DELTA 509219 0 30552 SVN,1+fJ>u~9ZSyMmf/3b2ee737-c12d-11e9-aabc-0800274e5f20"> giteagitea 1.9.p>The Gitea Team reports:

This release contains two security fixes, so we highly recommend updatingblog.gitea.io/2019/08/gitea-1.9.11ILMS`x^mR0=ӯ vnhQ!!@r]8 'ii7y<[$|Eg襗G$):'%(M C4xii ҂2Z= UGhׇOo[3{i[{ m|%سTd ;rtqV;c"igFQi5ZpѫTC\<^9hP #DZqz %JI4z&LҿsiŇhl1A/obr٦MrL."oVX ^&#2>8=mҤ1T|FU% U6_CASlx^M0 +dr1=Q H¿ONeo-sz+'5~nY~,Jk CVE-2018-19852-06 2018-12-06 Flash Playerlinux-flashplayer 32.0.0.10142.html">

  • This update resolves a use-after-freecuPVS-1-8-188-22 2018-09-11 Information disclosure - Gitea leaks email addresses gitea 1.5.p>The Gitea project reports:

    [Privacy] Gitea leaks hidden email addresses #4417

    A fix has been implemented in Gitea 1.5.1s://github.com/go-gitea/gitea/issorcXSJx^RN1=WLnHPR7@Ah 춵-`<hC73}ohr<6tM"7-:( 1Zr얀Kd2ذaIp~(&`"enn!!'\,0fK@;l騬U@GtMFMV0hu;]\u/:Al+؋k,,٩p&_x/#,CVE-2018-59968-5996 https://nvd.nist.gov/vuln/detail/CVE-2018-5996 p7zip -- heap-based buffer overflow p7zip 16.02_CJ Scx^Rr0<_1;?.rVB fjRIJJ[ npgңQP핿 Pdxƀ99CZ1@`јgGPSK:,:Ϥ1|-atzz00TI1hRu."9 N{>z^>^XabE&=Ì4:(h{FuV &L)#K8ZhjTǢy2k6V(vw,My:UmV coӥp}g1'^Nb$Uۢ{4. S A^uMvwb~¸ l-S-x^R0kx I0!3T#g[Sl) _JijuE/DZWN]n6526X Q1P EP;2OX#3ҧ24 e\8@z8:,Z@C:k@#ch, =B0v.&oĒjǭuYVc]>K0\vwr,_;y~anX^]5t9+CS{Z v@C1{!/!@ N`ziJ@w@eS>s://www.codeigniter.com/user_guide/changelog.html">

    Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is availableurl>https://www.codeigniter.com/user_guide/changelog.html7-08 irssiirssi 1.0.4,irssi reports:

    When rekfMz|INiname> CVE-2017-0311 CVE-2017-0318 CVE-2017-0321 http://nvidia.custhelp.com/app/answers/detail/a_id/4398 2017-02-14 2017-04-04 tomcat -- information disclosure vulnerability tomcat 6.0.494 tomcat8 8.0.40tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40">

    Important: Information Disclosure CVE-2016-8745Ѡ1(B@CSkx^+NM.-,u v520453ַ/-ʱR;J_\ 21%73O//D&T0Ô fQ s*aA3,)7܀ f\j uc#}0>eD(311422O,N/K-+M+ uAj "`yĒbF4B Z{xS@Ax^]͎0 ݧ +-A=hUDۗRO̙v ZQ>,-9c Q)b]!GdXaEB\(t J Klu\oWRnI [~W,& 3y47!IMr)t.:`JS2m^ KҨŔtǠ 5.18.4_24 5.205.20.3_152.87Jakub Wilk reports:

    XSLoader tries to load code from a subdirectory in the cwd when called inside a string evalurl>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578 CVE-2016-6185 ž%"!.*Щ3ᛁ_mGʪ"hV@@NMrS.Չ0J$$W>qQy.fԓx/q3F~&RPE8p p b\BѪsy^R<ж JPLhga0.0q5ouqb/-01351 $czB93D,DH&"%I}>ܴ6rNƣ08EE\ ` FN+WnÚ)n je*P4l8 5g҇{8D/ɚEFNS_x^Rn0=wb1 EQo=j1LEl6Y):a=όG~?xo8_%"19PNqgz *S?-ȹ ,h:=H"*n62|P3n xK} [hNC pnѶ !>co, zKέEڙ䦻yAxPZy{3L٫4lcZsTEl\klm eieɡ7ʔ3*wcQюh؅+nCZz#'ED\4X+p ',]M4zk3)9% [,)MV7- Z ߿~y$ZHj5v?U~Sbx^]N0 ),ive `{:,"M8+Cdr>e9E׭,#5MUZYպZT[Ye}73+-PY'U.sgۿ148vǛư3O'CA |tC5[`*帰Ov L H̻uNE8y ڷ"8b6#t!FKZ):&qdsV|R?|w偃WzN?eS_x^A 0е"K۩mӪn+H I*VQbf7'bb0i2tl?4Y,Rbk8Y9!Y2]/;bI9/9{NJ YBckKi,rZ[wnB~РX(sXx~Ψ^g-|Y-t ?) U a'ѿ%Ӂx,N@ED?"venx^n!v"R F@ݴ}ºqT*hk8< &֤OSb];vv|a`NĄD`RWd_sH94r&O.EdVWaxWGo}|}6?hv<=3 o`]]Q.:je hN_Z|fu86 #Ge 7\.يx/^mHFJ[)Մ2[7njX#XtÎuC/YRDw$~ݽ>9+ 4=0g7Nxe:5ɜnsD"pVJ' Wnof e= j;cp*~9;uggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial of 5 http://xenbits.xen.org/xsa/advisory-1304db8a0f4-27e9-11e5-a4a5-002590263bf5"> xen-tools -- PCI MSI mask bits inadvertently exposed to guests 2T7p0melTvS0StrongSwan Project reports

    A denial-of-service and potential remote code execution vulnerability triggered by crafted IKE messages was discovered in strongSwan. Versions 5.2.2 and 53991 https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991)6-0910d14955'b&z;MEC?H?{?~S` 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header

    MFSA 2015-43 Loading privileged content through Reader modecvename>CVE-2015-0798 CVE-2015-0799 2015-04-04 qv+V}Sax^N0ǯSzP`t ^3gt@Eu8,s|\* ]l"! qBάHUU YbRy_%2;9U_˷>,\.]|*叜)+~H.A,5x<Cla_Vn;i{نXXoo3DO0}d 7 \C,u&vRNe3 qs@ pGR=o^lv Bh(}f*V_nCdӴʭF;+JuʌU<Ѽ# 9 (.Z봢!ixk jcfsWRiT~_5 i#sٌEFr[NGLɩ.luD| cC(Ӝ٥$;M> SCAIEd,(i'O@O@O@O@ T"Sgurl>https://www.mozilla.org/security/announce/2014/mfsa2014-2829303133-19 2014-03-19 2014-03-20 mutt -- denial of service, potential remote code execution mutt #_m; F'x^ej@ ۧUi!NK !!7@ Z3[}5 9ߑf Hs<:ЏtP)n-xQJW\7w.|ʼRljN[5i$b`Ud@g, <RI91qE*@,fWV)ce%$OD$GsĬ-w+Bh?O/<B C1=o19!r(Ʉm8X+1ZqdUk:tjM4 FHǭ4W QN,5߻, 8wBb|JA I-+~M؄>cGK&t]2);[4j~ |K~&4AZu@/A?~re \ sԍϵoAxuFSox^OO0 SX;f$R F˒8qZMy3Ku*+OX\;<-:UȗAZVUu\X-8!B@m+ᳶ1N# = 1 CaXB' Cr-+؈l[\b,\/38ǭwNk -IB$lS~hm M=dK3LV7H =gc&}y.ٔ;Y5F^3q{A.D,n\4Wz~q)^>~ާXxVagȀV Cur@6x^r S8#J؇%C`Mh 5IǂWK KS_j6_1n-`4~)7v/V 31Hg?I!0hUK6cn uUqL;vMhr ŒZ&^J 4*[3NͲ zo 5.3.15 php52 5.2.17_10The PHP Development T7-19-1">

    The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in _php_stream_scandir CVE-2012-2688 http://www.php.net/archive/2012.php#id2012-07-19-13 2013-01-15 #y"3F@CR/2O~_twoject reports:

    Stack Buffer Overflow in HTTP Manager

    Remote Crash Vulnerability in Milliwatt Application http://downloads.asterisk.org/pub/security/AST-2012-002.html http://downloads.asterisk.org/pub/security/AST-2012-0031560eb344e-6eb1-11e1-8ad7-00e0815b8da8"> OpenSSL -- CMS and S/MIME Bleichenbacher attack openssl 1.0.0_10q\xcF0So CVE-2011-1944 2011-09-02ce4b3af8-0b7c-11e1-846b-00235409fd3e"> libxml -- Multiple use-after-free vulnerabilitiesMultiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file.

    CVE-2009-2y]=3vM`x^e]O0ݯhvO?TtQ[Slm7}m/r?ҮC,:Fgt=KAE,NF1@BsSm ۆ^Y۪n|4e1qA K6y0PrNfe6윛-!`1|!褟2rFs6SaĝzN M=+KX/'rbI;סSV=rI\Գ|WQ9}~rP}H*.*3o 6nFO,'%$dh=wh`DzXNh[~\nrb2p#F{W2 f" pTv%A?Snf3148a05-0fa7-11e0-becc-0022156e8794"> php -- corruption of $GLOBALS and $this variables via extract() method php5 5.3.4 php52 5.2.15Off-by-one error in the sanity validator for the extract() method allowed attackers to replace the values of $GLOBALS and $this when mode EXTR_OVERWRITE was usurl>http://www.mail-archive.com/php-cvs@lists.php"-!R?bA |gs@iS+ase of a libpng-based browser visiting a hostile web site)41174 CVE-2010-1205 http://www.libpng.org/pub/png/libpng3-30 2010-06-28 2010-06-28 hWx}Laa О]Ъ>*rT#x!}\ѯf8=?!`@jT@P x^mOk0 ;/qRFǠ]GEN|O˜Ogy3LbZ8#Z`#V@>1h4) Jځ%G#y&G Bt GwJ )lU3m.xtB@nVYVeВQ45g%/!,j Lhؔ:F$XrUK1a鰅K厩Iz ]gcRk*pT2.QPEYaBNm\16Gf v4`@TE mplayer -- vulnerability in STR files processor10Secunia reports:

    The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR fileWzT@7}xSv*)2x^mn0DWr.(EC/׀!MR>ƳoGk>M% Ӫv-0 aMb|Y'?HH_h7BI+:;P j+ 8i'!)5mgpW4jNJ+@kaKM8av+F=J,Ej% \^9:]u6Qb؞:,?d1 κ38CƳ#K=dT2-: WmT REV$Kvwsacf_չnAK/Zm &%߶?4/m"xQ$i*eR<<͋\ǂ[A]8wSYe> flock linux-flock 1.1.Mozilla Foundation reports:

    Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstrfN@]nT)8x^EP= _:2L" dYNBc} s|"/@g > _v|)Bń1Qz;k`e߶+.'簲HV|R_m d1 uŦoSs8Pܾ~QL :$g XlK^SgLU@z zsKЫABX}9Z@K]Y 5&xV-EapҹA2K 22IeeL3DJU%l_QTKA^^pFw(3GQ~FQۚ6VW߶}3GtV]Ӷݱ; s&m_@Ks@S[x^mQr0иaIdt` ! G2~V[fJi 3µ4X,4n#d!-01^=, T9?iXX+bM QOy-_8:^Q`BcCdR$QQ$)'z硲9 3rZJxRmơQҗ"[~%4/?EUǂ,9(ݶL4[ݴ$/;.HrKW=Q3OgV`0g)ף-" +)ni6SEpV2Q !'ÚF VT$j& UsqwT. Er 89„RyE2/J4eS $r#|g%٠0zhq"@FciJOojA~ztСJ;zCvxc̞.-l[[5㉆[7Ȃ,/y3ס76t=*gö=U9Zb/O3L|ESax^Mr0 SK6Mv; 3ɥN}chb,bdy쒄듄 a؞a)lM}7XAJ}1kg9@=@ú?%;"H v6筜8p+|ŴŐϜo|iqfTq||8WP~(I8nx(5MVψaR͂[.}@ڝ;h')>h:nӠB싺td_]&lۗĂ:7FԦ<ӒS\)u.&wlΑxAZ`t;3H`1ލuC5 N 7Ws]ORܝV]N5,K4Pah()8 }rK!-.+M߉:uksCu:TJ>%}x €zXFSgx^Qn ='_1ʹKvZznO  ƎITUQ97ov- @v•:t7(&8Zj9;@Q\ȁz4J@`_ mjQ\gL\Dq=SŸ)zD5!{ }VR> M}ȗ8IS,0.z2XSqbynXf;G%92 }HՊ-2'z#g5*#rVR({mx]<;myJ/no1[3eDv],iZEhN{ՄoUSHЄ uPdɓ(vFVza8%'&f@]9_;'pAAnnounce of Nag H3 (2.0.4205826731&w=2">

    This [2.0.4tasklist name and taskNag 2.0.3 upgrade to 2.0.4 as 205826731>fq Tv@RS CVE-2005-2102 http://gaim.sourceforge.net/security/?id=21 gaim -- AIM/ICQ away message buffer overflow4.0_1The GAIM team reports:

    A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM<R>!vvJ@Sx^PMS <|ƃ᥎^xP݅M{"ptF'^yĒ\o6ʾޥYŀv A?/Svx^]Rn0 =7_n줫MеR ݳd)xN҄ J-:b5nyϟX\ȜJSC)~y}1x)V,l5XBb:AKi\2hԜwܛȗDS%E(Ξ~v̒jzKARFߥ:Ѳ_]]m fݔR&D3+CKxKhCð58o_ڶMƔ̸HIi\]t_|/٨E}+ |\15zavi74T[6%ڪiA0LY2h0C@] B2:XjKb|ASڒC&tL=F~ K,>t7JuK.~VDBmL4W/((zx jEߍ #~Fe5cnèZvSk[OaУlDAEu}HՂnGv`@SWx^URKo0 >_aB{M'8`E^KLYҖ dժQsj XVbW;ejèTk͹<_N_sA74>`Ly=Yt(HH|JiB$X"T yp2y"tz=[= 41RU/ nOry+}/ABހTk,v@ T7x^Rj0 =_6( +tz`];Qc3пұ2fH *;4j èI+=_r*cJEq_b]TU9b~3X뿡 r;_ndžm]h#' jL