On Sun, Jun 10, 2007 at 03:11:10PM +0000, Daniel Baumann wrote: > > Integer overflow in the "file" program 4.20, when running on 32-bit > > systems, might allow user-assisted attackers to execute arbitrary code > > via a large file that triggers an overflow that bypasses an assert() > > statement. NOTE: this issue is due to an incorrect patch for > > CVE-2007-1536. > > As file 4.21 is not affected, only sarge and needs an update. Sending the > proposed package to the security team now.
This bug was filed against version 4.21-1 (which is in testing/unstable), but it marked as only affecting etch. I guess the 4.21-1 should be removed from the found version list, and added to the fixed list? (And the etch tag can then also be removed.) Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
