Package: xpuzzles
Version: 5.5.4.1-2
Severity: serious
Justification: Policy 2.2.1
*** Please type your report below this line ***
According to the copyright file in this package,
# Permission to use, copy, modify, and distribute this software and
# its documentation for any purpose and w
Hi,
>* Apparently xmlto calls w3m or lynx to convert html to text, but I can't
> find the call. (I don't know why neither one is a Build-Depend.) If w3m
> is installed, it is called, but creates an error. Since I can't locate
> the error, I have listed w3m as Build-Conflicts-
Package: phpmyadmin
Version: 4:2.6.2-3sarge5
Severity: critical
Justification: root security hole
Tags: security patch
Since, phpmyadmin is on apache, and apache can be accessed from remote
host, so remote host can access mysql's [EMAIL PROTECTED] via phpmyadmin.
This will break mysql security pol
Martin Schulze <[EMAIL PROTECTED]> wrote:One question remains, though:> + // buf_size = min(count, buf_size);> + if (buf_size > count) buf_size = count;Is there any reason not to write mim() here?It's a bit faster than buf_size = min(), since there's no need to reassign "buf_size" again, if it's
Package: mimms
Version: 0.0.9-1
Severity: grave
Justification: user security hole
Tags: security patch
According to the patch attached in this report, it has many possible buffer
overflows.
For example,
- memcpy(buf, data, length) without bounding the limit of "length",
while "length" depend on
Package: pine
Version: 4.62-1
Severity: grave
Justification: renders package unusable
It should have binary .deb package for the original pine, so that it can
be redistributed in debian ftp archive. The package name may be
"pine-orig", for example.
Without binary package, users will don't know t
6 matches
Mail list logo
