zoo contains exploitable buffer overflows
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sun Feb 26 22:58:45 UTC 2006
Hi,
Since the Fedora Extras security SIG does not exist yet I'll do a
maintainers post.
As the FE zoo maintainer I've applied the security patch suggested on
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183109
I'm not sure the security analysis here is right, but since the patch
seems harmless and zoo is exposed to external input via mail filters
such as amavisd-new I preferred to err on the side of caution.
If some people could review the alert and the patch I'd be grateful.
To my knowledge other distributions have not acted on the alert yet
(it's been published on many security lists in the last days).
Regards,
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 199 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20060226/835680af/attachment.sig>
More information about the Fedora-maintainers
mailing list