severity 489841 grave thans Hi, * Matthias Klose <[EMAIL PROTECTED]> [2008-07-08 10:55]: > Package: lesstif2 > Version: 1:0.95.0-2.1 > Severity: important > Tags: security > > CVE-2006-4124 is listed as "under review"; see > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124 > > Does this apply for the Debian package?
Referring to our svn this was fixed in 1:0.94.4-1. From r4927 (security-tracker svn): "lesstif2 accidentally fixed in old version" However looking into this again this seems to be not the case anymore, I can reproduce this issue at least on unstable and testing (no stable available right now). Raising the severity as this opens a local root vulnerability on some installations. --enable-production should solve this, maybe the configure script is broken? Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpJIA8JvyvHr.pgp
Description: PGP signature
