Eric Blake wrote:
> I have fixed some memory handling bugs that were in newlib at the time
> cygwin 1.5.24 was released.
They were probably due to the BSD heritage of some parts of newlib?
Another question is how to deal with the bug on MacOS X ? This is a
widely used platform, and there are several packages out there that use
printf with variable precision. (A search for
printf\s\(\"[^\"]*%\.\*[eEfFgGudox]
on Google Codesearch shows 37 hits.) Can someone push the vendor to
making a security fix of this bug? I don't have enough time to write
an exploit.
Bruno
