Re: Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)

To: Achilleas Kotsis <achille@debian.gr>
Cc: debian-release@lists.debian.org
Subject: Re: Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)
From: Luk Claes <luk@debian.org>
Date: Wed, 31 Jan 2007 08:57:23 +0100
Message-id: <[🔎] 45C04BE3.2050504@debian.org>
In-reply-to: <[🔎] 45BE9307.3010303@debian.gr>
References: <[🔎] 45BE9307.3010303@debian.gr>

Achilleas Kotsis wrote:

Hello,

according to CVE-2007-0460, ulogd is prone to several vulnerabilities
due to improper string length calculations. ulogd is running as root,
and the vulnerability is thought to be remotely exploitable, so I guess
this is serious...

As a package maintainer, I have uploaded a new package in unstable
(1.23-6) just fixing these problems using a slightly adjusted patch from
SuSE, that could also be used in testing (1.23-5), if unblocked by the
Release Management team.


Unblocked.

Cheers

Luk

Reply to:

References:
- Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)
  - From: Achilleas Kotsis <achille@debian.gr>

Prev by Date: Re: Please hint athena-jot 9.0-4 etch
Next by Date: schroot for testing
Previous by thread: Re: Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)
Next by thread: libnids package in freeze
Index(es):
- Date
- Thread