coreutils/fileutils : 'dir' integer overflow vulnerability on woody

To: debian-security@lists.debian.org
Subject: coreutils/fileutils : 'dir' integer overflow vulnerability on woody
From: Christophe Chisogne <mon@publicityweb.com>
Date: Wed, 28 Jul 2004 17:05:38 +0200
Message-id: <[🔎] 4107C0C2.7040804@publicityweb.com>


A bug report about a vulnerability of 'dir' [1] in package coreutils says it
"was fixed upstream in coreutils-5.1.0, and the latest is coreutils-5.2.0"

but Debian/woody is vulnerable (dir is in woody package fileutils).
I just filed a bug [2] for fileutils on woody, and I'm posting here
because it's security related [3].

What's the/a Right Way (tm) to report security related bugs
like this one? Am I supposed to do anything more
to make woody's security improve ?
(apart from writing patches, which is not obvious ;-)

Christophe

[1] Debian Bug report logs - #236035
coreutils: 'dir' integer overflow vulnerability.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=236035

[2] Debian Bug report logs - #261828
'dir' integer overflow vulnerability
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261828

[3] http://www.securityfocus.com/archive/1/356174

Christophe

Reply to:

Prev by Date: Re: [d-security] Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
Next by Date: Re: init scripts and su
Previous by thread: Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities
Next by thread: List of important news from UsaVity LLC.
Index(es):
- Date
- Thread