Hello, Thank you for noticing me. I'll check tomorrow.
BTW, do you know about how to update backports archive? Is it OK to request on debian-backports ML? >>> In Message "Bug#605484: libapache2-mod-fcgid: stack overwrite vulnerability" >>> <20101130144044.13636.41836.report...@glockenspiel.complete.org>, >>> John Goerzen <jgoer...@complete.org> said; > Package: libapache2-mod-fcgid > Version: 1:2.2-1 > Severity: grave > Tags: security > Justification: user security hole > This was reported in CVE-2010-3872. Information at: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872 > https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 > Of particular note, the code in question appears at line 86 in the > lenny version, and is: > memcpy(&header + hasread, buffer, putsize); > Our versions in lenny and lenny-backports are both vulnerable. > squeeze and sid are running new enough versions that they aren't. > -- System Information: > Debian Release: 5.0.7 > APT prefers stable > APT policy: (500, 'stable'), (99, 'experimental') > Architecture: i386 (i686) > Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > Versions of packages libapache2-mod-fcgid depends on: > ii apache2.2-common 2.2.9-10+lenny8 Apache HTTP Server common files > ii libc6 2.7-18lenny6 GNU C Library: Shared libraries > libapache2-mod-fcgid recommends no packages. > libapache2-mod-fcgid suggests no packages. > -- no debconf information -- Tatsuki Sugiura mailto:s...@nemui.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
