[security] OpenPKG Security Advisory (uudeview)
Lorenzo Iannuzzi
nakis a libero.it
Ven 12 Mar 2004 19:00:51 CET
http://www.openpkg.org/security.html
Alerted by a posting on Bugtraq the UUDeview package was
reviewed. It was found that 0.5.19 and later contains a bug which
leads to failure retrieving the filename during decode. All versions
suffered from insecure temporary file handling. Version 0.5.20
contains bug fixes for the parsing of header lines, exact handling of
maximum line length and fixes for two buffer overflows which needed
backporting. The corected packages listed above remedy all of these
problems.
--
Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040312/716a341f/attachment.pgp
Maggiori informazioni sulla lista
security