gabriel rosenkoetter on Sun, 20 Jan 2002 17:50:26 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: PGP & GPG compatibility (fwd)


On Sun, Jan 20, 2002 at 04:38:00AM -0500, Darxus@chaosreigns.com wrote:
> On 01/19, gabriel rosenkoetter wrote:
> > I am also using GPG 1.0.6, but mutt 1.2.5.1i. (Tsk, tsk, Darxus;
> > 1.2.5i has a format string vulnerability. ;^>)
> 
> mutt (1.2.5-5) stable; urgency=high
> 
>   * Applied patch-1.2.5.tlr.terminate.1 to fix a remotely exploitable
>     buffer overflow.
> 
> Do you think that's related ?

Sounds like it, but why apply patches without changing version
numbers, especially when there's a version-number-changed one out
from the source?

At any rate, the buffer overflow is (I kid you not) 1 byte. It's
still theoretically useful, but...

I was just giving you a hard time anyway. :^>

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpQVTfAOC44n.pgp
Description: PGP signature