Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some configurations,
this allows for appending data to arbitrary files as root.
Read the full story: DSA-1629 postfix - programming error: http://www.debian.org/security/2008/dsa-1629
Chaskiel M Grundman discovered that opensc, a library and utilities to
handle smart cards, would initialise smart cards with the Siemens CardOS M4
card operating system without proper access rights. This allowed everyone
to change the card’s PIN.
Read the full story: DSA-1627 opensc - programming error: http://www.debian.org/security/2008/dsa-1627
Joan Calvet discovered that httrack, a utility to create local copies of
websites, is vulnerable to a buffer overflow potentially allowing to
execute arbitrary code when passed excessively long URLs.
Read the full story: DSA-1626 httrack - buffer overflow: http://www.debian.org/security/2008/dsa-1626