tech-security: Re: CVS commit: gnusrc/gnu/libexec/uucp/uuxqt

Subject: Re: CVS commit: gnusrc/gnu/libexec/uucp/uuxqt
To: Jun-ichiro itojun Hagino <itojun@netbsd.org>
From: David Brownlee <abs@netbsd.org>
List: tech-security
Date: 09/13/2001 18:58:38

	Does this affect 1.5.2? Assuming so is it noted in LAST_MINUTE?

-- 
		David/absolute		-- www.netbsd.org: No hype required --


On Wed, 12 Sep 2001, Jun-ichiro itojun Hagino wrote:

>
> Module Name:	gnusrc
> Committed By:	itojun
> Date:		Wed Sep 12 07:51:03 UTC 2001
>
> Modified Files:
> 	gnusrc/gnu/libexec/uucp/uuxqt: uuxqt.c
>
> Log Message:
> pull patch from openbsd Errata 033:
> A security hole exists in uucp(1), uux(1) and uuxqt(1) that may allow
> an attacker on the local machine to run arbitrary commands with
> root privileges.
> Fix:
> Pay more attention to commandline parsing of long options.
> Patch from jbj@redhat.com via millert@.
>
>
> To generate a diff of this commit:
> cvs rdiff -r1.3 -r1.4 gnusrc/gnu/libexec/uucp/uuxqt/uuxqt.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
>