Debian Security Advisory

DSA-639-1 mc -- several vulnerabilities

Date Reported:
14 Jan 2005
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2004-1004, CVE-2004-1005, CVE-2004-1009, CVE-2004-1090, CVE-2004-1091, CVE-2004-1092, CVE-2004-1093, CVE-2004-1174, CVE-2004-1175, CVE-2004-1176.
More information:

Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:

For the stable distribution (woody) these problems have been fixed in version 4.5.55-1.2woody5.

For the unstable distribution (sid) these problems should already be fixed since they were backported from current versions.

We recommend that you upgrade your mc package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.