oss-sec mailing list archives
Re: update on CVE-2008-5718
From: Thomas Biege <thomas () suse de>
Date: Wed, 14 Jan 2009 09:21:57 +0100
Hello Nico, On Wed, Jan 14, 2009 at 12:32:07AM +0100, Nico Golde wrote:
Hi, I just did a security update for CVE-2008-5718 and since the description is not really verbose I thought I'd share what I found in case anyone else is working on that.
...
Cheers Nico P.S. The patch I used can be found on: http://people.debian.org/~nion/nmu-diff/netatalk-2.0.3-11_2.0.3-11+lenny1.patch
I am not very happy with the patch because it just filters a handful of
characters, a better solution would be to replace popen().
(I mentioned this on the netatalk-devel ML but got no answer so far.)
--
Bye,
Thomas
--
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Hamming's Motto:
The purpose of computing is insight, not numbers.
-- Richard W. Hamming
Current thread:
- update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
