* CVE-2006-3320 (Javascript injection) - previously reported by other parties
but not resolved and so included for completeness
* CVE-2007-5492 (code execution) - first reported in my attached advisory to
the vendor, independently rediscovered by Robert Buchholz of Gentoo whilst
auditing the differences between the patched and unpatched versions (3.3.8 vs
3.3.9)
* CVE-2007-5491 (file permissions issue) - apparently patched by the vendor at
the same time as my issues were resolved and discovered by Robert Buchholz of
After a standard system upgrade you need to restart your session to affect
the necessary changes.
Details follow:
Robert Buchholz discovered that libsndfile did not correctly validate the
size of its memory buffers. If a user were tricked into playing a specially
crafted FLAC file, a remote attacker could execute arbitrary code with user
privileges.
1 media-libs/libsndfile < 1.0.17-r1 >= 1.0.17-r1
Description
===========
Robert Buchholz of the Gentoo Security team discovered that the
flac_buffer_copy() function does not correctly handle FLAC streams with
variable block sizes which leads to a heap-based buffer overflow
(CVE-2007-4974).
Impact
1 sys-apps/dstat < 0.6.9-r1 >= 0.6.9-r1
Description
===========
Robert Buchholz of the Gentoo Security Team reported that dstat
includes the current working directory and subdirectories in the Python
module search path (sys.path) before calling "import".
Impact
======
2008/7/25 Robert Buchholz <rbu@gentoo.org>:
> On Friday 18 July 2008, Jan Minář wrote:
> ...
>> 3. Vulnerability
>>
>> During the build process, a temporary file with a predictable name is
>> created in the ``/tmp'' directory. This code is run when Vim is
>> being build with Python support:
>>
>> src/configure.in:
Hello Paul,
On Monday 09 March 2009, Paul Wouters wrote:
> On Mon, 9 Mar 2009, Robert Buchholz wrote:
> > Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file
> > creation
>
> Once again, thanks to everyone for not contacting the Openswan
> Project in this matter just like they did not do this 6 months ago
> when this "vulnerability" came out originally.
On Friday 25 July 2008, Jan Minář wrote:
> 2008/7/25 Robert Buchholz <rbu@gentoo.org>:
> > On Friday 18 July 2008, Jan Minář wrote:
> > ...
> >
> >> 3. Vulnerability
> >>
> >> During the build process, a temporary file with a predictable name
> >> is created in the ``/tmp'' directory. This code is run when Vim
> >> is being build with Python support:
1 app-admin/python-updater < 0.7-r1 >= 0.7-r1
Description
===========
Robert Buchholz of the Gentoo Security Team reported that
python-updater includes the current working directory and
subdirectories in the Python module search path (sys.path) before
calling "import".
Impact
1 app-arch/star < 1.5_alpha84 >= 1.5_alpha84
Description
===========
Robert Buchholz of the Gentoo Security team discovered a directory
traversal vulnerability in the has_dotdot() function which does not
identify //.. (slash slash dot dot) sequences in file names inside tar
files.
Impact
On Mon, 9 Mar 2009, Robert Buchholz wrote:
> Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
Once again, thanks to everyone for not contacting the Openswan Project
in this matter just like they did not do this 6 months ago when this
"vulnerability" came out originally.
> Severity: Normal
> Title: Openswan: Insecure temporary file creation
