Hello,
I tried to reproduce the stack smashing.
But found that the current package in Debian amd64 testing
looks like it was not build with -fstack-protector-strong.
So could it be that your report was using a local rebuilt package?
Nevertheless it looks like the local variable testname has just
Package: genisoimage
Version: 9:1.1.11-3+b2
Severity: normal
Tags: security
Dear Maintainer,
Fuzzing the isoinfo binary from genisoimage using afl-fuzz identified a
vulnerable function, parse_dir which contains a buffer overflow
vulnerability.
This seems to be related to the length of idr->name
2 matches
Mail list logo
