In gmane.linux.debian.devel.security, you wrote: >> Package : heimdal >> Vulnerability : buffer overflow >> Problem-Type : remote >> Debian-specific: no >> CVE ID : CAN-2005-0469
>> Gaƫl Delalleau discovered a buffer overflow in the handling of the >> LINEMODE suboptions in telnet clients. Heimdal, a free implementation >> of Kerberos 5, also contains such a client. This can lead to the >> execution of arbitrary code when connected to a malicious server. > > Huh? DSA 758 says that a buffer overflow in the telnet _server_ was > fixed in sarge by version 0.6.3-10sarge1. I would think that either > 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed. This is the heimdal equivalent to the MIT Kerberos fix from DSA-703. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
