Hi guys, Could someone please give me a hand with this bug #425753?
Sam's 'security only' patches applied cleanly. See attachment. I've uploaded the patched packages here: http://static.natalian.org/2007-05-26/ Sam says on #425753: """ The impact of this security hole is: Remote denial of service. In more detail, the security problem allows a remote attacker to cause MaraDNS to allocate an arbitrary large amount of memory. """ I think these bugs are serious enough to warrant a security update, as per: http://release.debian.org/stable/4.0/4.0r1/ Best wishes,
black$ patch -p1 < maradns-1.3.02-ect.d-leakfix.patch patching file server/MaraDNS.c Hunk #1 succeeded at 4889 (offset -37 lines). black$ patch -p1 < maradns-1.3.04-memleak.patch patching file server/MaraDNS.c Hunk #1 succeeded at 3054 (offset -58 lines). Hunk #2 succeeded at 3070 (offset -58 lines). Hunk #3 succeeded at 3078 (offset -58 lines). Hunk #4 succeeded at 3768 (offset -127 lines). black$ md5sum maradns_1.2.12.04-2.diff.gz bfc0b78a94294d4ced5b88f43f9affde maradns_1.2.12.04-2.diff.gz
signature.asc
Description: Digital signature