Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.
Monthly Archives: February 2015
Fedora 21 Security Update: qt3-3.3.8b-62.fc21
Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.
Fedora 21 Security Update: gnupg-1.4.19-1.fc21
New upstream v1.4.19
– Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]
– Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837]
Fedora 21 Security Update: qt-4.8.6-25.fc21
Fedora 20 Security Update: qt-4.8.6-25.fc20
Fedora 22 Security Update: qt-4.8.6-25.fc22
Fedora 22 Security Update: qt3-3.3.8b-62.fc22
Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.
Fedora 22 Security Update: gnupg-1.4.19-1.fc22
New upstream v1.4.19
– Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]
– Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837]
Swiss File Knife v1.7.4 HTTP – Buffer Overflow Vulnerability
Posted by Vulnerability Lab on Feb 28
Document Title:
===============
Swiss File Knife v1.7.4 HTTP – Buffer Overflow Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1441
Release Date:
=============
2015-02-27
Vulnerability Laboratory ID (VL-ID):
====================================
1441
Common Vulnerability Scoring System:
====================================
8.4
Product & Service Introduction:…
Fedora 21 Security Update: drupal7-entity-1.6-1.fc21
Resolved Bugs
1196750 – drupal7-entity-1.6 is available<br
## 7.x-1.6
See [SA-CONTRIB-2015-053 – Entity API – Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)
Changes since 7.x-1.5:
– by klausi: Sanitize field labels before passing them to the Token API.
– Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
– Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.
– Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().
– Issue #1651824 by meatsack | joachim: Fixed ‘entity_test’ table has incorrect declaration of foreign keys.
– Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.
– Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing ‘path’ index.
– Issue #1104286: Support generating database schema for date properties.
– Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.