Andreas Metzler wrote: > Hej, Hi Andreas
> I would like to make a upload to stable to fix CVE-2007-2452 > aka http://bugs.debian.org/426862 which is a heap-buffer overflow in > locate. > > According to Moritz Muehlenhoff there will not be a DSA for this, > since the attack vector is relatively obscure and it additionally > requires the local admin to actively change the configuration to > force updatedb to use old-style db. > > The fix has been in testing/sid since the start of June (4.2.31-1). > > Suggested patch attached. OK, feel free to upload, it will probably be included in r2. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
