-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: ppp Binary: ppp, ppp-udeb, ppp-dev Architecture: linux-any all Version: 2.4.6-3.1 Maintainer: Marco d'Itri <[email protected]> Uploaders: Chris Boot <[email protected]> Homepage: http://ppp.samba.org/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/pkg-ppp.git Vcs-Git: git://anonscm.debian.org/collab-maint/pkg-ppp.git Build-Depends: debhelper (>= 5), libpcap0.8-dev, libpam0g-dev, zlib1g-dev, dh-systemd Package-List: ppp deb admin optional arch=linux-any ppp-dev deb devel extra arch=all ppp-udeb udeb debian-installer optional arch=linux-any Checksums-Sha1: 0fd188b28cb8fdc81d2eaa15b78d3ad9c93344f4 687744 ppp_2.4.6.orig.tar.gz f723145993142936e88be3b14600f2e1092bba65 92212 ppp_2.4.6-3.1.debian.tar.xz Checksums-Sha256: 1b33181a03962c8a092c055fb9980e9722728a8d98a4bb7ec7acda17c1b1b49d 687744 ppp_2.4.6.orig.tar.gz 695095daa7efddff5332139d92d1514ca7e1079cfba146bb9e3c70feda52cd2d 92212 ppp_2.4.6-3.1.debian.tar.xz Files: 3434d2cc9327167a0723aaaa8670083b 687744 ppp_2.4.6.orig.tar.gz 82f8a21b47900d7e8ce0ea95ae1d741d 92212 ppp_2.4.6-3.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVLLahAAoJENUIWgdQ/bejC40P/0pTs0VV2prKvKbaMR7QXioA C/PnE81wufRbUV+d5OXW6aCI88HAKBUmhFadNrE+zq5wy/CXGGaaN7nm/33ezLBA alRrsejcCGiEhBZf2MaSBAIqdpejbLOFUq1T3J1H4VwTwPRLHhWkZOKLC+bnGMS8 mJNPdqcWno0unHD8adJhbqa4zQaEuLvZLOfmiXyuuHIMrwib+8hnXFSf85J6Xn0g mp/K1rCeS5JU0oJ577m6HcWnGbSzKZWcvMTn/McRLHsTSbQfSUoSvxpjUJYPoR/G V/C6P3kQHTkG2oDoj/wzc4JjDaj5DhduDQ0DXbNEOQ4vxOL/OO77HTYCO9my4RVb 9Iuv/IGniUQ8NLS5oNUJ8/8sdMvqsQ+DDpuXSLmTVsBhhJ7qALfyjEo2jCwfh52Z uchqrErHh0j1FIU069DDkeLWVlVgcWY2wqxDqQvKpqv+6OR7B7p8FmulRXpF1EBI zAsVSvHHroKvp61AJgjY80IUSrvgIep9NbikpSTRb8sKeJJDekXQ5cIcW4YmDl2M ArwRFbkaKpG8O4DPW/rBdN7eZyeRhJCcNdSBvcigYDqksKMeq1wV+057hL90qQV8 JhVSo2x8ubEXj7hB3opojjU6emW0Uu1k69FSFw+VxQXHVmuhZgaw5WUUJSNNlxS8 lWVuVRGN+lq4E1GcSL4p =wx52 -----END PGP SIGNATURE----- Changes: ppp (2.4.6-3.1) unstable; urgency=high * Non-maintainer upload. * Urgency high due to fix for DoS vulnerability. * Fix buffer overflow in rc_mksid(). The function converts the PID of pppd to hex to generate a pseudo-unique string. If the process id is bigger than 65535 (FFFF), its hex representation will be longer than 4 characters, resulting in a buffer overflow. This bug can be exploited to cause a remote DoS. (Closes: #782450) -- Emanuele Rocca <[email protected]> Tue, 14 Apr 2015 08:18:06 +0200
