Hi, * Irene Vatton <irene.vat...@inria.fr> [2008-12-23 17:46]: > Le mardi 23 décembre 2008 à 16:29 +0100, Nico Golde a écrit : > > CCed upstream. > > > > I am not sure if it is enough to just fix this CVE id. > > Browsing a bit in the code reveals quite a lot of additional > > buffer overflows. > > The new release 11.0.1 published today fixes several buffer overflows. > Your new reported overflow should be fixed in that release.
How did you fix this? The function of the issue I reported still has the same code. Did you fix this without using snprintf?? > Nevertheless we plan to make a new corrective release end of January. Steve, can you assign a CVE id to the issue I reported so we can track this issue as well? Reference should be: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15 Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpGPnbuOKsnb.pgp
Description: PGP signature
