oss-sec mailing list archives
Re: update on CVE-2008-5718
From: Thomas Biege <thomas () suse de>
Date: Wed, 28 Jan 2009 14:54:33 +0100
New patch attached, the old one was missing spaces. Hope the blacklist is complete now... On Wed, Jan 14, 2009 at 09:21:57AM +0100, Thomas Biege wrote:
Hello Nico, On Wed, Jan 14, 2009 at 12:32:07AM +0100, Nico Golde wrote:Hi, I just did a security update for CVE-2008-5718 and since the description is not really verbose I thought I'd share what I found in case anyone else is working on that....Cheers Nico P.S. The patch I used can be found on: http://people.debian.org/~nion/nmu-diff/netatalk-2.0.3-11_2.0.3-11+lenny1.patchI am not very happy with the patch because it just filters a handful of characters, a better solution would be to replace popen(). (I mentioned this on the netatalk-devel ML but got no answer so far.) -- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
-- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Attachment:
netatalk-2.0.3-CVE-2008-5718.patch
Description:
Current thread:
- update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)