On Wed, Dec 03, 2008 at 01:37:17PM +0100, Florian Weimer wrote:
> * Tzafrir Cohen:
>
> > Impact: local privileges escalation
> > Version: all versions (Now fixed in SVN, rev 4588)
> > Upstream issue: http://bugs.digium.com/view.php?id=13954
> >
> > Fix for Etch version: attached dpatch
> > Fix for Lenny version:
> > http://svn.debian.org/viewsvn/pkg-voip?rev=6507&view=rev
> >
> > Some older Zaptel drivers do not apply input validation on the sync
> > field from the ioctl ZT_SPANCONFIG . This is sent on /dev/zap/ctl ,
> > which in Debian is writable to the group dialout.
>
> Would someone who can test a fixed Debian package please speak up?
>
> Tzafrir, could you do that if we send you packages pre-release?
I don't have that specific hardware. I can test it one hardwares I do
have to show it didn't break anything.
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
