* (Larry Jones) | Tollef Fog Heen writes: | > | > * (Larry Jones) | > | | > | It's not a buffer overflow (-Cx will produce the same result), it's an | > | improperly initialized global variable (the code calls longjmp() with a | > | global jmp_buf that was never initialized by setjmp() and thus is all | > | zeros). It's not exploitable and it was fixed long ago in CVS 1.10.8. | > | > I am not too sure about that, please see the strace output from the | > server: | | You're not too sure about *what*, that it's not a buffer overflow, that | it's caused by calling longjmp() with an all-zero jmp_buf, that it's not | exploitable, or that it was fixed long ago?!?
That it's not exploitable. | > This is 1.10.7-7; do you have the patch for this problem handy? | | The best fix is to upgrade to a reasonably current release of CVS, which | you can get from www.cvshome.org. The current release is 1.11.1p1. If | you insist on patching an obsolete version: Thanks a lot; debian backports patches to stable, and since I'm not too sure that it's not exploitable, I like to be on the safe side. -- Tollef Fog Heen Unix _IS_ user friendly... It's just selective about who its friends are. _______________________________________________ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
