Hi Thijs, On Monday, 09 Jan 2006, you wrote: > Michael Stone wrote: > >Vulnerability : format string attack > >Problem-Type : local > >Debian-specific: no > >CVE ID : CVE-2006-0083 > > > >Ulf Harnhammar from the Debian Security Audit project discovered a > >format string attack in the logging code of smstools, which may be > >exploited to execute arbitary code with root privileges. > > > >The old stable distribution (woody) does not contain smstools package. > > > >For the stable distribution (sarge) this problem has been fixed in > >version 1.14.8-1sarge0. > > > >For the unstable distribution the package will be updated shortly. > > > It's great to hear that unstable will be fixed soon, but why wasn't > there a grave bug filed against the package? If for some reason the > maintainer misses this DSA, it is lateron unknown that the version in > unstable is vulnerable and still needs to be fixed...
you are right, but also the testing security team usually tracks this kinds of bugs so i guess (if it is not filed already) it will do so soon. Greetings Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
