[Secure-testing-team] Bug#492742: CVE-2008-3252: buffer overflow
Steffen Joeris
steffen.joeris at skolelinux.de
Mon Jul 28 15:08:27 UTC 2008
Package: newsx
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for newsx.
CVE-2008-3252[0]:
| Stack-based buffer overflow in the read_article function in
| getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary
| code via a news article containing a large number of lines starting
| with a period.
There is a redhat bugreport[1] with more information and I've attached their patch.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3252
http://security-tracker.debian.net/tracker/CVE-2008-3252
[1] https://bugzilla.redhat.com/show_bug.cgi?id=454483
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2008-3252.patch
Type: text/x-diff
Size: 679 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080729/024d9d24/attachment.patch
More information about the Secure-testing-team
mailing list