tags 296678 + pending thanks On Wed, Feb 23, 2005 at 11:22:11PM +0100, Moritz Muehlenhoff wrote: > > iDefense discovered a buffer overflow in NTLM authentication that may lead > to arbitrary code execution. This is CAN-2005-0490. Woody is not affected, > as it doesn't contain the vulnerable NTLM code. (It's not listed on the > Not-Vulnerable list yet, though) > > Upstream's patch to address this issue is attached, I didn't resync it > against the Debian package, because all this internal to-7.11 patching > seems, umm, scary.
yes, i know and agree about the scary patch. i'm going to remove support for libcurl2, it was used only by discover. discover now doesn't need libcurl2 any more. > There's another buffer overflow in Kerberos handling, but I doesn't seems > to be enabled in debian/rules, but please double check this. wildo cheers domenico -----[ Domenico Andreoli, aka cavok --[ http://people.debian.org/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]