Debian ≫ Debian Linux

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

letodms 3.3.6 has CSRF via change password