Bugtraq mailing list archives

Re: Debian not vulnerable to recent cron buffer overflow

From: marc_news () MERLINS ORG (Marc Merlin)
Date: Sat, 28 Aug 1999 22:43:03 -0700


On Thu, Aug 26, 1999 at 09:47:22AM -0700, Aleph One wrote:

----------------------------------------------------------------------------
Debian Security Advisory                                 security () debian org
http://www.debian.org/security/                               Martin Schulze
August 26, 1999
----------------------------------------------------------------------------

Red Hat has recently released a Security Advisory (RHSA-1999:030-01)
covering a buffer overflow in the vixie cron package.  Debian has
discovered this bug two years ago and fixed it.  Therefore versions in
both, the stable and the unstable, distributions of Debian are not
vulnerable to this problem..


Does anyone know  if Debian never sent the  fix to Paul Vixie, or  if it was
sent and Paul "missed it"?

Even in the second case, unless Paul repeatedly refused the patch, it'd have
been  nice  for the  Debian  maintainer  to make  sure  that  the patch  was
incorporated in the main source code, not just in Debian...

Marc

--
Microsoft is to software what McDonalds is to gourmet cooking

Home page: http://marc.merlins.org/ (friendly to non IE browsers)
Finger marc_f () merlins org for PGP key and other contact information

Current thread:

Re: Debian not vulnerable to recent cron buffer overflow Marc Merlin (Aug 28)
- Re: Debian not vulnerable to recent cron buffer overflow Martin Schulze (Aug 28)