Forwarding to the list: > Hi Neutron, > * Neutron Soutmun <[EMAIL PROTECTED]> [2008-04-21 02:58]: > > According to > > http://lists.debian.org/debian-mentors/2008/04/msg00251.html > > which Paul Wise advice me to contact to the security audit team to > > review > > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm% > > 2Bthai.html) > > [...] > I have no time auditing this bug one thing came to my mind > when I had a look in main.c: > 1655 if ((display_name = getenv ("DISPLAY")) == NULL) > 1656 display_name = ":0"; > > Please fix that code to print an error, see: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and > http://article.gmane.org/gmane.comp.security.oss.general/122 > > Kind regards > Nico > -- > Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: > 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted. > เมื่อ จ. 2008-04-21 เวลา 13:05 +0200, Nico Golde เขียนว่า: > Hi Neutron, > * Neutron Soutmun <[EMAIL PROTECTED]> [2008-04-21 02:58]: > > According to > > http://lists.debian.org/debian-mentors/2008/04/msg00251.html > > which Paul Wise advice me to contact to the security audit team to > > review > > my package xiterm+thai (http://packages.qa.debian.org/x/xiterm% > > 2Bthai.html) > > [...] > I have no time auditing this bug one thing came to my mind > when I had a look in main.c: > 1655 if ((display_name = getenv ("DISPLAY")) == NULL) > 1656 display_name = ":0"; > > Please fix that code to print an error, see: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and > http://article.gmane.org/gmane.comp.security.oss.general/122 > > Kind regards > Nico > -- > Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: > 0x73647CFF > For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: นี่คือ ส่วนข้ อความท ี่มีลา ยเซ็นด ิจิทัล กำกับ