> it seems that cvs (version 1.10.7 from Debians stable repos) has a > bufferoverflow but I'm but sure if it's exploitable [...] > cvs diff -C`perl -e "print 'a' x 300"` tables.sql [...] > Segmentation fault (core dumped)
It's not a buffer overflow (-Cx will produce the same result), it's an improperly initialized global variable (the code calls longjmp() with a global jmp_buf that was never initialized by setjmp() and thus is all zeros). It's not exploitable and it was fixed long ago in CVS 1.10.8. -Larry Jones I just can't identify with that kind of work ethic. -- Calvin _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
