Re: [SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
Christophe Chisogne a écrit :
> I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared ?
Ok, it's DSA 876-1, solved :)
DSA-876-1 lynx-ssl -- buffer overflow
http://www.debian.org/security/2005/dsa-876
But I had a problem : I upgraded from Woody to Sarge.
Woody had non-US, which Sarge dont have anymore.
lynx-ssl/Woody was in non-US, but wasnt remove/replaced
by the new lynx/Sarge during upgrade. So I had a system
with an old unpatched lynx-ssl and not the current patched
lynx (trivially solved with aptitude install lynx).
The problem didnt seemed obvious at first, so I share
my little experience here.
If others have problems with non-US, I found a simple way
to list the non-US packages (if grep-dctrl is installed):
use grep-status, with a command like that one:
# grep-status -F Section non-US -s Package,Version,Status
Hope it can help others.
Ch.
Reply to: