* Tzafrir Cohen: > Impact: local privileges escalation > Version: all versions (Now fixed in SVN, rev 4588) > Upstream issue: http://bugs.digium.com/view.php?id=13954 > > Fix for Etch version: attached dpatch > Fix for Lenny version: > http://svn.debian.org/viewsvn/pkg-voip?rev=6507&view=rev > > Some older Zaptel drivers do not apply input validation on the sync > field from the ioctl ZT_SPANCONFIG . This is sent on /dev/zap/ctl , > which in Debian is writable to the group dialout.
Would someone who can test a fixed Debian package please speak up? Tzafrir, could you do that if we send you packages pre-release? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
