Forwarding to the list: > Hi Neutron, > * Neutron Soutmun <neo.neutron@gmail.com> [2008-04-21 02:58]: > > According to > > http://lists.debian.org/debian-mentors/2008/04/msg00251.html > > which Paul Wise advice me to contact to the security audit team to > > review > > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm% > > 2Bthai.html) > > [...] > I have no time auditing this bug one thing came to my mind > when I had a look in main.c: > 1655 if ((display_name = getenv ("DISPLAY")) == NULL) > 1656 display_name = ":0"; > > Please fix that code to print an error, see: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and > http://article.gmane.org/gmane.comp.security.oss.general/122 > > Kind regards > Nico > -- > Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: > 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted. > เมื่อ จ. 2008-04-21 เวลา 13:05 +0200, Nico Golde เขียนว่า: > Hi Neutron, > * Neutron Soutmun <neo.neutron@gmail.com> [2008-04-21 02:58]: > > According to > > http://lists.debian.org/debian-mentors/2008/04/msg00251.html > > which Paul Wise advice me to contact to the security audit team to > > review > > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm% > > 2Bthai.html) > > [...] > I have no time auditing this bug one thing came to my mind > when I had a look in main.c: > 1655 if ((display_name = getenv ("DISPLAY")) == NULL) > 1656 display_name = ":0"; > > Please fix that code to print an error, see: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and > http://article.gmane.org/gmane.comp.security.oss.general/122 > > Kind regards > Nico > -- > Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: > 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
signature.asc
Description: =?UTF-8?Q?=E0=B8=99=E0=B8=B5=E0=B9=88=E0=B8=84=E0=B8=B7=E0=B8=AD?= =?UTF-8?Q?=E0=B8=AA=E0=B9=88=E0=B8=A7=E0=B8=99=E0=B8=82=E0=B9=89?= =?UTF-8?Q?=E0=B8=AD=E0=B8=84=E0=B8=A7=E0=B8=B2=E0=B8=A1=E0=B8=97?= =?UTF-8?Q?=E0=B8=B5=E0=B9=88=E0=B8=A1=E0=B8=B5=E0=B8=A5=E0=B8=B2?= =?UTF-8?Q?=E0=B8=A2=E0=B9=80=E0=B8=8B=E0=B9=87=E0=B8=99=E0=B8=94?= =?UTF-8?Q?=E0=B8=B4=E0=B8=88=E0=B8=B4=E0=B8=97=E0=B8=B1=E0=B8=A5?= =?UTF-8?Q?=E0=B8=81=E0=B8=B3=E0=B8=81=E0=B8=B1=E0=B8=9A?=