[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Not a security issue: htpdate "buffer overflow"
From:       Robert Buchholz <rbu () gentoo ! org>
Date:       2008-10-25 13:11:56
Message-ID: 200810251511.59777.rbu () gentoo ! org
[Download RAW message or body]


Hi,

a user reported[1] an apparant security issue to use regarding htpdate, 
which states in their changelog[2]:
" - Fixed a buffer overflow when time offset gets to large
    https://dev.openwrt.org/cgi-bin/trac.fcgi/ticket/3940 "

However, the diff upstream applied shows this only is an integer 
overflow, which they also confirmed via mail:
'Sorry for the wrong wordings, but it is indeed "only" an integer 
overflow.'

Since other distros also seem to ship htpdate, hopefully this helps to 
save some time.


Robert

[1] https://bugs.gentoo.org/show_bug.cgi?id=243294
[2] http://www.clevervest.com/twiki/bin/view/HTP/ChangelogC
[3] http://bugs.gentoo.org/attachment.cgi?id=169570&action=view

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]