Accepted ytalk 3.1.6-1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 30 Dec 2004 09:56:37 +0000
Source: ytalk
Binary: ytalk
Architecture: source i386
Version: 3.1.6-1
Distribution: unstable
Urgency: medium
Maintainer: Philipp Kern <phil@philkern.de>
Changed-By: Philipp Kern <phil@philkern.de>
Description:
ytalk - Enhanced talk program with X support
Changes:
ytalk (3.1.6-1) unstable; urgency=medium
.
* New upstream release.
* Security fix:
It turns out it was possible to write 44 bytes of arbitrary data to YTalk
memory when running the auto-invite daemon (off by default), due to a
nasty sprintf() call and a buffer overflow.
.
I didn't really investigate how much nastiness you might be able to
accomplish with these 44 bytes, but I did confirm that YTalk can be
crashed by anyone who knows the auto-invite daemon's TCP port number.
-- Andreas Kling <keso@klister.net>
Files:
bb9407db836391c970af4992dbbd4846 716 net optional ytalk_3.1.6-1.dsc
d3da905029e7dda52d3012365ecd2c47 110046 net optional ytalk_3.1.6.orig.tar.gz
0c7046dff744686a941668366d547a63 7686 net optional ytalk_3.1.6-1.diff.gz
3eaaf186ab3e31ad395155e7948183dc 45112 net optional ytalk_3.1.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB099s1OXtrMAUPS0RAtBXAJ9tfFz8GAJZ/j5jVj6InmKsvLMDsQCglQTB
zgZIg2KMo9v697QlGNuqZlA=
=UPcZ
-----END PGP SIGNATURE-----
Accepted:
ytalk_3.1.6-1.diff.gz
to pool/main/y/ytalk/ytalk_3.1.6-1.diff.gz
ytalk_3.1.6-1.dsc
to pool/main/y/ytalk/ytalk_3.1.6-1.dsc
ytalk_3.1.6-1_i386.deb
to pool/main/y/ytalk/ytalk_3.1.6-1_i386.deb
ytalk_3.1.6.orig.tar.gz
to pool/main/y/ytalk/ytalk_3.1.6.orig.tar.gz
--
To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org