Hi Bastian, On Sat, Jun 01, 2024 at 05:11:25PM +0200, Bastian Germann wrote: > Control: notfound -1 sredird/2.1.0-1 > Control: fixed -1 2.2.1-1.1 > > I see that CVE-2004-2386 and maybe CVE-2004-2387 was addressed with #267098. > The diff (one change in LogMsg and one in HandleCPCCommand) that is in that > bug has survived until now. > But 2.2.2 has many more changes of the HandleCPCCommand kind: changing > sprintf to snprintf. > > main: 2 changes. > HandleIACCommand: 5 changes. > HandleCPCCommand: 17 additional changes: Any of these cound be CVE-2004-2387 > as well. > HDBUnlockFile: 1 change. > HDBLockFile: 7 changes. > > Plus TmpStrLen is extended to 512 bytes. > > Conclusion: Debian referenced both bugs as TEMP-0267098-76A1A1 before.
Perfect, thanks for the confirmation. Regards, Salvatore
