Package: openconnect Version: 3.20-2 Severity: critical CVE-2012-6128 concerns a stack-based buffer overflow that can be triggered by data read from a remote host, either a man-in-the-middle or a malicious VPN.
The issue has been fixed in squeeze with 2.25-0.1+squeeze2. It should be easy to apply the same patch to 3.20 to fix this in wheezy and sid. I have recently uploaded 4.99-1 to experimental which already contains the fix upstream. -- mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
