[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)

Hi,

On 2009-03-26 14:07:08 +0100, Hilmar Preusse wrote:
> I can reproduce the problem using bibtex. Then I tried bibtex8 and
> could generate a livre_fp.bbl file (blg file is attached). Do you
> still assume it an "user security hole", which justifies the severity
> "grave" or can you accept the work around and hence a lower severity?

I've set that in doubt. I think that all buffer overflows should
seriously be taken into consideration as they can potentially be a
real security hole (remember when Debian servers were compromised
even though an exploit was thought to be impossible).

Now, as here the bug seems to require a large bibtex file and action
from the user (assuming no tex-compilation servers), the severity
can probably be lowered.

BTW, can bibtex8 safely be used in place of bibtex (no compatibility
problems)?

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: