** Description changed: Binary package hint: dns2tcp As stated in Debian Bug #504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5. Debian changelog: dns2tcp (0.4.dfsg-5) unstable; urgency=low * Fix dnsbof.diff to add an extra check for total_len. -- Arnaud Cornet <[EMAIL PROTECTED]> Tue, 04 Nov 2008 08:53:43 +0100 dns2tcp (0.4.dfsg-4) unstable; urgency=low * Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes: #504121). * Add patch sysfix.diff that fixes chroot() and set?id() calls. Also makes use of limits to prevent fork of the process. -- Arnaud Cornet <[EMAIL PROTECTED]> Fri, 31 Oct 2008 19:28:28 +0100 Upstream changelog for 0.4.3: Version 0.4.3 Fix unsigned int pb and error in dns_decode (John Lampe) Fix drop privileges problems (Solar Designer) Add limit to prevent fork() (Idea from Solar Designer) Version 0.4.2 Suppressed I compared debian patched version with upstream 0.4.3, and there is no - relevant changes to .c files, affecting to security + relevant changes to .c files, affecting security
** Description changed: Binary package hint: dns2tcp - As stated in Debian Bug #504121 and Secunia at + As stated in Debian Bug 504121 at http://bugs.debian.org/cgi- + bin/bugreport.cgi?bug=504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5. Debian changelog: dns2tcp (0.4.dfsg-5) unstable; urgency=low * Fix dnsbof.diff to add an extra check for total_len. -- Arnaud Cornet <[EMAIL PROTECTED]> Tue, 04 Nov 2008 08:53:43 +0100 dns2tcp (0.4.dfsg-4) unstable; urgency=low * Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes: #504121). * Add patch sysfix.diff that fixes chroot() and set?id() calls. Also makes use of limits to prevent fork of the process. -- Arnaud Cornet <[EMAIL PROTECTED]> Fri, 31 Oct 2008 19:28:28 +0100 Upstream changelog for 0.4.3: Version 0.4.3 Fix unsigned int pb and error in dns_decode (John Lampe) Fix drop privileges problems (Solar Designer) Add limit to prevent fork() (Idea from Solar Designer) Version 0.4.2 Suppressed I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security -- [Sync Request] Please sync dns2tcp 0.4.dfsg-5 from Debian Unstable https://bugs.launchpad.net/bugs/297475 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
