[Secure-testing-team] Re: ettercap: [CAN-2005-1796] buffer overflow in ec_curses.c
Roger Leigh
rleigh at whinlatter.ukfsn.org
Sat Jul 9 13:58:23 UTC 2005
On Thu, Jun 02, 2005 at 06:47:17PM +0100, Roger Leigh wrote:
>
> Just FYI, CAN-2005-1796 (Debian bug #311615) was fixed with ettercap
> (1:0.7.1-1.1) in unstable. It has yet to reach testing. If it
> doesn't make it before the release, it will presumably need to be
> rebuilt as a stable security update.
It's now five weeks later. Has anything yet been done with this?
As before, the packages for testing-security are available here:
http://people.debian.org/~rleigh/ettercap-sarge/
I can rebuild and upload them to stable-security if you like, or
you can just rebuild them yourselves if you prefer.
The only change, besides the changelog update, is:
--- ettercap-0.7.1.orig/src/interfaces/curses/ec_curses.c
+++ ettercap-0.7.1/src/interfaces/curses/ec_curses.c
@@ -172,7 +172,7 @@
if (sysmsg_win == NULL)
return;
- wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg);
+ wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg);
}
taken by diffing upstream releases.
Regards,
Roger
--
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050709/39ecadfe/attachment.pgp
More information about the Secure-testing-team
mailing list