python
- Author: kikadf
- Vulnerable: 2.7.5-2arcturus1
- Unaffected: 2.7.5-2arcturus2
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
python-3.0
- Author: kikadf
- Vulnerable: 3.3.0-2
- Unaffected: 3.3.0-3arcturus1
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs.
CVEs:
dokuwiki
- Author: kikadf
- Vulnerable: 2012_10_13-1
- Unaffected: 2014_09_29-1arcturus1
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
CVEs:
php
- Author: kikadf
- Vulnerable: 5.3.26-2arcturus6
- Unaffected: 5.3.26-2arcturus7
Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension.
CVEs:
qemu
- Author: kikadf
- Vulnerable: 1.5.2-3arcturus6
- Unaffected: 1.5.2-3arcturus7
A flaw was found in the way guest provided parameter validation was performed in vmware-vga driver in rectangle handling functionality. bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero.
CVEs:
libxml2
- Author: kikadf
- Vulnerable: 2.8.0-2arcturus1
- Unaffected: 2.8.0-2arcturus2
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files.
CVEs:
wget
- Author: kikadf
- Vulnerable: 1.13.4-2
- Unaffected: 1.13.4-3arcturus1
HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP.
CVEs:
file
- Author: kikadf
- Vulnerable: 5.14-2arcturus4
- Unaffected: 5.14-2arcturus5
An out-of-bounds read flaw was found in file’s donote() function in the way the file utility determined the note headers of a elf file.
CVEs:
konversation
- Author: kikadf
- Vulnerable: 1.4-3
- Unaffected: 1.4-4arcturus1
The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input.
CVEs:
quassel
- Author: kikadf
- Vulnerable: 0.8.0-2
- Unaffected: 0.8.0-3arcturus1
The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input.