Fwd: Re: xbl vulnerabilty

[<auto94042 () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

this joey is giving me the nod of confidense, yes it is the one, we make
some fix and tell the ppl - - phew !


- ----- Forwarded Message from Joey Hess <joey () kitenet net> -----
auto94042 () hushmail com wrote:
> if ( strcmp(argv[i],"-display")==0 )
>            strcpy(bl.opt.displayname,argv[i+1]) ;
>
> this guy -
> http://ftp.debian.org/debian/pool/main/x/xbl/xbl_1.0k-5.diff.gz
>
> does not to fix it ! !@
>
> it makes for a monkey biz like this one :
>
> [user@localhost]$ /usr/X11R6/bin/xbl -display `perl -e 'print "A" x
1500'`
> Segmentation fault

You're right, and there are some more of them too. I've fixed those I
could find and we'll be doing another security announcement, I guess.

- --
see shy jo
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkUEARECAAYFAj8LldUACgkQarKSBij8yIIRzQCWN4zpPh3DYdfFRjAWVZSsNfiGbACf
RUVRmpTJK65zr5rickoRIxjHV/4=
=+Wg6
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html