* Moritz Muehlenhoff: > CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io > function in ...) > - NOT-FOR-US: ZZIPlib > + - zziplib <unfixed> (unknown) > + NOTE: > http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187 > + TODO: Needs to be checked in sources, if filename is taken from cmd > args, this is bogus
It's a library, and the function is exported; the argument is supplied by the caller. So it's not entirely bogus. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
