[11611] in bugtraq
Re: Debian not vulnerable to recent cron buffer overflow
daemon@ATHENA.MIT.EDU (Marc Merlin)
Mon Aug 30 19:13:22 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990828224303.D15627@merlins.org>
Date: Sat, 28 Aug 1999 22:43:03 -0700
Reply-To: Marc Merlin <marc_news@MERLINS.ORG>
From: Marc Merlin <marc_news@MERLINS.ORG>
X-To: security@debian.org, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <"lACH2C.A.C2C.UnVx3"@murphy>; from Aleph One on Thu, Aug 26,
1999 at 09:47:22AM -0700
On Thu, Aug 26, 1999 at 09:47:22AM -0700, Aleph One wrote:
> ----------------------------------------------------------------------------
> Debian Security Advisory security@debian.org
> http://www.debian.org/security/ Martin Schulze
> August 26, 1999
> ----------------------------------------------------------------------------
>
> Red Hat has recently released a Security Advisory (RHSA-1999:030-01)
> covering a buffer overflow in the vixie cron package. Debian has
> discovered this bug two years ago and fixed it. Therefore versions in
> both, the stable and the unstable, distributions of Debian are not
> vulnerable to this problem..
Does anyone know if Debian never sent the fix to Paul Vixie, or if it was
sent and Paul "missed it"?
Even in the second case, unless Paul repeatedly refused the patch, it'd have
been nice for the Debian maintainer to make sure that the patch was
incorporated in the main source code, not just in Debian...
Marc
--
Microsoft is to software what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ (friendly to non IE browsers)
Finger marc_f@merlins.org for PGP key and other contact information
