ALT-BU-2014-2969-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2013-0289
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html
- http://secunia.com/advisories/55190
- http://security.gentoo.org/glsa/glsa-201310-02.xml
- http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
- http://sourceforge.net/projects/isync/files/isync/1.0.6/
- http://www.openwall.com/lists/oss-security/2013/02/20/9
- http://www.securityfocus.com/bid/57423
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82232
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099544.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099547.html
- http://secunia.com/advisories/55190
- http://security.gentoo.org/glsa/glsa-201310-02.xml
- http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
- http://sourceforge.net/projects/isync/files/isync/1.0.6/
- http://www.openwall.com/lists/oss-security/2013/02/20/9
- http://www.securityfocus.com/bid/57423
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82232
Closed vulnerabilities
Modified: 2025-04-12
CVE-2013-6401
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
- http://comments.gmane.org/gmane.comp.security.oss.general/12099
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00057.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1035538
- https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4
- http://comments.gmane.org/gmane.comp.security.oss.general/12099
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00057.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1035538
- https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4
Package python-module-django-horizon updated to version 2014.1.2-alt2 for branch sisyphus in task 129213.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-3594
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2014-1335.html
- http://rhn.redhat.com/errata/RHSA-2014-1336.html
- http://seclists.org/oss-sec/2014/q3/413
- http://www.securityfocus.com/bid/69291
- https://bugs.launchpad.net/horizon/+bug/1349491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95378
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115313/
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2014-1335.html
- http://rhn.redhat.com/errata/RHSA-2014-1336.html
- http://seclists.org/oss-sec/2014/q3/413
- http://www.securityfocus.com/bid/69291
- https://bugs.launchpad.net/horizon/+bug/1349491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95378
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115313/
Package thunderbird-lightning-ru updated to version 3.3-alt1 for branch sisyphus in task 129233.
Closed bugs
Дополнение Lightning для Thunderbird не работает после обновления Thunderbird.
Closed bugs
FR: обновить до свежей версии 0.1.21