On Fri, Sep 05, 2003 at 10:36:31AM +0100, John Leach wrote:
Is this a bug in the Debian package? or does a separate package need to
be created? Shall I contact the package maintainer? (Wichert Akkerman)
I think he knows about the problem already. See the relevant entry
in the BTS.
Cheers,
Hi.
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code pieces like
char path[256];
sprintf( path, some
Frank Lichtenheld [EMAIL PROTECTED] writes:
char path[256];
sprintf( path, some string/%s, packagename);
Is such code (away from the fact that it can easily lead to segfaults) a
security problem?
In general, yes.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
Hi.
Hello :)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code pieces like
char path[256];
sprintf( path, some string/%s,
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
Hi Frank,
On Fri, 5 Sep 2003, Frank Lichtenheld wrote:
char path[256];
sprintf( path, some string/%s, packagename);
There are no further checks as I can see. I'm not very experienced in C
programming and don't know much about the details of exploiting buffer
overflows or the like...
Is
On Fri, Sep 05, 2003 at 04:26:55PM +0100, Thomas Horsten wrote:
Hi Frank,
On Fri, 5 Sep 2003, Frank Lichtenheld wrote:
char path[256];
sprintf( path, some string/%s, packagename);
There are no further checks as I can see. I'm not very experienced in C
programming and don't know
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
several code pieces like
char path[256];
sprintf( path, some string/%s, packagename);
Is such code (away from the fact that it can easily lead to segfaults) a
security problem?
Yep, it's a potential security problem.
On Fri, Sep 05, 2003 at 12:37:27PM -0700, Wade Richards wrote:
The safest approach is always to ensure that the answer to the first
question is no, so you don't need to worry about the second one.
More to the point, if someone can get you to install arbitrary untrusted
packages you have bigger
On Fri, Sep 05, 2003 at 08:19:46PM +0200, Frank Lichtenheld wrote:
The question that remains is: Does this require a security update for
the woody version of the package? Or should I just try to get this
fixed in the next release (of the package)?
I'd say yes. It's one for which someone might
On Fri, Sep 05, 2003 at 11:07:12PM +0100, Dale Amon wrote:
On Fri, Sep 05, 2003 at 08:19:46PM +0200, Frank Lichtenheld wrote:
The question that remains is: Does this require a security update for
the woody version of the package? Or should I just try to get this
fixed in the next release
On Fri, Sep 05, 2003 at 10:36:31AM +0100, John Leach wrote:
Is this a bug in the Debian package? or does a separate package need to
be created? Shall I contact the package maintainer? (Wichert Akkerman)
I think he knows about the problem already. See the relevant entry
in the BTS.
Cheers,
Hi.
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code pieces like
char path[256];
sprintf( path, some
/ 2003-09-05 16:47:30 +0200
\ Frank Lichtenheld:
Hi.
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
Hi.
Hello :)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code pieces like
char path[256];
sprintf( path, some string/%s,
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
Hi Frank,
On Fri, 5 Sep 2003, Frank Lichtenheld wrote:
char path[256];
sprintf( path, some string/%s, packagename);
There are no further checks as I can see. I'm not very experienced in C
programming and don't know much about the details of exploiting buffer
overflows or the like...
Is
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
several code pieces like
char path[256];
sprintf( path, some string/%s, packagename);
Is such code (away from the fact that it can easily lead to segfaults) a
security problem?
Yep, it's a potential security problem.
On Fri, Sep 05, 2003 at 12:37:27PM -0700, Wade Richards wrote:
The safest approach is always to ensure that the answer to the first
question is no, so you don't need to worry about the second one.
More to the point, if someone can get you to install arbitrary untrusted
packages you have bigger
On Fri, Sep 05, 2003 at 08:19:46PM +0200, Frank Lichtenheld wrote:
The question that remains is: Does this require a security update for
the woody version of the package? Or should I just try to get this
fixed in the next release (of the package)?
I'd say yes. It's one for which someone might
On Fri, Sep 05, 2003 at 11:07:12PM +0100, Dale Amon wrote:
On Fri, Sep 05, 2003 at 08:19:46PM +0200, Frank Lichtenheld wrote:
The question that remains is: Does this require a security update for
the woody version of the package? Or should I just try to get this
fixed in the next release
21 matches
Mail list logo