oss-sec mailing list archives
Re: update on CVE-2008-5718
From: Thomas Biege <thomas () suse de>
Date: Wed, 14 Jan 2009 09:21:57 +0100
Hello Nico, On Wed, Jan 14, 2009 at 12:32:07AM +0100, Nico Golde wrote:
Hi, I just did a security update for CVE-2008-5718 and since the description is not really verbose I thought I'd share what I found in case anyone else is working on that.
...
Cheers Nico P.S. The patch I used can be found on: http://people.debian.org/~nion/nmu-diff/netatalk-2.0.3-11_2.0.3-11+lenny1.patch
I am not very happy with the patch because it just filters a handful of characters, a better solution would be to replace popen(). (I mentioned this on the netatalk-devel ML but got no answer so far.) -- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Current thread:
- update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)