Re: Typo in webwml/english/News/weekly/2004/21/index.wml
On Thu, May 27, 2004 at 07:09:42PM +0900, SUGIYAMA Tomoaki wrote:
> I think that it is not "Buffer overflow" but "Heap overflow" on
> line 136 in webwml/english/News/weekly/2004/21/index.wml file.
>
> > <li><a href="$(HOME)/security/2004/dsa-505">cvs</a> --
> > Buffer overflow.
The CVE advisory says
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and
1.12.x up to 1.12.7, when using the pserver mechanism allows
remote attackers to execute arbitrary code via Entry lines.
so I think both descriptions are correct.
--
Matt Kraai kraai@ftbfs.org http://ftbfs.org/
Reply to: