Package: libspf Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-1520: "Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address." This issue is fixed in 1.0.0-p5. The CVE indicates that sarge's version is vulnerable, but it does not include a sample exploit. Note that this issue only occurs when debugging is enabled. Please mention the CVE in your changelog. Thanks, Alec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEdMM1Aud/2YgchcQRAsLIAJ9uOlbr01ugx1aOVKYLRGSuO6cbHACfbbrp xw4XavajAbHIzeVJDQ5QA7w= =iijm -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
