2008-11-13 05:15:00 |
Fabrice Coutadeur |
bug |
|
|
added bug |
2008-11-13 05:15:00 |
Fabrice Coutadeur |
bug |
|
|
added attachment '0.4.3-0.4.dfsg.diff' (diff between 0.4.3 and 0.4.dfsg-5) |
2008-11-13 05:18:20 |
Fabrice Coutadeur |
who_made_private |
fabricesp |
|
|
2008-11-13 05:20:47 |
Fabrice Coutadeur |
bug |
|
|
added attachment 'dns2tcp_0.4.dfsg-5.debdiff' (debdiff between 0.4.dfsg-3 and 0.4.dfsg-5) |
2008-11-13 05:28:08 |
Fabrice Coutadeur |
bug |
|
|
added subscriber MOTU Stable Release Updates |
2008-11-13 05:28:35 |
Fabrice Coutadeur |
description |
Binary package hint: dns2tcp
As stated in Debian Bug #504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting to security |
Binary package hint: dns2tcp
As stated in Debian Bug #504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security |
|
2008-11-13 05:29:36 |
Fabrice Coutadeur |
description |
Binary package hint: dns2tcp
As stated in Debian Bug #504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security |
Binary package hint: dns2tcp
As stated in Debian Bug 504121 at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security |
|
2008-11-13 06:34:24 |
Fabrice Coutadeur |
description |
Binary package hint: dns2tcp
As stated in Debian Bug 504121 at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security |
Binary package hint: dns2tcp
As stated in Debian Bug 504121 at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504121 and Secunia at http://secunia.com/advisories/32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <acornet@debian.org> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <acornet@debian.org> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting security
Risk of regression:
- this package has no rdepends,
- with dfsg-5, we are at the same level as upstream |
|
2009-02-20 22:01:33 |
Brian Murray |
dns2tcp: status |
New |
Fix Released |
|
2009-02-20 22:01:33 |
Brian Murray |
dns2tcp: statusexplanation |
|
This is Fix in Jaunty as it currently has version 0.4.dfsg-5 of dns2tcp, however it may need fixing in Intrepid and Hardy. |
|