Re: Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities
From: "Ulf Harnhammar" <metaur@operamail.com>
Date: Sat, 08 Apr 2006 11:21:05 +0100
Message-id: <[🔎] 20060408102105.BDD4E7B526@ws5-10.us4.outblaze.com>

> Yes, except that the actually safe way to escape random strings is to
> pass them as %s, rather than relying on some home brewed solution.

I'm not arguing that it's great code, because it's not. I'm just saying that
the reported format string vulnerability doesn't seem to exist, if it is
related to the syslog calls and not to something else.

// Ulf Harnhammar, Debian Security Audit Project


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities
Next by Date: IDS for a non-well-known protocol?
Previous by thread: Re: [SECURITY] [DSA 1024-1] New clamav packages fix several vulnerabilities
Next by thread: IDS for a non-well-known protocol?
Index(es):
- Date
- Thread