Bugtraq mailing list archives
Re: Debian not vulnerable to recent cron buffer overflow
From: joey () FINLANDIA INFODROM NORTH DE (Martin Schulze)
Date: Sun, 29 Aug 1999 08:23:32 +0200
Marc Merlin wrote:
On Thu, Aug 26, 1999 at 09:47:22AM -0700, Aleph One wrote:---------------------------------------------------------------------------- Debian Security Advisory security () debian org http://www.debian.org/security/ Martin Schulze August 26, 1999 ---------------------------------------------------------------------------- Red Hat has recently released a Security Advisory (RHSA-1999:030-01) covering a buffer overflow in the vixie cron package. Debian has discovered this bug two years ago and fixed it. Therefore versions in both, the stable and the unstable, distributions of Debian are not vulnerable to this problem..Does anyone know if Debian never sent the fix to Paul Vixie, or if it was sent and Paul "missed it"? Even in the second case, unless Paul repeatedly refused the patch, it'd have been nice for the Debian maintainer to make sure that the patch was incorporated in the main source code, not just in Debian...
The upstream source of Vixie Cron hasn't been maintained for years. I remember working on the same code before I joined Debian, trying to send him patches. The patch wasn't hidden, Caldera knew it and Caldera immediately reacted to the advisory from Red Hat, stating that it's an old - and fixed - bug. Regards, Joey -- The good thing about standards is that there are so many to choose from. -- Andrew S. Tanenbaum
Current thread:
- Re: Debian not vulnerable to recent cron buffer overflow Marc Merlin (Aug 28)
- Re: Debian not vulnerable to recent cron buffer overflow Martin Schulze (Aug 28)