Charles Duffy discovered that the Commandline class in the utilities forthe Plexus framework performs insufficient quoting of double-encodedstrings, which could result in the execution of arbitrary shell commands.
More info:
https://www.debian.org/security/2018/dsa-4149
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflowin the Kamailio SIP server which could result in denial of service andpotentially the execution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4148
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflowin the Kamailio SIP server which could result in denial of service andpotentially the execution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4148
