[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian ships very old software (rplay, paps)

On 2025-10-31 09:02:14 +0100, Nicolas George wrote:
> Vincent Lefevre (HE12025-10-31):
> > How can you be so sure?
> 
> I looked at the code.

You would have seen that there is potential denial of service
(process crashes).

Worse, Fabio Degrigis could trigger a SIGSEGV on a memcpy:

  https://www.openwall.com/lists/oss-security/2025/10/18/4

which would mean a bad pointer or buffer overflow.

> > That's your opinion, but almost all software honors locales.
> 
> Almost all software runs on Windows or Macos. So what?

Here we're on Debian.

> > That's impossible when there is a dependency.
> 
> Then do not install the dependant software either.

This is silly.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
Reply to: