Package: libc6 Version: 2.2.5-11.2 Severity: normal Tags: security in glibc-2.2.5.orig/glibc-2.2.5/sysdeps/generic/_strerror.c __strerror_r()
if first argument of __strerror_r is a valid error number corresponding error string is not written to user supplied buffer and it stays uninitialised. This can cause troubles if buffer is accessed after a strerror_r call with presumption that it is a normal string. The fix is obvious. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux giotto 2.4.18 #1 Fri Jul 26 15:57:56 MSD 2002 i686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R