On 29/11/14 01:14, Guillem Jover wrote: > Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then > there might be an out of bounds *read* access, but I don't see how that > would be a vulnerability. I'll fix this for 1.17.23. I think it's just a 'by definition' vulnerability, e.g like heartbleed was an out of bounds read, sort of. But in this context, it's not serious at all.
Thanks, -- -- Joshua Rogers <https://internot.info/>
signature.asc
Description: OpenPGP digital signature
