Package: elog Version: 2.6.0beta2+r1716-1 Tags: security upstream fixed-upstream Severity: grave
First a little version cross-reference, based on the src/elog{,d}.c files. Debian CVS (elogd.c) Subversion 2.6.0beta2+r1716-1 1.717* r1445 2.5.7+r1558-3 1.558 + 1.648 r1202 + r1347 * Part of the upstream are contained in the .diff.gz file, so the embedded version number is not quite correct. The following issues are unfixed upstream: - CVE-2005-4439: buffer overflow through long URL parameters <http://marc.theaimsgroup.com/?m=113498708213563> - If host names are resolved, no forward lookup is performed to verify the PTR RR. (This does not affect the sarge version because it unconditionally uses addresses, not host names.) - There are still some format string issues when things are written to the logfile. Apparently, upstream is not aware of those three issues. The following potential security issues have been fixed upstream, but not in the sid version (there are some more issues apparently, but those bugs were introduced past the sid version AFAICS): ------------------------------------------------------------------------ r1529 | ritt | 2005-10-25 20:26:34 +0200 (Tue, 25 Oct 2005) | 1 line Changed paths: M /trunk/src/elogd.c Fixed bug with fprintf and buffer containing "%" ------------------------------------------------------------------------ r1472 | ritt | 2005-08-04 22:26:35 +0200 (Thu, 04 Aug 2005) | 2 lines Changed paths: M /trunk/src/elog.c M /trunk/src/elogd.c Do not distinguish between invalid user name and invalid password for security reasons On top of that, the following issues affect the sarge version only: ------------------------------------------------------------------------ r1335 | ritt | 2005-04-27 12:43:43 +0200 (Wed, 27 Apr 2005) | 2 lines Changed paths: M /trunk/src/elogd.c Applied patch from Emiliano to fix possible buffer overflow ------------------------------------------------------------------------ r1333 | ritt | 2005-04-22 15:41:18 +0200 (Fri, 22 Apr 2005) | 2 lines Changed paths: M /trunk/src/elogd.c Fixed crashes with very long (revisions) attributes I've back-ported all four issues to the sarge version, but they haven't received any testing yet. If anybody has got a sarge elog installation, please speak up. I'm going to ask upstream about the following issue: ------------------------------------------------------------------------ r1487 | ritt | 2005-09-09 22:59:46 +0200 (Fri, 09 Sep 2005) | 2 lines Changed paths: M /trunk/src/elogd.c Fixed infinite redirection with ?fail=1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]