-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Apr 2015 08:18:06 +0200 Source: ppp Binary: ppp ppp-udeb ppp-dev Architecture: source amd64 all Version: 2.4.6-3.1 Distribution: unstable Urgency: high Maintainer: Marco d'Itri <md@linux.it> Changed-By: Emanuele Rocca <ema@debian.org> Description: ppp - Point-to-Point Protocol (PPP) - daemon ppp-dev - Point-to-Point Protocol (PPP) - development files ppp-udeb - Point-to-Point Protocol (PPP) - package for Debian Installer (udeb) Closes: 782450 Changes: ppp (2.4.6-3.1) unstable; urgency=high . * Non-maintainer upload. * Urgency high due to fix for DoS vulnerability. * Fix buffer overflow in rc_mksid(). The function converts the PID of pppd to hex to generate a pseudo-unique string. If the process id is bigger than 65535 (FFFF), its hex representation will be longer than 4 characters, resulting in a buffer overflow. This bug can be exploited to cause a remote DoS. (Closes: #782450) Checksums-Sha1: 2b12c44afe616cee58c0c7dd1dab270b8d425b3a 1992 ppp_2.4.6-3.1.dsc f723145993142936e88be3b14600f2e1092bba65 92212 ppp_2.4.6-3.1.debian.tar.xz faba372c7ae3306f15c947f165093efe37a70116 337520 ppp_2.4.6-3.1_amd64.deb 72e35519b96e8ede48fa2e5706e578b2f5df63b9 120564 ppp-udeb_2.4.6-3.1_amd64.udeb 2f159bc6d8a86b1c91659252c4e1b93a105329ff 55022 ppp-dev_2.4.6-3.1_all.deb Checksums-Sha256: 885c3aeae3fc9ef8bb3217f2fd623bd86596850d6d145d4ed30b1eba12c10cc8 1992 ppp_2.4.6-3.1.dsc 695095daa7efddff5332139d92d1514ca7e1079cfba146bb9e3c70feda52cd2d 92212 ppp_2.4.6-3.1.debian.tar.xz 37c6a39aaa897490e74114bbf12f0d2edcba804904df31e170a4fcb937ec7fcc 337520 ppp_2.4.6-3.1_amd64.deb bc3e6817dce2c34c8f59e7b48cd0dfb0476c9c2c68af4724accf9629d5205647 120564 ppp-udeb_2.4.6-3.1_amd64.udeb ed362defdc88f1ce66fd9c2ab4054f29cc121d42f7d04d31c604f997a23fd21d 55022 ppp-dev_2.4.6-3.1_all.deb Files: deadef2597e0abf924b2755929a982ee 1992 admin optional ppp_2.4.6-3.1.dsc 82f8a21b47900d7e8ce0ea95ae1d741d 92212 admin optional ppp_2.4.6-3.1.debian.tar.xz 1fcbf02cea6381fd0e899a320a9d95a0 337520 admin optional ppp_2.4.6-3.1_amd64.deb 7c62e225e99719e2fc96683667888e25 120564 debian-installer optional ppp-udeb_2.4.6-3.1_amd64.udeb 03abea2a2bade9ab4da60c6ef69e96d2 55022 devel extra ppp-dev_2.4.6-3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVLLalAAoJENUIWgdQ/bejaoIQAJIBTLNHeUmcXFm2dLyHEy44 KTSQQbzmN6k2OSdBxEEDwO2UC4KOCFNKtBlHc62aJhz8trykUkZlB/9x3uhRMxAM 0LgeMkvDe3Y16RboQHfZaH46W2EUBd0AF31BUMlW2/FRBZ2bdf/Wfl//1bPWYQxl 8969pcl6qXw9N5PKpQCFFZCPn0DVWoBLcgrmlyCCnRyfxkYhUVMFaHQE1j8pOFl/ yQY0afDvq9MOmhq9QZfexhdybRvLi8Rs8bpZlt9acKfMVD5gMf/1uhsM+W8VN02W 612qf3zO5grMKJq9AyuVQnuZZ/fdIHtTixK0Akq2YS5LcktqF4TnsGQgi12Ug/rd og5EpPGZWNblzNxnHbVUEY/qBXyeOOWSgS7LgHe0ABpQY1yZOzDJboT4ODgChrL/ Prhd+Mz89tf/PnNeXEsufX346NQIjZ6g0wHiu7y4ilJpQbXzDOMEhUBH8n/gupf4 X1QKwWCAp1l81DIBoeV7pNnosMSS6aSsNuMHy78vFU/iBwOqmPwijO8pidWJaRzJ a5W++2iQWYRNM0bB5ucWlD1BD+Nhs+2b0CrDjUk2zXuKzOKSSAshDZ2b9bAk5iE1 /OwsHHg7UGC1D9dhNhpNzvCVozfx6xe1dLEMLcgrnJGRqUVbDNgzrYRwHf4PJOi/ +lAaGJQoJWXjXY/z45B8 =gzqy -----END PGP SIGNATURE-----
