Martin Schulze wrote: > Package: mc > Version: 4.6.0-4.6.1-pre1-3 > Severity: grave > Tags: sarge sid security patch > > I'm awfully sorry but when releasing DSA 639 I was under the impression > that the version of mc was sufficiently new and contained all security > fixes already. However, Gerardo Di Giacomo denied that, so attached > please find the patch he provided for a Debian fork which also applies > to the version in sarge = sid. I'm also attaching the patches I've > used for the update in woody. > > CAN-2004-1004 > > Multiple format string vulnerabilities > > CAN-2004-1005 > > Multiple buffer overflows > > Linkname: [SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities > URL: > http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00017.html > > Please correct the package.
Thanks for the bug report. I've just verified that theses bugs are already fixed in the upcoming pre3 release of mc. They will be fixed as soon as the ITA is completed (Stefano and I will maintain mc). Stefano, I think it's time to complete the ITA ! Cheers, -- Ludovic Drolez. http://www.palmopensource.com - The PalmOS Open Source Portal http://www.drolez.com - Personal site - Linux and PalmOS stuff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
