Hi,
* Julien Cristau <[EMAIL PROTECTED]> [2008-04-18 16:59]:
[...]
> > int i,z,loc=0,change=0,tochange=0,locn,tmp,startofline=1;
> > - char buf[400];
> > + char *buf;
> > unsigned char curloc[200];
> > int lang=0; /*0=english 1=arabic*/
> > + buf=(char *) malloc(sizeof(line));
Hi,
some comments on your patch below.
On Fri, Apr 18, 2008 at 16:17:53 +0200, أحمد المحمودي wrote:
> Index: acon-1.0.5/menu.c
> ===
> --- acon-1.0.5.orig/menu.c2008-04-18 08:45:45.0 +0200
> +++ acon-1.0.5/menu.c 2008-04
Yes, sorry, please find it attached this time.
On Fri, Apr 18, 2008 at 12:02:03PM +, brian m. carlson wrote:
> On Fri, Apr 18, 2008 at 10:05:19AM +0200, أحمد المحمودي wrote:
>> Hello,
>>
>> I updated the 05_overflow.diff patch (please review the file
>> attached).
>
> You forgot the attac
On Fri, Apr 18, 2008 at 10:05:19AM +0200, أحمد المحمودي wrote:
Hello,
I updated the 05_overflow.diff patch (please review the file
attached).
You forgot the attachment. Also, I don't think that you need to upload
it to experimental instead, just fix the bugs in unstable. I believe
the s
Hello,
I updated the 05_overflow.diff patch (please review the file
attached).
I have uploaded the new package for experimental at:
http://mentors.debian.net/debian/pool/main/a/acon/acon_1.0.5-7.dsc
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
SySDSoft, Inc.
GPG K
Hello,
Should I make acon in experimental then ?
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
SySDSoft, Inc.
GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wi
On Thu, Apr 17, 2008 at 09:17:19PM +, brian m. carlson wrote:
> On Thu, Apr 17, 2008 at 11:05:25PM +0200, Moritz Muehlenhoff wrote:
>> brian m. carlson wrote:
>>> There may be more. I have gone through the code as thoroughly as I
>>> could, but the code is barely legible and uses lots of fi
On Thu, Apr 17, 2008 at 11:05:25PM +0200, Moritz Muehlenhoff wrote:
brian m. carlson wrote:
There may be more. I have gone through the code as thoroughly as I
could, but the code is barely legible and uses lots of fixed-sized
buffers. For these reasons, it is my recommendation that acon not
brian m. carlson wrote:
> Package: acon
> Version: 1.0.5-7
> Severity: critical
> Tags: security
>
> In addition to the security bug mentioned in #475733, there are four
> buffer overflows that I have found.
>
> acon.c:53 (already reported) and child.c:104
> A very large value of $HOME can crea
Package: acon
Version: 1.0.5-7
Severity: critical
Tags: security
In addition to the security bug mentioned in #475733, there are four
buffer overflows that I have found.
acon.c:53 (already reported) and child.c:104
A very large value of $HOME can create a buffer overflow with sprintf.
Us
10 matches
Mail list logo
