> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > -------------------------------------------------------------------------- > Debian Security Advisory DSA 687-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > February 18th, 2005 http://www.debian.org/security/faq > - > -------------------------------------------------------------------------- > > Package : bidwatcher > Vulnerability : format string > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2005-0158 > > Ulf Härnhammar from the Debian Security Audit Project discovered a > format string vulnerability in bidwatcher, a tool for watching and > bidding on eBay auctions. This problem can be triggered remotely by a > web server of eBay, or someone pretending to be eBay, sending certain > data back. As of version 1.3.17 the program uses cURL and is not > vulnerable anymore. > > For the stable distribution (woody) this problem has been fixed in > version 1.3.3-1woody1. > > For the unstable distribution (sid) this problem will be fixed soon. > > We recommend that you upgrade your bidwatcher package. > > > Upgrade Instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.dsc > Size/MD5 checksum: 637 2a65bc6cbed81466721793318948aed4 > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz > Size/MD5 checksum: 3368 b36c63ae2e6a5c42bb13c506f980e1ba > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3.orig.tar.gz > Size/MD5 checksum: 136679 2094c233fa21c80f65d5dce1bf4fb133 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_alpha.deb > Size/MD5 checksum: 95574 dc1f1c5581af8526fe916ea0246fec8e > > ARM architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_arm.deb > Size/MD5 checksum: 85060 6dff37d2dbb68c869553b4008b47f7df > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_i386.deb > Size/MD5 checksum: 82152 49d709d2f5a81dcfd8b462d60af5218b > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_ia64.deb > Size/MD5 checksum: 103978 874237be875f51817240c7ce79a96732 > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_hppa.deb > Size/MD5 checksum: 109292 b164a9dc42b40a2eda85896dfec8d310 > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_m68k.deb > Size/MD5 checksum: 79942 7d101eb867927c88d5ec2fd127494497 > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mips.deb > Size/MD5 checksum: 81562 f0f65a2f84feef4dc4afa5cb82126350 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mipsel.deb > Size/MD5 checksum: 80606 1e2786878f126a90e26c6894d44f7d35 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_powerpc.deb > Size/MD5 checksum: 81478 19128bd956597ed8ed7c6780b09ee15d > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_s390.deb > Size/MD5 checksum: 80902 d4d892f6ffb796106bdcb09c8ed3181a > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_sparc.deb > Size/MD5 checksum: 80802 d5882fbca7b6a7b2205a1fb8b5c76112 > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: debian-security-announce@lists.debian.org > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (GNU/Linux) > > iD8DBQFCFh7aW5ql+IAeqTIRAjjLAJ41DHcqCxgorvj2YOZQ1THak4eaKgCdFwoy > U2Lv4hX+dt2oYYG8depUris= > =sKEt > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]