Two possible vulnerabilities?

From: Mohacsi Janos (
Date: 07/01/04

  • Next message: Jos Hörchner: "wrong security branch name?"
    Date: Thu, 1 Jul 2004 15:28:41 +0200 (CEST)

    Dear all,
              Browsing through the securityfocus vulnerability database I found
    two items, that might interesting for the FreeBSD community:
    1. GNU GNATS Syslog() Format String Vulnerability

    GNATS is vital part of the PR handling of FreeBSD. I think security
    officers should contact developers of GNU GNATS about this issue to resolve
    the potential problem.

    2. gzip: Insecure creation of temporary files
    In reality this affects only znew and gzexe only gzip version prior

    I am not quite sure about the whether this vulnerability exist in the
    current gzip 1.2.4, that is used in FreeBSD. According to the gzip page: - new official version will be posted soon....

    Are there any plan to go forward gzip 1.3 ?

    Best Regards,

    Janos Mohacsi
    Network Engineer, Research Associate
    Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Jos Hörchner: "wrong security branch name?"