severity 607780 important
tags 607780 upstream
thank
Le 22/12/2010 00:08, Michael Gilbert a écrit :
package: ccid
version: 1.3.8-1
severity: serious
tags: security
an advisory has been issued for the pcsc-lite ccid driver:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf
Thanks.
i have checked that the vulnerable code is present in both lenny and
To trigger the bug the attacker needs to connect a serial reader to the
host. And then needs to have a physical access to the computer.
To enable the serial reader the attacker needs to edit the file
/etc/reader.conf and configure the use of the connected serial reader.
So the attacker must have root access to trigger the buffer overflow.
I downgrade the severity to important. I don't think I will fix the bug
for squeeze.
Bye
--
Ludovic
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org