(Dec 30) Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
Comment
Archive for December 31st, 2012
3 results.
(Dec 30) Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages. [More…]
(Dec 29) MoinMoin could be made to run programs and overwrite files.