Package: elog
Version: 2.6.0beta2+r1716-1
Tags: security upstream fixed-upstream
Severity: grave
First a little version cross-reference, based on the src/elog{,d}.c
files.
Debian CVS (elogd.c) Subversion
2.6.0beta2+r1716-1 1.717* r1445
2.5.7+r1558-3 1.558 + 1.648 r1202 + r1347
* Part of the upstream are contained in the .diff.gz file, so the
embedded version number is not quite correct.
The following issues are unfixed upstream:
- CVE-2005-4439: buffer overflow through long URL parameters
<http://marc.theaimsgroup.com/?m=113498708213563>
- If host names are resolved, no forward lookup is performed to
verify the PTR RR. (This does not affect the sarge version
because it unconditionally uses addresses, not host names.)
- There are still some format string issues when things are written
to the logfile.
Apparently, upstream is not aware of those three issues.
The following potential security issues have been fixed upstream, but
not in the sid version (there are some more issues apparently, but
those bugs were introduced past the sid version AFAICS):
------------------------------------------------------------------------
r1529 | ritt | 2005-10-25 20:26:34 +0200 (Tue, 25 Oct 2005) | 1 line
Changed paths:
M /trunk/src/elogd.c
Fixed bug with fprintf and buffer containing "%"
------------------------------------------------------------------------
r1472 | ritt | 2005-08-04 22:26:35 +0200 (Thu, 04 Aug 2005) | 2 lines
Changed paths:
M /trunk/src/elog.c
M /trunk/src/elogd.c
Do not distinguish between invalid user name and invalid password for security
reasons
On top of that, the following issues affect the sarge version only:
------------------------------------------------------------------------
r1335 | ritt | 2005-04-27 12:43:43 +0200 (Wed, 27 Apr 2005) | 2 lines
Changed paths:
M /trunk/src/elogd.c
Applied patch from Emiliano to fix possible buffer overflow
------------------------------------------------------------------------
r1333 | ritt | 2005-04-22 15:41:18 +0200 (Fri, 22 Apr 2005) | 2 lines
Changed paths:
M /trunk/src/elogd.c
Fixed crashes with very long (revisions) attributes
I've back-ported all four issues to the sarge version, but they
haven't received any testing yet. If anybody has got a sarge elog
installation, please speak up.
I'm going to ask upstream about the following issue:
------------------------------------------------------------------------
r1487 | ritt | 2005-09-09 22:59:46 +0200 (Fri, 09 Sep 2005) | 2 lines
Changed paths:
M /trunk/src/elogd.c
Fixed infinite redirection with ?fail=1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
