Hi dear Raphael,
fortunately oldstable is almost unaffected by this kind of CVEs, because almost
all of them
refers to code written after the squeeze release, anyway here we go, this
should be the only
patch useful for squeeze folks
--- ettercap-0.7.3.orig/src/dissectors/ec_cvs.c
+++ ettercap-0.7.3/src/dissectors/ec_cvs.c
@@ -70,7 +70,7 @@
{
DECLARE_DISP_PTR_END(ptr, end);
char tmp[MAX_ASCII_ADDR_LEN];
- char *p;
+ u_char *p;
size_t i;
/* don't complain about unused var */
@@ -92,6 +92,8 @@
/* move over the cvsroot path */
ptr += strlen(CVS_LOGIN) + 1;
+ if (ptr >= end)
+ return NULL;
/* go until \n */
while(*ptr != '\n' && ptr != end) ptr++;
cheers,
Gianfranco
Il Lunedì 22 Dicembre 2014 10:45, Raphael Hertzog <[email protected]> ha
scritto:
Hello Barak,
On Thu, 18 Dec 2014, Barak A. Pearlmutter wrote:
> ettercap (1:0.8.1-3) unstable; urgency=high
> .
> * Patch a bunch of security vulnerabilities (closes: #773416)
Thanks for the prompt reaction. ettercap is also in Squeeze
and thus covered by our LTS initiative.
Do you feel like providing a fixed package for Squeeze?
If yes, please have a look at http://wiki.debian.org/LTS/Development
but note that if you provide the fixed package and send a mail
to [email protected], someone will gladly do the administrative
part of the work for you.
Thanks!
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
