Hi lists, I, as a co-maintainer of mc, together with Ludovic Drolez, was wondering if the following buffer overflow [0] have been definitively fixed with the 4.6.1-pre3 release. Can you confirm this? Meanwhile I will do some checkes on the deb package. Thank you in advance Reagards SteX [0] http://www.debian.org/security/2005/dsa-698 and CAN-2001-1429 [1] [1] Date: Mon, 4 Apr 2005 12:16:50 +0200 From: Moritz Muehlenhoff <jmm inutil org> To: stefano melchior openlabs it Subject: CAN-2001-1429 - Debian package affected? X-Original-To: ste localhost X-SA-Exim-Connect-IP: 134.102.116.69 X-SA-Exim-Mail-From: jmm inutil org X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Hi, a week ago there has been a CAN assignment for CAN-2001-1429: |Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local |users to cause a denial of service (segmentation fault) and possibly |execute arbitrary code via a crafted text file. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1429 In the secure-testing team we couldn't find enough information, whether this is fixed for Sarge, can you confirm it fixed? Cheers, Moritz ----- End forwarded message ----- -- GPG key = D52DF829 -- SteX -- <stefano melchior openlabs it> Keyserver: http://keyserver.kjsl.com, User#324592, http://counter.li.org http://www.openlabs.it/~stex -- http://www.stex.name
Attachment:
signature.asc
Description: Digital signature