-
Committer:
Package Import Robot
-
Author(s):
Steve McIntyre
-
Date:
2013-09-14 23:45:44 UTC
-
Revision ID:
package-import@ubuntu.com-20130914234544-evt91cu5mugch3pe
Tags: 1.9.2-4squeeze1
* Fixes for various long-standing security issues found by Hamid
Zamani <me@hamidx9.ir>. Closes: #720287
+ Validate the port offset of nasd to fix a potential buffer overflow
(CVE-2013-4256)
+ Use better string functions to guard against heap overflows
(CVE-2013-4257)
+ Sanity-check the TCP_DEVICE environment variable for safety.
* Fix string handling in aulog.c:osLogMsg() to fix missing format string
in call to syslog() (CVE-2013-4258).