← Back to branch summary

~ubuntu-branches/ubuntu/dapper/openldap2.2/dapper-updates

Viewing all changes in revision 8.

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2006-06-26 11:37:55 UTC
  • Revision ID: james.westby@ubuntu.com-20060626113755-zce8pntd0k384b9k
Tags: 2.2.26-5ubuntu2.1
* SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
* servers/slurpd/st.c, St_read(): 
  - Do not sprintf arbitrarily long strings into fixed-size tbuf.
  - Patch ported from upstream CVS commit:
    http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?
    r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u
  - CVE-2006-2754

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: