[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)
Recai Oktas
roktas at omu.edu.tr
Thu May 5 10:46:32 UTC 2005
[Apologizes if you've already recevied this mail through
debian-security.]
* Steve Langasek [2005-05-05 02:36:01-0700]
> On Thu, May 05, 2005 at 12:12:11PM +0300, Recai Oktas wrote:
> > * Steve Langasek [2005-05-05 01:23:19-0700]
> > > On Thu, May 05, 2005 at 03:32:12AM -0400, Recai Oktaş wrote:
> > [...]
> > > > elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high
> > > > .
> > > > * Fix a possible buffer overflow.
> > > > * Urgency set to high because of the security issue.
> > > > * Minor doc fix in welcome message.
> > > > * Improve package description.
> > >
> > > This changelog mentions neither a Debian bug number, nor a CVE id for this
> > > problem; is either available?
>
> > No, neither is available. Should I first submit a bug for this issue?
>
> No, but please contact the security team and the testing security team to
> inform them of this upload.
Hi,
FYI, the new elog package was accepted for testing. As mentioned in my
previous posting[1], this version includes a fix[2] for a possible
buffer overflow. A long file name supplied in elogd configuration for
the 'logfile' setting may cause such a buffer overflow. This problem
has no CVE id.
Regards,
[1] http://lists.debian.org/debian-security/2005/05/msg00008.html
[2] http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.637;r2=1.638;f=h
--
roktas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050505/1dfc17da/attachment.pgp
More information about the Secure-testing-team
mailing list