proto-security advisory for analog (security team, please take note)

To: debian-security@lists.debian.org
Subject: proto-security advisory for analog (security team, please take note)
From: Joey Hess <joeyh@debian.org>
Date: Tue, 13 Feb 2001 11:48:19 -0800
Message-id: <20010213114819.F3435@kitenet.net>

Here is a proto-advisory for the analog hole. I have just uploaded fixed
packages for stable and unstable. I'd appreciate it if the security team
could get an advisory out for this.

---------------------------------------------------------------------------

Package: analog
Vulnerability: remote buffer overflow
Debian-specific: no

The version of analog in Debian 2.2 (potato) was discovered by its
author to be vulnerable to buffer overflow. The buffer overflow
is exploitable remotely via analog's CGI interface, and may be
exploitable via other avenuses such as DNS poisoning. 

The vulnerability has been corrected in analog 4.01-1potato1.
No exploits are known to exist at this time, but we recommend you
upgrade your analog package immediatly.

--------------------------------------------------------------------------

-- 
see shy jo, keeping his stable chroot around for the next security hole
            -- nextaw. Sigh.

Reply to:

Prev by Date: Re: Security updates
Next by Date: Re: Apt-get package verification
Previous by thread: Re: Nessusd
Next by thread: Oops
Index(es):
- Date
- Thread