[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

On Mon, Jul 01, 2002 at 13:24:37 +0100, Jeff Armstrong wrote:
> > -----Original Message-----
> > From: J.H.M. Dassen (Ray) [mailto:dm@zensunni.demon.nl] 

> > This has been fixed; see http://bugs.debian.org/151342 for details.

> I don't think this is 'fixed'?

Sam spoke of "libisc4/libdns5" which exist only in testing and unstable, not
in stable. The issue is fixed for BIND 8/9 in unstable with the uploads
referenced in the bug log.

> I am assuming that an update for libc6 for stable will follow as soon as
> the security team are able.

If it affects GNU libc, which is still unclear, at least to me. Pine's
original advisory states "Platforms: FreeBSD, OpenBSD, NetBSD, maybe more."
and so far the status of http://www.kb.cert.org/vuls/id/803539 for every
Linux vendor is "Unknown".

Ray
-- 
I love articles that remind you that one of the ingredients it recommends
playing with is a nasty mutagen.
	Timothy introducing "Recombinant DNA For The Home Hobbyist"
	http://slashdot.org/article.pl?sid=00/06/18/1316258


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: