Frigivelser

frugalware-1.2 (Locris)
Mar 8, 2010

frugalware-1.1 (Getorin)
Sep 7, 2009

frugalware-1.0 (Anacreon)
Mar 22, 2009

frugalware-0.9 (Solaria)
Sep 9, 2008

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Donationer

Doner for at støtte vores udviklingsindsats.

Nyeste Opdateringer
gnome-extra/
 gespeaker
0.7-3-x86_64
gnome-extra/
 gespeaker
0.7-3-i686
devel-extra/cssutils
0.9.7a3-1-x86_64
network-extra/
 libesmtp
1.0.4-2locris1-ppc
network-extra/
 libesmtp
1.0.4-2-ppc
chroot-core/
 util-linux-ng
2.17.1-1-ppc
chroot-core/libblkid
2.17.1-1-ppc
chroot-core/libuuid
2.17.1-1-ppc
xorg-apps/xinit
1.2.1-1-ppc
xorg-libs/libxt
1.0.8-1-ppc

RSS
Sprog
Ændre sprog | Ændre sprog | Ændre sprog | Ændre sprog | Ændre sprog | Ændre sprog | Ændre sprog
Information
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Server information
Oppetid:
97 dag(e) 14 t 55 m 0 s
Frugalware Sikkerheds Annonceringer (FSAs)
Dette er en liste over sikkerheds annonceringer der er blevet frigivet for den aktuelle og stabile version af Frugalware
FSA643 - libesmtp
Pakke:libesmtp
Dato:2010-03-16
Skrevet af:Miklos Vajna
Sårbar version:1.0.4-1
Ikke-berørt version:1.0.4-2locris1
Bug sporings post:http://bugs.frugalware.org/task/4141
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
Beskrivelse:libesmtp did not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
FSA642 - drupal6-i18n
Pakke:drupal6-i18n
Dato:2010-03-12
Skrevet af:Miklos Vajna
Sårbar version:6.x_1.2-1
Ikke-berørt version:6.x_1.3-1locris1
Bug sporings post:http://bugs.frugalware.org/task/4134
CVEs:No CVE references, see http://drupal.org/node/731632.
Beskrivelse:See FSA641 for details.
FSA641 - drupal-i18n
Pakke:drupal-i18n
Dato:2010-03-12
Skrevet af:Miklos Vajna
Sårbar version:5.x_2.5-1
Ikke-berørt version:5.x_2.6-1locris1
Bug sporings post:http://bugs.frugalware.org/task/4134
CVEs:No CVE references, see http://drupal.org/node/731632.
Beskrivelse:A vulnerability has been reported in the Internationalization module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used to translate the text. This can be exploited to execute arbitrary PHP code by passing a malicious string to the input filter.
FSA640 - drupal6
Pakke:drupal6
Dato:2010-03-11
Skrevet af:Miklos Vajna
Sårbar version:6.15-1
Ikke-berørt version:6.16-1locris1
Bug sporings post:http://bugs.frugalware.org/task/4133
CVEs:No CVE references, see http://drupal.org/node/731710.
Beskrivelse:See FSA639 for details.
FSA639 - drupal
Pakke:drupal
Dato:2010-03-11
Skrevet af:Miklos Vajna
Sårbar version:5.21-1
Ikke-berørt version:5.22-2locris1
Bug sporings post:http://bugs.frugalware.org/task/4132
CVEs:No CVE references, see http://drupal.org/node/731710.
Beskrivelse:Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed via the "langcode", "name", and "native" parameters in the languages interface while using the Locale module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer languages" permissions. 2) An error in the handling of certain sessions can be exploited to maintain an open session despite the user being blocked.
FSA638 - wordpress
Pakke:wordpress
Dato:2010-03-10
Skrevet af:Miklos Vajna
Sårbar version:2.9.1-1
Ikke-berørt version:2.9.2-1locris1
Bug sporings post:http://bugs.frugalware.org/task/4131
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0682
Beskrivelse:A vulnerability has been discovered in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to WordPress not properly restricting access to trashed posts, which can be exploited to e.g. view a trashed post by accessing it's page directly. Successful exploitation requires a valid user account.
FSA637 - xar
Pakke:xar
Dato:2010-03-09
Skrevet af:Miklos Vajna
Sårbar version:1.5.2-1
Ikke-berørt version:1.5.2-2locris1
Bug sporings post:http://bugs.frugalware.org/task/4128
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0055
Beskrivelse:Braden Thomas from Apple has discovered a signature verification bypass issue in xar. The issue is that xar_open assumes that the checksum is stored at offset 0, but xar_signature_copy_signed_data uses xar property "checksum/offset" to find the offset to the checksum when validating the signature. As a result, a modified xar archive can pass signature validation by putting the checksum for the modified TOC at offset 0, pointing "checksum/offset" at the non-modified checksum at a higher offset, and using the original non-modified signature.
© 2003-2010. The Frugalware Developer Team