Hi Moritz,
On Tue, Mar 31, 2020 at 10:21:12PM +0200, Moritz Mühlenhoff wrote:
> On Sun, Mar 29, 2020 at 03:24:57PM +, Marcos Marado wrote:
> > I'm not sure if someone has access to a more fine-grained diff, but,
> > from the Changelog, I'd guess the actual fix would match this:
> >
> >
On Sun, Mar 29, 2020 at 03:24:57PM +, Marcos Marado wrote:
> I'm not sure if someone has access to a more fine-grained diff, but,
> from the Changelog, I'd guess the actual fix would match this:
>
> +netkit-telnet (0.17-14) unstable; urgency=high
> +
> + * Fixed netobuf buffer overflows.
> +
Hi,
On Sun, Mar 29, 2020 at 03:24:57PM +, Marcos Marado wrote:
> I'm not sure if someone has access to a more fine-grained diff, but,
> from the Changelog, I'd guess the actual fix would match this:
>
> +netkit-telnet (0.17-14) unstable; urgency=high
> +
> + * Fixed netobuf buffer
I'm not sure if someone has access to a more fine-grained diff, but,
from the Changelog, I'd guess the actual fix would match this:
+netkit-telnet (0.17-14) unstable; urgency=high
+
+ * Fixed netobuf buffer overflows.
+
+ -- Herbert Xu Sat, 11 Aug 2001 17:52:25 +1000
Best regards,
--
Marcos
On Sun, Mar 29, 2020 at 04:50:07PM +0200, Salvatore Bonaccorso wrote:
> It might be possible that Debian is fixed for it since 0.17-18woody2
> (for src:netkit-telnet).
For reference the respective diff.
Salvatore
diff --git a/ChangeLog b/ChangeLog
index 01b552ed0824..7ef5e3e04927 100644
---
Hi,
On Sun, Mar 29, 2020 at 09:40:00AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Mar 28, 2020 at 06:43:28PM +, Marcos Marado wrote:
> > Did anyone confirm this against Debian's netkit?
>
> No this needs to happen yet. We rather want to play on the safe side
> here and mark
Hi,
On Sat, Mar 28, 2020 at 06:43:28PM +, Marcos Marado wrote:
> Did anyone confirm this against Debian's netkit?
No this needs to happen yet. We rather want to play on the safe side
here and mark something yet 'wrongly as affected until we have
assurance that the vulnerability is not
Did anyone confirm this against Debian's netkit?
At least on 0.17.24 (the earlier version on debian I could get my
hands on) or later, the nextitem function has this check:
>if (current >= end) {
> current = next;
>if (!current) {
>
Source: netkit-telnet
Version: 0.17-41.2
Severity: important
Tags: security upstream
Control: clone -1 -2
Control: reassign -2 src:netkit-telnet-ssl 0.17.41+0.2-3.2
Control: retitle -2 netkit-telnet-ssl: CVE-2020-10188
Control: found -1 0.17-41
Control: found -2 0.17.41+0.2-3
Hi,
The following
9 matches
Mail list logo