[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

coreutils/fileutils : 'dir' integer overflow vulnerability on woody

A bug report about a vulnerability of 'dir' [1] in package coreutils says it
"was fixed upstream in coreutils-5.1.0, and the latest is coreutils-5.2.0"

but Debian/woody is vulnerable (dir is in woody package fileutils).
I just filed a bug [2] for fileutils on woody, and I'm posting here
because it's security related [3].

What's the/a Right Way (tm) to report security related bugs
like this one? Am I supposed to do anything more
to make woody's security improve ?
(apart from writing patches, which is not obvious ;-)


[1] Debian Bug report logs - #236035
coreutils: 'dir' integer overflow vulnerability.

[2] Debian Bug report logs - #261828
'dir' integer overflow vulnerability

[3] http://www.securityfocus.com/archive/1/356174


Reply to: