Re: Security issue with 'elog' package

To: Recai Oktas <roktas@omu.edu.tr>
Cc: debian-security@lists.debian.org, debian-release@lists.debian.org
Subject: Re: Security issue with 'elog' package
From: Steve Langasek <vorlon@debian.org>
Date: Tue, 3 May 2005 15:00:27 -0700
Message-id: <[🔎] 20050503220022.GB5424@mauritius.dodds.net>
Mail-followup-to: Recai Oktas <roktas@omu.edu.tr>, debian-security@lists.debian.org, debian-release@lists.debian.org
In-reply-to: <[🔎] 20050503211515.GA2942@oxygen>
References: <[🔎] 20050503211515.GA2942@oxygen>

On Wed, May 04, 2005 at 12:15:15AM +0300, Recai Oktas wrote:
> I uploaded the new upstream of Elog a few days ago (this is a sponsored
> package).  I've just noticed a possible security flaw which affects both
> versions in testing (2.5.7+r1558) and unstable (2.5.8+r1637), as can be
> seen in the following CVS log of r1.638:

>     http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c

> Since the fix[1] is so trivial to backport, I can easily prepare a new
> package for just the version in testing.

Please do so, unless you can point us to a release-critical bug addressed by
the version currently in unstable.

Thanks,
-- 
Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Security issue with 'elog' package
  - From: Recai Oktas <roktas@omu.edu.tr>

Prev by Date: Re: Security issue with 'elog' package
Next by Date: Re: Re: Fixing stupid PHP application design flaws
Previous by thread: Re: Security issue with 'elog' package
Next by thread: Re: Accepted elog 2.5.7+r1558-2 (i386 source)
Index(es):
- Date
- Thread