Peter Volkov wrote:
We received report on security issue in tcpdump: http://bugs.gentoo.org/184815Could anybody review fix and comment and apply in CVS? Thanks.
I reviewed the fix - it seemed a bit cleaner to have it continue processing the TLVs, without adding to the string, if the string buffer is full.
I've checked in a fix that does that. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.