* SECURITY UPDATE: "arbitrary file access and buffer overflows"
A new config file, /etc/gypsy.conf, is added that specifies a whitelist
of globs. By default, they are "/dev/tty*", "/dev/pgps", and "bluetooth"
(which matches Bluetooth addresses).
Thanks to Michael Leibowitz <email address hidden>
CVE-2011-0523
* SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
snprintf() instead of sprintf.
Thanks to Bastien Nocera <email address hidden>
CVE-2011-0524 (LP: #690323)
* Run autoreconf to include changes to configure.ac
-- Andreas Moog <email address hidden> Sat, 11 Feb 2012 15:59:26 +0100
This bug was fixed in the package gypsy - 0.8-0ubuntu2.1
---------------
gypsy (0.8-0ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: "arbitrary file access and buffer overflows"
A new config file, /etc/gypsy.conf, is added that specifies a whitelist
of globs. By default, they are "/dev/tty*", "/dev/pgps", and "bluetooth"
(which matches Bluetooth addresses).
Thanks to Michael Leibowitz <email address hidden>
CVE-2011-0523
* SECURITY UPDATE: Prevent buffer overflows in NMEA parsing by using
snprintf() instead of sprintf.
Thanks to Bastien Nocera <email address hidden>
CVE-2011-0524 (LP: #690323)
* Run autoreconf to include changes to configure.ac
-- Andreas Moog <email address hidden> Sat, 11 Feb 2012 15:59:26 +0100