[Secure-testing-team] Bug#656581: usbmuxd: buffer overflow introduced in 1.0.7 (CVE-2012-0065)
Yves-Alexis Perez
corsac at debian.org
Fri Jan 20 09:51:42 UTC 2012
Package: usbmuxd
Version: 1.0.7-1
Severity: grave
Tags: security patch upstream
Justification: user security hole
Hi,
a buffer overflow was introduced in usbmuxd 1.0.7. More information can
be found on various sources:
http://openwall.com/lists/oss-security/2012/01/19/25
https://secunia.com/advisories/47545/
https://bugs.gentoo.org/show_bug.cgi?id=399409
and a patch is available at
http://git.marcansoft.com/?p=usbmuxd.git;a=commit;
h=f794991993af56a74795891b4ff9da506bc893e6
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages usbmuxd depends on:
ii adduser 3.113
ii libc6 2.13-24
ii libplist1 1.8-1
ii libusb-1.0-0 2:1.0.9~rc3-3
ii libusbmuxd1 1.0.7-1
usbmuxd recommends no packages.
usbmuxd suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list