| gabriel rosenkoetter on Sun, 20 Jan 2002 17:50:26 -0500 |
|
On Sun, Jan 20, 2002 at 04:38:00AM -0500, Darxus@chaosreigns.com wrote: > On 01/19, gabriel rosenkoetter wrote: > > I am also using GPG 1.0.6, but mutt 1.2.5.1i. (Tsk, tsk, Darxus; > > 1.2.5i has a format string vulnerability. ;^>) > > mutt (1.2.5-5) stable; urgency=high > > * Applied patch-1.2.5.tlr.terminate.1 to fix a remotely exploitable > buffer overflow. > > Do you think that's related ? Sounds like it, but why apply patches without changing version numbers, especially when there's a version-number-changed one out from the source? At any rate, the buffer overflow is (I kid you not) 1 byte. It's still theoretically useful, but... I was just giving you a hard time anyway. :^> -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpQVTfAOC44n.pgp
|
|