Hi Joey, Thanks for sending this to me. I had not been notified of this problem.
I am out of the state on business at the moment, and will unfortunately not have the time to prepare a patch until Wednesday at the earliest. It would be fine with me if you and/or the stable security team wish to NMU this. Please just post your diff to the BTS, or (if you use darcs), darcs send me a patch against http://darcs.complete.org/gopher. -- John On Sun, Sep 11, 2005 at 02:09:35PM -0400, Joey Hess wrote: > Package: gopher > Severity: grave > Version: 3.0.10 > Tags: security > > Buffer overflows have been found in the gopher client that can lead to > remote code execution when connecting to malicious gopher servers. This > bugtraq post is about version 3.0.9, but it doesn't seem to be fixed in > 3.0.10: > > http://marc.theaimsgroup.com/?l=bugtraq&m=112559902931614&w=2 > > This is CAN-2005-2772. > > -- System Information: > Debian Release: testing/unstable > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.4.27 > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > -- > see shy jo -- John Goerzen Author, Foundations of Python Network Programming http://www.amazon.com/exec/obidos/tg/detail/-/1590593715 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
