Hi,
I fixed the issues reported in
http://marc.theaimsgroup.com/?m=113498708213563 in ELOG revision r1635.
I encourage you to update as soon as possible.
- If host names are resolved, no forward lookup is performed to
verify the PTR RR. (This does not affect the sarge version
because it unconditionally uses addresses, not host names.)
Can you specify what you mean by that exactly?
- There are still some format string issues when things are written
to the logfile.
I thought I have fixed these things already some time ago. Can you
recheck revison 1635?
Apart from that, I discovered the following recent security fixes in
the subversion repository:
r1529: Fixed bug with fprintf and buffer containing "%"
r1472: Do not distinguish between invalid user name and invalid password
r1335: Applied patch from Emiliano to fix possible buffer overflow
r1333: Fixed crashes with very long (revisions) attributes
I believe so.
Is this list complete as far as fixes past r1202 are concerned? What
about r1487, is it a significant DoS condition?
Yes.
Best regards,
Stefan
--
Dr. Stefan Ritt Phone: +41 56 310 3728
Paul Scherrer Institute FAX: +41 56 310 2199
OLGA/021 mailto:[EMAIL PROTECTED]
CH-5232 Villigen PSI http://midas.psi.ch/~stefan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
