Comment 4 for bug 183389

Revision history for this message
Cody A.W. Somerville (cody-somerville) wrote :

debdiff syslog-ng_1.9.11-1.1.dsc syslog-ng_1.9.11.1.1ubuntu0.1.dsc > syslog-ng_1.9.11.1.1ubuntu0.1.edgy-security.debdiff

Changes:
 syslog-ng (1.9.11-1ubuntu0.1) edgy-security; urgency=low
 .
   * SECURITY UPDATE: Allows remote attackers to cause a denial of service
       (crash) via a message with a timestamp that does not contain a trailing
       space, which triggers a NULL pointer dereference.
   * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
       in log message parsing, as done in upstream RCS
   * References:
      - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
      - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
   * Closes lp: #183389
Files:
 6140177483629ca8177480170abe4c1b 640 admin extra syslog-ng_1.9.11-1ubuntu0.1.dsc
 595882ee38767710d5910961633dd01e 314717 admin extra syslog-ng_1.9.11.orig.tar.gz
 31fd0a329219c3d88d5572b15a31f30c 9494 admin extra syslog-ng_1.9.11-1ubuntu0.1.diff.gz