Package: junkbuster Version: 2.0.2-0.2 Severity: grave Tags: security, woody Justification: user security hole
According to http://lwn.net/Alerts/131964/ JunkBuster is vulnerable to a heap corruption vulnerability, and under certain configurations may allow an attacker to modify settings. Impact ====== If JunkBuster has been configured to run in single-threaded mode, an attacker can disable or modify the filtering of Referrer: HTTP headers, potentially compromising the privacy of users. The heap corruption vulnerability could crash or disrupt the operation of the proxy, potentially executing arbitrary code. The fix can probably taken from the above Gentoo security advisory. You might want to track http://lwn.net/Articles/131972/ for other vendors responses. Please also check if the successor, privoxy, is impacted as well. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686 Locale: LANG=en_US, LC_CTYPE=en_US -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

