*** This bug has been split off bug 148864 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.02.16 09:15 ------- Two issues with mc have been reported to the Debian BTS. You can find more information here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261
This issue should also affect FC2.
FC3, devel packages are unaffected. The FC2 version needs to be patched.
Don't forget CAN-2004-1176.
Josh, do you have any objections to release the FC2 update with the newer mc-4.6.1-pre3? This version is not vulnerable to all noted CANs. I did basic testing under FC2 and it works fine. (I did FC3 update with the same mc version recently and have no bugreports since that time related to security or other issues)
testing update of mc-4.6.1-pre3 is now signed and pushed.
This doesn't ever appear to have been pushed from testing, and FC2 is now in the hands of Fedora Legacy.
*** Bug 127973 has been marked as a duplicate of this bug. ***
Yes, it's still in testing. I'll contact Bill if it's possible to move it to final.
Are there any known issues with the in-testing package? Thanks!
No issues since pre2 I believe. These issues only affect plain 4.6.0 and before. Like bug 127973 (which is *not* a dup of this bug) this issue can be closed ERRATA afaict.
Reopening, because, like bug #127973, the errata hasn't actually been released.
Hi Matt. Just collisioned as I was doing the exact same thing ;-) . See bug 127973. <g>
Hmmm, must be time for me to go get some supper. :)
Packages were pushed to updates-testing.
I'd suggest this bug be closed, and tracking continued in #152889 ?
Good idea. *** This bug has been marked as a duplicate of 152889 ***