On Tue, Jan 06, 2004 at 11:22:55AM +0000, Steve Kemp wrote: > On Mon, Jan 05, 2004 at 06:17:07PM -0800, Matt Zimmerman wrote: > > Package: libnids > > Severity: grave > > > > "The TCP reassembly functionality in libnids before 1.18 allows remote > > attackers to cause "memory corruption" and possibly execute arbitrary code > > via "overlarge TCP packets." > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 > > > > An update to version 1.18 should be sufficient to correct the problem. > > > > I am copying [EMAIL PROTECTED], since that is the only reverse > > dependency. This package is orphaned and could be removed if this bug is > > not fixed. > > I maintain dsniff - and will adopt libnids and upload a more recent > version shortly.
Aha. Ignore most of my message, then. :) The bit about the changed SONAME probably still applies. > I've retitled #188171 to reflect this, although the cotrol address > seems to be a little bit slow today. This is true in general at the moment, yes. -- Colin Watson [EMAIL PROTECTED]
