Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Backport of the integer overflow in the brk system call
From: Frederik Dannemare <tux@sentinel.dk>
Date: Tue, 02 Dec 2003 00:32:41 +0100
Message-id: <[🔎] 3FCBCF99.3000907@sentinel.dk>

Hi everybody,

just curious: any particular reason why we didn't see a backport any sooner ofthe integer overflow in the brk system call (see recent announcement byWichert Akkerman:http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html)like we did with the ptrace issue some time back?

Wasn't it (the brk vuln) considered to be threatening enough to justify aquick fix, or was it because the fix by Andrew Morton didn't say (kernechangelog) enough about the potential seriousness of the vuln, or?


--
B/R,
Frederik Dannemare

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Re: Debian Enterprise - a Custom Debian Distribution
Next by Date: Re: Backport of the integer overflow in the brk system call
Previous by thread: Assurance measures: ACM
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread