Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
From: Christophe Chisogne <christophe@publicityweb.com>
Date: Thu, 27 Oct 2005 16:20:34 +0200
Message-id: <[🔎] 4360E232.7030906@publicityweb.com>
In-reply-to: <[🔎] 436098AB.7040503@publicityweb.com>
References: <m1EV2eW-000p6FC@finlandia.Infodrom.North.DE> <[🔎] 436098AB.7040503@publicityweb.com>

Christophe Chisogne a écrit :
> I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared ?

Ok, it's DSA 876-1, solved :)

	DSA-876-1 lynx-ssl -- buffer overflow
	http://www.debian.org/security/2005/dsa-876

But I had a problem : I upgraded from Woody to Sarge.
Woody had non-US, which Sarge dont have anymore.

lynx-ssl/Woody was in non-US, but wasnt remove/replaced
by the new lynx/Sarge during upgrade. So I had a system
with an old unpatched lynx-ssl and not the current patched
lynx (trivially solved with aptitude install lynx).

The problem didnt seemed obvious at first, so I share
my little experience here.

If others have problems with non-US, I found a simple way
to list the non-US packages (if grep-dctrl is installed):
use grep-status, with a command like that one:

# grep-status -F Section non-US -s Package,Version,Status

Hope it can help others.

Ch.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
  - From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>

References:
- Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
  - From: Christophe Chisogne <christophe@publicityweb.com>

Prev by Date: unsubscribe
Next by Date: Re: CAN to CVE: changing changelogs?
Previous by thread: Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
Index(es):
- Date
- Thread