[Secure-testing-commits] r661 - sarge-checks/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Fri, 25 Mar 2005 21:00:13 +0000


Author: jmm-guest
Date: 2005-03-25 21:00:10 +0000 (Fri, 25 Mar 2005)
New Revision: 661

Modified:
   sarge-checks/CAN/list
Log:
Remotely root-exploitable heap overflow in smail and another
local vulnerability in the sighandler.

The included patch for the heap overflow seems correct. Joey,
in case the maintainer doesn't react in a few days, could you
NMU this?


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-03-25 20:41:08 UTC (rev 660)
+++ sarge-checks/CAN/list	2005-03-25 21:00:10 UTC (rev 661)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [Remote and local root vulnerabilities in smail with a broad attack vector]
+	- smail (unfixed; bug pending)
 CAN-2005-XXXX [Unsafe recommendation (and implementation) of debugging in rscsi]
 	- cdrtools (unfixed; bug #291376)
 CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)