[Secure-testing-team] Re: [Secure-testing-commits] r5628 - in
data: . CVE
Moritz Muehlenhoff
jmm at inutil.org
Thu Apr 5 17:42:22 UTC 2007
On Thu, Apr 05, 2007 at 07:40:06PM +0200, Florian Weimer wrote:
> * Moritz Muehlenhoff:
>
> > CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
> > - NOT-FOR-US: ZZIPlib
> > + - zziplib <unfixed> (unknown)
> > + NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
> > + TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus
>
> It's a library, and the function is exported; the argument is supplied
> by the caller. So it's not entirely bogus.
Ok, I only had a brief look at the website, please update the tracker data.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list