Releases

frugalware-1.2 (Locris)
Mar 8, 2010

frugalware-1.1 (Getorin)
Sep 7, 2009

frugalware-1.0 (Anacreon)
Mar 22, 2009

frugalware-0.9 (Solaria)
Sep 9, 2008

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Donations

Donate to support our development efforts.

Recent updates
lib-extra/adg
0.5.6-1-i686
xlib-extra/libvirt
0.7.7-1-i686
devel-extra/
 libvirt-python
0.7.7-1-i686
devel-extra/
 haskell-mmap
0.5.4-2-i686
devel-extra/mako
0.3.1-1-i686
devel-extra/
 haskell-haskeline
0.6.2.2-1-i686
lib-extra/adg
0.5.6-1-x86_64
xlib-extra/libvirt
0.7.7-1-x86_64
devel-extra/
 libvirt-python
0.7.7-1-x86_64
devel-extra/
 haskell-mmap
0.5.4-2-x86_64

RSS
Languages
Change language | Change language | Change language | Change language | Change language | Change language | Change language
Information
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Server information
Uptime:
91 day(s) 21 h 59 m 45 s
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
FSA640 - drupal6
Package:drupal6
Date:2010-03-11
Posted by:Miklos Vajna
Vulnerable version:6.15-1
Unaffected version:6.16-1locris1
Bug tracker entry:http://bugs.frugalware.org/task/4133
CVEs:No CVE references, see http://drupal.org/node/731710.
Description:See FSA639 for details.
FSA639 - drupal
Package:drupal
Date:2010-03-11
Posted by:Miklos Vajna
Vulnerable version:5.21-1
Unaffected version:5.22-2locris1
Bug tracker entry:http://bugs.frugalware.org/task/4132
CVEs:No CVE references, see http://drupal.org/node/731710.
Description:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed via the "langcode", "name", and "native" parameters in the languages interface while using the Locale module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer languages" permissions. 2) An error in the handling of certain sessions can be exploited to maintain an open session despite the user being blocked.
FSA638 - wordpress
Package:wordpress
Date:2010-03-10
Posted by:Miklos Vajna
Vulnerable version:2.9.1-1
Unaffected version:2.9.2-1locris1
Bug tracker entry:http://bugs.frugalware.org/task/4131
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0682
Description:A vulnerability has been discovered in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to WordPress not properly restricting access to trashed posts, which can be exploited to e.g. view a trashed post by accessing it's page directly. Successful exploitation requires a valid user account.
FSA637 - xar
Package:xar
Date:2010-03-09
Posted by:Miklos Vajna
Vulnerable version:1.5.2-1
Unaffected version:1.5.2-2locris1
Bug tracker entry:http://bugs.frugalware.org/task/4128
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0055
Description:Braden Thomas from Apple has discovered a signature verification bypass issue in xar. The issue is that xar_open assumes that the checksum is stored at offset 0, but xar_signature_copy_signed_data uses xar property "checksum/offset" to find the offset to the checksum when validating the signature. As a result, a modified xar archive can pass signature validation by putting the checksum for the modified TOC at offset 0, pointing "checksum/offset" at the non-modified checksum at a higher offset, and using the original non-modified signature.
© 2003-2010. The Frugalware Developer Team