Re: [SRM] Fixing CVE-2007-2452 in findutils/stable
Andreas Metzler wrote:
> Hej,
Hi Andreas
> I would like to make a upload to stable to fix CVE-2007-2452
> aka http://bugs.debian.org/426862 which is a heap-buffer overflow in
> locate.
>
> According to Moritz Muehlenhoff there will not be a DSA for this,
> since the attack vector is relatively obscure and it additionally
> requires the local admin to actively change the configuration to
> force updatedb to use old-style db.
>
> The fix has been in testing/sid since the start of June (4.2.31-1).
>
> Suggested patch attached.
OK, feel free to upload, it will probably be included in r2.
Cheers
Luk
Reply to: