Subject: pkg/26607: cfengine security fix
To: None <>
From: None <>
List: pkgsrc-bugs
Date: 08/09/2004 22:17:52
>Number:         26607
>Category:       pkg
>Synopsis:       Cfengine RSA Authentication Heap Corruption
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 10 02:32:00 UTC 2004
>Originator:     Michael Santos
>Release:        NetBSD 2.0G
System: NetBSD ack 2.0G NetBSD 2.0G (ack) #55: Thu Aug 5 16:00:24 EDT 2004 root@ack:/home/build/src/sys/arch/i386/compile/obj/ack i386
Architecture: i386
Machine: i386
see  Cfengine RSA Authentication Heap Corruption


--- pkg-vulnerabilities.orig    2004-08-09 22:11:30.000000000 -0400
+++ pkg-vulnerabilities 2004-08-09 22:14:37.000000000 -0400
@@ -561,3 +561,5 @@
 suse_libpng-9.1                remote-code-execution
 suse_libpng<=6.4       remote-code-execution
+cfengine-2.0.*         remote-code-execution
+cfengine-2.1.[0-7]*    remote-code-execution
 #CHECKSUM SHA1 afcc280e3e6376da5a0148ade10d547516743033

 	<how to correct or work around the problem, if known (multiple lines)>
 	<code/input/activities to reproduce the problem (multiple lines)>