This bug was fixed in the package mcrypt - 2.6.8-1.2 Sponsored for Logan Rosen (logan)
--------------- mcrypt (2.6.8-1.2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix three other buffer overflows in check_file_head. * Fix use of uninitialized data when no salt is used. * Enable hardening flags. -- Raphael Geissert <geiss...@debian.org> Sat, 15 Sep 2012 13:40:02 -0500 mcrypt (2.6.8-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * CVE-2012-4409: buffer overflow when decrypting a file with a too long salt. * No id: format-string attacks via file name arguments and possibly others. -- Raphael Geissert <geiss...@debian.org> Thu, 06 Sep 2012 15:38:44 -0500 ** Changed in: mcrypt (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1051391 Title: Sync mcrypt 2.6.8-1.1 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mcrypt/+bug/1051391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs