thr3ads.net - Secure testing team - [Secure-testing-commits] r5273

If this information is useful, please help other people find it:
Share via:

Alex de Oliveira Silva

2007-Jan-16 20:02 UTC

[Secure-testing-commits] r5273 - data/CVE

Author: enerv-guest
Date: 2007-01-16 20:02:39 +0100 (Tue, 16 Jan 2007)
New Revision: 5273

Modified:
   data/CVE/list
Log:
fixups in ligtop2



Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-16 17:49:21 UTC (rev 5272)
+++ data/CVE/list	2007-01-16 19:02:39 UTC (rev 5273)
@@ -3,7 +3,6 @@
 	TODO: check if version 2.5.9-10sarge2 have comprimised code.
 	NOTE: reference - http://secunia.com/advisories/23767/
 CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
-	- libgtop2 2.14.4-3 <not-affected> 
 	[etch] - libgtop2 2.14.4-2 (medium)
 	[sarge] - libgtop 2.6.0-4 (medium)
 	NOTE: sarge - libgtop2 2.6.0-4 sent patch to secure team.

Florian Weimer

2007-Jan-16 20:14 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE

* Alex de Oliveira Silva:
>  CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer
Overflow]
> -	- libgtop2 2.14.4-3 <not-affected> 
>  	[etch] - libgtop2 2.14.4-2 (medium)
>  	[sarge] - libgtop 2.6.0-4 (medium)
>  	NOTE: sarge - libgtop2 2.6.0-4 sent patch to secure team.
Why is unstable not affected?  According to the changelog, 2.14.4-2
only contains this change:

 libgtop2 (2.14.4-2) unstable; urgency=low
 .
   * New patch, 10_kfreebsd, to build-depend and depend on libkvm-dev on
     kfreebsd, to update the m4 macros to detect __FreeBSD_kernel__, and to
     update configure; thanks Petr Salinger; closes: #399270.

This appears to be unrelated.

Furthermore, libgtop has never reached version 2.6.0-4, it seems.

Alex de Oliveira Silva

2007-Jan-16 20:43 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Weimer escreveu:> * Alex de Oliveira Silva:
>
>> CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer
>> Overflow] -    - libgtop2 2.14.4-3 <not-affected> [etch] -
>> libgtop2 2.14.4-2 (medium) [sarge] - libgtop 2.6.0-4 (medium)
>> NOTE: sarge - libgtop2 2.6.0-4 sent patch to secure team.
>
> Why is unstable not affected?  According to the changelog, 2.14.4-2
>  only contains this change:
[2007-01-14] Accepted 2.14.6-1 in experimental (low) (Loic Minier)
>
> libgtop2 (2.14.4-2) unstable; urgency=low . * New patch,
> 10_kfreebsd, to build-depend and depend on libkvm-dev on kfreebsd,
> to update the m4 macros to detect __FreeBSD_kernel__, and to update
>  configure; thanks Petr Salinger; closes: #399270.
>
> This appears to be unrelated.
>
> Furthermore, libgtop has never reached version 2.6.0-4, it seems.
In qa[1] and packages[2] says for me the stable version is 2.6.0-4.

[1] - http://packages.qa.debian.org/libg/libgtop2.html
[2]
-
-http://packages.debian.org/cgi-bin/search_packages.pl?keywords=libgtop2&searchon=names&subword=1&version=stable&release=all

If you see some more errors please report.
I want to lern. :)


regards,
- --
   .''''`.
  : :'' :    Alex de Oliveira Silva | enerv
  `. `''     www.enerv.net
    `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrSqzarbczl+z12gRAjxZAJ9TZAW/BFiFRPJXBLpBzF9GVN5YFwCgqTWA
ALJRgIlLgdQX1+PxmThKBwc=xYdS
-----END PGP SIGNATURE-----

Alex de Oliveira Silva

2007-Jan-16 21:09 UTC

head link

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Weimer escreveu:> * Alex de Oliveira Silva:
>
>> CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer
>> Overflow] -    - libgtop2 2.14.4-3 <not-affected> [etch] -
>> libgtop2 2.14.4-2 (medium) [sarge] - libgtop 2.6.0-4 (medium)
>> NOTE: sarge - libgtop2 2.6.0-4 sent patch to secure team.
>
> Why is unstable not affected?  According to the changelog, 2.14.4-2
>  only contains this change:
>
> libgtop2 (2.14.4-2) unstable; urgency=low . * New patch,
> 10_kfreebsd, to build-depend and depend on libkvm-dev on kfreebsd,
> to update the m4 macros to detect __FreeBSD_kernel__, and to update
> configure; thanks Petr Salinger; closes: #399270.
>
> This appears to be unrelated.
>
> Furthermore, libgtop has never reached version 2.6.0-4, it seems.
>
I made a mistake.
Maye the commit r5275 solves the problem.

- --
   .''''`.
  : :'' :    Alex de Oliveira Silva | enerv
  `. `''     www.enerv.net
    `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrTCcarbczl+z12gRAixVAJ483/xfCM3/3tjQJOvq29M/Dwo2EwCbBZ7y
wEcKBa1SugiRWyo3U0y2ncE=XZH4
-----END PGP SIGNATURE-----

Secure testing team - Jan 2007 - r5273 - data/CVE

[Secure-testing-commits] r5273 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE

[Secure-testing-team] Re: [Secure-testing-commits] r5273 - data/CVE