[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:12280] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)

From: GOTO Masanori <gotom@debian.or.jp>
Subject: [debian-devel:12280] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Date: Wed, 10 May 2000 01:31:57 +0900
X-dispatcher: impost version 0.99i (Apr. 6, 1997)
X-ml-info: If you have a question, send a mail with the body "# help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 2.2]; post only (only members can post)
X-sender: GOTO Masanori <goto-m@xxxxxxxxxxxxxxx>
References: <87ya5jlqrj.wl@xxxxxxxxxxxxxxx>
Message-id: <200005091631.BAA02522@xxxxxxxxxxxxxxx>
X-mail-count: 12280
X-mailer: Mew version 1.70 on Emacs 19.34.1 / Mule 2.3

From: Fumitoshi UKAI <ukai@debian.or.jp>
Subject: [debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re:  (draft) [SECURITY] New version of kon2 released)
>  tcbは sprintf(),strcpy(),strcat()がいっぱいあってなんか危険なかんじ。
>  sscanf()はおおむね大丈夫?
> というかんじです。
> 
> 後は daemon系のパッケージもチェックすべきですね。
> 
> PS.
> あと tcb は depends: man-db-ja ですね。これは不要(というか
> むしろ recommends: か suggests: 程度?)のような…

tcb の man-db-ja ですが、Bug#63828 として登録しました。
man-db-ja はもう存在しないので、potato release までに
早急に fix しないといけないように思います。

あと Severity を important にしたので、ほっておくと
リリース前に potato から削除の対象になる可能性が…。

--
後藤 正徳

Follow-Ups:
- [debian-devel:12281] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
  - From: GOTO Masanori

References:
- [debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
  - From: Fumitoshi UKAI

Prev by Date: [debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Next by Date: [debian-devel:12281] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Previous by thread: [debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Next by thread: [debian-devel:12281] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Index(es):
- Date
- Thread