Re: Woody release security round-up
On Sun, Apr 28, 2002 at 03:41:00PM +1000, Anthony Towns wrote:
> On Sat, Apr 27, 2002 at 11:58:51AM -0400, Matt Zimmerman wrote:
> > Package Bug Status
> > ------- --- ------
> > xtell Multiple security holes Outstanding (#136018)
> > Should be removed
>
> That bug has been closed, and the version in testing is the same as the
> version in unstable (2.9)... Is it actually outstanding, and if so, shouldn't
> the report be reopened?
Yes, in fact I sent a message to reopen it as I was writing that
message...hmm. I'll send another one. The submitter gives multiple
examples where essentially the same access can be obtained as in the
original report.
> icecast-server (#141051) also has a remote shell/root vulnerability. (Fix
> uploaded, that doesn't autobuild)
Looks like a simple missing build-dep. Filing a bug now. I may make
another NMU at urgency=low; this probably shouldn't ship with woody (the
last NMU made major packaging changes, why??).
This actually looks like it affects potato as well, and is different from
DSA-089.
> libpam-pgsql (#143745) has a DoS issue too. (Fix uploaded today)
This doesn't sound very exploitable, unless an account can be expired/locked
out with multiple failed logins by an attacker. But then, that would be a
DoS in itself.
--
- mdz
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: