Subject: Re: CVS commit: gnusrc/gnu/libexec/uucp/uuxqt
To: Jun-ichiro itojun Hagino <itojun@netbsd.org>
From: David Brownlee <abs@netbsd.org>
List: tech-security
Date: 09/13/2001 18:58:38
Does this affect 1.5.2? Assuming so is it noted in LAST_MINUTE?
--
David/absolute -- www.netbsd.org: No hype required --
On Wed, 12 Sep 2001, Jun-ichiro itojun Hagino wrote:
>
> Module Name: gnusrc
> Committed By: itojun
> Date: Wed Sep 12 07:51:03 UTC 2001
>
> Modified Files:
> gnusrc/gnu/libexec/uucp/uuxqt: uuxqt.c
>
> Log Message:
> pull patch from openbsd Errata 033:
> A security hole exists in uucp(1), uux(1) and uuxqt(1) that may allow
> an attacker on the local machine to run arbitrary commands with
> root privileges.
> Fix:
> Pay more attention to commandline parsing of long options.
> Patch from jbj@redhat.com via millert@.
>
>
> To generate a diff of this commit:
> cvs rdiff -r1.3 -r1.4 gnusrc/gnu/libexec/uucp/uuxqt/uuxqt.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
>