Re: Preparation of the next stable Debian GNU/Linux update (I)

To: debian-release@lists.debian.org
Subject: Re: Preparation of the next stable Debian GNU/Linux update (I)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sat, 16 Sep 2006 19:39:55 +0200
Message-id: <[🔎] slrnegodnb.4bc.jmm@inutil.org>
References: <[🔎] 20060914224535.GA4806@frigg.ftbfs.de> <[🔎] 20060915220733.2dc12844@monster.cacholong.nl> <[🔎] 20060916065006.GB15240@finlandia.home.infodrom.org> <[🔎] 200609161802.08032.debian@layer-acht.org>

Holger Levsen wrote:
>> The first one doesn't look like a real security problem.
>
> Please explain why you think that putting arbitrary long strings into fixed=
> sized buffers is not a security problem, preferedly in the bugreport.

The buffer overflow can only be triggered through a file only root can
write to. 

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Holger Levsen <debian@layer-acht.org>

References:
- Preparation of the next stable Debian GNU/Linux update (I)
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Matthijs Mohlmann <matthijs@cacholong.nl>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Martin Schulze <joey@infodrom.org>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Holger Levsen <debian@layer-acht.org>

Prev by Date: removal of bluez-bcm203x ?
Next by Date: Re: Preparation of the next stable Debian GNU/Linux update (I)
Previous by thread: Re: Preparation of the next stable Debian GNU/Linux update (I)
Next by thread: Re: Preparation of the next stable Debian GNU/Linux update (I)
Index(es):
- Date
- Thread