[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] glibc and alloca()
From:       Graham Gower <graham.gower () gmail ! com>
Date:       2011-02-25 22:46:04
Message-ID: AANLkTimjbVVzrueGriqHTr7ebTSJ6XwMvTK71Y+wvQmB () mail ! gmail ! com
[Download RAW message or body]

On 25 February 2011 18:52, Maksymilian Arciemowicz
<cxib@securityreason.com> wrote:
> Chris Evans <scarybeasts <at> gmail.com> writes:
>> Linux distribution might still have vulnerabilities in this area.
>
> proftpd use gnu libc implementation
>
> http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4rc1
>  + Updated fnmatch implementation, using glibc-2.9 version.
>
> Version 1.3.3d may contain this issue
>

http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6

http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch.c?revision=1.9&view=markup
http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/lib/pr_fnmatch_loop.c?revision=1.9&view=markup

Perhaps they need to update the fnmatch implementation again.

-Graham

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]