[prev in list] [next in list] [prev in thread] [next in thread]
List: openpkg-dev
Subject: Potential security hole in zlib-1.1.4-200XXXXX
From: Michael Schloh von Bennewitz <michael.schloh () cw ! com>
Date: 2003-02-25 11:53:03
[Download RAW message or body]
Thamer Al-Harbash found a buffer overrun problem in the current version 1.1.4
of zlib. It has to do with vsprintf and vnsprintf. Neither he nor anyone else
has offered a solution to the problem, due to its evasive nature.
There doesn't seem to be a correct way to deal with this, and the case is
therefore on hold until the zlib team (or anybody else) offers a solution.
Regards,
Michael
[Attachment #3 (application/pgp-signature)]
______________________________________________________________________
The OpenPKG Project www.openpkg.org
Developer Communication List openpkg-dev@openpkg.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic