Re: [Cooker] Re: [CHRPM] libgtop2-2.0.2-1mdk
On 2003-06-04(Wed) 11:30:28 +0200, Frederic Crozat wrote: Fred, probably you will want to release libgtop 1.0.14 too? 2.0.2 is released because of security problem, and 1.0.14 is the same. Well, 1.0.14 has still not been released !! How come... it has been tagged as 1.0.14 in CVS but no tarball uploaded to GNOME CVS... Anyway, I'll grab the security fix from our security updates.. Just checked, all security fixes are already in 1.0.13-4mdk... I checked again, that particular fix is not in 1.0.13-4mdk. The fix is applied on May 12th. Attached with this mail. Abel -- Frederic Crozat MandrakeSoft -- Abel Cheung Linux counter #256983 | http://counter.li.org GPG Key: (0xC67186FF) | http://deaddog.org/gpg.asc Key fingerprint: 671C C7AE EFB5 110C D6D1 41EE 4152 E1F1 C671 86FF diff -ur --exclude=CVS --exclude=po libgtop.0509/ChangeLog libgtop/ChangeLog --- libgtop.0509/ChangeLog 2002-12-11 21:07:50.0 +0800 +++ libgtop/ChangeLog 2003-05-12 06:23:47.0 +0800 @@ -1,3 +1,7 @@ +2003-05-11 Andrew Sobala [EMAIL PROTECTED] + + * up version to 1.0.14 + 2002-12-11 Stanislav Brabec [EMAIL PROTECTED] * sysdeps/guile/Makefile.am, sysdeps/guile/names/Makefile.am: diff -ur --exclude=CVS --exclude=po libgtop.0509/LIBGTOP-VERSION libgtop/LIBGTOP-VERSION --- libgtop.0509/LIBGTOP-VERSION2001-11-27 06:36:18.0 +0800 +++ libgtop/LIBGTOP-VERSION 2003-05-12 06:23:47.0 +0800 @@ -8,7 +8,7 @@ # LIBGTOP_MAJOR_VERSION=1 LIBGTOP_MINOR_VERSION=0 -LIBGTOP_MICRO_VERSION=13 +LIBGTOP_MICRO_VERSION=14 LIBGTOP_INTERFACE_AGE=12 LIBGTOP_BINARY_AGE=12 diff -ur --exclude=CVS --exclude=po libgtop.0509/src/daemon/ChangeLog libgtop/src/daemon/ChangeLog --- libgtop.0509/src/daemon/ChangeLog 2001-11-27 06:12:02.0 +0800 +++ libgtop/src/daemon/ChangeLog2003-05-12 06:23:52.0 +0800 @@ -1,3 +1,7 @@ +2003-05-11 Andrew Sobala [EMAIL PROTECTED] + + * gnuserv.c: (permitted): fix buffer overflow vulnerability + 2001-11-26 Kevin Vandersloot [EMAIL PROTECTED] * gnuserv.c: Apply patch fixing security issue from diff -ur --exclude=CVS --exclude=po libgtop.0509/src/daemon/gnuserv.c libgtop/src/daemon/gnuserv.c --- libgtop.0509/src/daemon/gnuserv.c 2001-11-27 06:12:02.0 +0800 +++ libgtop/src/daemon/gnuserv.c2003-05-12 06:23:52.0 +0800 @@ -200,6 +200,11 @@ auth_data_len = atoi (buf); + if (auth_data_len 1 || auth_data_len sizeof(buf)) { + syslog_message(LOG_WARNING, Invalid data length supplied by client); + return FALSE; + } + if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) return FALSE; pgp0.pgp Description: PGP signature
[Cooker] Re: [CHRPM] libgtop2-2.0.2-1mdk
On 2003-06-03(Tue) 14:16:06 +0200, Frederic Crozat wrote: --=-=-= Name: libgtop2 Relocations: (not relocateable) Version : 2.0.2 Vendor: MandrakeSoft Release : 1mdk Build Date: Tue Jun 3 13:57:42 2003 --=-=-= * Tue Jun 03 2003 Frederic Crozat [EMAIL PROTECTED] - 2.0.2-1mdk - Release 2.0.2 - mklibnamification - Patch0 (rawhide): fix autoconf/automake environment - Remove libgtop_daemon2, it has security issues. Fred, probably you will want to release libgtop 1.0.14 too? 2.0.2 is released because of security problem, and 1.0.14 is the same. Abel -- Abel Cheung Linux counter #256983 | http://counter.li.org GPG Key: (0xC67186FF) | http://deaddog.org/gpg.asc Key fingerprint: 671C C7AE EFB5 110C D6D1 41EE 4152 E1F1 C671 86FF pgp0.pgp Description: PGP signature
Re: [Cooker] Re: [CHRPM] libgtop2-2.0.2-1mdk
On Wed, 04 Jun 2003 01:51:13 +0800, R.I.P. Deaddog wrote: --ftEhullJWpWg/VHq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003-06-03(Tue) 14:16:06 +0200, Frederic Crozat wrote: --=3D-=3D-=3D Name: libgtop2 Relocations: (not relocateable) Version : 2.0.2 Vendor: MandrakeSoft Release : 1mdk Build Date: Tue Jun 3 13:57:= 42 2003 --=3D-=3D-=3D * Tue Jun 03 2003 Frederic Crozat [EMAIL PROTECTED] - 2.0.2-1mdk =20 - Release 2.0.2 - mklibnamification - Patch0 (rawhide): fix autoconf/automake environment - Remove libgtop_daemon2, it has security issues. Fred, probably you will want to release libgtop 1.0.14 too? 2.0.2 is released because of security problem, and 1.0.14 is the same. Well, 1.0.14 has still not been released !! Anyway, I'll grab the security fix from our security updates.. -- Frederic Crozat MandrakeSoft
Re: [Cooker] Re: [CHRPM] libgtop2-2.0.2-1mdk
On Wed, 04 Jun 2003 11:21:19 +0200, Frederic Crozat wrote: On Wed, 04 Jun 2003 01:51:13 +0800, R.I.P. Deaddog wrote: --ftEhullJWpWg/VHq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003-06-03(Tue) 14:16:06 +0200, Frederic Crozat wrote: --=3D-=3D-=3D Name: libgtop2 Relocations: (not relocateable) Version : 2.0.2 Vendor: MandrakeSoft Release : 1mdk Build Date: Tue Jun 3 13:57:= 42 2003 --=3D-=3D-=3D * Tue Jun 03 2003 Frederic Crozat [EMAIL PROTECTED] - 2.0.2-1mdk =20 - Release 2.0.2 - mklibnamification - Patch0 (rawhide): fix autoconf/automake environment - Remove libgtop_daemon2, it has security issues. Fred, probably you will want to release libgtop 1.0.14 too? 2.0.2 is released because of security problem, and 1.0.14 is the same. Well, 1.0.14 has still not been released !! Anyway, I'll grab the security fix from our security updates.. Just checked, all security fixes are already in 1.0.13-4mdk... -- Frederic Crozat MandrakeSoft