Debian Security Advisory
DSA-156-1 epic4-script-light -- arbitrary script execution
- Date Reported:
- 22 Aug 2002
- Affected Packages:
- epic4-script-light
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 5555.
In Mitre's CVE dictionary: CVE-2002-0984. - More information:
-
All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.
This problem has been fixed in version 2.7.30p5-1.1 for the current stable distribution (woody) and in version 2.7.30p5-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the Light package.
We recommend that you upgrade your epic4-script-light package and restart your IRC client.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.dsc
- http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.diff.gz
- http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1_all.deb
MD5 checksums of the listed files are available in the original advisory.