[jmm at inutil.org: CAN-2001-1429 - Debian package affected?]

Stefano Melchior stefano.melchior at openlabs.it
Mon Apr 4 20:23:39 UTC 2005


Hi lists,
I, as a co-maintainer of mc, together with Ludovic Drolez, was wondering
if the following buffer overflow [0] have been definitively fixed with the 4.6.1-pre3
release.
Can you confirm this? Meanwhile I will do some checkes on the deb package.

Thank you in advance

Reagards

SteX



[0]

http://www.debian.org/security/2005/dsa-698

and 

CAN-2001-1429 [1]

[1]

Date: Mon, 4 Apr 2005 12:16:50 +0200
From: Moritz Muehlenhoff <jmm at inutil.org>
To: stefano.melchior at openlabs.it
Subject: CAN-2001-1429 - Debian package affected?
X-Original-To: ste at localhost
X-SA-Exim-Connect-IP: 134.102.116.69
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false

Hi,
a week ago there has been a CAN assignment for CAN-2001-1429:
|Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local
|users to cause a denial of service (segmentation fault) and possibly
|execute arbitrary code via a crafted text file.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1429

In the secure-testing team we couldn't find enough information, whether
this is fixed for Sarge, can you confirm it fixed?

Cheers,
        Moritz

----- End forwarded message -----

-- 
GPG key = D52DF829    --    SteX    --    <stefano.melchior at openlabs.it>
Keyserver: http://keyserver.kjsl.com, User#324592, http://counter.li.org
http://www.openlabs.it/~stex          --            http://www.stex.name
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: Digital signature
URL: <http://lists.midnight-commander.org/pipermail/mc-devel/attachments/20050404/6f52eb4d/attachment.asc>


More information about the mc-devel mailing list