Forwarding to the list:
Hi Neutron,
* Neutron Soutmun [EMAIL PROTECTED] [2008-04-21 02:58]:
According to
http://lists.debian.org/debian-mentors/2008/04/msg00251.html
which Paul Wise advice me to contact to the security audit team to
review
my package xiterm+thai (http://packages.qa.debian.org/x/xiterm%
2Bthai.html)
[...]
I have no time auditing this bug one thing came to my mind
when I had a look in main.c:
1655 if ((display_name = getenv (DISPLAY)) == NULL)
1656 display_name = :0;
Please fix that code to print an error, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and
http://article.gmane.org/gmane.comp.security.oss.general/122
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG:
0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
เมื่อ จ. 2008-04-21 เวลา 13:05 +0200, Nico Golde เขียนว่า:
Hi Neutron,
* Neutron Soutmun [EMAIL PROTECTED] [2008-04-21 02:58]:
According to
http://lists.debian.org/debian-mentors/2008/04/msg00251.html
which Paul Wise advice me to contact to the security audit team to
review
my package xiterm+thai (http://packages.qa.debian.org/x/xiterm%
2Bthai.html)
[...]
I have no time auditing this bug one thing came to my mind
when I had a look in main.c:
1655 if ((display_name = getenv (DISPLAY)) == NULL)
1656 display_name = :0;
Please fix that code to print an error, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 and
http://article.gmane.org/gmane.comp.security.oss.general/122
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG:
0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
signature.asc
Description: นี่คือ ส่วนข้ อความท ี่มีลา ยเซ็นด ิจิทัล กำกับ