Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Full-Disclosure Digest, Vol 68, Issue 5
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Mon, 4 Oct 2010 09:26:20 -0400

Their policy of publishing whatever they think is buzzing cannot be respected by people who understand possible 
problems of innocent people involved. Leaking of military secrets is stupid as it gets. If they get closed, it is what 
they deserve.

Mikhail A. Utin, CISSP

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
full-disclosure-request () lists grok org uk
Sent: Monday, October 04, 2010 7:00 AM
To: full-disclosure () lists grok org uk
Subject: Full-Disclosure Digest, Vol 68, Issue 5

Send Full-Disclosure mailing list submissions to
        full-disclosure () lists grok org uk

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
        full-disclosure-request () lists grok org uk

You can reach the person managing the list at
        full-disclosure-owner () lists grok org uk

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."


Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.


Today's Topics:

   1. [ MDVSA-2010:193 ] qt-creator (security () mandriva com)
   2. [ MDVSA-2010:194 ] git (security () mandriva com)
   3. WikiLeaks "underoing" (sic) scheduled maintenance (Harry Behrens)
   4. [ANN] pinktrace-0.0.1 (Ali Polatel)
   5. Fwd: xss in silverstripe (dave b)
   6. Re: Multiple vulnerabilities in WordPress 2 and 3 (PsychoBilly)
   7. Breaking .NET encryption with or without Padding  Oracle
      (Early Warning)
   8. Re: the real stuxnet authors plz stand up (huj huj huj)
   9. Re: WikiLeaks "underoing" (sic) scheduled maintenance
      (huj huj huj)


----------------------------------------------------------------------

Message: 1
Date: Sun, 03 Oct 2010 14:29:00 +0200
From: security () mandriva com
Subject: [Full-disclosure] [ MDVSA-2010:193 ] qt-creator
To: full-disclosure () lists grok org uk
Message-ID: <E1P2Nga-0006EV-JN () titan mandriva com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:193
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : qt-creator
 Date    : October 3, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found in Qt Creator 2.0.0 and previous
 versions. The vulnerability occurs because of an insecure manipulation
 of a Unix environment variable by the qtcreator shell script. It
 manifests by causing Qt or Qt Creator to attempt to load certain
 library names from the current working directory (CVE-2010-3374).

 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3374
 http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 72f483e1687632ee9887b5742b72891d  2010.0/i586/libaggregation1-1.2.1-2.2mdv2010.0.i586.rpm
 38ef2476d9ca746576549cd230fed498  2010.0/i586/libcplusplus1-1.2.1-2.2mdv2010.0.i586.rpm
 33d7aa73bc3793f7327e5e2160409f4b  2010.0/i586/libextensionsystem1-1.2.1-2.2mdv2010.0.i586.rpm
 6429fd08060935dbecf7f7bdec4d2160  2010.0/i586/libqtconcurrent1-1.2.1-2.2mdv2010.0.i586.rpm
 029072ad2feb8299499a79f75bf4ae8e  2010.0/i586/libutils1-1.2.1-2.2mdv2010.0.i586.rpm
 af66282a6100278935d3a2137af01522  2010.0/i586/qt-creator-1.2.1-2.2mdv2010.0.i586.rpm
 617fccd89b2020320e4492364caed27c  2010.0/i586/qt-creator-doc-1.2.1-2.2mdv2010.0.i586.rpm
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a2b277c9e816765850be2242dd725738  2010.0/x86_64/lib64aggregation1-1.2.1-2.2mdv2010.0.x86_64.rpm
 553865d75cf73ac6c878b013dd7230eb  2010.0/x86_64/lib64cplusplus1-1.2.1-2.2mdv2010.0.x86_64.rpm
 b4067d049b8333c6986eb7b7ae15bd92  2010.0/x86_64/lib64extensionsystem1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4edc6b295e3da81e798abf9fd7f29055  2010.0/x86_64/lib64qtconcurrent1-1.2.1-2.2mdv2010.0.x86_64.rpm
 4513fa9422e50fc2766009cd0e36bef3  2010.0/x86_64/lib64utils1-1.2.1-2.2mdv2010.0.x86_64.rpm
 75e44c0a21ee51a31723b8745f1dafca  2010.0/x86_64/qt-creator-1.2.1-2.2mdv2010.0.x86_64.rpm
 f150dba6979ef40f976972f6acc75180  2010.0/x86_64/qt-creator-doc-1.2.1-2.2mdv2010.0.x86_64.rpm
 1a7f7c6820ac43102c30bf3c5ffa570c  2010.0/SRPMS/qt-creator-1.2.1-2.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 127afd19d86e5e5fb75a9a9a98ceec10  2010.1/i586/qt-creator-1.3.1-3.2mdv2010.1.i586.rpm
 2af40e3c8026a3cf2c2a363bac6f04c5  2010.1/i586/qt-creator-doc-1.3.1-3.2mdv2010.1.i586.rpm
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d36be9f4a84212098a5c18248a5f4465  2010.1/x86_64/qt-creator-1.3.1-3.2mdv2010.1.x86_64.rpm
 911034c2b800c9021141242a56aae79a  2010.1/x86_64/qt-creator-doc-1.3.1-3.2mdv2010.1.x86_64.rpm
 4cd4b31b37f920c3c4e8c074c5d6e6d5  2010.1/SRPMS/qt-creator-1.3.1-3.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMqEsRmqjQ0CJFipgRAm4BAJ0b7XnaZghX83QGkIWeI0h4/+AdbgCfVdIv
XmQcNcc6OmY0kXyBYjnudVs=
=YDKE
-----END PGP SIGNATURE-----



------------------------------

Message: 2
Date: Sun, 03 Oct 2010 21:37:00 +0200
From: security () mandriva com
Subject: [Full-disclosure] [ MDVSA-2010:194 ] git
To: full-disclosure () lists grok org uk
Message-ID: <E1P2UMm-0001Qv-Uq () titan mandriva com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:194
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : git
 Date    : October 3, 2010
 Affected: 2009.1, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in git:

 Stack-based buffer overflow in the is_git_directory function in setup.c
 in Git before 1.7.2.1 allows local users to gain privileges via a
 long gitdir: field in a .git file in a working copy (CVE-2010-2542).

 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2542
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 e36c30bb2efd1e37a798f18b2fe0409d  2009.1/i586/git-1.6.2.5-0.2mdv2009.1.i586.rpm
 e24c5595f517896efc3937c3e6f67e3f  2009.1/i586/git-arch-1.6.2.5-0.2mdv2009.1.i586.rpm
 fb822b181161f4896ce1d6dfdeb9bd15  2009.1/i586/git-core-1.6.2.5-0.2mdv2009.1.i586.rpm
 4f7f7ce2826bbca4c2686ec17dc98646  2009.1/i586/git-core-oldies-1.6.2.5-0.2mdv2009.1.i586.rpm
 1de9a3c640a8ab79b0f635c7f28d3566  2009.1/i586/git-cvs-1.6.2.5-0.2mdv2009.1.i586.rpm
 1a15e8c4cf5dcf67305cd82955eb9180  2009.1/i586/git-email-1.6.2.5-0.2mdv2009.1.i586.rpm
 bc58ceed787b7452d8a85180e44ef307  2009.1/i586/gitk-1.6.2.5-0.2mdv2009.1.i586.rpm
 6a0e809737cee3fa4bd23575b6d5437a  2009.1/i586/git-svn-1.6.2.5-0.2mdv2009.1.i586.rpm
 6dcf828363e99ab3dfe2b1539a095eb2  2009.1/i586/gitview-1.6.2.5-0.2mdv2009.1.i586.rpm
 19f0de2a083f34955d6a85b591c8a82b  2009.1/i586/gitweb-1.6.2.5-0.2mdv2009.1.i586.rpm
 729246da7e5812e3d8be48b66f6c96d2  2009.1/i586/libgit-devel-1.6.2.5-0.2mdv2009.1.i586.rpm
 6fa5b0e90caeb83bad4405ca84c3a644  2009.1/i586/perl-Git-1.6.2.5-0.2mdv2009.1.i586.rpm
 5c74a812d839adced666981b16008790  2009.1/SRPMS/git-1.6.2.5-0.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 36a163e8dbf812a00f2774737d3db3e3  2009.1/x86_64/git-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 da62d78a1fd8cb3f148da045c98f8697  2009.1/x86_64/git-arch-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 8a944bf53721285cc9fe90fe80f20503  2009.1/x86_64/git-core-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 15ce468ebf23b2e6442da065addc0468  2009.1/x86_64/git-core-oldies-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 e3ba618e5516ee3e0527dd4f656e43be  2009.1/x86_64/git-cvs-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 6be37a10302a9267d186e626437f7fba  2009.1/x86_64/git-email-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 3ae3179b2d6601e99e63136e70d9661e  2009.1/x86_64/gitk-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 cc0f7c402dbd3e4fb3a89c69d7c4bbce  2009.1/x86_64/git-svn-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 d3995ffe7fad83d902a22d7b465dad33  2009.1/x86_64/gitview-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 5266e7b2e209a7a94c854903f1c3dfa6  2009.1/x86_64/gitweb-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 0097c72a5d29c16d7193ca7159826180  2009.1/x86_64/lib64git-devel-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 3bf7309d7ee46a7b6c17954ddae939aa  2009.1/x86_64/perl-Git-1.6.2.5-0.2mdv2009.1.x86_64.rpm
 5c74a812d839adced666981b16008790  2009.1/SRPMS/git-1.6.2.5-0.2mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 05e69d2ef3f77fa187680647094becce  2010.0/i586/git-1.6.4.4-6.1mdv2010.0.i586.rpm
 0a4073b71cf63d4edba0ff3b565a89ba  2010.0/i586/git-arch-1.6.4.4-6.1mdv2010.0.i586.rpm
 caea32abfe0955cc7be5be2d49a69302  2010.0/i586/git-core-1.6.4.4-6.1mdv2010.0.i586.rpm
 9af8db24c9ecde83e6e30542c1a429d3  2010.0/i586/git-core-oldies-1.6.4.4-6.1mdv2010.0.i586.rpm
 9db0d8344eda9b00b2bf98c78fb923c3  2010.0/i586/git-cvs-1.6.4.4-6.1mdv2010.0.i586.rpm
 f1075e86c19920e9d760899745d031f8  2010.0/i586/git-email-1.6.4.4-6.1mdv2010.0.i586.rpm
 92457a4711ceb4c97250a78b541ed716  2010.0/i586/gitk-1.6.4.4-6.1mdv2010.0.i586.rpm
 66063c99e6a26a5a4c93dbd956fd4ba3  2010.0/i586/git-prompt-1.6.4.4-6.1mdv2010.0.i586.rpm
 f3970194c62eccef9b32fb3cab68b55a  2010.0/i586/git-svn-1.6.4.4-6.1mdv2010.0.i586.rpm
 1c17e4705d33069f1776b25531048bda  2010.0/i586/gitview-1.6.4.4-6.1mdv2010.0.i586.rpm
 9d361a0c3ad75a5c68affd14dcc7681b  2010.0/i586/gitweb-1.6.4.4-6.1mdv2010.0.i586.rpm
 d739ac4c7012ebd56b6d401d545243fa  2010.0/i586/libgit-devel-1.6.4.4-6.1mdv2010.0.i586.rpm
 d288543970e5dcd2268d6a7eb60305cc  2010.0/i586/perl-Git-1.6.4.4-6.1mdv2010.0.i586.rpm
 47a9c9ea741437d1432ddd90e32b45e6  2010.0/SRPMS/git-1.6.4.4-6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 cc3e19b3a6cf10ead6e5a74d478fc39e  2010.0/x86_64/git-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 690b28356d34cc1da502f04dda722ea5  2010.0/x86_64/git-arch-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 848b95d3e8d2755d7e9bc885600c16b2  2010.0/x86_64/git-core-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 12e3fc6006f1a688da619ed304ed703f  2010.0/x86_64/git-core-oldies-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 1079c63990148140641dfc728f0f95ae  2010.0/x86_64/git-cvs-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 32a648d0a7daa28644f96f04d05b3f96  2010.0/x86_64/git-email-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 e61e2dafa93e4c6843aab8b96f2ff02c  2010.0/x86_64/gitk-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 39e12217b32a2cc6c553142c62f01ef3  2010.0/x86_64/git-prompt-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 5b4e71e02e815f2c63b497836d1f1e7c  2010.0/x86_64/git-svn-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 4d1408e86a37909ce3af9d534d791eb1  2010.0/x86_64/gitview-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 7a1f7fdeb72a855f1cf62b5dc2f821a6  2010.0/x86_64/gitweb-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 0e43bd01aba87d2e1157307a979e920b  2010.0/x86_64/lib64git-devel-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 be775dcd8a82cd22852aa949864f6b20  2010.0/x86_64/perl-Git-1.6.4.4-6.1mdv2010.0.x86_64.rpm
 47a9c9ea741437d1432ddd90e32b45e6  2010.0/SRPMS/git-1.6.4.4-6.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 9a53fe0eafe2b286effe34e0386296f5  2010.1/i586/git-1.7.1-1.1mdv2010.1.i586.rpm
 366105f56483fda6e465af3b48886a64  2010.1/i586/git-arch-1.7.1-1.1mdv2010.1.i586.rpm
 7f4d4f93b1fc0f582ea976ab3948176b  2010.1/i586/git-core-1.7.1-1.1mdv2010.1.i586.rpm
 3d621a1105e35c473f44474fb429cd4f  2010.1/i586/git-core-oldies-1.7.1-1.1mdv2010.1.i586.rpm
 153c7334f1600e7b301ea88a596ecf87  2010.1/i586/git-cvs-1.7.1-1.1mdv2010.1.i586.rpm
 03f2cb0a820f848775798aecdff73d16  2010.1/i586/git-email-1.7.1-1.1mdv2010.1.i586.rpm
 1cf070ea84d4266d43dbc9cd1d94da1f  2010.1/i586/gitk-1.7.1-1.1mdv2010.1.i586.rpm
 09d4b394f592311256e9d1524a7b213a  2010.1/i586/git-prompt-1.7.1-1.1mdv2010.1.i586.rpm
 17253d2dea0e8e9ffd39729d17f94605  2010.1/i586/git-svn-1.7.1-1.1mdv2010.1.i586.rpm
 c55070264354761a42ef081504dba023  2010.1/i586/gitview-1.7.1-1.1mdv2010.1.i586.rpm
 4d4b279155246cf2c6dd5c3994341c76  2010.1/i586/gitweb-1.7.1-1.1mdv2010.1.i586.rpm
 20b5523db533068c74317c6ab6d1682f  2010.1/i586/libgit-devel-1.7.1-1.1mdv2010.1.i586.rpm
 0fdeeed89128c15726fc11d1c32f35e2  2010.1/i586/perl-Git-1.7.1-1.1mdv2010.1.i586.rpm
 94b914ed0817c3260deff34d1176850e  2010.1/i586/python-git-1.7.1-1.1mdv2010.1.i586.rpm
 269d848f0be754565fcd2ae2fd402244  2010.1/SRPMS/git-1.7.1-1.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c30305b2b65f3be12243bf6201f58db6  2010.1/x86_64/git-1.7.1-1.1mdv2010.1.x86_64.rpm
 abf1681f048980a84a31be90c0e0c1c9  2010.1/x86_64/git-arch-1.7.1-1.1mdv2010.1.x86_64.rpm
 8fc426f9885a16997e738d932bc178ff  2010.1/x86_64/git-core-1.7.1-1.1mdv2010.1.x86_64.rpm
 53bf857343b026bd3119c8f9f5f517e8  2010.1/x86_64/git-core-oldies-1.7.1-1.1mdv2010.1.x86_64.rpm
 d79af9e7c052afd3cfb86ba435d769ea  2010.1/x86_64/git-cvs-1.7.1-1.1mdv2010.1.x86_64.rpm
 e060edb60fbbdd430378449a8bf877a0  2010.1/x86_64/git-email-1.7.1-1.1mdv2010.1.x86_64.rpm
 2b3ee4007d2e770449a7301a4d16507e  2010.1/x86_64/gitk-1.7.1-1.1mdv2010.1.x86_64.rpm
 73406e43466413d30c34087103bfc3c3  2010.1/x86_64/git-prompt-1.7.1-1.1mdv2010.1.x86_64.rpm
 697df1362b4867550537f1374bdc228e  2010.1/x86_64/git-svn-1.7.1-1.1mdv2010.1.x86_64.rpm
 b58f8242b1d54c0653fb90e79bb4c221  2010.1/x86_64/gitview-1.7.1-1.1mdv2010.1.x86_64.rpm
 c0c684337ee3d11cb068ff9d52be2926  2010.1/x86_64/gitweb-1.7.1-1.1mdv2010.1.x86_64.rpm
 800ba00449a578960c97d567e1803977  2010.1/x86_64/lib64git-devel-1.7.1-1.1mdv2010.1.x86_64.rpm
 8bfd7f8c8329f963b04e2afe87cb4bd4  2010.1/x86_64/perl-Git-1.7.1-1.1mdv2010.1.x86_64.rpm
 7fa2e372949ed54ba0784726ef4dd78b  2010.1/x86_64/python-git-1.7.1-1.1mdv2010.1.x86_64.rpm
 269d848f0be754565fcd2ae2fd402244  2010.1/SRPMS/git-1.7.1-1.1mdv2010.1.src.rpm

 Mandriva Enterprise Server 5:
 da9042ce466cc88308c8da002a9bc22e  mes5/i586/git-1.6.0.6-0.2mdvmes5.1.i586.rpm
 1e1238eae3902d55c969f43d18682b60  mes5/i586/git-arch-1.6.0.6-0.2mdvmes5.1.i586.rpm
 74828248e38cb3f8bb8c4564933bd451  mes5/i586/git-core-1.6.0.6-0.2mdvmes5.1.i586.rpm
 9ca3cd9673c7ad38e30c6df900ec5147  mes5/i586/git-core-oldies-1.6.0.6-0.2mdvmes5.1.i586.rpm
 54e7e0ebad40973ca53bcf8d2f822bf4  mes5/i586/git-cvs-1.6.0.6-0.2mdvmes5.1.i586.rpm
 a0757a10b1566427aad43ab0bcd34188  mes5/i586/git-email-1.6.0.6-0.2mdvmes5.1.i586.rpm
 6c4e5f05a0ce18b8b0a3fa2454fc7e2d  mes5/i586/gitk-1.6.0.6-0.2mdvmes5.1.i586.rpm
 80bf65bdd9f5eea47e93757152d5d0e4  mes5/i586/git-svn-1.6.0.6-0.2mdvmes5.1.i586.rpm
 78e93b557075a4eeaf77065730d54efd  mes5/i586/gitview-1.6.0.6-0.2mdvmes5.1.i586.rpm
 750fb551951a21c5118b87b3278c32ed  mes5/i586/gitweb-1.6.0.6-0.2mdvmes5.1.i586.rpm
 a85dca1ed2756d1d0d12a8d211b2bdb9  mes5/i586/libgit-devel-1.6.0.6-0.2mdvmes5.1.i586.rpm
 86e2d91045b53f684988c8a838a2c8e7  mes5/i586/perl-Git-1.6.0.6-0.2mdvmes5.1.i586.rpm
 4fe847b83f07ab8d0e11290352dc22f2  mes5/SRPMS/git-1.6.0.6-0.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 7c9097482d702eb71d58ab4c85ee0807  mes5/x86_64/git-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 20a1b3191f9eabd8664723293841203e  mes5/x86_64/git-arch-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 660b37a71c0aac0051088545a2f77f06  mes5/x86_64/git-core-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 39acbb3e9873ba07a1e587da34195c68  mes5/x86_64/git-core-oldies-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 646464b83ad39c5ad34a6bbe4f6b225d  mes5/x86_64/git-cvs-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 5f488aaa40399af4025670e5d9a49c57  mes5/x86_64/git-email-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 5b505b16edcc9b227784dd66e205190e  mes5/x86_64/gitk-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 0cb95524e359a89842ee99eb20dba0cc  mes5/x86_64/git-svn-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 c19be84b13166ceba8a6ac502cff9590  mes5/x86_64/gitview-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 99330e300c41df8e6966520bbb2ef791  mes5/x86_64/gitweb-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 4978b265158ae0e11eb3086ef5532b5a  mes5/x86_64/lib64git-devel-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 a5fda12a1c57745a86d1e77dc24151f8  mes5/x86_64/perl-Git-1.6.0.6-0.2mdvmes5.1.x86_64.rpm
 4fe847b83f07ab8d0e11290352dc22f2  mes5/SRPMS/git-1.6.0.6-0.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMqKzEmqjQ0CJFipgRAmwVAJ9o/Om4HDJD0k3Af6A7IiU9h8DM7QCfQtYx
LG4Q+Zdpo8DNb9o50S6GXwg=
=hz7X
-----END PGP SIGNATURE-----



------------------------------

Message: 3
Date: Sun, 03 Oct 2010 17:07:23 +0200
From: Harry Behrens <harry () behrens com>
Subject: [Full-disclosure] WikiLeaks "underoing" (sic) scheduled
        maintenance
To: full-disclosure () lists grok org uk
Message-ID: <4CA89C2B.6040303 () behrens com>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed

  for 5 days and nothing about this to be found on google.

Does anybody have an idea what is happening here - it does smell
slightly fishy...

     -h



------------------------------

Message: 4
Date: Sun, 03 Oct 2010 16:39:03 +0300
From: Ali Polatel <alip () exherbo org>
Subject: [Full-disclosure] [ANN] pinktrace-0.0.1
To: full-disclosure () lists grok org uk
Message-ID: <87tyl35rbc.fsf () karatren ev>
Content-Type: text/plain; charset="utf-8"

Hey everyone,

I'd like to announce the first public release of pinktrace.

Download
========
tarball: http://dev.exherbo.org/~alip/pinktrace/release/pinktrace-0.0.1.tar.bz2
sha1sum: http://dev.exherbo.org/~alip/pinktrace/release/pinktrace-0.0.1.tar.bz2.sha1sum
sign: http://dev.exherbo.org/~alip/pinktrace/release/pinktrace-0.0.1.tar.bz2.asc

About
=====
PinkTrace is a ptrace() wrapper library.

Overview
========
PinkTrace is a lightweight C99 library that eases the writing of tracing
applications. It consists of the following parts:

* Wrappers around different ptrace() requests.
* An API for decoding arguments (strings, socket addresses, ?)
* An experimental API for encoding arguments.

License
=======
PinkTrace is licensed under the BSD-3 license.

Supported Platforms
===================
FreeBSD and Linux operating systems are supported.
Supported architectures are:
- x86
- x86_64
- ia64 (Linux only)
- ppc (Linux only)
- ppc64 (Linux only)
- arm (Linux only)

Documentation
=============
API: http://dev.exherbo.org/~alip/pinktrace/api/c
Python bindings: http://dev.exherbo.org/~alip/pinktrace/api/python
Ruby bindings: http://dev.exherbo.org/~alip/pinktrace/api/ruby

Examples
========
There are examples showing how to use the various parts of the library:
http://dev.exherbo.org/~alip/pinktrace/#examples

Contribute
==========
Contributions are welcome.
Clone git://github.com/alip/pinktrace.git.
Format patches are preferred. Either send a mail to me or poke me on IRC.
My personal e-mail address is alip () exherbo org
I'm available on IRC as alip on Freenode and OFTC.
Join #sydbox on Freenode for pinktrace related questions.

--
Regards,
Ali Polatel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20101003/3b3c9651/attachment-0001.bin

------------------------------

Message: 5
Date: Mon, 4 Oct 2010 14:03:04 +1100
From: dave b <db.pub.mail () gmail com>
Subject: [Full-disclosure] Fwd: xss in silverstripe
To: full-disclosure () lists grok org uk
Message-ID:
        <AANLkTikLtnJry6X20E3O2fXJBSBA3bH=OK4sRWGLeZNv () mail gmail com>
Content-Type: text/plain; charset=UTF-8

Bugtraq seem to be having problems :/ (this is the only reason I sent
this to full disclosure I don't like wasting people's time with xss on
this list).


---------- Forwarded message ----------
From: dave b <db.pub.mail () gmail com>
Date: 4 October 2010 13:48
Subject: xss in silverstripe
To: bugtraq () securityfocus com


Look I know xss are lame but silverstripe is vulnerable ...

http://www.silverstripe.com/blog/tag/%20%3Cinput%20type=%22text%22%20AUTOFOCUS%20onfocus=alert%281%29%3E

I love html5!

--
The better part of valor is discretion. ? ? ? ? -- William
Shakespeare, "Henry IV"



------------------------------

Message: 6
Date: Mon, 04 Oct 2010 10:12:06 +0200
From: PsychoBilly <zpamh0l3 () gmail com>
Subject: Re: [Full-disclosure] Multiple vulnerabilities in WordPress 2
        and 3
To: full-disclosure () lists grok org uk
Message-ID: <4CA98C56.1030209 () gmail com>
Content-Type: text/plain; charset=windows-1251; format=flowed

We all know you have to make a living
but
For all these disclosures it's needed to have a brain.

************************
Cluster #[[   MustDie   ]] possibly emitted,


For all these attacks it's needed to have access to admin account



------------------------------

Message: 7
Date: Mon, 4 Oct 2010 10:21:08 +0200
From: Early Warning <seclist () mindedsecurity com>
Subject: [Full-disclosure] Breaking .NET encryption with or without
        Padding Oracle
To: full-disclosure () lists grok org uk
Message-ID:
        <AANLkTimB8ZfhngU+rRjctR-UUOjYDFiP2VkNj5jcJxpX () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Dear list,

Since Microsoft official fix is out, we published full details about
"ScriptResource.axd" vulnerability in framework 3.5 sp1 and above
which leads to arbitrary file disclosure in the virtual path.
In addition we have included also details about the "T" exploit
that can be used to circumvent initial Microsoft workaround.

For more information:
http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html


Regards,

Giorgio Fedon

Minded Security Research Team
www.mindedsecurity.com



------------------------------

Message: 8
Date: Mon, 4 Oct 2010 12:02:21 +0200
From: huj huj huj <datskihuj () gmail com>
Subject: Re: [Full-disclosure] the real stuxnet authors plz stand up
To: coderman <coderman () gmail com>
Cc: Full Disclosure <full-disclosure () lists grok org uk>
Message-ID:
        <AANLkTinmfxs3uTdS0Nmo4BaVv59AE7LtteqRLKRo1i_t () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

coderman its puff puff pass.. you smoked the whole thing!

2010/9/25 coderman <coderman () gmail com>

On Fri, Sep 24, 2010 at 11:48 PM, Kenneth Voort <kenneth () voort ca> wrote:
Get real...

i did not say bushehr was not impacted; a side effect of the re-use of
same real-time PLC workflow controller there resulted in cluster fuck
and non-operation.

however, the target was centrifuges and in this regard, it worked
perfectly: the only outward signs of interest at natanz and qom while
affected was then un-explained 2x to 4x under-yield from the
cascades...  the running total spinning looked nice though - steady
progress! heh

in any case, you confuse me with someone who has something to say.
really EOT this time...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20101004/a352a5bf/attachment-0001.html

------------------------------

Message: 9
Date: Mon, 4 Oct 2010 12:31:36 +0200
From: huj huj huj <datskihuj () gmail com>
Subject: Re: [Full-disclosure] WikiLeaks "underoing" (sic) scheduled
        maintenance
To: Harry Behrens <harry () behrens com>
Cc: full-disclosure () lists grok org uk
Message-ID:
        <AANLkTim+hZWbUNzcJtf8G=a0Xe2nKNt2usEpjdVBuJdS () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

probably just assange throwing a tantrum

2010/10/3 Harry Behrens <harry () behrens com>

 for 5 days and nothing about this to be found on google.

Does anybody have an idea what is happening here - it does smell
slightly fishy...

    -h

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20101004/5325aae4/attachment-0001.html

------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 68, Issue 5
**********************************************
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: Full-Disclosure Digest, Vol 68, Issue 5 Mikhail A. Utin (Oct 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]