Debian security advisory

Leonard den Ottolander leonard at den.ottolander.nl
Sun Jan 30 14:36:20 UTC 2005


Hi Roland, Andrew,

On Sun, 2005-01-30 at 14:57, Roland Illig wrote:
> My question is: How can we get the details of the vulnerabilities? A 
> statement like "mc contains buffer overflows" doesn't help me. I know 
> that myself. But where is it? Knowing the particular file or a use case 
> would help a lot.

Yup. Andrew, could you please also post these patches for CAN
vulnerabilities here? That would come in handy :) .

I extracted the relevant patches from
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5.diff.gz . See attached tgz which has patches included for CAN-2004-1004, CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 and CAN-2004-1176.

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research

-------------- next part --------------
A non-text attachment was scrubbed...
Name: CAN-patches.tgz
Type: application/x-compressed-tar
Size: 6644 bytes
Desc: not available
URL: <http://lists.midnight-commander.org/pipermail/mc-devel/attachments/20050130/444ada50/attachment.bin>


More information about the mc-devel mailing list