Emilio Pozuelo Monfort
2008-Dec-06 13:40 UTC
[Secure-testing-team] Vinagre security exploit
[ Please CC me, I''m not subscribed ] Hi folks, There''s an string format attack exploit in Vinagre. I cherry-picked the fix from upstream and it''s already been uploaded to unstable: http://lists.debian.org/debian-devel-changes/2008/12/msg00267.html These are the relevant commits to the upstream SVN repo, and the two releases that were made: http://svn.gnome.org/viewvc/vinagre?view=revision&revision=525 http://svn.gnome.org/viewvc/vinagre?view=revision&revision=528 http://mail.gnome.org/archives/ftp-release-list/2008-December/msg00051.html http://mail.gnome.org/archives/ftp-release-list/2008-December/msg00050.html Also, I''m preparing updates for Ubuntu, here''s the relevant bug report: https://launchpad.net/bugs/305623 Release Team, please unblock the package so that the fix is included in Lenny. Thanks, Emilio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081206/b5ccfbf4/attachment.pgp
On Sat, Dec 06, 2008 at 02:40:51PM +0100, Emilio Pozuelo Monfort wrote:> There''s an string format attack exploit in Vinagre. I cherry-picked the fix from > upstream and it''s already been uploaded to unstable: > Release Team, please unblock the package so that the fix is included in Lenny.Done, thanks. Kind regards, Philipp Kern -- .''''`. Philipp Kern Debian Developer : :'' : http://philkern.de Release Assistant `. `'' xmpp:phil at 0x539.de Stable Release Manager `- finger pkern/key at db.debian.org