Matthew Dempsky

**Name of the Vulnerable Software and Affected Versions** djbdns versions 1.05 and earlier **Description** The issue concerns the response addname function in response.c, which does not properly constrain offsets. This allows remote attackers, who have control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. **Recommendations** For djbdns versions 1.05 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 9.0.277.0 Adobe Flash Player versions 10.x prior to 10.1.53.64 Adobe AIR versions prior to 2.0.2.12610 **Description** The issue allows remote web servers to cause a denial of service, resulting in a NULL pointer dereference and browser crash. This occurs when an HTTP request is sent a second time and the server returns a different response, such as providing SWF files with different SWF version numbers. **Recommendations** For Adobe Flash Player versions prior to 9.0.277.0, update to version 9.0.277.0 or later. For Adobe Flash Player versions 10.x prior to 10.1.53.64, update to version 10.1.53.64 or later. For Adobe AIR versions prior to 2.0.2.12610, update to version 2.0.2.12610 or later.