On 10/25/06, Marius Vollmer <[EMAIL PROTECTED]> wrote:
this is embarrassing: there is a buffer overflow in the Application Manager that is triggered when dealing with package icons that are larger than 2048 bytes after base64 decoding.
Oops. Thanks for the disclosure.
The bug is present in all versions of osso-appliction-manager less than 4.36, except 4.22.1. Version 4.36 will appear in Sardine soonish, and 4.22.1 will be in the next maintenance release of IT 2006.
[snip] This now brings the question of an end-user roadmap back to the fore with a vengenance. To put it bluntly, how long is Nokia going to leave end users vulnerable to possible attacks? When *is* the next maintenance release of IT 2006? Cheers, Andrew -- Andrew Flegg -- mailto:[EMAIL PROTECTED] | http://www.bleb.org/ _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers