On Thu, 2 Feb 2012, Jakub Wilk wrote:
* Harry Sintonen , 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of e
* Harry Sintonen , 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of exploiting string format
vulnerabilities
A full-disclosure user reported issue in sudo. Please verify:
http://seclists.org/fulldisclosure/2012/Jan/590 I hope the version
information is correct in this bug-report.
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417
On Mon, 30 Jan 2012 17:27:17 +0200, Henri Salo wrote:
> A full-disclosure user reported issue in sudo. Please verify:
> http://seclists.org/fulldisclosure/2012/Jan/590 I hope the version
> information is correct in this bug-report. Please contact me if you
> need testing and I can help!
Thanks f
This issue seems to be: CVE-2012-0809
Gentoo report: https://bugs.gentoo.org/show_bug.cgi?id=401533
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: sudo
Version: 1.8.3p1-2
Severity: important
A full-disclosure user reported issue in sudo. Please verify:
http://seclists.org/fulldisclosure/2012/Jan/590 I hope the version information
is correct in this bug-report. Please contact me if you need testing and I can
help!
- Henri Salo
6 matches
Mail list logo