Moving from flag -fstack-protector to -fstack-protector-strong finally
forced this old bug to show up.
I fixed the bug (and some others) and released version 1.5.4.
Luciano Bello will update the Debian package soon.
Werner
Thanks for the additional information. It helped me to reproduce and
locate the bug.
I will release a new upstream version soon and then notify the Debian
maintainer.
Werner
This is a (very) late reply from upstream.
Sorry for the delay. I hoped somebody else would care because I had no
32-bit testing system.
Now I have upgraded an old Thinkpad from Jessie to Stretch installed
davfs2-1.5.2-1.2 from Sid and tested. Result:
Works as expected; no stack smashing error. I
0 +0200
+++ davfs2-1.4.6.new/ChangeLog 2013-09-15 11:05:42.0 +0200
@@ -1,6 +1,11 @@
ChangeLog for davfs2
+2013-09-08 Werner Baumann (werner.baum...@onlinehome.de)
+* kernel_interface.c, mount_davfs.c:
+ Don't create /dev/coda and /dev/fuse.
+
/ChangeLog 2013-09-15 11:05:42.0 +0200
@@ -1,6 +1,11 @@
ChangeLog for davfs2
+2013-09-08 Werner Baumann (werner.baum...@onlinehome.de)
+* kernel_interface.c, mount_davfs.c:
+ Don't create /dev/coda and /dev/fuse.
+ Remove insecure calls of system().
+
P.S.:
The real propable reason:
index.html is just a lot of java script (one of that famous web 2, java
script php applications). These java script programs may do almost
anything. When you edit something they usually try to to upload it using
HTTP POST.
What they will not do (and should no
Hello Loic,
I have tested.
My system: Etch, some Athlon board
davfs2 1.1.2-3
What I have done:
1. Mount the the resource
Create files testwb.html and testwb.xml (using gedit)
unmount the resource
2. Test with cadaver:
The files are on the server and are readable
3. Delete
-0.2.3.orig/ChangeLog davfs2-0.2.3/ChangeLog
--- davfs2-0.2.3.orig/ChangeLog 2005-06-03 21:03:13.0 +0200
+++ davfs2-0.2.3/ChangeLog 2005-06-04 13:53:20.0 +0200
@@ -1,5 +1,14 @@
ChangeLog for Davfs2
+2005-06-03 Werner Baumann
+security fix (quick and brutal) concerning
8 matches
Mail list logo
