On Sun, Nov 10, 2013 at 09:19:30PM -0500, Sang Kil Cha wrote: > Package: pvm-dev > Version: 3.4.5-12.5 > Severity: grave > Tags: security > Justification: user security hole > > trcsort has a buffer overflow vulnerability. A PoC file is attached. > > Command line to reproduce the bug: > $ /usr/bin/trcsort foo
Hi, What is the intended vulnerability scenario here? trcsort is not suid, and is normally not intended to be run with untrusted inputs. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
