-
Committer:
Bazaar Package Importer
-
Author(s):
Cody A.W. Somerville
-
Date:
2008-01-15 20:21:54 UTC
-
Revision ID:
james.westby@ubuntu.com-20080115202154-59u90ozh03ft2npz
Tags: 2.0.0-1ubuntu1.1
* SECURITY UPDATE: Allows remote attackers to cause a denial of service
(crash) via a message with a timestamp that does not contain a trailing
space, which triggers a NULL pointer dereference.
* src/logmsg.c (log_msg_parse): fixed possible NULL pointer dereference
in log message parsing, as done in upstream RCS
* References:
- http://git.balabit.hu/?p=bazsi/syslog-ng-2.0.git;a=commitdiff;h=3126ebad217e7fd6356f4733ca33f571aa87a170
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6437
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457334
* Closes lp: #183389