[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vulnwatch
Subject:    [VulnWatch] Nov changelog madness
From:       Rain Forest Puppy <rfp () vulnwatch ! org>
Date:       2001-11-28 18:38:39
[Download RAW message or body]


Yes, yes, 20 more apps that have security fixes listed in their
changelogs.  I'm not going to dig too far into each to figure out the
exact nature of the problem--I leave that as an exercise to the reader.
The versions listed are the *fixed* versions.

Notable applications include slrn, mailman, and linux wireless tools.

Enjoy,
- rfp



- vBulletin 2.2.0
"source code audit by an independent 3rd party for security issues"


- Redirected Execution Tree 2.3
"A security hole was fixed"


- SLRN 0.9.7.3
"It also fixes some bugs and one security hole."


- panFora 1.4.0
"Login security was enhanced by making it much harder to hijack user
cookies" (does that mean it was possible to hijack user sessions in older
versions?)


- DrvZ42 0.3.2 (linux Lexmark printer driver)
"Support for photo cartridges and a small security fix to the z42 tool
were added"


- GrendelProject 0.4.2
"a few (possible) security bugfixes in the online building system"


- Xsu 0.2.1 (Gnome su interface)
"This version contains documentation fixes, manpage fixes, an option to
set the DISPLAY environment variable in Gnome Xsu, and some minor security
fixes"


- D-Forum 1.11
"Better security checks were implemented" (does that mean there was a
problem with the old checks?)


- CryptNET-Keyserver 0.0.6
"A security bugfix for an SQL injection vulnerability"


- SILC server 0.6.3
"security fixes to the SKE"

- SILC client 0.6.5
"security fixes to the SKE"

- SILC tookit 0.6.2
"This version adds better debugging functionality, security fixes,..."


- mterm 0.4.1
"Buffer overflow problems were fixed and cursor positioning was adjusted."
(do the buffer overflow problems have security implications?)


- mailman 2.0.7
"Fixes for two obscured denial-of-service attacks"


- ripMIME 1.2.7
"This release corrects a buffer overflow situation with massive filenames"


- NinjaIRC 1.5.6
"Many bugfixes (including some security problems and segfaults)"


- Wireless tools 22
"a fix for possible buffer overflows"


- DansGuardian 2.2.1
"A large security hole that allowed users to simply type the IP of a
banned Web site to bypass the URL filtering was fixed"


- The Gallery 1.2.3
"A major security bugfix and many minor bugfixes were added"


- gbiff 3.0
"buffer overflows in the IMAP4 protocol have been fixed"


- HTML2WML 0.4.8b2
"A security issue has been corrected"


- NOCC 0.9.5
"A security fix"


[prev in list] [next in list] [prev in thread] [next in thread]