Debian Security Advisory 3063-1

Debian Linux Security Advisory 3063-1 – An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.

Red Hat Security Advisory 2014-1784-01

Red Hat Security Advisory 2014-1784-01 – Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that Python-keystoneclient treated all settings in paste.ini files as string types. If the “insecure” option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note that when the “insecure” option was not set in paste.ini, it evaluated to false, and verification was performed.