On 29/11/14 01:14, Guillem Jover wrote:
> Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then
> there might be an out of bounds *read* access, but I don't see how that
> would be a vulnerability. I'll fix this for 1.17.23.
I think it's just a 'by definition' vulnerability, e.g li
On Fri, 2014-11-28 at 15:14:58 +0100, Guillem Jover wrote:
> On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote:
> > Package: dpkg
> > Version: 1.17.22-1
> > Tags: bug
>
> The correct address so submit bug reports is sub...@bugs.debian.org.
Just to clarify this, bug reports on the list are
Hi!
On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote:
> Package: dpkg
> Version: 1.17.22-1
> Tags: bug
The correct address so submit bug reports is sub...@bugs.debian.org.
> Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in
> dpkg.
>
> The vulnerable code is in l
Package: dpkg
Version: 1.17.22-1
Tags: bug
Hi,
Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in
dpkg.
The vulnerable code is in lib/dpkg/parse.c, on line 135.
133: for (fip = fieldinfos, ip = fs->fieldencountered; fip->name;
fip++, ip++)
134:if (strncasecmp(fip->na
4 matches
Mail list logo