[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdepim buffers patch
From:       Adriaan de Groot <groot () kde ! org>
Date:       2005-01-03 9:15:55
Message-ID: 200501031016.00889.groot () kde ! org
[Download RAW message or body]


[CC to -pim, where the people to whom these patches apply really live.]

On Friday 31 December 2004 21:44, Steve G wrote:
> libical/src/libical/icaltime.c This is not exploitable as it writes to the
> heap in a formatted way. It *will* crash korganizer. 26 bytes are needed as
> a minimum according to ctime man page.

All the ical patches look ok, but there's one caveat: libical is a big chunk 
of source from elsewhere which is in an odd state of maintainership. Every 
time someone wants to patch libical, the question of whether to merge 
upstream (or to import a newer version of the upstream lib) is raised.

As for the holidays patch (which you didn't describe), I think that code is 
gone entirely from ... no, it's moved to elsewhere. Looks good as well.


-- 
Don't worry, 't ain't no shame to be stupid - ol' mouse.
    GPG: FEA2 A3FE Adriaan de Groot

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]