tags 311615 + patch pending thanks Hi,
Here's a patch to fix the vulnerability, taken from diffing upstream sources. Despite the changelog, I've not uploaded this. Please apply the patch and upload it, or let me know and I'll do it. Thanks. You might also want to run it by the testing-security folks. diff -urN ettercap-0.7.1.old/debian/changelog ettercap-0.7.1/debian/changelog --- ettercap-0.7.1.old/debian/changelog 2005-06-02 10:48:15.000000000 +0100 +++ ettercap-0.7.1/debian/changelog 2005-06-02 11:12:40.968301000 +0100 @@ -1,3 +1,12 @@ +ettercap (1:0.7.1-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix buffer overflow in src/interfaces/curses/ec_curses.c, + backported from version 0.7.3 (CAN-2005-1796; Closes: #311615). + Thanks to Martin Pitt for reporting this vulnerability. + + -- Roger Leigh <[EMAIL PROTECTED]> Thu, 2 Jun 2005 11:12:34 +0100 + ettercap (1:0.7.1-1) unstable; urgency=low * New upstream release diff -urN ettercap-0.7.1.old/src/interfaces/curses/ec_curses.c ettercap-0.7.1/src/interfaces/curses/ec_curses.c --- ettercap-0.7.1.old/src/interfaces/curses/ec_curses.c 2004-05-12 16:27:06.000000000 +0100 +++ ettercap-0.7.1/src/interfaces/curses/ec_curses.c 2005-06-02 11:06:59.402226936 +0100 @@ -172,7 +172,7 @@ if (sysmsg_win == NULL) return; - wdg_scroll_print(sysmsg_win, EC_COLOR, (char *)msg); + wdg_scroll_print(sysmsg_win, EC_COLOR, "%s", (char *)msg); } ----end of diff---- Regards, Roger -- Roger Leigh Printing on GNU/Linux? http://gimp-print.sourceforge.net/ Debian GNU/Linux http://www.debian.org/ GPG Public Key: 0x25BFB848. Please sign and encrypt your mail. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]