|
From: | David Miller |
Subject: | Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1 |
Date: | Sat, 17 Apr 2004 21:55:33 -0400 |
User-agent: | Mozilla Thunderbird 0.5+ (Macintosh/20040409) |
James Blackwell wrote:
The version of libneon that is packaged with tla 1.2.0 contains a format string vulnerability. For more information, visit the disclosure at http://marc.theaimsgroup.com/?l=openpkg-announce&m=108213423102539&w=2 or visit the libneon page at http://www.webdav.org/neon/. Tla users can beaffected if they download archives from untrusted sources.
tla-1.2.1pre1 is available athttp://release.gnuarch.org/tla-1.2.1pre1.tar.gz. The detached signature can be found at http://release.gnuarch.org/tla-1.2.1pre1.tar.gz.asc.
Has anyone submitted a fink package for this yet for Mac OS X? Both "fink list" and apt are still showing 1.2 as the current version after updating the package list.
-- Dave Miller Project Leader, Bugzilla Bug Tracking System http://www.justdave.net/ http://www.bugzilla.org/
[Prev in Thread] | Current Thread | [Next in Thread] |