Re: Request a security audit for my xiterm+thai package.

To: debian-security@lists.debian.org
Subject: Re: Request a security audit for my xiterm+thai package.
From: Neutron Soutmun <neo.neutron@gmail.com>
Date: Tue, 22 Apr 2008 13:27:31 +0700
Message-id: <[🔎] 1208845651.4276.1.camel@nitrogen.neutroncom.local>
In-reply-to: <20080421110534.GD21888@ngolde.de>
References: <[🔎] 1208739465.6715.20.camel@nitrogen.neutroncom.local> <20080421110534.GD21888@ngolde.de>

Forwarding to the list:
> Hi Neutron,
> * Neutron Soutmun <neo.neutron@gmail.com> [2008-04-21 02:58]:
> > According to
> > http://lists.debian.org/debian-mentors/2008/04/msg00251.html
> > which Paul Wise advice me to contact to the security audit team to
> > review
> > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm%
> > 2Bthai.html)
> 
> [...] 
> I have no time auditing this bug one thing came to my mind 
> when I had a look in main.c:
> 1655   if ((display_name = getenv ("DISPLAY")) == NULL)
> 1656     display_name = ":0";
> 
> Please fix that code to print an error, see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and
> http://article.gmane.org/gmane.comp.security.oss.general/122
> 
> Kind regards
> Nico
> -- 
> Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG:
> 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
> 
เมื่อ จ. 2008-04-21 เวลา 13:05 +0200, Nico Golde เขียนว่า:
> Hi Neutron,
> * Neutron Soutmun <neo.neutron@gmail.com> [2008-04-21 02:58]:
> > According to
> > http://lists.debian.org/debian-mentors/2008/04/msg00251.html
> > which Paul Wise advice me to contact to the security audit team to
> > review
> > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm%
> > 2Bthai.html)
> 
> [...] 
> I have no time auditing this bug one thing came to my mind 
> when I had a look in main.c:
> 1655   if ((display_name = getenv ("DISPLAY")) == NULL)
> 1656     display_name = ":0";
> 
> Please fix that code to print an error, see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and
> http://article.gmane.org/gmane.comp.security.oss.general/122
> 
> Kind regards
> Nico
> -- 
> Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG:
> 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: signature.asc
Description: =?UTF-8?Q?=E0=B8=99=E0=B8=B5=E0=B9=88=E0=B8=84=E0=B8=B7=E0=B8=AD?= =?UTF-8?Q?=E0=B8=AA=E0=B9=88=E0=B8=A7=E0=B8=99=E0=B8=82=E0=B9=89?= =?UTF-8?Q?=E0=B8=AD=E0=B8=84=E0=B8=A7=E0=B8=B2=E0=B8=A1=E0=B8=97?= =?UTF-8?Q?=E0=B8=B5=E0=B9=88=E0=B8=A1=E0=B8=B5=E0=B8=A5=E0=B8=B2?= =?UTF-8?Q?=E0=B8=A2=E0=B9=80=E0=B8=8B=E0=B9=87=E0=B8=99=E0=B8=94?= =?UTF-8?Q?=E0=B8=B4=E0=B8=88=E0=B8=B4=E0=B8=97=E0=B8=B1=E0=B8=A5?= =?UTF-8?Q?=E0=B8=81=E0=B8=B3=E0=B8=81=E0=B8=B1=E0=B8=9A?=

Reply to:

References:
- Request a security audit for my xiterm+thai package.
  - From: Neutron Soutmun <neo.neutron@gmail.com>

Prev by Date: Re: ClamAV concerns
Next by Date: Re: Request a security audit for my xiterm+thai package.
Previous by thread: Request a security audit for my xiterm+thai package.
Next by thread: Re: Request a security audit for my xiterm+thai package.
Index(es):
- Date
- Thread