Next Page >>
mailing lists
in phpList, through which any Internet user can gain access to possibly
sensitive information. These vulnerabilities:
1) allow anybody who is able to register (or to obtain a "unique user
id") to obtain a copy of any email previously sent by the system,
regardless of the mailing list to which the message belongs (including
hidden or private mailing lists for which normal users can't usually
register).
2) allow anybody to read the subject of every email sent by the system.
Folks,
We have created the "IPv6 Hackers" mailing-list for discussion of IPv6
security issues. The charter of the list is:
---- cut here ----
This list was created for the discussion of IPv6 security issues and
low/packet-level issues related to the IPv6 protocols. It is meant to
provide forum for IPv6 security researchers and IPv6 networking
professionals to discuss low-level IPv6 networking and security issues
* number of CVEs/BIDs covered
* relevance of the covered alerts
* sustainable future benefit (e.g. in the case of supporting APIs)
* how well the development was coordinated via the public OpenVAS
mailing lists (teams may win as well)
* code quality (documentation, design, style)
Contest sponsors are (sorted by amount sponsored):
* Intevation GmbH, www.intevation.net
specifications of core protocols and/or providing advice on security
aspects of them.
The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
voice your opinion on the relevant mailing-list sending an e-mail to
opsec@ietf.org . You don't need to subscribe to the mailing list to post a
message (although your message will be held for moderator approval before
it is distributed to the list members).
The deadline for posting your opinion is January 9th (next Friday).
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
ze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
A patch for this issue [1] has been applied to trunk and will be
included in the next releases of 6.0.x and 5.5.x
Credit:
This issue was reported directly [2] to the tomcat users public mailing
list by David Horheim.
Security researchers are reminded that undisclosed vulnerabilities in
Apache Tomcat should, in the first instance, be reported to the private
security mailing list. [3]
References:
> specifications of core protocols and/or providing advice on security
> aspects of them.
>
> The call for consensus is available at:
> http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
> voice your opinion on the relevant mailing-list sending an e-mail to
> opsec@ietf.org . You don't need to subscribe to the mailing list to post a
> message (although your message will be held for moderator approval before
> it is distributed to the list members).
>
> The deadline for posting your opinion is January 9th (next Friday).
. 2009-05-12:
Core notifies Apple Security Team that this is a multi-vendor issue
(affecting, for example, multiple Linux distributions), and asks if the
patch process of the CUPS vulnerability will be coordinated using the
vendor-sec mailing list [2].
. 2009-05-12:
Apple Product Security Team notifies Core they will contact vendor-sec
about this issue very soon and proposes to reschedule the advisory
publication date to June 2nd. The vendor also notifies the issue was
>> more secure system in practice. We propose several small changes in
>> browser behavior and HTTP standards that will make HTTP authentication
>> schemes, such as digest authentication, a viable option in future
>> application development.
>> _______________________________________________
>> Webappsec mailing list
>> Webappsec@lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/webappsec
>>
> _______________________________________________
> Webappsec mailing list
There's a very short reference from May 2007 to the concept of using
different hostnames to protect against XSS:
See Brian Eaton's post to WebSecurity mailing list, May 18th, 2007,
titled "Re: [WEB SECURITY] How to avoid XSS into PDF Files, using java".
http://www.webappsec.org/lists/websecurity/archive/2007-05/msg00087.html
fcorella@pomcor.com wrote:
> Hello,
technique described by Michal Zalewski, and the paper references 2
BugTraq submissions by Zalewski that nicely explain this concept. These
are (from the paper):
[27] “A new TCP/IP blind data injection technique?” (BugTraq mailing
list post),
Michal Zalewski, December 10th, 2003
http://www.securityfocus.com/archive/1/347130
[28] “Breaking the checksum (a new TCP/IP blind data injection technique)”
(BugTraq mailing list post), Michal Zalewski, December 14th, 2003
>92BF0143814; Sat, 1 Sep 2007 08:52:53 -0600 (MDT)
>Received: (qmail 15667 invoked from network); 31 Aug 2007 22:21:09 -0000
>X-Message-Delivery: Vj0zLjQuMDt1cz0wO2k9MDtsPTA7YT0w
>X-Message-Info:
>JGTYoYF78jEJJSXcFk0NH6H2SWDavuwx7zBAbu09QKc2wfCvlGFYYsunEZhyLfyhQaxxb5avDEAJpQf0p0jr0g==
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4896
Florian Streibelt reported a a directory traversal flaw in the way the
Mailing List Managing Made Joyful mailing list manager processed
users' requests originating from the administrator web interface
without enough input validation. A remote, authenticated attacker could
use these flaws to write and / or delete arbitrary files.
For the stable distribution (lenny), these problems have been fixed in
Historically, Ubuntu sends Ubuntu Security Notices (USNs) to bugtraq,
full-disclosure and our own announce mailing list. After a recent review
of our publication process, we decided we will no longer post USNs to
bugtraq and full-disclosure.
People interested in receiving USNs by email should subscribe to the
ubuntu-security-announce mailing list directly:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
An archive of all USNs can be found at:
Exploitation and Public Announcements
=====================================
This vulnerability was initially reported to the Full Disclosure
mailing list at the following link:
http://seclists.org/fulldisclosure/2011/Aug/175
Apache has confirmed that it is aware of exploitation of this
vulnerability. Cisco is not aware of malicious exploitation of this
vulnerability related specifically to Cisco products.
Like other Linux distribution vendors, Gentoo is currently CC'ing advisories
to the full-disclosure and bugtraq mailing lists.
Starting today, we will be *no longer* publishing our advisories to full-
disclosure or bugtraq.
We are following our colleagues at Ubuntu with this decision.
Users who want to receive advisories via email in the future should subscribe
to the gentoo-announce mailing list, as described here:
http://www.gentoo.org/main/en/lists.xml
adopt this document as a working group item, so that your input will be
very much appreciated.
To voice your opinion, please send it to tcpm@ietf.org, and CC me
(fernando@gont.com.ar), so that I make sure that your post makes it to
the mailing-list, even if you are not subscribed to it. (Alternatively,
you can send me your input, and I could forward it to the tcpm@ietf.org
mailing-list).
Thanks!
> regularly
> found holes at single sites (which often uses some engines). But in my
> advisories I'm talking only about webapps. As I said above, there are
> many
> web applications which are using this captcha, and I wrote to security
> mailing lists about some of them and I'd write about others soon.
>
>> But really, for this type of bug do you really need to be trying to
>> "shame" someone into fixing it or just informing the site that there's a
>> page that is sucking CPU cycles and able to bypass the captcha to post
>> spam?
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSRawfWz0hbPcukPfAQKr8gf/ey+YyHiWXy1vCzmmbI7Xk2ktHZCEEoBW
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJa7VHAAoJEL97/wQC1SS+y50H/A5YPrLJyzVFbWrBoGtQlsYy
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLAaeIbxelr8HyTqQRAgKdAKCdphPc6HLAfog5KvY02ULyWB5GTgCgwA0Q
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkuk3PsACgkQHYflSXNkfP8IZwCffgDYNqE3eghVbUzXrsR8FVVi
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoGnYgACgkQ62zWxYk/rQfdEQCfa0z/TMG9gcXl2V1WoBFZBbOz
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFI6kriwM/Gs81MDZ0RArK/AJ42foKLAIkL/x9wizFoK/w1aTkV3QCeIcNs
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFI6ShyU5XKDemr/NIRAjGGAKD0vczzeG02DtEFSqS68JNuxQSemQCfcizS
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkqvxQUACgkQ62zWxYk/rQepTACeMylU2PMJePwDfaGAAGFLLP6s
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktjGZMACgkQ62zWxYk/rQevLwCghxDMXPAt05KRnVmuiFE3hB3D
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLPLGubxelr8HyTqQRAl1AAJ9namUSyNI3Z0TahjZxW1uN8ScEggCghrMs
Next Page>>
|
