Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
On Mon, Jul 01, 2002 at 13:24:37 +0100, Jeff Armstrong wrote:
> > -----Original Message-----
> > From: J.H.M. Dassen (Ray) [mailto:email@example.com]
> > This has been fixed; see http://bugs.debian.org/151342 for details.
> I don't think this is 'fixed'?
Sam spoke of "libisc4/libdns5" which exist only in testing and unstable, not
in stable. The issue is fixed for BIND 8/9 in unstable with the uploads
referenced in the bug log.
> I am assuming that an update for libc6 for stable will follow as soon as
> the security team are able.
If it affects GNU libc, which is still unclear, at least to me. Pine's
original advisory states "Platforms: FreeBSD, OpenBSD, NetBSD, maybe more."
and so far the status of http://www.kb.cert.org/vuls/id/803539 for every
Linux vendor is "Unknown".
I love articles that remind you that one of the ingredients it recommends
playing with is a nasty mutagen.
Timothy introducing "Recombinant DNA For The Home Hobbyist"
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com