[Secure-testing-team] ekg: Bug#318970 - possibly remotely
exploitable integer overflow
Marcin Owsiany
porridge at debian.org
Mon Jul 18 23:53:10 UTC 2005
This is different from the bugs fixed in DSA-760.
Present in both 1.5+20050712+1.6rc2-1 (testing/sid) and 1.5+20050411-3
(sarge) and 1.5+20050411-4 (sarge-security).
ekg is not present in oldstable (woody)
This time there is only one debian bug, for stable and sid versions
together. We'll see how the BTS version tracking copes with this :)
Fixed in:
- upstream 1.6rc3 (released on 2005-07-18)
Going to be fixed in:
- 1.5+20050411-5 (interdiff to -4 attached, changelog needs editing -
requesting CAN number from Debian security team)
Other than that, the upload is in
deb http://people.debian.org/~porridge/ekg-sarge/ ./
- 1.5+20050718+1.6rc3-1
I will upload this as soon as I have the CAN number.
Stable security team: please edit the CAN number in changelog in package
at the above URL and make the upload.
Testing security team: I will upload to sid as soon as I get the CAN
number.
Marcin
--
Marcin Owsiany <porridge at debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050719/0db1b64e/attachment.pgp
More information about the Secure-testing-team
mailing list