silc-server and silc-client both use the system library from silc- toolkit, so only silc-toolkit needs to be fixed. Intrepid and later are protected by Fortify-Source[1], rendering this vulnerability a DoS only.
[1] https://wiki.ubuntu.com/CompilerFlags#-D_FORTIFY_SOURCE=2 ** Changed in: silc-server (Ubuntu Dapper) Status: Confirmed => Invalid ** Changed in: silc-toolkit (Ubuntu Hardy) Importance: Undecided => Wishlist ** Changed in: silc-toolkit (Ubuntu Intrepid) Importance: Undecided => Wishlist ** Changed in: silc-toolkit (Ubuntu Jaunty) Importance: Undecided => Wishlist ** Changed in: silc-toolkit (Ubuntu Dapper) Importance: Undecided => Low ** Changed in: silc-toolkit (Ubuntu Karmic) Importance: Undecided => Wishlist ** Changed in: silc-toolkit (Ubuntu Karmic) Status: Confirmed => Triaged ** Changed in: silc-toolkit (Ubuntu Jaunty) Status: Confirmed => Triaged ** Changed in: silc-toolkit (Ubuntu Intrepid) Status: Confirmed => Triaged ** Changed in: silc-toolkit (Ubuntu Dapper) Status: Confirmed => Triaged ** Changed in: silc-toolkit (Ubuntu Hardy) Status: Confirmed => Triaged -- Format string vulnerability https://bugs.launchpad.net/bugs/423565 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
