> BTW, what is in ./metamail, rather than ./src/metamail/?? I don't know. I noticed that the source is included twice, but I haven't looked into why that is the case. FWIW, if you just patch the source in src and not in ., the resulting binaries seem to be fixed.
> > I have found that metamail crashes when processing messages with > > very long boundaries. They cause a buffer overflow, which doesn't > > seem to be exploitable: > How is this not [potentially] exploitable? Well, because of the error message that it prints, and because of the way things look in gdb (if I remember correctly, it crashes in strtok() or some similar function). I've been taught that this signifies not being exploitable, but I may be wrong. What do the others in the Debian Security Audit Project think about this? // Ulf -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 8 at http://www.opera.com Powered by Outblaze
