Installed splitvt 1.6.5-0potato1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.6
Date: Wed, 17 Jan 2001 23:39:09 -0800
Source: splitvt
Binary: splitvt
Architecture: source i386
Version: 1.6.5-0potato1
Distribution: stable
Urgency: high
Maintainer: Joey Hess <joeyh@debian.org>
Description:
splitvt - run two programs in a split screen
Changes:
splitvt (1.6.5-0potato1) stable; urgency=HIGH
.
* This package is built for potato. Rather than backporting the upstream
patch alone, which leaves the possibility of more root exploits in the
future, I'm going to use my patch too so its just sgid tty. My patch
has had a good 6 months of testing, so I'm confident this is ok.
* New upstream version, with a format string hole fixed, and several
possible buffer overfllows fixed.
- Of those, only (I think) the format string attack and two of the
buffer overflows can affect the debian package.
- Luckily, my last release of the package back in June 2000 made
it only need to be sgid tty.
- Total possible impact: attacker could possibly crack the tty group.
Files:
dcfd3f56c5f7a3686e35a2de47614944 620 utils optional splitvt_1.6.5-0potato1.dsc
475d1066c013102625c79757b3615d9b 6005 utils optional splitvt_1.6.5-0potato1.diff.gz
ccb41228b11505bb25dc2f09830b3964 31444 utils optional splitvt_1.6.5-0potato1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Z0PP2tp5zXiKP0wRAo7rAKCwYwHvTzCnYKV1gCTklimw83lsyACguIyE
fIGFfxbxkXxpyrgrTQexhGA=
=sibm
-----END PGP SIGNATURE-----
Installed:
splitvt_1.6.5-0potato1.diff.gz
to pool/main/s/splitvt/splitvt_1.6.5-0potato1.diff.gz
splitvt_1.6.5-0potato1_i386.deb
to pool/main/s/splitvt/splitvt_1.6.5-0potato1_i386.deb
splitvt_1.6.5.orig.tar.gz
to pool/main/s/splitvt/splitvt_1.6.5.orig.tar.gz
splitvt_1.6.5-0potato1.dsc
to pool/main/s/splitvt/splitvt_1.6.5-0potato1.dsc
Reply to: