Hi, in http://bugs.debian.org/497441 a patch is provided that should fix several security problems. When investigating into the problem that WordNet stopped working as usual when looking for synonym sets like for instance
$ wordnet test -synsn which should not only print 6 senses of test but also the six senses with explanation I found the critical part in the provided patch. I extracted it to http://svn.debian.org/wsvn/debian-science/packages/wordnet/trunk/debian/patches/51_overflows.patch.broken?op=file&rev=0&sc=0 and I would like you to pronounce your opinion to my comment in the header which says: This part of the patch is completely broken, breaks funktionality of wordnet test -synsn and I really wonder in how far a "strcpy(bufstart, tmpbuf);" is a security fix compared to "strncpy(bufstart, tmpbuf, strlen(tmpbuf));" Who did this patch???? I have no idea who did this patch and how to reach this person, but besides breaking the functionality of the program IMHO this is a terrible thing security wise. I would really like to get this patch revised for further problems like this. What would be the best strategy to fix the packages in Debian? I could upload packages to unstable without this part of the patch - it's just in SVN. But I have serious doubt about the remaining parts. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
