[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

On Fri, Oct 29, 2004 at 09:21:09PM +0200, Thomas Wana wrote:
> Frank Lichtenheld wrote:
> >Hmm, the patch from the DSA is included in the package... Or do you
> >mean that the patch is flawed?
> Do you mean DSA-405-1 (http://lwn.net/Articles/64725/)? That DSA
> is refering to CAN-2003-0949, which indeed seems to be fixed, but
> CAN-2004-0074 (which this bug is about) is nowhere mentioned anywhere,
> and it's indeed unfixed.

Uupps, I was confused by the CAN numbers...

> How to verify this bug:
> -----------------------

But you too, since that was the wrong part ;) The LANG vuln is fixed in
the current package (the patch is in debian/patches and gets applied at
build time). I guess the -xsokdir vuln could be not fixed, I will check that.

Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to: