OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 19-Mar-2003 16:02:22 Branch: HEAD Handle: 2003031915022200 Modified files: openpkg-web/security OpenPKG-SA-2003.024-ircii.txt Log: final polishing and signing Summary: Revision Changes Path 1.3 +22 -12 openpkg-web/security/OpenPKG-SA-2003.024-ircii.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.024-ircii.txt ============================================================================ $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.024-ircii.txt --- openpkg-web/security/OpenPKG-SA-2003.024-ircii.txt 19 Mar 2003 14:31:37 -0000 1.2 +++ openpkg-web/security/OpenPKG-SA-2003.024-ircii.txt 19 Mar 2003 15:02:22 -0000 1.3 @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project @@ -20,23 +23,23 @@ Description: Timo Sirainen audited ircII based clients [1] and found some buffer overflow vulnerabilities in ircii-20020912 [2]. According to his - report these problems were fixed by in ircii-20030313. We have - backported the security relevant pieces of the more recent - ircii-20030315 vendor changes into releases used by OpenPKG. - - Please check whether you are affected by running "<prefix>/bin/rpm - -q ircii". If you have the "ircii" package installed and its version - is affected (see above), we recommend that you immediately upgrade - it (see Solution). [3][4] + report these problems were fixed in ircii-20030313. We have backported + the security relevant pieces of the more recent ircii-20030315 vendor + changes into releases used by OpenPKG. + + Please check whether you are affected by running "<prefix>/bin/rpm -q + ircii". If you have the "ircii" package installed and its version is + affected (see above), we recommend that you immediately upgrade it + (see Solution). [3][4] Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM - from it [3] and update your OpenPKG installation by applying the binary - RPM [4]. For the current release OpenPKG 1.2, perform the following - operations to permanently fix the security problem (for other releases - adjust accordingly). + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the current release OpenPKG 1.2, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin @@ -70,3 +73,10 @@ the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ +-----BEGIN PGP SIGNATURE----- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQE+eIZngHWT4GPEy58RAleYAJ4xmlL78sJFnmZ48XONR3NCTcxOTwCgrShv +PO52bUXnK9qzPMon2U9TXvo= +=Vnet +-----END PGP SIGNATURE----- @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]