Package: orpheus Severity: important Tags: security patch CVE-2005-3863: "Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro."
The affected macro is VGETSTRING, which is used by (among others) treeview::addleaff in kkconsui/src/treeview.cc, which is used by (among others) src/uitext.cc. This issue appears to affect motor in woody and sarge. A patch may be found in #340959 [1]. Please mention the CVE in your changelog. Thanks, Alec [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340959 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
