On Tue, Jan 30, 2007 at 02:36:23AM +0200, Achilleas Kotsis wrote: > Hello, > > according to CVE-2007-0460, ulogd is prone to several vulnerabilities > due to improper string length calculations. ulogd is running as root, > and the vulnerability is thought to be remotely exploitable, so I guess > this is serious... > > As a package maintainer, I have uploaded a new package in unstable > (1.23-6) just fixing these problems using a slightly adjusted patch from > SuSE, that could also be used in testing (1.23-5), if unblocked by the > Release Management team. > Confirmed fixed in 1.23-6. I can't check the diff yet, as merkel hasn't picked up that it's there. I'll be tracking it though :) Neil -- <h01ger> I miss a computer physically... I can ping it, but don't know where it is...
Attachment:
signature.asc
Description: Digital signature