Re: [SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 16 Jun 2003 20:54:25 -0300
Message-id: <[🔎] 20030616235425.GA32527@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20030613234439.GD15260@alcor.net>
References: <20030613234439.GD15260@alcor.net>

On Fri, Jun 13, 2003 at 07:44:39PM -0400, Matt Zimmerman wrote:
> Package        : mikmod
> Vulnerability  : buffer overflow
> Problem-Type   : local
> Debian-specific: no
> CVE Id         : CAN-2003-0427
> 
> Ingo Saitz discovered a bug in mikmod whereby a long filename inside
> an archive file can overflow a buffer when the archive is being read
> by mikmod.
> 
> For the stable distribution (woody) this problem has been fixed in
> version 3.1.6-4woody3.

 Is libmikmod2 affected by this?  xmms uses it.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug.n , s.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to:

Prev by Date: [unconfirmed] new atftp vulnerabilities
Next by Date: Re: Probable SSH Vulnerability
Previous by thread: [unconfirmed] new atftp vulnerabilities
Next by thread: Re: na schick mal
Index(es):
- Date
- Thread