Vulnerabilities.

Ag. D. Hatzimanikas a.hatzim at gmail.com
Wed Jun 25 06:17:37 PDT 2008


On Wed, Jun 25, at 05:32 Alexander E. Patrakov wrote:
> Ag. D. Hatzimanikas wrote:
> > I've gathered this information about vulnerable packages (could be more).
> 
> You missed a bunch of Xorg vulnerabilities 
> (http://www.debian.org/security/2008/dsa-1595). And no, I still don't want to 
> see 1.4.2 in the book, so let's try to extract patches from the Debian 
> repository.
> 

I missed more, with the most noticeable of them being Perl-5.8.8 (which
belongs to LFS) and Apache (see changelog for details [1], it's advisable
to upgrade), but poppler and a couple more are also vulnerable.

> And there are also bugs other than vulnerabilities, e.g. try (by installing 
> xdm as your display manager, logging in with xdm, and running the testcase in 
> the bug report) if you can reproduce http://bugs.debian.org/486606 (it is 
> also said to affect all SDL games).
> 

Thanks for the link, but I don't use any display manager.
I know Bernard from the ratpoison ML, he was also the reporter for the 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142
which looks like a similar issue.


1. http://www.apache.org/dist/httpd/CHANGES_2.2.9
-- 
http://wiki.linuxfromscratch.org/blfs/wiki/Hacking



More information about the blfs-dev mailing list