Re: [RHSA-2002:004-06] New groff packages available to fix security problems

[Colin Watson <cjwatson () debian org>]

On Wed, Jan 16, 2002 at 05:18:41AM +0000, bugzilla () redhat com wrote:
> Synopsis:          New groff packages available to fix security problems
> Advisory ID:       RHSA-2002:004-06
> Issue date:        2002-01-07
> Updated on:        2002-01-14
> Product:           Red Hat Linux
> Keywords:          groff security
[...]
> Groff is a document formatting system.  The groff preprocessor contains an
> exploitable buffer overflow. If groff can be invoked within the LPRng
> printing system, an attacker can gain rights as the "lp" user.

This problem does not affect the stable release of Debian, as the
version of groff in Debian 2.2 did not contain the grn preprocessor to
which this advisory applies. Thus I don't believe we'll be issuing an
official advisory.

The bug did affect both the testing and unstable distributions of
Debian, and is fixed in groff 1.17.2-15 in unstable. This package will
propagate into testing in a few days, once binary packages for
architectures other than i386 have been prepared.

Regards,

-- 
Colin Watson, Debian groff maintainer         [cjwatson () flatline org uk]

Attachment: _bin
Description: