[Sync Request] Please sync dns2tcp 0.4.dfsg-5 from Debian Unstable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dns2tcp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: dns2tcp
As stated in Debian Bug 504121 at http://
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <email address hidden> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <email address hidden> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security
Risk of regression:
- this package has no rdepends,
- with dfsg-5, we are at the same level as upstream
This is Fix in Jaunty as it currently has version 0.4.dfsg-5 of dns2tcp, however it may need fixing in Intrepid and Hardy.