Hi, On Tue, May 02, 2006 at 10:15:37AM +0800, Paul Wise wrote: > Upstream has just released 0.5.8, which fixes a buffer overflow in > client.c amongst other things. The 0.5.8 timeline can be seen here:
Just as a short-term reply and for documentation reasons regarding this issue: The Debian package ships with a safe default configuration and is thus not per-se vulnerable. However, of course it is vulnerable if the configuration is changed to use client.cgi instead of client-perl.cgi. regards Mario -- I've never been certain whether the moral of the Icarus story should only be, as is generally accepted, "Don't try to fly too high," or whether it might also be thought of as, "Forget the wax and feathers and do a better job on the wings." -- Stanley Kubrick
signature.asc
Description: Digital signature
