Fedora 20 Security Update: qt3-3.3.8b-62.fc20

Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.

Read More

Swiss File Knife v1.7.4 HTTP – Buffer Overflow Vulnerability

Posted by Vulnerability Lab on Feb 28

Document Title:
Swiss File Knife v1.7.4 HTTP – Buffer Overflow Vulnerability

References (Source):

Release Date:

Vulnerability Laboratory ID (VL-ID):

Common Vulnerability Scoring System:

Product & Service Introduction:…

Read more

Fedora 21 Security Update: drupal7-entity-1.6-1.fc21

Resolved Bugs
1196750 – drupal7-entity-1.6 is available<br
## 7.x-1.6
See [SA-CONTRIB-2015-053 – Entity API – Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)
Changes since 7.x-1.5:
– by klausi: Sanitize field labels before passing them to the Token API.
– Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
– Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.
– Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().
– Issue #1651824 by meatsack | joachim: Fixed ‘entity_test’ table has incorrect declaration of foreign keys.
– Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.
– Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing ‘path’ index.
– Issue #1104286: Support generating database schema for date properties.
– Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.

Read More