[BUG SUB] silc-server 1.0.2 denial of service vulnerability - silc-server
Daniel Kahn Gillmor
dkg-silc at fifthhorseman.net
Wed Mar 7 05:23:01 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrik Weiskircher <pat at icore.at> writes:
> --On 06. März 2007 13:10:49 +0100 Pekka Riikonen <priikone at iki.fi> wrote:
>
>> Pat, please apply the fix and release new SILC Server.
>>
>
> Yup, will do that tomorrow.
Thanks for such a quick turnaround on a nasty problem, folks. This is
what a good security response should be.
i've also posted an updated version of the debian package to the
normal place i've been serving my unofficial .debs:
http://lair.fifthhorseman.net/~dkg/src/silc/
the sha1sums for those files should be:
b6862388569e5a6d6ff08ff84d410421ff5f7fce silc-server_1.0.3-1.diff.gz
5a327d43c85b24a9afd39f8242f1d3e5ea1cdc1c silc-server_1.0.3-1.dsc
3da59f06451a9c088bbe9398aaf75b96e8897078 silc-server_1.0.3-1_i386.build
12c1767b7ab2b690019d62d2377e4f28364a2947 silc-server_1.0.3-1_i386.changes
70a984517ab3dd159ae9abe5c6881d3dbea90046 silc-server_1.0.3-1_i386.deb
e055c69b8e0ecc7640de821a86438e4c1c1739d6 silc-server_1.0.3.orig.tar.gz
I continue to be uneasy about the debian packaging for silc-server,
but don't have the time to really overhaul it properly, so i'm just
pushing along the old changset and making little tweaks when suggested
by lintian or linda.
Let me know if there are any questions,
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFF7j3liXTlFKVLY2URAsgyAJ0TRhV022nKOaGPgr2v9bP7jIOPQwCgs8b+
YV5ukuMAILc3LSw98CudJZE=
=1xAJ
-----END PGP SIGNATURE-----
More information about the silc-devel
mailing list