[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:14846] jgroff: printf format attack

Package: jgroff
Version: 1.15+ja-3.2

I found a security problem of potato's `jgroff' package on the
`Omoikane GNU/Linux' security information page.

(`jgroff' is a Japanese extended `groff'.  Woody's `groff' has
merged it.  `Omoikane GNU/Linux' is a Debian based distribution.)

I sent a bug report to the BTS last Wednesday, but I have heard
nothing from the package maintainer yet.

Please check Bug#129374:

> Debian potato's jgroff 1.15+ja-3.2 has the same problem as DSA-072-1.
>   DSA-072-1 groff: printf format attack
>   http://www.debian.org/security/2001/dsa-072
>   Omoikane GNU/Linux security information (in Japanese)
>   http://www.omoikane.co.jp/security.html
> This has been fixed in the Omoikane GNU/Linux updates:
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.diff.gz
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.dsc
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.changes
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.deb

Tatsuya Kinoshita