On Thu, Aug 19, 1999 at 04:43:29PM -0500, David Welton wrote: > Are these epic4? I think so, as I have no bugs similar to these filed > against epic. Maybe it is vulnerable though, could someone point me > to these bugs (I don't seem them in the bug tracking system), and how > to reproduce them? Yes they are. The packages are epic4 and epic4-help, they apparently were listed wrong in the message. The advisory was posted to the ircii-epic list (I don't have the original) All versions of epic4 prior to pre2.003 are vulnerable to the first potential DoS which was discovered after pre2.003's release leading to the fix information of "upgrade to pre2.003, it's more stable anyway", and there was another found in pre2.003 which was patched---that patch is in the .diff.gz... If absolutely required, hop will provide another advisory about using epic4pre2.003 or later with the patch if you want the ANSI parser to be safe. epic3's ANSI parser is also unsafe, but never was it claimed that it was---it's a known bug in epic3. -- Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3 PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE -------------------------------------------------------------------------- <xtifr> you don't have to be insane to work here....oh wait, yes you do! :)
Attachment:
pgp9feEofMEVW.pgp
Description: PGP signature