tcp_wrapper in Mga is unmaintained, Fedora ships a newer patch against a possible DOS in xgets In the URL you can read the changelog of their package
no security issue for mga 1 ?
For Mageia 1 too!
Summary: tcp_wrapper unmaintained and contains vulnerabilities (Mga2 Alpha1) => tcp_wrapper unmaintained and contains vulnerabilities
Version: Cauldron => 1
Ok, thanks :) As there is no maintainer for this package I added the committers in CC.
CC: (none) => mageia
Changing the URL to point to the fedora patch which fixes this security issue.
URL: http://pkgs.org/fedora-rawhide/fedora-i386/tcp_wrappers-7.6-68.fc17.i686.rpm.html => http://pkgs.fedoraproject.org/gitweb/?p=tcp_wrappers.git;a=blob_plain;f=tcp_wrappers-7.6-xgets.patch;hb=HEADCC: (none) => doktor5000
Seems this is already fixed in our tcp_wrappers, this is the relevant code without the "newer" fedora patch: char *start = ptr; while (len>1 && fgets(ptr, len, fp)) { got = strlen(ptr); if (got >= 1 && ptr[got - 1] == '\n') { tcpd_context.line++;
Status: NEW => RESOLVEDResolution: (none) => INVALID