On Wed, 11 Apr 2012 21:51:16 +0100, Jonathan Wiltshire wrote: > On Wed, Apr 11, 2012 at 05:27:10PM +0200, Arno Töll wrote: > > I've briefly verified offending code against the Squeeze and Sid version > > of the package but I didn't try to reproduce the steps to exploit wicd. > > I did try the steps, or a variation on them, and confirmed that the package > is exploitable. Patch attached, which is basically a reformat of the > researcher's patch and verified to mitigate the problem.
I already committed a fix to the upstream repository, which fixes the same bug with wired networks too. http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751 I'm releasing 1.7.2 right now, please have some patience. David -- . ''`. Debian developer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 ----|---- http://deb.li/dapal `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
signature.asc
Description: PGP signature