Hi Bastian,
On Sat, Jun 01, 2024 at 05:11:25PM +0200, Bastian Germann wrote:
> Control: notfound -1 sredird/2.1.0-1
> Control: fixed -1 2.2.1-1.1
>
> I see that CVE-2004-2386 and maybe CVE-2004-2387 was addressed with #267098.
> The diff (one change in LogMsg and one in HandleCPCCommand) that is
Processing control commands:
> notfound -1 sredird/2.1.0-1
Bug #1072340 [src:sredird] sredird: CVE-2004-2386, format string vulnerability
The source sredird and version 2.1.0-1 do not appear to match any binary
packages
No longer marked as found in versions sredird/2.1.0-1.
> fixed -1 2.2.1-1.1
B
Control: notfound -1 sredird/2.1.0-1
Control: fixed -1 2.2.1-1.1
I see that CVE-2004-2386 and maybe CVE-2004-2387 was addressed with #267098.
The diff (one change in LogMsg and one in HandleCPCCommand) that is in that bug
has survived until now.
But 2.2.2 has many more changes of the HandleCPCCo
Hi Bastian,
On Sat, Jun 01, 2024 at 12:41:43PM +0200, Bastian Germann wrote:
> Source: sredird
> Version: 2.1.0-1
> Severity: serious
> Tags: security
> X-Debbugs-Cc: secur...@debian.org
>
> Hi,
>
> This is affected by CVE-2004-2386, which was marked by the Security Team as
> "NOT-FOR-US: sercd"
Source: sredird
Version: 2.1.0-1
Severity: serious
Tags: security
X-Debbugs-Cc: secur...@debian.org
Hi,
This is affected by CVE-2004-2386, which was marked by the Security Team as "NOT-FOR-US: sercd" but applies to sredird.
There is a fixed version 2.2.2 available, which I did not find in the K
5 matches
Mail list logo
