[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security issue with 'elog' package

On Wed, May 04, 2005 at 12:15:15AM +0300, Recai Oktas wrote:
> I uploaded the new upstream of Elog a few days ago (this is a sponsored
> package).  I've just noticed a possible security flaw which affects both
> versions in testing (2.5.7+r1558) and unstable (2.5.8+r1637), as can be
> seen in the following CVS log of r1.638:

>     http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c

> Since the fix[1] is so trivial to backport, I can easily prepare a new
> package for just the version in testing.

Please do so, unless you can point us to a release-critical bug addressed by
the version currently in unstable.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: