Re: [MSY] S(ecure)Locate heap corruption vulnerability

[Seth Arnold <sarnold () WILLAMETTE EDU>]

* Michal Zalewski <lcamtuf () dione ids pl> [001128 13:14]:
> I am impressed it hasn't been fixed yet. Amazing.

Quoting from: http://www.geekreview.org/slocate/

        Changes v2.2: Fixed a segfault. If the environment variable
        LOCATE_PATH had an invalid slocate.db file path, slocate could
        segfault.  Proper checking now takes place to fix this.

I think this was fixed 00/06/22 -- but I am not entirely clear on how
the dates line up with the versions mentioned. (And no, I don't know if
the fix managed to break other items..)

In the past, Kevin was very friendly and helpful when I contacted him.
Unless that has changed I think getting fixes into new versions is
pretty easy. :)

--
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''