[Pkg-silc-commits] [SCM] terminal based SILC client branch, lenny-security, created. debian/1.1.4-1+lenny1
Jérémy Bobbio
lunar at debian.org
Fri Sep 4 20:50:34 UTC 2009
The branch, lenny-security has been created
at 381b15479a797deaa417d08c25236f355c8c3af8 (commit)
- Shortlog ------------------------------------------------------------
commit 381b15479a797deaa417d08c25236f355c8c3af8
Author: Jérémy Bobbio <lunar at debian.org>
Date: Mon Aug 31 15:41:16 2009 +0200
Release version 1.1.4-1+lenny1
commit 153312478944dce7d1cdaa207b31eaaeec5535af
Author: Jérémy Bobbio <lunar at debian.org>
Date: Mon Aug 31 15:40:37 2009 +0200
Update debian changelog
commit d2490ded4a578ddfacd6196832c591b30d03a243
Author: Pekka Riikonen <priikone at silcnet.org>
Date: Fri Aug 7 14:48:46 2009 +0300
More string format fixes in silcd and client libary
commit 4e893b06c5acbc2de5362db998d6f5c60dac6b0d
Author: Pekka Riikonen <priikone at silcnet.org>
Date: Fri Jul 31 22:32:57 2009 +0300
Fixed string format vulnerability in client entry handling.
Reported and patch provided by William Cummings.
commit bddf6ed3576d6be2acce2f6d0d83c3306a1ccd4b
Author: kp at valhallalegends.com <kp at valhallalegends.com>
Date: Sat May 31 16:37:45 2008 -0500
ASN1: Fix stack variable overwrite when encoding OID.
The call to sscanf specifies a format string of "%lu", a long unsigned
int. The pointer argument was cast to unsigned long *, but this is
wrong for 64 bit systems. On 64 bit systems, unsigned long is 64 bits,
but the oid value is a SilcUInt32 on all systems. As a result, sscanf
will overwrite a neighboring variable on the stack. Fix this by
changing the format string to "%u" and removing the cast.
-----------------------------------------------------------------------
--
terminal based SILC client
More information about the Pkg-silc-commits
mailing list