Moritz Muehlenhoff <[EMAIL PROTECTED]> writes: > In gmane.linux.debian.devel.security, you wrote: >>> Package : heimdal >>> Vulnerability : buffer overflow >>> Problem-Type : remote >>> Debian-specific: no >>> CVE ID : CAN-2005-0469 > >>> Gaƫl Delalleau discovered a buffer overflow in the handling of the >>> LINEMODE suboptions in telnet clients. Heimdal, a free implementation >>> of Kerberos 5, also contains such a client. This can lead to the >>> execution of arbitrary code when connected to a malicious server. >> >> Huh? DSA 758 says that a buffer overflow in the telnet _server_ was >> fixed in sarge by version 0.6.3-10sarge1. I would think that either >> 0.6.3-10sarge1 is not affected or that 0.6.3-10sarge2 is needed. > > This is the heimdal equivalent to the MIT Kerberos fix from DSA-703.
That is not really my point. DSA 758 made 0.6.3-10sarge1 the newest version for sarge. Now DSA 765 claims that 0.6.3-10 fixes another problem. My point is that this version is *not* newer than the version introduced by DSA 758 so the various package managers will not pick it up. -- Olaf Meeuwissen EPSON AVASYS Corporation, LAN FSF Associate Member #1962 sign up at http://member.fsf.org/ GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 Penguin's lib! -- I hack, therefore I am -- LPIC-2
