On Thu, Apr 05, 2007 at 07:40:06PM +0200, Florian Weimer wrote:
> * Moritz Muehlenhoff:
>
> > CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io
> > function in ...)
> > - NOT-FOR-US: ZZIPlib
> > + - zziplib <unfixed> (unknown)
> > + NOTE:
> > http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
> > + TODO: Needs to be checked in sources, if filename is taken from cmd
> > args, this is bogus
>
> It's a library, and the function is exported; the argument is supplied
> by the caller. So it's not entirely bogus.
Ok, I only had a brief look at the website, please update the tracker data.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
