Hi Nico, happy new year! Nico Golde [2008-12-21 13:21 +0100]: > what is the status of this issue regarding lenny? The "unauthenticated RSS subscription crash" (CVE-2008-5184, STR #2774) is fixed in 1.3.8, thus in lenny and unstable; it does not affect etch at all. The "crash on more than 100 subscriptions" (CVE-2008-5183) is not fixed anywhere (not even upstream svn trunk). However, it is just an authenticated local DoS (NULL pointer deref), and as such I claim that it is not urgent at all, if it can even be called a vulnerability in the first place. http://lab.gnucitizen.org/projects/cups-0day has some details on this. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Attachment:
signature.asc
Description: Digital signature