On Wed, Dec 28, 2011 at 03:22:51PM +0100, Julien Cristau wrote:
> > >
> > > torque (2.4.8+dfsg-9squeeze1) squeeze-security; urgency=low
> > >
> > > [ Jordi Mallach ]
> > > * [CVE_2011_2193]: Fix two potential buffer overflows:
> > > jobid length and hostname length weren't properly checked,
> > > and these both allow segfaults/buffer overflow attacks within
> > > the code.
> > > * Update Vcs-* fields to point to the new squeeze branch.
> > >
> > > [ Jonathan Wiltshire ]
> > > * Non-maintainer upload.
> > > * buffer_overflow_in_checkpoint_c.patch: Fix a potential buffer
> > > overflow problem in mom_checkpoint_recover
> > >
> > > It has had only limited testing because I don't have the resources
> > > available for a thorough test.
> >
> > There's a new issue, which should be included:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2907
>
> is there any progress on fixing these issues?
CVE_2011_2193 was fixed in DSA 2329.
The second issue, CVE-2011-2907, is still unfixed in stable.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
