tags 373687 +help
thanks
Hi,
the orginial maintainer of overkill is not interested anymore, see the
attached mail. I'm happy to apply patches, if someone can fix this. I'll
look into it myself when my machine comes back from repair, but my C
skills might be too limited.
Greetings,
Joachim
--- Begin Message ---
Hi,
unfortunatelly I don't have time to develop 0verkill any more. I hasn't been
managed for m,ore than 2 years.
Brain
On Thursday 15 of June 2006 16:36, Joachim Breitner wrote:
> Dear Brian,
>
> I am the maintainer of the Debian package of overkill. A security hole
> was discovered in overkill and named CVE-2006-2971:
> "Integer overflow in the recv_packet function in 0verkill
> 0.16 allows remote attackers to cause a denial of service (daemon crash)
> via a UDP packet with fewer than 12 bytes, which results in a long
> length value to the crc32 function."
>
> Are you planning to provide a fix for this? If not, we might have to
> remove overkill from the Debian archive.
>
> Thanks,
> Joachim
--- End Message ---
