Hi Joey, On Friday 28 January 2005 07:28, Martin Schulze wrote: > Stack-based buffer overflow in the get_internal_addresses function in > the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x > before 2.3.0, when compiled XAUTH and PAM enabled, allows remote > authenticated attackers to execute arbitrary code. I still think that the bug is present in 2.3.0 too. At least I applied the patch also to this release - which has the same (flawed) definition of the src variable.
> Please mention this id in the changelog (could be done with the next > upload if you've already uploaded the fixed package. Ok, I will do that with the next upload - both testing and unstable versions got uploaded yesterday to fix the security issue. best regards, Rene -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]