OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 12-Mar-2004 16:16:16
Branch: HEAD Handle: 2004031215161600
Modified files:
openpkg-web/security OpenPKG-SA-2004.006-uudeview.txt
Log:
release OpenPKG Security Advisory 2004.006 (uudeview)
Summary:
Revision Changes Path
1.2 +17 -9 openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.006-uudeview.txt
--- openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt 12 Mar 2004 14:45:10
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2004.006-uudeview.txt 12 Mar 2004 15:16:16
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -18,13 +21,14 @@
Dependent Packages: none
Description:
- Alerted by a posting on Bugtraq [1] the uudeview [2] package was
- reviewed. It was found that 0.5.19 and later contain a bug which
+ Alerted by a posting on Bugtraq [1] the UUDeview [2] package was
+ reviewed. It was found that 0.5.19 and later contains a bug which
leads to failure retrieving the filename during decode. All versions
- suffered from insecure temp file handling. Version 0.5.20 contains bug
- fixes for the parsing of header lines, exact handling of maximum line
- length and fixes for two buffer overflows which needed backporting.
- The corected packages listed above remedy all of these problems.
+ suffered from insecure temporary file handling. Version 0.5.20
+ contains bug fixes for the parsing of header lines, exact handling of
+ maximum line length and fixes for two buffer overflows which needed
+ backporting. The corected packages listed above remedy all of these
+ problems.
Please check whether you are affected by running "<prefix>/bin/rpm
-q uudeview". If you have the "uudeview" package installed and its
@@ -49,9 +53,6 @@
$ <prefix>/bin/openpkg rpm --rebuild uudeview-0.5.19-2.0.1.src.rpm
$ su -
# <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/uudeview-0.5.19-2.0.1.*.rpm
-
- Additionally, we recommend that you rebuild and reinstall
- all dependent packages (see above), if any, too. [3][4]
________________________________________________________________________
References:
@@ -73,3 +74,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFAUdQsgHWT4GPEy58RAlYkAKCeapN+4xx6Q2acF29Sr2ZxqCxPZgCeMsb/
+Mc2nhcVu62xu1RQp65aa/Xk=
+=mu4H
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
