Package: libgtop-daemon Version: 1.0.12-2 Severity: grave Justification: user security hole Tags: security
Hello, I found this problem about my (since 1 week:)) package libgtop http://www.securityfocus.com/bid/3586 : "GNOME libgtop_daemon Remote Format String Vulnerability The GNOME libgtop_daemon is used to monitor processes running on a remote Linux system running GNOME. Under some conditions, when a remote connection fails, user supplied input is used as a format string within a log message. A malicious user may construct a string including format modifiers, causing stack information to be written to the log file, and possibly leading to remote execution of arbitrary code. Older versions of libgtop_daemon may share this vulnerability." I'm working on version 1.0.13 but I thing the problem is also in potato (version 1.0.6-1). I just wanted to inform you about this problem. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux debian 2.4.16-pre1 #2 Sun Nov 25 21:33:40 CET 2001 i686 Locale: LANG=de_DE.ISO-8859-1, LC_CTYPE=C Versions of packages libgtop-daemon depends on: ii libc6 2.2.4-7 GNU C Library: Shared libraries an ii libglib1.2 1.2.10-3 The GLib library of C routines ii libgnomesupport0 1.4.1.2-7 The Gnome libraries (Support libra ii libgtop1 1.0.12-2 Libraries for gtop system monitori -- Nočl Köthe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
