Debian ≫ Debian Linux

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

gdm3 3.14.2 and possibly later has an information leak before screen lock

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.