– Added upstream patch to fix null pointer dereference on ft attempts from non-existing users
Monthly Archives: January 2017
bitlbee-3.5.1-1.el6
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.fc24
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.el7
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
bitlbee-3.5.1-1.fc25
BitlBee 3.5.1 (30 Jan 2017)
===========================
– purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1282
– After some investigation we decided to reclassify a crash fix from the previous release as a security issue. Read the full security advisory at: https://bugs.bitlbee.org/ticket/1281
– Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.
Bugtraq: Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
Bugtraq: secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines")
secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment (“rise of the machines”)
Bugtraq: Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability
Secunia Research: libarchive “lha_read_file_header_1()” Out-Of-Bounds Memory Access Denial of Service Vulnerability
Bugtraq: [security bulletin] HPESBMU03701 rev.1 – HPE Smart Storage Administrator, Remote Arbitrary Code Execution
[security bulletin] HPESBMU03701 rev.1 – HPE Smart Storage Administrator, Remote Arbitrary Code Execution
RHBA-2017:0210-1: pcs bug fix update
Red Hat Enterprise Linux: Updated pcs packages that fix two bugs are now available for Red Hat Enterprise
Linux 7.