gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1

From: David Miller
Subject: Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1
Date: Sat, 17 Apr 2004 21:55:33 -0400
User-agent: Mozilla Thunderbird 0.5+ (Macintosh/20040409) 
James Blackwell wrote:


The version of libneon that is packaged with tla 1.2.0 contains a format
string vulnerability. For more information, visit the disclosure at
http://marc.theaimsgroup.com/?l=openpkg-announce&m=108213423102539&w=2 or
visit the libneon page at http://www.webdav.org/neon/. Tla users can be
affected if they download archives from untrusted sources. 


tla-1.2.1pre1 is available at
http://release.gnuarch.org/tla-1.2.1pre1.tar.gz. The detached signature can be found at http://release.gnuarch.org/tla-1.2.1pre1.tar.gz.asc.
Has anyone submitted a fink package for this yet for Mac OS X? Both "fink list" and apt are still showing 1.2 as the current version after updating the package list. 

--
Dave Miller      Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/             http://www.bugzilla.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]