[jmm at inutil.org: CAN-2001-1429 - Debian package affected?]
Stefano Melchior
stefano.melchior at openlabs.it
Mon Apr 4 20:23:39 UTC 2005
Hi lists,
I, as a co-maintainer of mc, together with Ludovic Drolez, was wondering
if the following buffer overflow [0] have been definitively fixed with the 4.6.1-pre3
release.
Can you confirm this? Meanwhile I will do some checkes on the deb package.
Thank you in advance
Reagards
SteX
[0]
http://www.debian.org/security/2005/dsa-698
and
CAN-2001-1429 [1]
[1]
Date: Mon, 4 Apr 2005 12:16:50 +0200
From: Moritz Muehlenhoff <jmm at inutil.org>
To: stefano.melchior at openlabs.it
Subject: CAN-2001-1429 - Debian package affected?
X-Original-To: ste at localhost
X-SA-Exim-Connect-IP: 134.102.116.69
X-SA-Exim-Mail-From: jmm at inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Hi,
a week ago there has been a CAN assignment for CAN-2001-1429:
|Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local
|users to cause a denial of service (segmentation fault) and possibly
|execute arbitrary code via a crafted text file.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1429
In the secure-testing team we couldn't find enough information, whether
this is fixed for Sarge, can you confirm it fixed?
Cheers,
Moritz
----- End forwarded message -----
--
GPG key = D52DF829 -- SteX -- <stefano.melchior at openlabs.it>
Keyserver: http://keyserver.kjsl.com, User#324592, http://counter.li.org
http://www.openlabs.it/~stex -- http://www.stex.name
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: Digital signature
URL: <http://lists.midnight-commander.org/pipermail/mc/attachments/20050404/6f52eb4d/attachment.asc>
More information about the mc
mailing list