[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Woody release security round-up



On Sun, Apr 28, 2002 at 03:41:00PM +1000, Anthony Towns wrote:

> On Sat, Apr 27, 2002 at 11:58:51AM -0400, Matt Zimmerman wrote:
> > Package		Bug			Status
> > -------		---			------
> > xtell		Multiple security holes	Outstanding (#136018)
> > 					Should be removed
> 
> That bug has been closed, and the version in testing is the same as the
> version in unstable (2.9)... Is it actually outstanding, and if so, shouldn't
> the report be reopened?

Yes, in fact I sent a message to reopen it as I was writing that
message...hmm.  I'll send another one.  The submitter gives multiple
examples where essentially the same access can be obtained as in the
original report.

> icecast-server (#141051) also has a remote shell/root vulnerability. (Fix
> uploaded, that doesn't autobuild)

Looks like a simple missing build-dep.  Filing a bug now.  I may make
another NMU at urgency=low; this probably shouldn't ship with woody (the
last NMU made major packaging changes, why??).

This actually looks like it affects potato as well, and is different from
DSA-089.

> libpam-pgsql (#143745) has a DoS issue too. (Fix uploaded today)

This doesn't sound very exploitable, unless an account can be expired/locked
out with multiple failed logins by an attacker.  But then, that would be a
DoS in itself.

-- 
 - mdz


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: