On Wed, Jun 25, at 05:32 Alexander E. Patrakov wrote: > Ag. D. Hatzimanikas wrote: > > I've gathered this information about vulnerable packages (could be more). > > You missed a bunch of Xorg vulnerabilities > (http://www.debian.org/security/2008/dsa-1595). And no, I still don't want to > see 1.4.2 in the book, so let's try to extract patches from the Debian > repository. >
I missed more, with the most noticeable of them being Perl-5.8.8 (which belongs to LFS) and Apache (see changelog for details [1], it's advisable to upgrade), but poppler and a couple more are also vulnerable. > And there are also bugs other than vulnerabilities, e.g. try (by installing > xdm as your display manager, logging in with xdm, and running the testcase in > the bug report) if you can reproduce http://bugs.debian.org/486606 (it is > also said to affect all SDL games). > Thanks for the link, but I don't use any display manager. I know Bernard from the ratpoison ML, he was also the reporter for the http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142 which looks like a similar issue. 1. http://www.apache.org/dist/httpd/CHANGES_2.2.9 -- http://wiki.linuxfromscratch.org/blfs/wiki/Hacking -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
