nectar fc3b18bce3 Correct a pair of buffer overflows in the telnet(1) command: ...

(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>

2005-03-28 14:45:12 +00:00

..

amd

Expand *n't contractions.

2005-02-13 22:25:33 +00:00

bc

Remove files no longer needed

2004-02-17 01:04:18 +00:00

bind9

Expand and refine a few sections for future reference

2005-03-17 08:40:41 +00:00

binutils

This commit was generated by cvs2svn to compensate for changes in r131722,

2004-07-06 19:16:23 +00:00

bsnmp

Don't extract the .gdbinit file from the distribution.

2005-02-28 17:29:10 +00:00

bzip2

…

com_err

Resolve conflicts after import of Heimdal 0.6.1 libcom_err.

2004-04-03 21:17:01 +00:00

cpio

Recognize and skip 'x' and 'g' pax extension entries. In particular,

2004-08-28 03:13:05 +00:00

cvs

Do not check val-tags if the repository is read-only.

2004-08-05 17:47:35 +00:00

diff

Remove files no longer needed

2004-02-16 22:56:36 +00:00

expat

…

file

This commit was generated by cvs2svn to compensate for changes in r139368,

2004-12-28 04:31:47 +00:00

gcc

Break lines at sentence ends, etc...

2004-11-11 07:50:09 +00:00

gdb

Abstract the handling of dirty stacked registers in ia64_read_reg() and

2004-09-05 06:17:25 +00:00

gdtoa

Configure gdtoa so that floating-point numbers are correctly rounded

2005-01-18 18:56:18 +00:00

gnu-sort

Correct va_end usage.

2004-08-27 03:52:29 +00:00

gperf

Remove unneded files

2004-02-17 01:51:07 +00:00

groff

MFV: Latest mdoc(7) fixes.

2005-01-25 09:32:56 +00:00

ipfilter

Committ changes from 3.4.31 -> 3.4.35

2004-06-21 22:53:03 +00:00

isc-dhcp

Make 'client DNS forward update' working again which got broken in rev.

2004-08-16 22:35:56 +00:00

less

Merge vendor changes onto mainline.

2004-04-17 07:24:09 +00:00

libbegemot

Vendor import of harti's begemot library.

2004-09-24 21:48:46 +00:00

libf2c

Remove files that are not part of GCC 3.4.x from the vendor branch.

2004-08-12 16:41:42 +00:00

libobjc

Gcc 3.4.2 20040728 Objective C support bits.

2004-07-28 03:12:12 +00:00

libpcap

pcap clients should use strlcpy() from the base system libc by default also.

2004-03-31 18:15:37 +00:00

libreadline

Fix some more files that got butchered to appear to be back on the

2004-10-21 20:10:14 +00:00

libstdc++

Remove files that are not part of GCC 3.4.x from the vendor branch.

2004-08-12 16:41:42 +00:00

lukemftp

This commit was generated by cvs2svn to compensate for changes in r142129,

2005-02-20 17:33:34 +00:00

lukemftpd

NetBSD has updated their groff to a version that handles .Nm the same

2004-08-18 06:41:13 +00:00

ncurses

…

netcat

Undo the VCS tag move to reduce diff hunks.

2005-02-07 05:34:35 +00:00

ngatm

This commit was generated by cvs2svn to compensate for changes in r135923,

2004-09-29 06:22:38 +00:00

ntp

This commit was generated by cvs2svn to compensate for changes in r138451,

2004-12-06 14:33:29 +00:00

nvi

…

one-true-awk

Update for the 2004/02/07 import.

2004-02-08 21:39:18 +00:00

openpam

Vendor import of OpenPAM Feterita.

2005-02-01 10:16:17 +00:00

opie

FreeBSD does not use this code, but ftpd_popen() contains a buffer overflow.

2003-07-13 05:59:50 +00:00

pam_modules/pam_passwdqc

…

pf

- remove OpenBSDisms, add FreeBSDisms

2005-02-23 17:37:39 +00:00

pnpinfo

Move cvs id from comment to code. Use errx(). Add a return (0) at the end

2004-01-04 11:11:02 +00:00

sendmail

Merge mci.c change to add mci_close() from the vendor branch.

2005-02-14 08:04:08 +00:00

smbfs

+ Get prototypes for libc functions.

2004-10-19 17:44:31 +00:00

tar

Add */lib/getopt* I miss somehow initially.

2004-02-18 18:53:13 +00:00

tcp_wrappers

Correct compilation with "#define really_paranoid".

2003-12-27 14:58:00 +00:00

tcpdump

Fix NULL pointer dereference bug when parsing IPV6CP traffic.

2005-01-24 14:56:48 +00:00

tcsh

Add the nls/*/charset files to the exclude list. These files are not needed

2004-07-11 02:20:52 +00:00

telnet

Correct a pair of buffer overflows in the telnet(1) command:

2005-03-28 14:45:12 +00:00

texinfo

Remove unneded files

2004-02-17 02:09:53 +00:00

top

Correct macro usage.

2005-03-13 13:37:02 +00:00

traceroute

Remove an empty default: case to please GCC 3.4.2.

2004-07-28 14:21:25 +00:00