[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Not a security issue: htpdate "buffer overflow"
From: Robert Buchholz <rbu () gentoo ! org>
Date: 2008-10-25 13:11:56
Message-ID: 200810251511.59777.rbu () gentoo ! org
[Download RAW message or body]
Hi,
a user reported[1] an apparant security issue to use regarding htpdate,
which states in their changelog[2]:
" - Fixed a buffer overflow when time offset gets to large
https://dev.openwrt.org/cgi-bin/trac.fcgi/ticket/3940 "
However, the diff upstream applied shows this only is an integer
overflow, which they also confirmed via mail:
'Sorry for the wrong wordings, but it is indeed "only" an integer
overflow.'
Since other distros also seem to ship htpdate, hopefully this helps to
save some time.
Robert
[1] https://bugs.gentoo.org/show_bug.cgi?id=243294
[2] http://www.clevervest.com/twiki/bin/view/HTP/ChangelogC
[3] http://bugs.gentoo.org/attachment.cgi?id=169570&action=view
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic