thr3ads.net - Secure testing team - [Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source) [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2006-Mar-13 12:28 UTC

[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)

Recai Oktas wrote:> > No, but please contact the security team and the testing security team
to
> > inform them of this upload.
> 
> FYI, the new elog package was accepted for testing.  As mentioned in my
> previous posting[1], this version includes a fix[2] for a possible
> buffer overflow.  A long file name supplied in elogd configuration for
> the ''logfile'' setting may cause such a buffer overflow. 
This problem
> has no CVE id.
Thanks, this has already been added to the tracking list some hours ago, once
it appeared on debian-devel-changes.

Cheers,
        Moritz

Recai Oktas

2006-Mar-13 12:28 UTC

head link

[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)

[Apologizes if you''ve already recevied this mail through
debian-security.]

* Steve Langasek [2005-05-05 02:36:01-0700]> On Thu, May 05, 2005 at 12:12:11PM +0300, Recai Oktas wrote:
> > * Steve Langasek [2005-05-05 01:23:19-0700]
> > > On Thu, May 05, 2005 at 03:32:12AM -0400, Recai Okta? wrote:
> > [...]
> > > >  elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high
> > > >  .
> > > >    * Fix a possible buffer overflow.
> > > >    * Urgency set to high because of the security issue.
> > > >    * Minor doc fix in welcome message.
> > > >    * Improve package description.
> > > 
> > > This changelog mentions neither a Debian bug number, nor a CVE id
for this
> > > problem; is either available?
> 
> > No, neither is available.  Should I first submit a bug for this issue?
> 
> No, but please contact the security team and the testing security team to
> inform them of this upload.
Hi,

FYI, the new elog package was accepted for testing.  As mentioned in my
previous posting[1], this version includes a fix[2] for a possible
buffer overflow.  A long file name supplied in elogd configuration for
the ''logfile'' setting may cause such a buffer overflow.  This
problem
has no CVE id.

Regards,

[1] http://lists.debian.org/debian-security/2005/05/msg00008.html
[2]
http://midas.psi.ch/cgi-bin/cvsweb/elog/src/elogd.c.diff?r1=1.637;r2=1.638;f=h

-- 
roktas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050505/1dfc17da/attachment.pgp

Secure testing team - Mar 2006 - Re: Accepted elog 2.5.7+r1558-2 (i386 source)

[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)

[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)