news.debuntu.org

Resolved Bugs468693 - Provide Python bindings for libgdl on PPC64465070 - FTBFS gnome-python2-extras-2.19.1-18.fc9470903 - CVE-2008-4582 Mozilla same origin policy bypass470876 - CVE-2008-5015 Mozilla file: URIs inherit chrome privileges

New upstream release fixes a security issue with CTCP handling in
Quassel Core, that could potentially be exploited to send
arbitrary IRC commands on your behalf.

Resolved Bugs461461 - clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)

Resolved Bugs

Resolved Bugs468990 - libpng: "png_handle_tEXt()" memory leak vulnerabilityThis update includes an upstream fix for a memory leak within the "png_handle_tEXt()" function in pngrutil.c, which can be exploited by malicious people to cause a DoS (Denial of Service) via a specially crafted PNG image.

Resolved Bugs470552 - CVE-2005-0706 grip,libcdaudio: buffer overflow caused by large amount of CDDB replies

Resolved Bugs448525 - CVE-2007-1320 xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow [Fedora 9]This bug was reopened, since it was found out that the bug is still
biting us.

Resolved Bugs468184 - CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL468550 - CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL [Fedora 9]

Resolved Bugs469655 - CVE-2008-4863 blender: untrusted python modules search path468582 - blender-2.48a is availableFix CVE-2008-4863
New upstream release

Resolved Bugs470079 - CVE-2008-4989 gnutls: certificate chain verification flaw