OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rain Forest Puppy (rfpvulnwatch.org)
Date: Wed Nov 28 2001 - 12:38:39 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes, yes, 20 more apps that have security fixes listed in their
    changelogs. I'm not going to dig too far into each to figure out the
    exact nature of the problem--I leave that as an exercise to the reader.
    The versions listed are the *fixed* versions.

    Notable applications include slrn, mailman, and linux wireless tools.

    Enjoy,
    - rfp

    - vBulletin 2.2.0
    "source code audit by an independent 3rd party for security issues"

    - Redirected Execution Tree 2.3
    "A security hole was fixed"

    - SLRN 0.9.7.3
    "It also fixes some bugs and one security hole."

    - panFora 1.4.0
    "Login security was enhanced by making it much harder to hijack user
    cookies" (does that mean it was possible to hijack user sessions in older
    versions?)

    - DrvZ42 0.3.2 (linux Lexmark printer driver)
    "Support for photo cartridges and a small security fix to the z42 tool
    were added"

    - GrendelProject 0.4.2
    "a few (possible) security bugfixes in the online building system"

    - Xsu 0.2.1 (Gnome su interface)
    "This version contains documentation fixes, manpage fixes, an option to
    set the DISPLAY environment variable in Gnome Xsu, and some minor security
    fixes"

    - D-Forum 1.11
    "Better security checks were implemented" (does that mean there was a
    problem with the old checks?)

    - CryptNET-Keyserver 0.0.6
    "A security bugfix for an SQL injection vulnerability"

    - SILC server 0.6.3
    "security fixes to the SKE"

    - SILC client 0.6.5
    "security fixes to the SKE"

    - SILC tookit 0.6.2
    "This version adds better debugging functionality, security fixes,..."

    - mterm 0.4.1
    "Buffer overflow problems were fixed and cursor positioning was adjusted."
    (do the buffer overflow problems have security implications?)

    - mailman 2.0.7
    "Fixes for two obscured denial-of-service attacks"

    - ripMIME 1.2.7
    "This release corrects a buffer overflow situation with massive filenames"

    - NinjaIRC 1.5.6
    "Many bugfixes (including some security problems and segfaults)"

    - Wireless tools 22
    "a fix for possible buffer overflows"

    - DansGuardian 2.2.1
    "A large security hole that allowed users to simply type the IP of a
    banned Web site to bypass the URL filtering was fixed"

    - The Gallery 1.2.3
    "A major security bugfix and many minor bugfixes were added"

    - gbiff 3.0
    "buffer overflows in the IMAP4 protocol have been fixed"

    - HTML2WML 0.4.8b2
    "A security issue has been corrected"

    - NOCC 0.9.5
    "A security fix"