Date: Sat, 25 Oct 2008 15:11:56 +0200 From: Robert Buchholz <rbu@...too.org> To: oss-security@...ts.openwall.com Subject: Not a security issue: htpdate "buffer overflow" Hi, a user reported an apparant security issue to use regarding htpdate, which states in their changelog: " - Fixed a buffer overflow when time offset gets to large https://dev.openwrt.org/cgi-bin/trac.fcgi/ticket/3940 " However, the diff upstream applied shows this only is an integer overflow, which they also confirmed via mail: 'Sorry for the wrong wordings, but it is indeed "only" an integer overflow.' Since other distros also seem to ship htpdate, hopefully this helps to save some time. Robert  https://bugs.gentoo.org/show_bug.cgi?id=243294  http://www.clevervest.com/twiki/bin/view/HTP/ChangelogC  http://bugs.gentoo.org/attachment.cgi?id=169570&action=view Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.