Package: madwifi Version: 1:0.9.2+r1842.20061207-1 Severity: critical Tags: security Justification: root security hole
According to the upstream advisory <http://madwifi.org/wiki/news/20061207/release-0-9-2-1-fixes-critical-security-issue>: "A critical security flaw (CVE-2006-6332) has been discovered which can be exploited from remote and allows arbitrary code injection. The fix has been committed to trunk in r1842. In addition, we released v0.9.2.1 (v0.9.2 plus the fix for the issue), which is available for download from sf.net." However, r1842 did *not* completely fix the flaw. One of the length checks was wrong and was subsequently fixed in SVN r1847. Ben. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
