Hi Christian! Debian Bug Tracking System [2005-09-26 11:33 -0700]: > > - as you stated in your next mail, it doesn't seem that sarge/4.0 is > > affected. - sarge doesn't carry a 5.0 version > > - thus all sid versions should be okay too. > > After checking the advisory I would say that Sean is right, no Debian versions > are vulnerable any more as this advisory is really very old.
Maybe this was too quick - in the Ubuntu bug [1] the reporter successfully ran the exploit against 4.0.24. Martin [1] https://bugzilla.ubuntu.com/show_bug.cgi?id=16205 -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]