Hello again, onsdag den 8 oktober 2014 klockan 09:41 skrev Mats Erik Andersson detta: > fredag den 3 oktober 2014 klockan 19:51 skrev Guillem Jover detta: > > Hi! > > > > I just stumbled over this on <http://seclists.org/oss-sec/2014/q4/79>, > > and from a cursory glance it appears as if inetutils' syslogd is also > > vulnerable? There's a patch there that seems would apply w/o much > > effort. > > I have begun an analysis, in fact I intended to perform a review > already earlier since there seemed to be another obscurity related > to facility decoding.
The very needed changes have just been pushed, they resist threats as reported in the referenced CVE-2014-3634 and add test cases to demon- strate that kinf of capability. Regards, Mats E A
