OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 04-Mar-2003 17:42:06
Branch: HEAD Handle: 2003030416420500
Modified files:
openpkg-web/security OpenPKG-SA-2003.017-file.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.3 +16 -6 openpkg-web/security/OpenPKG-SA-2003.017-file.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.017-file.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.017-file.txt
--- openpkg-web/security/OpenPKG-SA-2003.017-file.txt 4 Mar 2003 15:45:10 -0000
1.2
+++ openpkg-web/security/OpenPKG-SA-2003.017-file.txt 4 Mar 2003 16:42:05 -0000
1.3
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -20,11 +23,11 @@
Description:
Jeff Johnson found a memory allocation problem and David Endler found
a stack overflow corruption problem in the file [1] "Automatic File
- Content Type Recognition Tool" version 3.41. Nalin Dahyabhai improved
+ Content Type Recognition Tool" version 3.41. Nalin Dahyabhai improved
ELF section and program header handling in file [1] version 3.40. We
believe that file versions without those modifications are vulnerable
to memory allocation and stack overflow problems which put security at
- risk. We have backported the security relevant pieces of the 3.41 and
+ risk. We have backported the security relevant pieces of the 3.41 and
3.40 vendor changes into OpenPKG releases using vendor version 3.39.
Please check whether you are affected by running "<prefix>/bin/rpm
@@ -36,10 +39,10 @@
Select the updated source RPM appropriate for your OpenPKG release
[4][5], fetch it from the OpenPKG FTP service [6][7] or a mirror
location, verify its integrity [8], build a corresponding binary RPM
- from it [2] and update your OpenPKG installation by applying the binary
- RPM [3]. For the current release OpenPKG 1.2, perform the following
- operations to permanently fix the security problem (for other releases
- adjust accordingly).
+ from it [2] and update your OpenPKG installation by applying the
+ binary RPM [3]. For the current release OpenPKG 1.2, perform the
+ following operations to permanently fix the security problem (for
+ other releases adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
@@ -73,3 +76,10 @@
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+ZNa8gHWT4GPEy58RAv/sAJ9Jq+8xFwUuLlDs1HmzfLmao3WouQCgnyMH
+rWtiA32e/FZ17nwKHRAuiL0=
+=ec0v
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
