--nextPart1255903.YrYUJG4Qg7
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

[CC to -pim, where the people to whom these patches apply really live.]

On Friday 31 December 2004 21:44, Steve G wrote:
> libical/src/libical/icaltime.c This is not exploitable as it writes to the
> heap in a formatted way. It *will* crash korganizer. 26 bytes are needed =
as
> a minimum according to ctime man page.

All the ical patches look ok, but there's one caveat: libical is a big chun=
k=20
of source from elsewhere which is in an odd state of maintainership. Every=
=20
time someone wants to patch libical, the question of whether to merge=20
upstream (or to import a newer version of the upstream lib) is raised.

As for the holidays patch (which you didn't describe), I think that code is=
=20
gone entirely from ... no, it's moved to elsewhere. Looks good as well.


=2D-=20
Don't worry, 't ain't no shame to be stupid - ol' mouse.
    GPG: FEA2 A3FE Adriaan de Groot

--nextPart1255903.YrYUJG4Qg7
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBB2Q1QdqzuAf6io/4RAoxAAJ42gJIKJfEs9gLIX6pvpUyoZRhi5QCgkWqh
QwlC0wpjzMmH86hA+GeZBK8=
=pjLb
-----END PGP SIGNATURE-----

--nextPart1255903.YrYUJG4Qg7--