Hello, according to CVE-2007-0460, ulogd is prone to several vulnerabilities due to improper string length calculations. ulogd is running as root, and the vulnerability is thought to be remotely exploitable, so I guess this is serious...
As a package maintainer, I have uploaded a new package in unstable (1.23-6) just fixing these problems using a slightly adjusted patch from SuSE, that could also be used in testing (1.23-5), if unblocked by the Release Management team. Stable version (1.02-2) is also vulnerable and needs to be patched, but I don't have enough time to backport the patch... If I can be of assistance please let me know. -- Achilleas Kotsis a.k.a. Achille -- "whois awk?", sed Grep -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
