Frank Lichtenheld wrote:
But you too, since that was the wrong part ;) The LANG vuln is fixed in
the current package (the patch is in debian/patches and gets applied at
build time). I guess the -xsokdir vuln could be not fixed, I will check that.
oh - oh - fsck :)
Yes, I didn't check the patch
Frank Lichtenheld wrote:
Hmm, the patch from the DSA is included in the package... Or do you
mean that the patch is flawed?
Do you mean DSA-405-1 (http://lwn.net/Articles/64725/)? That DSA
is refering to CAN-2003-0949, which indeed seems to be fixed, but
CAN-2004-0074 (which this bug is about)
Package: xsok
Severity: critical
Justification: security hole
This orphaned package still contains the local buffer overflow described
in http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0074 which
leads to privilege escalation (group games).
Tom
-- System Information:
Debian Release:
3 matches
Mail list logo
