Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 12 Jun 2009 14:46:27 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Cc: roland@...ian.org
Subject: Re: xfig-3.2.5 diff (CVE-2009-1962)

Hi,
* Tomas Hoger <thoger@...hat.com> [2009-06-11 11:31]:
> On Mon, 8 Jun 2009 12:49:48 +0200 Sebastian Krahmer <krahmer@...e.de>
> wrote:
> 
> > just in case you need it, our maintainer asked me to forward
> > a patch for $SUBJECT which has been fixed in our xfig
> > for quite some time.
> 
> Looks like the patch you attached does not differ much from what we use
> for some time too and seems to have an origin here:
> 
>   https://bugzilla.redhat.com/show_bug.cgi?id=67351
> 
> And it does not differ much from what Nico previously posted:
> 
>   http://thread.gmane.org/gmane.comp.security.oss.general/1609
> 
> However, Nico's patch, probably taken from Fedora XFig packages, has
> one hunk missing for:

Yes this is the patch by the Fedora maintainer, I took it 
from our Debian package. You are correct, it looks 
incomplete, the hunk is as well missing in our packages.

Roland, can you fix that please?

Cheers
nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ