On 2008-07-28 Steffen Joeris <[EMAIL PROTECTED]> wrote: > Package: newsx > Severity: grave > Tags: security, patch > Justification: user security hole
> Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for newsx. > CVE-2008-3252[0]: > | Stack-based buffer overflow in the read_article function in > | getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary > | code via a news article containing a large number of lines starting > | with a period. > There is a redhat bugreport[1] with more information and I've > attached their patch. > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. [...] Thanks for a perfect bug report, will upload soon. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
