Package: openconnect Version: 2.25-0.1 Severity: important Tags: security http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3291 "Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner."
squeeze has 2.25-0.1, which seems to be vulnerable wheezy has 3.20-1, which should be fine sid has 3.20-2, which should be fine References: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2 http://www.infradead.org/openconnect/changelog.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.4.1 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org