* New Release: 4.0.1 -- Fixes Potential Security Vulnerability
@ 2004-11-11 23:06 Chad Walstrom
0 siblings, 0 replies; only message in thread
From: Chad Walstrom @ 2004-11-11 23:06 UTC (permalink / raw)
To: info-gnats
[-- Attachment #1.1: Type: text/plain, Size: 870 bytes --]
The GNU GNATS Development Team has released a new version of GNATS, the
Problem Report Management System. This release, 4.0.1 is a patch
release to address a potential security vulnerability with string
formatting in gnats/misc.c that was described in:
http://lists.gnu.org/archive/html/bug-gnats/2004-06/msg00028.html
http://www.zone-h.org/advisories/read/id=4889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0623
http://www.debian.org/security/2004/dsa-590
Additional string formatting fixes were applied to avoid buffer
overflows in constructing formatted date strings.
You may download GNATS 4.0.1 from ftp://ftp.gnu.org/pub/gnu/gnats/ or
http://savannah.gnu.org/download/gnats (temporarily).
--
Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 140 bytes --]
_______________________________________________
Info-gnats mailing list
Info-gnats@gnu.org
http://lists.gnu.org/mailman/listinfo/info-gnats
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-11-11 23:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-11-11 23:06 New Release: 4.0.1 -- Fixes Potential Security Vulnerability Chad Walstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).