The submitter sent me private mail, telling me: - a little more explanation of how this can be exploited - that this is exploitable in a stock installation in sarge - that read() can overwrite part of the buffer before returning EFAULT - that company policy forbids him from providing a working exploit
I think we'll have to work on the basis that the upstream fix is necessary and sufficient. Ben. -- Ben Hutchings -- [EMAIL PROTECTED] shortened to [EMAIL PROTECTED] If you've signed my GPG key, please send a signature on and to the new uid. Sturgeon's Law: Ninety percent of everything is crap.
signature.asc
Description: This is a digitally signed message part
