Debian Linux Security Advisory 2738-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
5ee13cb1795d7a48b2912c75782eed27a5d04bc434a31b0a2a81f910b352d4a0
Debian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.
268fa7526f03a156888745c47b7f004f546de02d75ff3065034b7484a643b7e5
Debian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.
d45dbbe7fa51ef7a30834fdc072c235fb62211ea1d381d9c18fffe4027dd77c5
Debian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.
19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5
Debian Linux Security Advisory 2504-1 - It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.
eb4852b5ff523c83cd3b743f3cc96087df117c7c95d23b7657b743f5804578f0
Debian Linux Security Advisory 2498-1 - It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicious DHCP packets.
2a1985d21c5fc5cfea58dab1c087d2cbcd793d34c92dfbc5e4ad65f8a1d75a90
Debian Linux Security Advisory 2501-1 - Several vulnerabilities were discovered in Xen, a hypervisor.
aedc2dcb40c8f0ac3825bb16ea9ed2fab49038c45013687c7f01466444984580
Debian Linux Security Advisory 2500-1 - Several vulnerabilities were discovered in Mantis, an issue tracking system.
4e578def420b51119664c3d40a1611bc1e6799ca9644f447c53ee0e185928aa1
Debian Linux Security Advisory 2499-1 - Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issues (CVE-2012-1940).
3ef5c267fafc1828b6ed570af3e07c3e42a3518ffbf521822678933115a7ad97
Debian Linux Security Advisory 2502-1 - It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys.
6d4508421551948092f3a47c494a7261e2fff7ccbfc0297c1626d54727c95efa
Debian Linux Security Advisory 2497-1 - It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
767d155bcdfd3b4f54914b90d6d6c4d6892ecd75f4ed52e90b949e54eecb66d3
Debian Linux Security Advisory 2496-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects.
eeffa758dc44f2f16c05876571d07e28555ef3fe9f2e29262843debe172cee70
Debian Linux Security Advisory 2495-1 - A buffer overflow was discovered in OpenConnect, a client for the Cisco AnyConnect VPN, which could result in denial of service.
442b6bf476818c5707cbcf2328190e8b4cc3499ff967a3ec60ad5c4de6262e62
Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
4501feb8273e9684718b44e670322a6446313c332368d2d5a2059638c53e4d2a
Debian Linux Security Advisory 2493-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit.
21e8618cd5d616376fad6c256d487e6681705187c9bfa7fea9986649f72ace9b
Debian Linux Security Advisory 2492-1 - The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code.
deb55cad739d879e271b8fcdefd66474772fb3e4d74c4b94ab20d59dfc18e50c
Debian Linux Security Advisory 2491-1 - Two vulnerabilities were discovered in PostgreSQL, an SQL database server.
08cee1118490a95890ce39cec136e45a1e76b0f30a416aecbf838f863b61cc51
Debian Linux Security Advisory 2488-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
4d83c16259cd017c44204760d64cee515dc170bca8b651c1c965464c5ddf84cb
Debian Linux Security Advisory 2490-1 - Kaspar Brand discovered that Mozilla's Network Security Services (NSS) library did insufficient length checking in the QuickDER decoder, allowing to crash a program using the library.
c9f66a3f51a21e634e419e7db6a0a2aa2ced54fb88a94a11eb383ddb99dc88ba
Debian Linux Security Advisory 2489-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
69f085e8eee306fbae80d0470ee3fb7b7cd2709170e43ebde8de65d32dbce086
Debian Linux Security Advisory 2480-3 - The recent security updates for request-tracker3.8, DSA-2480-1 and DSA-2480-2, contained another regression when running under mod_perl.
9ce17132ccbefeabfb6b516fe846fb3bf5d8c67604754ef8f937f83628472a89
Debian Linux Security Advisory 2487-1 - It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.
2d9dc06a415f8fc293156688adb0ebd1a69dcf3baec35646794fe891a2131701
Debian Linux Security Advisory 2486-1 - It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected.
aaff0d5dfe0a95b4be0cdbb6f1f283c8f68f1de358f21672e99d54fa43fda6f7
Debian Linux Security Advisory 2485-1 - Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters.
78ff1a6b297a6acfa99730fd0f218b08efac99d83225398094c9aa822f41d9a5
Debian Linux Security Advisory 2482-1 - Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection.
1d47094e9ab3199d3353d60e80d2221e27b8800fc67c6fd798aef369c4486afe
Debian Linux Security Advisory 2481-1 - Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses.
8b0cd0c918aa1e71f1b16b1a44d4928e841896d59745b3ffe1eefa485e4bfab4