[Secure-testing-team] Bug#481186: CVE-2008-2149: buffer overflows
Andreas Tille
tillea at rki.de
Fri May 16 11:59:49 UTC 2008
On Thu, 15 May 2008, Andreas Tille wrote:
> As stated in the Gentoo BTS
>
> https://bugs.gentoo.org/show_bug.cgi?id=211491
>
> there are potentially more issues of other sprintf()/strcpy()/strcat()/...
> occurences. So I wonder if you accept the attached patch as a fix for
> the problem. It actually cures the long command line option problem but
> not more.
I've got no answer to this question for nearly 24 hours. Because I consider
it more important to fix a known issue _now_ instead of doing a long research
for other issues for perhaps weeks I will upload packages with the proposed
fix in the next hour. Other issues might be solved in later uploads.
Please tell me what I should do to support the security team. It's just
my first security relevant bug.
Kind regards
Andreas.
--
http://fam-tille.de
More information about the Secure-testing-team
mailing list