'Potential security hole in zlib-1.1.4-200XXXXX'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openpkg-dev
Subject:    Potential security hole in zlib-1.1.4-200XXXXX
From:       Michael Schloh von Bennewitz <michael.schloh () cw ! com>
Date:       2003-02-25 11:53:03
[Download RAW message or body]

Thamer Al-Harbash found a buffer overrun problem in the current version 1.1.4
of zlib. It has to do with vsprintf and vnsprintf. Neither he nor anyone else
has offered a solution to the problem, due to its evasive nature.

There doesn't seem to be a correct way to deal with this, and the case is
therefore on hold until the zlib team (or anybody else) offers a solution.

Regards,
Michael


[Attachment #3 (application/pgp-signature)]
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
Developer Communication List                   openpkg-dev@openpkg.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic