The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] SNI-20: Telnetd tgetent vulnerability (fwd)



On Oct 22, Christian Hudon wrote:
> Hi,
> 
> Could someone make sure that Debian is not vulnerable to this? They only
> tested with RedHat and Slackware... 
[...]

Debian is not vulnerable. The tgetent function is emulated by the
ncurses library (it is an old termcap function) which doesn't use
the buffer for tgetent().

Manual page for tgetent():
       [...]
       int tgetent(const char *bp, char *name);
       [...]
       The  tgetent routine loads the entry for name.  It returns
       1 on success, 0 if there is no such entry, and -1  if  the
       terminfo  database  could  not  be  found.   The emulation
       ignores the buffer pointer bp.
       [...]


Thanks,

Peter

-- 
Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org> <tobias@linux.de>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02  04 62 89 6C 2F DD F1 3C 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .