Package: oops Severity: grave Tags: security patch sid woody Justification: user security hole
[Cc:ing security@, should affect woody as well] [Severity is under the assumption that code execution is possible] A format string vulnerability in the auth() function for SQL database user handling possibly permits execution of arbitrary code. For full details please see: http://rst.void.ru/papers/advisory24.txt The advisory contains an obviously correct patch. Package is not part of Sarge due to long-standing portability problems. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
