Package: syslog-ng Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for syslog-ng.
CVE-2007-6437[0]: | Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows | remote attackers to cause a denial of service (crash) via a message | with a timestamp that does not contain a trailing space, which | triggers a NULL pointer dereference. The upstream patch is available on: http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170 If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp4bUoawBHJ4.pgp
Description: PGP signature