Recai Okta? wrote:
Let me know whether it is fine and I'll make the upload to stable-security
(right?).
Did you upload? I don't see any builds trickling in. If not, I'll do it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
* Moritz Muehlenhoff [2006-02-05 19:47:45+0100]
Recai Oktaş wrote:
Let me know whether it is fine and I'll make the upload to stable-security
(right?).
Did you upload? I don't see any builds trickling in. If not, I'll do it.
Yes, uploaded on 28 January:
* Recai Oktaş [2006-01-28 01:56:06+0200]
Hmm, just found some other issues regarding this CVE-2005-4439. Previous
tests had seemed fine to me, but when I made more tests, the bug came up
again. I believe the attached patch should fix this completely. Stefan,
could you have a look at it
Recai Okta? wrote:
Debdiff is attached and here is the new changelog for your convenience:
elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
* Major security update (big thanks to Florian Weimer)
+ Backport r1333 from upstream's Subversion repository:
* Moritz Muehlenhoff [2006-01-27 15:28:00+0100]
Recai Oktaş wrote:
+ Backport r1636 from upstream's Subversion repository:
Added IP address to log file
Why is r1636 necessary? This seems like a new feature (better logging
in case of an attack), but doesn't seem to fix a
* Recai Oktaş [2006-01-25 09:34:15+0200]
All three patches + your previous six patches were applied and compiled
successfully. I've also tested the fixed package in my system without any
glitches. Now, I'm going to build and test it in a Sarge chroot jail.
I've just tested the _pbuilded_
* Recai Oktaş:
* Recai Oktaş [2006-01-25 09:34:15+0200]
Florian: If you haven't any objections, I'll upload to stable-security
You need to coordinate this with the stable-security team. If you
could upload a new upstream version to unstable, this would be fine,
though.
So far, the patch for
* Stefan Ritt:
Florian Weimer wrote:
address you started with. Since DNS is quite dynamic, it's also a
good idea to include IP address information in the log file in all
cases, even if a proper host name was found in DNS.
So I put the IP address there in any case, committed in revision
Hi,
I fixed the issues reported in
http://marc.theaimsgroup.com/?m=113498708213563 in ELOG revision r1635.
I encourage you to update as soon as possible.
- If host names are resolved, no forward lookup is performed to
verify the PTR RR. (This does not affect the sarge version
* Stefan Ritt:
- If host names are resolved, no forward lookup is performed to
verify the PTR RR. (This does not affect the sarge version
because it unconditionally uses addresses, not host names.)
Can you specify what you mean by that exactly?
If I read the code correctly, it
* Florian Weimer [2006-01-24 21:51:00+0100]
* Stefan Ritt:
Is this list complete as far as fixes past r1202 are concerned? What
about r1487, is it a significant DoS condition?
Yes.
Okay, this patch shouldn't be too hard to extract. Recai, could you
backport that one and the fixes
11 matches
Mail list logo