From announce-noreply at rpath.com  Fri Sep  5 03:52:55 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Thu, 04 Sep 2008 23:52:55 -0400
Subject: rPSA-2008-0268-1 libtiff
Message-ID: <48c0ad17.FyFsIApWBAzwv5Qs%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0268-1
Published: 2008-09-04
Products:
    rPath Linux 1
    rPath Linux 2

Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    libtiff=conary.rpath.com at rpl:1/3.8.2-3.1-1
    libtiff=conary.rpath.com at rpl:2/3.8.2-5-0.1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2724

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327

Description:
    Previous versions of the libtiff package contain buffer underflows
    that may allow user-assisted attackers to execute arbitrary code
    using maliciously crafted TIFF files.
    
    Note that applications linked against libtiff may also be affected
    by this vulnerability, and will be fixed by this update.

http://wiki.rpath.com/Advisories:rPSA-2008-0268

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

From announce-noreply at rpath.com  Wed Sep 17 16:07:23 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Wed, 17 Sep 2008 12:07:23 -0400
Subject: rPSA-2008-0278-1 tshark wireshark
Message-ID: <48d12b3b.hmG9S4OCTU+mLiTK%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0278-1
Published: 2008-09-17
Products:
    rPath Linux 1

Rating: Minor
Exposure Level Classification:
    Indirect Deterministic Denial of Service
Updated Versions:
    tshark=conary.rpath.com at rpl:1/1.0.3-0.1-1
    wireshark=conary.rpath.com at rpl:1/1.0.3-0.1-1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2835

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933

Description:
    Previous versions of the wireshark package are vulnerable to multiple
    Denial of Service attacks in which malformed packets may cause the
    application to hang or crash.  It has not been determined that these
    vulnerabilities can be exploited to execute malicious code.

http://wiki.rpath.com/Advisories:rPSA-2008-0278

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

From announce-noreply at rpath.com  Wed Sep 17 18:31:37 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Wed, 17 Sep 2008 14:31:37 -0400
Subject: rPSA-2008-0276-1 mercurial mercurial-hgk
Message-ID: <48d14d09.SbQcsUPLq7wOOH3L%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0276-1
Published: 2008-09-17
Products:
    rPath Linux 2

Rating: Minor
Exposure Level Classification:
    Remote User Deterministic Information Exposure
Updated Versions:
    mercurial=conary.rpath.com at rpl:2/1.0.2-2-0.1
    mercurial-hgk=conary.rpath.com at rpl:2/1.0.2-2-0.1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2753

Description:
    Previous versions of the mercurial package do not properly honor
    "allowpull" permissions when serving a repository using hgweb.
    
    Additionally, the git converter in mercurial has been updated to 
    work with recent git releases.
    
    Note that hgweb is not enabled by default on rPath Linux systems.

http://wiki.rpath.com/Advisories:rPSA-2008-0276

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

From announce-noreply at rpath.com  Tue Sep 30 02:18:02 2008
From: announce-noreply at rpath.com (rPath Update Announcements)
Date: Mon, 29 Sep 2008 22:18:02 -0400
Subject: rPSA-2008-0286-2 mono
Message-ID: <48e18c5a.FNbaT+P0UZREHH3Q%announce-noreply@rpath.com>

rPath Security Advisory: 2008-0286-2
Published: 2008-09-29
Updated:
    2008-09-29 added missing rPath Issue Tracking System URL
Products:
    rPath Linux 2

Rating: Major
Exposure Level Classification:
    Remote User Deterministic Vulnerability
Updated Versions:
    mono=conary.rpath.com at rpl:2/1.2.6-5-0.1

rPath Issue Tracking System:
    https://issues.rpath.com/browse/RPL-2831

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906

Description:
    Previous versions of the mono package contain an HTTP header
    vulnerability which may allow attackers to insert cross-site
    scripting or other malicious code into an HTTP response.
    
    29 September 2008 Update: added missing rPath Issue Tracking
    System URL

http://wiki.rpath.com/Advisories:rPSA-2008-0286

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html