Re: Debian WWW CVS commit by kraai: webwml/english/security/undated 1bliss.wml 1do ...
On Thu, Sep 04, 2003 at 10:46:29AM +0200, Gerfried Fuchs wrote:
> * Debian WWW CVS <firstname.lastname@example.org> [2003-08-20 05:17]:
> > Changes by: kraai 03/08/20 05:17:02
> > Modified files:
> > english/security/undated: 1parsecontrol.wml
> > Log message:
> > Add further descriptions and reference information, thanks to
> > Doug Jensen.
> I'm wondering.... Wouldn't it make much more sense to link to
> CA-1997-08 directly instead of to the "special edition about news
> So long,
>  <http://www.cert.org/advisories/CA-1997-08.html>
Here is a text representation of
<http://www.debian.org/security/undated/1parsecontrol>, notice that
a link to CA-1997-08 has been included in "Security database references":
Security database references:
CERT's vulnerabilities, advisories and incident notes: CA-1997-08.
This vulnerability may allow remote users to execute arbitrary
commands with the privileges of the user that manages the news
Quoting from CA-1997-08:
Remote, unauthorized users can execute arbitrary commands on the
system with the same privileges as the innd (INN daemon) process.
Attacks may reach news servers located behind Internet firewalls.
Versions of INN prior to 1.5.1 are vulnerable.
The Debian entry from CA-1997-08:
The current version of INN shipped with Debian is 1.4unoff4.
However the "unstable" (or development) tree contains inn-1.5.1.
* CERT Special Edition about news servers
The link to the "CERT Special Edition about news servers" provides
additional information about the INN vulnerability and about news server
vulnerabilities in general. It seemed like it would be a nice
additional resource, if someone was interested in the INN vulnerability.
Alfie, could you help me understand what you would like changed?