* Re: [gentoo-dev] Security Problems: xmule, lmule
@ 2003-08-19 23:08 99% ` Rainer Groesslinger
0 siblings, 0 replies; 1+ results
From: Rainer Groesslinger @ 2003-08-19 23:08 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 1169 bytes --]
On Wednesday 20 August 2003 00:47, Patrick Lauer wrote:
> Hi,
>
> yesterday I found this:
> http://www.heise.de/newsticker/data/dab-18.08.03-000/ (in german)
>
> http://lists.netsys.com/pipermail/full-disclosure/2003-August/008449.
>html (english)
>
> short summary:
> all emule, lmule and xmule versions are vulnerable to buffer
> overflows including execution of malicious code.
>
> xmule 1.4.3 (portage current) is very vulnerable.
> xmule 1.5.6 (latest from xmule website) does not fix all known
> vulnerabilities.
>
> Please discourage the use of lmule and xmule until fixed versions are
> available.
lmule was removed from the tree several weeks ago because it isn't
developed anymore and unsupported for a few months now.
The problem - indeed - is, that even their latest unstable release
(1.5.6a) doesn't fix the problem and I observe xmule sharply and am
waiting for a fixed release or at least a patch.
I added an einfo about the security hole in all the xmule ebuilds and I
hope they release 1.4.4 or something soon (which will immediatly be
arch of course)
--
Rainer Groesslinger
http://dev.gentoo.org/~scandium/
[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2003-08-19 22:47 [gentoo-dev] Security Problems: xmule, lmule Patrick Lauer
2003-08-19 23:08 99% ` Rainer Groesslinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox