From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 3445 invoked by uid 1002); 27 Aug 2003 13:44:05 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 14549 invoked from network); 27 Aug 2003 13:44:05 -0000 From: Rainer Groesslinger To: gentoo-dev@gentoo.org Date: Wed, 27 Aug 2003 15:43:59 +0200 User-Agent: KMail/1.5.3 References: <1061333257.14174.2.camel@localhost> In-Reply-To: <1061333257.14174.2.camel@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_jWLT/DMKtvCN6mL"; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <200308271544.03896.scandium@gentoo.org> Subject: Re: [gentoo-dev] Security Problems: xmule, lmule X-Archives-Salt: d0f5b27b-998c-48f1-8697-0e180bf75181 X-Archives-Hash: f6a26fa69cd4bd25dfa2c097d3027fc1 --Boundary-02=_jWLT/DMKtvCN6mL Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 20 August 2003 00:47, Patrick Lauer wrote: [snip] > short summary: > all emule, lmule and xmule versions are vulnerable to buffer > overflows including execution of malicious code. > > xmule 1.4.3 (portage current) is very vulnerable. > xmule 1.5.6 (latest from xmule website) does not fix all known > vulnerabilities. > > Please discourage the use of lmule and xmule until fixed versions are > available. [snap] I added xmule-1.6.0 to the tree minutes ago, so just re-sync. It fixes all known security issues (at least according to un-thesis) and=20 I removed all older versions which had security exploits. =2D-=20 Rainer Groesslinger http://dev.gentoo.org/~scandium/ --Boundary-02=_jWLT/DMKtvCN6mL Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/TLWjErhp0AgHraoRAuTyAJ0QIsP1eXgT9WkKVRA4dh1kjnpCxACgw4PO EDLJdAnSOgaPTb7ARCZGE4s= =NvUU -----END PGP SIGNATURE----- --Boundary-02=_jWLT/DMKtvCN6mL--