Control: notfound -1 sredird/2.1.0-1
Control: fixed -1 2.2.1-1.1

I see that CVE-2004-2386 and maybe CVE-2004-2387 was addressed with #267098.
The diff (one change in LogMsg and one in HandleCPCCommand) that is in that bug 
has survived until now.
But 2.2.2 has many more changes of the HandleCPCCommand kind: changing sprintf 
to snprintf.

main: 2 changes.
HandleIACCommand: 5 changes.
HandleCPCCommand: 17 additional changes: Any of these cound be CVE-2004-2387 as 
well.
HDBUnlockFile: 1 change.
HDBLockFile: 7 changes.

Plus TmpStrLen is extended to 512 bytes.

Conclusion: Debian referenced both bugs as TEMP-0267098-76A1A1 before.

Reply via email to