Debian security advisory

From: Leonard den Ottolander <leonard den ottolander nl>
To: MC Devel <mc-devel gnome org>
Cc:
Subject: Debian security advisory
Date: Sun, 30 Jan 2005 14:34:45 +0100

Hi,

http://www.debian.org/security/2005/dsa-639 states a bunch of
vulnerabilities that are supposed to be fixed in CVS (they seem to have
overseen CAN-2004-0494 however). These vulnerabilities at least affect
users of mc-4.5.55 and before. The question is when have these been
fixed in CVS? Are they relevant to users of 4.6.0?

    * CAN-2004-1004
      Multiple format string vulnerabilities

    * CAN-2004-1005
      Multiple buffer overflows

    * CAN-2004-1009
      One infinite loop vulnerability

    * CAN-2004-1090
      Denial of service via corrupted section header

    * CAN-2004-1091
      Denial of service via null dereference

    * CAN-2004-1092
      Freeing unallocated memory

    * CAN-2004-1093
      Denial of service via use of already freed memory

    * CAN-2004-1174
      Denial of service via manipulating non-existing file handles

    * CAN-2004-1175
      Unintended program execution via insecure filename quoting

    * CAN-2004-1176
      Denial of service via a buffer underflow

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research

Follow-Ups:
- Re: Debian security advisory
  - From: Roland Illig

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]