Viewing all changes in revision 12.
- Committer: Bazaar Package Importer
- Date: 2008-01-15 20:21:54 UTC
- Revision ID: james.westby@ubuntu.com-20080115202154-59u90ozh03ft2npz
* SECURITY UPDATE: Allows remote attackers to cause a denial of service
(crash) via a message with a timestamp that does not contain a trailing
space, which triggers a NULL pointer dereference.
* src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
in log message parsing, as done in upstream RCS
* References:
- http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
* Closes lp: #183389
(crash) via a message with a timestamp that does not contain a trailing
space, which triggers a NULL pointer dereference.
* src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
in log message parsing, as done in upstream RCS
* References:
- http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
* Closes lp: #183389
- files modified:
- debian/changelog
expand all
collapse all
added
removed
