On 29/11/14 01:14, Guillem Jover wrote:
I think it's just a 'by definition' vulnerability, e.g like heartbleed was an out of bounds read, sort of. But in this context, it's not serious at all.Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then there might be an out of bounds *read* access, but I don't see how that would be a vulnerability. I'll fix this for 1.17.23.
-- Joshua Rogers <https://internot.info/>
Description: OpenPGP digital signature