Debian Security Advisory

DSA-156-1 epic4-script-light -- arbitrary script execution

Date Reported:
22 Aug 2002
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 5555.
In Mitre's CVE dictionary: CVE-2002-0984.
More information:

All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.

This problem has been fixed in version 2.7.30p5-1.1 for the current stable distribution (woody) and in version 2.7.30p5-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the Light package.

We recommend that you upgrade your epic4-script-light package and restart your IRC client.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.