OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 12-Mar-2004 16:16:16 Branch: HEAD Handle: 2004031215161600 Modified files: openpkg-web/security OpenPKG-SA-2004.006-uudeview.txt Log: release OpenPKG Security Advisory 2004.006 (uudeview) Summary: Revision Changes Path 1.2 +17 -9 openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt ============================================================================ $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.006-uudeview.txt --- openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt 12 Mar 2004 14:45:10 -0000 1.1 +++ openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt 12 Mar 2004 15:16:16 -0000 1.2 @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project @@ -18,13 +21,14 @@ Dependent Packages: none Description: - Alerted by a posting on Bugtraq [1] the uudeview [2] package was - reviewed. It was found that 0.5.19 and later contain a bug which + Alerted by a posting on Bugtraq [1] the UUDeview [2] package was + reviewed. It was found that 0.5.19 and later contains a bug which leads to failure retrieving the filename during decode. All versions - suffered from insecure temp file handling. Version 0.5.20 contains bug - fixes for the parsing of header lines, exact handling of maximum line - length and fixes for two buffer overflows which needed backporting. - The corected packages listed above remedy all of these problems. + suffered from insecure temporary file handling. Version 0.5.20 + contains bug fixes for the parsing of header lines, exact handling of + maximum line length and fixes for two buffer overflows which needed + backporting. The corected packages listed above remedy all of these + problems. Please check whether you are affected by running "<prefix>/bin/rpm -q uudeview". If you have the "uudeview" package installed and its @@ -49,9 +53,6 @@ $ <prefix>/bin/openpkg rpm --rebuild uudeview-0.5.19-2.0.1.src.rpm $ su - # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/uudeview-0.5.19-2.0.1.*.rpm - - Additionally, we recommend that you rebuild and reinstall - all dependent packages (see above), if any, too. [3][4] ________________________________________________________________________ References: @@ -73,3 +74,10 @@ for details on how to verify the integrity of this advisory. ________________________________________________________________________ +-----BEGIN PGP SIGNATURE----- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFAUdQsgHWT4GPEy58RAlYkAKCeapN+4xx6Q2acF29Sr2ZxqCxPZgCeMsb/ +Mc2nhcVu62xu1RQp65aa/Xk= +=mu4H +-----END PGP SIGNATURE----- @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]