Debian security advisory

Roland Illig roland.illig at gmx.de
Sun Jan 30 13:57:13 UTC 2005


Leonard den Ottolander wrote:
> Hi,
> 
> http://www.debian.org/security/2005/dsa-639 states a bunch of
> vulnerabilities that are supposed to be fixed in CVS (they seem to have
> overseen CAN-2004-0494 however). These vulnerabilities at least affect
> users of mc-4.5.55 and before. The question is when have these been
> fixed in CVS? Are they relevant to users of 4.6.0?

My question is: How can we get the details of the vulnerabilities? A 
statement like "mc contains buffer overflows" doesn't help me. I know 
that myself. But where is it? Knowing the particular file or a use case 
would help a lot.

Roland



More information about the mc-devel mailing list