Could issue TEMP-0000000-0999A8[1] be the same as #457334[2] "CVE-2007-6437
prone to denial of service attack"?
Issue #457334 is reported Fri, 21 Dec 2007 16:54:04 UTC and TEMP-0000000-0999A8
seems to be committed to CVE/list as[3]:
"""
CVE-2006-XXXX [syslog-ng dos]
- syslog-ng 2.0rc1-2 (low)
[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
"""
There is DSA commit done at Wed Jan 16 08:10:07 2008 UTC[4], which fixes
#457334. Upstream patch for #457334 is:
http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
1: http://security-tracker.debian.org/tracker/TEMP-0000000-0999A8
2: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
3: http://anonscm.debian.org/viewvc/secure-testing?view=revision&revision=4493
4:
http://anonscm.debian.org/viewvc/secure-testing/data/DSA/list?r1=7935&r2=7934&pathrev=7935
Best regards,
Henri Salo
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
