DELTA 536276 0 30604 SVN^f"v0W>^X0x^MQAN0é|YnoMNuOx^]QN0 }x@ l11MoH|A4riտ')Q^>Y//vg[bOt=:3X=Uc5Xt5N}l2 @OBHyxx4e2 xcwZ i

A flaw was found in all ghostscript versions 9.x befnTk9Z~O&l19-09-06 asterisk -- Crash when negotiating for T.38 with a declined stream asterisk15 15.7.4 asterisk16 16.5When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in AsteriskLlLtv@iuIx^uQAn <7r v;z5w)*1.-Ŏݦ@ p"BUB2{[iuMښ@ 0I ˸(n~=`X,$ =4~:$p!r^+UԓzX xm˿BZ?͎G3p dOF)`uUBf&s~qV2ZO .cٞה3UyrylLpBlqu/,*yFJYAN -(|up0Ѥ@(%:%?ā6XoВ62!O#& t8 1(jClZ7]Tc4vY:'pc.%'Lt`o="-}cS{3VZpC"ߣ;"&b%fIzx@P8 Vi]s\`ln> gitea -- privilege escalation, XSS6The releases/tag/v1.6.2">

Security

  • Sanitize uploaded file names
  • HTMLEncode user added text
    • https://github.com/go-gitea/gitea/issues/55657fation disclosure

    Private project namespace information disclosure

    Gitlab Flavored Markdown API information disclosureabout.gitlab.com/2018/10/05/critical-security-release-11-3-4/ CVE-2018-17939 CVE-2018-17976 CVE-2018-179755 2018-10-05 clamavclamav 0.100.26SJ~Hv0uKx^P=o0WD+H@K[KԡcHl׾ ehz{~>654S`Kg$YAؒv{O^rzik#]uE傔Uo3(z2&sYZUYhViաpjdb:^#^c?PV83uRqGf,gԇר&Y:!Qa]Pzxj͸[P (Hqq8؉'kN#Kܻ :JKؽ%5.1i`b@u|x^J@ t׶X& 7AA"{Y Lg4]rPqVEIp6{Ea ee7&їiMx~!v} F44Qo6WӸSReuݫtpۙ?0Txz}MG?wuDx^uRj0>7O1MiCCBBHT˒";Rb5i_8Ze4^՝ߜ}7V%>V$!qcT.&ЖyݢӐKP@yx|x=\fCa΅gBE6@<:>pkTcA45Heњ7 ClB/&oM54cQ y98]*D$ѱA 8=@K\NE[jB&ᒻb7ųzz<81[[.66~޷l$uSTDBgW˯ ֔sk0_. A%w 'qJ]d ؝[ Qk{R=oxpAuO017-15898e72a8864-e0bc4.2.010.0.6 10.1.010.1.4 10.2.010.2.3GitLab reports:

    User without access to private Wiki can see it on the project pageˀ!, F@ "[%Ca@X*ename> CVE-2017-14225 CVE-2017-147679-11 2017-10-12 2018-03-25
    • CVE-2017-7546: Empty password accepted in some authentication methods
    • CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
    • CVE-2017-y _=,u,x^Io0FK{țlF4q.z`80E \ߗJТu)@ ޛXWRhM* M!<%IAnMӓV/W/NeJpɁ5dKxP~.=~L,Ě+ot0%dr6 K{x\+\XL3H YtG?(K;k #ғEi𖵏?2x'bmq\yWϻ-k*7vNJ={%]sk^9l\n4{Xf4Fu|k)[@y_k7:Cю|+IWGYg0¸6/~$/ B u x^= 0_!81IӴR "n:@mҴpލs^ՄvtlV!ZVoÌd=3VnKCD DP46{紩z9x]ZT6vD %0#(mX ` b10ey=eX`/lY@g>!f/u>8685e23-ba4d-11e6-ae1b-002590263bf5"> xen-tools -- qemu incautious about shared ring processing xen-tools7.html">

      The compiler can emit optimizations in qemu which can lead to double fetch vulnerabilities. Specifically data on the rings shared between qemu and the hypervisor (which the guest under control can obtain mappings of) can be fetched twice (during which timJ[t@<ux^AO0 WX/i ѩT $nHR[8Cp] R({{jrQ:BUm]SYJleBZ>.J-EOS/gwp~L1=k@\FͳRei3GB_yU_=lnJPwh#]Oz_+PyibGze2/bLTOu;![`pԀd+F1{w pl-ƁGXjrbJba "8Ƙ)&ؒH!No䳂џ(1hk z7hc #|5[˭D[9t@uS=_hMLRztmx^Mn =K"M}Vƒm@rn6`o4gf`P t9'yLqfl_^y!ײ,l+Ӱ* Ӱ& {Nd zK5Pp!k?"O4G/+3 h݀h%^񚗠`5Y3BȌ%tӔi34؀|%~) p辔}}N3ҥ I4x^RN17gĴ!UDVv6)4"6xhs89 i2d^2@Ȃylut`5ĨJ/%eށS5d٩'z#%elb0 )vu7\3R6h_*\6؄`V&UCGuٺG xs%mz 땢70hVѸ[\ 5"ݿ ̤@(iLz: [ڑzv?O:LNux 2016-01-18 2016-02-28 pitivi -- code execution pitivi 0.95Luke Farone5/12/23/8">

      Double-clicking a file in the user's media library with a specially-crafted path or filename allows for arbitrary code execution with the permissions of the user running Pitiviurl>http://www.opens^T@4w@ORuq 2012-12-06 2016-01-186809c6db-bdeb-11e5-b5fe-002590263bf5"> go -- information disclosure vulnerability go 1.5,11.5.3,Jason Buberel6/01/13/7">

      A security-related issue has been reported in Go's math/big package. The issue was introduced in Go 1.5. We recommend that all users upgrade to Go 1.5.3, which fixes the issue. Go prPU[>J@ufx^j0c' l54&%e+\9s(/z]PB#i,cB3p>d XU8\w֍(Ah=j D+=9e@H0LNכzE!\]` `nTku@7R+Ӄ9K.CoOP1#7HU|׶?߶!^z^6SzHZedEnXQ4^VNhY[quUD~Td7\vVqT2}^r(Y= (v_(QCi?Q F<|@ptNN|u omla! -- Core - ACL Violation vulnerabilitiesge>3.0.03.4630-20151003-core-acl-violations.html">

      [20151003] - Core - ACL Violations

      Inadequate ACL checks in com_content provide potential read access to data which should be access restrictedcvename>CVE-2015-7899 http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html#7"av#V~DA@mu'I,5eger overflows gdk-pixbuf2 2.31.7Matthias Clasen reports:

      Fix several integer overflowss://mail.gnome.org/archives/ftp-release-list/2015-September/msg000139-01 2015-09-04 ;fPh=ʥo4p<,A uêEJœtsC 2ɤ\.6*ҡS\Չ3?XN )ֿȾrǏ''{O1Fyˮ=l#n2^S"'!w ʜmo Stux^RMO0< IZTABBRqEi-;8i5ݙ2:-`AKC[續~YQʵ4-Ѱk1eLK3:RNBhYh@qГe},pQ#wE kɳi J cفsrFO<0N{ʏ('m eNUɌJO1H<&~mY'Vo-g:%s 8E*AAjSs2P6Q ٘kÈ8 r23Vh>`oX8j^kD˧f,tƺ>|wwBR9_tI:*l!Z\~oz[Su>jVS$PgB {Y~7u2x^eRM0<_AyB$ĉ>![g:e;߳iZd=;3+: Q Zr.#b'p&@ eD[ -1 S@ZauAOyIFjv8 y<+iKnjC,A^6(^70lR A?"KQEuֶO(ityg/Y(#|e*LdfSsH͛uz:CpCZz L~iy&Nǹِ۔u>٭ZڏEyR9B>eǬ|7h/2eɏ++/,*kk y:qm}tg`5WN7mv0m8?n\A*M@v5Gux^j0 4v#hz1h 7VSn?Y:N2-j弲1\)mV9L,Dˉ ]8KZKڦ׶o?]f*[ r5v6uH0De_6E/vź,ؗsCFs* k4a4x4ƍS)@"^L}W5qm\ ruz!;H\.UɍItԛG<,ۻ\|[9;"/8T3X6-]/һH-S1u/CPHiPObbȀ&)Nu=x^R=o0_qHHC J:[WSmT!mV:2r?MO!܌7E;M~cz B\ڲ`H>KQf0Gcޱ*j 1  TQFg`Pcn*='FJ@(C\xa"dg8QbKɨ sc<٨UNpE\zӔj~Rإ8[+VZ2rv8njAj8%(ޒ]f{Ի~.uEW폤7Ji/j|IT IM;<Q'JHx(..Vo/&dÉ',SI\x*2PlԾ/u[Xug(eB_ڗY*М q s#|C4zTB_4P$o(+/M&*QB~an{OQ-|]%ϻCC>>5Pq$Z=OɚBX6s-o7$ڥsѫEC4fFGwuT+PoZZOQHSZN 䂹\y\&Y~dYRhhub3-1762 https://www.stunnel.org/CVE-2013-1762.html 2013-03-03 2013-03-03 apache22 -- several vulnerabilities apache22 2.2.02.2.24 apache22-event-mpitk-mpperuser-mpgT1 u7x^]Ak@ ͯRnC`(һ{h B|=MtMĉW:JN[ԣ}iHR3UvWm~mn>>"㸀cJg y_F;YuJ| >TE)2fd!])jA>Ǎ; xEjBE}_ly؇1轱P8cpao/?`@ō"< rTRb-C]3_6d)%㯗ށ7Iz7={78y+fS&=l |n g7Lsbt gbv>\=% { u x^OO0 )|e&m_1QpBYn, qZ(-cCc?_C *F_T=/[IsGX jNbqjnSACΕEy ۛZr1Y_F9ۡHFi#;Y1%kip̽bg<Ӂ.0JD)l_->قePKk9άoT| J SVX?dv)`"rUT}Rjn_q9j8OBePH0S+S5)#AQ8cd_P'FhU~RmWI<  u x^uQo0W栀TU ;5ձ7J ') ONd7;3F̳|= *!*t4zh'΂-TMEJio^3-v. Z. XmrvD/Nlk {ws2d*1!d Mqj2s/,z_T~ƈ:~nK2JpRTl6ٚu'itZLYt䐶hGDMa-mWr]Wc[:z^z=Tz #Nv|cb/B#. 66Wy}{xCڙ1d>2t(ȡ~.n()L)LĶrȜ9yOv?BYC_HfP֤8:wJ `  u x^MRn0 >Oh3رa hK^,m7o?RdY~ >/1Ƙ7~@{J$Cp#Az$9?* G*l#2"P&Xhf,8(1׎ibRXdMk]3oί/ ͹K>q$a]r.Y pBWJ UMn1l,c^QU.iE9(eackFrer lF\9(͏͉ -[߇R7@͚ =EX9Tƻ^N@EN<*hH7gkA㛳ZўuN*OEWޥ V*+:zlW Z+HXEMӎNy+=6u$!hwvP>uEx^mAO0 SX\xOZtLJ/wq{r$Jܱ}{v"gܮ`> v#J;7ER#SAS|78}-+]cb*SRV[ZifF]GAhtL)" (`g\* =)-<|vuXo9Lr@ޛMQ'wI&p> W: }-< Crezf$Po1WBe!^)tžحA;`Χ6d H 5h=c߀,'K OeσQapQdNP (bϘjyϠ9OFٱ/%_GNvu=x^n S-i4;L{]'P?Y45j|͐HION|$:b9h$6I1CLƎKeKK%^vbNHuh_׊-`0YE`U%[`S~;n_ֽ8 ,ϋF6b\)RcA;A~<׹VR~v?BuCx^mN0 .\F+T&mek-8$NKyz\ QgwSjZoX@2±)r! q_p{SĂPӦ<!+S2Ml=dw,^漸 g>|,6XC" vB@ RzaaYZmxMîcK>S%Ej\@b}i[ WSJ츀l\{^ }-T(*(eLZo•h5SGV_gP5zqM|Mn C)u^[P-愝!Ƨ?\ԁ&;S="u8x^MA0Rkm)(TA.d J˞l8h-Y'o2Id/ ~5Ek4W@<]LطSQx HO0',z3-q VAns S"Spʊ" Xm(2٨"h8} ukU%8sCrsJ_X)99H$Ԍ+k ;OZWzp>PP7!$w3a$Tc̘nߗ4,_ù'UxÅU:]x,lU/qӗ_7;u? {/esNHh|6-Iݏȃn~L[-I3 *kdl*zKMv RRgWt4Ca(`'HZ M!Xh@@cuKx^QN0<ӯ*qq  ~@&iDv*8M(@X4ofbҀ֢,we֊Xا4RP7qJNzU'3twBj xgw9)*wPdzZc#Q唷a@'nb9|-E,g\C&*D4L'Bvu>> libxml2 2.6.32_2773 or to potentially compromise an application using the library.

      1) An integer overflow error in the "xmlSAX2Characters()" function can be exploited to trigger a memory corruption via a specially

      Successful exploitation may allow execution of arbitrary code, but requires e.g. that the user is tricked into processing an overly large XML file ( w ux^UMo0 ͯ zڀ#^g`;{@KTLԖIQVt:K5u}-Kq<=Z]M#5{dK&iemwf`abuq/XZϟŪJγ(,8l`gBpAmrjػR)q{T/xZ(=fJ(\;\6(f{uנ&+A #x##~#DRsXe;V wNgU vVgf7 4 )L})`/i-@)` y9 {"QR$F/ƅit $+^,fc>|'bztV>_wͣi$'dvqn5 N (BuIx^un0 SX{kUkUigv Dى2Vaq0ol5OK GP9\¹$07t;<63v?S] &BnX!an/ٜȶ+*ڇJdԨ$kf Y|޵g0N$r&}R'[-ת7&cw"-nv2E 2 /;HiL~vMW#(l7DW)H_B()߇%Jł&m^ k1I%oڂ=usB@T~ux^u=o0gN08v%H:waq&VBچ_Lz7EXg8^l`сDǜgx8Ŭ n)#Fڪ"|]jH2pcj|tl3ޖͧ2pipn< :FXgu!kR96(wMO*j¶U +Q5Y!eNMYdˤэV5?6@(TR /$7$ibx0&8awwNf܋!xUciJ9`Hpkꪨ eF]6=̺tEwd,=HN63hQJ1R KaI ߟ;jO£M>lB\P&8%¨zsB [Eg>[7YtӐxH2v>,uv 2006-09-13 2006-09-30 freeciv -- Denial of Service Vulnerabilities_2Secunia reports:

      Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS (Denial of Service).

      An error in the "generic_handle_player_attribute_chunk()"  >N@t>x^eRJ$A >O 0,(<ӅeHFgهߤjtYvnHI&x̥)TEјu AP0 ._}%¥2`+&Ĕ|D.*p kA#g. PUFwܗ>LIi׍R@Ci'J_ZE8PȮOE=Q?33[9%~5j&Ut=&_F-r5gbp@㴟-eczŀmY=w@u;x^uj1S >Gۅ&iKa,"f.guP.+-ΑmzEfغd53r=4c;ۺ_7hPRܢZUZkfANY{gnJ#J)@ sm<Mr}qoYN.(z/),t r{*O ]qoyŽ\e~( C1+xZ' {gR$cPj zrA*/If9T ыj{]oJ4 =!dé?Fkğ̏kK[{EhbA(S"H&֖KݻQˠY;]2g^iD>P%1x^un EW,b`3-q+Un#lclc׏R 4 w\gH!BnѼx>ZzcArrKdF!U8b?9yѐ& >~$2~6Bi\gޘ]zv} cwBJ1+gǝ090RD1's[9 'p. N&{I2c~;ĉF2PF,\Ӫ<-ef4Jk<e}YJAR7hj"ȔVRĨ]N nY|=u|x^uMO0˯z؛;N? 7H^@ZZqC=i-;qRqҦe}< GkUa Wz-aǰlvӂKa]XoJlA6,6s@BB<zx.8ou빘$@H ,h/h!qg:aN17\%_9c r#$k9}-k:b5r6/IIbV\B]$ir193˟G9S@rv~nuCu8+6q?K,PokD {MG UBs+yv\O.vQSGck:~) V'OI|^ /?+kpO2 g- software745b75152-ae5f-11d9-a788-0001020eed82"> mozilla -- javascript "lambda" replace exposes memory contents mozilla 1.7.7ހs]>;u.x^Ao0 zn&R$p3; y%*K(E~(Ma{sT>bĹ;^RX+A!F(#ҾCiWoGe">u1{!rU6JQlz\ }(@Ƶu'Z`` v2B' *tю :І&% 9qܾpє׸G5DX^ {NiR Xrlu7x^M0_1%ʒ88#qvI=_M˯iV/e?3vu.p6V[Zʅ]ױJFoS": ? #Є6L8蒂wwV_@WY[ b$MyHJ$Z%# 3F 2'rлsaNz.!HJڈ Pಯ }1 9weCfmX5f.۩4(pqd7Z`Y+n& +[0.q2Iro>n #4Ir92aA(&rLΔ|PFTMfueTdxF/gn80\viz?4bvW{^MK糬,_Ybb];<\X s4UI,`4 http://bugzilla.mozilla.org/show_bug.cgi?id=255067 TA04-261A 84720da690355-1159-11d9-bc4a-000c41e2cdad"> mozilla -- vCard stack buffer overflow}YzkN7tDx^uRr0Q*$(EbT)2/!E")+=iRBaT^\qö5VCש~>7_Y5]wH=i: +K?~T`: HGmt֔z]pHf8Ӱ- "6ڦzZNDOz}{Ӻ5Z|vQ+ŤK'c/B]3/_Rg얜ãFc+miIQ.JRJ̽ KjQU:狓mxiNl~/<$N3g7U@-MzF[2-':)j :e!/їy%sxE1?#'  x^MRn0 >OB_`4Rέ}15 k!"_ُT S_ŗ 2~=@0s<ȹo`ߴf ,M$]q!(} z#)ha n5$`VŇB7t*0r~dIZ,'|6i>wCso#9o\ʓImR{a<=+GJH"ꌺpFzY;)lcch,צF%Տ y|iJV}6dtԺ|ٹ4Wۇ!sq'