Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw
A regression was introduced in DLA-2768-1, where the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) interprets incorrect Apache configurations in a less forgiving way, causing existing setups to fail after upgrade.
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue.
Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects.
DLA-2743-1 was issued for CVE-2017-5715, affecting amd64-microcode, processor microcode firmware for AMD CPUs. However, the binaries for the resulting upload weren't built and published, thereby preventing the users to upgrade to a fixed version.