Date: Tue, 20 May 2008 18:50:39 -0800 From: Jonathan Smith <smithj@...ethemallocs.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: mtr -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Buchholz wrote | Secunia suggests  that 0.73 contains a fix. Did you find any indication | to that? The advisory mentions 0.72 as vulnerable, but it is also dated | February 28. The last mtr was released on April 7, but it seems to me all | changes are unrelated. The issue was an insecure use of sprintf in split_redraw(). In 0.73, uptream changed this to use snprintf, thus fixing the issue. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkgzjf4ACgkQCG91qXPaRekhhACeKPMka0sknIpsV4gtS1zojRl6 jKYAoIrwOd4pxgvxetx39dlJ4fhll2Su =gZQa -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ