȺVf݄ D{NxS"dVn>H5.sdq*'?d[׎a&(KXl;Lǵ̶MuA7MJbZCPUZ[U.# ,n[R2j>&Zi{Ko9Z>k}O KZ~G_x^Rn0ƍۥ3Y"`7.O^q g'<2S*y$$٬,G9O?`(fQ L,)I{yJ;x۽C$CiheqWlkK2Xw*FOpׂ3yvx/Z#>TUNd{wi؂g sކ/D/Ce5];w [_g矠 l9G9x^AN1 "tc'ĴرVPm-,\q>lC7ףi> >`s ~x]/Hy|Px8ouYmeߧy>Sc`)Z2)P1Xr֢uꄣf|Q$ elSoD . XI vDN]B9rC *KEdZ:[t*keɆ@GH BpZ@I@@J>mGUx^eAo _1ʹucREXal`b*=Fk FXU82jD. &H#1d<=A^tx۟=i!mG &ApE51^X?~m^,.X.>, fF)%a#`pA9ݲWoy3ՉFQIhmb1Mnun^\OPyRtU1c9Ο]ΙHG4x^n )wqcbYK۱R_(?NvԩL9Gn齳 ȃ>mxL6*¡xх`0Z[8ri NT%ݓAH{x}pÚELBh )!QW\~EY{+9#N0s27mr#'W[i6*H;?߬`bpp*{ap2%m<p(({<  {\ʝ`jFKWNa42j{Z= ] _kRd : E{],5mYG.org/security-centre/665-20161202-core-shell-upload66-20161203-core-information-disclosure.html https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html 9yNdk\'JSUJy2ϗܬgVhVWo3P jҧֆ+D5jqm <4 ĆX_auD#x+'P/ z[@u夫"˰tJNjl 'YV9X5AKɈ$_tB'/7pH05{Pk"!O:St ޜox"'r߇`tþq4w tFz-2ž 'y_NvR;hP@GIx^]Qo ǟOai%V!NӤ>w__J 2mƓ17jDf2@)ˊR E'1XO6}|Nw-=lrx"~fĬ+xy"a%yU~(uMS]g 0"S?<@/d*GDKk!K޵ͯfJUk SU! Vv'i*Q*zJ<ՙ\Hp9Dc 㽐Ý<0?Vuo/X1)JWǮ7LY{9Fq@)1= )i8/B~H^ÕY~B6 OB!é|S eH+ˀV0@@cC>G`x^]P1 =7_!xfdi`)ia ˶8=I3Kkѳ+o%{(8|)SWVެeMkxI3:w2`hΙTZl"DyvA!gV0U`J!=~ PQtˇ<%F8ca΋Od2 DU&)_6?Jm䳔e]Ѕ̾s|$_$ŐJ׷bQt0IWp;SKw*׬ u!%01g떩 ќ9Ĕ>»~>TL1G%x^Mo @HbHӴӤNiHȀڿڴk=ks6-*Z62\RNLqe0 Nƃ| F/*l˺e ^ԸYQ$.u]-ν`t~8eb>^;#kBDGƆTQ3Dp?zѩ' ca_8l9b% wA&8 `9=`?GYx^uRAn0 <' rjhHC}-1P]K.2-p8#SMCa$i\=`yO  iP\NUׂGQf0$ XIXB208a"@=Fl >lz_[z+[['-jVi9˴=I1rBR*)eٗ 2D[Dڔ,i*pe\ʸYX9W5??<>=w,i~P4 ZȂhZBωC&f^?g;,GVg]#D+v']Zv;f?|…-ˊ寮]ΪV+C6)T!y,BG]yHg |ߗf$oi?feRzJxvOGx^N0k)?!F'^ެ7G]R `};CO>z xM㊎ӻ˨Y4JΏvÑF1(7/eފɿ*ƾ b0.kҪE?ႈmQ"9VDva J+8{kZu`:'Ǎ!b+6/ZuI=Y3 +tiNy`NG)rasad J Pandit, Red Hat Product Security Team,7/23/6">

Qemu emulator built with the SCSI device emulation support is vulnerable to a stack buffer overflow issue. It could occur while parsing SCSI command descriptor block with an invalid operation code.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoScvename>CVE-2015-5158HuwԶPL*-'FJs*mؑyy3lb9bx{9E:}cCX]&N4,s=F-N;؍jt24 O@ɀ1Ay>[ODzƓwOh) *%f_a1pfI/M- wpZqCMOJvu]ѓ*m9۷#<_߲TإP\VZ_LCjV&{?Z =ĢIZtV+|gGǼm0۲aW?yRWRyX**+Plnerabilities ansible 1local data when using a legacy Ansible syntax - resolved in Ansible 1.7

ansible-galaxy command when used on local tarballs (and not galaxy.ansible.com) can install a malformed tarball if so provided - resolved in Ansible 1.7"j!M?nbbfJ=w~ <x^eO ϛO1i{!wJO!FNo_{+U*ҠpO 3/L+bw@ x4hkF1<9e^gG?C >8& |9|;)MBXSg1g1Ccaddc՗BHٖMN |N]yD??՛E[uKsO&(ާgz(oxP9h6*lS+۽ _tSW^Q1(;c Gv'uucY۵[>ۅpɔIIeqZKJOVQՉΦ˿Ёx_Y2V| G x^λN0b>87ٗ4+$::DaI2Zǎ~=&+PP3=S#I5g~;iԈu38;R33d>V#uK &Nv1V<6Q@G <8Ԩ<>ѱ%?Ri⣞4i_*lN/(xqclhZoaĖu\Z XsmLzRlV͟?!:gK6]^ѭp՞+\o\qXBꗙJC=`L92 https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e CVE-2014-8962 https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 CVE-2014-90285 2014-11-25 2015-07-15 5ߜ0pd L~PF>{ ,]r fjg 'ۖpp؄}y}84ێt /`jZP#uF8b,$WjbD@^jAN$_W{ѽ؁ReI~ohcM@+P326fd5-fcfb-11e2-9bb9-6805ca0b3d42"> phpMyAdmin -- clickJacking protection can be bypassedlt>4.0.50.php">

phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed.

"We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family." 9G9x^ő]K0_q؍WmR M+z;ۤIۏ9oA%}5Z:Y'^S"Cx`yW9V9)mj8pXfO`pS!YMOxʥj2V5\<Zo*m_ x;ʬ-o*>ty&e2M#-3NԒٻvgG~+cǯH~ iDUJ u~;Im-N7 *|wO'''u "Xёՠ@Y8ׁP_PJ},Gx^QAk ="8OL`wkL*ML4~1mz|~Otde#c#9cL*@u:lehbb24lжCغB@@q N0ǐ7}% ~P{뽑7ٙ{Ow8]h䲝p`ƫO&KOY#Bʴ_7)-YeН+- (L*6*D"s( I9RILuVZms2*ҡ&,ԙ(یR$` C8|'NBU0l仼P!G?o`Gx^=S0 g+4I?\)cG}M\ף|mlwW B0N=x GÞ @Z9^<9btp!H=VT fK 8;c-2MeȠiAjБM r+Q *2XOCm"蒽a8!{QBdIo5X{ &d`Mrh?GV$k ¡c. ` ՝=a0%޾ޣl|ϓ9I&yKoܿe~|XͶI %q|L590GBGrx^]Q;o0 s\W \EK,,Ԗ JRC"a6x0O#+L3Ow7_96û.,YQ9!-5>0QuV$죱ca)*S!tg;IFF(qe&=%SN+ ZFI/IQZF=qt!Y,Kj|:>e Sv4Vef]I/;Θdd[z7vk2uZ=aΕkphCRKź橷. fbU]񎒢"}uH|Ow:mvہ[>ZarquG nge>2.710.0 seamonkey 2.710.0 3.1.*3.1.182-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

MFSA 2012-02 Overly permissive IPv6 literal syntax

MFSA 2012-03 iframe element exposed across domains via name attribute

MFSA 2012-04 Child nȀpv?L8qGwx^UN#1 SXܧi));ҲV+<QC2ʡρs%IYPJj.`<)YtZK[]i|H1SoNQtuY=0`$b*^49Q?w{F>c:2i|X7ƀ~onT^CFKп~JnlX.YەYudK^MӶ͕я<ƾ̑rUT}Vvə^[a;ѶԈ~hnf'ߒ\!NF mQJɜΠdX1,NgGx^N0 ),@ڒ?Bqb}hDTvҲ']7mB\q[9ЅHyӊoÞE۴l:S@e@hQ325t[tryt#2ȭ'5qL|Bx3G~nge>6.46.4_10 7.17.1_12 7.27.2_8 7.37.3_1 {o7{E1w^LBF\/`B MlfcBq28x6IaYl>:>;DqD39PRpnoMl!雔!Ll3GBV^\jCLR7eӈ+|MQ?Md) WEcg⥫ B7~ejvEgM\΢,sԨEEEFT_xB=} #NpJ>)_pler Multiple Vulnerabilities poppler 0.10.6 http://secunia.com/advisories/34746/">

Some vulnerabilities have been reported in Poppler application using the libraryurl>http://secunia.com/advisories/34746/ 2009-04-17 2009-04-18 xpdfsvHqUa<Gq 0.99.11_9A trapkit reports:

MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files.MPlay5616 http://secunia.com/advisories/33136/ http://trapkit.de/advisories/TKADV2008-014.txt 2008-12-14 2008-12-30 2.2.Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data. http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-109-10884fced7-7f1c-11dd-a66a-0019666436c2"> wordpress -- remote privil3zfr6^>EGux^n EW`!+""$A@yXMUUU).hayae:M Ԩ [8]B:~yN(_Vr`*]V[>9~l[ep=h&H(Q׆W^ȳ-0@r ]HQ 0JGF .F\$!V HXK؆9/oem`t ۰͡[-*4Fڴ۶)5)tt~8o8bQX׫ǞJHR^˃YvaF4n0 9M6EסLF!F,Ր? n}ee'!=-z}Yq2Ɲf05EFRy|N-݋H:PFhfHvvMmp;bУFy"<ҁ% ƌ t C`MqT,[v>#Gox^UAo0 zeCE7JKtV׿b)=ԫ8 E-^Q[YFpwfe;c]2||Ym66w֩AW2v09pi1S`K_+:Q$"m 's i`,>b-y?6wU(}ʁ/5xROq T5(SQPv6EFɶA;,8`KwE + ,ib Ms) l{R~c̍X'>㯂,7'lJ'cX-"مۍ)YV͑9;mV_5"??FH7o+&cC~C:إaE< U9!o)̎qŵ xȂ/Z@0G_x^RN0<ӧXLjIL'pM±m>8z4;CR=nK6 ̝IaX 6uz{r"TgƴO4kO:lkMM1uP%Oe!YѦt2X]\\с(␽ǒ&ysrdc1cI!P<hT#٥_~F9FM5zm :(|ii /ݖzݾ< vC/Qdl*e`&RV=SԛayöZHug5B]CTP2.$&@fg28?H.;e;'HU邟hl._@@Gnx^OK1S =)nTK\(o^<٩L47lx2d&k"J0X7p`h݊SOn^jy #pyzoV+>eEQ @MZw̍hlABB ߃P='W+x )#H-jÑI j#}a2-n0:1ǻ"6VޡbG'0)AEZTXiK8bVꉒT$W)W(%i낥_~m v=&GEx^eMN0)F8AT2 \`Oٓ@n.W7{Z),h9J+ñ 49I]SE2IB17Zf}.s :4ynb@UumE׫"תQDiwK}k\0PhB@do&cuu_naRo)$v8梫L.)cYC'L$A(q[\oP>7]An>(nHΰ;-x{Ҝ2J]M9Ԧhz?[Sbqh] ~/)0t,Ú>`0r]65PF3JJSyQyFGx^]MN0)fŊNEq[ړ"nIRJjӛg>CI}N@z ~2ɺ4AtDE22$]cP306$ZА`8s糚eF}&2_KQ ,Doyv7j";ܽ~r|E` ! RZ U{wbXjo7m%)c5w, _V?j^.%:ͺY߃0A儊#"RG/*\m}Cb,6P18{r b:q1A⒱x5,c.W3[DM&%?v'hOQqf8v:Nt|G$6]9PrsZ,+/o櫛 !_ M: xL45R<@]741c3957-1d69-11d9-a804-0050fc56d258"> icecast -- HTTP header overflow icecast2 2.0.2It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly20040928184943.0a82b6f6.aluigi@autistici.org">http://marc.theaimsgroup.com/?l=full-disclosure&m=109646043512722 2004-09-29ŀzv?QMGrx^n0 S;kVdEh/2 %Gi;, 3laL JdN"G hԃe#gc:o naʪc s@&*"eʾ~ dǗV}HEAI+)4e1Ce-.`" Sr:@|'γzJtC!&@3 \:O+5Ԥ-eW0=,J~aۢyc@9UM&(WG{Z긨|oÅtݗdˊa0<ύIf6 C>Iz_nK 6PM,? ˠ$]Ygb T7$~x^}R=o0_qDZe 4 ,mE"-mpxDZIuwƽr }n3>9?Hhso)M{2n{+mb`If_L$}=n2lAǒ3A&A=<>BGIFSb] l#adLjRҫEUlH%ht[n6`;etr cZ4gZN~biAzx8gO8_LnUٺ-lh+nJ|cpV!-^