[Secure-testing-team] Re: Accepted elog 2.5.7+r1558-2 (i386 source)
Moritz Muehlenhoff
jmm at inutil.org
Thu May 5 14:11:11 UTC 2005
Recai Oktas wrote:
> > No, but please contact the security team and the testing security team to
> > inform them of this upload.
>
> FYI, the new elog package was accepted for testing. As mentioned in my
> previous posting[1], this version includes a fix[2] for a possible
> buffer overflow. A long file name supplied in elogd configuration for
> the 'logfile' setting may cause such a buffer overflow. This problem
> has no CVE id.
Thanks, this has already been added to the tracking list some hours ago, once
it appeared on debian-devel-changes.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list