ALT-BU-2014-2969-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2013-0289
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- FEDORA-2013-2795
- FEDORA-2013-2795
- FEDORA-2013-2758
- FEDORA-2013-2758
- 55190
- 55190
- GLSA-201310-02
- GLSA-201310-02
- http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
- http://sourceforge.net/p/isync/isync/ci/914ede18664980925628a9ed2a73ad05f85aeedb
- http://sourceforge.net/projects/isync/files/isync/1.0.6/
- http://sourceforge.net/projects/isync/files/isync/1.0.6/
- [oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
- [oss-security] 20130220 isync/mbsync security advisory: missing SSL subject verification (CVE-2013-0289)
- 57423
- 57423
- isync-ssl-info-disc(82232)
- isync-ssl-info-disc(82232)
Closed vulnerabilities
Modified: 2024-11-21
CVE-2013-6401
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
- [oss-security] 20140211 CVE-2013-6401 Jansson hash collision issue
- [oss-security] 20140211 CVE-2013-6401 Jansson hash collision issue
- openSUSE-SU-2014:0394
- openSUSE-SU-2014:0394
- https://bugzilla.redhat.com/show_bug.cgi?id=1035538
- https://bugzilla.redhat.com/show_bug.cgi?id=1035538
- https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4
- https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4
Package python-module-django-horizon updated to version 2014.1.2-alt2 for branch sisyphus in task 129213.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-3594
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
- openSUSE-SU-2015:0078
- openSUSE-SU-2015:0078
- RHSA-2014:1335
- RHSA-2014:1335
- RHSA-2014:1336
- RHSA-2014:1336
- [oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)
- [oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)
- 69291
- 69291
- https://bugs.launchpad.net/horizon/+bug/1349491
- https://bugs.launchpad.net/horizon/+bug/1349491
- openstack-horizon-cve20143594-xss(95378)
- openstack-horizon-cve20143594-xss(95378)
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115310
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115311
- https://review.openstack.org/#/c/115313/
- https://review.openstack.org/#/c/115313/
Package thunderbird-lightning-ru updated to version 3.3-alt1 for branch sisyphus in task 129233.
Closed bugs
Дополнение Lightning для Thunderbird не работает после обновления Thunderbird.
Closed bugs
FR: обновить до свежей версии 0.1.21