Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
On Fri, Oct 29, 2004 at 09:21:09PM +0200, Thomas Wana wrote:
> Frank Lichtenheld wrote:
> >Hmm, the patch from the DSA is included in the package... Or do you
> >mean that the patch is flawed?
>
> Do you mean DSA-405-1 (http://lwn.net/Articles/64725/)? That DSA
> is refering to CAN-2003-0949, which indeed seems to be fixed, but
> CAN-2004-0074 (which this bug is about) is nowhere mentioned anywhere,
> and it's indeed unfixed.
Uupps, I was confused by the CAN numbers...
> How to verify this bug:
> -----------------------
[...]
But you too, since that was the wrong part ;) The LANG vuln is fixed in
the current package (the patch is in debian/patches and gets applied at
build time). I guess the -xsokdir vuln could be not fixed, I will check that.
Gruesse,
--
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply to: