Hello, in one of my packages an exploit has been detected. A patch
is already available and I'll building packages ASAP. Can someone
from the security team please contact me so we can coordinate the Debian
release with upstream announcement and RedHat packages ?
Ciao
Racke
--
Prolific
This is a fragment of dhelp's dsearch CGI script:
# Pass parameters to Swish++ search program
open (SEARCH, '-|')
or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index',
"$search";
>From the Perl documentation it should be safe to pass "unsafe" characters
in $search (perldoc
This is a fragment of dhelp's dsearch CGI script:
# Pass parameters to Swish++ search program
open (SEARCH, '-|')
or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
>From the Perl documentation it should be safe to pass "unsafe" characters
in $search (perldoc
Package: courier-mta
Version: 0.36.1-2
Severity: critical
A hand-crafted .courier file can be used to insert \r characters in the
message queue file. A bug in the function that reads message queue files
subsequently results in memory corruption.
This exploit is fixed in 0.37.2 upstream, I'll upl
Package: courier-mta
Version: 0.36.1-2
Severity: critical
A hand-crafted .courier file can be used to insert \r characters in the
message queue file. A bug in the function that reads message queue files
subsequently results in memory corruption.
This exploit is fixed in 0.37.2 upstream, I'll up
Robert Epprecht <[EMAIL PROTECTED]> writes:
> I need ssh to access some cvs servers. As the files are stored locally
> below /usr/local/ and ordinary users have no write access there I called
> ssh-keygen as root. But now I have my doubts if this was The Right
> Thing to do regarding security.
Robert Epprecht <[EMAIL PROTECTED]> writes:
> I need ssh to access some cvs servers. As the files are stored locally
> below /usr/local/ and ordinary users have no write access there I called
> ssh-keygen as root. But now I have my doubts if this was The Right
> Thing to do regarding security.
7 matches
Mail list logo
