Re: CVE-2019-14866

To: Ola Lundqvist <ola@inguza.com>
Cc: 941412@bugs.debian.org, Debian LTS <debian-lts@lists.debian.org>, Debian Extended LTS contributors <extended-lts-team@freexian.com>, Sergey Poznyakoff <gray@gnu.org.ua>, cpio@packages.debian.org
Subject: Re: CVE-2019-14866
From: thomas@habets.se
Date: Mon, 4 Nov 2019 05:17:57 -0500
Message-id: <[🔎] CA+kHd+cBxCHqqwtzABkgeWBSJ166ks=N3ogoNsbDxqrXJaKe4Q@mail.gmail.com>

On Mon, 4 Nov 2019 07:10:31 +0000, Ola Lundqvist <ola@inguza.com> said:
> I think the reason for this is that a long is 32 bit on i386 while it is 64
> bits on amd64.
>
> The fix is very simple. Change the "long" to a "long long" in
> to_out_or_error.

Good catch.
Yeah, the fix looks good to me.

--
typedef struct me_s {
  char name[]      = { "Thomas Habets" };
  char email[]     = { "thomas@habets.se" };
  char kernel[]    = { "Linux" };
  char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt"; };
  char pgp[] = { "9907 8698 8A24 F52F 1C2E  87F6 39A4 9EEA 460A 0169" };
  char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;

Reply to:

Prev by Date: Re: various security issues in VNC related packages
Next by Date: Re: CVE-2019-14866
Previous by thread: Re: CVE-2019-14866
Next by thread: Re: various security issues in VNC related packages
Index(es):
- Date
- Thread