Hack Talk
You shot who in the what now? Home | Gitweb | Status | IRC

Sat, 25 Feb 2017 07:43:27 +0100

W3C Begins Standards Work on Web of Things to Reduce IoT Fragmentation
    24 Feb 2017 | 14:50 from W3C News

To further the growth of market for IoT devices and services, W3C has launched the Web of Things Working Group to develop initial standards for the Web of Things, tasked with the goal to counter the fragmentation of the IoT; reduce the costs of development; lessen the risks to both investors and customers; and encourage […]


[SECURITY] [DSA 3792-1] libreoffice security update
    24 Feb 2017 | 06:30 from Bugtraq

Posted by Moritz Muehlenhoff on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3792-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 23, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2017-3157

Ben Hayak...

Advisory X41-2017-004: Multiple Vulnerabilities in tnef
    23 Feb 2017 | 18:07 from Bugtraq

Posted by X41 D-Sec GmbH Advisories on Feb 23

X41 D-Sec GmbH Security Advisory: X41-2017-004

Multiple Vulnerabilities in tnef
================================

Overview
--------
Confirmed Affected Versions: 1.4.12 and earlier
Confirmed Patched Versions:
Vendor: verdammelt
Vendor URL: https://github.com/verdammelt/tnef/
Vector: File
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/

Summary and Impact...

Free Software Directory meeting recap for February 17th, 2017
    23 Feb 2017 | 17:25 from FSF's blog

Check out the great work our volunteers accomplished at the last Free Software Directory meeting.


Friday Free Software Directory IRC meetup: February 24th starting at 12 p.m. EST/17:00 UTC
    23 Feb 2017 | 16:24 from FSF's blog

Join the FSF and friends Friday, February 24th, from 12 p.m. to 3 p.m. EST (17:00 to 20:00 UTC) to help improve the Free Software Directory (FSD), with the theme this week of adding new packages.


Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities
    23 Feb 2017 | 14:03 from Bugtraq

Posted by Vulnerability Lab on Feb 23

Document Title:
===============
Air Transfer 1.2.1 & 1.0.14 iOS - Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2035

Release Date:
=============
2017-02-22

Vulnerability Laboratory ID (VL-ID):
====================================
2035

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Three recommendations to enable Annotations on the Web
    23 Feb 2017 | 09:03 from W3C News

The Web Annotation Working Group has just published a Recommendation for Web Annotation in the form three documents: Web Annotation Data Model—specification describes a structured model and format, in JSON, to enable annotations to be shared and reused across different hardware and software platforms. Common use cases can be modeled in a manner that is […]


FreeBSD Security Advisory FreeBSD-SA-17:02.openssl
    23 Feb 2017 | 08:57 from Bugtraq

Posted by FreeBSD Security Advisories on Feb 22

=============================================================================
FreeBSD-SA-17:02.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2017-02-23
Affects: All supported versions of FreeBSD.
Corrected: 2017-01-26 19:14:14 UTC...

[SECURITY] [DSA 3791-1] linux security update
    23 Feb 2017 | 06:13 from Bugtraq

Posted by Salvatore Bonaccorso on Feb 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3791-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2016-6786 CVE-2016-6787...

[SECURITY] [DSA 3788-2] tomcat8 regression update
    22 Feb 2017 | 20:11 from Bugtraq

Posted by Salvatore Bonaccorso on Feb 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3788-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8

The update for tomcat8 issued as DSA-3788-1 caused...

[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
    22 Feb 2017 | 06:32 from Bugtraq

Posted by security-alert on Feb 21

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322
Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX
running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive
Information

NOTICE: The information in this Security Bulletin should be acted...

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
    21 Feb 2017 | 20:13 from Bugtraq

Posted by Apple Product Security on Feb 21

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained...

First Public Working Drafts: CSS Timing Functions Level 1; CSS Containment Module Level 1
    21 Feb 2017 | 08:35 from W3C News

The CSS Working Group has published two First Public Working Drafts today: CSS Timing Functions Level 1, a module that describes a way for authors to define a transformation to be applied to the time of an animation. This can be used to produce animations that mimic physical phenomena such as momentum or to cause […]


W3C Workshop Report: Smart Descriptions and Smarter Vocabularies (SDSVoc)
    20 Feb 2017 | 20:48 from W3C News

W3C published today the report from the W3C “Smart Descriptions & Smarter Vocabularies (SDSVoc)” workshop, held on 30 November – 1 December 2016 in Amsterdam. The report contains an executive summary and conclusions, as well as a brief summary and visual report of each session, with links to all presentation slides. The event’s agenda also […]


PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
    20 Feb 2017 | 11:25 from Bugtraq

Posted by Vulnerability Lab on Feb 20

Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================================
2029

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...

[SECURITY] [DSA 3790-1] spice security update
    17 Feb 2017 | 06:25 from Bugtraq

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3790-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spice
CVE ID : CVE-2016-9577 CVE-2016-9578
Debian...

Here's a sneak peek at LibrePlanet 2017: Register today!
    16 Feb 2017 | 20:17 from FSF's blog

In just six weeks, on March 25 & 26, 2017, free software hackers, lawyers, activists, students, educators, librarians, and community organizers will gather at the Massachusetts Institute of Technology (MIT) to explore the roots of software freedom. Will YOU be there?


Spatial Data on the Web Best Practices Note Published
    16 Feb 2017 | 18:51 from W3C News

The Spatial Data on the Web Working Group has published a Group Note of Spatial Data on the Web Best Practices. This document advises on best practices related to the publication and usage of spatial data on the Web; the use of Web technologies as they may be applied to location. The best practices are […]


Ready-made Counter Styles Note Published
    16 Feb 2017 | 16:03 from W3C News

The Internationalization Working Group has published a Working Group Note that contains templates for counter styles used by various cultures around the world. It can be used as a reference for those wishing to add user-defined counter styles in their CSS style sheets. The content of this document was originally part of the CSS Lists […]


[SYSS-2017-004] Simplessus Files: Path Traversal
    16 Feb 2017 | 10:21 from Bugtraq

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...