Domenico Andreoli wrote: > > http://www.hardened-php.net/advisory_242005.109.html > > > > Stefan Esser discovered several off-by-one errors in libcurl, a > > multi-protocol file transfer library, that allows local users to > > trigger a buffer overflow and cause a denial of service or bypass PHP > > security restrictions via certain URLs. > > this is a duplicate of #342339.
Umh... I didn't see that bug. > current sid version, 7.15.1-1 is already fixed. current woody version, > 7.9.5-1 is not affected either. Are you sure? Even though the code is quite different, the buffer extension part of the patch also applied to the woody package. > etch and sarge are left. for what regards sarge, i already prepared a > scurity fix and sent a mail to the security team, you can read it in > the log of #342339. Oh, haven't seen it. Will check. > curl 7.13.2-2sarge4 is available at http://people.debian.org/~cavok/curl/, > please give it a glance. Done. Will prepare a new upload. It seems we have never talked about CVE-2005-3185 before. And even worse, when I checked I didn't find the offending file in the archive. Thanks, Joey -- The only stupid question is the unasked one. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
