On Mon, Jan 05, 2004 at 06:17:07PM -0800, Matt Zimmerman wrote: > Package: libnids > Severity: grave > > "The TCP reassembly functionality in libnids before 1.18 allows remote > attackers to cause "memory corruption" and possibly execute arbitrary code > via "overlarge TCP packets." > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 > > An update to version 1.18 should be sufficient to correct the problem. > > I am copying [EMAIL PROTECTED], since that is the only reverse > dependency. This package is orphaned and could be removed if this bug is > not fixed.
I'm having a look at this. However, upstream have changed libnids' SONAME to libnids.so.1.18, so the package name will have to change to libnids1.18; Steve, you'll need to give dsniff a Build-Depends: libnids (>= 1.18-1) and re-upload to make its dependencies match. I was going to switch to libnet1-dev too while I was at it, but it appears that dsniff won't be able to cope with that, so it can wait. Cheers, -- Colin Watson [EMAIL PROTECTED]