A vulnerability was discovered in aria2, a download client. The “name”
attribute of the “file” element of metalink files is not properly
sanitised before using it to download files. If a user is tricked into
downloading from a specially crafted metalink file, this can be
exploited to download files to directories outside of the intended
download directory.
Read the full story: DSA-2047 aria2 – insufficient input sanitising: http://www.debian.org/security/2010/dsa-2047
Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities
and Exposures project identifies the following problems:
Read the full story: DSA-2046 phpgroupware – several vulnerabilities: http://www.debian.org/security/2010/dsa-2046
Several vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
Read the full story: DSA-2034 phpmyadmin – several vulnerabilities: http://www.debian.org/security/2010/dsa-2034