Hi Willi,
On Sat, Dec 31, 2016 at 09:15:09PM +0100, Willi Mann wrote:
> Hi,
>
> > Not sure yet if that would warrant a DSA, possibly it could be updated
> > via the upcoming point release as well.
>
> I pushed a jessie branch to the git repository with the patch from
> upstream (some hunks had t
Hi,
> Not sure yet if that would warrant a DSA, possibly it could be updated
> via the upcoming point release as well.
I pushed a jessie branch to the git repository with the patch from
upstream (some hunks had to be ignored). I also uploaded a patched
version to unstable.
https://anonscm.debian
Hi,
On Sat, Dec 31, 2016 at 03:26:48PM +0100, Willi Mann wrote:
> Hi Jean-Francois,
>
> Are you fine with attached patch? I saw that two other cmd_ functions
> follow the same pattern, so they are probably also vulnerable, right?
Thanks for the notice. I have done some minor updates to the bug
(
Hi Jean-Francois,
Are you fine with attached patch? I saw that two other cmd_ functions
follow the same pattern, so they are probably also vulnerable, right?
thanks
Willi
Am 2016-12-30 um 19:16 schrieb Jean-Francois Dockes:
> Willi Mann writes:
> > Hi Dave,
> > Hi Jean-Francois,
> >
> > I g
Willi Mann writes:
> Hi Dave,
> Hi Jean-Francois,
>
> I got the following bug report, apparrently describing a buffer overflow
> in unrtf - which I can reproduce. Do you have a suggestion for a fix?
>
> I'm also CCing debian's security team.
>
> WM
I guess that you can just add a packa
Hi Dave,
Hi Jean-Francois,
I got the following bug report, apparrently describing a buffer overflow
in unrtf - which I can reproduce. Do you have a suggestion for a fix?
I'm also CCing debian's security team.
WM
Am 2016-12-30 um 01:44 schrieb Skylake:
> Package: unrtf
> Version: 0.21.9-clean-2
Package: unrtf
Version: 0.21.9-clean-2
I've found a Stack-based buffer overflow in unrtf 0.21.9, which affects three
functions including: cmd_expand, cmd_emboss and cmd_engrave.
# convert.c
static int
cmd_expand (Word *w, int align, char has_param, int param) {
char str[10];
if (has_param) {
sp
7 matches
Mail list logo
