Summary: | net-ftp/weex: format string error (CAN-2005-3150) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | phosphan | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | C2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Tavis Ormandy (RETIRED)
2005-10-02 00:53:12 UTC
Created attachment 69687 [details, diff]
patch provided by Ulf Harnhammar
phosphan: please bump in CVS with patch. In CVS, thanks for the hint and patch. Calling specific arch testers (x86, amd64) to test and mark stable. We keep it low-profile for now. *blush* Ok, that's not what the policy asked me to do, but I just left keywords the way they were - this patch is just too trivial, sorry. Hehe. Security doesn't take position in maintainer/archteams conflicts :) blubb and tester can scream at you if needed when they'll test. But I agree it's a very non-disruptive bugfix. it compiles fine here, and the patch is really trivial, so amd64 is happy :) "It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though." That quite complicates exploitation... seems to work ok on x86... This one is ready for GLSA. Please use CAN-2005-3150 instead. GLSA 200510-09 |