Ubuntu
syslog-ng package

  1. Bug #183389
  2. Comment #5

Comment 5 for bug 183389

Revision history for this message
Cody A.W. Somerville (cody-somerville) wrote :

Updated debdiff to mangle maintainer fields

debdiff syslog-ng_2.0.0-1.dsc syslog-ng_2.0.0-1ubuntu0.1.dsc > syslog-ng_2.0.0-1ubuntu0.1.feisty-security.debdiff

Changes:
 syslog-ng (2.0.0-1ubuntu0.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: Allows remote attackers to cause a denial of service
       (crash) via a message with a timestamp that does not contain a trailing
       space, which triggers a NULL pointer dereference.
   * src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
       in log message parsing, as done in upstream RCS
   * References:
      - http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
      - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
   * Closes lp: #183389
   * Updated maintainer fields
Files:
 f4cd261152a122f0b9c56279e437fe03 713 admin extra syslog-ng_2.0.0-1ubuntu0.1.dsc
 6ea55c647dcbd3d58a58b8d90f7ea300 346056 admin extra syslog-ng_2.0.0.orig.tar.gz
 4b90b3f68c315a988d4b19130551b2ae 10746 admin extra syslog-ng_2.0.0-1ubuntu0.1.diff.gz