Posted by Peter Korsgaard on May 06 > /dev/shm is a world-writable directory, like /tmp, and should also > have the sticky bit set. Without this, any user can delete and > replace another user'...
Posted by Carlos O'Donell on May 06The following security advisories have been published: GLIBC-SA-2024-0005: =================== nscd: Stack-based buffer overflow in netgroup cache If the ...
Posted by Yann E. MORIN on May 06Ben, All, Thanks for th efeedback. The fix has already been committed, with commit 0b2967e158 (package/skeleton-init-sysv: Set sticky bit on /dev/shm) that I ...
Posted by Solar Designer on May 06Hi, Let's be including vulnerability information right in here, not only via reference, so: * Fixed: Protect against integer overflow in ComposeQueryEngin...
Posted by Ben Hutchings on May 06 This has been assigned CVE-2024-34455. Ben.
Posted by Sebastian Pipping on May 06Hi! Ealier today uriparser 0.9.8 has been released. Version 0.9.8 fixes two security issues: CVE-2024-34402 and CVE-2024-34403. For more details, please ...
Posted by Stamatis Zampetakis on May 03Severity: moderate Affected versions: - Apache Hive 4.0.0-alpha-1 before 4.0.0 Description: Improper Control of Generation of Code ('Code Injection'...
Posted by Steffen Nurpmeso on May 03Steffen Nurpmeso wrote in
<20240502223912.08A3RYp4@steffen%sdaoden.eu>:
|Sam James wrote in
| <87o79nlwxl.fsf () gentoo org>:
||Solar Designer
Posted by Steffen Nurpmeso on May 03Sam James wrote in
<87o79nlwxl.fsf () gentoo org>:
|Solar Designer
Posted by Sam James on May 02Solar Designer
Posted by Solar Designer on May 02Steffen, This reads like an excuse to post lots of thoughts that are off-topic for this thread. I understand that sometimes discussions wander off the origin...
Posted by Steffen Nurpmeso on May 02Please let me elaborate a little more on this, not to be misunderstood and also.. Steffen Nurpmeso wrote in <20240430224823.uA8Nr1Cp@steffen%sdaoden.eu>: ...
Posted by Sam Bull on May 02Aiohttp is an HTTP client and server-side web framework in Python. This issue only affects users of the server-side web framework. We've not seen any evidence of this...
Posted by Daniel Beck on May 02Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software. The following releases ...
Posted by YuanSheng Wang on May 02Severity: low Affected versions: - Apache APISIX 3.8.0, 3.9.0 Description: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulne...