SECURITY: typespeed (CVE-2006-1515)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SECURITY: typespeed (CVE-2006-1515)

Yaakov (Cygwin/X)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A buffer overflow has been discovered in the addnewword() function of
Typespeed's network code.

Workaround: Don't run typespeed in multiplayer mode.

Solution:  Upgrade to >= 0.5.1.  (0.5.0 fixed the security bug, but
introduced some functionality bugs fixed in 0.5.1.)

More information:
http://security.gentoo.org/glsa/glsa-200606-20.xml
http://bugs.gentoo.org/show_bug.cgi?id=135071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1515


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFElw5+piWmPGlmQSMRAkUtAJwKqWWpoTJGGrx/1UN6pQ7akZYvoQCghifc
RxjBwGdU+dLXo4vXo62rk9I=
=pZ7E
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: SECURITY: typespeed (CVE-2006-1515)

Lapo Luchini
Yaakov S (Cygwin Ports) wrote:
> Solution:  Upgrade to >= 0.5.1.  (0.5.0 fixed the security bug, but
> introduced some functionality bugs fixed in 0.5.1.)
It seems I will have a nice cozy package-preparing week-end ;-)

(typespeed, rsync, monotone...)

   Lapo
Reply | Threaded
Open this post in threaded view
|

Re: SECURITY: typespeed (CVE-2006-1515)

Yaakov (Cygwin/X)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lapo Luchini wrote:
> It seems I will have a nice cozy package-preparing week-end ;-)
>
> (typespeed, rsync, monotone...)

<cough>gamin</cough> :-D


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEmygGpiWmPGlmQSMRAotuAKC6MZte4XrMsvfM7C2UHBdxIVRFswCghY6v
i/0MLIaHcbexUCMeZG6toPM=
=Ef4p
-----END PGP SIGNATURE-----