7320537 2001-10-18 16:16 +0200 /54 rader/ Martin Schulze <joey@finlandia.infodrom.north.de> Sänt av: joel@lysator.liu.se Importerad: 2001-10-19 00:22 av Brevbäraren Extern mottagare: Debian Security Announcements <debian-security-announce@lists.debian.org> Externa svar till: security@debian.org Mottagare: Bugtraq (import) <19491> Ärende: [SECURITY] [DSA 081-2] No w3m packages for powerpc available ------------------------------------------------------------ From: Martin Schulze <joey@finlandia.infodrom.north.de> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Message-ID: <20011018161652.E1863@finlandia.infodrom.north.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 081-2 security@debian.org http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Packages : w3m, w3m-ssl Vulnerability : Buffer Overflow Problem-Type : remote code execution Debian-specific: no In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code. We are awfully sorry, but the powerpc version in our announcement DSA 081-1 was built on the wrong distribution (unstable instead of stable), and thus depended on a wrong version of the glibc. We had to remove that file and cannot provide a fixed version. For the powerpc architecture there is only a very old version of w3m available. We recommend that you don't use w3m on the powerpc distribution. If you require a text browser please check out links and lynx which are both good and stable. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7zuQoW5ql+IAeqTIRAsfAAJ4jHmz6YfaIYk5xF7NisUGRzMZAPwCfaOLr D+NaZwivx+ZyBg4LBlhUm74= =bWU9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org (7320537) /Martin Schulze <joey@finlandia.infodrom.north.de>/(Ombruten)