[MBT] new ticket for pkg ypserv "all Any versions of ypserv prior to 2.5 is remotely exploitable"

Nie, 1 Gru 2002, 11:45:31 CET

On Sat, 30 Nov 2002 undefine w aramin.one.pl wrote:

> On Thu, Oct 31, 2002 at 05:40:19PM -0000, bugs w pld.org.pl wrote:
> > Date: 2002-10-31 18:40:18+01	Author:  (kreutzm) <kreutzm w itp.uni-hannover.de> 
> > Title:         all
> > Any versions of ypserv prior to 2.5 is remotely exploitable
> > Ticket ID:     #412
> > Ticket URL:    http://bugs.pld.org.pl/?bug=412
> > Package:       ypserv-1.3.12-4
> > Distribution:  PLD-Ra.main
> > Category:      security problem
> > Current state: opened
> > Text:
> > 
> > According to e.g. the Debian security announcement:
> > http://www.debian.org/security/2002/dsa-180
> > 
> > NIS-Servers prior 2.5 is vulnerable. PLD ships (acording to the README.gz in /usr/share/ypserv) 1.3.11.
> w branchu jest 2.6. Uzywam jej od dluzszego czasu bez zadnych problemow.
> sadze ze mozna by przerzucic na main...

ale nie do Ra, w ra (w updates/security) jest juz (ew jest w ra/test) 
yserv-1.3.12-6, z naniesiona poprawką.

Krzysiek Taraszka			(dzimi w pld.org.pl)