Package: openconnect
Version: 3.20-2
Severity: critical

CVE-2012-6128 concerns a stack-based buffer overflow that can be
triggered by data read from a remote host, either a man-in-the-middle
or a malicious VPN.

The issue has been fixed in squeeze with 2.25-0.1+squeeze2. It should
be easy to apply the same patch to 3.20 to fix this in wheezy and sid.

I have recently uploaded 4.99-1 to experimental which already contains
the fix upstream.

-- 
mike


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to