Hi, http://www.debian.org/security/2005/dsa-639 states a bunch of vulnerabilities that are supposed to be fixed in CVS (they seem to have overseen CAN-2004-0494 however). These vulnerabilities at least affect users of mc-4.5.55 and before. The question is when have these been fixed in CVS? Are they relevant to users of 4.6.0?
* CAN-2004-1004 Multiple format string vulnerabilities * CAN-2004-1005 Multiple buffer overflows * CAN-2004-1009 One infinite loop vulnerability * CAN-2004-1090 Denial of service via corrupted section header * CAN-2004-1091 Denial of service via null dereference * CAN-2004-1092 Freeing unallocated memory * CAN-2004-1093 Denial of service via use of already freed memory * CAN-2004-1174 Denial of service via manipulating non-existing file handles * CAN-2004-1175 Unintended program execution via insecure filename quoting * CAN-2004-1176 Denial of service via a buffer underflow Leonard. -- mount -t life -o ro /dev/dna /genetic/research _______________________________________________ Mc-devel mailing list http://mail.gnome.org/mailman/listinfo/mc-devel