[Xymon] acknowledge.c(gi) buffer overrun

Axel Beckert beckert at phys.ethz.ch
Sat Jan 31 16:24:51 CET 2015


Hi,

On Fri, Jan 23, 2015 at 02:06:27PM +0100, Christoph Berg wrote:
> Re: J.C. Cleaver 2015-01-22 <282e3f8897d4065d851081e23f6b320c.squirrel at mail.kkytbs.net>
> > On Thu, January 22, 2015 8:14 am, Christoph Berg wrote:
> > > This might even deserve a CVE number, but as it's a seccgi, it's
> > > not widely exposed.

It now got a CVE-ID assigned: CVE-2015-1430

See http://www.openwall.com/lists/oss-security/2015/01/31/4

> > This is fixed in (unreleased) 4.3.18, via
> > https://sourceforge.net/p/xymon/code/7483.

Any news about when 4.3.18 will be officially released?

		Kind regards, Axel Beckert
-- 
Axel Beckert <beckert at phys.ethz.ch>       support: +41 44 633 26 68
IT Services Group, HPT H 6                  voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland		   http://nic.phys.ethz.ch/



More information about the Xymon mailing list