Hi, > CAN-2003-0826 > > Bennett Todd discovered a heap buffer overflow in lshd which could > lead to the execution of arbitrary code. This vulnerability was reported 18 months ago. Is it possible to know: - why it wasn't fixed in the meantime -how it was found out it hadn't been done? If Debian was the only distrib late, should I consider this security status Debian specific? Jerome