[CVE-2008-1922] Multiple buffer overflows in sarg
Bug #236769 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sarg (Debian) |
Fix Released
|
Unknown
|
|||
sarg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Intrepid |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: sarg
CVE-2008-1922 description:
"Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file."
http://
http://
CVE References
Changed in sarg: | |
status: | New → Confirmed |
Changed in sarg (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Fixed:
sarg (2.2.5-2) unstable; urgency=low
* debian/watch
- Use SF redirector and make lintian happy
* debian/ {rules, compat}
- Move DH_COMPAT to debian/compat and make lintian happy
* debian/rules languages
- Change make clean invocation and make lintian happier
- Added support for DEB_BUILD_OPTIONS
- Move documentation files from sarg-php to doc directory
- Remove hidden file from /etc/squid/
* debian/control
- Removed dependency on bash, now essential
- Bumped Standard-Version to 3.8.0
* debian/postinst
- Make postint fail on error
* debian/copyright
- Added copyright notice
- Updated maintainer reference
* debian/ sarg-reports. 1
- Added man page, thanks to Juan Angulo Moreno (Closes: #481889)
* debian/ patches/ show_read_ statistics. patch read_statistics set to no. (Closes: #444845, # 370811)
- Added patch from Vladimir Lettiev fixing segfault with
show_
* debian/ patches/ totger_ patches. patch
- Added patch from Thomas Bliesener fixing several buffer overflows
(Closes: #470791)
* debian/ patches/ opensuse_ 1_getword_ boundary_ limit.patch
- Added patch from OpenSUSE to avoid segfaults in getword() calls
* debian/ patches/ opensuse_ 2_enlarge_ report_ buffers. patch
- Added patch from OpenSUSE to avoid overflow in report buffers
* debian/ patches/ opensuse_ 3_too_small_ font_buffer. patch
- Added patch from OpenSUSE to avoid overflow in font buffer
* debian/ patches/ opensuse_ 4_enlarge_ log_buffer. patch
- Added patch from OpenSUSE to avoid overflow in log buffer
* debian/ patches/ opensuse_ 5_limit_ sprintf. patch
- Added patch from OpenSUSE to avoid segfaults in sprintf() calls
* debian/ patches/ opensuse_ 6_limit_ useragent_ sprintf. patch
- Added patch from OpenSUSE to avoid segfaults in sprintf() calls
* debian/ patches/ opensuse_ 7_year_ assertion. patch
- Added patch from OpenSUSE to avoid assertion in year parsing
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 09 Feb 2009 08:56:57 +0000