Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
password has been enabled and a remote attacker can connect to the Zebra
telnet management port. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0795 to this issue.
from http://rhn.redhat.com/errata/RHSA-2003-307.html
Bump package name.
ok itojun@ margarida@
A remotely exploitable buffer overrun has been reported in Epic.
This issue may reportedly be exploited by a malicious server that
supplies an overly long nickname in a CTCP messages, potentially
allowing for execution of arbitrary code in the context of the
client user.
It may be also be possible for a malicious client to send such a
message, but it is likely that the server will limit the length.
ok brad@
--
- TCPreen will now abort if SUDO_USER is invalid. UIDs are no longer
accepted as unprivileged usernames.
- Hostname lookup failures when the reverse DNS alias of a host was
not valid or when using IPv6 were fixed.
--
- Plugins now works with GTK+ interface
- Updated the passive OS fingerprint database (1279 records)
- Fixed internal refreshing (for huge traffic loads)
- Fixed wifi-dump support
- Fixed some possible buffer overflows
buffer overflow in TCP reassembly in old versions, possible
remote code execution. dsniff and other programs which use the
TCP reassembly code are potentially vulnerable
* cvsup2cvsync, which is a utility to convert a CVSup(R) scanfile into
a cvsync counterpart, has been added. When the upstream server
is using CVSup and you want to redistribute the contents using CVSync,
this tool is your friend.
* Support poll() instead of select() if available (server/client).
* cvsync(1) now supports "refuse" file. Using the refuse file,
you can prevent files/directories in a collection from
adding/updating/removing on the client side.
- Paths for both current and old versions in MASTER_SITES.
- Switch to .bz2 because old distfiles are only available this way.
- Remove versioned executable.
- Move install message into separate file.
permission from brad@
